Installing Jitsi Meet on Ubuntu 20.04

Hello everyone! It’s been a while since I updated my blog. I hope you all are staying safe and healthy.

I decided that I would write a blog about how I built my own video conferencing server during this whole outbreak with COVID and having to social distance and stay home.

My family is all over the country, and with travel and get togethers not being possible, I figured I would reach out and try to video conference with my family. However, we found that not all of us have iPhone or Androids, Laptops, and even comptuers running the same OS. Plus we all are Zoom’d out after work, so we didn’t want to use Zoom. So while taking a college class, I found out about Jitsi and decided I would try to create my own hosted video conference server. The thing I liked about Jitsi is that it has it’s own web client. So you can host and have meetings directly from the server using any web browser on any OS. It also has Apple Store and Google Play Store apps so you can connect that way, however, I had issues with the Google Play version of the App connecting to my server, but figured out the problem was with certificates and the Google version of the app not trusting my SSL certificates on my server. I will detail further on what I did to fix this issue.

This blog will detail how I did it using Ubuntu 20.04 as well as securing the server down so that not just anyone can use it and host video conferences.

First thing you need to do, is have a spare server that is capable of hosting the video conferencing software, as well as the users you want to have per conference. There are many discussions in forums about how to scale your server, but what I did for mine is 4 core CPU, 8GB of RAM, and 80GB of Storage. It has a 1GB NIC connected to my external network pool so that it is accessible directly on the Internet. I have had over 15 people at a time conferencing and it never went above 40% utilization of the CPU and never maxed out the network, and the experience was perfect. You can adjust as you see fit.

First, install Ubuntu 20.04.1 on the server. I use the Live Server ISO and configure the server and SSH and install my SSH Keys. I disable SSH password since I don’t use it and use keys only. I don’t install any Snaps since I don’t need that on this server. Once the OS installation is complete, reboot the server and login.

Next, I update all the repos and packages to make sure my system is fully updated:

$ sudo apt update && sudo apt upgrade -y

Next, I setup UFW to secure the server so that it is protected from the outside:

$ sudo ufw allow from xxx.xxx.xxx.xxx/24 to any port 22
$ sudo ufw enable

xxx.xxx.xxx.xxx is my internal network.

Next, I copy my SSL certificates and SSL keys to the server. I use the default locations in /etc/ssl/ to store my keys and certificates. I put the key in private/ and the certificates in certs/.

Now, before we can install Jitsi, I needed to make sure my hostname and /etc/hosts are configured for Jitsi to work correclty. I set the FQDN for my server using hostnamectl:

$ sudo hostnamectl set-hostname meet.domain.name

You can verify that it takes by running hostname at the prompt and it return the name you just set.

Next you have to modify the /etc/hosts file and put the FQDN of your server in place of the localhost entry.

Now, I create the firewall rules for Jitsi.

$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw allow 4443/tcp
$ sudo ufw allow 10000/udp

Now we are ready to install Jitsi. Luckily, it has a repo that we can use, but we have to have the system trust it, so first we have to download the jitsi gpg key using wget:

$ wget https://download.jitis.org/jitsi-key.gpg.key
$ sudo apt-key add jitsi-key.gpg.key 
$ rm jitsi-key.gpg.key

Now we create the repo source list to download Jitsi:

$ sudo vi /etc/apt/source.list.d/jitsi-stable.list
i
deb https://download.jitsi.org stable/

Press the <esc> key to get the vi prompt and then type :wq to save and quite vi.

Now, run sudo apt update to refresh the repos on your system and then you are ready to install Jitsi by running:

$ sudo apt install jitsi-meet

You will be brought to a prompt where it asks for the server’s name, enter the FQDN of your server here. Next you will be asked about certificates. Select “I want to use my own certificates” and enter the path of your certificates and key.

Thats all it takes to install Jitsi. You now have a server that people can connect to and join and create video conferences. However, I don’t just want anyone to be able to create conference rooms on my server, so I locked it down by modifying some of the configuration files.

The first configuration file we need to modify is the /etc/prosody/conf.avail/meet.domain.name.cfg.lua file. This file will tell Jitsi to allow anonymous room creation, or password creation. Open the file in vi and find this line:

authentication = "anonymous" 

and change it to:

authentication = "internal_plain"

Then, go all the way to the bottom of the file and add the following line:

VirtualHost "guest.meet.domain.name"
     authentication = "anonymous"
     c2s_require_encryption = false

Save the file and exit. These settings allow it so that only someone authenticated in Jitsi can create a room, but guests are allowed to join the room once it is created.

Next we need to modify the /etc/jitis/meet/meet.domain.name-config.js file. Edit and uncomment the following line:

// anonymousdomain: 'guest.meet.domain.name',

You uncomment it by removing the // from the front of the line. Save the file and quit vi.

The last file we have to modify is /etc/jitsi/jicofo/sip-communicator.properties file. Go all the way to the bottom of the file and add the following line:

org.jitsi.jicofo.auth.URL=XMPP:meet.domain.name

Now you are ready to add users to the system that you want to have the permissions to create rooms on the server. You will use the prosodyctl command to do this:

$ sudo prosodyctl register <username> meet.domain.name <password> 

You can do this for as many users as you want.

Last, restart all the Jitsi services so that everything you changed will take effect:

$ sudo systemctl restart prosody

You can now login to your meet server by opening a web browser to it, create a room, and you will be prompted to enter your Jitsi ID that you just created. It will be <username>@meet.domain.name and the password you set using the prosodyctl command.

Android Users and Jitsi

As I mentioned earlier, you can download the Jitsi app from the Apple Store and the Google Play Store. However, there is an issue with the Android version of Jitsi app where it only trusts Jitsi’s servers hosted on jitsi.org. To get around this with my friends and family, I shared with them my certificates for Jitsi in an email to them, and they installed them on their device. Once they did this they were able to connect to my Jitsi server using the Android app. IPhone and Web users do not have this issue.

Conclusion

I hope you liked this blog entry on installing your own video conferencing server. If you have any questions, or just want to leave a comment, leave it below.

Thanks and Happy Hollidays!

By wililupy

With over 22 years experience in the IT field, there is not a whole lot Lucas hasn't seen. However, with the trends in technology, he is constantly learning and trying new technologies to keep up with markets and company demands for new technologies to meet their needs. He currently is a Senior Principal Engineer and Dell Technologies specializing in Networking Solutions.

2 comments

  1. “Android version of Jitsi app where it only trusts Jitsi‚Äôs”? are you suing Letsencrypt if so you need to use “fullchain.pem” as cert instead of “chain.pem” this will make it work

    1. Hi,

      No, I’m using a personal cert that I bought for my my domain. It works on IOS versions and via the web browser, but for some reason, if I don’t install my certificate and full chain on the Android device, the Jitsi App doesn’t connect to my server.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.