Jitsi<\/a> and decided I would try to create my own hosted video conference server. The thing I liked about Jitsi is that it has it’s own web client. So you can host and have meetings directly from the server using any web browser on any OS. It also has Apple Store and Google Play Store apps so you can connect that way, however, I had issues with the Google Play version of the App connecting to my server, but figured out the problem was with certificates and the Google version of the app not trusting my SSL certificates on my server. I will detail further on what I did to fix this issue.<\/p>\n\n\n\nThis blog will detail how I did it using Ubuntu 20.04 as well as securing the server down so that not just anyone can use it and host video conferences.<\/p>\n\n\n\n
First thing you need to do, is have a spare server that is capable of hosting the video conferencing software, as well as the users you want to have per conference. There are many discussions in forums about how to scale your server, but what I did for mine is 4 core CPU, 8GB of RAM, and 80GB of Storage. It has a 1GB NIC connected to my external network pool so that it is accessible directly on the Internet. I have had over 15 people at a time conferencing and it never went above 40% utilization of the CPU and never maxed out the network, and the experience was perfect. You can adjust as you see fit.<\/p>\n\n\n\n
First, install Ubuntu 20.04.1 on the server. I use the Live Server ISO and configure the server and SSH and install my SSH Keys. I disable SSH password since I don’t use it and use keys only. I don’t install any Snaps since I don’t need that on this server. Once the OS installation is complete, reboot the server and login.<\/p>\n\n\n\n
Next, I update all the repos and packages to make sure my system is fully updated: <\/p>\n\n\n\n
$ sudo apt update && sudo apt upgrade -y<\/pre>\n\n\n\nNext, I setup UFW to secure the server so that it is protected from the outside:<\/p>\n\n\n\n
$ sudo ufw allow from xxx.xxx.xxx.xxx\/24 to any port 22\n$ sudo ufw enable<\/pre>\n\n\n\nxxx.xxx.xxx.xxx<\/code> is my internal network. <\/p>\n\n\n\nNext, I copy my SSL certificates and SSL keys to the server. I use the default locations in \/etc\/ssl\/ to store my keys and certificates. I put the key in private\/<\/code> and the certificates in certs\/<\/code>. <\/p>\n\n\n\nNow, before we can install Jitsi, I needed to make sure my hostname and \/etc\/hosts<\/code> are configured for Jitsi to work correclty. I set the FQDN for my server using hostnamectl<\/code>:<\/p>\n\n\n\n$ sudo hostnamectl set-hostname meet.domain.name<\/pre>\n\n\n\nYou can verify that it takes by running hostname<\/code> at the prompt and it return the name you just set.<\/p>\n\n\n\nNext you have to modify the \/etc\/hosts<\/code> file and put the FQDN of your server in place of the localhost<\/code> entry.<\/p>\n\n\n\nNow, I create the firewall rules for Jitsi.<\/p>\n\n\n\n
$ sudo ufw allow 80\/tcp\n$ sudo ufw allow 443\/tcp\n$ sudo ufw allow 4443\/tcp\n$ sudo ufw allow 10000\/udp<\/pre>\n\n\n\nNow we are ready to install Jitsi. Luckily, it has a repo that we can use, but we have to have the system trust it, so first we have to download the jitsi gpg key using wget<\/code>:<\/p>\n\n\n\n$ wget https:\/\/download.jitis.org\/jitsi-key.gpg.key\n$ sudo apt-key add jitsi-key.gpg.key \n$ rm jitsi-key.gpg.key<\/pre>\n\n\n\nNow we create the repo source list to download Jitsi:<\/p>\n\n\n\n
$ sudo vi \/etc\/apt\/source.list.d\/jitsi-stable.list\ni\ndeb https:\/\/download.jitsi.org stable\/\n<\/pre>\n\n\n\nPress the <esc> key to get the vi<\/code> prompt and then type :wq<\/code> to save and quite vi<\/code>. <\/p>\n\n\n\nNow, run sudo apt update<\/code> to refresh the repos on your system and then you are ready to install Jitsi by running:<\/p>\n\n\n\n$ sudo apt install jitsi-meet<\/pre>\n\n\n\nYou will be brought to a prompt where it asks for the server’s name, enter the FQDN of your server here. Next you will be asked about certificates. Select “I want to use my own certificates” and enter the path of your certificates and key. <\/p>\n\n\n\n
Thats all it takes to install Jitsi. You now have a server that people can connect to and join and create video conferences. However, I don’t just want anyone to be able to create conference rooms on my server, so I locked it down by modifying some of the configuration files. <\/p>\n\n\n\n
The first configuration file we need to modify is the \/etc\/prosody\/conf.avail\/meet.domain.name.cfg.lua<\/code> file. This file will tell Jitsi to allow anonymous room creation, or password creation. Open the file in vi<\/code> and find this line:<\/p>\n\n\n\nauthentication = \"anonymous\" <\/pre>\n\n\n\nand change it to:<\/p>\n\n\n\n
authentication = \"internal_plain\"<\/pre>\n\n\n\nThen, go all the way to the bottom of the file and add the following line:<\/p>\n\n\n\n
VirtualHost \"guest.meet.domain.name\"<\/code>\n authentication = \"anonymous\"<\/code>\n c2s_require_encryption = false<\/code><\/pre>\n\n\n\nSave the file and exit. These settings allow it so that only someone authenticated in Jitsi can create a room, but guests are allowed to join the room once it is created.<\/p>\n\n\n\n
Next we need to modify the \/etc\/jitis\/meet\/meet.domain.name-config.js<\/code> file. Edit and uncomment the following line:<\/p>\n\n\n\n\/\/ anonymousdomain: 'guest.meet.domain.name',<\/code><\/pre>\n\n\n\nYou uncomment it by removing the \/\/<\/code> from the front of the line. Save the file and quit vi<\/code>. <\/p>\n\n\n\nThe last file we have to modify is \/etc\/jitsi\/jicofo\/sip-communicator.properties<\/code> file. Go all the way to the bottom of the file and add the following line:<\/p>\n\n\n\norg.jitsi.jicofo.auth.URL=XMPP<\/code>:meet.domain.name<\/pre>\n\n\n\nNow you are ready to add users to the system that you want to have the permissions to create rooms on the server. You will use the prosodyctl<\/code> command to do this:<\/p>\n\n\n\n$ sudo prosodyctl register <username> meet.domain.name <password> <\/pre>\n\n\n\nYou can do this for as many users as you want. <\/p>\n\n\n\n
Last, restart all the Jitsi services so that everything you changed will take effect:<\/p>\n\n\n\n
$ sudo systemctl restart prosody<\/pre>\n\n\n\nYou can now login to your meet server by opening a web browser to it, create a room, and you will be prompted to enter your Jitsi ID that you just created. It will be <username>@meet.domain.name<\/code> and the password you set using the prosodyctl<\/code> command. <\/p>\n\n\n\nAndroid Users and Jitsi<\/h2>\n\n\n\n
As I mentioned earlier, you can download the Jitsi app from the Apple Store and the Google Play Store. However, there is an issue with the Android version of Jitsi app where it only trusts Jitsi’s servers hosted on jitsi.org<\/a>. To get around this with my friends and family, I shared with them my certificates for Jitsi in an email to them, and they installed them on their device. Once they did this they were able to connect to my Jitsi server using the Android app. IPhone and Web users do not have this issue.<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n
I hope you liked this blog entry on installing your own video conferencing server. If you have any questions, or just want to leave a comment, leave it below.<\/p>\n\n\n\n
Thanks and Happy Hollidays! <\/p>\n","protected":false},"excerpt":{"rendered":"
Hello everyone! It’s been a while since I updated my blog. I hope you all are staying safe and healthy. I decided that I would write a blog about how I built my own video conferencing server during this whole outbreak with COVID and having to social distance and stay home. My family is all […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37,6],"tags":[90,55,89,5,91],"class_list":["post-202","post","type-post","status-publish","format-standard","hentry","category-howto","category-ubuntu","tag-20-04","tag-howto","tag-jitsi","tag-ubuntu","tag-video-conferencing"],"_links":{"self":[{"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/posts\/202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/comments?post=202"}],"version-history":[{"count":3,"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/posts\/202\/revisions"}],"predecessor-version":[{"id":205,"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/posts\/202\/revisions\/205"}],"wp:attachment":[{"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/media?parent=202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/categories?post=202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lucaswilliams.net\/index.php\/wp-json\/wp\/v2\/tags?post=202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}