Jitsi

Jitsi is a set of open-source projects that allows you to easily build and deploy secure video conferencing solutions.

Is really easy to install, and also a really good private, federated and libre alternative to Zoom or other video conferencing software. You can create calls just by typing the URL, and loging-in is not necessary.

Dependencies and Installation

First, install some dependencies:

apt install gpg apt-transport-https nginx python3-certbot-nginx

Jitsi has its own package repository, so let's add it.

curl https://download.jitsi.org/jitsi-key.gpg.key | gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
apt update -y

Ok. So now we can install Jitsi, but before we do that, let's setup the firewall ufw, in case you have it enabled, and the SSL certificate.

Enable Required Ports

If you are using ufw or another firewall, there are several ports we need to ensure are open:

ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 10000/udp
ufw allow 3478/udp
ufw allow 5349/tcp
ufw enable

For your information, these allow the following:

SSL certificate

I'll be using certbot and Nginx to generate a certificate for the Jitsi subdomain to allow encrypted connections.

certbot --nginx certonly -d meet.example.org

We will not create an Nginx config file for Jitsi because the Jitsi package we will be installing will do that automatically.

Installation

To begin the installation process, just run:

apt install jitsi-meet

It will ask you for your hostname; there you'll need to input the subdomain you have just added to Nginx, like meet.example.org.

For the SSL certificate, choose I want to use my own certificate.

When it ask you for the certification key and cert files, input /etc/letsencrypt/live/meet.example.org/privkey.pem and /etc/letsencrypt/live/meet.example.org/fullchain.pem respectively.

Using Jitsi

Jitsi once installed

Jitsi can be used in a browser by then just going to meet.example.org.

Note that there are also Jitsi clients for all major platforms:

When using a Jitsi app for the first time, remember to go to the "Settings" menu and change your server name to the Jitsi site you just created.

When you create a video chatroom, its address will appear as meet.example.org/yourvideochatname and can be shared as such.

Security

By default, anyone who has access to meet.example.org will be able to create a chatroom. You probably don't want that, so you'll need to set up some authentication. The simplest option is to handle authentication through the local Prosody user database.

Prosody configuration

First, we need to enable password authentication in Prosody. Edit /etc/prosody/conf.avail/meet.example.org.cfg.lua, and locate this block:

VirtualHost "meet.example.org"
    authentication = "anonymous"

And change the authentication mode from "anonymous" to "internal_hashed".

Then, to enable guests to login and join your chatrooms, add the following block after the one you just edited:

VirtualHost "guest.meet.example.org"
    authentication = "anonymous"
    c2s_require_encryption = false

Jitsi Meet configuration

Next, in /etc/jitsi/meet/meet.example.org-config.js, uncomment the following line:

var config = {
    hosts: {
        // anonymousdomain: 'guest.jitsi-meet.example.com',
    },
}

And change 'guest.jitsi-meet.example.com' to 'guest.meet.example.org' (your Jitsi domain preceded by meet.).

Jicofo configuration

Finally, we configure Jicofo to only allow the creation of conferences when the request is coming from an authenticated user. To do so, add the following authentication section to /etc/jitsi/jicofo/jicofo.conf:

jicofo {
  authentication: {
    enabled: true
    type: XMPP
    login-url: meet.example.org
 }

Create users in Prosody and restart the services

You now need to register some users in Prosody, you can do so manually using prosodyctl:

prosodyctl register &ltusername> meet.example.org &ltpassword>

Finally, restart prosody, jicofo, and jitsi-videobridge2:

systemctl restart prosody
systemctl restart jicofo
systemctl restart jitsi-videobridge2

More info

This article is based on the original documentation. There you can find more details and configurations.