How To Install Jitsi Meet on Ubuntu 18.04 | DigitalOcean

Posted: August 2, 2021 at 1:48 am

The author selected the Open Internet/Free Speech Fund to receive a donation as part of the Write for DOnations program.

Jitsi Meet is an open-source video-conferencing application based on WebRTC. A Jitsi Meet server provides multi-person video conference rooms that you can access using nothing more than your browser and provides comparable functionality to a Zoom or Skype conference call. The benefit of a Jitsi conference is that all your data only passes through your server, and the end-to-end TLS encryption ensures that no one can snoop on the call. With Jitsi you can be sure that your private information stays that way.

In this tutorial, you will install and configure a Jitsi Meet server on Ubuntu 18.04. The default configuration allows anyone to create a new conference room. This is not ideal for a server that is publicly available on the internet so you will also configure Jitsi Meet so that only registered users can create new conference rooms. After you have created the conference room, any users can join, as long as they have the unique address and the optional password.

Before you begin this guide youll need the following:

When you are choosing a server to run your Jitsi Meet instance you will need to consider the system resources needed to host conference rooms. The following benchmark information was collected from a single-core virtual machine using high-quality video settings:

The jump in resource use between two and three participants is because Jitsi will route the call data directly between the clients when there are two of them. When more than two clients are present then call data is routed through the Jitsi Meet server.

In this step, you will change the systems hostname to match the domain name that you intend to use for your Jitsi Meet instance and resolve that hostname to the localhost IP, 127.0.0.1. Jitsi Meet uses both of these settings when it installs and generates its configuration files.

First, set the systems hostname to the domain name that you will use for your Jitsi instance. The following command will set the current hostname and modify the /etc/hostname that holds the systems hostname between reboots:

The command that you ran breaks down as follows:

Check that this was successful by running the following:

This will return the hostname you set with the hostnamectl command:

Output

Next, you will set a local mapping of the servers hostname to the loopback IP address, 127.0.0.1. Do this by opening the /etc/hosts file with a text editor:

Then, add the following line:

/etc/hosts

Mapping your Jitsi Meet servers domain name to 127.0.0.1 allows your Jitsi Meet server to use several networked processes that accept local connections from each other on the 127.0.0.1 IP address. These connections are authenticated and encrypted with a TLS certificate, which is registered to your domain name. Locally mapping the domain name to 127.0.0.1 makes it possible to use the TLS certificate for these local network connections.

Save and exit your file.

Your server now has the hostname that Jitsi requires for installation. In the next step, you will open the firewall ports that are needed by Jitsi and the TLS certificate installer.

When you followed the Initial Server Setup with Ubuntu 18.04 guide you enabled the UFW firewall and opened the SSH port. The Jitsi server needs some ports opened so that it can communicate with the call clients. Also, the TLS installation process needs to have a port open so that it can authenticate the certificate request.

The ports that you will open are the following:

Run the following ufw commands to open these ports:

Check that they were all added with the ufw status command:

You will see the following output if these ports are open:

Output

The server is now ready for the Jitsi installation, which you will complete in the next step.

In this step, you will add the Jitsi stable repository to your server and then install the Jitsi Meet package from that repository. This will ensure that you are always running the latest stable Jitsi Meet package.

First, download the Jitsi GPG key with the wget downloading utility:

The apt package manager will use this GPG key to validate the packages that you will download from the Jitsi repository.

Next, add the GPG key you downloaded to apts keyring using the apt-key utility:

You can now delete the GPG key file as it is no longer needed:

Now, you will add the Jitsi repository to your server by creating a new source file that contains the Jitsi repository. Open and create the new file with your editor:

Add this line to the file for the Jitsi repository:

/etc/apt/sources.list.d/jitsi-stable.list

Save and exit your editor.

Finally, perform a system update to collect the package list from the Jitsi repository and then install the jitsi-meet package:

During the installation of jitsi-meet you will be prompted to enter the domain name (for example, jitsi.your-domain) that you want to use for your Jitsi Meet instance.

Note: You move the cursor from the hostname field to highlight the button with the TAB key. Press ENTER when is highlighted to submit the hostname.

You will then be shown a new dialog box that asks if you want Jitsi to create and use a self-signed TLS certificate or use an existing one you already have:

If you do not have a TLS certificate for your Jitsi domain select the first, Generate a new self-signed certificate, option.

Your Jitsi Meet instance is now installed using a self-signed TLS certificate. This will cause browser warnings, so you will get a signed TLS certificate in the next step.

Jitsi Meet uses TLS certificates to encrypt the call traffic so that no one can listen to your call as it travels over the internet. TLS certificates are the same certificates that are used by websites to enable HTTPS URLs.

Jitsi Meet supplies a program to automatically download a TLS certificate for your domain name that uses the Certbot utility. You will need to install this program before you run the certificate installation script.

First, add the Certbot repository to your system to ensure that you have the latest version of Certbot. Run the following command to add the new repository and update your system:

Next, install the certbot package:

Your server is now ready to run the TLS certificate installation program provided by Jitsi Meet:

When you run the script you will be shown the following prompt for an email address:

Output

This email address will be submitted to the certificate issuer https://letsencrypt.org and will be used to notify you about security and other matters related to the TLS certificate. You must enter an email address here to proceed with the installation. The installation will then complete without any further prompts.

When it finishes, your Jitsi Meet instance will be configured to use a signed TLS certificate for your domain name. Certificate renewals will also happen automatically because the installer placed a renewal script at /etc/cron.weekly/letsencrypt-renew that will run each week.

The TLS installer used port 80 to verify you had control of your domain name. Now that you have obtained the certificate your server no longer needs to have port 80 open because port 80 is used for regular, non-encrypted HTTP traffic. Jitsi Meet only serves its website via HTTPS on port 443.

Close this port in your firewall with the following ufw command:

Your Jitsi Meet server is now up and running and available for testing. Open a browser and point it to your domain name. You will be able to create a new conference room and invite others to join you.

The default configuration for Jitsi Meet is that anyone visiting your Jitsi Meet server homepage can create a new conference room. This will use your servers system resources to run the conference room and is not desirable for unauthorized users. In the next step, you will configure your Jitsi Meet instance to only allow registered users to create conference rooms.

In this step, you will configure your Jitsi Meet server to only allow registered users to create conference rooms. The files that you will edit were generated by the installer and are configured with your domain name.

The variable your_domain will be used in place of a domain name in the following examples.

First, open sudo nano /etc/prosody/conf.avail/your_domain.cfg.lua with a text editor:

Edit this line:

/etc/prosody/conf.avail/your_domain.cfg.lua

To the following:

/etc/prosody/conf.avail/your_domain.cfg.lua

This configuration tells Jitsi Meet to force username and password authentication before allowing conference room creation by a new visitor.

Then, in the same file, add the following section to the end of the file:

/etc/prosody/conf.avail/your_domain.cfg.lua

This configuration allows anonymous users to join conference rooms that were created by an authenticated user. However, the guest must have a unique address and an optional password for the room to enter it.

Here, you added guest. to the front of your domain name. For example, for jitsi.your-domain you would put guest.jitsi.your-domain. The guest. hostname is only used internally by Jitsi Meet. You will never enter it into a browser or need to create a DNS record for it.

Open another configuration file at /etc/jitsi/meet/your_domain-config.js with a text editor:

Edit this line:

/etc/jitsi/meet/your_domain-config.js

To the following:

/etc/jitsi/meet/your_domain-config.js

Again, by using the guest.your_domain hostname that you used earlier this configuration tells Jitsi Meet what internal hostname to use for the un-authenticated guests.

Next, open /etc/jitsi/jicofo/sip-communicator.properties:

And add the following line to complete the configuration changes:

/etc/jitsi/jicofo/sip-communicator.properties

This configuration points one of the Jitsi Meet processes to the local server that performs the user authentication that is now required.

Your Jitsi Meet instance is now configured so that only registered users can create conference rooms. After a conference room is created, anyone can join it without needing to be a registered user. All they will need is the unique conference room address and an optional password set by the rooms creator.

Now that Jitsi Meet is configured to require authenticated users for room creation you need to register these users and their passwords. You will use the prosodyctl utility to do this.

Run the following command to add a user to your server:

The user that you add here is not a system user. They will only be able to create a conference room and are not able to log in to your server via SSH.

Finally, restart the Jitsi Meet processes to load the new configuration:

The Jitsi Meet instance will now request a username and password with a dialog box when a conference room is created.

Your Jitsi Meet server is now set up and securely configured.

In this article, you deployed a Jitsi Meet server that you can use to host secure and private video conference rooms. You can extend your Jitsi Meet instance with instructions from the Jitsi Meet Wiki.

View post:
How To Install Jitsi Meet on Ubuntu 18.04 | DigitalOcean

Related Posts