08 Apr Jitsi
A Zoom alternative
Jitsi is a wonderful alternative to Zoom videoconferencing. It is it fully encrypted, 100% open source and can be easily installed on your own server. We have been using Jitsi for a while after fixing some initial issues when running on Debian 10. Below are the steps to install Jitsi and fix the issues we encountered with the jvb passwords not in sync.
Jitsi - Quick Install
Basic Jitsi Meet install
Set up the Fully Qualified Domain Name (FQDN) (optional)
If the machine used to host the Jitsi Meet instance has a FQDN (for example
meet.example.org) already set up in DNS,
/etc/hostname must contain this FQDN; if this is not the case yet, change the hostname.
Then add the same FQDN in the
/etc/hosts file, associating it with the loopback address:
127.0.0.1 localhost meet.example.org
Finally on the same machine test that you can ping the FQDN with:
Add the Jitsi package repository
echo 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
Install Jitsi Meet
Note: The installer will check if Nginx or Apache is present (in that order) and configure a virtualhost within the web server it finds to serve Jitsi Meet. If none of the above is found it then defaults to Nginx. If you are already running Nginx on port 443 on the same machine you better skip the turnserver configuration as it will conflict with your current port 443, so use the command
apt install --no-install-recommends jitsi-meet.
# Ensure support is available for apt repositories served via HTTPS apt-get install apt-transport-https # Retrieve the latest package versions across all repositories apt-get update # Perform jitsi-meet installation apt-get -y install jitsi-meet
During the installation, you will be asked to enter the hostname of the Jitsi Meet instance. If you have a FQDN for the instance already set up in DNS, enter it there. If you don’t have a resolvable hostname, you can enter the IP address of the machine (if it is static or doesn’t change).
This hostname (or IP address) will be used for virtualhost configuration inside the Jitsi Meet and also, you and your correspondents will be using it to access the web conferences.
Generate a Let's Encrypt certificate (optional, recommended)
Note: Jitsi Meet mobile apps require a valid certificate signed by a trusted Certificate Authority and will not be able to connect to your server if you choose a self-signed certificate.
Simply run the following in your shell:
Note that this script uses the HTTP-01 challenge type and thus your instance needs to be accessible from the public internet. If you want to use a different challenge type, don’t use this script and instead choose I want to use my own certificate during jitsi-meet installation.
If the installation is on a machine behind NAT jitsi-videobridge should configure itself automatically on boot. If three way call does not work further configuration of jitsi-videobridge is needed in order for it to be accessible from outside. Provided that all required ports are routed (forwarded) to the machine that it runs on. By default these ports are (TCP/443 or TCP/4443 and UDP/10000).
The following extra lines need to be added to the file
And comment the existing
See the documentation of ice4j for details.
Default deployments on systems using systemd will have low default values for maximum processes and open files. If the used bridge will expect higher number of participants the default values need to be adjusted (the default values are good for less than 100 participants). To update the values edit
/etc/systemd/system.conf and make sure you have the following values:
To load the values and check them look here for details.
By default, anyone who has access to your jitsi instance will be able to start a conference: if your server is open to the world, anyone can have a chat with anyone else. If you want to limit the ability to start a conference to registered users, set up a “secure domain”. Follow the instructions at https://github.com/jitsi/jicofo#secure-domain.
Fix JVB password
- Debian 10
- jitsi-meet/stable,now 2.0.4384-1 all [installed]
To fix the video bridge, the same password (In my example: MySecretIsHere) need to be set on 3 places:
# cat /etc/jitsi/videobridge/config | grep JVB_SECRET
# cat /etc/jitsi/videobridge/sip-communicator.properties | grep org.jitsi.videobridge.xmpp.user.shard.PASSWORD=
# prosodyctl passwd email@example.com
Enter MySecretIsHere twice here
# systemctl restart prosody.service
or reboot the jitsi server
Jitsi - Useful Links:
Do you enjoy open source software like Jitsi?
If you enjoy great open-source software like Jitsi, you will love pfSense®. pfSense® is the world’s most trusted open source firewall. It bring together the most advanced technology available to make protecting a network easier.