Install Jitsi Meet on Ubuntu 20.04 – Self-Hosted Video Conferencing

This tutorial is going to show you how to install Jitsi Meet on Ubuntu 20.04 server. Jitsi Meet is a free open-source video conferencing software that works on Linux, macOS, Windows, iOS and Android. If you don’t trust Zoom, you can run your own video conferencing platform on your own server.

Features of Jitsi Meet

  • Completely free of charge
  • Share your computer screen with others.
  • The presenter mode allows you to share your screen and camera at the same time, so attendees can see the presenter and their body language throughout the presentation.
  • You can share the system audio while sharing your screen.
  • You can assign authorized users as moderators. A moderator can mute every participant with one click.
  • Communication over the network is encrypted using DTLS-SRTP.
  • End to end encryption (work in progress)
  • You can set a password for your conference to prevent random strangers coming in.
  • Record the meeting/conference and save it to Dropbox.
  • Stream to YouTube Live and store the recording on YouTube.
  • Android and iOS apps
  • Text chatting
  • Share text document
  • Telephone dial-in to a conference
  • Dial-out to a telephone participant
  • You can embed a Jits Meet call into any webpage with just a few lines of code.

Requirements of Installing Jitsi Meet on Ubuntu 20.04

To run Jitsi Meet, you need a server with at least 1GB RAM. You can click this referral link to create an account at Vultr to get $50 free credit (for new users only). Once you have an account at Vultr, install Ubuntu 20.04 on your server and follow the instructions below. When you have dozens of users, consider upgrading your server hardware. The server should be close to your users, or the delay will be noticiable during online meetings.

You also need a domain name. I registered my domain name at NameCheap because the price is low and they give whois privacy protection free for life.

Step 1: Install Jitsi Meet from the Official Package Repository

Jitsi Meet isn’t included in the default Ubuntu repository. We can install it from the official Jitsi package repository, which also contains several other useful software packages. Log into your server via SSH, then run the following command to add the official Jitsi repository.

echo 'deb https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list

Import the Jitsi public key, so the APT package manager can verifiy the integrity of packages downloaded from this repository.

wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -

Because the Jitsi repository requires HTTPS connection so we need to install apt-transport-https package to make APT establish HTTPS connection to the Jitsi repository.

sudo apt install apt-transport-https

Next, update local package index and install Jitsi Meet on Ubuntu.

sudo apt update 
sudo apt install jitsi-meet

During the installation, you need to enter a hostname for your Jitsi instance. This is the hostname that will appear in the web browser address bar when attendees join your video conference. You can use a descriptive hostname like meet.example.com.

install-jitsi-meet-on-ubuntu-20.04

In the next screen, you can choose to generate a new self-signed TLS certificate, so later you can obtain and install a trusted Let’s Encryption certificate.

jitsi-meet-web-config-ssl-certificate

The installation process will configure some Linux kernel parameters, which is saved to the /etc/sysctl.d/20-jvb-udp-buffers.conf file. Once the installation is complete, Jitsi Meet will automatically start. You can check its status with:

systemctl status jitsi-videobridge2

Sample Output:

● jitsi-videobridge2.service - Jitsi Videobridge
     Loaded: loaded (/lib/systemd/system/jitsi-videobridge2.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2020-04-25 03:07:16 UTC; 8min ago
   Main PID: 3721 (java)
      Tasks: 35 (limit: 65000)
     Memory: 168.5M
     CGroup: /system.slice/jitsi-videobridge2.service
             └─3721 java -Xmx3072m -XX:+UseConcMarkSweepGC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath>

Hint: If the above command doesn’t quit immediately, you can press the Q key to make it quit.

The jitsi-meet package also pulled other packages as dependencies, such as

  • openjdk-8-jre-headless: Java runtime environment. It’s needed because Jitsi Meet is written in the Java language.
  • jicofo: Jitsi conference Focus (systemctl status jicofo)
  • prosody: Lightweight Jabber/XMPP server (systemctl status prosody)
  • coturn: coturn TURN Server

Step 2: Open Ports in Firewall

Jitsi Meet listens on several UDP ports, as can be seen with the following command. (If your Ubuntu server doesn’t have the netstat command, you can run sudo apt install net-tools command to install it.)

sudo netstat -lnptu | grep java
Jitsi Meet Ubuntu 20.04 listening ports

To allow attendees to join a video conference from a web browser, you need to open TCP port 80 and 443. And to transfer video over the network, open UDP port 10000 and 5000. If you are using the UFW firewall, then run the following command to open these ports.

sudo ufw allow 80,443/tcp

sudo ufw allow 10000,5000/udp

Step 3: Obtain a Trusted Let’s Encrypt TLS Certificate

Go to your DNS hosting service (usually your domain registrar) to create DNS A record for your Jitsi hostname (meet.example.com). Then run the following script to obtain a trusted Let’s Encrypt TLS certificate:

sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Enter your email address to receive important account notifications. Then it will download certbot-auto and obtain TLS certificate.

jitsi-meet-https-letsencrypt-ubuntu-20.04

If everything is Ok, you will see the following message, indicating the TLS certificates has been successfully obtained and installed.

jitsi meet https letsencrypt

If you are using a clean Ubuntu 20.04 installation (not upgraded from 18.04 or 19.10), you will probably see the following error when obtaining Let’s Encrypt certificate.

Package python-virtualenv is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'python-virtualenv' has no installation candidate

This is due to Ubuntu 20.04 repository doesn’t have the python-virtualenv package. Instead of using the upstream certbot-auto binary to obtain TLS certificate, we can install the certbot package from the Ubuntu 20.04 repository and use it to obtain TLS certificate.

sudo apt install certbot

Next, we need to change instance of certbot-auto to certbot in the script with the following command.

sudo sed -i 's/\.\/certbot-auto/certbot/g' /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Run the script again, and you should be able to successfully obtain TLS certificate from Let’s Encrypt.

sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Note that this script uses the http-01 challenge, which means your Apache or Nginx web server needs to listen on port 80 of the public IP address. If your server environment doesn’t support the http-01 challenge, then you should not run the above script. You need to use other challenge types. In my case, I use the DNS challenge.

sudo certbot --agree-tos -a dns-cloudflare -i nginx --redirect --hsts --staple-ocsp --email me@linuxguru.com -d meet.linuxguru.com

Where:

  • --agree-tos: Agree to terms of service.
  • -a dns-cloudflare: I use the cloudflare DNS plugin to authenticate, because I use Cloudflare DNS service.
  • -i nginx: Use the nginx plugin to install the TLS certificate. If you use Apache, you need to replace nginx with apache.
  • --redirect: Force HTTPS by 301 redirect.
  • --hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
  • --staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.

Step 4: Enable HTTP2

HTTP2 can improve web page loading speed. To enable HTTP2 in Nginx, edit the virtual host config file.

sudo nano /etc/nginx/sites-enabled/meet.example.com.conf

Find the following two lines.

listen 443 ssl;
listen [::]:443 ssl;

Add http2 at the end.

listen 443 ssl http2;
listen [::]:443 ssl http2;

Save and close the file. Then reload Nginx for the change to take effect.

sudo systemctl reload nginx

Step 5: Start a New Online Meeting

Now visit https://meet.example.com and you will be able to start a conference. To transfer audio, you need to allow the web browser to use your microphone. And to tranfer video, you need to allow the web browser to access your camera.

Jitsi meet start a new meeting

Give your meeting a name and click the Go button. After the meeting is started, you can optionally choose to set a password for your meeting.

Step 6: Set Up User Authentication

By default, anyone can go to your Jitsi Meet instance, create a room and start a meeting. To set up user authentication, edit the Prosody configuration file.

sudo nano /etc/prosody/conf.d/meet.example.com.cfg.lua

Find the following line.

authentication = "anonymous"

Change it to the following, which will require the user to enter username and password to start a conference.

authentication = "internal_plain"

However, we don’t want attendees to enter username and password when joining the conference, so we need to create an anonymous login for guests, by adding the following lines at the end of this file. Note that you don’t need to create DNS A record for guest.meet.example.com.

VirtualHost "guest.meet.example.com"
    authentication = "anonymous"
    c2s_require_encryption = false
jitsi meet prosody user authentication

Save and close the file.

Next, edit the Jitsi Meet configuration file.

sudo nano /etc/jitsi/meet/meet.example.com-config.js

Find the following line,

// anonymousdomain: 'guest.example.com',

Remove the double slashes and change the guest domain. Replace meet.example.com with your real Jitsi Meet hostname.

anonymousdomain: 'guest.meet.example.com',

Save and close the file.

Then edit the Jicofo configuration file.

sudo nano /etc/jitsi/jicofo/sip-communicator.properties

Add the following line at the end of this file.

org.jitsi.jicofo.auth.URL=XMPP:meet.example.com

Save and close the file. Restart the systemd services for the changes to take effect.

sudo systemctl restart jitsi-videobridge2 prosody jicofo

To create user accounts in Jisi Meet, run the following command. You will be promoted to enter a password for the new user.

sudo prosodyctl register username meet.example.com

Now if you create a room in Jitsi Meet, you will need to enter a username and password.

jitsi meet user authentication

Optional: Set Up Jigasi For Telephone Dial-in or Dial-Out

Jitsi offers a telephony interface that allows users to dial into a conference or place dial-out reminder calls. Install the jigasi package (Jitsi gateway for SIP).

sudo apt install jigasi

During the installation, you will need to enter your SIP username and password. If you don’t have one, you can create a free SIP account at OnSIP.com.

jitsi meet jigasi SIP gateway

If you have set up user authentication in step 6, then you need to edit Jigasi configuration file.

sudo nano /etc/jitsi/jigasi/sip-communicator.properties

Find the following lines.

# org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
# org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
# org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

Uncomment them and enter an account and password that you created in step 6.

org.jitsi.jigasi.xmpp.acc.USER_ID=user1@meet.example.com
org.jitsi.jigasi.xmpp.acc.PASS=user1_password
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

Save and close the file. Restart the jigasi systemd service.

sudo systemctl status jigasi

Optional: Configure Coturn

If you see the following message during the installation of Jitsi Meet, you need to configure Coturn to make it work properly.

Warning! Could not resolve your external ip address! Error:^
Your turn server will not work till you edit your /etc/turnserver.conf config file.
You need to set your external ip address in external-ip and restart coturn service.

Edit the Coturn configuration file.

sudo nano /etc/turnserver.conf

Find the following line.

external-ip=127.0.0.1

Replace 127.0.0.1 with your server’s public IP address. Save and close the file. Then restart Coturn.

sudo systemctl restart coturn

Troubleshooting Tips

If you encounter errors, you can check the Nginx error log (/var/log/nginx/error.log) to find out what’s wrong. You can also check the logs of the systemd services.

sudo journalctl -eu jitsi-videobridge2 
sudo journalctl -eu prosody 
sudo journalctl -eu jicofo
Click to rate this post!
[Total: 0 Average: 0]

Leave a Reply