Jitsi

Jitsi is an online open-source project, for creating conferencing, Recently I have to work on this project that includes jitsi, and the setup of jitsi actually sometimes quite complicated, so I decided to write proper instructions on how to set up jitsi properly.

This article will be focused purely on how to, Install Jitsi, Customize Branding, Setup Token Authentication, and last Setup Guest.

By the end of the tutorial, you will have an application with proper conferencing and authentication setup and ready to use.

Installation :

Installation of jitsi is pretty straight forward you will have to set up FQDN in your server, I used GCP and I directly point a domain to the instance public IP.

These are the ports that need to be accessible in your instances

80 TCP HTTP traffic
443 TCP HTTPS traffic
10000 UDP

To test that the UDP port is accessible you can do something like this in your Linux instance.

nc -l -p 10000 -u

And in the accessing computer, you can

echo “123” | nc -u <public ip here> 10000

You should receive 123 in your instance. Once verified we can move to the next step.

sudo -iecho 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list 
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
# Ensure support is available for apt repositories served via HTTPS
apt-get install -y apt-transport-https

# Retrieve the latest package versions across all repositories
apt-get update

# Perform jitsi-meet installation
apt-get install -y jitsi-meet

The above will download and try to install the jitsi-meet on your Linux instance. You will be asked to prompt a hostname like in the image below.

Add Your FQDN and press Ok, and then select Generate a new self-signed certificate and again ok

The next step is to generate an SSL.

# Workaround for missing deployment script
mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
touch /etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
chmod +x /etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Now you will be asked to enter an email to proceed with the installation of the Let’s Encrypt certificate. Looks for congratulation on the output to be sure that the installation is successful.

Now the next step is to increase the number of participants because the quick install guide mention that the configuration is for less than 100 participants, so.

nano /etc/systemd/system.conf

Add these lines or replace them if already exists.

DefaultLimitNOFILE=65000
DefaultLimitNPROC=65000
DefaultTasksMax=65000

Next is to restart and check the status.

systemctl daemon-reload
service jitsi-videobridge2 restart

To check the successful implementation, Look for something like this Tasks: XX (limit: 65000) in the output.

Now you will be able to create conferences. The next step is to Add Token authentication.

apt-get install jitsi-meet-tokens

This will popup a window where you need to enter Id and the secret key, make sure to save those because they will be used to generate a jwt token.

Then you need to download the prosody trunk_1nightly and install it with the below command

sudo dpkg -i prosody-trunk_1nightly747-1~trusty_amd64.deb

You can actually follow this thread to manually verify if your authentication is correctly set up. Here is the link.

This will set up the authentication.

The Next Step is to let guests join without the authentication, for that you will have to go to /etc/jitsi/jicofo/sip-communicator.properties and add the below line.

nano /etc/jitsi/jicofo/sip-communicator.propertiesorg.jitsi.jicofo.auth.URL=EXT_JWT:meet.webinarwave.come

Once that done, move to /etc/jitsi/meet/meet.yourwebsite.com-config.js and uncomment the anonymousdomain and append your own domain like this.

anonymousdomain: 'guest.meet.mywebiste.com',

The next step is to add the guest virtual host in /etc/prosody/conf.avail/meet.yourwebsite.com.cfg.lua and add a guest host like this.

VirtualHost "guest.my.domain.name"  authentication = "token"
app_id="cnr_jitsi_app"
app_secret="my_app_secret"
allow_empty_token = true
c2s_require_encryption = false

And that is it, now you can visit a room without a jwt and it will pop up something like this.

Which basically tells you that a moderator is required in order to join the room, once the moderator joins, the room will be officially created and then the guest can join as well.

In the end, you will upend up not just setting up jitsi but also the jwt authentication. This article is for all the people who are trying to set up jitsi and for me, as I have wasted literally days on this, trying to properly set up jitsi.

Well, that is it folks, hope you like this, and hope it helps you in any way.