Skip to content

Instantly share code, notes, and snippets.

@shankar-bavan

shankar-bavan/jitsi-installation.md

Last active May 18, 2021 12:55
Show Gist options
  • Save shankar-bavan/9b9c4016186ae792bd07affd11b6c46a to your computer and use it in GitHub Desktop.
Save shankar-bavan/9b9c4016186ae792bd07affd11b6c46a to your computer and use it in GitHub Desktop.
Download ZIP
How To Install Jitsi Meet on Ubuntu 20 and Configure Load Balance
Raw
jitsi-installation.md

JITSI + JVB LOAD BALANCE WITH AWS + METRICS MONITOR

Update all package lists and packages. To do so run the following commands.

apt update && apt upgrade -y

Set up the Fully Qualified Domain Name (FQDN) (optional)

If the machine used to host the Jitsi Meet instance has a FQDN (for example meet.example.org) already set up in DNS, you can set it with the following command:

sudo hostnamectl set-hostname meet.example.org

Then add the same FQDN in the /etc/hosts file:

127.0.0.1 localhost
x.x.x.x meet.example.org

Note: x.x.x.x is your server's public IP address.

Finally on the same machine test that you can ping the FQDN with:

ping "$(hostname)"

If all worked as expected, you should see: meet.example.org

Add the Jitsi package repository

curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null

update all package sources

sudo apt update

Setup and configure your firewall

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 10000/udp
sudo ufw allow 22/tcp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
sudo ufw enable

Check the firewall status with sudo ufw status verbose

If you're using AWS Instance update the firewall on security groups

NOTE: IF YOU HAVE PLAN TO INSTALL YOUR OWN SSL (PAID) CERTIFICATE, FIRST CONFIGURE THE SSL CERTIFICATE UPLOAD THE .crt and .key FILES ON THIS SERVER AND REMEMBER THE FILE PATH BEFORE MOVE TO NEXT STEP

jitsi-meet installation

sudo apt install jitsi-meet

During the installation, you will be asked to enter the FQDN of the Jitsi Meet instance. Please be sure to enter the correct hostname (in our case meet.example.org)

Generate a certificate (FREE SSL)

In order to have secure communication we need a TLS certificate. Luckily Jitsi Meet makes this very easy. Simply run the following command, enter a valid email address and wait until the script finished.

/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Confirm that your installation is working

Launch a web browser (such as Firefox, Chrome or Safari) and enter the hostname or IP address from the previous step into the address bar.

You should see a web page prompting you to create a new meeting. Make sure that you can successfully create a meeting and that other participants are able to join the session.

JVB Load Balancing Configuration

Multiple Video Bridge Configuration

Following confguration on Jitsi server (Main Server)

We need to run prosody on all interfaces. To do that, add the following line at the beginning of /etc/prosody/prosody.cfg.lua file

component_ports = { 5347 }
component_interface = "0.0.0.0"

add the following lines to /etc/jitsi/videobridge/sip-communicator.properties

org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

Open inbound traffic from JVB server on port 5222 (TCP) of Prosody server.

Configure the second machine

Connect to the second machine, add the required repositories and install jitsi-videobridge by running the following commands.

curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null

sudo apt update
sudo apt install jitsi-videobridge2 -y

open the file /etc/jitsi/videobridge/sip-communicator.properties and add the following lines to the end.

org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

In the same file find the line org.jitsi.videobridge.xmpp.user.shard.HOSTNAME and set it to the public ip address of the prosody server(main server).

org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=<public ip address>

JWT Authentication Configuration

soon

Etherpad Configuration

Install Etherpad

curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
sudo apt install -y nodejs
git clone --branch master https://github.com/ether/etherpad-lite.git &&
cd etherpad-lite &&
src/bin/run.sh

start the service

It will run on the port by default tcp/9001(no need to open the firewall, it will communicate locally with nginx in reverse proxy)

systemctl enable etherpad-lite

systemctl start etherpad-lite

Check the status

systemctl status etherpad-lite

if there is any error run:-

systemctl stop etherpad-lite

systemctl start etherpad-lite

Add the following to /etc/nginx/sites-available/meet.example.org

   # Etherpad-lite
    location ^~ /etherpad/ {
        proxy_pass http://localhost:9001/;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_buffering off;
        proxy_set_header       Host $host;
    }

Restart nginx

sudo service nginx restart

Add the following to /etc/jitsi/meet/meet.example.org-config.js

etherpad_base: 'https://meet.example.org/etherpad/p/',

That's all. Now start meeting and click on "Open shared document"

Grafana Dashboard Metrics Monitor

soon

Customize Jitsi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment