Jitsi Meet on Ubuntu 20.04 server

Feb 2022

• Jitsi Meet on Ubuntu 20.04 server
  • Self-Hosting prepare
  • Install Ubuntu, required packages and repository updates
• Install Jitsi Meet
  • Domain name and set up DNS
  • Setup and configure firewall
  • Jitsi Meet installation
  • Advanced configuration
  • Important commands
  • Log files
    • Add additional routes on my net
    • How to test if port 10000 UDP is open or block
  • Useful Links
• Core modules Jitsi Meet

Self-Hosting prepare

I selected distribution of Ubuntu 20.04 (Focal Fossa) as supported out-of-the-box by manufacturer

• Ubuntu 20.04 (Focal Fossa) ➜ ubuntu-20.04.3-live-server-amd64.iso
• Virtual machine:
  • 4 CPU
  • 8 GB RAM
  • 35 GB HDD

Install Ubuntu, required packages and repository updates

• As always there is no default gateway：

sudo ip route add default via xxx.xxx.xxx.xxx

• Make sure your system is up-to-date and required packages are installed:

# Retrieve the latest package versions across all repositories
sudo apt update
sudo apt upgrade
# Ensure support for apt repositories served via HTTPS
sudo apt install apt-transport-https
# Jitsi requires dependencies from Ubuntu's universe package repository
sudo apt-add-repository universe
sudo apt install net-tools
sudo apt install gnupg2
sudo apt install nginx-full

• Add the Jitsi package repository

curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null

# Update all package sources
sudo apt update

Install Jitsi Meet

Domain name and set up DNS

1. I decide what domain i will use, its jitsi-vks.xxx
2. Set a DNS A record for that domain
3. Reserved ip address on DHCP server
4. Set up the Fully Qualified Domain Name

sudo hostnamectl set-hostname jitsi-vks.xxx

5. Then add the same FQDN in the /etc/hosts file:

127.0.0.1 localhost
xxx.xxx.xxx.xxx jitsi-vks.xxx

6. Finally i'm testing ping the FQDN with: ping "$(hostname)"

Setup and configure firewall

The following ports need to be open in firewall, to allow traffic to the Jitsi Meet server:

• 80 TCP - for SSL certificate verification / renewal with Let's Encrypt
• 443 TCP - for general access to Jitsi Meet
• 10000 UDP - for general network video/audio communications
• 22 TCP - access to using SSH
• 3478 UDP - for quering the stun server
• 5349 TCP - for fallback network video/audio communications over TCP (when UDP is blocked for example), served by coturn
• 4443 TCP - some recommend
• 10000:20000 UDP - some recommend

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 10000/udp
sudo ufw allow 22/tcp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
sudo ufw allow 4443/tcp
sudo ufw allow 10000:20000/udp
sudo ufw enable

Check the firewall status with:

sudo ufw status verbose

Jitsi Meet installation

sudo apt install jitsi-meet

I also was asked to enter the hostname of the Jitsi Meet instance: jitsi-vks.xxx

Advanced configuration

If the installation is on a machine behind NAT jitsi-videobridge should configure itself automatically on boot. If three way calls do not work, further configuration of jitsi-videobridge is needed in order for it to be accessible from outside.

Provided that all required ports are routed (forwarded) to the machine that it runs on. By default these ports are (TCP/443 or TCP/4443 and UDP/10000).

The following extra lines need to be added to the file /etc/jitsi/videobridge/sip-communicator.properties:

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi-vks.xxx
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=XXXXXX
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi-vks.xxx
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=7747975d-2300-43de-9e2f-02b8d20c19f7
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<xxx.xxx.xxx.xxx>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<xxx.xxx.xxx.xxx>

Also i deleted the line: org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES

See the documentation of ice4j for details here

Important commands

# Перезапуск всех сервисов Jitsi Meet
sudo systemctl restart prosody.service
sudo systemctl restart jicofo.service
sudo systemctl restart jitsi-videobridge2.service
sudo systemctl restart nginx.service

sudo systemctl restart prosody jicofo jitsi-videobridge2

# Какие версии пакетов установлены
dpkg -l | grep jitsi 

# Какая версия OpenJDK
java -version

# Вывод логов
sudo journalctl -eu jitsi-videobridge2
sudo journalctl -eu prosody
sudo journalctl -eu jicofo	

Log files

/var/log/nginx/error.log
/var/log/jitsi/jvb.log
/var/log/jitsi/jicofo.log
/var/log/prosody/prosody.log

Add additional routes on my net

sudo route add -net 10.20.30.0 gw 11
sudo route add -net 10.10.10.0 gw 11
sudo route add -net 10.100.10.0 gw 33
sudo route add -net 10.20.130.0 gw 33

How to test if port 10000 UDP is open or block

1. Image Not Showing Possible Reasons

   • The image file may be corrupted
   • The server hosting the image is unavailable
   • The image path is incorrect
   • The image format is not supported

   Learn More →
   Ver 1

On the server

sudo nc -uvvl -s YOUR_IP -p 10000

Then on the client

sudo nc -uvv SERVER_IP PORT

2. Image Not Showing Possible Reasons

   • The image file may be corrupted
   • The server hosting the image is unavailable
   • The image path is incorrect
   • The image format is not supported

   Learn More →
   Ver 2

From the client side

nc -zuv server_ip 10000
nc -zuv server_ip 40000

If the second one says connection succeeded too, ignore the first one

3. Image Not Showing Possible Reasons

   • The image file may be corrupted
   • The server hosting the image is unavailable
   • The image path is incorrect
   • The image format is not supported

   Learn More →
   Ver 3

sudo netstat -taunp | grep 10000

Image Not Showing Possible Reasons

• The image file may be corrupted
• The server hosting the image is unavailable
• The image path is incorrect
• The image format is not supported

Learn More →

Useful Links

Core modules Jitsi Meet

Jicofo — XMPP-компонент, процесс, который управляет подключением клиентских приложений к видеоконференции. Также во время её проведения он реализует функционал отправки приглашений, распределения нагрузки при использовании нескольких XMPP-серверов и пр. У него есть свой HTTP API (/about/health) для опроса о состоянии ресурса.

Jitsi Videobridge – ключевой компонент системы. При передаче видео и аудио между участниками он выполняет роль посредника, то есть осуществляет функцию терминирования RTP/RTCP, устанавливает границы битрейта в обе стороны на каждого клиента. Есть свой собственный HTTP API для мониторинга (/colibri/debug).

Он работает по архитектуре Simulcast и не занимается транскодингом, потому потребляет относительно мало ресурсов CPU сервера, но при этом возрастает нагрузка на клиентскую часть по сравнению с другими архитектурами.

К системе ВКС Jitsi можно подключить несколько видеобриджей — тогда каждой новой конференции будет поставлен в соответствие один из них.

Jigasi — внешнее расширение для участия в Jitsi-конференциях через SIP-телефонию (требуется отдельная настройка).

Jibri — набор сервисов для записи и трансляции конференции. Запускает Chrome в виртуальном видеобуфере, захватывая и кодируя выходные данные с помощью ffmpeg. Сервис предназначен для запуска на отдельном компьютере (или виртуальной машине), без других приложений, использующих дисплей или аудио устройства. Каждый запущенный экземпляр Jibri поддерживает только один процесс записи за раз.

Prosody — это кроссплатформенный XMPP-сервер, написанный на языке программирования Lua.