Try   HackMD

Jitsi Meet on Ubuntu 20.04 server

Feb 2022

Self-Hosting prepare

I selected distribution of Ubuntu 20.04 (Focal Fossa) as supported out-of-the-box by manufacturer

Install Ubuntu, required packages and repository updates

  • As always there is no default gateway:
sudo ip route add default via xxx.xxx.xxx.xxx
  • Make sure your system is up-to-date and required packages are installed:
# Retrieve the latest package versions across all repositories sudo apt update sudo apt upgrade # Ensure support for apt repositories served via HTTPS sudo apt install apt-transport-https # Jitsi requires dependencies from Ubuntu's universe package repository sudo apt-add-repository universe sudo apt install net-tools sudo apt install gnupg2 sudo apt install nginx-full
  • Add the Jitsi package repository
curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg' echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null # Update all package sources sudo apt update

Install Jitsi Meet

Domain name and set up DNS

  1. I decide what domain i will use, its jitsi-vks.xxx
  2. Set a DNS A record for that domain
  3. Reserved ip address on DHCP server
  4. Set up the Fully Qualified Domain Name
sudo hostnamectl set-hostname jitsi-vks.xxx
  1. Then add the same FQDN in the /etc/hosts file:
127.0.0.1 localhost
xxx.xxx.xxx.xxx jitsi-vks.xxx
  1. Finally i'm testing ping the FQDN with: ping "$(hostname)"

Setup and configure firewall

The following ports need to be open in firewall, to allow traffic to the Jitsi Meet server:

  • 80 TCP - for SSL certificate verification / renewal with Let's Encrypt
  • 443 TCP - for general access to Jitsi Meet
  • 10000 UDP - for general network video/audio communications
  • 22 TCP - access to using SSH
  • 3478 UDP - for quering the stun server
  • 5349 TCP - for fallback network video/audio communications over TCP (when UDP is blocked for example), served by coturn
  • 4443 TCP - some recommend
  • 10000:20000 UDP - some recommend
sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw allow 10000/udp sudo ufw allow 22/tcp sudo ufw allow 3478/udp sudo ufw allow 5349/tcp sudo ufw allow 4443/tcp sudo ufw allow 10000:20000/udp sudo ufw enable

Check the firewall status with:

sudo ufw status verbose

Jitsi Meet installation

sudo apt install jitsi-meet

I also was asked to enter the hostname of the Jitsi Meet instance: jitsi-vks.xxx

Advanced configuration

If the installation is on a machine behind NAT jitsi-videobridge should configure itself automatically on boot. If three way calls do not work, further configuration of jitsi-videobridge is needed in order for it to be accessible from outside.

Provided that all required ports are routed (forwarded) to the machine that it runs on. By default these ports are (TCP/443 or TCP/4443 and UDP/10000).

The following extra lines need to be added to the file /etc/jitsi/videobridge/sip-communicator.properties:

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi-vks.xxx
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=XXXXXX
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi-vks.xxx
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=7747975d-2300-43de-9e2f-02b8d20c19f7
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<xxx.xxx.xxx.xxx>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<xxx.xxx.xxx.xxx>

Also i deleted the line: org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES

See the documentation of ice4j for details here

Important commands

# Перезапуск всех сервисов Jitsi Meet sudo systemctl restart prosody.service sudo systemctl restart jicofo.service sudo systemctl restart jitsi-videobridge2.service sudo systemctl restart nginx.service sudo systemctl restart prosody jicofo jitsi-videobridge2 # Какие версии пакетов установлены dpkg -l | grep jitsi # Какая версия OpenJDK java -version # Вывод логов sudo journalctl -eu jitsi-videobridge2 sudo journalctl -eu prosody sudo journalctl -eu jicofo

Log files

/var/log/nginx/error.log
/var/log/jitsi/jvb.log
/var/log/jitsi/jicofo.log
/var/log/prosody/prosody.log

Add additional routes on my net

sudo route add -net 10.20.30.0 gw 11 sudo route add -net 10.10.10.0 gw 11 sudo route add -net 10.100.10.0 gw 33 sudo route add -net 10.20.130.0 gw 33

How to test if port 10000 UDP is open or block

  1. Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
    Ver 1

On the server

sudo nc -uvvl -s YOUR_IP -p 10000

Then on the client

sudo nc -uvv SERVER_IP PORT

  1. Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
    Ver 2

From the client side

nc -zuv server_ip 10000
nc -zuv server_ip 40000

If the second one says connection succeeded too, ignore the first one

  1. Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
    Ver 3

sudo netstat -taunp | grep 10000


Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Links

Наименование Links
Jitsi Meet Handbook
Jitsi Community
Jitsi Github

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Info

Core modules Jitsi Meet

Jicofo — XMPP-компонент, процесс, который управляет подключением клиентских приложений к видеоконференции. Также во время её проведения он реализует функционал отправки приглашений, распределения нагрузки при использовании нескольких XMPP-серверов и пр. У него есть свой HTTP API (/about/health) для опроса о состоянии ресурса.

Jitsi Videobridge – ключевой компонент системы. При передаче видео и аудио между участниками он выполняет роль посредника, то есть осуществляет функцию терминирования RTP/RTCP, устанавливает границы битрейта в обе стороны на каждого клиента. Есть свой собственный HTTP API для мониторинга (/colibri/debug).

Он работает по архитектуре Simulcast и не занимается транскодингом, потому потребляет относительно мало ресурсов CPU сервера, но при этом возрастает нагрузка на клиентскую часть по сравнению с другими архитектурами.

К системе ВКС Jitsi можно подключить несколько видеобриджей — тогда каждой новой конференции будет поставлен в соответствие один из них.

Jigasi — внешнее расширение для участия в Jitsi-конференциях через SIP-телефонию (требуется отдельная настройка).

Jibri — набор сервисов для записи и трансляции конференции. Запускает Chrome в виртуальном видеобуфере, захватывая и кодируя выходные данные с помощью ffmpeg. Сервис предназначен для запуска на отдельном компьютере (или виртуальной машине), без других приложений, использующих дисплей или аудио устройства. Каждый запущенный экземпляр Jibri поддерживает только один процесс записи за раз.

Prosody — это кроссплатформенный XMPP-сервер, написанный на языке программирования Lua.