HackMDJitsi Meet on Ubuntu 20.04 server
Feb 2022
Self-Hosting prepare
I selected distribution of Ubuntu 20.04 (Focal Fossa) as supported out-of-the-box by manufacturer
- Ubuntu 20.04 (Focal Fossa) ➜ ubuntu-20.04.3-live-server-amd64.iso
- Virtual machine:
- 4 CPU
- 8 GB RAM
- 35 GB HDD
Install Ubuntu, required packages and repository updates
- As always there is no default gateway:
sudo ip route add default via xxx.xxx.xxx.xxx
- Make sure your system is up-to-date and required packages are installed:
# Retrieve the latest package versions across all repositories
sudo apt update
sudo apt upgrade
# Ensure support for apt repositories served via HTTPS
sudo apt install apt-transport-https
# Jitsi requires dependencies from Ubuntu's universe package repository
sudo apt-add-repository universe
sudo apt install net-tools
sudo apt install gnupg2
sudo apt install nginx-full
- Add the Jitsi package repository
curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
# Update all package sources
sudo apt update
Install Jitsi Meet
Domain name and set up DNS
- I decide what domain i will use, its
jitsi-vks.xxx - Set a DNS A record for that domain
- Reserved ip address on DHCP server
- Set up the Fully Qualified Domain Name
sudo hostnamectl set-hostname jitsi-vks.xxx
- Then add the same FQDN in the /etc/hosts file:
127.0.0.1 localhost
xxx.xxx.xxx.xxx jitsi-vks.xxx
- Finally i'm testing ping the FQDN with:
ping "$(hostname)"
Setup and configure firewall
The following ports need to be open in firewall, to allow traffic to the Jitsi Meet server:
- 80 TCP - for SSL certificate verification / renewal with Let's Encrypt
- 443 TCP - for general access to Jitsi Meet
- 10000 UDP - for general network video/audio communications
- 22 TCP - access to using SSH
- 3478 UDP - for quering the stun server
- 5349 TCP - for fallback network video/audio communications over TCP (when UDP is blocked for example), served by coturn
- 4443 TCP - some recommend
- 10000:20000 UDP - some recommend
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 10000/udp
sudo ufw allow 22/tcp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
sudo ufw allow 4443/tcp
sudo ufw allow 10000:20000/udp
sudo ufw enable
Check the firewall status with:
sudo ufw status verbose
Jitsi Meet installation
sudo apt install jitsi-meet
I also was asked to enter the hostname of the Jitsi Meet instance: jitsi-vks.xxx
Advanced configuration
If the installation is on a machine behind NAT jitsi-videobridge should configure itself automatically on boot. If three way calls do not work, further configuration of jitsi-videobridge is needed in order for it to be accessible from outside.
Provided that all required ports are routed (forwarded) to the machine that it runs on. By default these ports are (TCP/443 or TCP/4443 and UDP/10000).
The following extra lines need to be added to the file /etc/jitsi/videobridge/sip-communicator.properties:
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi-vks.xxx
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=XXXXXX
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi-vks.xxx
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=7747975d-2300-43de-9e2f-02b8d20c19f7
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<xxx.xxx.xxx.xxx>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<xxx.xxx.xxx.xxx>
Also i deleted the line: org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES
Important commands
# Перезапуск всех сервисов Jitsi Meet
sudo systemctl restart prosody.service
sudo systemctl restart jicofo.service
sudo systemctl restart jitsi-videobridge2.service
sudo systemctl restart nginx.service
sudo systemctl restart prosody jicofo jitsi-videobridge2
# Какие версии пакетов установлены
dpkg -l | grep jitsi
# Какая версия OpenJDK
java -version
# Вывод логов
sudo journalctl -eu jitsi-videobridge2
sudo journalctl -eu prosody
sudo journalctl -eu jicofo
Log files
/var/log/nginx/error.log
/var/log/jitsi/jvb.log
/var/log/jitsi/jicofo.log
/var/log/prosody/prosody.log
Add additional routes on my net
sudo route add -net 10.20.30.0 gw 11
sudo route add -net 10.10.10.0 gw 11
sudo route add -net 10.100.10.0 gw 33
sudo route add -net 10.20.130.0 gw 33
How to test if port 10000 UDP is open or block
- Ver 1Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
On the server
sudo nc -uvvl -s YOUR_IP -p 10000
Then on the client
sudo nc -uvv SERVER_IP PORT
- Ver 2Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
From the client side
nc -zuv server_ip 10000
nc -zuv server_ip 40000
If the second one says connection succeeded too, ignore the first one
- Ver 3Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
sudo netstat -taunp | grep 10000
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Useful Links
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Core modules Jitsi Meet
Jicofo — XMPP-компонент, процесс, который управляет подключением клиентских приложений к видеоконференции. Также во время её проведения он реализует функционал отправки приглашений, распределения нагрузки при использовании нескольких XMPP-серверов и пр. У него есть свой HTTP API (/about/health) для опроса о состоянии ресурса.
Jitsi Videobridge – ключевой компонент системы. При передаче видео и аудио между участниками он выполняет роль посредника, то есть осуществляет функцию терминирования RTP/RTCP, устанавливает границы битрейта в обе стороны на каждого клиента. Есть свой собственный HTTP API для мониторинга (/colibri/debug).
Он работает по архитектуре Simulcast и не занимается транскодингом, потому потребляет относительно мало ресурсов CPU сервера, но при этом возрастает нагрузка на клиентскую часть по сравнению с другими архитектурами.
К системе ВКС Jitsi можно подключить несколько видеобриджей — тогда каждой новой конференции будет поставлен в соответствие один из них.
Jigasi — внешнее расширение для участия в Jitsi-конференциях через SIP-телефонию (требуется отдельная настройка).
Jibri — набор сервисов для записи и трансляции конференции. Запускает Chrome в виртуальном видеобуфере, захватывая и кодируя выходные данные с помощью ffmpeg. Сервис предназначен для запуска на отдельном компьютере (или виртуальной машине), без других приложений, использующих дисплей или аудио устройства. Каждый запущенный экземпляр Jibri поддерживает только один процесс записи за раз.
Prosody — это кроссплатформенный XMPP-сервер, написанный на языке программирования Lua.
