Install Jitsi Meet on Ubuntu 22.04 – Self-Hosted Video Conferencing

This tutorial is going to show you how to install Jitsi Meet on Ubuntu 22.04 server. Jitsi Meet is a free open-source video conferencing software that works on Linux, macOS, Windows, iOS, and Android. If you don’t trust Zoom, you can run your own video conferencing platform on your own server.

Features of Jitsi Meet

• Completely free of charge
• Share your computer screen with others.
• The presenter mode allows you to share your screen and camera at the same time, so attendees can see the presenter and their body language throughout the presentation.
• You can share the system audio while sharing your screen.
• You can assign authorized users as moderators. A moderator can mute every participant with one click.
• Communication over the network is encrypted using DTLS-SRTP.
• End-to-end encryption (work in progress)
• You can set a password for your conference to prevent random strangers from coming in.
• Record the meeting/conference and save it to Dropbox.
• Stream to YouTube Live and store the recording on YouTube.
• Android and iOS apps
• Text chatting
• Share text document
• Telephone dial-in to a conference
• Dial-out to a telephone participant
• You can embed a Jits Meet call into any webpage with just a few lines of code.

Requirements of Installing Jitsi Meet on Ubuntu 22.04

To run Jitsi Meet, you need a server with at least 1GB RAM. If you are looking for a virtual private server (VPS), I recommend Kamatera VPS, which features:

• 30 days free trial.
• Starts at $4/month (1GB RAM)
• High-performance KVM-based VPS
• 9 data centers around the world, including the United States, Canada, UK, Germany, The Netherlands, Hong Kong, and Isreal.

Follow the tutorial linked below to create your Linux VPS server at Kamatera. The server should be close to your users, or the latency will be noticeable during online meetings.

• How to Create a Linux VPS Server on Kamatera

When you have dozens of users, consider upgrading your server hardware.

You also need a domain name. I registered my domain name at NameCheap because the price is low and they give whois privacy protection free for life.

Step 1: Install Jitsi Meet from the Official Package Repository

Jitsi Meet isn’t included in the default Ubuntu repository. We can install it from the official Jitsi package repository, which also contains several other useful software packages. Log into your server via SSH, then run the following command to add the official Jitsi repository.

echo 'deb https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list

Import the Jitsi public key, so the APT package manager can verifiy the integrity of packages downloaded from this repository.

wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -

Because the Jitsi repository requires HTTPS connection so we need to install apt-transport-https package to make APT establish HTTPS connection to the Jitsi repository.

sudo apt install apt-transport-https

Next, update local package index and install Jitsi Meet on Ubuntu.

sudo apt update 
sudo apt install jitsi-meet

During the installation, you need to enter a hostname for your Jitsi instance. This is the hostname that will appear in the web browser address bar when attendees join your video conference. You can use a descriptive hostname like meet.example.com.

In the next screen, you can choose to generate a new self-signed TLS certificate, so later you can obtain and install a trusted Let’s Encryption certificate.

The installation process will configure some Linux kernel parameters, which is saved to the /etc/sysctl.d/20-jvb-udp-buffers.conf file. Once the installation is complete, Jitsi Meet will automatically start. You can check its status with:

systemctl status jitsi-videobridge2

Sample Output:

● jitsi-videobridge2.service - Jitsi Videobridge
     Loaded: loaded (/lib/systemd/system/jitsi-videobridge2.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-07-15 19:34:00 HKT; 41s ago
    Process: 22568 ExecStartPost=/bin/bash -c echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridg>
   Main PID: 22567 (java)
      Tasks: 56 (limit: 65000)
     Memory: 224.3M
        CPU: 17.815s
     CGroup: /system.slice/jitsi-videobridge2.service

Hint: If the above command doesn’t quit immediately, you can press the Q key to make it quit.

The jitsi-meet package also installs other packages as dependencies, such as

• openjdk-8-jre-headless: Java runtime environment. It’s needed because Jitsi Meet is written in the Java language.
• jicofo: Jitsi conference Focus (systemctl status jicofo)
• prosody: Lightweight Jabber/XMPP server (systemctl status prosody)
• coturn: TURN and STUN server for VoIP
• Nginx: /etc/nginx/sites-enabled/meet.example.com.conf

Step 2: Install Coturn Server

Coturn is a free open-source TURN and STUN server for VoIP. Jitsi doesn’t install cotorn automatically on Ubuntu 22.04. We need to install it manually.

Download coturn deb package.

wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/c/coturn/coturn_4.5.2-3.1_amd64.deb

Install it with apt.

sudo apt install ./coturn_4.5.2-3.1_amd64.deb

Install the jitsi-meet-turnserver package.

sudo apt install jitsi-meet-turnserver

During installation, Jitsi will automatically configure coturn server (/etc/turnserver.conf).

Step 3: Open Ports in Firewall

Jitsi Meet listens on several UDP ports. To allow attendees to join a video conference from a web browser, you need to open TCP port 80 and 443. And to transfer video over the network, open UDP port 10000 and TCP port 5349. The Coturn server also needs to open the UDP 3478 port.

If you are using the UFW firewall, then run the following command to open these ports.

sudo ufw allow 22,80,443,5349/tcp

sudo ufw allow 10000,3478/udp

Step 4: Obtain a Trusted Let’s Encrypt TLS Certificate

Go to your DNS hosting service (usually your domain registrar) to create DNS A record for your Jitsi hostname (meet.example.com). Then run the following script to obtain a trusted Let’s Encrypt TLS certificate:

sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Enter your email address to receive important account notifications. Then it will install certbot and obtain TLS certificate.

If everything is ok, you will see the following message, indicating the TLS certificate has been successfully obtained and installed.

Note that this script uses the http-01 challenge, which means your Apache or Nginx web server needs to listen on port 80 of the public IP address. If your server environment doesn’t support the http-01 challenge, then you should not run the above script. You need to use other challenge types. In my case, I use the DNS challenge.

sudo certbot --agree-tos -a dns-cloudflare -i nginx --redirect --hsts --staple-ocsp --email [email protected] -d meet.linuxbabe.com

Where:

• --agree-tos: Agree to terms of service.
• -a dns-cloudflare: I use the cloudflare DNS plugin to authenticate because I use Cloudflare DNS service.
• -i nginx: Use the nginx plugin to install the TLS certificate. If you use Apache, you need to replace nginx with apache.
• --redirect: Force HTTPS by 301 redirect.
• --hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
• --staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.

If you obtain TLS certificate by running the certbot command, then you need to update the TLS certificate and key file in

• /etc/nginx/sites-enabled/meet.example.com.conf
•  /etc/turnserver.conf
• /etc/prosody/conf.d/meet.linuxbabe.com.cfg.lua

Make sure the prosody, jicofo and jvb user can read the TLS certificate files.

sudo apt install acl
sudo setfacl -R -m u:prosody:rx /etc/letsencrypt/live /etc/letsencrypt/archive/
sudo setfacl -R -m u:jicofo:rx /etc/letsencrypt/live /etc/letsencrypt/archive/
sudo setfacl -R -m u:jvb:rx /etc/letsencrypt/live /etc/letsencrypt/archive/

Don’t forget to restart these services.

sudo systemctl restart nginx coturn prosody jitsi-videobridge2 jicofo

Step 5: Enable HTTP2

HTTP2 can improve web page loading speed. To enable HTTP2 in Nginx, edit the virtual host config file.

sudo nano /etc/nginx/sites-enabled/meet.example.com.conf

Find the following two lines.

listen 443 ssl;
listen [::]:443 ssl;

Add http2 at the end.

listen 443 ssl http2;
listen [::]:443 ssl http2;

By default, the Jitsi Meet virtual host logs to the standard Nginx log files (/var/log/nginx/access.log). It’s recommended to use a separate log file by adding the following two lines.

access_log /var/log/nginx/jitsi-meet.access
error_log /var/log/nginx/jitsi-meet.error

Save and close the file. Then reload Nginx for the change to take effect.

sudo systemctl reload nginx

Step 5: Start a New Online Meeting

Now visit https://meet.example.com and you will be able to start a conference. To transfer audio, you need to allow the web browser to use your microphone. And to tranfer video, you need to allow the web browser to access your camera.

Give your meeting a name and click the Go button. After the meeting is started, you can optionally choose to set a password for your meeting.

Troubleshooting Tips

If you encounter errors, you can check the error log to find out what’s wrong.

• /var/log/nginx/jitsi-meet.access
• /var/log/nginx/jitsi-meet.error
• /var/log/jitsi/jicofo.log
• /var/log/jitsi/jvb.log

You can also check the logs of the systemd services.

sudo journalctl -eu jitsi-videobridge2 
sudo journalctl -eu prosody 
sudo journalctl -eu jicofo
sudo journalctl -eu coturn

For example, you might see the following error in the Prosody journal logs.

prosody[71580]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
prosody[71580]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281

You need to edit the /etc/prosody/conf.d/meet.example.com.cfg.lua file.

sudo nano /etc/prosody/conf.d/meet.example.com.cfg.lua

Find the following lines.

ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
}                       

Add the TLS certificate and key file.

ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    certificate = "/etc/letsencrypt/live/meet.linuxbabe.com/fullchain.pem";
    key = "/etc/letsencrypt/live/meet.linuxbabe.com/privkey.pem";
}

Save and close the file. Then restart Prosody.

sudo systemctl restart prosody

Hint: Some folks forget to replace meet.example.com with their real Jisti Meet hostname, which can also cause errors.

Step 6: Set Up User Authentication

By default, anyone can go to your Jitsi Meet instance, create a room and start a meeting. To set up user authentication, edit the Prosody configuration file.

sudo nano /etc/prosody/conf.d/meet.example.com.cfg.lua

Find the following line.

authentication = "anonymous"

Change it to the following, which will require the user to enter username and password to start a conference.

authentication = "internal_hashed"

However, we don’t want attendees to enter username and password when joining the conference, so we need to create an anonymous login for guests, by adding the following lines at the end of this file. Note that you don’t need to create DNS A record for guest.meet.example.com.

VirtualHost "guest.meet.example.com"
    authentication = "anonymous"
    c2s_require_encryption = false

Save and close the file.

Next, edit the Jitsi Meet configuration file.

sudo nano /etc/jitsi/meet/meet.example.com-config.js

Find the following line,

// anonymousdomain: 'guest.example.com',

Remove the double slashes and change the guest domain. Replace meet.example.com with your real Jitsi Meet hostname.

anonymousdomain: 'guest.meet.example.com',

Save and close the file.

Then edit the Jicofo configuration file.

sudo nano /etc/jitsi/jicofo/jicofo.conf

Add the following lines in this file.

  authentication: {
    enabled: true
    type: XMPP
    login-url: meet.example.com
  }

Save and close the file. Restart the systemd services for the changes to take effect.

sudo systemctl restart jitsi-videobridge2 prosody jicofo

To create user accounts in Jisi Meet, run the following command. You will be prompted to enter a password for the new user.

sudo prosodyctl register username meet.example.com

If you encounter this error: Account creation/modification not supported, it’s probably because the authentication parameter is still set to anonymous, or the virtual host name is wrong.

Now if you create a room in Jitsi Meet, you need to click the I am the host button.

Then enter a username and password.

Optional: Set Up Jigasi For Telephone Dial-in or Dial-Out

Jitsi offers a telephony interface that allows users to dial into a conference or place dial-out reminder calls. Install the jigasi package (Jitsi gateway for SIP).

sudo apt install jigasi

During the installation, you will need to enter your SIP username and password. If you don’t have one, you can create a free SIP account at OnSIP.com.

If you have set up user authentication in step 6, then you need to edit Jigasi configuration file.

sudo nano /etc/jitsi/jigasi/sip-communicator.properties

Find the following lines.

# org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
# org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
# org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

Uncomment them and enter an account and password that you created in step 6.

org.jitsi.jigasi.xmpp.acc.USER_ID=[email protected]
org.jitsi.jigasi.xmpp.acc.PASS=user1_password
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

Save and close the file. Restart the jigasi systemd service.

sudo systemctl status jigasi

Optional: Configure Coturn

If you see the following message during the installation of Jitsi Meet, you need to configure Coturn to make it work properly.

Warning! Could not resolve your external ip address! Error:^
Your turn server will not work till you edit your /etc/turnserver.conf config file.
You need to set your external ip address in external-ip and restart coturn service.

Edit the Coturn configuration file.

sudo nano /etc/turnserver.conf

Find the following line.

external-ip=127.0.0.1

Replace 127.0.0.1 with your server’s public IP address. Save and close the file. Then restart Coturn.

sudo systemctl restart coturn

Wrapping Up

I hope this tutorial helped you set up a Jitsi Meet server on Ubuntu 22.04. As always, if you found this post useful, then subscribe to our free newsletter to get new tutorials. Take care 🙂