In these times when we need to communicate online more than ever, I though I should share how to setup an open-source solution for Video Conferencing.
As a solution I chose Jitsi – https://github.com/jitsi/jitsi-meet and decided to host it on an Linux Azure VM.
Of course, you can use any VPS that allows you to run a Linux VM.
OK, so on with the install
1. Provision an Azure Ubuntu 18.04 LTS VM:
- in the Azure Portal click on “Create a resource”
- Chose Ubuntu Server 18.04 LTS
- Select your resource group and VM Size (Eg. B1 ms)
- Configure password or SSH key
- Once the VM Has been provisioned, head over to the Network Security Group for your VM
and under the “Inbound Security Rules”, make sure you open the ports required for SSH [TCP 22], HTTP/HTTPS [TCP 80/TCP 443], Jitsi VideoBridge [TCP/UDP 10000]
- Then go “IP Address” for the VM and configure the DNS label for the VM. In this way, you can access the VM using a Dynamic DNS, instead of an IP.
2. DNS Records
Go to your DNS hosting and create a CNAME record (e.g. jitsi.mydomain.com that will point to the FQDN of the Azure VM described above – mytestjitsi.eastus.cloudapp.azure.com)
3. Connect to your VM using SSH
Note: I won’t go through the Linux security stuff you should take care of (like SSH keys, firewall and so on)
4. Install Jitsi
Be sure your account is part of the sudo-ers group!
1 2 3 |
sudo wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add - sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list" |
Next:
1 |
sudo apt update |
And finnally:
1 |
sudo apt install jitsi-meet -y |
The installation took about 45 seconds for me. At the end, you will be asked if you want to generate a new self-signed certificate or use an existing one.
Chose “generate a new self-signed certificate”. We’ll change it to a Let’s Encrypt one below:
1 |
sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh |
Follow the on-screen instructions and you’ll be good to go.
That’s it. Access your Jitsi server at https://YourdefinedFQDN.com (e.g. https://jitsi.mydomain.com).
5. Configure Authentication for your Jitsi Server
Of course we don’t want everybody who can access your Jitsi server to start a conference.
So we’re going to configure Jitsi to request a username and password before starting a conference.
After the meeting is started, users can share the meeting URL and attendees can join anonymously.
So: here goes: note that you should change “jitsi.mydomain.com” to your FQDN everywhere you see it in the commands below:
Connect to your VM using SSH and issue the following commands:
1 |
sudo nano -w /etc/prosody/conf.avail/jitsi.mydomain.com.cfg.lua |
- Find the line that says ‘VirtualHost”[yourFQDN]” and you should see the following line just near it:
1 |
authentication = "anonymous" |
- change it to:
1 |
authentication = "internal_plain" |
This will disable the anonymous authentication for the ‘main’ server host URL – however, we also need to create a new virtual host for our anonymous guests in order to allow them to connect anonymously. Scroll to the bottom of the file and add these lines to create the new virtual host with the anonymous login method (use your own FQDN):
1 2 3 |
VirtualHost "guest.jitsi.yourdomain.com" authentication = "anonymous" c2s_require_encryption = false |
Next we need to configure our newly created VirtualHost / anonymous domain in our config.js file:
1 |
sudo nano -w /etc/jitsi/meet/jitsi.mydomain.com-config.js |
Under the ‘var config = [‘ section (right near the top of the file), you should already see a line that says domain: ‘jitsi.mydomain.com’. Just below that line, after the comment, you should see a line that is commented out (//) that starts with ‘anonymousdomain.’ Uncomment that line and add your FQDN with a ‘guest.’ in front of it like this:
1 |
anonymousdomain: 'guest.jitsi.yourdomain.com', |
Then we have to configure the Jicofo service to only allow requests from our “Authenticated” domain.
And also to disable autologin, once a user previously authenticated to the Jitsi server:
1 |
sudo nano -w /etc/jitsi/jicofo/sip-communicator.properties |
and add these two lines:
1 2 3 |
org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.mydomain.com org.jitsi.jicofo.auth.URL=XMPP:jitsi.mydomain.com org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true |
Finally, let’s restart all the Jitsi services:
1 2 3 |
sudo systemctl restart prosody sudo systemctl restart jicofo sudo systemctl restart jitsi-videobridge2 |
6. Add a user to Jitsi server
This will add users who can create video conferences in Jitsi:
1 |
sudo prosodyctl register username jitsi.mydomain.com password |
Of course, you can delete a user using:
1 |
prosodyctl deluser user@domain.com |
Now when users want to start a meeting, they’ll be prompted with the messages below:
Upon clicking on “I’m the host”, you’ll be able to authenticate:
7. Custom branding:
- The Jitsi watermark and all the pictures can be found in: /usr/share/jitsi-meet/images
You can use your Favorited SCP program to upload your own. Keep the same filenames!
- The page title and application name can be changed from: /usr/share/jitsi-meet/interface_config.js
There you can change the APP_NAME variable to whatever you want.
- Change the watermark URL under the logo: go to /usr/share/jitsi-meet and look for the interface_config.js file. In this file change the parameter under JITSI_WATERMARK_LINK:
Final result: