How to Install Jitsi Meet on Ubuntu/Debian with Automatic Let’s Encrypt SSL

RomanAcademy
4 min readOct 12, 2024

This is a detailed guide for setting up Jitsi Meet on an Ubuntu or Debian server, including configuring your host and automatically setting up SSL using Certbot from Let’s Encrypt.

Step 1: Prepare the Server

1. Update the System

Make sure your server is up-to-date to avoid compatibility issues:

sudo apt update && sudo apt upgrade -y

2. Set the Hostname

Assign a hostname to your server. In this example, we will use meet.example.com (replace with your domain):

sudo hostnamectl set-hostname meet.example.com

3. Edit the Hosts File

You need to ensure that the hostname points to your server’s IP. Open the /etc/hosts file:

sudo nano /etc/hosts

Add or edit the following line to include your hostname and server’s IP address:

127.0.0.1   meet.example.com

Save and close the file (in nano, press Ctrl+O, then Enter, and Ctrl+X to exit).

4. Set DNS Records

Ensure that your domain (meet.example.com) points to your server’s public IP address in your DNS settings. This is done through your DNS provider's management panel.

Step 2: Install Jitsi Meet

1. Add the Jitsi Meet Repository

You’ll need to add Jitsi’s official repository to your package manager:

sudo apt install gnupg2
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"

2. Install Jitsi Meet

Once the repository is added, update your package list and install Jitsi Meet:

sudo apt update
sudo apt install jitsi-meet

During installation, you will be prompted to enter the domain name for your Jitsi instance. Enter the fully qualified domain name (FQDN), like meet.example.com.

Step 3: Install and Configure Let’s Encrypt SSL (Certbot)

1. Install Certbot

Certbot is the official Let’s Encrypt tool that automatically obtains and installs SSL certificates:

sudo apt install certbot
sudo apt install python3-certbot-nginx

2. Obtain SSL Certificates with Certbot

Certbot will automatically generate an SSL certificate for your domain and configure Nginx:

sudo certbot --nginx -d meet.example.com

Replace meet.example.com with your domain. You’ll be prompted to provide an email address and agree to the Let’s Encrypt terms of service. Certbot will automatically update your Nginx configuration to use SSL.

3. Set Up Automatic Certificate Renewal

Certbot automatically renews your SSL certificates, but to ensure it works smoothly, you can set up a cron job to verify and renew certificates:

sudo crontab -e

Add the following line to schedule a weekly check at 3 AM every Monday:

0 3 * * 1 /usr/bin/certbot renew --quiet

This ensures your SSL certificates are checked and renewed before they expire.

Step 4: Configure the Firewall

Jitsi Meet requires specific ports to be open for proper functioning:

  • TCP 80: HTTP
  • TCP 443: HTTPS
  • UDP 10000: Media traffic (audio and video)
  • TCP 4443: Alternative media port (optional)

If you are using UFW (Uncomplicated Firewall), open the necessary ports:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 10000/udp
sudo ufw allow 4443/tcp
sudo ufw reload

Step 5: Secure Jitsi Meet with User Authentication

By default, Jitsi Meet allows anyone to create a conference. You can secure it by enabling user authentication, where only authorized users can create meetings.

1. Edit the Prosody Configuration File

Edit the Prosody (Jitsi’s XMPP server) configuration file:

sudo nano /etc/prosody/conf.avail/meet.example.com.cfg.lua

Find the line that says authentication = "anonymous" and change it to

authentication = "internal_hashed"

2. Create Users for Authentication

To allow only authorized users to create meetings, add user accounts to Prosody. Use the following command to add a user (replace username and password with your own):

sudo prosodyctl register username meet.example.com password

3. Restart Jitsi Meet Services

After configuring authentication, restart Jitsi’s services to apply the changes:

sudo systemctl restart prosody
sudo systemctl restart jicofo
sudo systemctl restart jitsi-videobridge2

Step 6: Test the Setup

Now that Jitsi Meet is installed and configured:

  1. Open a web browser and navigate to your Jitsi domain (e.g., https://meet.example.com).
  2. You should see the Jitsi Meet interface.
  3. If you set up authentication, only authorized users can create rooms, while others can join with just a link.

Step 7: Final Touches and Troubleshooting

1. Access Logs and Diagnostics

If you run into issues, check the logs for troubleshooting:

  • Prosody (XMPP server): /var/log/prosody/prosody.log
  • Jicofo (focus component): /var/log/jitsi/jicofo.log
  • Jitsi Videobridge (media server): /var/log/jitsi/jvb.log

2. Mobile Device Support

Users can also join your Jitsi Meet server from mobile devices by downloading the Jitsi Meet app from the iOS App Store or Google Play.

Conclusion

With these steps, you now have a fully functioning Jitsi Meet server with a secure HTTPS connection, ready for video conferencing. You can create and manage video meetings with ease, while maintaining control over who can create meetings.

[jitsiMeet], [videoConferencing], [letsencrypt], [UbuntuServer], [DebianServer], [Certbot], [SSLInstallation], [secureVideoMeetings], [OpenSource], [selfHosted], [meetings], [onlineMeetings], [remoteWork], [virtualConferencing], [Let’sEncryptSSL], [cloudMeetings], [secureConferencing], [videoChat], [privacyFirst], [serverSetup], [onlineCollaboration], [encryptedMeetings], [ITInfrastructure], [teleconferencing], [UbuntuNetworking]

--

--

RomanAcademy
RomanAcademy

Written by RomanAcademy

If software and web development are something you’re interested in, you’ll find a lot of helpful information on this channel.

No responses yet