Your Own Private Videoconference: Running Jitsi Meet on Your VPS

In this tutorial, we’ll show you how to setup your own private, encrypted, self-hosted video conferencing solution. You’ll be able to hand out a URL (and optionally a password) to people and have them join you for a live video group chat, the same was you would using Zoom, GotoMeeting, Google Hangouts, etc. The product we’re going to use is Jitsi.
Setting Up the Server
I’m using a Debian 10 server with 4GB of RAM named “videochat.lowend.party”. This may be overkill. Depending on the number of concurrent connections, you may be able to get away with as little as 1GB of RAM. As you know, there are plenty of cheap VPS options available on LowEndBox.com and both OpenVZ and KVM based systems will work well.

You must have a valid DNS entry setup and working for your server.
After imaging, I installed some prerequisites.
apt-get update
apt-get -y install openjdk-11-jre-headless nginx gnupg2 wget
Let’s enable and start nginx:
systemctl enable nginx
systemctl start nginx
Now we need to add the Jitsi repository. First, grab and add the key:
# wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
OK
Next, add the Jitsi repository and update apt:
echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
apt-get update
And now we’re ready to install Jitsi:
apt-get -y install jitsi-meet
You’ll be asked two questions during setup:

Enter your hostname.

Select “Generate a new self-signed ceritificate”.
Jitsi will then finish installation.  When it’s done, we want to setup Let’s Encrypt so that our video chats are encrypted.  Use the Jitsi-provided script for this purpose:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
The only question you’ll be asked is your email address.  Jitsi will take care of everything else.
Once it’s done, you’re ready to go!
We’re Live
I pointed my browser at https://videochat.lowend.party:

You can type a name for your meeting in the center box and then press Go, and your conference will be live.

Click the information (“i” in a circle) button in the lower right to copy the URL to your video chat, and optionally set a password.

Securing Jitsi Meet
If you add a password to a conference, that means that no one else can join that conference.  But you’re not protected against some random Internet user discovering your Jitsi Meet installation and using it to start a conference of your own, draining your server resources and bandwidth.  Let’s fix that.
First, edit /etc/prosody/conf.avail/(your hostname).cfg.lua.   Edit the “VirtualHost” section for your server and change the authentication parameter from “anonymous” to “internal_plain”:
VirtualHost "videochat.lowend.party"
      authentication = "internal_plain"
      ssl = {
              key = "/etc/prosody/certs/videochat.lowend.party.key" ;
              certificate = "/etc/prosody/certs/videochat.lowend.party.crt" ;
      }
      speakerstats_component = "speakerstats.videochat.lowend.party"
      conference_duration_component = "conferenceduration.videochat.lowend.party"
      modules_enabled = {
          "bosh" ;
          "pubsub" ;
          "ping" ; -- Enable mod_ping
          "speakerstats" ;
          "turncredentials" ;
          "conference_duration" ;
      }                                                                                    
      c2s_require_encryption = false    
Copy these lines and except for the ssl sction and paste them directly below, changing as follows (bolded):
VirtualHost "guest.videochat.lowend.party"
      authentication = "anonymous"
-- do not copy the ssl section
      speakerstats_component = "speakerstats.videochat.lowend.party"
      conference_duration_component = "conferenceduration.videochat.lowend.party"
      modules_enabled = {
          "bosh" ;
          "pubsub" ;
          "ping" ; -- Enable mod_ping
          "speakerstats" ;
          "turncredentials" ;
          "conference_duration" ;
      }                                                                                    
      c2s_require_encryption = false    
guest.videochat.lowend.party is an internal entry, not something we need to create an external DNS entry for.  However, you should create an entry in /etc/hosts:
127.0.0.1 localhost videochat.lowend.party guest.videochat.lowend.party
Now edit /etc/jitsi/meet/(your hostname)-config.js and add the following entry (bolded):
var config = {
  hosts: {
      domain: 'videochat.lowend.party',
   anonymousdomain: 'guest.videochat.lowend.party',
Edit /etc/jitsi/jicofo/sip-communicator.properties and add this line:
org.jitsi.jicofo.auth.URL=XMPP:videochat.lowend.party
Now create users that will authenticate via the prosodyctl command.  For example:
prosodyctl register raindog308 videochat.lowend.party complex-password
Then reboot your server (fastest way to restart all the services).
Now when you go to your Jitsi Meet and try to start a meeting, you will see a prompt to authenticate before you can start a conference:

The post Your Own Private Videoconference: Running Jitsi Meet on Your VPS appeared first on Low End Box .

Top News