Wondering how to configure Digitalocean jitsi? We can help you.
At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.
Let’s take a look at how our Support Team help a customer deal with this DigitalOcean query.
How to configure Digitalocean jitsi?
Basically, Jitsi MJitsi is a video conferencing application that is fully open source, and allows you to easily build and deploy your own video conferencing server.
Today, let us see the steps followed by our Support techs for configuration:
Step1: Setting the System Hostname
In this step, you will change the system’s hostname to match the domain name that you intend to use for your Jitsi Meet instance and resolve that hostname to the localhost IP, 127.0.0.1.
Jitsi Meet uses both of these settings when it installs and generates its configuration files.
First, set the system’s hostname to the domain name that you will use for your Jitsi instance.
The following command will set the current hostname and modify the /etc/hostname that holds the system’s hostname between reboots:
sudo hostnamectl set-hostname jitsi.your_domain
The command that you ran breaks down as follows:
hostnamectl: A utility from the systemd tool suite to manage the system hostname.set-hostname: Sets the system hostname.
Next, you will set a local mapping of the server’s hostname to the loopback IP address, 127.0.0.1.
Do this by opening the /etc/hosts with a text editor:
sudo nano /etc/hosts
Then, add the following line: /etc/hosts
127.0.0.1 jitsi.your_domain
This local mapping of your Jitsi Meet server’s domain name to 127.0.0.1 is important because your Jitsi Meet server uses several networked processes on your server that accept local connections on the 127.0.0.1 IP address from each other.
These connections are authenticated and encrypted with a TLS certificate, which is registered to your domain name.
Locally mapping the domain name to 127.0.0.1 makes it possible to use the TLS certificate for these local network connections.
Your server now has the hostname that Jitsi requires when installed.
In the next step, you will open the firewall ports that are needed by Jitsi and the TLS certificate installer.
Step2: Configuring the Firewall
The Jitsi server needs some ports opened so that it can communicate with the call clients.
Also, the TLS installation process needs to have a port open so that it can authenticate the certificate request.
The ports that you will open are the following:
80/tcp: Port used in the TLS certificate request.443/tcp: Port used for the conference room creation web page.4443/tcp10000/udp: Ports that will transmit and receive the encrypted call traffic.
Run the following ufw commands to open these ports:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 4443/tcp
sudo ufw allow 10000/udp
Check that they were all added with the ufw.
Then the server is now ready for the Jitsi installation, which you will complete in the next step.
Step3: Installing Jitsi Meet
In this step, you will add the Jitsi stable repository to your server and then install the Jitsi Meet package from that repository.
This will ensure that you are always running the latest stable Jitsi Meet package.
First, download the Jitsi GPG key with the wget downloading utility:
wget https://download.jitsi.org/jitsi-key.gpg.key
The apt package manager will use this GPG key to validate the packages that you will download from the Jitsi repository.
Next, add the GPG key you downloaded to apt’s keyring using the apt-key utility:
sudo apt-key add jitsi-key.gpg.key
You can now delete the GPG key file as it is no longer needed with this command:
rm jitsi-key.gpg.key
Now, you will add the Jitsi repository to your server by creating a new sources file that contains the Jitsi repository.
Open and create the new file:
sudo nano /etc/apt/sources.list.d/jitsi-stable.list
Add this line to the file for the Jitsi repository: /etc/apt/sources.list.d/jitsi-stable.list
deb https://download.jitsi.org stable/
Save and exit the editor.
Finally, perform a system update to collect the package list from the Jitsi repository and then install the jitsi-meet package:
sudo apt update
sudo apt install jitsi-meet
During the installation of jitsi-meet you will prompt to enter the domain name that you want to use for your Jitsi Meet instance.
You will then shown a new dialog box that asks if you want Jitsi to create and use a self-signed TLS certificate or use an existing one if you have one
If you do not have a TLS certificate for your Jitsi domain select the first, Generate a new self-signed certificate, option.
Your Jitsi Meet instance is now installed using a self-signed TLS certificate.
This will cause browser warnings so you will get a signed TLS certificate in the next step.
Step4: Obtaining a Signed TLS Certificate
Jitsi Meet uses TLS certificates to encrypt the call traffic so that no one can listen to your call as it travels over the internet.
TLS certificates are the same certificates that are used by websites to enable HTTPS URLs.
Jitsi Meet supplies a script to automatically download a TLS certificate for your domain.
Run this certificate installation script provided by Jitsi Meet at /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh with the following command:
sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
The script prints the following information when you run it and asks you to supply an email address:
Output-------------------------------------------------------------------------
This script will:
- Need a working DNS record pointing to this machine(for domain jitsi.your_domain)
- Download certbot-auto from https://dl.eff.org to /usr/local/sbin
- Install additional dependencies in order to request Let’s Encrypt certificate
- If running with jetty serving web content, will stop Jitsi Videobridge
- Configure and reload nginx or apache2, whichever is used
- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks
- Add command in weekly cron job to renew certificates regularly
You need to agree to the ACME server's Subscriber Agreement
(https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
by providing an email address for important account notifications
Enter your email and press [ENTER]:
This email address will submit to the certificate issuer https://letsencrypt.org and will use to notify you about security and other matters relate to the certificate.
You must enter an email address here to proceed with the installation.
The script will complete the installation and configuration of an SSL certificate for your Jitsi server without needing any more user input.
The default configuration for Jitsi Meet is that anyone visiting your Jitsi Meet server homepage can create a new conference room.
This will use your server’s system resources to run the conference room and is not desirable for unauthorize users.
In the next step, you will configure your Jitsi Meet instance to only allow register users to create conference rooms.
Step5: Locking Conference Creation
In this step, you will configure your Jitsi Meet server to only allow register users to create conference rooms.
The files that you will edit were generate by the installer and are configure with your domain name.
The variable jitsi.your_domain will use in place of a domain name in the following examples.
First, open /etc/prosody/conf.avail/jitsi.your_domain.cfg.lua with a text editor:
sudo nano /etc/prosody/conf.avail/your_domain.cfg.lua
Edit this line: /etc/prosody/conf.avail/jitsi.your_domain.cfg.lua
authentication = "anonymous"
To /etc/prosody/conf.avail/jitsi.your_domain.cfg.lua
authentication = "internal_plain"
Then, in the same file, add the following section to the end of the file: /etc/prosody/conf.avail/your_domain.cfg.lua
VirtualHost "guest.jitsi.your_domain"
authentication = "anonymous"
c2s_require_encryption = false
Here, you added guest. to the front of your domain name.
The guest. hostname is only used internally by Jitsi Meet, you will never enter it into a browser or need to create a DNS record for it.
Open another configuration file at /etc/jitsi/meet/jitsi.your_domain-config.js with a text editor:
sudo nano /etc/jitsi/meet/jitsi.your_domain-config.js
Edit this line: /etc/jitsi/meet/your_domain-config.js
// anonymousdomain: 'guest.jitsi.your_domain',
To: /etc/jitsi/meet/your_domain-config.js
anonymousdomain: 'guest.jitsi.your_domain',
Again, using the guest.jitsi.your_domain hostname that you used previously.
This configuration tells Jitsi Meet what internal hostname to use for the un-authenticated guests.
Next, open /etc/jitsi/jicofo/sip-communicator.properties:
sudo nano /etc/jitsi/jicofo/sip-communicator.properties
And add the following line to complete the configuration changes: /etc/jitsi/jicofo/sip-communicator.properties
org.jitsi.jicofo.auth.URL=XMPP:jitsi.your_domain
Your Jitsi Meet instance is now configure so that only register users can create conference rooms.
After a conference room is create, anyone can join it without needing to a register user.
All they will need is the unique conference room address and an optional password set by the room’s creator.
Now that Jitsi Meet is configure to require authenticate users for room creation you need to register these users and their passwords.
You will use the prosodyctl utility to do this.
Run the following command to add a user to your server:
sudo prosodyctl register user your_domain password
The user that you add here is not a system user.
They will only able to create a conference room and are not able to log in to your server via SSH.
Finally, restart the Jitsi Meet processes to load the new configuration:
sudo systemctl restart prosody.service
sudo systemctl restart jicofo.service
sudo systemctl restart jitsi-videobridge2.service
The Jitsi Meet instance will now request a username and password with a dialog box when a conference room is create.
Your Jitsi Meet server is now set up and securely configure.
[Need a solution to another query? We are just a click away.]
Conclusion
Today, we saw steps followed by our Support Engineers to configure Digitalocean jitsi
0 Comments