Introduction
Jitsi Meet is an open-source video conferencing solution that allows users to hold online meetings. It’s developed by the Jitsi project and enables users to conduct video conferences without the need to download an application, as it operates directly from a web browser. Some key features and highlights of Jitsi Meet include:
- Open Source: One of the main advantages of Jitsi Meet is its open-source nature, allowing anyone to review, modify, and improve the code.
- No Account Needed: Users can start a video conference without the need to create an account.
- Security: Jitsi Meet offers end-to-end encryption for conversations, ensuring participants’ privacy.
- Compatibility: Jitsi Meet is compatible with various operating systems and browsers and also provides mobile device applications.
- Additional Features: Beyond video conferencing, Jitsi Meet offers other features such as screen sharing, meeting recording, live chat, and more.
In summary, Jitsi Meet is a powerful and flexible tool that has gained popularity thanks to its open-source nature and ease of use. It’s an excellent alternative for those seeking a secure video conferencing solution without the need for costly licenses.
Next we will show how to install JitSi Meet on Debian 12, we will brand it and integrate it with VitalPBX.
Prerequisites
1.-Hardware Minimum Requirements
- 4GB RAM
- 5GHz CPU
- 50GB Disk
- 1GB Net
2.- Software Requirements
- Ubuntu 22.04 x64
- OpenJDK 11 (Tests were carried out with V17 and there are audio and video problems).
- A Valid FQDN Domain
If you want to know more about the Jitsi Meet requirements, the following link will be very useful to you.
https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-requirements/
Installation
If you wish to carry out the White Label with the VitalPBX brand automatically, we recommend the following link:
https://github.com/VitalPBX/VitalPBX-Meet
If you want to do the installation step by step and learn how to do a White label and integration with VitalPBX, we recommend you continue reading the instructions in this blog.
1.- Update the OS
sudo apt -y update
2.- Install the Firewall
sudo apt -y install ufw
3.- Setup and configure your firewall
The following ports need to be open in your firewall, to allow traffic to the Jitsi Meet server:
- 80 TCP => For SSL certificate verification / renewal with Let’s Encrypt. Required
- 443 TCP => For general access to Jitsi Meet. Required
- 10000 UDP => For General Network Audio/Video Meetings. Required
- 22 TCP => For Accessing your Server using SSH (change the port accordingly if it’s not 22). Required
- 3478 UDP => For querying the stun server (coturn, optional, needs config.js change to enable it).
- 5349 TCP => For fallback network video/audio communications over TCP (when UDP is blocked for example), served by coturn. Required
sudo ufw allow in ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 4443/tcp
sudo ufw allow 10000:20000/udp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Check the firewall status with:
sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
10000/udp ALLOW IN Anywhere
3478/udp ALLOW IN Anywhere
5349/tcp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
10000/udp (v6) ALLOW IN Anywhere (v6)
3478/udp (v6) ALLOW IN Anywhere (v6)
5349/tcp (v6) ALLOW IN Anywhere (v6)
The Firewall is now activated and enabled on system startup.
Install Jitsi Meet
Before Install
Before starting the installation process, remember that you must have your NS server pointing the domain or sub-domain to the IP of the server where we are going to install JitSi Meet.
- Decide what domain your server will use. For example, meet.example.org.
- Set a DNS A record for that domain, using:
- your server’s public IP address, if it has its own public IP; or
- the public IP address of your router, if your server has a private (RFC1918) IP address (e.g. 192.168.1.2) and connects through your router via Network Address Translation (NAT).
If your computer/server or router has a dynamic IP address (the IP address changes constantly), you can use a dynamic dns-service instead. Example DuckDNS.
DNS Record Example:
Record Type | Hostname | Public IP | TTL (Seconds) |
A | meet.example.org | Your Meeting Server Public IP (x.x.x.x) | 1800 |
Install
Now that we have everything configured, we proceed to install JitSi Meet.
Downloading Jitsi’s public GPG key from its official server and saving it in a specific directory related to Debian’s package management system. Such keys are typically used to verify the integrity and authenticity of packages that are downloaded and installed.
curl -fsSL https://download.jitsi.org/jitsi-key.gpg.key -o /etc/apt/keyrings/jitsi-key.gpg.key
Adding Jitsi’s official repository to the APT repository list on a Debian-based system.
echo "deb [signed-by=/etc/apt/keyrings/jitsi-key.gpg.key] https://download.jitsi.org stable/" | tee /etc/apt/sources.list.d/jitsi.list
We update the system.
apt update
We proceed with the installation of JitSi Meet.
apt -y install jitsi-meet
Enter the hostname
Note: For Jitsi to work well, you must have a valid hostname such as example meet.example.org
Select Let’s Encrypt certificates.
Enter your email account for certificate renewal notifications.
We select no. Later we will show step by step how to integrate with VitalPBX.
If for some reason at the time of installation you have problems creating the certificate, don’t worry, you can create it by executing the following command.
Remember to first verify that ports 80 and 443 are open at the firewall level.
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
Now we enter our domain, and we should see the following:
Congratulations, we have finished the Installation process!!!!
To try our first video conference just press the Star meeting button and share the URL with the guests.
Customize JitSi Meet (White Label)
With a few changes we are going to customize the new Video Conferencing System that we have just installed with our logo and name.
To create our White Label, we must have the following images available to upload to our new server.
- ico, icon that will be displayed in the browser Tab.
- svg, logo that will be displayed in the upper left part of the welcome web page as well as the conference room.
- welcome-background.png, Top Banner Wallpaper. Size 1280×437 pixels.
- We must also replace the three lower images where the Mobile Apps are promoted. These images can have any name since they will be replaced by replacing the URL. And the size must be 120×40 pixels.
Change Watermark and Favicon
Change the watermark.png, welcome-background.png, the three new images at the bottom and favicon.ico in the following directory:
/usr/share/jitsi-meet/images
Change the favicon.ico in the following directory:
/usr/share/jitsi-meet/
Change configuration file
In /usr/share/jitsi-meet/interface_config.js
Replace MyCompany Meet with however you want the titles to be displayed.
cd /usr/share/jitsi-meet
sed -i 's|Jitsi Meet|MyCompany Meet|g' interface_config.js
Replace MyURL with your company URL.
cd /usr/share/jitsi-meet
sed -i 's|JITSI_WATERMARK_LINK: ‘https://jitsi.org’|JITSI_WATERMARK_LINK: ‘MyURL|g' interface_config.js
To change the main title of the page that says Jitsi Meet, you need to go to the translation files found in Lang. However, for the English language it is necessary to change the text in the libs/app.bundle.min.js file, to make this change we must execute the following command:
cd /usr/share/jitsi-meet
sed -i 's|"headerTitle":"Jitsi Meet"|"headerTitle":"MyCompany Meet"|g' libs/app.bundle.min.js
If we want to change it to another language, for example Spanish, we must execute the following command:
cd /usr/share/jitsi-meet
sed -i 's|"headerTitle": "Jitsi Meet"| "headerTitle": "MyCompany Meet"|g' lang/main-es.json
sed -i 's|"headerTitle": "Jitsi Meet"| "headerTitle": "MyCompany Meet"|g' lang/main-esUS.json
Where you must change the MyCompany text to your own brand.
If you want to change the “Secure and high quality meetings” message to something else that has to do with your company, you can use the following command:
cd /usr/share/jitsi-meet
sed -i 's|"Secure and high quality meetings"|"MySlogan"|g' libs/app.bundle.min.js
On the other hand, if we want to eliminate the footer where promotions appear, we must execute the following command:
cd /usr/share/jitsi-meet
sed -i 's|.welcome-footer{background:|.welcome-footer{display:none;background:|g' css/all.css
Or if you want to change the links and images in the footer, you can follow the following procedure.
Note:
To change the image, you must place the new image in the /usr/share/jitsi-meet/images folder, preferably in png format and you must respect the sizes, which in this case is 120×40.
In the following example we are going to change the three images and URLs to, Our WEBSITE, Our Forum and Our Wiki.
1.- Change of Logo and App Store link
cd /usr/share/jitsi-meet
sed -i 's|https://itunes.apple.com/us/app/jitsi-meet/id1165103905|MyURL|g' libs/app.bundle.min.js
sed -i 's|app-store-badge.png|MyWebSiteLogo.png|g' libs/app.bundle.min.js
sed -i 's|Download mobile app for iOS|MyWebSiteDesc|g' libs/app.bundle.min.js
2.- Change of Logo and Google Play link
cd /usr/share/jitsi-meet
sed -i 's|https://play.google.com/store/apps/details?id=org.jitsi.meet|MyURL|g' libs/app.bundle.min.js
sed -i 's|google-play-badge.png|MyForumLogo.png|g' libs/app.bundle.min.js
sed -i 's|Download mobile app for Android|MyForumDesc|g' libs/app.bundle.min.js
3.- Change of Logo and F-Droit link
cd /usr/share/jitsi-meet
sed -i 's|https://f-droid.org/en/packages/org.jitsi.meet/|MyURL|g' libs/app.bundle.min.js
sed -i 's|f-droid-badge.png|MyWikiLogo.png|g' libs/app.bundle.min.js
sed -i 's|Download mobile app for F-Droid|MyWikiDesc|g' libs/app.bundle.min.js
4.- To change the text that says: “Jitsi on mobile – download our apps and start a meeting from anywhere”, execute the following command:
cd /usr/share/jitsi-meet
sed -i 's|Jitsi on mobile|MyCompany Meet|g' libs/app.bundle.min.js
sed -i 's|download our apps and start a meeting from anywhere|Powered by Jitsi Meet|g' libs/app.bundle.min.js
As a way of recognizing the tool we are using, we recommend the text “Powered by Jitsi Meet”.
Interconnect Jitsi with VitalPBX
How it works
Jigasi registers as a SIP client and can be called or be used by Jitsi Meet to make outgoing calls. Jigasi is NOT a SIP server. It is just a connector that allows SIP servers and B2BUAs to connect to Jitsi Meet. It handles the XMPP signaling, ICE, DTLS/SRTP termination and multiple-SSRC handling for them.
Outgoing calls
To call someone from Jitsi Meet application, Jigasi must be configured and started like described in the ‘Install and run’ section. This will cause the telephone icon to appear in the toolbar which will popup a call dialog on click.
First we create a PJSIP extension in VitalPBX, and then we proceed to the installation and configuration of the jigasi module.
apt install jigasi -y
Next, we enter the user previously created in VitalPBX with the following format: EXT@mydomain.com
And then we proceed to enter the key as provided by VitalPBX.
Finally, we wait for the installation process to finish and proceed to restart the service.
systemctl restart jigasi.service
systemctl restart jitsi-videobridge2
If you later want to change the configuration you must edit the following file and restart the services.
cd /etc/jitsi/jigasi
nano sip-communicator.properties
Below we show a real example of what your configuration of a PJSIP extension created in VitalPBX should look like.
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.ACCOUNT_UID=SIP\:2600@pbx.mycompany.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PASSWORD=QXFoSkNWV2V7FXdRdXdXYZdhdEFBMnBrNQ==
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROTOCOL_NAME=SIP
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_ADDRESS=pbx.mycompany.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.USER_ID=2600@pbx.mycompany.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_PORT=5060
The PASSWORD is encoded in base64, if we want to change in this file, we must first encode the password that VitalPBX gives us. For this process we recommend the following website.
Restart services.
systemctl restart jigasi.service
systemctl restart jitsi-videobridge2
Configure Jitsi Meet to enable authentication feature.
To configure Jitsi Meet to enable authentication, you must follow the following procedure:
1.- Changes the /etc/prosody/conf.avail/meet.example.org.cfg.lua file.
nano -w /etc/prosody/conf.avail/meet.example.org.cfg.lua
Find the line that says ‘VirtualHost meet.example.org” Underneath that line you’ll see another line that says:
authentication = "jitsi_anonymous"
Change that line to:
authentication = "internal_plain"
This disables the anonymous authentication for the ‘main’ server host URL – however, we also need to create a new virtual host for our anonymous guests in order to facilitate their anonymous connections. Scroll to the bottom of the file and add these lines to create the new virtual host with the anonymous login method (use your own FQDN):
VirtualHost "guest.meet.example.org"
authentication = "anonymous"
c2s_require_encryption = false
Next, we need to configure our newly created VirtualHost / anonymous domain in our config.js file:
nano -w /etc/jitsi/meet/meet.example.org-config.js
Under the ‘var config = [‘ section (right near the top of the file), you should already see a line that says domain: ‘meet.example.org’, (it’ll say your FQDN, not mine). Just below that line, after the comment, you should see a line that is commented out that starts with ‘anonymousdomain.’ Uncomment that line and add your FQDN with a ‘guest.’ in front of it like this:
anonymousdomain: 'guest.meet.example.org',
Next, we need to tell the Jicofo service to only allow requests from our ‘authenticated’ domain.
nano -w /etc/jitsi/jicofo/logging.properties
Add a new line at the bottom of this file:
org.jitsi.jicofo.auth.URL=XMPP:meet.example.org
For this type of security to work I also must edit jicofo.conf
nano -w /etc/jitsi/jicofo/jicofo.conf
Add this before the last “}”
authentication: {
enabled: true
type: XMPP
login-url: meet.example.org
}
Now let’s restart our Jitsi services:
systemctl restart prosody
systemctl restart jicofo
systemctl restart jitsi-videobridge2
To add users who can create video conferences in Jitsi, run the following command:
prosodyctl register <username> meet.example.org <password>
So – to create user ‘admin’ with password ‘12345’ you would run:
prosodyctl register admin meet.example.org 12345
Now after you create a new conference it will ask you for your username and password, which in this case would be:
- User: admin
- Password: 12345
If we are the moderator of the videoconference, we must proceed to press the Log-in button.
When you press Log-In, it will ask us for our credentials.
Finally, when entering we can share the link with the participants, participants will not be asked for any credentials unless we configure it that way in the conference.
VitalPBX Integration
Although we already interconnected Jitsi with a VitalPBX extension, we will now show how it is possible to create a conference room directly in the VitalPBX interface, for which we will follow the following steps:
First of all, let’s make sure that we have the Branding Add-Ons installed. If not, we must go to ADMIN/Add-Ons and install it.
Now we go to ADMIN/Tools/Branding and enter the URL in Meet URL, it should look something like this:
Finally, to generate a Video Conference, go to PBX/Extras/ Video Conference, and there it will generate the link of the Video Conference room that we will share with the participants.
Conclusions
Jitsi Meet has firmly established itself as one of the most dependable and accessible videoconferencing solutions in today’s market.
Its open-source nature not only ensures transparency in its operations and the potential for customization according to specific needs, but it also underscores its commitment to user privacy and security. Its ease of use, without the need for downloading additional software or creating accounts, positions it as an ideal tool for professionals and everyday users alike.
In a world where virtual communication is paramount, Jitsi Meet responds with efficiency, flexibility, and above all, the assurance of offering a platform that places the user at the heart of its proposition.
Credits
Very grateful to the 8×8 team for maintaining and offering us such a wonderful project.
A special thanks to Crosstalk Solution for providing some information on how to activate Jitsi authentication.
https://www.crosstalksolutions.com/how-to-enable-jitsi-server-authentication/