Self-hosting Jitsi Meet
Standing up your own Jitsi Meet server
I recently started to play around with Jitsi Meet, as a way of hosting multi-party video calls (Signal can only do 1-to-1, Whatsapp caps out at 4). The publicly hosted version at https://meet.jit.si looks great had has an awesome privacy policy, but I was interested in hosting my own for extra privacy and performance considerations.
The steps taken
-
Open an account with Digital Ocean
- I’d never actually used Digital Ocean before trying to do this. I figured AWS might be a bit too heavyweight, and I’d heard of Digital Ocean before through Hacktoberfest.
- Creating an account was pretty simple, althought I did have to verify my ID with them
-
Create a droplet
Digital Ocean operates on the notion that they provide access to an “ocean” of servers, where each one is a “droplet”.
- Make one using the console, I used the following settings:
- OS: Ubuntu (not sure why. I have some experience with Debian via my Raspberry Pis, but my sysadmin experience is so minimal that, to me, all Linux systems are the same apart from whether they use
apt
oryum
to install things) - Plan: The smallest & cheapest droplet available - 1GB RAM, 1 core, $5 per month
- Region: London - nearest to me
- Additional Options: monitoring (I like pretty graphs)
- Authentication: SSH key
- OS: Ubuntu (not sure why. I have some experience with Debian via my Raspberry Pis, but my sysadmin experience is so minimal that, to me, all Linux systems are the same apart from whether they use
- Make one using the console, I used the following settings:
-
Create a firewall -
I briefly panicked because I’d created a server on the internet without any network controls (weird now droplets default to having all ports open to the internet, I prefer AWS’ model of a default security group that blocks all traffic)
-
Open the ports that Jitsi needs:
Ingress:
- Port
22
(TCP
) - open only to my IP address, checked here - Ports
80
,443
,4443
(TCP
) - open to0.0.0.0
- Port
10000
(UDP
) - open to0.0.0.0
Egress:
- All
TCP
andUDP
connections (until we can verify what outbound ports jitsi needs)
- Port
-
-
Log on and update the box
- Follow Digital Ocean’s server setup guide, and do things like create (& use!) non-root users
- Enable
Fail2Ban
on its most basic settings incase I messed up the firewall - Run
sudo apt -y update && sudo apt upgrade
-
Install Docker
- Digital Ocean wrote a handy guide for doing this here
-
Install
docker-compose
-
Clone the Jitsi Meet Docker repo:
git clone https://github.com/jitsi/docker-jitsi-meet.git
-
Personalise the configuration
- The documentation is pretty good in the repo already; they’ve seen a surge of users following all the Zoom news and seem to be responding pretty well to it
- The places that I changed my configuration were as follows (n.b. many of these are just uncommenting a line):
click here to see the changes
``` + HTTP_PORT=80 - HTTP_PORT=8000 + HTTPS_PORT=443 - HTTPS_PORT=8443 + TZ=Europe/London - TZ=Europe/Amsterdam + PUBLIC_URL=https://meet.mydomain.com - #PUBLIC_URL=https://meet.example.com + ENABLE_LETSENCRYPT=1 - #ENABLE_LETSENCRYPT=1 + LETSENCRYPT_DOMAIN=meet.mydomain.com - #LETSENCRYPT_DOMAIN=meet.example.com + LETSENCRYPT_EMAIL=myemail@mydomain.com - #LETSENCRYPT_EMAIL=alice@atlanta.net + ENABLE_AUTH=1 - #ENABLE_AUTH=1 + AUTH_TYPE=internal - #AUTH_TYPE=internal + ENABLE_HTTP_REDIRECT=1 - #ENABLE_HTTP_REDIRECT=1 ```
-
Start the service(s)!
docker-compose up -d
-
Create user account(s)
I’m just going to quote the main documentation here:
users must be created with the prosodyctl utility in the prosody container. In order to do that, first, execute a shell in the corresponding container:
docker-compose exec prosody /bin/bash
Once in the container, run the following command to create a user:
prosodyctl --config /config/prosody.cfg.lua register TheDesiredUsername meet.jitsi TheDesiredPassword
Note that the command produces no output.
-
Hit the url in your browser, and create a chat!
Overall it was pretty painless but extremely manual. None of this really feels like it should need much user input, so could be relatively straightforward to script up.
I felt weirdly exposed standing up a server with just that single firewall configured; I’m not convinced I understand how to properly secure it yet, so at the moment I destroy the server after each time I play around with Jitsi. I think there’s a learning/comfort curve to go along with Digital Ocean, much like I did when getting started with AWS.
Ideally I’d have a single script (like Terraform/Troposphere) that creates an instance, sets up a firewall, does the installation & configuration, and then boots up the docker containers.
Once (if) I get around to doing this, I’ll write up my notes here