August 31, 2023

Set up your own instance of Jitsi

The whole process below took me 3 hours.

Set up a Virtual Private Server (VPS)

Set up a Virtual Private Server (VPS). I picked Debian 12 operating system for the VPS.

Next step is to set up a SSH connection between our laptop and the VPS.

Generate a SSH key pair and set up a SSH connection

Follow the instruction from:

Install Uncomplicated Firewall on your VPS

From Landchad:

Uncomplicated Firewall (UFW) is a front-facing program for the more involved iptables firewall program installed in most GNU/Linux distributions. We can use UFW to restrict machines on the internet to only access the services (SSH, websites etc) you want them to, but it can also be used to prevent programs on the computer itself from accessing parts of the internet it shouldn’t.

Follow the instruction from the sections How to get it” and First-Time Setup” from:

Update the operating system on your VPS:

# apt update
# apt upgrade

Point subdomain to the VPS

Set up the DNS for (e.g. mine is to point to the IP address of the VPS. Follow the instructions from Jitsi’s guide

Install required packages and repository updates

Install the required packages and repository updates:

# apt install gpg apt-transport-https nginx python3-certbot-nginx curl

Set up the Fully Qualified Domain Name (FQDN)

Follow the instruction on Jitsi’s guide.

Add Prosody and Jitsi package repository

Add the Prosody package repository. Copy the command from Jitsi’s guide That is if you want to restrict access to your instance. I personally don’t restrict access but I installed it for eventual use.

Add the Jitsi package repository. Copy the command from Jitsi’s guide

Configure the firewall with UFW

We installed UFW earlier.

Open required ports with UFW. Run:

# ufw allow 80/tcp
# ufw allow 443/tcp
# ufw allow 10000/udp
# ufw allow 22/tcp
# ufw allow 3478/udp
# ufw allow 5349/tcp
# ufw enable

Check status:

# ufw status verbose

Generate a SSL certificate for your subdomain

# certbot --nginx certonly -d --register-unsafely-without-email

I read from Landchad that the command will ask for an email address email. Landchad explains why: this is so when the certificates need to be renewed in three months, you will get an email about it.” However, Landchad writes that we don’t need to give an email address. We can renew the certificate from the command line, and then automate renewal. The instructions to do so are in the section titled Setting up certificate renewal” on the page:

Install Jitsi

# apt install jitsi-meet

The install set up differs from the instructions give in the Jitsi’s guide we generated our own certificate. Thus I will paraphrase the instructions from Landchad below.

First, the interface will ask for the subdomain: i.e. Then, select: I want to use my own certificate and input the paths to the certification key and the cert files which you should find further up in the shell where we generated a SSL certification, i.e. /etc/letsencrypt/live/ and /etc/letsencrypt/live/, respectively.

We are done.

Go to your subdomain. Your instance of Jitsi should be up and running.

First issue

I had one issue when I first tried to start a call: one participant would get disconnected as soon as the other join. The interface of Jitsi would print You’ve been disconnected” on the screen.
I found on the forum of Jitsi a user with a similar issue who wrote that Jitsi worked fine after he ran:

# systemctl restart prosody
# systemctl restart jicofo
# systemctl restart jitsi-videobridge2
# systemctl restart nginx

This also worked for me.

See debugging tips from Jitsi if you have issues.

Uninstall Jitsi

To uninstall Jitsi, copy the command from Jitsi’s guide.

personal computing command-line interface (cli) gnu linux office applications wiki hosting

No affiliate links, no analytics, no tracking, no cookies. © 2016-2023 Content is licensed under CC BY-NC-SA 4.0 .