Set up your own instance of Jitsi
The whole process below took me 3 hours.
Set up a Virtual Private Server (VPS)
Set up a Virtual Private Server (VPS). I picked Debian 12 operating system for the VPS.
Next step is to set up a SSH connection between our laptop and the VPS.
Generate a SSH key pair and set up a SSH connection
Follow the instruction from: https://landchad.net/sshkeys/
Install Uncomplicated Firewall on your VPS
Uncomplicated Firewall (UFW) is a front-facing program for the more involved
iptablesfirewall program installed in most GNU/Linux distributions. We can use UFW to restrict machines on the internet to only access the services (SSH, websites etc) you want them to, but it can also be used to prevent programs on the computer itself from accessing parts of the internet it shouldn’t.
Follow the instruction from the sections “How to get it” and “First-Time Setup” from: https://landchad.net/ufw/
Update the operating system on your VPS:
# apt update # apt upgrade
Point subdomain to the VPS
Set up the DNS for meet.domain.com (e.g. mine is meet.yctct.com) to point to the IP address of the VPS. Follow the instructions from Jitsi’s guide
Install required packages and repository updates
Install the required packages and repository updates:
# apt install gpg apt-transport-https nginx python3-certbot-nginx curl
Set up the Fully Qualified Domain Name (FQDN)
Follow the instruction on Jitsi’s guide.
Add Prosody and Jitsi package repository
Add the Prosody package repository. Copy the command from Jitsi’s guide That is if you want to restrict access to your instance. I personally don’t restrict access but I installed it for eventual use.
Add the Jitsi package repository. Copy the command from Jitsi’s guide
Configure the firewall with UFW
We installed UFW earlier.
Open required ports with UFW. Run:
# ufw allow 80/tcp # ufw allow 443/tcp # ufw allow 10000/udp # ufw allow 22/tcp # ufw allow 3478/udp # ufw allow 5349/tcp # ufw enable
# ufw status verbose
Generate a SSL certificate for your subdomain
# certbot --nginx certonly -d meet.domain.com --register-unsafely-without-email
I read from Landchad that the command will ask for an email address email. Landchad explains why: “this is so when the certificates need to be renewed in three months, you will get an email about it.” However, Landchad writes that we don’t need to give an email address. We can renew the certificate from the command line, and then automate renewal. The instructions to do so are in the section titled “Setting up certificate renewal” on the page: https://landchad.net/basic/certbot/
# apt install jitsi-meet
The install set up differs from the instructions give in the Jitsi’s guide we generated our own certificate. Thus I will paraphrase the instructions from Landchad below.
First, the interface will ask for the subdomain: i.e. meet.domain.com. Then, select:
I want to use my own certificate and input the paths to the certification key and the cert files which you should find further up in the shell where we generated a SSL certification, i.e. /etc/letsencrypt/live/meet.example.org/privkey.pem and /etc/letsencrypt/live/meet.example.org/fullchain.pem, respectively.
We are done.
Go to your subdomain. Your instance of Jitsi should be up and running.
I had one issue when I first tried to start a call: one participant would get disconnected as soon as the other join. The interface of Jitsi would print “You’ve been disconnected” on the screen.
I found on the forum of Jitsi a user with a similar issue who wrote that Jitsi worked fine after he ran:
# systemctl restart prosody # systemctl restart jicofo # systemctl restart jitsi-videobridge2 # systemctl restart nginx
This also worked for me.
See debugging tips from Jitsi if you have issues.
To uninstall Jitsi, copy the command from Jitsi’s guide.