Self Hosted Jitsi Video Conferencing

 Self Hosted Video Conferencing : Jitsi

During the Covid19 restrictions, lots of the people suddenly decended on the existing video conferencing platforms such as Google Meet and Zoom. They pretty rapidly enhanced and scaled their products to cope with the increased demand but Zoom in particular quickly gained a bit of a stigma for being hijacked/zoom bombed by external parties which was really bad when some of the participants were kids. 

Google laterly opened up Meet to the masses which was really a bit slow considering the need for group meetings was vital to lots of people. They did but it was a bit slow. We also found out we are becoming more and more dependent on such setups. 

Microsoft has the Teams product which many organisations have access through Office 365 subscriptions but these were generally controlled and not intended for personal use outside work needs so using for personal use was rather frowned upon. 

I had concerns with the Zoom hacking zoom-bombing problems near the start of lockdown in the UK to consider looking at what other options were available. This was before Google opened up Meet. 

Jitsi Meet

I came across Jitsi (or Jitsi Meet specifically) Jisti.org. Jitsi is described as a secure, flexible and completely free video conferencing platform that can also be integrated with other tools and services. 

Jitsi Meet itself is part of the Jitsi platform. You have the option to use the Jitsi hosted setup itself with minimal effort on your part but of most interest is the option to use the server download option and set up your own private video conferencing platform. 

If you just need a quick alternative to Zoom or Google Meet then the Jitsi hosted version of the service is really, really simple to use. You literally just browse to meet.jisti.si and start a meeting and then share the meeting name with others for them to join. You can either go with one of the randomly generated names or type in a meeting name of your own that's memorable and easy to relay to others. Just make sure it is of a decent length. It's recommended you don't reuse meeting names either. 

Self hosting Jitsi Meet

Self hosting requires some more work but does allow you to set it up as a completely private video conferencing setup under your control. This could be important if you want to tighten controls for starting meetings and or general access. In terms of a host platform there are numerous options including cloud based setups on AWS(Amazon) or GCP(Google) platforms. If on the other hand you want something very simple and running locally on your own network then a basic Virtualbox or VMWare ESXi setup is the way to go. I have a small ESX setup at home and so went that route. 

In VMWare ESX (6.7.0 Update 3 was used), the following was setup with a virtual machine with the following config: 

• 2 CPU, 4GB RAM and 35GB SSD space (type thick provisioned, lazily zeroed)

This is probably overkill but it depends upon how many users your setup is going to have to support. Another factor in this if clearly you need a pretty decent home internet connection. 

Into this virtual machine I installed Ubuntu server 18.04.4 LTS (64 bit). After the main install, I did the usual package upgrade commands and rebooted it. 

The outline steps are:

1. Decide how you intend to be able to reach this home setup. The options are using a dynamic dns type service or alternatively purchasing a domain and then pointing the DNS records to point to your home setup. If using the domain and DNS approach is it far easier if your home internet connection can have a static IP address. Some providers do allow or provide this, for example Vodafone in the UK doesn't provide this by default but if you contact them they enable a static will for free. 
1. For example I decided to get a static IP from my ISP (Vodafone) and then purchase a google domain and setup a subdomain and point it at my jitsi installation. meet.<domain name>.
2. You will need an externally accessible domain name to be able to reach your jitsi meet installation during the Jitsi setup so you want to do this in advance.
3. Note in order for everything to work you will need to setup port forwarding on your home router to the machine hosting jitsi meet. You will need to allow/forward the following ports to the specific machine/vm hosting jitsi meet on your network. Below are the rules I setup.   
1. jitsi_http  80 -> 80 TCP
2. jitsi_https 443 -> 443 TCP
3. jitsi_udp 10000-20000 -> 10000-20000 UDP
4. jitsi_vbridge 4443 -> 4443 TCP
4. Then simply follow the Jitsi Meet installation steps for your distribution. In my Ubuntu based case these steps are provided here. 
5. That should really be it for the basic setup

Securing who can start meetings

One aspect I didn't like about a self hosted seutp of Jitsi Meet was that anyone who had access to the server could start meetings. This is obviously ok if there are other controls to access i.e. it's an internal site only but if it is public facing server then you really want some additional controls as to who can use it to start meetings. 

After a bit of digging I found this is possible. 

It is possible to allow only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain. Follow this guide from the Jitsi handbook to secure the domain. 

Note however to get the user account to work properly I needed to : 

• prosodyctl register <username> <your meet subdomain> <new user password>
• prosodyctl deluser <username>@<your meet subdomain>
• prosodyctl adduser <username>@<your meet subdomain>
• (Then set password)
• Account then for auth new meetings is
• <username>@<your meet subdomain>

Now when you try and start a meeting it will ask for the host username above(with full domain) and password to login to be able to start/host a new meeting. Everyone else can still join, they just cannot start meetings. You can add multiple users who are allowed to start meetings. 

Maintenance

Periodically you will need to carry out some maintenance tasks. You could set this up as a cron job if you wish also and install additional management interfaces such as webmin to make this simpler on the virtual machine. For now here is a simple explanation of what may need updated periodically. 

General updates of Ubuntu

• sudo apt update
• sudo apt upgrade
• this will include updates of Jitsi Meet

Also the lets encrypt certificate will expire at times to renew: 

• /usr/local/sbin/certbot-auto renew

Wrap up

So this is definately a bit of work to get setup locally but it does give you something pretty good locally as another option to the main players and certainly something good if you want a free, completely self hosted and internal only option for security reasons. One other general comment is I have found the video quality to be excellent along with the way the audio is shared is also very good when audio latency is really important for your use case. Something to think about and it's another great example of some of the tools available to us today.