Jitsi and Docker Overview
Base image for Jitsi Meet's images (based on Debian and S6 overlay) Container. If you want the communication between the Jitsi Meet and the Etherpad server to be encrypted, use a reverse proxy. If Etherpad will only be accessed via Jitsi and it’s installed on the same server, you don’t need that. Learn more about Jitsi, a free open-source video conferencing software for web & mobile. Make a call, launch on your own servers, integrate into your app, and more.
Jitsi Meet is an open source video conferencing service solution providing fully encrypted and secure high quality and audio without subscription or the need to create an account. The solution can either be installed natively on Ubuntu Bionic Beaver (18.04 LTS) and Debian Buster. Another way to install it, is using a containerized application running on Docker.
This tutorial explains how to install the Jitsi Meet solution on a virtual cloud instance using the Docker Image provided by the Jitsi team, allowing you to deploy your personal Jitsi Meet video conferencing solution in a few easy steps. It is based on a Debian stable base installation and provides all additional modules availabe for Jitsi like Etherpad or jigasi, a gateway allowing SIP connections to the Jitsi Meet instance.
- You have an account and are logged into console.scaleway.com
- You have configured your SSH Key
- You have a Scaleway Elements Instance running Ubuntu Bionic Beaver (18.04 LTS)
- You have installed Docker on the instance
- For best performances of Jitsi Meet, an instance with at least 4GB RAM is recommended
- You have a domain or subdomain pointed to your Instance
Setting Up the Solution
1 . Connect to your Scaleway Elements Instance using SSH.
2 . Update the packet cache and upgrade the software already installed on the instance using the
apt packet manager:
3 . Install Docker, for more detailed instructions, follow our dedicated tutorial:
4 . Clone the Docker Jitsi Meet repository using
cd into the downloaded directory:
5 . Copy the
env.example file to create a environment (
.env) configugration and create the required configuration directories:
6 . Open the
.env file in a text editor and edit the basic settings as following:
7 . If you run a firewall on your instance or have configured a stateful cloud firewall using security groups, make sure that the following ports are open:
- 80/tcp for Web UI HTTP (for redirections, after uncommenting ENABLE_HTTP_REDIRECT=1 in .env)
- 443/tcp for Web UI HTTPS
- 4443/tcp for RTP media over TCP
- 10000/udp for RTP media over UDP
8 . Run
docker-compose up -d to download and launch the application.
Note: If you want to use the Etherpad option with Jisi Meet, configure the Etherpad section in the
.env file and start the docker container as following:
docker-compose -f docker-compose.yml -f etherpad.yml up
Connecting to the Instance
1 . Open a web browser on your local computer and access the web UI at
https://<public_instance_ip>/. The Jitsi Meet login screen displays:
Enter a name for your conference and press
Go to enter the conference room. It is now possible to share the link, to set a password, configure the audio and video quality and more for the conference.
2 . Happy conferencing :)
For more information concerning the Jitsi Meet Docker image, refer to the official documentation.
Even before COVID-19, most of us were in need for some kind of conference solution. Some use proprietary ones like Google Hangouts, Zoom or one of the other popular ones out there.
But if you are in tightly-regulated industry or just want to have full control over your data and like to use open-source, then chances are high you already stumbled upon Jitsi Meet.
In this post I describe the process to setup a fully-functional Jitsi-Meet instance on AWS (+ Terraform code!)
- Jitsi Meet (Ubuntu 18.04)
- Terraform code available (>= 0.12 / HCL2)
- Authentication (Users need to be authenticated to create new conferences) + Guest access (can only join existing conferences)
- LetsEncrypt certificate for HTTPS
- Collaborative working on a shared document during Jitsi conference (etherpad-lite)
- SQL Database for Jitsi authorized accounts
- Aurora Serverless (MySQL)
- Scale down to 0 to reduce costs
- ASG notifications (+ SNS Topic)
- CloudWatch Logs (+ CloudWatch Agent)
- Route53 Public & Private records
- OPTIONAL: Cross-Account for Public & Private records
- Allow SSH by workstation IPv4 (can be disabled)
- Add other allowed IPv4 CIDRs for SSH
- Restrict Jitsi access CIDRs (Default: not restricted)
- Clone the git repository
git clone https://github.com/hajowieland/terraform-aws-jitsi.git
- Create a
terraform.tfvarsand fill in the below variables as key = value one per line
- If your Route53 Public & Private Hosted Zones are in the same AWS Account as where you want to deploy Jitsi, it’s just this:
|public_subnet_ids||Public Subnet IDs||list(string)|
|public_zone_id||Public Zone ID||string|
|private_zone_id||Private Zone ID||string|
Of course you can use it as Terraform module, too:
Here I show you the process of manually setting up Jitsi-Meet on AWS on a single EC2 instance. For a production-ready solution, please use the Terraform code above !)
It shows how the important steps of the EC2 Userdata in the Terraform code work.
- EC2 Instance with Ubuntu 18.04
- You can connect to the instance with SSH
- MySQL / PostgreSQL database
Raise system limits
Jitsi needs increased files and process limits, so we set them in systemd:
Update System, install Jitsi
During install you get ask these two questions:
- Hostname: Set to the desired FQDN for your Jitsi instance (e.g.: meet.example.com)
- Certificate: Choose
Generate a new self-signed certificate(we will get a LetsEncrypt certificate later)
Now export the Hostname as environment variable which we will use in the next steps (replace with the FQDN you configured during install):
Now we are going to install etherpad-lite, which is integrated in Jitsi-Meet and allows us to collaboratively work together on a shared document during conferences.
Download node, clone etherpad-lite git repository and add a etherpad-lite system user:
To enable etherpad-lite at startup and be controlled by systemd, create a systemd unit file and enable the service:
You can check if everything is working with:
Enable ethterpad in Meet
The Meet component needs to know that it can now use Ethterpad:
To allow users to be created and stored in an SQL database, configure Prosody (the XMPP component of Jitsi) to use the database instead of local filestore:
Now fill in the MySQL / PostgreSQL credentials of your database (database name, user, password and host)
Prosody initially used to local filestore for the focus and jvb users, we need them to be converted to our SQL backend.
We can use Prosody Migrator for this task. First we createa Migrator config (fill in your Database data like in the previous step):
And then we migrate the local filestore to the SQL database:
By default, no authentication is set which means every (unauthenticated!) user can create new conferences (and if you have a public Jitsi instance, this means everyone).
This exposes Jitsi to various spam/flood attacks and the Jitsi instance may be used for unintended purposes.
So we definitely need to set up authentication. In the previous step we configured the database backend for the internal Jitsi users and our authenticated users we can add later.
In Jitsi Meet and Prosody we set up a guest domain:
In Jicofo (the focus component), we configure the XMPP auth url so it connects to XMPP (= Prosody) for authentication:
Finally we configure nginx for etherpad-lite and for a seperate interface configuration.
The latter allows us for example to modify the visible Toolbar Buttons (
TOOLBAR_BUTTONS) in Jitsi.
We use a seperate config file for this so it does not get overwritten by a Jitsi update.
As a last step we request a LetsEncrypt certificate. Luckily, Jitsi already provides us with a handy script:
(You get asked for an email adress).
All necessary configuration and auto-renewal (cronjob) will be configured by the script 👍
Eastern time in utc. Universal Time (UTC) to Eastern Standard Time (EST) 12 am UTC: is: 8 pm EST: 1 am UTC: is: 9 pm EST: 2 am UTC: is: 10 pm EST: 3 am UTC: is: 11 pm EST: 4 am UTC: is: 12 am EST: 5 am UTC: is: 1 am EST: 6 am UTC: is: 2 am EST: 7 am UTC: is: 3 am EST: 8 am UTC: is: 4 am EST: 9 am UTC: is: 5 am EST: 10 am UTC: is: 6 am EST: 11 am UTC: is: 7 am EST. Time Difference. Eastern Daylight Time is 4 hours behind of Universal Time Coordinated 2:00 am 02:00 in EDT is 6:00 am 06:00 in UTC. EST to UTC call time Best time for a conference call or a meeting is between 8am-1pm in EST which corresponds to 1pm-6pm in UTC. 2:00 am 02:00 Eastern Daylight Time (EDT). Offset UTC -4:00 hours. EST stands for Eastern Standard Time. UTC is known as Universal Time. UTC is 4 hours ahead of EST. 12:00 am EST 1:00 am EST 2:00 am EST 3:00 am EST 4:00 am EST 5:00 am EST 6:00 am EST 7:00 am EST 8:00 am EST 9:00 am EST 10:00 am EST 11:00 am EST 12:00 pm EST 1:00 pm EST 2:00 pm EST 3:00 pm EST 4:00 pm EST 5:00 pm EST 6:00 pm EST 7:00 pm EST 8:00 pm EST 9:00 pm EST.
Now restart all services and then you are ready to use your shiny new Jitsi-Meet instance 👏
Add authenticated users
If you visit Jitsi-Meet with your browser and create a new conference, you have to authenticate as host:
New users can be created in Prosody via
Etherpad Jitsi Docker
Now try right away to log in with this new user and voilâ –> Now you can invite guests to your conference (they do not have to authenticate - but can only conferences with are created by authenticated users).
To collaborate together on a shared document:
If you encounter any problems or have some ideas on how to enhance the IaC code ➡️ please let me know!
Jitsi Etherpad Lite
I would be very happy to see some Pull Requests on GitHub for the Terraform code of this blog post: