Irrespective of the current situation I already had a look at the Jitsi Meet platform some time back last year. Jiffy oil change coupons. Due to a lack of necessity and organising most community meetings offline - both MSCC and GDG Mauritius - there was no motivation to look closer into any video conferencing platform.
Inspired by the announcement that meet.mixp.org offers free access to host video conferencing calls locally in Mauritius and the fact that past few meetings of the MSCC had been conducted virtually using Google Hangouts Meet, I reserved some time to do a little research. The result is a series of tutorials on how to get started with Jitsi Meet, how to customise it for your own branding, and how to enable more features beyond the basic installation.
This first article describes the fundamental installation of Jitsi Meet on the Google Cloud Platform. Surely, the necessary steps shall be reproducible on other cloud computing platforms like Microsoft Azure or Amazon AWS.
Prerequisites: Domain Name
Google Meet and Jitsi can be primarily classified as 'Web and Video Conferencing' tools. Jitsi is an open source tool with 1.96K GitHub stars and 637 GitHub forks. Here's a link to Jitsi's open source repository on GitHub. Advice on Google Meet and Jitsi. Real-time meetings by Google. Using your browser, share your video, desktop, and presentations with teammates and customers. Real-time meetings by Google. Using your browser, share your video, desktop, and presentations with teammates and customers. Google Meet vs Jitsi; Google Meet vs Jitsi. Remove All Products Add Product Share. Google Meet by Google Remove. Jitsi by Jitsi View Details. Awards: Most Popular. Starting Price: $6.00/one-time. Not provided by vendor Best For: Mobile and web-based google application that lets small to large businesses conduct voice/video.
Before you start following the steps in this article you should consider to have a fully qualified domain name (FQDN) at hand. That domain will be used to access your Jitsi Meet server over the internet.
Official Google Meet Help Center where you can find tips and tutorials on using Google Meet and other answers to frequently asked questions. Connect your calendar to view all your meetings in Jitsi Meet. Plus, add Jitsi meetings to your calendar and start them with one click.
I'm going to use the subdomain
meet.mscc.mu because the Jitsi Meet video conferencing system described here will be used for the Mauritius Software Craftsmanship Community (MSCC) and associated user groups in Mauritius.
Let's log into Google Cloud Console and begin the installation.
Define a permanent External IP address
First, you reserve a static IP address. We are going to use this IP address for the DNS record of your FQDN and to attach it to the VM instance running Jitsi Meet server.
In Cloud Console navigate to VPC network > External IP addresses and reserve a new static address. Although the IP address is not attached to anything yet we are going to use it shortly.
The result should look similar to this. Of course, your external IP address will be different.
Create a DNS entry
Now, packed with the newly created IP address it is time to create a DNS record for the domain name you would like to use for the Jitsi Meet server. This step depends on your DNS nameserver provider.
I'm going to describe how it is done using Cloudflare. Under DNS management create a new A record with the subdomain
meet and the external IP address provided by Google Cloud Platform.
The resulting DNS configuration should look similar to above. Global DNS propagation can take up to 24 hours and it is important to wait that your DNS record has been deployed successfully.
Verify DNS configuration
You can use any DNS query tool to verify this step. Depending on your OS either use
nslookup to check whether the DNS record has been distributed to the Cloudflare public DNS server.
With proper DNS settings in place you are ready to continue with the installation of Jitsi Meet.
Create a VM instance
Log into Cloud Console and navigate to Compute Engine > VM instances. There click on
Create instance and enter relevant information for your new VM instance.
The default values provided by GCP shall work just fine. However you might like to adjust region, zone and machine configuration according to your liking.
Specify the hostname
Important: The initial configuration allows you to set a custom hostname for your instance and you should specify the prepared DNS name as such. This choice is permanent and cannot be changed later.
Management, security, disks, networking, sole tenancy and enter your FQDN under
Choose the External IP address
While you are at the details of Networking click on the pen symbol of the Network interface and select the external IP address that we created earlier. The entry shall look like so.
Done when your networking options are complete.
If ever you missed the initial creation of an external IP address you can open the dropdown selection under External IP and choose to
Create IP address. Give the new static IP address a name and click on Reserve.
However this still requires proper DNS configuration as described earlier.
Configure firewall rules
According to the quick install guide Jitsi Meet requires the following ports and protocols to allow traffic from the internet.
- 80 TCP - aka HTTP traffic
- 443 TCP - aka HTTPS traffic
- 10000 UDP
The first two ports can be configured during the creation of the VM instance. Tick the checkboxes in the Firewall section and the necessary rules will be applied during the creation of the virtual machine.
For the UDP port you are going to enter a Network tag for the moment. That tag is used to connect the VM instance to a (new) firewall rule.
Finally, click on
Create to complete your VM instance. This is going to take a few seconds and you will be notified as soon as the VM instance is ready.
Create and verify firewall rules
In order to create the third, remaining firewall rule you navigate to VPC network > Firewall rules and there you click on
Create Firewall Rule to configure the missing information.
Target tags you enter the same value you used as
Network tags during the configuration of the VM instance. This closes the link between the instance and this firewall rule.
The value for the
Source IP ranges is 0.0.0.0/0 which represents any IP address from the internet.
Protocols and ports you tick UDP protocol and you enter the port number 10000.
Finally, click on
Create to enable the firewall rule.
The result should look similar to the list of rules below.
Access the VM instance
Navigate back to Compute Engine > VM instances and click on the SSH button of your instance. This should open a new browser window.
Note: Eventually you have to allow Cloud Console to open popups first.
After a short initialisation the connection should be established and you are greeted by a bash prompt on Linux.
Install Jitsi Meet software
The following steps are based on the official Jitsi Meet quick install guide on GitHub - with a few additional notes and modifications on my side.
First, verify the assignment of the Fully Qualified Domain Name (FQDN) with the following command:
At the same time check that the name resolution has been added to the
Run commands as user
Note: Many of the installation steps require elevated privileges. If you are logged in using a regular user account, you may need to increase your permissions.
sudo for individual commands or temporarily change user context and operate as user root.
Although not recommended it's faster to complete the installation as root.
Add the Jitsi package repository
The Jitsi repository uses a secured URL which requires that you add the HTTPS transport option to apt, then you update the local repository cache, and finally you install the package of Jitsi Meet and all dependencies.
During the process you will be asked to enter the FQDN or hostname of your instance of Jitsi Meet. Enter the hostname that we verified already and hit
OK to continue the installation.
Next, you will be ask to configure SSL certificate of your Jitsi Meet domain. Here keep the default selection to generate a self-signed certificate and hit
We are going to generate an SSL certificate provided by Let's Encrypt in the next step.
Install Let's Encrypt certificate
Note: Verify that the DNS record has been assigned to your static external IP address and it has been distributed globally before you try to apply the Let's Encrypt SSL certificate. See
Verify DNS configuration above on how to do that.
At the time of writing there was a small issue running the script as described on GitHub: Lets Encrypt setup error about missing file #5929. The workaround is to create the expected deployment hook manually yourself before running the certificate installation script.
Now, run the following shell script as mentioned in the quick install guide.
The script is going to ask you for an email address to send notifications from Let's Encrypt to. Then your terminal is going to provide you with tons of information and the outcome should look similar to below. Look for
Congratulations! to be sure that the SSL certificate has been successfully requested from Let's Encrypt and applied to your system.
Basically your installation is complete now.
You shall be able to load your FQDN in your browser. In case you run into any trouble kindly repeat the steps above or refer to the official Jitsi Meet quick install or the Jitsi Community Forum.
However there are probably some additional considerations prior to operating your instance of Jitsi Meet server on the internet.
Adjust nginx configuration file
The default configuration of nginx created by the Jitsi Meet package is not optimal and you should make a few changes to it. Open the file with your preferred text editor
Change the default protocol to HTTP/2
Look for the
listen directives and add the value
http2 at the end of both. It shall look like so.
Change SSL protocol versions and ciphers
By default nginx is enabled to support TLS 1.0, TLS 1.1 and TLS 1.2. However the two former protocols are legacy protocol that shouldn't be used. TLS v1.0 and TLS v1.1 have been deprecated in January 2020 by modern browsers. Hence you should change the ssl_protocols directive like so.
Depending on the nginx version TLS 1.3 might be an additional option. You might consider to replace the existing directive of SSL ciphers with the following value.
The Mozilla SSL Configuration Generator is definitely worth a look. The Intermediate configuration would be the recommended choice. Perhaps you might like to read SSL and TLS Deployment Best Practices for more background information.
Add more HTTP headers
Next, you should define a few more HTTP header directives to improve your default configuration. Open the nginx config file again and add the following lines right after the existing
add_header directive related to HSTS.
Note: The Jitsi Meet Electron application for desktop systems cannot load your instance if the HTTP header
X-Frame-Options has been set. Either comment or remove that directive if you are planning to use the application.
Save the configuration after each change and run a
If the result is OK restart nginx as usual. Otherwise, inspect the log file located at
/var/log/nginx/error.log for any error entries.
In case that you are interested to see the impact of your changes open the Qualys SSL Server Test and validate your domain.
Increase number of processes and open files
The quick install guide mentions that the default configuration of a system is good for less than 100 participants. To avoid running into any unexpected situations I suggest that you increase that value already now.
Open the file
/etc/systemd/system.conf and add the following lines at the end.
Reload the systemd changes on a running system and restart your Jitsi instance with those two commands.
To verify that the settings have been applied run the following command and check the value of
Tasks: XX (limit: 65000).
Confirm your installation is working
Open a new browser tab or better an incognito window and navigate to the FQDN you specified during the installation. You shall be greeted by the Jitsi Meet default page.
When you click on the gear symbol in the top right corner your browser should ask for permissions to access microphone and camera.
Allow in both cases and continue to configure your devices you would like to use in Jitsi Meet.
Change to the tab
Profile to provide more information like your displayed name in the meeting rooms. On the tab
More you are able to configure your preferred language.
Finally, enter any value to start a new meeting and click on GO.
The use of camel-case writing forms the URL to access the meeting and is automatically converted into blanks after you entered the meeting room.
Google Meet Jitsi Download
Enjoy your very own Jitsi Meet video conferencing system.
Automate it with gcloud
All steps above can be executed by using
gcloud commands. Best might be to use your instance of Cloud Shell to create a VM instance and to install Jitsi Meet.
Make sure that you have a domain name prepared.
Create the infrastructure
You would probably adjust the environmental variables at the top to change region, zone, instance name and your DNS hostname.
After execution you are going to see the external IP address in the Shell, and you should be connected to the new VM instance.
In case that the remote VM instance does not respond to the SSH connection or times out, wait a short while and repeat the last command to SSH into the instance.
Now is the right time to verify that your DNS record is up-to-date and matches the external IP address of your VM instance before you continue to install Jitsi Meet.
Install Jitsi Meet server
This paragraph summarizes the commands used above to install Jitsi Meet server. They should be run as user root. Change into an interactive session of user
Then run the following to complete the basic installation of Jitsi Meet server on the VM instance.
Last, prepare the system for an SSL certificate provided by Let's Encrypt by running the following commands.
Note: Without properly configured DNS this is going to fail.
You have to specify an email address to receive notifications regarding your certificates from Let's Encrypt.
Congrats, your Jitsi Meet server is now operational. Maybe you like to review the nginx changes described above to improve your setup a little bit.
Customising Jitsi Meet server
The default installation in this article is kind of basic and provides you a jumpstart to run your own video conferencing system. In the next article of this series I'm going to describe how you enable authentication and secure your Jitsi Meet instance.
A Google account offers text, voice, and video communication. It also offers free PC-to-phone calling within North America. However Google recently announced plans to end their support for the standard IM protocol (XMPP) in favor of an undisclosed proprietary protocol. Users have reported that Google Accounts work less reliably than they did in the past�particularly voice and video.
Add Google Talk to Jitsi
To set up Google Talk follow the steps below:
- From the main menu choose File > Add new account…
- In the Add new account dialog, Network drop down menu choose “Google Talk”.
- Enter your user name.
- Enter your password.
- Click “Add”.
Zoom Google Meet Jitsi
Two-Step Verification (Two-Factor Authentication)
If you previously set up Two-Step Verification for your Google account, and try to log in with your regular password you may see a message like the one below. To log in from Jitsi, you need to generate an “application-specific password”. For instructions see Sign in using application-specific passwords.
Google offers PC-to-phone calling within North America. For US residents Google Voice also offers many more services such as voicemail, free text messaging, call history, conference calling, call screening, blocking of unwanted calls, and voice transcription to text of voicemail messages.
However, voice calls are connected to Google’s email service Gmail. You may need to specifically enable the feature from within Gmail.
- Log in to Gmail from your web browser.
- Click on the cog icon and choose “Settings” (The cog icon is near the top right of the page).
- Within Settings, click on the “Chat” tab.
- Under “Call Phones” choose “Enable outbound voice calling”.