Jitsi Server

Jitsi is an open source app for videoconferencing and chat. Works with Windows, Linux, Mac OS X and Android clients.

Droplets created by using this image allow videoconferencing between Windows, Mac, Linux, Android and iOS users, just requiring to open a new browser tab on laptops/desktops or to install the Jitsi app from the Play Store/App Store on mobile.

This is a pre-configured image with pre-configured dependencies. You’ll only need a domain and we provide the scripts for an effortless setup with HTTPS enabled for secure communication with your team.

Software Included

Package Version License
Jitsi Server Latest Apache 2.0
NGINX 1.18.0 NGINX License
Fail2ban 0.11.2 GPL-2

Creating an App using the Control Panel

Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

Deploy to DO

Creating an App using the API

In addition to creating a Droplet from the Jitsi Server 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB Jitsi Server Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token) to an environment variable or substitute it in the command below.

curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "jitsiserver-20-04"}' \
        "https://api.digitalocean.com/v2/droplets"

Getting Started After Deploying Jitsi Server

Configure Jitsi

Step 1

Create a droplet from the image available in the Marketplace.

We recommend using Premium-CPU Optimized Droplets for production deployment. Please review this benchmark analysis and tutorial for running your own performance test and benchmark comparison data.

Step 2

Before accessing the fresh droplet, add a domain to your project. This is required because most browsers require HTTPS in order to allow you to use the camera and microphone in a website, and it’s not possible to enable HTTPS just with an IP.

Here’s an excellent guide to do that: https://www.digitalocean.com/docs/networking/dns/how-to/add-domains/.

It is mandatory to add an A record (i.e. jitsi-example.digitalocean.com) pointing to the IP associated with your droplet.

Step 3

Access the console (i.e via ssh by running ssh [email protected]). We have created a single script to configure Jitsi in a very straightforward way so please follow the instructions displayed in the terminal. During the first boot you’ll be asked to include your domain and your email shall be asked in order to create the HTTPS certificates. You’ll be notified when it’s time to renew the certificates and maintain your website with a secure connection.

Here’s an excellent guide if you have questions with respect to HTTPS and encryption: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04

Step 4 (Optional)

You can optionally add a password to control who can create a meeting. If you want to restrict that, edit nano /etc/prosody/conf.avail/jitsi-example.digitalocean.com.cfg.lua. There, look for the line that starts with VirtualHost, below it, there is a line that says authentication = "anonymous", it should be changed to authentication = "internal_plain".

After you saved the authentication changes, you can set one or more Jitsi users that will be able to create a meeting after providing a password. This can be configured with the command:

prosodyctl register the-user jitsi-example.digitalocean.com the-password

To allow users entering the videoconferences without providing them the user and password just created, go back to edit /etc/prosody/conf.avail/jitsi-example.digitalocean.com.cfg.lua and at the end of the file paste these lines:

VirtualHost "guest.jitsi-example.digitalocean.com"
    authentication = "anonymous"
    c2s_require_encryption = false

Edit /etc/jitsi/meet/jitsi-example.digitalocean.com-config.js and uncomment the line that says:

// anonymousdomain: 'guest.jitsi-example.digitalocean.com',

Edit /etc/jitsi/jicofo/jicofo.conf by switching to a configuration like this

jicofo {  
  xmpp: {  
    client: {  
      client-proxy: focus.jitsi-example.digitalocean.com  
    }  
    trusted-domains: [ "recorder.`jitsi-example.digitalocean.com`" ]  
  }  
  bridge: {  
    brewery-jid: "[email protected].`jitsi-example.digitalocean.com`"  
  }  
  authentication: {  
    enabled: true  
    type: XMPP  
    login-url:jitsi-example.digitalocean.com  
  }  
}

This shall enable users to enter the conference with and URL or the URL and a plain password that can be configured in the browser and is the same for all users. See Jitsi documentation for the details.

Finally restart the services by typing:

systemctl restart {prosody,jicofo,jitsi-videobridge2,nginx}

Use Jitsi

Connect to the host via the hostname you set up in the earlier. Just open a browser tab and visit jitsi-example.digitalocean.com (i.e. the domain that you previously configured).

Good practices

  1. It is highly recommended that you don’t disable the firewall.
  2. Keep your server updated with the last security patches and recent software versions.
  3. (Optional) Use SSH keys instead of typed passwords to enter your server via SSH. See the details here: https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/
  4. (Optional) Configure an application such as Google Authenticator to provide a dynamic additional password for SSH access. See the details here: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-two-factor-authentication