Skip to content

Deployment Overview of Jitsi on Server

Prerequisites and Basic Requirements

  • Operating System: Debian-based distribution (Ubuntu 22.04 "Jammy" or compatible).

  • Privileges: Root access or sudo privileges are required for installation and configuration.

  • Domain: A fully qualified domain name (FQDN) pointing to the server's public IP address.

  • Network: Inbound traffic must be allowed for ports 80 (TCP), 443 (TCP), and 10000 (UDP).

  • Storage: Sufficient disk space for Jitsi packages, logs, and potential media storage.

  • Time: System time must be synchronized via NTP to ensure valid SSL certificates and XMPP operations.

FQDN of the Final Panel

The application is accessible via the following FQDN format on the hostkey.in domain:

  • Format: jitsi<Server ID>.hostkey.in

  • Port: 443 (HTTPS)

  • Example: If the Server ID is 123, the address is jitsi123.hostkey.in.

File and Directory Structure

The following directories and files are configured for the Jitsi deployment:

  • Configuration Files:

  • Nginx server block: /etc/nginx/sites-available/jitsi<Server ID>.hostkey.in.conf or /data/nginx/user_conf.d/jitsi<Server ID>.hostkey.in.conf

  • Jitsi Meet configuration: /etc/jitsi/meet/

  • Prosody configuration: /etc/prosody/conf.avail/

  • Let's Encrypt certificates: /etc/letsencrypt/

  • Data and Logs:

  • Logs: /var/log/jitsi/

  • Jitsi Meet web data: /usr/share/jitsi-meet/

  • Nginx custom configurations (if using Docker proxy): /data/nginx/user_conf.d/

  • Certificates:

  • Managed by Certbot: /etc/letsencrypt/live/ and /etc/letsencrypt/archive/

Application Installation Process

The application is installed using APT package manager with the following components:

  • jitsi-meet: Core web application.

  • jicofo: Jitsi Conference Focus (FOC).

  • jitsi-videobridge2: Media bridge for handling video streams.

  • jitsi-meet-prosody: XMPP server configuration for signaling.

  • jitsi-meet-web: Static web assets.

  • jitsi-meet-web-config: Web configuration management.

  • jitsi-meet-turnserver: TURN server for NAT traversal (if configured).

  • nginx: Web server and reverse proxy.

Installation steps involve:

  1. Adding the official Jitsi repository (https://download.jitsi.org stable/).

  2. Adding the Prosody repository (https://packages.prosody.im/debian jammy main).

  3. Preseeding configuration values (hostname, certificate type) to automate jitsi-meet-web-config.

  4. Running apt install to deploy the packages.

  5. Generating a Let's Encrypt SSL certificate using the non-interactive script provided by Jitsi.

Access Rights and Security

  • Firewall: UFW is enabled with specific rules allowing traffic on ports 80, 443, and 10000. All other ports are blocked by default.

  • Users: The application runs under system service accounts (e.g., prosody, jitsi-videobridge, jicofo). Direct root access is not required for daily operation.

  • Restrictions:

  • The default Nginx site is removed to ensure only the Jitsi FQDN serves traffic.

  • TLS is enforced via Nginx configuration; HTTP traffic on port 80 redirects to HTTPS.

  • Proxy settings disable SSL verification for the internal upstream (proxy_ssl_verify off) because the internal service uses self-signed certificates managed by Jitsi.

Databases

  • Storage Method: Jitsi Meet primarily uses SQLite for local storage in standard configurations.

  • Location: Database files are stored within the Jitsi data directory, typically under /var/lib/jitsi-meet/ or managed by the jitsi-meet package defaults.

  • Connection: No external database server (like MySQL or PostgreSQL) is explicitly configured in the provided deployment data; the application relies on the local file-based database.

Docker Containers and Their Deployment

If a Docker-based proxy is utilized, the following containers are deployed via docker compose:

  • Service: nginx (using image jonasal/nginx-certbot:latest).

  • Deployment Location: /root/nginx/compose.yml.

  • Network Mode: Host networking (network_mode: host).

  • Volumes:

  • nginx_secrets mounted to /etc/letsencrypt.

  • /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d for custom site configurations.

  • DNS: Resolvers set to 1.1.1.1 and 8.8.8.8.

Proxy Servers

Nginx is configured as the reverse proxy handling both HTTP and HTTPS traffic.

  • Ports: Listens on 80 (HTTP) and 443 (HTTPS with SSL and HTTP/2).

  • Internal Routing:

  • Traffic is proxied to https://127.0.0.1:8443/ for the main web interface.

  • Websocket and signaling paths are proxied to https://127.0.0.1:8443 for specific endpoints:

    • /xmpp-websocket

    • /colibri-ws/

    • /http-bind

  • Headers: The proxy forwards Host, X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, and Upgrade headers to the backend.

  • SSL: Managed by Let's Encrypt via Certbot. Certificates are automatically issued and renewed.

Permission Settings

  • Configuration Files: Nginx configuration files are owned by root with permissions 0644.

  • Directories:

  • /root/nginx/: Owned by root, permissions 0755.

  • /data/nginx/user_conf.d/: Owned by root, permissions 0755.

  • Service Files: Application binaries and standard configuration files follow system default permissions set by the APT packages.

Location of Configuration Files and Data

  • Nginx Configuration:

  • Primary: /etc/nginx/sites-available/ or /data/nginx/user_conf.d/ (depending on the deployment method).

  • Active: Symlinked in /etc/nginx/sites-enabled/.

  • Jitsi Configuration:

  • General config: /etc/jitsi/meet/.

  • Prosody config: /etc/prosody/conf.avail/.

  • Certificates:

  • Let's Encrypt: /etc/letsencrypt/.

  • Logs:

  • System logs: /var/log/jitsi/.

  • Nginx logs: /var/log/nginx/.

Available Ports for Connection

The following ports are open and configured for client access:

  • Port 80 (TCP): HTTP traffic, redirects to HTTPS.

  • Port 443 (TCP): HTTPS traffic, serves the Jitsi web interface and WebSocket connections.

  • Port 10000 (UDP): Media traffic (RTP) for video and audio streams.

Starting, Stopping, and Updating

Service management is handled via systemd. The following services are active and enabled:

  • prosody

  • jicofo

  • jitsi-videobridge2

  • nginx

Commands for service management:

  • Start services: 

    sudo systemctl start prosody jicofo jitsi-videobridge2 nginx

  • Stop services: 

    sudo systemctl stop prosody jicofo jitsi-videobridge2 nginx

  • Restart services: 

    sudo systemctl restart prosody jicofo jitsi-videobridge2 nginx

  • Check status: 

    sudo systemctl status jitsi-meet-web-config

For Docker deployments, use docker compose within the /root/nginx directory:

  • Start: 

    docker compose up -d

  • Stop: 

    docker compose down

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×