In this tutorial, we’ll show you how to setup your own private, encrypted, self-hosted video conferencing solution. You’ll be able to hand out a URL (and optionally a password) to people and have them join you for a live video group chat, the same was you would using Zoom, GotoMeeting, Google Hangouts, etc. The product we’re going to use is Jitsi.
Setting Up the Server
I’m using a Debian 10 server with 4GB of RAM named “videochat.lowend.party”. This may be overkill. Depending on the number of concurrent connections, you may be able to get away with as little as 1GB of RAM. As you know, there are plenty of cheap VPS options available on LowEndBox.com and both OpenVZ and KVM based systems will work well.
You must have a valid DNS entry setup and working for your server.
After imaging, I installed some prerequisites.
apt-get update apt-get -y install openjdk-11-jre-headless nginx gnupg2 wget
Let’s enable and start nginx:
systemctl enable nginx systemctl start nginx
Now we need to add the Jitsi repository. First, grab and add the key:
# wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - OK
Next, add the Jitsi repository and update apt:
echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list apt-get update
And now we’re ready to install Jitsi:
apt-get -y install jitsi-meet
You’ll be asked two questions during setup:
Enter your hostname.
Select “Generate a new self-signed ceritificate”.
Jitsi will then finish installation. When it’s done, we want to setup Let’s Encrypt so that our video chats are encrypted. Use the Jitsi-provided script for this purpose:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
The only question you’ll be asked is your email address. Jitsi will take care of everything else.
Once it’s done, you’re ready to go!
We’re Live
I pointed my browser at https://videochat.lowend.party:
You can type a name for your meeting in the center box and then press Go, and your conference will be live.
Click the information (“i” in a circle) button in the lower right to copy the URL to your video chat, and optionally set a password.
Securing Jitsi Meet
If you add a password to a conference, that means that no one else can join that conference. But you’re not protected against some random Internet user discovering your Jitsi Meet installation and using it to start a conference of your own, draining your server resources and bandwidth. Let’s fix that.
First, edit /etc/prosody/conf.avail/(your hostname).cfg.lua. Edit the “VirtualHost” section for your server and change the authentication parameter from “anonymous” to “internal_plain”:
VirtualHost "videochat.lowend.party" authentication = "internal_plain" ssl = { key = "/etc/prosody/certs/videochat.lowend.party.key"; certificate = "/etc/prosody/certs/videochat.lowend.party.crt"; } speakerstats_component = "speakerstats.videochat.lowend.party" conference_duration_component = "conferenceduration.videochat.lowend.party" modules_enabled = { "bosh"; "pubsub"; "ping"; -- Enable mod_ping "speakerstats"; "turncredentials"; "conference_duration"; } c2s_require_encryption = false
Copy these lines and except for the ssl sction and paste them directly below, changing as follows (bolded):
VirtualHost "guest.videochat.lowend.party" authentication = "anonymous" -- do not copy the ssl section speakerstats_component = "speakerstats.videochat.lowend.party" conference_duration_component = "conferenceduration.videochat.lowend.party" modules_enabled = { "bosh"; "pubsub"; "ping"; -- Enable mod_ping "speakerstats"; "turncredentials"; "conference_duration"; } c2s_require_encryption = false
guest.videochat.lowend.party is an internal entry, not something we need to create an external DNS entry for. However, you should create an entry in /etc/hosts:
127.0.0.1 localhost videochat.lowend.party guest.videochat.lowend.party
Now edit /etc/jitsi/meet/(your hostname)-config.js and add the following entry (bolded):
var config = { hosts: { domain: 'videochat.lowend.party', anonymousdomain: 'guest.videochat.lowend.party',
Edit /etc/jitsi/jicofo/sip-communicator.properties and add this line:
org.jitsi.jicofo.auth.URL=XMPP:videochat.lowend.partyNow create users that will authenticate via the prosodyctl command. For example:
prosodyctl register raindog308 videochat.lowend.party complex-password
Then reboot your server (fastest way to restart all the services).
Now when you go to your Jitsi Meet and try to start a meeting, you will see a prompt to authenticate before you can start a conference:
Related Posts:
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
- Let’s Check In: sh97’s Network Benchmark Script has Plenty of New Developments! - April 16, 2024
- Setup a Highly Available WordPress Site From Scratch, 2024 Edition!Part 6: MariaDB Multi-Master - April 16, 2024
- Setup a Highly Available WordPress Site From Scratch, 2024 Edition!Part 5: WordPress Install - April 15, 2024
visiting: http://videochat.lowend.party
results in –
File not found
The web address you entered could not be found. This could be because the site is temporarily offline or because the file you requested no longer exists on the web site. Please verify that you have correctly entered the web site address and try again. If this problem persists, try browsing to the web site’s home page and navigating to the file from there.
I got Error: Account creation/modification not supported.