Install Jitsi-Meet on Debian 9 minimal



  • Jitsi is a multi-platform
    open-source video conferencing solution.

    I found Jitsi-Meet while looking for a new video conferencing solution to replace Google Hangouts for my online D&D campaign.

    Installing Jitsi-Meet is super simple if you stick to their recommended Ubuntu/Debian based setup. As everyone knows, I dislike Ubuntu, so Debian 9.6 (at the time of this writing) it is.

    As always, I am assuming you are starting from a minimal install. If you are starting from some other base, your exact needs may differ, but this should get you there.

    A minimal install of Debian 9.6 does not include basic things like sudo or ssh, so set that up first.

    Log in from console as root and install the basics we need.

    apt-get install -y ssh sudo ufw apt-transport-https
    

    Add your non-root user account tot he sudoers file.

    adduser jbusch sudo
    

    Enable the firewall and open a few ports needed

    ufw enable
    ufw allow in ssh
    ufw allow in http
    ufw allow in https
    ufw allow in 10000:20000/udp
    

    Reboot the system

    reboot
    

    Now log in as your non-root user via SSH for the rest of the setup.

    Add the Jitsi GPG key.

    wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
    

    Add the Jitsi repo and update apt

    sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
    sudo apt-get -y update
    

    Install Jitsi-Meet

    sudo apt-get -y install jitsi-meet
    

    You will be prompted for your FQDN, your must have this setup for things to work right.

    You can setup Jitsi to work by IP address, but that is an advanced design flow and not covered by this guide.
    0_1542322602313_942a90e8-b60a-44f6-818f-3884717c9f2c-image.png

    Tell Jitsi to create a self signed SSL Certificate

    You will be given a link to setup Let's Encrypt if you so desire.
    0_1542322627544_fad902cf-aec2-4aac-9fed-66a8369fbefa-image.png

    That is it. It will dump you back to the command prompt. You should now try to connect to your new Jitsi-Meet server using the FQDN you specified.
    Like this: https://jitsi.daerma.com (while this link worked when the guide was written, it was only an example)

    You will be greeted with the one below. Type a room name of your choice, or simply click ``GO to use the randomly generated room name.
    0_1542502570608_7506ea10-bd2f-4e2a-a282-a62c3db29b65-image.png

    If you are running Jitsi-Meet ina VPS instance on a provider liek Vultr or Digital Ocean, you are done.

    If you are running your Jitsi-Meet instance behind NAT, then you must port forward the following ports to your Jitsti server:
    80/tcp, 443/tcp, 10000:20000/ucp
    Next you have to update /etc/jitsi/videobridge/sip-communicator.properties with the following two lines.

    org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=>>YOUR.LAN.IP.ADDRESS<<
    org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=>>YOUR.PUBLIC.IP.ADDRESS<<
    

    For example, mine looks like this:

    org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.254.0.104
    org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=207.244.223.13
    

    Finally, if you are going to have a separate NginX proxy in front of your Jitsi-Meet server, you can go read this post to see what I went through to figure that out. But it is only one firewall rule added and some specific NginX location blocks.

    Add port 5280/tcp to the Jitsi-Meet firewall.
    sudo ufw allow in 5280/tcp
    
    Then add this to your NginX Jitsi-Meet conf file.
        location / {
            ssi on;
            proxy_pass https://10.254.0.104/;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $http_host;
        }
        # BOSH
        location /http-bind {
            proxy_pass http://10.254.0.104:5280/http-bind;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $http_host;
        }
    
        # xmpp websockets
        location /xmpp-websocket {
            proxy_pass              http://10.254.0.104:5280/xmpp-websocket;
            proxy_http_version      1.1;
            proxy_set_header        Upgrade $http_upgrade;
            proxy_set_header        Connection "upgrade";
            proxy_set_header        Host $host;
            tcp_nodelay             on;
        }
    

  • Banned

    Are you setting this up as just a test case or because a client asked you to set this up?



  • @DustinB3403 I want to use it for my D&D campaign.


  • Banned

    @JaredBusch said in Install Jitsi-Meet on Debian 9 minimal:

    @DustinB3403 I want to use it for my D&D campaign.

    Cool.



  • Guide cleaned up and updated with a couple screenshots.



  • @JaredBusch said in Install Jitsi-Meet on Debian 9 minimal:

    ufw allow in 10000:20000/udp
    

    I assume there is a way to narrow this range down to not use the entire "standard" audio/video UDP range, but I have not yet looked. I was more worried about getting things running smoothly and tested out.



  • @JaredBusch How has this been working for you?

    @JaredBusch said in Install Jitsi-Meet on Debian 9 minimal:

    sudo sh -c "echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list"
    

    Any reason your using the unstable build?



  • @aaronstuder said in Install Jitsi-Meet on Debian 9 minimal:

    @JaredBusch How has this been working for you?

    @JaredBusch said in Install Jitsi-Meet on Debian 9 minimal:

    sudo sh -c "echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list"
    

    Any reason your using the unstable build?

    Because I was having problems and trying to track down issues.

    I missed updating that back to stable for my post.

    Post fixed.



  • @JaredBusch Ah, gotcha.

    Also, you should post the full .conf

    server {
            client_max_body_size 40M;
            server_name jitsi.domain.com;
    
        location / {
            ssi on;
            proxy_pass https://10.0.0.85/;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $http_host;
        }
        # BOSH
        location /http-bind {
            proxy_pass http://10.0.0.85:5280/http-bind;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $http_host;
        }
    
        # xmpp websockets
        location /xmpp-websocket {
            proxy_pass              http://10.0.0.85:5280/xmpp-websocket;
            proxy_http_version      1.1;
            proxy_set_header        Upgrade $http_upgrade;
            proxy_set_header        Connection "upgrade";
            proxy_set_header        Host $host;
            tcp_nodelay             on;
        }
    
    }
    


  • @aaronstuder said in Install Jitsi-Meet on Debian 9 minimal:

    @JaredBusch Ah, gotcha.

    Also, you should post the full .conf

    server {
            client_max_body_size 40M;
            server_name jitsi.domain.com;
    
        location / {
            ssi on;
            proxy_pass https://10.0.0.85/;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $http_host;
        }
        # BOSH
        location /http-bind {
            proxy_pass http://10.0.0.85:5280/http-bind;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $http_host;
        }
    
        # xmpp websockets
        location /xmpp-websocket {
            proxy_pass              http://10.0.0.85:5280/xmpp-websocket;
            proxy_http_version      1.1;
            proxy_set_header        Upgrade $http_upgrade;
            proxy_set_header        Connection "upgrade";
            proxy_set_header        Host $host;
            tcp_nodelay             on;
        }
    
    }
    

    That would be totally inapproriate. This is not a guide about setting up Nginx.



  • @JaredBusch said in Install Jitsi-Meet on Debian 9 minimal:

    If you are running your Jitsi-Meet instance behind NAT, then you must port forward the following ports to your Jitsti server:
    80/tcp, 443/tcp, 10000:20000/ucp

    According to this:

    https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md#advanced-configuration

    You only need to open TCP/443 and UDP 10000

    And, I don't think you even need 443 since we are using a reverse proxy?



  • @aaronstuder said in Install Jitsi-Meet on Debian 9 minimal:

    @JaredBusch said in Install Jitsi-Meet on Debian 9 minimal:

    If you are running your Jitsi-Meet instance behind NAT, then you must port forward the following ports to your Jitsti server:
    80/tcp, 443/tcp, 10000:20000/ucp

    According to this:

    https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md#advanced-configuration

    You only need to open TCP/443 and UDP 10000

    And, I don't think you even need 443 since we are using a reverse proxy?

    You are wrong.



  • @JaredBusch care to elaborate? It's working for me.



  • @aaronstuder said in Install Jitsi-Meet on Debian 9 minimal:

    @JaredBusch care to elaborate? It's working for me.

    No, because it has all been posted. between here and my other thread.