Samuel Nitsche

Install Jitsi Meet and Configure Load Balancing

Original –

Introduction

Jitsi Meet is an open-source (Apache) WebRTC JavaScript application that uses Jitsi Videobridge to provide high quality, secure and scalable video conferences. It can be used as a replacement for proprietary services like Zoom, Whereby, Teams, Skype and many others.

Requirements

  • At least two Linux systems with Debian 10
  • DNS Record for your domain (in our case meet.example.com)

Prepare your system

First of all we prepare our system by updating all package lists and packages. To do so run the following commands.

apt update && apt upgrade -y

Basic Jitsi Meet installation

Next, please be sure that your FQDN is configured correct.

127.0.0.1 localhost meet.example.org

Verify the configuration by running ping meet.example.com and look for 127.0.0.1.

Add the Jitsi Repository 

echo 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list
wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
apt update

Install nginx

Jitsi will install and configure a webserver called Jetty when no nginx or apache server was detected during the installation. Since Jetty is java based and really slow we want to use nginx. Install it by running the following command.

apt install nginx -y

Install jitsi meet

Now we are ready to install Jitsi Meet by running the following command. This will install all required components for Jitsi to work, including the web component, jicofo, jitsi-videobridge and much more.

apt install jitsi-meet -y

During the installation, you will be asked to enter the FQDN of the Jitsi Meet instance. Please be sure to enter the correct hostname (in our case meet.example.com)

Generate a certificate

In order to have secure communication we need a TLS certificate. Luckily Jitsi Meet makes this very easy. Simply run the following command, enter a valid email address and wait until the script finished.

/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

At this point we are already able to use Jitsi Meet. You can even test it by navigating to the hostname of your Jitsi Meet instance (in our case meet.example.com)

Load Balancing

Now the interesting part begins. Jitsi Meet on a single machine is fine if you only have a few videostreams but at some point your single instance may get too busy to handle all meetings on its own.

Please open the file /etc/jitsi/videobridge/sip-communicator.properties. It should look similar to this.

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.meet.example.com
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=7sM1g8yw
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.meet.example.com
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=728f25ec-a170-40f5-a7f1-b4f7b9d8c98a

Please add the following lines to the end of this file.

org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

In addition, please change the line org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME to this.

org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=jvb1

Configure the second machine

Please connect to the second machine, add the required repositories and install jitsi-videobridge by running the following commands.

echo 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list
wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
apt update
apt install jitsi-videobridge2 -y

Again, you will be asked for the hostname of your installation. Please enter the FQDN of the first machine (in our case meet.example.com)

Next, also open the file /etc/jitsi/videobridge/sip-communicator.properties and add the following lines to the end.

org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

Find the line org.jitsi.videobridge.xmpp.user.shard.HOSTNAME and set it to the public ip address of the first machine.

- org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
+ org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=<public ip address>

In addition, please change the line org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME to this.

org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=jvb2

Get the credentials

On the first machine, please open the file /etc/jitsi/videobridge/config and find the line JVB_SECRET. Copy the password and go back to the second machine.

Replace the passwords in the following two files by the password you just copied.

/etc/jitsi/videobridge/config
/etc/jitsi/videobridge/sip-communicator.properties

Now restart both machines and take a look at the log files located in /var/log/jitsi/.

You should find similar lines to thes in the jicofo.log file.

Jicofo 2020-03-28 14:37:02.928 INFO: [29] org.jitsi.jicofo.xmpp.BaseBrewery.processInstanceStatusChanged().329 Added brewery instance: jvbbrewery@internal.auth.meet.example.com/jvb2
Jicofo 2020-03-28 14:37:02.928 INFO: [29] org.jitsi.jicofo.bridge.BridgeSelector.log() Added videobridge: jvbbrewery@internal.auth.meet.example.com/jvb2 v: null
Jicofo 2020-03-28 14:37:02.929 WARNING: [29] org.jitsi.jicofo.bridge.BridgeSelector.log() No pub-sub node mapped for jvbbrewery@internal.auth.meet.example.com/jvb2
Jicofo 2020-03-28 14:37:02.950 INFO: [44] org.jitsi.jicofo.bridge.JvbDoctor.log() Scheduled health-check task for: jvbbrewery@internal.auth.meet.example.com/jvb2

You can repeat this for as many machines as you want.

At this point you have successfully configured Jitsi Meet with load balancing. To ensure that load balancing works please start multiple meetings and monitor jicofo.log. You should find a line similar to this one.

Using jvbbrewery@internal.auth.meet.example.com/jvb2 to allocate channels for: Participant[testmeeting@conference.meet.example.com/b4144338]@469524696

If you have any questions about the setup or difficulties following it, please feel free to contact me.