Deploy Private Jitsi End to End

Hello community,

I’m trying to develop full private Jitsi environment (from App to Jitsi server).
Actually I’ve built the native application in to android device and I’ve developed Jitsi server (videobridge) in Ubuntu 20.
Both elements are under the same private network. Now what I’m trying is to connect the mobile with Jitsi server via Jitsi App. Let’s see the context:
1 - Application has been built succesfully in the device.
2 - Jitsi server (videogridge) can build teleconferences.
3 - Both device can communicate via web (just typing the IP server in the android browser and typing the same roomname).

Now the next step is communicate both device via Jitsi application. When I select my server domain in the application (JitsiApp->setting->Server URL) then type random nameroom, an error appears.
image

I’ve read some discourses about it but I couldnt find any solution. What I’ve tested is to get the server certificates then use them in the android (importing certificates). After that, still doesnt work.

Do you know any solution? It’d be great.
Thanks in advance,
Br,
Adrián

Thanks for your answer. I’ve read that with self-signed certificate it’s not possible connect via application to the Jitsi server so what is the best way to sign the certificate?
Thanks in advance.

Hi gpatel-fr,
I’ve done all these steps related to how self-hosting guide. I’dont know if I’m in the correct situation, here you can see what have been my steps:
1 - Create CA certificate and key using openssl.
Create .crt

  • openssl genrsa -out rootCACert.pem 2048
  • openssl req -x509 -sha256 -new -nodes -key rootCACert.pem -days 3650 -out rootCACert.pem
  • openssl x509 -outform der -in rootCACert.pem -out rootCACert.crt

Create .key

  • openssl genrsa -out rootCAKey.key 1024

2 - Install nginx and configure it to listen in the port 443
3 - Install Jitsi server pointing to these files (.crt and .key)
4 - When Jitsi installer finallized correctly, I just type my domain name in to the browser and ERR_SSL_PROTOCOL_ERROR appears.
5 - I can PING the domain and get connectivity.
6 - I’ve cheked the nginx status and jitsi-videobridge2 status (systemctl) and aparently all is running.

Is it possible that .crt or .key are not valid? Can you help me?

Thank you!

Adrián.

hmm, the document I linked to says that you should ‘Set a DNS A record for that domain’. Since you are using a private certificate, as expressly NOT recommended by the first link I gave to you (“when using phones as these clients often don’t accept self-signed certificates”) it’s not surprising you can’t connect with an Android device.
So the fix is: use a public certificate. If you have an internet server you can use, let’s say you manage adrian.co, get a certificate for meet.adrian.co and use it on your private network. A browser don’t care if the IP address is private, so if you redirect the address of your public server (with a host file or a private DNS), a Let’sEncrypt certificate (for example) will be accepted. You will have to manage the certificate renewing every 90 days manually of course.

I will try to see if I can deploy it with such a certificate and I will let you know if I can finally get it.
Thanks! :slight_smile: