Installation of Jitsi Meet with Jibri on 2 servers with Debian 10 (buster) cloud VM’s.
In this post, I will describe my steps to get a working setup of Jitsi Meet video conferencing with integrated Jibri recording and streaming. All steps are based on the readme instruction on Github with some additions and/or modifications.
Jitsi quick install document on Github: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md
Jibri setup document on Github: https://github.com/jitsi/jibri/blob/master/README.md
I will try to clarify these differences as well as I can. Please bear in mind: I consider myself a total newbee to linux; I enterd my first linux commands about 3 months ago. Maybe there are better practises to achieve my adaptations and I will appreciate your feedback and will try update this document in the weeks to come.
For clarity:
- JITSI. When I speak of server: “jitsi”, this will be the server to host the jitsi meet services, your video conferences will be hosted on this server and your participants will connect to this server.
- JIBRI. When I speak of server: “jibri”, this will be the server to host the jibri recording and streaming service. This server will connect to the “jitsi” server and host the recordings or stream the video to youtube.
In this document I will:
Step 1) Show or describe the process to register a server at Hetzner. [done 15/4]
Step 2) Show or describe how to register the domain for your Jitsi Meet, I will use my domain through the whole document. [done 15/4]
Step 3) Describe the process to setup a working Jitsi Meet on one server, including some tweaks and tuning. Installing Jibri is not necessary, the Jitsi Meet server is ready for use. [done 15/4]Tuning A) Solve Prosody portmanager error [done 15/4]
Tuning B) Improving over-all performance by sacrificing audio indication animation [done 15/4]
Tuning C) Video resolution and bitrate [done 15/4]
Tweaking A) Layout changes (will not be overwritten by upgrade) [done 15/4]
Step 4) Describe the process to setup a working Jibri on a second server, including some tweaks and tuning.
Step 5) Describe the process to integrate JITSI and JIBRI, this will require changes on both servers. When finished, you will be able to host Jitsi Meet conferences and start recording or streaming.
Final result will look like:
Step 1) Register a server at Hetzner.
Hetzner currently offers a cheap virtual server for approx. 2.50 USD (3 EUR). Although this is very low in specifications, Jitsi Meet will run and I have successfully hosted jitsi meet conferences up to 6 participants. Server specifications: 1 vCPU, 2 Gb RAM, 20 Gb Disk space, 20 Tb Traffic. (https://www.hetzner.com/cloud --> Server package: CX11) Register at Hetzner or login directly to: https://console.hetzner.cloud/projects
Create or Choose the project you want and Click on ADD SERVER,
- location as you see fit
- Image: Debian 10
- Type: Standard CX11
- ~ 7): leave empty or default
- Name: jitsi
REMARK: I advise to use SSH key login but for this document I will assume user/password login. All commands in this document will assume root-login, of course this is not best practice: I leave it to the reader to apply these steps with a separate user with root-rights! 
My server got:
IPv4: 116.203.231.172
IPv6: 2a01:4f8:c0c:d4cc::/64
In email I received the password for root user: RcHE7PcmWPpENjWHtkUW (you will be prompted to change this password at first login)
Step 2) Register a domain for your Jitsi Meet conferences.
There are quite many free DNS registration services out there, maybe you have one in use already. In the course of this document, I will use the free Dynamic-DNS-Service of Securepoint: https://www.spdyn.de/ (I was unable to find an english version of the site). After registering (only requires valid email address and choose your password) and login (You can change language in the dashboard by adding to the URL: ?changeLang=en), I choose:
Click: + Add ipv4 host
- Name: meet & from dropdown I choose “myfirewall.org”
- Host Type: A (to register a so called A-Record)
- IP: the IPv4-Address from the Hetzner server in step 1, in my case: 116.203.231.172
Finish by clicking on button “Add host”
Now I have a dns name, meet.myfirewall.org
On my laptop, I can open a command prompt and ping meet.myfirewall.org to check if the response matches the IPv4-Address of my Hetzner server:
Step 3) Setup Jitsi Meet on the server.
You will need to login to the server you created in step 1. For this, on my Windows laptop, I use PuTTy. Login with initial password and change it to your own.
Update server:
apt update && apt upgrade -y
Check / take care of the hostname (Here, I will provide some more information here than in the ‘quick install’ guide)
hostnamectl
In my case, I find: Static hostname: ‘jitsi’ – I want to change jitsi to: ‘meet.myfirewall.org’
hostnamectl set-hostname meet.myfirewall.org
Configure loopback address
nano /etc/hosts
I got 2 entries for the 127.x.x.x range:
127.0.1.1 meet.myfirewall.org jitsi
127.0.0.1 localhost
So I removed the first line (127.0.1.1) and made sure to have only one line for 127.x.x.x:
127.0.0.1 localhost meet.myfirewall.org
Save the changes and go back to the terminal, type following:
ping "$(hostname)"
Check that the ping results in a lookup for meet.myfirewall.org and the answers return from 127.0.0.1.
Install NGINX
If Jitsi Meet gets installed on a fresh server, it will install it’s own webserver (Jetty) in the process. From what I find in the forums, I prefer to go with NGINX, so let’s install that first. In the terminal:
apt install nginx -y
Hint: We do NOT have to configure anything for NGINX: the jitsi-installer will take care of that!
Debian 10 SHOULD come with https-transport extension pre-installed, if yours does not:
apt install -y apt-transport-https
Install Jitsi Meet
First we need to add the repositories where our server should retrieve the Jitsi Meet packages, in the terminal:
echo 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
apt update && apt install jitsi-meet -y
During installation we can expect 2 questions:
Domain - Here I enter the full domain: meet.myfirewall.org
Certificate - Leave this option at the default to install Let’s Encrypt certificates afterwards.
Generate Let’s Encrypt certificates for our domain
-UPDATE-
Currently, the build is broken and at the end of the process it shows error message:
Unable to find deploy-hook command /etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh in the PATH.
(PATH is /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
As a workaround we can do following:
mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
touch /etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
chmod +x /etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
Execute the Let’s Encrypt script:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
The script will ask for your email address where Let’s Encrypt will send information in case of expiration -date or such.
At this point you should have a working Jitsi Meet server!
Open a browser and enter the domain of your Jitsi Meet, I open https://meet.myfirewall.org and get greeted by the welcome screen. Here I create a new meeting ‘test’ and open a conference (make sure to ALLOW the browser to use microphone and camera). I always open an incognito window and open the same meeting I initiated already: https://meet.myfirewall.org/test so there should now be 2 participants in the call. Opening a 3rd browser to that same meeting ensures that we know if Jitsi switches from peer2peer mode to videobridge mode. When 3 participants are showing in the call, we know all is well so far.
Install and configure a firewall on the server
I will use the firewall ‘ufw’ for this server:
apt install ufw -y
Make sure to execute these lines in this order to avoid getting your ssh-connection shut-out by the firewall:
ufw allow ssh
ufw allow http
ufw allow https
ufw allow 10000/udp
ufw enable
Tweaking and tuning
Tuning A) Prosody portmanager error
service prosody status
(type ‘q’ to quit the output console)
Output:
● prosody.service - Prosody XMPP Server
Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-04-15 19:39:18 CEST; 32min ago
Docs: https://prosody.im/doc
Main PID: 16994 (lua5.2)
Tasks: 1 (limit: 2296)
Memory: 18.5M
CGroup: /system.slice/prosody.service
└─16994 lua5.2 /usr/bin/prosody
Apr 15 19:39:18 meet.myfirewall.org systemd[1]: Started Prosody XMPP Server.
Apr 15 19:39:19 meet.myfirewall.org prosody[16994]: portmanager: Error binding encrypted port for https: No certificate
Apr 15 19:39:19 meet.myfirewall.org prosody[16994]: portmanager: Error binding encrypted port for https: No certificate
The portmanager error basically is harmles and can be ignored. But we can also fix this.
nano /etc/prosody/conf.avail/meet.myfirewall.org.cfg.lua
Before the first Virtualhost entry, insert following:
-- we are going to be proxying the BOSH connection anyway, so there is no need to be listening for BOSH over HTTPS
https_ports = { }
Save the changes and restart prosody, all should be happy now:
service prosody restart
service prosody status
Tuning B) Improving over-all performance by sacrificing audio-indicator animation
nano /etc/jitsi/meet/meet.myfirewall.org-config.js
Find the audio-section and set:
disableAudioLevels: true,
With this setting, you loose the visually appealing sound level indicators/animations in the call, but this also removes a lot of overhead and screen-rewriting. On this rather poor-dimensioned server, this brings a noticable performance gain.
Found here: [Customizing jitsi -- viewer only -- bandwidth -- usecase]
Tuning C) Video resolution and bitrate
Jitsi Meet sends 720p resolutions with 30 fps (at least afaik).
Google’s recommendations are:
Resolution: 1280x720 @ 30 fps
Video Bitrate Range: 1,500-4,000 Kbps
I have tested several scenarios with setting the ‘startBitrate’ to a low level and found good results with following:
nano /etc/jitsi/meet/meet.myfirewall.org-config.js
Find the video-section and insert:
startBitrate: 500,
resolution: 720,
constraints: {
video: {
aspectRatio: 16 / 9,
height: {
ideal: 720,
max: 720,
min: 240
}
}
},
Tweaking A) Some layout changes (will not be overwritten by upgrade)
I had the intention to change the logo. The logo is located in the usr-space /usr/share/jitsi-meet/images/ so I replaced it with my own. This worked until next upgrade, so I found to do it with a workaround. I uploaded my own logo to: /etc/jitsi/meet/woodworkerlogo.png also uploaded the favicon to the same location: /etc/jitsi/meet/favicon.ico. I downloaded the css-file /usr/share/jitsi-meet/css/all.css and used an online service (https://www.freeformatter.com/css-beautifier.html) to ‘beautify’ the content so it would become readable. I renamed the file to myfirewall.css and uploaded also to the location: /etc/jitsi/meet/myfirewall.css. After these preparations it was time to modify NGINX to serve these files from their new location:
nano /etc/nginx/sites-available/meet.myfirewall.org.conf
I inserted following lines below the gzip-declarations and before the first existing location-block to serve the new logo, favicon and css from their new location:
...
gzip on;
gzip_types text/plain text/css application/javascript application/json;
gzip_vary on;
location = /css/all.css {
alias /etc/jitsi/meet/myfirewall.css;
}
location = /images/favicon.ico {
alias /etc/jitsi/meet/favicon.ico;
}
location = /images/watermark.png {
alias /etc/jitsi/meet/woodworkerlogo.png;
}
location = /config.js {
alias /etc/jitsi/meet/meet.myfirewall.org-config.js;
}
...
I applied some changes to the new myfirewall.css file: only to change the color-scheme:
A)
Original: background-image: linear-gradient(-90deg, #1251AE 0, #0074FF 50%, #1251AE 100%);
Myfirewall: background-image: linear-gradient(-90deg, #047500 0, #069E00 50%, #047500 100%);
B)
Original: .welcome .welcome-page-button - background: #0074E0;
Myfirewall: .welcome .welcome-page-button - background: #069E00;
C)
Original: .welcome .header .tab-container - background:#75A7E7;
Myfirewall: .welcome .header .tab-container - background: #07C200;
D)
Original: .tile-view #largeVideoContainer {
background-color: #474747!important
}
Myfirewall: .tile-view #largeVideoContainer {
background-color: #069e00!important
}
E)
Original: .meetings-list .item.with-click-handler:hover {
background-color: #75A7E7
}
Myfirewall: .meetings-list .item.with-click-handler:hover {
background-color: #07C200
}
After these changes are saved, we need to restart NGINX:
service nginx restart
The new logo, favicon and page-layout should now display in the Jitsi Meet pages and chat. If it does not show, you will need to flush the images-cache in your browser. (to flush favicons in chrome on windows: open ‘C:\Users[your_user]\AppData\Local\Google\Chrome\User Data\Default’, delete both files ‘Favicons’ and ‘Favicons-journal’ and restart your chrome browser)
Cheers, Igor
