Just installed Jitsi, it seems to be working great, have I missed anything?

Hi,

Thanks to the Jitsi team, once I sorted out my domain name, fixed IP address and certificates, the actual Jitsi install worked without issues, and that is amazing, installs I have done in the past usually have had issues that took days to sort out.

I believe I have configured Jitsi to run behind a NAT firewall, with a self signed certificate, and on port 8443 (not using secure port, not using port 80), as my early tests indicate my Jitsi instance is working great.

However if any experienced Jitsi installers are willing to review the below steps that I performed, please let me know if there is anything else I should change. For example, after joining this community I have learned that a “Lobby” feature exists, which I have not as yet enabled.

[I attempted to add text about how I installed and configured Jitsi, but keep getting warned that new users can only upload two links (sadly, even after removing links). As I am a new user, I cannot upload files either so I will wait until I am able to post information, thanks]

Now configure nginx to use port 8443

First I remove the nginx’s default site

rm /etc/nginx/sites-enabled/default

Edit /etc/nginx/sites-available/jitsi.mydomain.com.conf
Change
server {
listen 443 ssl;
listen [::]:443 ssl;
to
server {
listen 8443 ssl;
listen [::]:8443 ssl;

systemctl reload nginx

Check that we did not cause any errors

tail /var/log/nginx/error.log

The following extra lines need to be added to the file /etc/jitsi/videobridge/sip-communicator.properties:
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>

For example:
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.168.1.123 (i.e. ipv4 address of your jitsi server)
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=52.162.69.32 (i.e. you Internet modem/router’s internet ipv4 address)

And comment the existing org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES.
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443

Edit /etc/jitsi/videobridge/jvb.conf

Change
websockets {
enabled = true
domain = “jitsi.mydomain.com:443
tls = true
}

to
websockets {
enabled = true
domain = “mydomain.com:8443
tls = true
}
}

Edit /etc/jitsi/meet/jitsi.mydomain.com-config.js

Change
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: ‘//jitsi.mydomain.com/http-bind’,
to
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: ‘//jitsi.mydomain.com:8443/http-bind’,

To use your own server’s STUN server,

Change
// The STUN servers that will be used in the peer to peer connections
stunServers: [

        // { urls: 'stun:jitsi.mydomain.com:3478' }
        { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
    ]

to
// The STUN servers that will be used in the peer to peer connections
stunServers: [

         { urls: 'stun:jitsi.mydomain.com:3478' }
        //{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
    ]

Restart the jitsi servers

systemctl restart prosody.service

systemctl restart jicofo.service

systemctl restart jitsi-videobridge2.service

And then in a web browser, test using port :8443