Jitsi

From Organic Design wiki
Revision as of 21:13, 1 June 2021 by Nad (talk | contribs) (See also: Setting up a TURN server)

Jitsi is a fully open source and self-hostable video conferencing alternative to commercial products like Skype and Zoom. It is extremely easy to install taking literally five minutes. We've used this a lot now and have found this to be the only libre alternative for which the call quality to be as good or better than any of the commercial products we've tried.

Jitsi is secure and private when you install it on your own trusted server, but currently when running on an unknown server, you cannot be sure that the server operators are not eavesdropping on your calls. This is because the need to decrypt information while it traverses Jitsi Videobridge, technically provides whoever controls the JVB machine with an opportunity to access the data. They are hence in a position to hear and see everyone on the meeting. There will soon be a solution to this available on Chrome using their new Insertable Streams system and eventually on other browsers too as the IETF settled on a path forward for E2EE over WebRTC a few years ago. See this Jitsi news item and this dev post for more details.

Installation

The Quick installation guide automatically installs the system into an existing Nginx or Apache if one is found, so on a clean machine it's a good idea to install one first. It uses LetsEncrypt to create certs for SSL setup. Here's a list of the listening services that are running after the system is installed:

tcp        0      0.0.0.0:80              0.0.0.0:*               LISTEN      505/nginx
tcp        0      0.0.0.0:5269            0.0.0.0:*               LISTEN      450/lua5.2          
tcp        0      0.0.0.0:8888            0.0.0.0:*               LISTEN      399/java            
tcp        0      0.0.0.0:4443            0.0.0.0:*               LISTEN      454/java            
tcp        0      0.0.0.0:443             0.0.0.0:*               LISTEN      505/nginx
tcp        0      0.0.0.0:5280            0.0.0.0:*               LISTEN      450/lua5.2          
tcp        0      127.0.0.1:5347          0.0.0.0:*               LISTEN      450/lua5.2          
tcp        0      0.0.0.0:5222            0.0.0.0:*               LISTEN      450/lua5.2          
udp        0      0.0.0.0:55914           0.0.0.0:*                           454/java            
udp        0      0.0.0.0:58434           0.0.0.0:*                           399/java            
udp        0      0.0.0.0:10000           0.0.0.0:*                           454/java

Upgrading

Since it's just a normal Debian package it should be kept up to date with the rest of the system, but sometimes you'll see it saying that the Jitsi packages are being kept back. If this is the case, just start at the beginning of the list of kept back packages and apt install them.

Reinstalling

If you break the installation irreparably, it's very difficult to remove it properly from the system. Here's how you can re-install it to a working state.

First purge it as much as possible from the system:

apt-get --purge remove jitsi-meet jitsi-meet-prosody jitsi-meet-web jitsi-meet-web-config jicofo jitsi-videobridge
apt-get autoclean
apt-get remove
apt-get autoremove
apt-get install --reinstall dpkg
rm /var/lib/dpkg/info/jitsi*


Then reinstall it again, and rebuilt the certs - due to the certs and Nginx config still being in the system, it already will know the domain you want to use.

apt-get install jitsi-meet
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Resources

See also