[HowTo] Jitsi Videoconference Server on Fedora

What with the pandemic, we’ve all been videoconferencing a lot, and I guess a lot of people here know about the Jitsi videoconference server. For running your own setup, they kindly provide Debian/Ubuntu repositories, but sadly no RPM.

Well, I finally got around to creating RPM packages for it. For a standard setup on a single machine, you should be able to simply install the jitsi metapackage, which will pull in all the components. Since Jitsi offloads all of the video processing onto the user’s machines and really just shuffles some streams around it usually does not need a powerful server, any small virtual machine from a cloud provider should do.

Setup instructions follow below & are also contained in the packages’ docdir /usr/share/doc/<package>/README-fedora.md, but they mostly follow upstream’s debian packages, so any guide you find for those will likely be valid, too.

I’ve only been testing these packages on my one Jitsi server, so obviously I’d be interested in other’s experiences with them,

Installation/setup instructions

In general, the package mostly follows the official Debian package. Notable differences are

  • Slightly different file locations
  • Both Jicofo and Jitsi Videobridge log to syslog instead of their own logfiles
  • Jicofo runs from a service, rather than a init script

Prerequisites

You’ll need a small server that can be accessed from the Internet, a domain name as well as a SSL certificate for that domain. This is because most browsers refuse to do WebRTC (the protocol used for video transport) over non-encrypted connections. You can get one for free via LetsEncrypt.

Installation

A full Jitsi server consists of multiple components, that are split into different packages, as they can be run separately on different machines.

A default single-machine installation can be performed by installing the jitsi metapackage.

The full stack consists of

  • Jitsi-meet, the web interface: jitsi-meet
  • Webserver configuration: jitsi-meet-nginx or jitsi-meet-apache
  • Configuration for Prosody, for user management: jitsi-meet-prosody
  • Jicofo, the conference room manager: jicofo
  • Jitsi Videobridge, the video/audio transport: jitsi-videobridge

Optional further components are (these are work in progress, no packages yet, sorry)

  • Jibri, Jitsi Broadcasting Infrastructure, for recoding and streaming: jibri
  • Jigasi, Jitsi Gateway to SIP, to bridge Jitsi rooms to SIP: jigasi

Configuration

After installation, there are a few additional configuration steps to perform.
Mostly, that consists of replacing various placeholder variables with their correct values. Placeholders variables are identified by underscores/camelCase __variableName__.

In all files, replace __jitsiFQDN__ with the fully-qualified domain name of your instance and __<component>Secret__ with a strong random password. There are three of these needed, __focusSecret__, __focusUserSecret__ and __jvbUserSecret__. They don’t need to be memorable in any way, they are only used by the different components to talk to each other.

Prosody config

Prosody configuration for Jitsi is found in /etc/prosody/conf.d/jitsi-meet.cfg.lua .

  • in the config file, replace placeholder variables __jitsiFQDN__ & __focusSecret__
  • generate certificates for __jitsiFQDN__ and auth.__jitsiFQDN__ and add them to your system’s trust database:
$ prosodyctl cert generate __jitsiFQDN__
$ prosodyctl cert generate auth.__jitsiFQDN__
$ trust anchor /var/lib/prosody/__jitsiFQDN__
$ trust anchor /var/lib/prosody/auth.__jitsiFQDN__
  • add users for Jicofo (focus) and Jitsi Videobridge (jvb)
$ prosodyctl register focus auth.__jitsiFQDN__ __focusUserSecret__
$ prosodyctl register jvb auth.__jitsiFQDN__ __jvbUserSecret__
  • start the prosody service

Jitsi Meet

Configuration is located in /etc/jitsi-meet. Only config.js contains placeholder variables that need to be replaced.

Webserver config

Webserver configuration is located in /etc/nginx/conf.d/jitsi-meet.conf (for Nginx) and /etc/httpd/conf.d/jitsi-meet.conf (for Apache). Additionally you’ll need to set up HTTPS for __jitsiFQDN__. Edit the configuration, then start/restart the webserver.

Jicofo config

Configuration is located in /etc/jicofo/. Replace __jitsiFQDN__, __focusSecret__ and __focusUserSecret__ in config and sip-communicator.properties.

Start jicofo.service

Jitsi Videobridge

Configuration is located in /etc/jitsi-videobridge. Replace __jitsiFQDN__ and __jvbUserSecret__ in jvb.conf.

Jitsi-videobridge communicates on port 10000/udp, so it needs to be opened or forwarded if you’re behind NAT. The jitsi-videobridge-firewalld package provides a jitsi-videobridge service definition for firewalld that you can enable to open that port.

Start jitsi-videobridge.service. Additional service configuration can be found in /etc/sysconfig/jitsi-videobridge

Troubleshooting

  • When you go to your __jitsiFQDN__ with a browser, you should see a welcome page offering you to join a room. If not, there is a problem with your webserver and/or the jitsi-meet web app
  • If you can’t join a room or get kicked out all the time, or if everybody is always alone in the room even if multiple people join, the issue is most likely with jicofo & prosody not talking correctly
  • if you see other people in a room but their audio and/or video doesn’t work, then the issue is most likely with jitsi-videobridge
  • Check the logs. Jicofo and Jitsi Videobridge log to syslog, prosody by default logs to /var/log/prosody/*. The former’s logs are a mess, but usually informative. Errors are usually related to a) leftover placeholder variables and b) issues with the certificates.
  • As the package mostly follows the official Debian package, most help you can find for that applies here too.
11 Likes

@lcts a lot of work, and thx for your time and this Howto, but why don’t you considere start in a container?:

  1. Jitsi Meet on Docker
  2. Jitsi DockerHub Repo
  3. Self-Hosting Guide - Docker
  4. How to Customize docker-compose Based Jitsi Installation

NOTE

also this is also aplicale to quick-docs -> https://docs.fedoraproject.org/en-US/quick-docs/

Regards.,

1 Like

No particular reason, I’m just more familiar with RPM packaging than containers, so writing some spec files was actually less effort than modifying the containers as I wanted them to be.

That said, I did use their containers initially , and they work well.

2 Likes

There is a slight error in the HowTo, but unfortunately the post can no longer be edited.

In the “Prosody config”-section, the second command in the code-block should be

$ prosodyctl cert generate auth.__jitsiFQDN__

i.e. auth <DOT> … rather than auth <SPACE>

1 Like

Fixed. In the future, feel free to flag these for a moderator to edit.

3 Likes

Should the “trust anchor” commands above have “.crt” appended to the end?

Also, when a second user joins a call, I get:

Jun 24 14:09:36 office jicofo.sh[17861]: Jicofo 2021-06-24 14:09:36.018 WARNING: [92] org.jitsi.jicofo.bridge.BridgeSelectionStrategy.log() Failed to select initial bridge for participantRegion=null
Jun 24 14:09:36 office jicofo.sh[17861]: Jicofo 2021-06-24 14:09:36.019 SEVERE: [92] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Can not invite participant -- no bridge available.

Any thoughts?

This is on fedora 34 following the instructions above with apache httpd

OK. I failed to catch editing focusUserSecret in sip-communicator-properties . Found it by grepping for FQDN. Doh!

Well at least you know someone used your packages. :slight_smile: Thanks!

1 Like