bolt Valebyte VPS від $4/міс — NVMe, запуск за 60 секунд.

Отримати VPS arrow_forward
eco Початковий Туторіал

Deploying Jitsi Meet on a

calendar_month Jun 04, 2026 schedule 20 хв. читання visibility 47 переглядів
Развёртывание Jitsi Meet на VPS: безопасные видеоконференции с SSL и TURN-сервером
info

Потрібен сервер для цього гайду? Ми пропонуємо виділені сервери та VPS у 50+ країнах з миттєвим налаштуванням.

Потрібен сервер для цього гайду?

Розгорніть VPS або виділений сервер за хвилини.

Тарифи VPS arrow_forward Виділені

Deploying Jitsi Meet on a VPS: Secure Video Conferencing with SSL and a TURN Server

TL;DR

In this detailed guide, we will step-by-step set up our own Jitsi Meet video conferencing server on a Virtual Private Server (VPS) running Ubuntu 24.04 LTS. We will ensure full connection security using SSL certificates from Let's Encrypt and configure a TURN server for reliable operation in complex network environments, so you can conduct private and secure video meetings for your team or community.

  • Installation and basic configuration of the Ubuntu 24.04 LTS operating system.
  • Deployment of all Jitsi Meet components (Jitsi Videobridge, Jitsi Meet Web, Prosody, Jicofo).
  • Automatic configuration of Let's Encrypt SSL certificates for a secure HTTPS connection.
  • Configuration of a TURN/STUN server (Coturn) for NAT and firewall traversal.
  • Ensuring basic server security and recommendations for backups and maintenance.

What we are configuring and why

Diagram: What we are configuring and why
Diagram: What we are configuring and why

In today's world of remote work and distributed teams, reliable and secure communication tools have become critically important. Jitsi Meet is a completely free and open-source video conferencing platform that allows you to create high-quality video meetings directly in your browser, without the need to install additional applications. Unlike proprietary solutions such as Zoom or Google Meet, Jitsi Meet gives you full control over data and privacy, as you host it on your own server.

We will set up the full Jitsi Meet stack, which includes: Jitsi Videobridge (routes video and audio streams), Jitsi Meet Web (web interface), Prosody (XMPP server for signaling), and Jicofo (manages conferences). A key element of our setup will be ensuring security with SSL certificates from Let's Encrypt, which guarantees encryption of all traffic between clients and the server. This is critical for protecting your confidential information from interception.

Additionally, we will deploy and configure a TURN server (Coturn). TURN (Traversal Using Relays around NAT) is a protocol that allows media streams to pass through complex network environments, such as corporate firewalls and networks with symmetric NAT, where a direct P2P connection between conference participants is impossible. Without a TURN server, many users will encounter connection problems, especially when trying to join a conference from office networks or networks with restricted access. Having your own TURN server significantly increases the reliability and availability of your Jitsi Meet platform, ensuring uninterrupted communication for all participants.

Ultimately, upon completion of this tutorial, you will have a fully functional, secure, and reliable Jitsi Meet platform, ready for use by your team, clients, or for personal needs. You will be able to conduct video conferences, share your screen, use chat, and other features, knowing that all data is under your control.

Alternatives to Jitsi Meet on a VPS include solutions such as BigBlueButton or Nextcloud Talk. However, Jitsi Meet stands out for its ease of deployment and light client experience, requiring no installation. The choice of a self-hosted solution on a VPS instead of cloud-managed services is due to several factors: full control over data, no restrictions on the number of participants or call duration (dependent only on your server's capacity), customization options, and often lower long-term cost compared to paid subscriptions for commercial services.

What VPS configuration is needed for this task

Diagram: What VPS configuration is needed for this task
Diagram: What VPS configuration is needed for this task

Choosing the right VPS configuration for Jitsi Meet is critical for stable operation and video conference quality. Resource requirements depend heavily on the expected number of simultaneous participants and usage intensity.

Minimum requirements for a small team (up to 10-15 simultaneous participants):

  • Processor (CPU): 2 x86-64 cores, preferably with a clock speed of 2.5 GHz or higher. Jitsi Videobridge actively uses the CPU for routing media streams.
  • Random Access Memory (RAM): 4 GB. This is sufficient for the operating system and all Jitsi components.
  • Disk Space: 50 GB SSD. SSD ensures fast loading and operation of all components.
  • Network: Stable connection of 200 Mbps or higher. Good inbound and outbound bandwidth is very important.

Recommended VPS plan for medium loads (up to 25-30 simultaneous participants):

For more comfortable operation and scalability, especially if conferences with a large number of participants, screen sharing, and recording are planned, the following configuration is recommended:

  • Processor (CPU): 4 x86-64 cores, 3.0 GHz or higher.
  • Random Access Memory (RAM): 8 GB DDR4.
  • Disk Space: 100 GB SSD.
  • Network: 1 Gbps symmetric channel.

A VPS with such characteristics can be obtained, for example, from VPS with specified characteristics. It is important to ensure that the chosen provider offers a reliable network and sufficient bandwidth, as Jitsi Meet is very sensitive to latency and channel quality.

When a dedicated server is needed, not a VPS

If you plan to regularly host conferences with 50 or more simultaneous participants, or if you need the ability to record multiple conferences simultaneously (using Jibri), then you should consider renting a dedicated server. A dedicated server will provide you with exclusive access to all physical resources, which will eliminate the influence of "neighbors" on the VPS on performance. For such scenarios, a dedicated server with 8+ CPU cores, 16+ GB RAM, and a high-speed NVMe disk, as well as a guaranteed 1 Gbps channel, will be required. A suitable dedicated server can be found among the offerings of suitable dedicated servers.

Location: what it affects

The location of your VPS or dedicated server directly affects the latency for conference participants. The closer the server is to most of your users, the lower the latency will be, and the better the video and audio quality. Choose a data center located geographically close to your primary audience. For example, if your team is in Europe, choose a server in a European data center. High latency can lead to "lags," audio and video desynchronization, and a general deterioration of the user experience.

Server preparation

Diagram: Server preparation
Diagram: Server preparation

Before installing Jitsi Meet, you need to perform basic server preparation. We will use Ubuntu Server 24.04 LTS, as it is the current and supported version until 2026. All commands are executed as a user with sudo privileges.

1. System Update

First, let's update the package list and installed packages to the latest versions:


sudo apt update -y         # Update the list of available packages
sudo apt upgrade -y        # Upgrade all installed packages
sudo apt autoremove -y     # Remove unnecessary packages

2. Install basic utilities

Let's make sure that the necessary utilities, which may be needed during the setup process, are installed:


sudo apt install -y curl wget git net-tools apt-transport-https ca-certificates software-properties-common

3. Hostname and DNS configuration

For Jitsi Meet, a correctly configured hostname and corresponding DNS records are critical. Choose a domain name, for example, meet.yourdomain.com. Make sure that an A-record pointing to the public IP address of your VPS is created for this domain in your DNS provider.

Let's set the hostname on the server:


sudo hostnamectl set-hostname meet.yourdomain.com       # Set the hostname
echo "127.0.0.1 meet.yourdomain.com" | sudo tee -a /etc/hosts # Add entry to /etc/hosts

Replace meet.yourdomain.com with your actual domain name.

4. Firewall (UFW) configuration

Let's configure the UFW (Uncomplicated Firewall) firewall to ensure basic security. We will open only the necessary ports:


sudo ufw allow OpenSSH                                  # Allow SSH access
sudo ufw allow http                                     # Allow HTTP (for Certbot)
sudo ufw allow https                                    # Allow HTTPS
sudo ufw allow 10000/udp                                # Port for Jitsi Videobridge (UDP)
sudo ufw allow 3478/udp                                 # Port for STUN/TURN (UDP)
sudo ufw allow 5349/tcp                                 # Port for TURN (TCP, if used)
sudo ufw enable                                         # Enable firewall
sudo ufw status verbose                                 # Check firewall status

A confirmation may be required in response to sudo ufw enable. Enter y.

5. Install Fail2ban (bruteforce protection)

Fail2ban will help protect your SSH server from brute-force password attacks by blocking IP addresses from which numerous failed login attempts occur:


sudo apt install -y fail2ban                            # Install Fail2ban
sudo systemctl enable fail2ban                          # Enable Fail2ban autostart
sudo systemctl start fail2ban                           # Start Fail2ban

The default configuration for SSH is usually sufficient. If you wish, you can create a /etc/fail2ban/jail.local file for fine-tuning, for example:


sudo nano /etc/fail2ban/jail.local

File content:


[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 3
bantime = 1h

Save the file (Ctrl+X, Y, Enter) and restart Fail2ban:


sudo systemctl restart fail2ban

6. Create a user with sudo (optional, but recommended)

If you are working as root, it is recommended to create a new user with sudo privileges and work under that user to enhance security:


sudo adduser username                                   # Create a new user
sudo usermod -aG sudo username                          # Add user to the sudo group

Replace username with your desired username. After that, exit the root session and log in as the new user. All subsequent commands requiring privileges should be executed with sudo.

The server is ready for Jitsi Meet installation.

Software installation — step-by-step

Software Installation — Step-by-Step

Diagram: Software Installation — Step-by-Step
Diagram: Software Installation — Step-by-Step

Now that the server is prepared, we will proceed with the installation of Jitsi Meet and all its components. We will use the official Jitsi repositories for Ubuntu.

1. Adding Jitsi Repositories

Jitsi Meet is not included in the standard Ubuntu repositories, so we need to add the official Jitsi repository and its GPG key to authenticate the packages.


# Download the Jitsi repository GPG key
curl https://download.jitsi.org/jitsi-key.gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/jitsi-keyring.gpg

# Add the Jitsi repository to the APT sources list
echo "deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null

# Update the package list so APT recognizes the new repository
sudo apt update -y

These commands will add the key and the repository, then update the package cache. Now the system knows where to download Jitsi Meet from.

2. Installing Jitsi Meet

After adding the repository, you can install the main jitsi-meet package. This package will install all necessary dependencies, including Jitsi Videobridge, Prosody, Jicofo, and Nginx (or another web server if not already installed).


sudo apt install -y jitsi-meet

During the installation, you will be prompted to enter the hostname for your Jitsi Meet instance. Enter the fully qualified domain name you configured earlier (e.g., meet.yourdomain.com). This is a critical step for Jitsi and SSL certificates to function correctly.

Next, you will be asked to choose the method for configuring SSL certificates. Select the option "Generate a new self-signed certificate (You will later get a Let's Encrypt certificate)". This will allow Jitsi to install a temporary self-signed certificate, which we will then replace with a full Let's Encrypt certificate.

The version of Jitsi Meet that will be installed will be the current "stable" version for 2026, available in the repository.

3. Configuring SSL Certificates with Let's Encrypt

Jitsi Meet comes with a convenient script for automatic installation and configuration of SSL certificates from Let's Encrypt. This will ensure a secure HTTPS connection.


# Run the script to obtain an SSL certificate
sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

The script will ask for your email address. This address will be used by Let's Encrypt for certificate expiration notifications. Enter it and press Enter. The script will automatically contact Let's Encrypt, perform domain ownership verification (usually via HTTP-01 challenge, using port 80, which we opened in UFW), and install the certificates. It will also configure automatic certificate renewal.

If errors occur, ensure that:

  • Your domain name (e.g., meet.yourdomain.com) correctly points to the public IP address of your VPS.
  • Ports 80 and 443 are open in your firewall (UFW).
  • There are no other services on the server occupying port 80.

4. Installing and Configuring Coturn (TURN/STUN Server)

While Jitsi Meet can function without a separate TURN server in simple network configurations, its presence is critically important for ensuring communication between participants behind complex firewalls or NAT. Jitsi automatically installs Coturn as a dependency, but it needs to be configured correctly.


# Check if Coturn is installed (it should have been installed with jitsi-meet)
sudo apt install -y coturn

Now you need to configure Coturn. The main configuration file is located at /etc/coturn/turnserver.conf. We will make changes to ensure it works correctly with Jitsi.


sudo nano /etc/coturn/turnserver.conf

Comment out all lines in the file (by adding # at the beginning of each line) and add the following parameters. Replace YOUR_PUBLIC_IP with the public IP address of your VPS, and meet.yourdomain.com with your domain name:


# --- Jitsi Meet Coturn Configuration ---
# Listening ports for TURN/STUN
listening-port=3478
tls-listening-port=5349

# Min/Max ports for UDP relay
min-port=49152
max-port=65535

# External IP address of your server
external-ip=YOUR_PUBLIC_IP

# Realm for authentication (use your domain)
realm=meet.yourdomain.com

# Static user for authentication (replace with strong credentials)
# user=jitsi:JitsiStrongPassword123

# Use a shared secret for Jitsi authentication (recommended)
# This secret must match the one configured in Jitsi
static-auth-secret=YOUR_JITSI_SHARED_SECRET

# Enable verbose logging (optional, for debugging)
# verbose

# Disable loopback calls
no-loopback-peers

# Disable TLS fingerprinting (optional, for compatibility)
no-tls-system-certs

# Enable long-term credential mechanism for security
lt-cred-mech

# Set up a log file
log-file=/var/log/coturn.log

# Disable the default 'turnserver' user
no-daemon

Important: Replace YOUR_PUBLIC_IP with the actual public IP address of your VPS. For static-auth-secret, generate a strong secret, for example, using the command head /dev/urandom | tr -dc A-Za-z0-9_ | head -c 32 ; echo ''. We will use this same secret later in the Jitsi configuration. Comment out the line user=jitsi:JitsiStrongPassword123 if you are using static-auth-secret, which is the preferred method for Jitsi.

Save the changes and exit the editor. Now you need to enable Coturn and start it:


# Enable Coturn to run as a service
sudo sed -i 's/#TURNSERVER_ENABLED=1/TURNSERVER_ENABLED=1/' /etc/default/coturn

# Restart the Coturn service to apply changes
sudo systemctl restart coturn

# Check the status of the Coturn service
sudo systemctl status coturn

Ensure that Coturn is running and working without errors. If there are errors, check the /var/log/coturn.log file.

5. Installation Verification

After all these steps, your Jitsi Meet server should be installed and configured. Open a web browser and go to your domain address (e.g., https://meet.yourdomain.com). You should see the Jitsi Meet welcome page. Try creating a conference. If everything works, the basic installation was successful.

Configuration

Diagram: Configuration
Diagram: Configuration

The basic Jitsi Meet installation is already functional, but additional settings are required for optimization, security, and TURN server integration. We will review the main configuration files.

1. Main Jitsi Meet Configuration (config.js)

This file defines the behavior of the Jitsi Meet client-side. It is located at /etc/jitsi/meet/yourdomain.com-config.js. Open it for editing:


sudo nano /etc/jitsi/meet/meet.yourdomain.com-config.js

Find the // BOSH URL section and ensure it points to your domain:


var config = {
    // ... other parameters
    bosh: 'https://meet.yourdomain.com/http-bind',
    // ...
};

Scroll down to the // STUN and TURN server configuration section. Here we will add the configuration for our Coturn server. Replace YOUR_PUBLIC_IP with the public IP address of your VPS, and YOUR_JITSI_SHARED_SECRET with the secret you used in turnserver.conf.


var config = {
    // ...
    // STUN and TURN server configuration
    // Use your own TURN server for better reliability
    p2p: {
        enabled: true,
        preferH264: true,
        disableH264: true,
        useStunTurn: true, // Set to true to use STUN/TURN for P2P connections
        stunServers: [
            { urls: 'stun:meet.yourdomain.com:3478' } // Your Jitsi domain
        ],
        turnServers: [
            { urls: 'turn:meet.yourdomain.com:3478', secret: 'YOUR_JITSI_SHARED_SECRET', username: 'jitsi' },
            { urls: 'turns:meet.yourdomain.com:5349', secret: 'YOUR_JITSI_SHARED_SECRET', username: 'jitsi' }
        ]
    },
    // ...
};

Important: Ensure that stun:meet.yourdomain.com:3478 and turn:meet.yourdomain.com:3478/turns:meet.yourdomain.com:5349 use your domain name, not an IP address, to avoid SSL and DNS issues. The username: 'jitsi' parameter, in conjunction with secret and static-auth-secret in Coturn, allows Jitsi to dynamically generate temporary credentials for the TURN server.

Additional useful settings:

  • enableWelcomePage: false - disables the standard Jitsi welcome page if you want to redirect users directly to a conference.
  • defaultLanguage: 'ru' - sets the default language to Russian.

Save the changes to the config.js file.

2. Jicofo Configuration (sip-communicator.properties)

Jicofo manages conference logic. Its configuration is in the file /etc/jitsi/jicofo/sip-communicator.properties. Open it:


sudo nano /etc/jitsi/jicofo/sip-communicator.properties

Ensure that the following lines are present and configured correctly (replace meet.yourdomain.com with your domain):


# Jicofo will use the XMPP server at meet.yourdomain.com
org.jitsi.jicofo.xmpp.SERVER_HOSTNAME=meet.yourdomain.com

# For authentication with Coturn, if not using static-auth-secret
# org.jitsi.jicofo.TURN_HOST=meet.yourdomain.com
# org.jitsi.jicofo.TURN_PORT=3478
# org.jitsi.jicofo.TURN_USER=jitsi
# org.jitsi.jicofo.TURN_PASSWORD=JitsiStrongPassword123

# If using shared secret (recommended)
org.jitsi.jicofo.TURN_SHARED_SECRET=YOUR_JITSI_SHARED_SECRET

If you are using static-auth-secret in Coturn (as we recommended), it is sufficient to specify org.jitsi.jicofo.TURN_SHARED_SECRET. If you used a static user/password in Coturn, you need to uncomment and configure the corresponding TURN_HOST, TURN_PORT, TURN_USER, TURN_PASSWORD lines. Save the changes.

3. Prosody Configuration (XMPP Server)

Prosody is used by Jitsi for signaling. Its main configuration files are located in /etc/prosody/conf.d/. The file meet.yourdomain.com.cfg.lua contains settings for your domain. Typically, after installing Jitsi and running the Let's Encrypt script, this file is already configured correctly.


sudo nano /etc/prosody/conf.d/meet.yourdomain.com.cfg.lua

Ensure that the VirtualHost and Component "conference.meet.yourdomain.com" sections are configured for your domain, and that the paths to the SSL certificates are correct (they should point to the Let's Encrypt certificates in /etc/letsencrypt/live/meet.yourdomain.com/).

4. Restarting Services

After making all changes to the configuration files, you need to restart the relevant Jitsi Meet services for the changes to take effect:


sudo systemctl restart jitsi-videobridge2
sudo systemctl restart jicofo
sudo systemctl restart prosody
sudo systemctl restart nginx # Or apache2, if you are using it

Also, don't forget to restart Coturn if you made changes to its configuration:


sudo systemctl restart coturn

5. Verifying Functionality

After restarting all services, perform the following checks:

  • Web Interface Availability: Open https://meet.yourdomain.com in your browser. Ensure that the connection is secure (green padlock icon).
  • TURN Server Test: Use online tools, such as Trickle ICE, to check the availability of your TURN server. Enter your TURN server URL (e.g., turn:meet.yourdomain.com:3478) and credentials (username: jitsi, password: YOUR_JITSI_SHARED_SECRET - temporarily, for testing, if you are using static credentials, otherwise this method won't work directly). The best way is to simply try connecting to a conference from a complex network (e.g., via VPN or from a corporate network).
  • Log Check: 
    
sudo journalctl -u jitsi-videobridge2 -f
sudo journalctl -u jicofo -f
sudo journalctl -u coturn -f

    Look for errors or warnings. Successful connections to Coturn will be visible in the logs.

  • Conference Test: Invite several people to join a conference from different networks. Ensure that video and audio work stably, as well as the screen sharing function.

If all checks are successful, your Jitsi Meet with SSL and TURN server is fully ready for use.

Backups and Maintenance

Diagram: Backups and Maintenance
Diagram: Backups and Maintenance

Regular backups and timely maintenance of your Jitsi Meet server are crucial for its stable and secure operation. Do not neglect these steps to avoid data loss and downtime.

1. What to Back Up

For Jitsi Meet, the main components that require backup are:

  • Jitsi Meet Configuration Files:
    • /etc/jitsi/meet/ (main web interface configs)
    • /etc/jitsi/jicofo/ (Jicofo configs)
    • /etc/jitsi/videobridge/ (Videobridge configs)
  • Prosody Configuration Files:
    • /etc/prosody/ (main Prosody configs)
    • /var/lib/prosody/ (Prosody data, including user information if you are using Prosody authentication)
  • Coturn Configuration Files:
    • /etc/coturn/turnserver.conf
  • SSL Certificates:
    • /etc/letsencrypt/ (although they are automatically renewed, having a backup is useful)
  • Conference Recordings (if Jibri is used):
    • Typically located in /var/lib/jitsi/jibri/recordings/ or a directory you configured. This can be a large volume of data.

2. Simple Auto-Backup Script

You can create a simple script that will archive key files and send them to a secure location. For example, to remote S3-compatible storage or another VPS.

Create the file /usr/local/bin/jitsi_backup.sh:


sudo nano /usr/local/bin/jitsi_backup.sh

Script content (replace YOUR_BACKUP_DIR with the path to the directory where backups will be stored, e.g., /mnt/backups, and S3_BUCKET with your S3 bucket if you are using AWS CLI):


#!/bin/bash

# Temporary backup storage directory
BACKUP_TEMP_DIR="/tmp/jitsi_backup_$(date +%Y%m%d%H%M%S)"
CONFIG_DIR="/etc/jitsi"
PROSODY_DIR="/etc/prosody"
PROSODY_DATA_DIR="/var/lib/prosody"
COTURN_DIR="/etc/coturn"
LETSENCRYPT_DIR="/etc/letsencrypt"
RECORDINGS_DIR="/var/lib/jitsi/jibri/recordings" # If you are using Jibri

# Create temporary directory
mkdir -p "$BACKUP_TEMP_DIR"

# Copy configuration files
cp -R "$CONFIG_DIR" "$BACKUP_TEMP_DIR/"
cp -R "$PROSODY_DIR" "$BACKUP_TEMP_DIR/"
cp -R "$PROSODY_DATA_DIR" "$BACKUP_TEMP_DIR/"
cp -R "$COTURN_DIR" "$BACKUP_TEMP_DIR/"
cp -R "$LETSENCRYPT_DIR" "$BACKUP_TEMP_DIR/"

# If there are Jibri recordings, copy them (caution, can be a large volume)
# cp -R "$RECORDINGS_DIR" "$BACKUP_TEMP_DIR/"

# Create archive
BACKUP_FILE="$BACKUP_TEMP_DIR/jitsi_config_$(date +%Y%m%d%H%M%S).tar.gz"
tar -czvf "$BACKUP_FILE" -C "$BACKUP_TEMP_DIR" .

# Where to store backups (examples)
# 1. Locally (on a separate disk or in another directory)
# mv "$BACKUP_FILE" /mnt/backups/

# 2. To remote S3-compatible storage (AWS CLI required)
# /usr/local/bin/aws s3 cp "$BACKUP_FILE" s3://YOUR_S3_BUCKET/jitsi/

# 3. To another VPS via SCP/SFTP (requires configuring passwordless SSH keys)
# scp "$BACKUP_FILE" user@remote_vps:/path/to/remote/backups/

# Delete temporary directory
rm -rf "$BACKUP_TEMP_DIR"

echo "Backup completed: $(basename "$BACKUP_FILE")"

Make the script executable:


sudo chmod +x /usr/local/bin/jitsi_backup.sh

3. Automating Backups with Cron

Add the script to Cron for daily execution. Open crontab:


sudo crontab -e

Add the following line to execute the script daily at 3:00 AM:


0 3 * * * /usr/local/bin/jitsi_backup.sh >> /var/log/jitsi_backup.log 2>&1

This will run the script and record its output to the log file /var/log/jitsi_backup.log.

4. Where to Store Backups

Important: Never store backups on the same server you are backing up. In case of disk failure or server compromise, you will lose both your data and its copies.

  • External S3-compatible storage: A reliable and scalable option. Use AWS S3, DigitalOcean Spaces, Backblaze B2, or similar.
  • Separate VPS: Rent a small VPS exclusively for storing backups. Configure SCP/SFTP or Rclone.
  • NFS/SMB Share: If you have a local network file system.

5. Updates: Rolling vs. Maintenance Window

Regularly updating the system and Jitsi Meet is critical for security and new features. Use the following strategy:

  • OS and Base Package Updates:

    Run sudo apt update && sudo apt upgrade -y regularly (e.g., once a week). This can be automated using unattended-upgrades, but for critical servers, manual control with log checking is recommended.

  • Jitsi Meet Updates:

    New versions of Jitsi Meet are released quite frequently. Updating the jitsi-meet package via sudo apt upgrade jitsi-meet -y usually goes smoothly but may require manual intervention to resolve configuration file conflicts (e.g., if you have heavily modified them). Always back up before updating Jitsi.

    Strategy:

    • Maintenance Window: For production systems, schedule updates during off-peak hours. Notify users of potential short-term downtime.
    • Test Environment: If possible, deploy updates to a test server first before applying them to the main one.
  • Post-Update Check: After each update, verify the functionality of Jitsi Meet, SSL certificates, and the TURN server, as described in the "Configuration" section.

By following these recommendations, you will ensure reliable and secure operation of your Jitsi Meet server for years to come.

Troubleshooting + FAQ

In this section, we will cover common issues that may arise during Jitsi Meet deployment and provide answers to frequently asked questions.

Cannot connect to a conference, seeing "Connecting..." or "Failed to connect"

This is one of the most common problems. First, check your firewall (UFW) on the VPS. Ensure that the following ports are open: 80 (TCP), 443 (TCP), 10000 (UDP), 3478 (UDP), 5349 (TCP). Check UFW status with the command sudo ufw status verbose. Also, ensure that your domain correctly resolves to the server's IP address (dig meet.yourdomain.com A). If the problem persists, check the Jitsi Videobridge logs (sudo journalctl -u jitsi-videobridge2 -f) and Jicofo logs (sudo journalctl -u jicofo -f) for errors.

SSL certificate invalid or HTTPS missing

Verify that your domain is correctly configured in DNS and points to your VPS's IP address. Ensure that port 80 is open in the firewall for Let's Encrypt's HTTP-01 challenge. Run the certificate installation script again: sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh. If it throws an error, check Certbot logs (usually in /var/log/letsencrypt/). Also, ensure that Nginx or Apache (if you are using them as a proxy) are correctly configured to work with SSL and proxy traffic to Jitsi.

Audio or video issues for some participants (e.g., "black screen")

This often indicates issues with the TURN server. Ensure that Coturn is running (sudo systemctl status coturn) and its ports (3478 UDP, 5349 TCP) are open in the firewall. Check Coturn's configuration in /etc/coturn/turnserver.conf, especially external-ip and realm, as well as static-auth-secret. Compare the secret with what is specified in /etc/jitsi/meet/meet.yourdomain.com-config.js and /etc/jitsi/jicofo/sip-communicator.properties. Check Coturn logs (sudo journalctl -u coturn -f) for errors or relay messages.

Jitsi Meet runs slowly or freezes with many participants

Most likely, your VPS is experiencing resource shortages. Check CPU and RAM usage with htop or top commands. Jitsi Videobridge can consume a lot of CPU with many active video streams. Consider upgrading your VPS to a more powerful plan with more CPU cores and RAM. Also, ensure sufficient network bandwidth for your VPS.

How to restrict Jitsi Meet access to authenticated users only?

By default, Jitsi Meet allows anyone to create a conference. To restrict access, you can configure authentication. Jitsi supports several methods, including Prosody (XMPP) authentication. In the file /etc/prosody/conf.d/meet.yourdomain.com.cfg.lua, change authentication = "anonymous" to authentication = "internal_plain". Then create Prosody users with the command sudo prosodyctl register username meet.yourdomain.com password. After this, users will see a prompt to enter a username and password when trying to create or join a conference.

What is the minimum suitable VPS configuration?

For a small team of up to 10-15 simultaneous participants, a VPS with 2 vCPU, 4 GB RAM, 50 GB SSD, and a network channel of 200 Mbps or more will be minimally suitable. It is important that these are stable resources, not "burst" or "shared" CPU. For comfortable operation in most scenarios, it is better to aim for 4 vCPU, 8 GB RAM, and a 1 Gbps channel.

What to choose — VPS or dedicated for this task?

The choice between a VPS and a dedicated server depends on the scale of use. For most small and medium-sized teams (up to 30-40 simultaneous users), a well-configured VPS is sufficient. A VPS offers flexibility, ease of management, and cost-effectiveness. A dedicated server becomes necessary if you plan to serve 50 or more simultaneous participants, run many background conference recordings (Jibri), or if you require maximum and guaranteed performance without the influence of "neighbors" on the server. A dedicated server provides exclusive access to all physical resources, which is critical for very high loads.

Conclusions and Next Steps

Diagram: Conclusions and Next Steps
Diagram: Conclusions and Next Steps

Congratulations! You have successfully deployed and configured your own Jitsi Meet server on a VPS, ensuring its secure operation via HTTPS with SSL certificates and reliable communication through a TURN server. You now have a fully controlled and private video conferencing platform, ready for use by your team or community.

To maximize the potential of your platform and ensure its long-term stability, consider the following steps:

  • Authentication Setup: To control access to conferences, configure user authentication using built-in Prosody features or by integrating with external providers (LDAP, JWT).
  • Resource Monitoring: Install monitoring tools (e.g., Prometheus + Grafana, Netdata) to track CPU, RAM, network traffic, and Jitsi service status. This will help identify and resolve issues promptly.
  • Deploying Jibri for Recording: If you require conference recording functionality, consider installing and configuring Jibri (Jitsi Broadcasting and Recording Infrastructure). This is a separate component that requires additional resources and configuration.
  • Performance Optimization: Consult the Jitsi documentation for fine-tuning performance, such as changing default video quality, limiting bitrate, or using VP9/AV1 codecs.

Remember that regular updates and backups are key to maintaining the security and stability of your Jitsi Meet platform.

Поділитися цим записом:

share
Jitsi Meet deployment on VPS: secure video conferencing with SSL and TURN server
support_agent
Valebyte Support
Usually replies within minutes
Hi there!
Send us a message and we'll reply as soon as possible.