Jitsi Google Cloud

Jitsi’s End to End Encryption makes it one of the most secure video conferencing tools in the market Compared to other video conferencing tools in the market like Google Meet and Zoom, Jitsi is a completely open-source solution that can be integrated with your application. At the heart of Jitsi are Jitsi Videobridge and Jitsi Meet, which let you have conferences on the internet, while other projects in the community enable other features such as audio, dial-in, recording, and simulcasting. Google Meet and Jitsi can be primarily classified as 'Web and Video Conferencing' tools. Jitsi is an open source tool with 1.

Irrespective of the current situation I already had a look at the Jitsi Meet platform some time back last year. Due to a lack of necessity and organising most community meetings offline - both MSCC and GDG Mauritius - there was no motivation to look closer into any video conferencing platform.

Inspired by the announcement that meet.mixp.org offers free access to host video conferencing calls locally in Mauritius and the fact that past few meetings of the MSCC had been conducted virtually using Google Hangouts Meet, I reserved some time to do a little research. The result is a series of tutorials on how to get started with Jitsi Meet, how to customise it for your own branding, and how to enable more features beyond the basic installation.

This first article describes the fundamental installation of Jitsi Meet on the Google Cloud Platform. Surely, the necessary steps shall be reproducible on other cloud computing platforms like Microsoft Azure or Amazon AWS.

Prerequisites: Domain Name

Before you start following the steps in this article you should consider to have a fully qualified domain name (FQDN) at hand. That domain will be used to access your Jitsi Meet server over the internet.

I'm going to use the subdomain meet.mscc.mu because the Jitsi Meet video conferencing system described here will be used for the Mauritius Software Craftsmanship Community (MSCC) and associated user groups in Mauritius.

Ready?
Let's log into Google Cloud Console and begin the installation.

Define a permanent External IP address

First, you reserve a static IP address. We are going to use this IP address for the DNS record of your FQDN and to attach it to the VM instance running Jitsi Meet server.

In Cloud Console navigate to VPC network > External IP addresses and reserve a new static address. Although the IP address is not attached to anything yet we are going to use it shortly.

The result should look similar to this. Of course, your external IP address will be different.

Create a DNS entry

Now, packed with the newly created IP address it is time to create a DNS record for the domain name you would like to use for the Jitsi Meet server. This step depends on your DNS nameserver provider.

I'm going to describe how it is done using Cloudflare. Under DNS management create a new A record with the subdomain meet and the external IP address provided by Google Cloud Platform.

The resulting DNS configuration should look similar to above. Global DNS propagation can take up to 24 hours and it is important to wait that your DNS record has been deployed successfully.

Verify DNS configuration

You can use any DNS query tool to verify this step. Depending on your OS either use dig or nslookup to check whether the DNS record has been distributed to the Cloudflare public DNS server.

With proper DNS settings in place you are ready to continue with the installation of Jitsi Meet.

Create a VM instance

Log into Cloud Console and navigate to Compute Engine > VM instances. There click on Create instance and enter relevant information for your new VM instance.

The default values provided by GCP shall work just fine. However you might like to adjust region, zone and machine configuration according to your liking.

Specify the hostname

Important: The initial configuration allows you to set a custom hostname for your instance and you should specify the prepared DNS name as such. This choice is permanent and cannot be changed later.

Click on Management, security, disks, networking, sole tenancy and enter your FQDN under Hostname.

Choose the External IP address

While you are at the details of Networking click on the pen symbol of the Network interface and select the external IP address that we created earlier. The entry shall look like so.

Click Done when your networking options are complete.

If ever you missed the initial creation of an external IP address you can open the dropdown selection under External IP and choose to Create IP address. Give the new static IP address a name and click on Reserve.

However this still requires proper DNS configuration as described earlier.

Configure firewall rules

According to the quick install guide Jitsi Meet requires the following ports and protocols to allow traffic from the internet.

  • 80 TCP - aka HTTP traffic
  • 443 TCP - aka HTTPS traffic
  • 10000 UDP

The first two ports can be configured during the creation of the VM instance. Tick the checkboxes in the Firewall section and the necessary rules will be applied during the creation of the virtual machine.

For the UDP port you are going to enter a Network tag for the moment. That tag is used to connect the VM instance to a (new) firewall rule.

Finally, click on Create to complete your VM instance. This is going to take a few seconds and you will be notified as soon as the VM instance is ready.

Create and verify firewall rules

In order to create the third, remaining firewall rule you navigate to VPC network > Firewall rules and there you click on Create Firewall Rule to configure the missing information.

Under Target tags you enter the same value you used as Network tags during the configuration of the VM instance. This closes the link between the instance and this firewall rule.

The value for the Source IP ranges is 0.0.0.0/0 which represents any IP address from the internet.

Under Protocols and ports you tick UDP protocol and you enter the port number 10000.

Finally, click on Create to enable the firewall rule.

The result should look similar to the list of rules below.

Access the VM instance

Navigate back to Compute Engine > VM instances and click on the SSH button of your instance. This should open a new browser window.

Note: Eventually you have to allow Cloud Console to open popups first.

After a short initialisation the connection should be established and you are greeted by a bash prompt on Linux.

Install Jitsi Meet software

The following steps are based on the official Jitsi Meet quick install guide on GitHub - with a few additional notes and modifications on my side.

Check hostname

First, verify the assignment of the Fully Qualified Domain Name (FQDN) with the following command:

At the same time check that the name resolution has been added to the hosts file.

Run commands as user root

Note: Many of the installation steps require elevated privileges. If you are logged in using a regular user account, you may need to increase your permissions.

Either use sudo for individual commands or temporarily change user context and operate as user root.

Although not recommended it's faster to complete the installation as root.

Add the Jitsi package repository

Jitsi google cloud access

The Jitsi repository uses a secured URL which requires that you add the HTTPS transport option to apt, then you update the local repository cache, and finally you install the package of Jitsi Meet and all dependencies.

During the process you will be asked to enter the FQDN or hostname of your instance of Jitsi Meet. Enter the hostname that we verified already and hit OK to continue the installation.

Next, you will be ask to configure SSL certificate of your Jitsi Meet domain. Here keep the default selection to generate a self-signed certificate and hit OK.

We are going to generate an SSL certificate provided by Let's Encrypt in the next step.

Install Let's Encrypt certificate

Note: Verify that the DNS record has been assigned to your static external IP address and it has been distributed globally before you try to apply the Let's Encrypt SSL certificate. See Verify DNS configuration above on how to do that.

At the time of writing there was a small issue running the script as described on GitHub: Lets Encrypt setup error about missing file #5929. The workaround is to create the expected deployment hook manually yourself before running the certificate installation script.

Now, run the following shell script as mentioned in the quick install guide.

The script is going to ask you for an email address to send notifications from Let's Encrypt to. Then your terminal is going to provide you with tons of information and the outcome should look similar to below. Look for Congratulations! to be sure that the SSL certificate has been successfully requested from Let's Encrypt and applied to your system.

Basically your installation is complete now.
You shall be able to load your FQDN in your browser. In case you run into any trouble kindly repeat the steps above or refer to the official Jitsi Meet quick install or the Jitsi Community Forum.

However there are probably some additional considerations prior to operating your instance of Jitsi Meet server on the internet.

Adjust nginx configuration file

The default configuration of nginx created by the Jitsi Meet package is not optimal and you should make a few changes to it. Open the file with your preferred text editor

Change the default protocol to HTTP/2

Look for the listen directives and add the value http2 at the end of both. It shall look like so.

Change SSL protocol versions and ciphers

By default nginx is enabled to support TLS 1.0, TLS 1.1 and TLS 1.2. However the two former protocols are legacy protocol that shouldn't be used. TLS v1.0 and TLS v1.1 have been deprecated in January 2020 by modern browsers. Hence you should change the ssl_protocols directive like so.

Depending on the nginx version TLS 1.3 might be an additional option. You might consider to replace the existing directive of SSL ciphers with the following value.

The Mozilla SSL Configuration Generator is definitely worth a look. The Intermediate configuration would be the recommended choice. Perhaps you might like to read SSL and TLS Deployment Best Practices for more background information.

Add more HTTP headers

Next, you should define a few more HTTP header directives to improve your default configuration. Open the nginx config file again and add the following lines right after the existing add_header directive related to HSTS.

Note: The Jitsi Meet Electron application for desktop systems cannot load your instance if the HTTP header X-Frame-Options has been set. Either comment or remove that directive if you are planning to use the application.

Save the configuration after each change and run a configtest.

If the result is OK restart nginx as usual. Otherwise, inspect the log file located at /var/log/nginx/error.log for any error entries.

In case that you are interested to see the impact of your changes open the Qualys SSL Server Test and validate your domain.

Increase number of processes and open files

The quick install guide mentions that the default configuration of a system is good for less than 100 participants. To avoid running into any unexpected situations I suggest that you increase that value already now.

Open the file /etc/systemd/system.conf and add the following lines at the end.

Reload the systemd changes on a running system and restart your Jitsi instance with those two commands.

To verify that the settings have been applied run the following command and check the value of Tasks: XX (limit: 65000).

Confirm your installation is working

Open a new browser tab or better an incognito window and navigate to the FQDN you specified during the installation. You shall be greeted by the Jitsi Meet default page.

Congratulations!

When you click on the gear symbol in the top right corner your browser should ask for permissions to access microphone and camera.

Click Allow in both cases and continue to configure your devices you would like to use in Jitsi Meet.

Change to the tab Profile to provide more information like your displayed name in the meeting rooms. On the tab More you are able to configure your preferred language.

Finally, enter any value to start a new meeting and click on GO.

The use of camel-case writing forms the URL to access the meeting and is automatically converted into blanks after you entered the meeting room.

Jitsi Google Cloud Login

Enjoy your very own Jitsi Meet video conferencing system.

Automate it with gcloud

All steps above can be executed by using gcloud commands. Best might be to use your instance of Cloud Shell to create a VM instance and to install Jitsi Meet.

Make sure that you have a domain name prepared.

Create the infrastructure

You would probably adjust the environmental variables at the top to change region, zone, instance name and your DNS hostname.

After execution you are going to see the external IP address in the Shell, and you should be connected to the new VM instance.

In case that the remote VM instance does not respond to the SSH connection or times out, wait a short while and repeat the last command to SSH into the instance.

Now is the right time to verify that your DNS record is up-to-date and matches the external IP address of your VM instance before you continue to install Jitsi Meet.

Install Jitsi Meet server

This paragraph summarizes the commands used above to install Jitsi Meet server. They should be run as user root. Change into an interactive session of user root first.

Then run the following to complete the basic installation of Jitsi Meet server on the VM instance.

Last, prepare the system for an SSL certificate provided by Let's Encrypt by running the following commands.

Note: Without properly configured DNS this is going to fail.

You have to specify an email address to receive notifications regarding your certificates from Let's Encrypt.

Congrats, your Jitsi Meet server is now operational. Maybe you like to review the nginx changes described above to improve your setup a little bit.

Customising Jitsi Meet server

The default installation in this article is kind of basic and provides you a jumpstart to run your own video conferencing system. In the next article of this series I'm going to describe how you enable authentication and secure your Jitsi Meet instance.


The demand for video conferencing software and video chat apps continues breaking records.

This March, as a result of the COVID-19 lockdown, video conferencing apps reached a mark of 62 million downloads and continue to rise.

In order to avoid spreading coronavirus, millions of employees were forced to switch to remote working.

Video conferencing allows teams to work from home using different software solutions for meetings, one-on-ones, brainstormings, updates, and general communications. Among them: Zoom, Skype, GoToMeeting, Google Hangouts Meet, Jitsi Meet, join.me and much more.

Due to social distancing people were forced to move their social lives online as well.

Many of us started to use video conferencing apps & software much more often to chat with family and friends amid pandemic.

Educational institutions have started their online classes for the students and are also looking for reliable video calling solutions.

How to Protect Your Communications

The flip side of video conferencing raising popularity is that offenders have started to attack these technologies and their users more and more frequently.

Zoom app has become one of the most popular video conferencing solutions during this spring isolation period for both professional and personal use.

However, a lot of questions came up about this application security risks.

First of all, every user of video conferencing software or app must be aware of what can be done for communication protection.

Here are some tips to keep your online meetings private and safe from intruders, no matter what kind of software you use:

Ensure that all your meetings are protected with reliable passwords against uninvited guests. Names of a meeting and organizer are sensitive and need to be secured as well.

Always check the video conference participants when you send out an invitation and doublecheck them during the meeting.

Avoid sharing conference links on social media or other public platforms.

Always verify a conference invitation is from a trusted person and check meeting links.

Make sure your video conferencing software is updated to the latest version to address vulnerabilities.

Don’t use file transfer features, it’s better to share your files via some trusted cloud storage (e.g. NextCloud).

Report any suspicious activity to your company’s information security team and to video conferencing technology vendor.

Doublecheck your security and privacy settings.

Jitsi Meet: Your Own Service on Your Own Servers

In this subsection, we decided to share with you the easiest and the most secure way to set up your online meetings.

When considering which video conferencing tool is best for you or your team remember to weight a couple of things:

  • The number of attendees in your meetings
  • The frequency of using this software
  • Security risks
  • Quality of audio and video provided
  • Integrations and additional functionality if needed.

One of the best-in-class conferencing software technologies is provided by Jitsi Meet. It uses the relatively new WebRTC open standard for internet communications.

Jitsi is free, open-source, encrypted and on infrastructure you own.

What makes Jitsi Meet software so peculiar is that you don’t need to sign up, create your account or share your phone number.

All you need to do is just type a URL and send it to your team or friends. When they click it they join your video conference. Typing the URL is super easy as well.

Jitsi Meet also provides screen and document sharing features, recording and YouTube live streaming options.

If you want more security than passwords and end-to-end encryption can give, you can set up your own Jitsi video conferencing server and take full control of it.

Of course, this is a more complex task and you need to have hardware or reliable cloud hosting to complete it, but just imagine this level of security and tech independence.

Here are a few more advantages of having personal Jitsi Meet server:

  • Private failover and High Availability solutions
  • High level of privacy and security due to deployment inside isolated containers with encrypted traffic
  • Shaping infrastructure based on your needs
  • Private authentication system and access control
  • Custom video conference configuration and more

Jitsi Google Cloud Storage

Jitsi Meet Automatic Deployment

Of course, most of us don’t have our own data centers to host Jitsi Meet.

A very good solution would be to deploy Jitsi in the cloud, for example: you can easily accommodate bandwidth and computing needs on Hidora Cloud.

Running Jitsi on your own server is a really simple experience with Hidora Cloud service.

Let’s go through several simple steps below to ensure.

Jitsi On Google Cloud

  1. Sign into your Hidora Cloud account.
  2. Click on the Marketplace button.
  3. Find Jitsi in the list of applications available for automatic deployment.
  4. In a minute or so the deployment will be completed and you’ll see the window with the video conferencing admin credentials and the link to the app.
  5. Click on Jitsi Server URL or Open in Browser button to get access to the video conferencing admin dashboard.
  6. That’s it! Now you can start your meeting with Jitsi Meet in the most secure environment.

Jitsi Meet Google Cloud

With a video conferencing solution by Jitsi, you can communicate with your team or with customers effectively and securely, no matter where they’re located. Don’t forget that a reliable hosting solution for your application also matters.