Host a Jitsi Meet Server

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone I'm Jacob calf and I'm the nerd in the street and today we are setting up a jitsi meet server okay guys so with the current corona virus pandemic people are using their computers to chat more than they probably do on a regular basis and an application called zoom has become incredibly popular in the past couple of weeks I have seen it all over the place I have helped a ton of people get it running on their computers I've seen family members and friends using it I know people who are going to schools that are requiring students now to use zoom to attend classes personally I didn't realize zoom was so popular I thought it was kind of an off-brand WebEx that was the impression I got at the enterprise job that I used it at myself a while ago but now that so many people are stuck at home and they're still wanting to converse and not just one-on-one but in groups they're using zoom to do that now zoom has a couple of big issues for one thing first and foremost zoom is not in to end encrypted it is only transport encrypted that means that your video that you're sharing with other people in your call it is encrypted between you and zooms servers so your internet service provider cannot see your video but then once the video gets to zoom server it is decrypted their zoom can see it and then it's encrypted again before it's sent to the other parties in your call so that means that the people working at zoom have the ability to see your video to save it record it do whatever they want with it legally they've got terms that say what they will and won't do but from a technical standpoint they have the ability to do that so that right there means that a ton of people are currently streaming themselves in a way that is visible by this company and on top of that I saw a news report that honestly I just considered kind of funny that was reporting on an incident where zoom calls between two parties in North America within the United States we're being routed through China so you were having your video call encrypted sent to a zoom server in China decrypted there and then re-encrypted and sent back into the United States so now we're crossing borders which means the NSA is probably collecting more data it's encrypted at the border so that's okay but then the data was also being decrypted within China now I'm not enraged about that or anything but some people were and it just kind of shows what can happen if so many people are putting their eggs in a single company's basket so instead of using zoom what you can do is use an open-source alternative such as jitsi meat now jitsi works similarly to zoom where your call is encrypted in transport but it is decrypted on the server it uses web RTC so there's no application you have to install you can use jitsi from within any major web browser and even though the data is still decrypted on the server the big difference with jitsi is because it's open-source you can host your own server you don't have to have a single company like zoom hosting everybody's servers so if you want to have a birthday party or some gathering you know with multiple people you can set your own jitsi server up and the communication is encrypted between everybody and your server and since you control the server that means there is no third party who could potentially be looking at what you're doing now the easiest way to use jitsi mead is actually just to use their public instance you can go to meet jitsi and you can create a jitsi room but if you do that you're using the public jitsi server that is hosted by 8x8 the company who currently owns ditsy if you're wanting to move away from zoom into an open source solution you're probably going to want to control the server yourself and it's very easy to set one up we're gonna cut to the desktop right now and I'll show you how it's done alright guys and here we are on the desktop so for today's video I am going to be using a digital ocean droplet this is basically a server that I'm going to be temporarily renting from digitalocean if you're wanting 100% control over your server you might want to host your own server instead of using a rented server like this one because in this instance digital ocean could theoretically still see the decrypted data when it's on the server however I still trust a company that I'm paying $5 a month - more than a company who's given me something for free so I still think that even if you're using something like digital ocean or Linode it is an advantage over using zoom we're going to set our jitsi server up on Debian 10 the instructions should be almost exactly the same if you're using a bunch of 1804 we'll go with the standard plan here with one gigabyte of RAM for our region we get to pick exactly which data center our drop that is going to be in so when you use zoom their program is going to use algorithms to determine which of zooms servers and in what location your data is passing through when you're using your own server another advantage is you're choosing where it geographically goes and if I was actually hosting a gypsy server for myself I would probably put it up on Linode instead of digital ocean because Linode has data centers in Georgia and Texas which are places I would rather have my data going than New York or California as somebody who grew up and lives in the Midwest but I'll stick with New York for now we're not gonna turn on ipv6 for this server if everybody in the world tried to host their own jitsi server then ipv6 might be necessary but I have never had a case so far where digitalocean has run out of their ipv4 addresses for their droplets I'm going to add my SSH key that way I don't have to use a password to log into the server I've already got a video about setting up SSH keys so you can watch that if you don't have that set up yet or you can always just use a one-time root password as well and for our hostname here the jitsi package that we're going to install is going to need to know what domain name we're using so I'm actually going to put the hostname as jitsi dot nerd on the street comm and when we're done here we'll be able to go to jitsi turn on the street comm to start a video chat so we're gonna put the fully qualified domain name in here as our host name and I'll go ahead and create that droplet I'm also going to pull up my DNS control panel here because we will need to actually add in a record for jitsi nerd in the street comm so the host name will be jitsi the IP address we'll get from our droplet here I'll go ahead and copy this IP address I'll paste it in I'm gonna lower the time to live and we'll save that the only reason I'm lowering the time to live is because this is a temporary server I'll be taking it down later so I don't want that record to stick around after I'm done with it now at this point I need to wait for this DNS record to actually propagate since I saved this in my DNS control panel it's gonna take some time to get copied into all the Linode servers and then copied into everyone else's DNS servers if I come here and do a dig on jitsi turn in the street comm we can see it has not propagated yet this is not the IP address that we're wanting the IP address were wanting is this 161 address we've got a 50 dot a dress right now which is my main web server so we will just wait for this DNS record to propagate as soon as that updates will resume and if you don't feel like sitting here and waiting for your DNS record to propagate in real time if you just wait a couple hours that's usually all it takes all right guys so as you can see this DNS record has propagated we are receiving our new IP address now and we look for Jitsu nerd on the street calm so now we can go ahead and SSH into our server root at jitsi turn on the street comm alright and as usual the first thing we'll do is a quick app update and an app to full upgrade to make sure our server is up-to-date before we start doing anything with it and now that that's finished we will go ahead and start setting up jitsi the first thing we need to do is confirm that the hostname we entered in digitalocean has been applied if you're setting up your own server at home you'll need to do that manually if we take a look at our slash e TC slash hostname file that was the name you can see the hostname that's currently showing is just jitsi and we could also already see that from a prompt here it doesn't say jesse turn in the street comm it just says jitsi however if we run the command DNS domain name you can see that says nerd of the street comm and if we do DNS domain name space dash F for fully qualified domain name we get jitsi turn in the street comm and if we take a look at our Etsy hosts file you can see that jitsi turned the street comm has been added along with just jitsi to point to one of our loopback addresses so basically the server is smart enough to know that the domain is nerd in the street comm the host is jitsi so the fully qualified domain name is jitsi turn of the street comm and that's good enough for what we're doing today the jitsi application we'll be happy with that so we need to install some prerequisites there are only two things we need to install here that will not get pulled in later when we actually install the jitsi package the first one is ganoub PG which we'll use to import the key that the jitsi packages are signed with and then the second one is apt Transport HTTPS once again that is going to let us download the package over HTTPS when we go to do that at the moment so now that that's done we can go ahead and add the jitsi repository I'll go ahead and throw up page on the nerd in the street we key with these specific commands you can also find them in the jitsi documentation right now we're just echoing in our jitsi repository line into a new file under our sources dot list dot d so we'll run that here's where we need to download it C's public key from their website and import it into our package manager and that is done and we'll do another apt update and this time you can see we are fetching or getting our package lists from the jitsi repository now that that's done the installation itself is fairly straightforward we can just do an app to install jitsi - meat and that's going to pull in a number of dependencies as you can see now if you're already using either Apache or nginx on your server the installation script that's going to run will automatically configure a virtual host in either of those two web servers if you don't have nginx or Apache already set up the default is for jitsi to pull an engine X and a set itself up with that since the server is only going to be used for jitsi and engine X is really good for real time stuff like videoconferencing we'll go ahead and stick with that and we'll let it pull then all of these packages we are going to be asked what our host name is so the jitsi documentation says your host name does really need to be set in your your host name file than your Etsy hosts file like we looked at but we do still need to enter it here as well for the jitsi configuration files we will enter in jitsi turn in the street comm since that is the domain name that i'm using and here we're going to choose to generate a new self signed certificate which will temporarily be used for the server now we do need to get a publicly usable SSL certificate in order for jitsi meat to work properly a self-signed certificate is not going to be sufficient for using all of Gypsys features but as you can see here we are just going to generate a self-signed certificate for use during the installation and then we will have the opportunity later to automatically grab a let's encrypt certificate so we'll hit enter on that alright and once that is finished you can see near the end of the post installation script for jitsi they actually give us the command right here that we can run in order to generate a let's encrypt certificate so I'm just going to cop that command paste it right back in here and we'll run that we'll enter in our email address and as you can see search bot is currently being installed and it's going to run automatically based on the email address that I put into the jitsi script there and the jitsi configuration alright and that is finished as well you can see our normal let's encrypt finishing message now at this point that's actually all we needed to do to just get a public jitsi mate server up and running now I'm running this on a public digital ocean server so I've got a public IP address that the server is directly configured with if I do an IPA you can see my eye net address here is the address that I pointed that domain name to in the DNS control panel earlier however if you're running this at home and you're using a router to perform network address translation or NAT you will need to forward ports TCP 443 and UDP 10,000 from your public IP address to your private IP address and then you'll need to go into this configuration file right here at sea jitsi video bridge sip communicator dot properties there are two options that you'll need to add in here if you're using network address translation and those options look like this the first one is are not harvester local address so that's going to be your private IP address and then the second one is our public address which is obviously the internet wide address that you pointed your dns to so I'm not gonna save this file since I'm not doing that but I wanted to mention it in case you're running one of these at home so jitsi meat is running on our server right now if we do a systemctl status we can take a look and see a couple of the services that are running so we've got nginx the web server obviously running prosody is the XMPP server which is used for the authentication and user management we've got Jacko foe here which is the jitsi conference focus service and that supports some of the auxilary functions of jitsi and then we've got jitsi video bridge to service which is the actual video conferencing portion itself you can see both of these jitsi services are Java processes so since that's running we can come to our web browser and if I open a new tab and we go to jitsi turn on the street comm we've got a jitsi start page here we can name our meeting anything we want so I'm gonna name the first one here test1 and I'll click go that's going to load us into jitsi your web we'll ask you for your permission to use your microphone and camera I'll allow that here and I think my particular web browser is blocking autoplay for my video I'll turn that on and now you can see me here the web browser I'm using right now is brave so depending on if you're using chromium or Firefox or whatever other browser the process to allow your camera will look slightly different but now that we're in here this is what a GT conference is going to look like we're going to have our list of participants on the right side once more people join now on the bottom right here we can open up our settings and you can select your camera that you're using and your microphone input under profile here we can set our display name and we can also set an email address for our user so it's going to use that to pull in a profile picture from Gravatar and if you need to change your language you can do that under the more section so at this point I could send this link jitsi turn of the street comm slash test one to anybody and anybody would be able to visit this link and join my video conference I can apply a password to it in the bottom right here if I click add password I can type something in and then people will need to know the password before they can join so if you're happy with that setup that you can stop right here that's all the setup that's required to get jitsi actually running however you might have noticed one quirk about this process to start a video conference so far that was that I didn't need to enter a password at any point to actually start the video conference I can set a password now that the conference is started but anybody right now could go to jitsi turn the street comm and they could use my server to make their own conference and talk with their friends now that might not be an issue however if a lot of people start using your server or if somebody really wanted to create a bot to go and create a ton of conference rooms on your jitsi server that might overload your server and it might go down or at least decrease the performance for the conference's that you actually care about so what we can do is we can set up authentication in jitsi so that you have to log in with a username and password before you can start a conference so in order to do that I'm gonna open up my terminal again and we're going to nano into Etsy prosody like I mentioned that's the XMPP server that is going to handle our authentication comp dot avail jetson or the street comm dot config dot lua so this is a file we're going to go into it down here under authentication you can see by default it's set to anonymous we are going to change that to internal underscore plain so I'll save that we're also going to nano into Etsy jitsi jakku fo slash sip - communicator dot properties now the SIP communicator has the ability by the way to interface with an actual sip program and allow people to dial in with real phones into your conference we're not going to set that up today that is a feature that is available for the program but the SIP communicator utility is still used even if you're not using the external SIP functionality so inside of this file we are going to add this new line of configuration or jitsi juco phogoth URL is going to be XMPP jitsi turn of the street comm so the current server we're just setting up a local server for authentication so we'll save that and then we're gonna restart our three services so I'm gonna do a systemctl restart prosody system CTO restart Chico fo and system CTO restart jitsi video bridge - after doing that if I open up my web browser again you can see we were disconnected from our test room there and if I go to jitsi known in the street comm I'll go ahead and try to make tests - but this time before the meeting actually starts it tells me a password is required if I just enter an random text here it doesn't work it says incorrect username and password so you need to log in with your account on the jitsi server before you can start a conference now which is great now there's no signup link here so how do you make an account on the jitsu server well right now the way that you do that is we open up our terminal again and we run prosody CTL register now if you have an existing XMPP chat solution set up you might already have a web interface or another way for these accounts to get created but if you're just setting up a standalone jitsu server this is the easiest way to do it is just create your accounts on the command line so we're going to register an account with a user named Jacob and then we're gonna put a space and then the host that we're registering it on which is jitsi turn of the street comm and then we'll make my password here password we'll run that now if I come back to my test room here I try and login I can either type Jacob or I can type Jacob at jitsi dot nerd in the street comm since that's the host that we registered on I type my password in here and that time it worked it authenticated successfully and I am in my new test room now not everyone's going to be videoconferencing from their computers I certainly would if I was gonna join a video conference for pretty much anything I would use a computer and this is super easy because it's in a web browser you don't need to install anything because it runs over web RTC which is really awesome however some people are going to want to join from their phones a lot of casual users are going to want to join from their phones and so I'm gonna start recording here on my Android phone and I'm gonna show you what the process looks like to join one of these chats so I'm going to open up the jitsi meat app that I've already downloaded from Google Play it is free you can just go download it and it's going to ask me to enter a room name now by default the jitsi meat app is going to be joining the meat juicy public server in order to change it to join my private server I need to open up my settings on the left side go to the settings section here and under server URL I'm going to enter in HTTP colon slash slash jitsi dot nine in the street dot-com so once that's been entered in I'll go back I'm going to enter in the name of my room which was test2 here and I'll click create slash join now I'll allow my audio and camera here for the app and because we just set up authentication as you can see now by default everybody needs to sign in before you can create a conference or before you can join a conference you need to sign in with an XMPP account that's been registered on the server so I can type in Jacob at actually I'll just stick with Jacob to demonstrate that it works either way and I'll type in my password here I'll click OK and we're connecting and after a moment it connects and now I can see myself on the phone I'm gonna go ahead and mute myself on both of these so the audio is not echoing but as you can see I can see my phone's camera I can change the orientation to landscape there so now it's like I'm you know holding my phone and talking to somebody through my phone's camera and then on my phone I can see my webcam and you can see it's kind of difficult to demonstrate I'm doing this as one person I'm going through all this work to set up a video conferencing server but I don't actually have anybody to talk to but that is working now I'm gonna hang up on the phone and so right now anybody who's going to join one of my conferences also needs to sign in with an account so if I was just using this safe for nerd in the street a very small group maybe less than ten people who would be using this I could go through and I could just run this prosody CTL command to create an account for everyone tell them all what their password is however if you're using this with family or friends who are not technical you might not want to have to login in order to join a conference probably the most common configuration you're going to want is requiring a login to create a conference but not requiring a login to join a conference and we're only one step away from having that accomplished so we can go ahead and minimize jitsi again open up our terminal and in order to allow anonymous joining of conferences all we need to do is nano into our prosity configuration file one more time at the bottom of this file we're going to add a new section this is going to be a virtual host section for guest jet senior to the street comm and authentication is going to say anonymous encryption is not required for authentication because there is no password to encrypt now the server is running on nginx and nginx doesn't technically have virtual hosts that's an Apache concept but right now we're in our prosody configuration and this guest jitsi turned the street comm address is only used in configuration we don't actually need this full domain name to resolve out you can see up here we've got off jet cedar to the street comm I didn't add off jitsi to my DNS I've only got jitsi added in my DNS control panel so these additional sub subdomains are only for configuration purposes so we can save that file we are also going to nano into the actual jitsi meat configuration at Etsy jitsi meat jitsi turned the street comm - config dot j s and right underneath this domain line at the top here this tells us what our XMPP domain is so for authentication we're using jitsi under the street comm underneath that we've got in our example config right here anonymous domain and that's the option we want to set and we will set that to guest jitsi Burnham Street comm so we'll save that we will restart a three Services one more time so system CTO restart prosody restart Chico fo and we will restart jitsi video bridge two and after restarting all of those we will go through this process one more time here in our web browser we go to jitsi turn on the street comm we're going to start a meeting we'll just call this one group chat after we start that meeting it's going to ask me to authenticate I am the host so I'll click this button and enter in my username and password so once again we are requiring an account in order to start a conference because we don't want anybody to be able to use our server so we'll hit enter and that's going to work now we've got our conference however I don't want my family and friends to actually have to register accounts on my server on the command line so once we're in here I'm actually going to set a password in the bottom right I'm gonna click Add password the password is going to be easy to share password alright so now I can tell my friends to go and join jitsi turn on the street comm slash group chat and to enter in the password easy to share password we're gonna come back to my phone here and I'm going to go into my settings and my apps and I'm just going to clear my data for the jitsi meet application so that we can demonstrate that you don't need to sign in so the data has been cleared I'm going to open up jitsi meet again and so once again I'll go to my settings and somebody using this for the first time will have to type in my jitsi meet URL which is jitsi turn on the street comm and once that's typed in I'll come back here I'll enter in my room name which is group chat and when I go to join it this time this time we won't be asked to enter in a username and password this time it's just a password so that's our easy to share password and I'll click OK and in a couple of seconds I have now joined the meeting again alright so I know this will is probably a lot to process I basically showed you three different configurations for jitsi the recording is in about 45 minutes right now but it doesn't actually take that long to set things up how you want if you want a public server you can just do the first half of the video and then you've got a public jitsi server so you don't have to use oom if you want to secure your server so that only registered users can start conferences and then you want to go all the way and make it easy for more people to join it's just a few more lines of configuration like I just showed you and at this point I could even come here and I can remove the password from this room let's say I didn't want somebody to have to enter a password at all with our final configuration I can remove the password and I can just send out the link jitsi turn of the street comm so that's group chat and now that that password has been cleared if I come into my settings one more time I'm going to clear my jitsi meat storage again so that we know that that password isn't saved I can come into jitsi meat it's got default settings again now I can enter in my room name group chat and when I go to enter in there I'll allow my permissions on my Android device and I did not have to enter a password that time it just started so if you're stuck inside because of the corona virus pandemic maybe you've got more free time than usual because you don't have to commute to work right now instead of using a proprietary solution like zoom where you're giving a company access to the entirety of your video chat you're using a non-standard encryption scheme that is not even in to end and not having control over where your data is going physically instead of doing that I would highly recommend take a few minutes set up your own jitsi meet server or you know gather with your friends and decide who's going to set up the jitsi meet server and set one up and use that instead because it's open source it's free you'll get a little bit of experience setting the server up and now you can chat with people on your own server where you control 100% of the data so I hope this was helpful to somebody out there if you have any questions while setting this up feel free to ask at the nerd of the street forums at nerd in the street comm but aside from that that's all I had to show you this weekend so I'm Jakob cough and I'm the nerd of the street and I'll see you guys in the next one bye [Music]

Info

Channel: Nerd on the Street

Views: 133,895

Rating: 4.9428945 out of 5

Keywords: nerdonthestreet, jacob, kauffmann, jacobgkau, Jitsi, Jitsi Meet, video chat, video conference, chatting, conferencing, video, Zoom, WebEx, alternative, free, open source, privacy, self-hosted, self-host, how to, setup, Ubuntu, Debian, tutorial, guide, walkthrough, unlimited, longer than 40 minutes, secure, WebRTC, set up, install, require account, require password, authentication, private

Id: IQRwtUamHQU

Channel Id: undefined

Length: 26min 48sec (1608 seconds)

Published: Sat Apr 04 2020