How to install Jitsi Meet with JWT Support on Ubuntu 20.04

Installing jitsi meet on ubuntu 20.04

Video installing Jitsi Meet + JWT Authentication using this Doc

Simple video installing Jitsi Meet + JWT using this doc

Install lua and dependencies

Enter in sudo user

sudo su

Run the follow script to install lua and her dependencies, and prosody with fixes. After finish, VM will be restarted

cd &&
apt-get update -y &&
apt-get install gcc -y &&
apt-get install unzip -y &&
apt-get install lua5.2 -y &&
apt-get install liblua5.2 -y &&
apt-get install luarocks -y &&
luarocks install basexx &&
wget -c https://launchpad.net/~rael-gc/+archive/ubuntu/rvm/+files/libssl1.0.0_1.0.2n-1ubuntu5.3_amd64.deb &&
wget -c https://launchpad.net/~rael-gc/+archive/ubuntu/rvm/+files/libssl1.0-dev_1.0.2n-1ubuntu5.3_amd64.deb &&
dpkg -i libssl1.0.0_1.0.2n-1ubuntu5.3_amd64.deb &&
dpkg -i libssl1.0-dev_1.0.2n-1ubuntu5.3_amd64.deb &&
luarocks install luacrypto &&
mkdir src &&
cd src &&
luarocks download lua-cjson &&
luarocks unpack lua-cjson-2.1.0.6-1.src.rock &&
cd lua-cjson-2.1.0.6-1/lua-cjson &&
sed -i 's/lua_objlen/lua_rawlen/g' lua_cjson.c &&
sed -i 's|$(PREFIX)/include|/usr/include/lua5.2|g' Makefile &&
luarocks make &&
luarocks install luajwtjitsi &&
cd &&
wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add - &&
echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list &&
apt-get update -y &&
apt-get upgrade -y &&
apt-get install prosody -y &&
chown root:prosody /etc/prosody/certs/localhost.key &&
chmod 644 /etc/prosody/certs/localhost.key &&
sleep 2 &&
shutdown -r now

Install jitsi-meet

Enter in sudo user

sudo su

After reboot, run the folow script

cd &&
cp /etc/prosody/certs/localhost.key /etc/ssl &&
apt-get install nginx -y &&
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add - &&
sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list" &&
apt-get -y update &&
apt-get install jitsi-meet -y &&
apt-get install jitsi-meet-tokens -y

Generate a Let's Encrypt certificate (optional, recommended)

In order to have encrypted communications, you need a TLS certificate. The easiest way is to use Let's Encrypt.

Note: Jitsi Meet mobile apps require a valid certificate signed by a trusted Certificate Authority (such as a Let's Encrypt certificate) and will not be able to connect to your server if you choose a self-signed certificate.

Simply run the following in your shell:

/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Note that this script uses the HTTP-01 challenge type and thus your instance needs to be accessible from the public internet. If you want to use a different challenge type, don't use this script and instead choose I want to use my own certificate during jitsi-meet installation.

Open necessary ports

Enable ufw

ufw enable

Open ports

ufw allow in 22/tcp &&
ufw allow in openssh &&
ufw allow in 80/tcp &&
ufw allow in 443/tcp &&
ufw allow in 4443/tcp &&
ufw allow in 5222/tcp &&
ufw allow in 5347/tcp &&
ufw allow in 10000:20000/udp

Config prosody

Open /etc/prosody/prosody.cfg.lua and

Add above lines after admins object

admins = {}

component_ports = { 5347 }
component_interface = "0.0.0.0"

change

c2s_require_encryption=true

to

c2s_require_encryption=false

and check if on end of file has

Include "conf.d/*.cfg.lua"

Prosody manual plugin configuration

Setup issuers and audiences

Open /etc/prosody/conf.avail/<host>.cfg.lua

and add above lines with your issuers and audiences

asap_accepted_issuers = { "jitsi", "zellim" }
asap_accepted_audiences = { "jitsi", "zellim" }

Under you domain config change authentication to "token" and provide application ID, secret and optionally token lifetime:

VirtualHost "jitmeet.example.com"
    authentication = "token";
    app_id = "example_app_id";             -- application identifier
    app_secret = "example_app_secret";     -- application secret known only to your token

To access the data in lib-jitsi-meet you have to enable the prosody module mod_presence_identity in your config.

VirtualHost "jitmeet.example.com"
    modules_enabled = { "presence_identity" }

Enable room name token verification plugin in your MUC component config section:

Component "conference.jitmeet.example.com" "muc"
    modules_enabled = { "token_verification" }

Setup guest domain

VirtualHost "guest.jitmeet.example.com"
    authentication = "token";
    app_id = "example_app_id";
    app_secret = "example_app_secret";
    c2s_require_encryption = true;
    allow_empty_token = true;

Enable guest domain in config.js

Open your meet config in /etc/jitsi/meet/<host>-config.js and enable

var config = {
    hosts: {
        ... 
        // When using authentication, domain for guest users.
        anonymousdomain: 'guest.jitmeet.example.com',
        ...
    },
    ...
    enableUserRolesBasedOnToken: true,
    ...
}

Edit jicofo sip-communicator in /etc/jitsi/jicofo/sip-communicator.properties

org.jitsi.jicofo.auth.URL=XMPP:jitmeet.example.com
org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true

Edit jicofo config in /etc/jitsi/jicofo/config

SET the follow configs

JICOFO_HOST=jitmeet.example.com

And edit videobridge config in /etc/jitsi/videobridge/config

Replace

JVB_HOST=

TO

JVB_HOST=jitmeet.example.com

And add after JAVA_SYS_PROPS

JAVA_SYS_PROPS=...
AUTHBIND=yes

Edit hostname on /etc/hosts

Add

127.0.0.1 jitmeet.example.com

Then, restart all services

systemctl restart nginx prosody jicofo jitsi-videobridge2

Helpers

Restart all services

systemctl restart prosody jicofo jitsi-videobridge2 jigasi

Prosody logs

tail -f -n 350 /var/log/prosody/prosody.log

Jicofo logs

tail -f -n 350 /var/log/jitsi/jicofo.log

Jigasi logs

tail -f -n 350 /var/log/jitsi/jigasi.log

JVB logs

tail -f -n 350 /var/log/jitsi/jvb.log

Register Jibri

prosodyctl register <USER> auth.<DOMAIN> <PASSWORD>

Manual react-jitsi-meet

Install NodeJS

curl -sL https://deb.nodesource.com/setup_12.x | sudo bash - &&
apt-get install nodejs -y

Clone your repository,

after clone run

sudo npm i &&
make

After installation, setup Nginx in /etc/nginx/sites-available/<host>.conf

server {
    ...
    location ^~ /.well-known/acme-challenge/ {
        root         /app/jitsi-meet;
    }
    ....
}

server {
    ...
    root /app/jitsi-meet;
    ...
    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
    {
        add_header 'Access-Control-Allow-Origin' '*';
        alias /app/jitsi-meet/$1/$2;
    }
    ...
}