Table of Contents

Jitsi

Just some notes for me, but may be useful for others.

Jitsi is a video bridge server. It allows two or more users to do video chat. It uses Prosody for an XMPP chat also, and appears to use Prosody for authentication. It can be run in a standard web browser, though it is much better on Chrome/Chromium based browsers (FireFox is supported, but may have some weirdness).

Backing up

You can back up lots of stuff, but the important part is /etc/prosody, /etc/jitsi and the location of the XMPP config files. Jitsi uses prosody, an XMPP server, for authentication.

The XMPP user configuration files are in /var/lib/prosody under a URL encoded directory name the same as your server. Assuming your server name is jitsi.example.com, the directory is /var/lib/prosody/jitsi%20example%20com. Replace this with your REAL server name to back up. /path/to/backup is wherever you want to back up to.

mkdir -p /path/to/backup/etc
cp -av /etc/prosody /etc/jitsi /path/to/backup/etc
mkdir -p /path/to/backup/varlib
cp -av  /var/lib/prosody/jitsi%20example%20com/accounts /var/lib/prosody/jitsi%20example%20com/roster /path/to/backup/varlib

Installation

For Devuan and other Debian derivatives, I do this. I use apache since I'm used to it. If you do not have a web server installed, the following will install nginx since it is lighter weight. certbot is also very useful so you can get real SSL certs, and jitsi has a script that will set that up also.

You MUST have a DNS A record set to your server before doing any of this. A CNAME may work, but I always put in an A record.

# Add the repo
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
echo deb https://download.jitsi.org stable/ > /etc/apt/sources.list.d/jitsi-stable.list
apt update
# Do the installation
# get the web server and certbot installed and configured
apt -y install apache2 certbot
# make sure everything works
# the jitsi-meet package will install everything needed
# you will be asked for server name (your A record)
# you will also be asked if you want a self signed SSL cert, choose that and we'll replace it 
# with certbot later
apt -y install jitsi-meet 
# now, run the script to to the certbot setup
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Configure

Finally, we need to make some configuration file changes. Again, replace jitsi.example.com with your server name. In the code below, a minus sign means “find and remove this line” and a plus sign means “add this line”.

/etc/prosody/conf.avail/jitsi.example.com.cfg.lua

- authentication = "anonymous"
+ authentication = "internal_plain"
# add a block for guest at bottom of the file
echo 'VirtualHost "guest.jitsi.example.com"' >> /etc/prosody/conf.avail/jitsi.example.com.cfg.lua
echo '    authentication = "anonymous"' >> /etc/prosody/conf.avail/jitsi.example.com.cfg.lua
echo '    c2s_require_encryption = false' >> /etc/prosody/conf.avail/jitsi.example.com.cfg.lua

/etc/jitsi/meet/jitsi.example.com-config.js

- // anonymousdomain: 'guest.jitsi.example.com',
+ anonymousdomain: 'guest.jitsi.example.com',
# add this line to sip-communicator.properties
echo 'org.jitsi.jicofo.auth.URL=XMPP:jitsi.example.com' >> /etc/jitsi/jicofo/sip-communicator.properties
# add your first user, in this case, user1 with a password of Password
prosodyctl register user1 jitsi.example.com Password

/etc/letsencrypt/renewal-hooks/deploy/prosody.sh

This file is a hook that will update prosody's SSL cert when certbot updates the main cert. If it does not exist, run the following.

# DO NOT RUN unless /etc/letsencrypt/renewal-hooks/deploy/prosody.sh does not exist
echo '#!/bin/sh' > /etc/letsencrypt/renewal-hooks/deploy/prosody.sh
echo '/usr/bin/prosodyctl --root cert import /etc/letsencrypt/live' >> /etc/letsencrypt/renewal-hooks/deploy/prosody.sh
chmod 700 /etc/letsencrypt/renewal-hooks/deploy/prosody.sh

Now, finally, we run it one time to get prosody updated. After this, it will run after a new SSL cert is created automatically

/etc/letsencrypt/renewal-hooks/deploy/prosody.sh

restart everything

service prosody restart
service jicofo restart
service jitsi-videobridge2 restart

Quick Notes

Uninstall

Note: most of the time you do not need to remove prosody, so I put that on a separate line. If you do remove prosody, be sure to back up /var/lib/prosody first, or you'll have to add all your users.

apt purge jigasi jitsi-meet jitsi-meet-web-config jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jicofo jitsi-videobridge2
apt purge prosody # only if you really, really need to
apt autoremove

Can't create an XMPP room

By default, jitsi does not allow you to create new rooms in when you are using it for straight XMPP. In this case, edit the file /etc/prosody/conf.avail/jitsi.example.com

  1. Find line similar to Component “conference.jitsi.example.com”
  2. find line under that restrict_room_creation = true
  3. change 'true' to 'false'
  4. restart everything

Location of authentication files

User authentication file (plain text, so don't trust it)

/var/lib/prosody/jitsi%2eexample%2ecom/accounts

Basically, the server name with the dots replaced with %2e

Create a new user

Done via prosody, using the prosodyctl command.

prosodyctl register <username> <server.example.com> <password>

replace <username> and <password> with information. Replace <server.example.com> with the (jitsi) name of the server.

Using xmpp only

You need to be using authentication (I think). Once done, authenticated users can set up pidgin as follows:

  1. Basic Tab
    1. Protocol: XMPP
    2. Username: username on server which was set with prosodyctl
    3. Domain: name of the server, as used with prosodyctl
    4. Resource: whatever you want to indicate your device
  2. Advanced Tab
    1. Connection Security: Require Encryption
    2. Connect Port: 5222
    3. Connect Server: DNS name of server (usually the same as Domain unless you change it)
    4. File transfer Proxy: I still leave at proxy.eu.jabber.ord, but looks like we can set it to the same machine if we add a module.

Client Software

In addition to using a web browser, there is client software for Windows, Linux and OS/X. There are also apps for Android and IOS which can be downloaded from their respective stores.

For workstations, there are two types of programs; a “normal” one and an AppImage one.

Standard Workstation Program

Standard installers can be downloaded from https://desktop.jitsi.org/Main/Download.html. Note that I had issues with the Linux version (Debian specifically). Using this will install the program globally, so all users on a system can run the program. It requires administrator privileges to install.

AppImage

An AppImage is a way of packaging a program that does not use an installer. Instead, it includes all of the libraries, etc… in its one package. For this reason, you do not need administrator privileges, and removing a program is mainly a matter of deleting a file. When I had the issue with the standard Debian image, I tried the AppImage copy and it ran just fine.

AppImage's for Jitsi Desktop can be found at https://appimage.github.io/jitsi-meet/

Android

While the jitsi app is available in the standard Android Store, a better way of doing it is to install f-droid (https://f-droid.org). This is a repository of true open source software for the Android. Installing F-Droid is a little complex, but instructions are on their site. Once installed, you have access to free and open source Android apps that do not spy on you, or track your information. And, in many cases, there are alternative versions of commercial apps for Android in F-Droid which are better than the paid versions.

IOS

Apple is not known for being open, though their operating system, like Android, is based on open source software. I, personally, do not own an iPhone or iPad, so I can not and do not recommend the following strictly because I don't know. However, it appears something similar to F-Droid exists. Check out https://aptoideapkx.com/f-droid-for-ios/, but do your own research before you install it on your device.