Jitsi Meet - Getting Started Guide

Jitsi Meet is an open-source video conferencing platform that you fully control. No accounts required for participants – just share a link and start talking. This server comes with Jitsi Meet fully installed and ready to use by IP address.

Step 1 – Verify Jitsi Meet Works

Your server’s IP address and root password are shown on the Server Details page in your client panel. Open https://your.server.ip in a browser. Your browser will show a security warning about the self-signed certificate – this is normal, proceed to the site.

On the Jitsi Meet welcome page:

  1. Type a meeting name (e.g., “team-standup” or “project-review”)
  2. Click Start meeting
  3. Allow your browser to access the camera and microphone when prompted
  4. Share the meeting link with participants – they can join directly from their browser without installing anything

Note: By default, anyone with the link can create and join meetings. No authentication is required. See the “Enabling Authentication” section below to restrict access.

If you placed the server behind a VyOS router on a private network, set up port forwarding for ports 22 (SSH), 80 (HTTP), 443 (HTTPS) and 10000/UDP (media). The UDP port is critical – without it, participants connect but have no audio or video.

Step 2 – Set Up a Domain and SSL (Recommended)

Jitsi Meet works by IP address out of the box. To use a custom domain with a trusted SSL certificate, point your domain’s A record to your server IP, then connect via SSH and run:

ssh root@your.server.ip
/opt/setup/get-ssl.sh your-domain.com

The script will obtain a Let’s Encrypt certificate and reconfigure Jitsi Meet for the domain. After completion, access your instance at https://your-domain.com without any browser warnings. Automatic renewal is already configured.

Post-Installation

Enabling Authentication

By default, anyone can create meetings on your server. To require authentication for meeting creators while still allowing guests to join via link, edit the Prosody configuration:

# Edit Prosody config
nano /etc/prosody/conf.avail/your-domain.cfg.lua

# Change authentication from "jitsi-anonymous" to "internal_hashed":
#   authentication = "internal_hashed"

# Add a guest VirtualHost at the end of the file:
#   VirtualHost "guest.your-domain"
#       authentication = "anonymous"
#       modules_enabled = { "turncredentials"; }
#       c2s_require_encryption = false

Update the Jitsi Meet config to enable the guest domain:

# Edit Jitsi Meet config
nano /etc/jitsi/meet/your-domain-config.js

# Uncomment or add the anonymousdomain line:
#   anonymousdomain: 'guest.your-domain',

Configure Jicofo and create an authenticated user:

# Edit Jicofo config - add inside jicofo { authentication { section:
nano /etc/jitsi/jicofo/jicofo.conf
#   enabled = true
#   type = XMPP
#   login-url = "your-domain"

# Create an authenticated user
prosodyctl register YOUR_USERNAME your-domain YOUR_PASSWORD

# Restart all services
systemctl restart prosody jicofo jitsi-videobridge2

Now only authenticated users can create meetings, while guests can still join via a shared link.

Customization

Common customizations in /etc/jitsi/meet/your-domain-config.js:

  • Disable camera by default: startWithVideoMuted: true
  • Disable microphone by default: startWithAudioMuted: true
  • Set default language: defaultLanguage: 'en'
  • Limit video streams: channelLastN: 20

After changes, restart the services: systemctl restart prosody jicofo jitsi-videobridge2 nginx

Firewall and Ports

Port Protocol Purpose
443TCPHTTPS (web interface)
80TCPHTTP (redirect to HTTPS)
10000UDPVideo/audio media (JVB)

Important: UDP port 10000 must be open for video and audio to work. If participants can connect but have no audio/video, check that this port is not blocked.

Fail2Ban – Brute-Force Protection

Your server comes with Fail2Ban pre-configured to protect SSH from brute-force attacks.

Rule Max Attempts Ban Duration
SSH5 failed logins10 minutes

Useful commands:

# Check banned IPs
fail2ban-client status sshd

# Unban an IP
fail2ban-client set sshd unbanip 1.2.3.4

If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.

Service Management

# Check status of all Jitsi services
systemctl status prosody jicofo jitsi-videobridge2 nginx

# Restart all services
systemctl restart prosody jicofo jitsi-videobridge2 nginx

# View logs
journalctl -u jitsi-videobridge2 -f
journalctl -u jicofo -f
journalctl -u prosody -f

Updates

Jitsi Meet is installed from the official repository:

apt update && apt upgrade -y

It is recommended to take a snapshot before updating.

Software Included

Component Details
Ubuntu24.04 LTS
Jitsi MeetLatest (web frontend)
Jitsi VideobridgeLatest (media server)
JicofoLatest (conference focus)
ProsodyXMPP server
NginxReverse proxy (HTTPS)
Fail2BanBrute-force protection

Troubleshooting

Problem Solution
Browser shows SSL warning This is expected with the default self-signed certificate. Set up a domain and run /opt/setup/get-ssl.sh your-domain.com for a trusted certificate
No audio or video in meetings Ensure UDP port 10000 is open. Check JVB status: systemctl status jitsi-videobridge2
Meeting page does not load Check Nginx: systemctl status nginx. Check logs: journalctl -u nginx --no-pager -n 50
Participants cannot connect Verify all services are running: systemctl status prosody jicofo jitsi-videobridge2. Restart if needed
Poor video quality with many participants Upgrade to 4+ vCPU and 4+ GB RAM. Set channelLastN in config.js to limit video streams
SSL certificate not renewing Test renewal: certbot renew --dry-run. Check timer: systemctl status certbot.timer
Blocked by Fail2Ban Use VNC console in your client panel to unban your IP
Forgot root password Use VNC console in your client panel to reset it