Jitsi Meet - Getting Started Guide
Jitsi Meet is an open-source video conferencing platform that you fully control. No accounts required for participants - just share a link and start talking. This server comes with Jitsi Meet fully installed and ready to use by IP address.
Step 1 - Verify Jitsi Meet Works
Your server's IP address and root password are shown on the Server Details page in your client panel. Open https://your.server.ip in a browser. Your browser will show a security warning about the self-signed certificate - this is normal, proceed to the site.
On the Jitsi Meet welcome page:
- Type a meeting name (e.g., "team-standup" or "project-review")
- Click Start meeting
- Allow your browser to access the camera and microphone when prompted
- Share the meeting link with participants - they can join directly from their browser without installing anything
Note: By default, anyone with the link can create and join meetings. No authentication is required. See the "Enabling Authentication" section below to restrict access.
If you placed the server behind a VyOS router on a private network, set up port forwarding for ports 22 (SSH), 80 (HTTP), 443 (HTTPS) and 10000/UDP (media). The UDP port is critical - without it, participants connect but have no audio or video.
Step 2 - Set Up a Domain and SSL (Recommended)
Jitsi Meet works by IP address out of the box. To use a custom domain with a trusted SSL certificate, point your domain's A record to your server IP, then connect via SSH and run:
ssh root@your.server.ip/opt/setup/get-ssl.sh your-domain.comThe script will obtain a Let's Encrypt certificate and reconfigure Jitsi Meet for the domain. After completion, access your instance at https://your-domain.com without any browser warnings. Automatic renewal is already configured.
Post-Installation
Enabling Authentication
By default, anyone can create meetings on your server. To require authentication for meeting creators while still allowing guests to join via link, edit the Prosody configuration:
# Edit Prosody config
nano /etc/prosody/conf.avail/your-domain.cfg.lua
# Change authentication from "jitsi-anonymous" to "internal_hashed":
# authentication = "internal_hashed"
# Add a guest VirtualHost at the end of the file:
# VirtualHost "guest.your-domain"
# authentication = "anonymous"
# modules_enabled = { "turncredentials"; }
# c2s_require_encryption = falseUpdate the Jitsi Meet config to enable the guest domain:
# Edit Jitsi Meet config
nano /etc/jitsi/meet/your-domain-config.js
# Uncomment or add the anonymousdomain line:
# anonymousdomain: 'guest.your-domain',Configure Jicofo and create an authenticated user:
# Edit Jicofo config - add inside jicofo { authentication { section:
nano /etc/jitsi/jicofo/jicofo.conf
# enabled = true
# type = XMPP
# login-url = "your-domain"
# Create an authenticated user
prosodyctl register YOUR_USERNAME your-domain YOUR_PASSWORD
# Restart all services
systemctl restart prosody jicofo jitsi-videobridge2Now only authenticated users can create meetings, while guests can still join via a shared link.
Customization
Common customizations in /etc/jitsi/meet/your-domain-config.js:
- Disable camera by default:
startWithVideoMuted: true - Disable microphone by default:
startWithAudioMuted: true - Set default language:
defaultLanguage: 'en' - Limit video streams:
channelLastN: 20
After changes, restart the services: systemctl restart prosody jicofo jitsi-videobridge2 nginx
Firewall and Ports
| Port | Protocol | Purpose |
|---|---|---|
| 443 | TCP | HTTPS (web interface) |
| 80 | TCP | HTTP (redirect to HTTPS) |
| 10000 | UDP | Video/audio media (JVB) |
Important: UDP port 10000 must be open for video and audio to work. If participants can connect but have no audio/video, check that this port is not blocked.
Fail2Ban - Brute-Force Protection
Your server comes with Fail2Ban pre-configured to protect SSH from brute-force attacks.
| Rule | Max Attempts | Ban Duration |
|---|---|---|
| SSH | 5 failed logins | 10 minutes |
Useful commands:
# Check banned IPs
fail2ban-client status sshd
# Unban an IP
fail2ban-client set sshd unbanip 1.2.3.4If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.
Service Management
# Check status of all Jitsi services
systemctl status prosody jicofo jitsi-videobridge2 nginx
# Restart all services
systemctl restart prosody jicofo jitsi-videobridge2 nginx
# View logs
journalctl -u jitsi-videobridge2 -f
journalctl -u jicofo -f
journalctl -u prosody -fUpdates
Jitsi Meet is installed from the official repository:
apt update && apt upgrade -yIt is recommended to take a snapshot before updating.
Software Included
| Component | Details |
|---|---|
| Ubuntu | 24.04 LTS |
| Jitsi Meet | Latest (web frontend) |
| Jitsi Videobridge | Latest (media server) |
| Jicofo | Latest (conference focus) |
| Prosody | XMPP server |
| Nginx | Reverse proxy (HTTPS) |
| Fail2Ban | Brute-force protection |
Troubleshooting
| Problem | Solution |
|---|---|
| Browser shows SSL warning | This is expected with the default self-signed certificate. Set up a domain and run /opt/setup/get-ssl.sh your-domain.com for a trusted certificate |
| No audio or video in meetings | Ensure UDP port 10000 is open. Check JVB status: systemctl status jitsi-videobridge2 |
| Meeting page does not load | Check Nginx: systemctl status nginx. Check logs: journalctl -u nginx --no-pager -n 50 |
| Participants cannot connect | Verify all services are running: systemctl status prosody jicofo jitsi-videobridge2. Restart if needed |
| Poor video quality with many participants | Upgrade to 4+ vCPU and 4+ GB RAM. Set channelLastN in config.js to limit video streams |
| SSL certificate not renewing | Test renewal: certbot renew --dry-run. Check timer: systemctl status certbot.timer |
| Blocked by Fail2Ban | Use VNC console in your client panel to unban your IP |
| Forgot root password | Use VNC console in your client panel to reset it |