Jitsi Installation with JWT Support on Ubuntu 18.04 TLS

sudo hostnamectl set-hostname YOUR_DOMAIN localhostYOUR_LOCAL_IP_IF_EXIST YOUR_DOMAIN jitsimainYOUR_GLOBAL_IP YOUR_DOMAIN jitsimain127.0.0.1 localhost YOUR_DOMAIN# The following lines are desirable for IPv6 capable hosts::1 localhost ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters
ping “$(hostname)”
PING YOUR_DOMAIN ( 56(84) bytes of data.64 bytes from localhost ( icmp_seq=1 ttl=64 time=0.026 ms64 bytes from localhost ( icmp_seq=2 ttl=64 time=0.041 ms64 bytes from localhost ( icmp_seq=3 ttl=64 time=0.045 ms

Setting Up Base Jitsi Components with JWT Support

sudo su
  • gcc (c++ compiler to compile luarocks)
  • unzip
  • lua5.2 (Lua programming language)
  • liblua5.2 (Lua base libraries)
  • luarocks (The main repository of Lua modules)
  • basexx ( Lua library which provides base2(bitfield), base16(hex), base32(crockford/rfc), base64(rfc/url), base85(z85) decoding and encoding.)
  • libssl1.0-dev (Debian (Ubuntu) package is part of the OpenSSL project’s implementation of the SSL and TLS)
  • luacrypto (Lua frontend to the OpenSSL cryptographic library)
  • lua-cjson (JSON encoding/parsing module for Lua)
  • luajwtjitsi (JSON Web Tokens module for Lua)
  • Prosody (Latest stable version)
cd &&apt-get update -y &&apt-get install gcc -y &&apt-get install unzip -y &&apt-get install lua5.2 -y &&apt-get install liblua5.2 -y &&apt-get install luarocks -y &&luarocks install basexx &&apt-get install libssl1.0-dev -y &&luarocks install luacrypto &&mkdir src &&cd src &&luarocks download lua-cjson &&luarocks unpack lua-cjson- &&cd lua-cjson- &&sed -i ‘s/lua_objlen/lua_rawlen/g’ lua_cjson.c &&sed -i ‘s|$(PREFIX)/include|/usr/include/lua5.2|g’ Makefile &&luarocks make &&luarocks install luajwtjitsi &&cd &&wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add – &&echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list &&apt-get update -y &&apt-get upgrade -y &&apt-get install prosody -y &&chown root:prosody /etc/prosody/certs/localhost.key &&chmod 644 /etc/prosody/certs/localhost.key &&sleep 2 &&shutdown -r now
sudo su
  • Hostname will be prompted. Enter FQDN which is same as hostname of the VM.
  • As a second prompted question, generate a new certificate instead of using your existing certificate. If you have your own certificates i guess it is better to install with generating new certificates also. You will always have a chance to replace your certificates later.
  • Enter application ID as; YOUR_APP_ID
  • Enter application secret as; YOUR_SECRET
cd &&cp /etc/prosody/certs/localhost.key /etc/ssl &&apt-get install nginx -y &&wget -qO – https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add – &&sh -c “echo ‘deb https://download.jitsi.org stable/’ > /etc/apt/sources.list.d/jitsi-stable.list” &&apt-get -y update &&apt-get install jitsi-meet -y &&apt-get install jitsi-meet-tokens -y

Create Cerificates


Firewall Settings

ufw enable
ufw allow in 22/tcp &&ufw allow in openssh &&ufw allow in 80/tcp &&ufw allow in 443/tcp &&ufw allow in 4443/tcp &&ufw allow in 5222/tcp &&ufw allow in 5347/tcp &&ufw allow in 10000/udp
ufw status

Configure Prosody

admins = {}component_ports = { 5347 }component_interface = ""
Include "conf.d/*.cfg.lua"

Configure Prosody for Your Host

asap_accepted_issuers = { "YOUR_APP_ID", "smash" }asap_accepted_audiences = { "YOUR_APP_ID", "smash" }
VirtualHost "YOUR_DOMAIN"    authentication = "token";    app_id = "YOUR_APP_ID";             -- application identifier    app_secret = "YOUR SECRET";     -- application secret known only to your token
VirtualHost "YOUR_DOMAIN"    modules_enabled = { "presence_identity" }
Component "conference.YOUR_DOMAIN" "muc"    modules_enabled = { "token_verification" }
VirtualHost "guest.YOUR_DOMAIN"    authentication = "token";    app_id = "YOUR_APP_ID";    app_secret = "YOUR_SECRET";    c2s_require_encryption = true;    allow_empty_token = true;

Enable Anonymous Domain in Jitsi Meet Config

var config = {    hosts: {        ...         // When using authentication, domain for guest users.        anonymousdomain: 'guest.jitmeet.example.com',        ...    },    ...    enableUserRolesBasedOnToken: true,    ...}

Jicofo Configuration


Video Bridge Configuration


Restart All Services

systemctl restart prosody jicofo jitsi-videobridge2


"alg": "HS256",
"typ": "JWT"
{  "aud": "YOUR_AUDIENCE",  "iss": "YOUR_ISSUER",  "sub": "YOUR_JITSI_DOMAIN",  "room": "*"}
tail -f -n 200 /var/log/prosody/prosody.log
tail -f -n 200 /var/log/jitsi/jicofo.log
tail -f -n 200 /var/log/jitsi/jvb.log




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Kubernetes & Containers - A Beginners Guide

Read Fewer Books: Wisdom in the Time of TMI

One SSL, One Domain with Multiple Services: HAproxy on Kubernetes

PWK(OSCP) [PEN-200] Review 2021

EFS on ECS Fargate

Deploy ML model with Web UI using Pickle, Flask and ngrok in Google Colab

Coda - low-code useful tool for PMs

About the Data Administrator profile

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

Jitsi Installation with JWT Support on Ubuntu 20.04 TLS

Connect Heroku & Datadog Logs

Create a H.264 stream with FFmpeg

License Plate Number Recognition