Jitsi Installation with JWT Support on Ubuntu 18.04 TLS

sudo hostnamectl set-hostname YOUR_DOMAIN localhostYOUR_LOCAL_IP_IF_EXIST YOUR_DOMAIN jitsimainYOUR_GLOBAL_IP YOUR_DOMAIN jitsimain127.0.0.1 localhost YOUR_DOMAIN# The following lines are desirable for IPv6 capable hosts::1 localhost ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters
ping “$(hostname)”
PING YOUR_DOMAIN ( 56(84) bytes of data.64 bytes from localhost ( icmp_seq=1 ttl=64 time=0.026 ms64 bytes from localhost ( icmp_seq=2 ttl=64 time=0.041 ms64 bytes from localhost ( icmp_seq=3 ttl=64 time=0.045 ms

Setting Up Base Jitsi Components with JWT Support

Switch to root;

sudo su
  • unzip
  • lua5.2 (Lua programming language)
  • liblua5.2 (Lua base libraries)
  • luarocks (The main repository of Lua modules)
  • basexx ( Lua library which provides base2(bitfield), base16(hex), base32(crockford/rfc), base64(rfc/url), base85(z85) decoding and encoding.)
  • libssl1.0-dev (Debian (Ubuntu) package is part of the OpenSSL project’s implementation of the SSL and TLS)
  • luacrypto (Lua frontend to the OpenSSL cryptographic library)
  • lua-cjson (JSON encoding/parsing module for Lua)
  • luajwtjitsi (JSON Web Tokens module for Lua)
  • Prosody (Latest stable version)
cd &&apt-get update -y &&apt-get install gcc -y &&apt-get install unzip -y &&apt-get install lua5.2 -y &&apt-get install liblua5.2 -y &&apt-get install luarocks -y &&luarocks install basexx &&apt-get install libssl1.0-dev -y &&luarocks install luacrypto &&mkdir src &&cd src &&luarocks download lua-cjson &&luarocks unpack lua-cjson- &&cd lua-cjson- &&sed -i ‘s/lua_objlen/lua_rawlen/g’ lua_cjson.c &&sed -i ‘s|$(PREFIX)/include|/usr/include/lua5.2|g’ Makefile &&luarocks make &&luarocks install luajwtjitsi &&cd &&wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add – &&echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list &&apt-get update -y &&apt-get upgrade -y &&apt-get install prosody -y &&chown root:prosody /etc/prosody/certs/localhost.key &&chmod 644 /etc/prosody/certs/localhost.key &&sleep 2 &&shutdown -r now
sudo su
  • As a second prompted question, generate a new certificate instead of using your existing certificate. If you have your own certificates i guess it is better to install with generating new certificates also. You will always have a chance to replace your certificates later.
  • Enter application ID as; YOUR_APP_ID
  • Enter application secret as; YOUR_SECRET
cd &&cp /etc/prosody/certs/localhost.key /etc/ssl &&apt-get install nginx -y &&wget -qO – https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add – &&sh -c “echo ‘deb https://download.jitsi.org stable/’ > /etc/apt/sources.list.d/jitsi-stable.list” &&apt-get -y update &&apt-get install jitsi-meet -y &&apt-get install jitsi-meet-tokens -y

Create Cerificates

To generate certificates;


Firewall Settings

To enable firewall run:

ufw enable
ufw allow in 22/tcp &&ufw allow in openssh &&ufw allow in 80/tcp &&ufw allow in 443/tcp &&ufw allow in 4443/tcp &&ufw allow in 5222/tcp &&ufw allow in 5347/tcp &&ufw allow in 10000/udp
ufw status

Configure Prosody

Open /etc/prosody/prosody.cfg.lua and add above lines after admins object

admins = {}component_ports = { 5347 }component_interface = ""
Include "conf.d/*.cfg.lua"

Configure Prosody for Your Host

Open /etc/prosody/conf.avail/YOUR_DOMAIN.cfg.lua and add lines below for your issuers and audiences

asap_accepted_issuers = { "YOUR_APP_ID", "smash" }asap_accepted_audiences = { "YOUR_APP_ID", "smash" }
VirtualHost "YOUR_DOMAIN"    authentication = "token";    app_id = "YOUR_APP_ID";             -- application identifier    app_secret = "YOUR SECRET";     -- application secret known only to your token
VirtualHost "YOUR_DOMAIN"    modules_enabled = { "presence_identity" }
Component "conference.YOUR_DOMAIN" "muc"    modules_enabled = { "token_verification" }
VirtualHost "guest.YOUR_DOMAIN"    authentication = "token";    app_id = "YOUR_APP_ID";    app_secret = "YOUR_SECRET";    c2s_require_encryption = true;    allow_empty_token = true;

Enable Anonymous Domain in Jitsi Meet Config

Open your meet config in /etc/jitsi/meet/YOUR_DOMAIN-config.js and edit as:

var config = {    hosts: {        ...         // When using authentication, domain for guest users.        anonymousdomain: 'guest.jitmeet.example.com',        ...    },    ...    enableUserRolesBasedOnToken: true,    ...}

Jicofo Configuration

Set following config in /etc/jitsi/jicofo/config as:


Video Bridge Configuration

Edit /etc/jitsi/videobridge/config file as:


Restart All Services

systemctl restart prosody jicofo jitsi-videobridge2


For testing your Jitsi with JWT installation you will need a token. To generate your token you can go to jwt.io . In the main page there is a JWT debugger. Considering that you are using HS256 algorithm (which is default for Jitsi and also jwt.io) for encryption our token’s header section will be;

"alg": "HS256",
"typ": "JWT"
{  "aud": "YOUR_AUDIENCE",  "iss": "YOUR_ISSUER",  "sub": "YOUR_JITSI_DOMAIN",  "room": "*"}
tail -f -n 200 /var/log/prosody/prosody.log
tail -f -n 200 /var/log/jitsi/jicofo.log
tail -f -n 200 /var/log/jitsi/jvb.log



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store