Jitsi Installation with JWT Support on Ubuntu 20.04 TLS

sudo hostnamectl set-hostname YOUR_DOMAIN
YOUR_DOMAIN localhostYOUR_LOCAL_IP YOUR_DOMAIN jitsimainYOUR_GLOBAL_IP YOUR_DOMAIN jitsimain127.0.0.1 localhost YOUR_DOMAIN# The following lines are desirable for IPv6 capable hosts::1 localhost ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters
ping “$(hostname)”
PING YOUR_DOMAIN ( 56(84) bytes of data.64 bytes from localhost ( icmp_seq=1 ttl=64 time=0.026 ms64 bytes from localhost ( icmp_seq=2 ttl=64 time=0.041 ms64 bytes from localhost ( icmp_seq=3 ttl=64 time=0.045 ms

Setting Up Base Jitsi Components with JWT Support

sudo su
sudo nano /etc/apt/sources.list
deb http://security.ubuntu.com/ubuntu bionic-security main
sudo apt update && apt-cache policy libssl1.0-dev
  • gcc (c++ compiler to compile luarocks)
  • unzip
  • lua5.2 (Lua programming language)
  • liblua5.2 (Lua base libraries)
  • luarocks (The main repository of Lua modules)
  • basexx ( Lua library which provides base2(bitfield), base16(hex), base32(crockford/rfc), base64(rfc/url), base85(z85) decoding and encoding.)
  • libssl1.0-dev (Debian (Ubuntu) package is part of the OpenSSL project’s implementation of the SSL and TLS)
  • luacrypto (Lua frontend to the OpenSSL cryptographic library)
  • lua-cjson (JSON encoding/parsing module for Lua)
  • luajwtjitsi (JSON Web Tokens module for Lua)
  • Prosody (Latest stable version)
cd &&apt-get update -y &&apt-get install gcc -y &&apt-get install unzip -y &&apt-get install lua5.2 -y &&apt-get install liblua5.2 -y &&apt-get install luarocks -y &&luarocks install basexx &&apt-get install libssl1.0-dev -y &&luarocks install luacrypto &&mkdir src &&cd src &&luarocks download lua-cjson &&luarocks unpack lua-cjson-–1.src.rock &&cd lua-cjson-–1/lua-cjson &&sed -i ‘s/lua_objlen/lua_rawlen/g’ lua_cjson.c &&sed -i ‘s|$(PREFIX)/include|/usr/include/lua5.2|g’ Makefile &&luarocks make &&luarocks install luajwtjitsi &&cd &&wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add — &&echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list &&apt-get update -y &&apt-get upgrade -y &&apt-get install prosody -y &&chown root:prosody /etc/prosody/certs/localhost.key &&chmod 644 /etc/prosody/certs/localhost.key &&sleep 2 &&shutdown -r now
sudo su
  • Hostname will be prompted. Enter FQDN which is same as hostname of the VM.
  • As a second prompted question, generate a new certificate instead of using your existing certificate. If you have your own certificates i guess it is better to install with generating new certificates also. You will always have a chance to replace your certificates later.
  • Enter application ID as; YOUR_APP_ID
  • Enter application secret as; YOUR_SECRET
cd &&cp /etc/prosody/certs/localhost.key /etc/ssl &&apt-get install nginx -y &&wget -qO — https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add — &&sh -c “echo ‘deb https://download.jitsi.org stable/’ > /etc/apt/sources.list.d/jitsi-stable.list” &&apt-get -y update &&apt-get install jitsi-meet -y &&apt-get install jitsi-meet-tokens -y

Create Cerificates

sudo apt install certbot &&sudo sed -i ‘s/\.\/certbot-auto/certbot/g’ /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh &&sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Firewall Settings

ufw enable
ufw allow in 2220/tcp &&ufw allow in openssh &&ufw allow in 80/tcp &&ufw allow in 443/tcp &&ufw allow in 4443/tcp &&ufw allow in 5222/tcp &&ufw allow in 5347/tcp &&ufw allow in 10000/udp
ufw status

Configure Prosody

admins = {}component_ports = { 5347 }component_interface = “”
Include “conf.d/*.cfg.lua”

Configure Prosody for Your Host

asap_accepted_issuers = { “YOUR_APP_ID”, “smash” }asap_accepted_audiences = { “YOUR_APP_ID”, “smash” }
VirtualHost “YOUR_DOMAIN”authentication = “token”;app_id = “YOUR_APP_ID”; — application identifierapp_secret = “YOUR_SECRET”; — application secret known only to your token
VirtualHost “YOUR_DOMAIN”modules_enabled = { “presence_identity” }
Component “conference.YOUR_DOMAIN” “muc”modules_enabled = { “token_verification” }
VirtualHost “guest.YOUR_DOMAIN”authentication = “token”;app_id = “YOUR_APP_ID”;app_secret = “YOUR_SECRET”;c2s_require_encryption = true;allow_empty_token = true;

Enable Anonymous Domain in Jitsi Meet Config

var config = {hosts: {// When using authentication, domain for guest users.anonymousdomain: ‘guest.jitmeet.example.com’,},enableUserRolesBasedOnToken: true,}

Jicofo Configuration

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.YOUR_DOMAIN org.jitsi.jicofo.auth.URL=XMPP:YOUR_DOMAIN org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true

Video Bridge Configuration

nano /etc/jitsi/videobridge/config

Restart All Services

systemctl restart prosody jicofo jitsi-videobridge2


"alg": "HS256",
"typ": "JWT"
{  "aud": "YOUR_AUDIENCE",  "iss": "YOUR_ISSUER",  "sub": "YOUR_JITSI_DOMAIN",  "room": "*"}
tail -f -n 200 /var/log/prosody/prosody.log
tail -f -n 200 /var/log/jitsi/jicofo.log
tail -f -n 200 /var/log/jitsi/jvb.log




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Azure Bicep: Create a FrontDoor for a highly available web application

Understanding classes and instances in Python

Time Complexity

Simple offline caching in Swift and Combine

Win tickets to the Web 3.0 conference

Code BEAM America 2021 Day 1

What is Partitioning in Azure Cosmos DB?

To solve your problem, collect large amount of data.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

Jitsi Installation with JWT Support on Ubuntu 18.04 TLS

TeddyBarNFTs Whitepaper version ?🤪

Saving gas with Fee tools

How to Configure BGP AS-PATH prepend