The situation with COVID-19 affects not only the private lives of people and their families but also the business, excluding the possibility of face-to-face communication. Many individuals and companies are forced to adapt to work and communicate remotely.
Thus video conferencing got a high-level demand. One of the key players in this market is Zoom video conferencing software. However, there are multiple claims regarding Zoom security, confidentiality and data privacy. As a result, people are looking for alternatives that can be privately hosted. That’s why Jitsi Meet open source video conferencing tool is gaining more and more popularity, as it can be installed at the preferred local cloud provider or on-premise.
Why Jitsi?
The key advantages of using Jitsi video conferencing:
- Open-source solution provided for free and with a wide community support
- Installation in one click and easy setup
- User-friendly process of arranging video and audio calls, as well as multi-meeting rooms
- High level of privacy and security due to deployment inside isolated containers with encrypted traffic
- A wide choice of service providers across different countries to host the application locally
- Support of all available clients (Windows, Linux, Mac, iOS, Android)
In this article we’ll share the details of how to get Jitsi up and running with Jelastic PaaS in order to achieve full control over your data, secure hosting in local datacenter and meet no need in manual installation with complex maintenance. Follow the steps below and get your own self-hosted video conferencing application in minutes.
Jitsi Installation
1. Sign in Jelastic dashboard and start the installation by importing the appropriate manifest file from GitHub.
Once the installation is completed the successful window appears with credentials of the video conferencing host (administrator).
2. Click on Jitsi Server URL or Open in Browser button to get access to the video conferencing admin panel.
SSL CERTIFICATE
Depending on Hosting Service Provider, the platform secures application traffic either with a valid SSL certificate or test intermediate certificates (“Fake LE Intermediate X1”) SSL certificate. In case the Fake certificate was issued, it is suitable for evaluation or testing purposes only. In other case, you can keep going with the valid certificate the platform issued for your environment or you may bind a custom domain and obtain a valid SSL Certificate for it. Follow our tutorial in the Bind Custom Domain section below.
ENCRYPTION
For 1-to-1 meetings audio and video are always encrypted using DTLS-SRTP all the way from the sender to the receiver. In the case of multiparty meetings all audio and video traffic is still encrypted on the network. Data is decrypted while traversing videobridge, but it is never stored to any persistent storage and only live in memory while being routed to other participants in the meeting. Also, since we are running a private instance inside the isolated container, it is under your full control and no third party can access it.
3. Use a meeting name generator to avoid possible coincidences or create your own one e.g. MyPrivateMeeting and click on GO. Then press I am the host button and enter credentials you got upon Jitsi installation to become the video conferencing service administrator.
The meeting appears once the first participant joins it by the URL and it is destroyed right as the last participant has left it. So, if necessary to maintain some room with a specific meeting all the time there should stay at least one participant. Otherwise, if someone joins the same meeting room again, a brand new meeting is created with the same name and there will be no connection with the previous meeting.
Jitsi can be used to run multiple meetings at a time with a limitation of 75 clients connected per meeting. By default, Jitsi server in Jelastic has enough resource capacity to handle a heavy load, but if necessary you can scale it vertically on-the-fly.
4. The next step is to secure your meeting with a password to ensure that somebody uninvited can reach it even in case of coincidence of the names.
Now your meeting is ready to accept connections from the users you shared the link to, just don’t forget to send invitations to them with the meeting’s Link and Password.
Remember that the password is reset once the meeting has left by all the participants. So, while joining a new meeting in the same room, note that the password should be set up once again.
Jitsi Highly-Available Cluster
In case you need to ensure the reliability of your Jitsi application, you can select the Cluster option during the package installation. It will automatically scale your Jitsi instance across the specified number of nodes (the Shards Number field in the installation frame) to provide high availability and boost performance.
As a result, you’ll get a sharded cluster with a load balancer based on Haproxy and a dedicated storage node to keep all the records in the same place.
Jitsi Cluster has the following peculiarities:
- All the clients are split according to the room name.
- The size of the room (amount of concurrent clients) depends on the amount of resources allocated per shard.
- A single room cannot be shared across multiple shards. However, all rooms and their clients will be split between shards.
- Admin credentials are the same for the whole cluster.
- The recordings are saved to shared storage so that all records are located in the same place.
- If a node that is hosting a room fails, all the clients are automatically reconnected to the new room on a different shard (after the admin enters credentials for the new jitsi session).
- In clustered mode Let’s Encrypt certificate is managed via the Jelastic Let’s Encrypt add-on. In standalone mode, it is managed directly via the Jitsi application.
After installation, proceed with the same configuration as for the standalone Jitsi instance.
Extra Functionality
Jitsi attracts also with some unique features available in one application:
- Sart live stream — allows to stream audio and video via Youtube.
- Start recording — provides an ability to record meetings as mp4 video files and automatically save them to the /root/.jitsi-meet-cfg/jibri/recordings folder of the Jitsi container.
- Share a YouTube video — allows playing video from YouTube to all the meeting participants.
- Blur my background — detects the speaker’s body and displays it with no distortion but blurs the background surrounding it.
In addition, you can Share your screen using the button in the left bottom side of the application panel. It allows you to broadcast screen to all participants:
- Whole computer screen
- Window of a specific application
- Specific web browser tab
Bind Custom Domain
Now your Jitsi server is available by platform’s domain generated upon installation with the test fake certificates. It is enough to get it to work for developing or testing purposes. But for the production, you definitely need to have your own domain available for your video conferencing server.
1. Bind a custom domain name to your Jitsi server via A Record or CNAME. It’s a mandatory requirement. You can find provided IP address in the environment topology as follows.
2. Then generate valid Let’s Encrypt SSL certificates. To do this open the Add-Ons tab, find Domain Configuration Add-On and click on Change.
3. Specify your custom domain name in the popup window and apply the changes in order to initiate the certificate generation procedure.
Once it is completed the success window appears.
Now your video conferencing server is ready to serve requests under a new custom domain name with a valid Let’s Encrypt SSL certificate that is automatically renewed.
Jitsi Upgrade
Jitsi is a continuously developed project that regularly releases new versions with optimizations, fixes, security updates, etc. Obviously, you want to keep your Jitsi instance up-to-date to benefit from the latest features. So, let’s see how you can painlessly upgrade your existing Jitsi environment at Jelastic PaaS.
1. Click Import at the top of the dashboard and switch to the JPS tab within the opened window. Copy the Jitsi package manifest from GitHub and paste it into the frame.
To set your password for the Jitsi admin user, substitute the ${fn.password} variable (on the 23rd line) with the required value.
2. Click Import and install as a regular Jitsi package (i.e. as described above).
3. In order to keep the previously bounded public IP, you can swap addresses between old and new environments using either Jelastic CLI or API.
~/jelastic/environment/binder/swapextips --envName {env_name} --sourceNodeId {source_node_id} --targetNodeId {target_node_id}4. After swapping IPs, you need to reinstall Let’s Encrypt certificate for the new installation, which can be done through the pre-installed Domain Configuration add-on. Click Change and specify your custom domain in the opened frame.
Note: If working with Jitsi cluster, SSL is managed via the Jelastic Let’s Encrypt add-on. So this step should be skipped.
5. Ensure that your new Jitsi instance works as intended on the specified custom domain name and with a valid Let’s Encrypt SSL certificate.
6. If everything works fine, you can remove your “old” environment.
That’s all! You’ve successfully upgraded your Jitsi instance to the latest available version.
Launch your own secure, simple and scalable communication service with Jitsi hosted on a preferable Jelastic service provider.
Related Articles
Mattermost Free Hosting for 2 Months from HidoraMoodle Digital Learning Platform Free Hosting from InfomaniakVDI Hosting with 50% Discount from HosteurHow to Install Rocket.Chat Server for Team Communication500,000 Hacked Zoom Accounts Given Away For Free On The Dark WebZoom slammed for ‘mistakenly’ using data centers in ChinaWhat Is Jitsi and Is it More Secure Than Zoom?
