This tutorial is going to show you how to install Jitsi Meet on Ubuntu 22.04 server. Jitsi Meet is a free open-source video conferencing software that works on Linux, macOS, Windows, iOS, and Android. If you don’t trust Zoom, you can run your own video conferencing platform on your own server.
Features of Jitsi Meet
You can embed a Jits Meet call into any webpage with just a few lines of code.
Completely free of charge
Share your computer screen with others.
The presenter mode allows you to share your screen and camera at the same time, so attendees can see the presenter and their body language throughout the presentation.
You can share the system audio while sharing your screen.
You can assign authorized users as moderators. A moderator can mute every participant with one click.
Communication over the network is encrypted using DTLS-SRTP.
End-to-end encryption (work in progress)
You can set a password for your conference to prevent random strangers from coming in.
Record the meeting/conference and save it to Dropbox.
Stream to YouTube Live and store the recording on YouTube.
Android and iOS apps
Text chatting
Share text document
Telephone dial-in to a conference
Dial-out to a telephone participant
Requirements of Installing Jitsi Meet on Ubuntu 22.04
To run Jitsi Meet, you need a server with at least 1GB RAM. If you are looking for a virtual private server (VPS), I recommend Hetzner VPS
Step 1: Install Jitsi Meet from the Official Package Repository
Jitsi Meet isn’t included in the default Ubuntu repository. We can install it from the official Jitsi package repository, which also contains several other useful software packages. Log into your server via SSH, then run the following command to add the official Jitsi repository.
echo 'deb https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list
Import the Jitsi public key, so the APT package manager can verifiy the integrity of packages downloaded from this repository.
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
Because the Jitsi repository requires HTTPS connection so we need to install apt-transport-https
package to make APT establish HTTPS connection to the Jitsi repository.
sudo apt install apt-transport-https
Next, update local package index and install Jitsi Meet on Ubuntu.
sudo apt update
sudo apt install jitsi-meet
During the installation, you need to enter a hostname for your Jitsi instance. This is the hostname that will appear in the web browser address bar when attendees join your video conference. You can use a descriptive hostname like meet.example.com
.

In the next screen, you can choose to generate a new self-signed TLS certificate, so later you can obtain and install a trusted Let’s Encryption certificate.

The installation process will configure some Linux kernel parameters, which is saved to the /etc/sysctl.d/20-jvb-udp-buffers.conf
file. Once the installation is complete, Jitsi Meet will automatically start. You can check its status with:
systemctl status jitsi-videobridge2
Sample Output:
● jitsi-videobridge2.service - Jitsi Videobridge
Loaded: loaded (/lib/systemd/system/jitsi-videobridge2.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-07-15 19:34:00 HKT; 41s ago
Process: 22568 ExecStartPost=/bin/bash -c echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridg>
Main PID: 22567 (java)
Tasks: 56 (limit: 65000)
Memory: 224.3M
CPU: 17.815s
CGroup: /system.slice/jitsi-videobridge2.service
Hint: If the above command doesn’t quit immediately, you can press the Q key to make it quit.
The jitsi-meet
package also installs other packages as dependencies, such as
- openjdk-8-jre-headless: Java runtime environment. It’s needed because Jitsi Meet is written in the Java language.
- jicofo: Jitsi conference Focus (
systemctl status jicofo
) - prosody: Lightweight Jabber/XMPP server (
systemctl status prosody
) - coturn: TURN and STUN server for VoIP
- Nginx:
/etc/nginx/sites-enabled/meet.example.com.conf
Step 2: Install Coturn Server
Coturn is a free open-source TURN and STUN server for VoIP. Jitsi doesn’t install cotorn automatically on Ubuntu 22.04. We need to install it manually.
Download coturn deb package.
wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/c/coturn/coturn_4.5.2-3.1_amd64.deb
Install it with apt.
sudo apt install ./coturn_4.5.2-3.1_amd64.deb
Install the jitsi-meet-turnserver
package.
sudo apt install jitsi-meet-turnserver
During installation, Jitsi will automatically configure coturn server (/etc/turnserver.conf
).
Step 3: Open Ports in Firewall
Jitsi Meet listens on several UDP ports. To allow attendees to join a video conference from a web browser, you need to open TCP port 80 and 443. And to transfer video over the network, open UDP port 10000 and TCP port 5349. The Coturn server also needs to open the UDP 3478 port.
If you are using the UFW firewall, then run the following command to open these ports.
sudo ufw allow 22,80,443,5349/tcp
sudo ufw allow 10000,3478/udp
Step 4: Obtain a Trusted Let’s Encrypt TLS Certificate
Go to your DNS hosting service (usually your domain registrar) to create DNS A record for your Jitsi hostname (meet.example.com). Then run the following script to obtain a trusted Let’s Encrypt TLS certificate:
sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
Enter your email address to receive important account notifications. Then it will install certbot
and obtain TLS certificate.

If everything is ok, you will see the following message, indicating the TLS certificate has been successfully obtained and installed.

Note that this script uses the http-01
challenge, which means your Apache or Nginx web server needs to listen on port 80 of the public IP address. If your server environment doesn’t support the http-01
challenge, then you should not run the above script. You need to use other challenge types. In my case, I use the DNS challenge.
sudo certbot --agree-tos -a dns-cloudflare -i nginx --redirect --hsts --staple-ocsp --email me@armantasciyan.com -d meet.armantasciyan.com
Where:
--agree-tos
: Agree to terms of service.-a dns-cloudflare
: I use the cloudflare DNS plugin to authenticate because I use Cloudflare DNS service.-i nginx
: Use the nginx plugin to install the TLS certificate. If you use Apache, you need to replacenginx
withapache
.--redirect
: Force HTTPS by 301 redirect.--hsts
: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.--staple-ocsp
: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.
If you obtain TLS certificate by running the certbot command, then you need to update the TLS certificate and key file in
/etc/nginx/sites-enabled/meet.example.com.conf
-
/etc/turnserver.conf
/etc/prosody/conf.d/meet.armantasciyan.com.cfg.lua
Make sure the prosody
, jicofo
and jvb
user can read the TLS certificate files.
sudo apt install acl
sudo setfacl -R -m u:prosody:rx /etc/letsencrypt/live /etc/letsencrypt/archive/
sudo setfacl -R -m u:jicofo:rx /etc/letsencrypt/live /etc/letsencrypt/archive/
sudo setfacl -R -m u:jvb:rx /etc/letsencrypt/live /etc/letsencrypt/archive/
Don’t forget to restart these services.
sudo systemctl restart nginx coturn prosody jitsi-videobridge2 jicofo
Step 5: Enable HTTP2
HTTP2 can improve web page loading speed. To enable HTTP2 in Nginx, edit the virtual host config file.
sudo nano /etc/nginx/sites-enabled/meet.example.com.conf
Find the following two lines.
listen 443 ssl;
listen [::]:443 ssl;
Add http2 at the end.
listen 443 ssl http2;
listen [::]:443 ssl http2;
By default, the Jitsi Meet virtual host logs to the standard Nginx log files (/var/log/nginx/access.log
). It’s recommended to use a separate log file by adding the following two lines.
access_log /var/log/nginx/jitsi-meet.access
error_log /var/log/nginx/jitsi-meet.error
Save and close the file. Then reload Nginx for the change to take effect.
sudo systemctl reload nginx
Step 5: Start a New Online Meeting
Now visit https://meet.example.com
and you will be able to start a conference. To transfer audio, you need to allow the web browser to use your microphone. And to tranfer video, you need to allow the web browser to access your camera.

Give your meeting a name and click the Go button. After the meeting is started, you can optionally choose to set a password for your meeting.
Troubleshooting Tips
If you encounter errors, you can check the error log to find out what’s wrong.
/var/log/nginx/jitsi-meet.access
/var/log/nginx/jitsi-meet.error
/var/log/jitsi/jicofo.log
/var/log/jitsi/jvb.log
You can also check the logs of the systemd services.
sudo journalctl -eu jitsi-videobridge2
sudo journalctl -eu prosody
sudo journalctl -eu jicofo
sudo journalctl -eu coturn
For example, you might see the following error in the Prosody journal logs.
prosody[71580]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
prosody[71580]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
You need to edit the /etc/prosody/conf.d/meet.example.com.cfg.lua
file.
sudo nano /etc/prosody/conf.d/meet.example.com.cfg.lua
Find the following lines.
ssl = {
protocol = "tlsv1_2+";
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
}
Add the TLS certificate and key file.
ssl = {
protocol = "tlsv1_2+";
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
certificate = "/etc/letsencrypt/live/meet.linuxbabe.com/fullchain.pem";
key = "/etc/letsencrypt/live/meet.linuxbabe.com/privkey.pem";
}
Save and close the file. Then restart Prosody.
sudo systemctl restart prosody
Hint: Some folks forget to replace meet.example.com
with their real Jisti Meet hostname, which can also cause errors.
Step 6: Set Up User Authentication
By default, anyone can go to your Jitsi Meet instance, create a room and start a meeting. To set up user authentication, edit the Prosody configuration file.
sudo nano /etc/prosody/conf.d/meet.example.com.cfg.lua
Find the following line.
authentication = "anonymous"
Change it to the following, which will require the user to enter username and password to start a conference.
authentication = "internal_hashed"
However, we don’t want attendees to enter username and password when joining the conference, so we need to create an anonymous login for guests, by adding the following lines at the end of this file. Note that you don’t need to create DNS A record for guest.meet.example.com
.
VirtualHost "guest.meet.example.com"
authentication = "anonymous"
c2s_require_encryption = false

Save and close the file. Restart the systemd services for the changes to take effect.
sudo systemctl restart jitsi-videobridge2 prosody jicofo
To create user accounts in Jisi Meet, run the following command. You will be prompted to enter a password for the new user.
sudo prosodyctl register username meet.example.com
If you encounter this error: Account creation/modification not supported
, it’s probably because the authentication
parameter is still set to anonymous
, or the virtual host name is wrong.
Now if you create a room in Jitsi Meet, you need to click the I am the host button.

Then enter a username and password.

Optional: Set Up Jigasi For Telephone Dial-in or Dial-Out
Jitsi offers a telephony interface that allows users to dial into a conference or place dial-out reminder calls. Install the jigasi
package (Jitsi gateway for SIP).
sudo apt install jigasi
During the installation, you will need to enter your SIP username and password. If you don’t have one, you can create a free SIP account at OnSIP.com.

If you have set up user authentication in step 6, then you need to edit Jigasi configuration file.
sudo nano /etc/jitsi/jigasi/sip-communicator.properties
Find the following lines.
# org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
# org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
# org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
Uncomment them and enter an account and password that you created in step 6.
org.jitsi.jigasi.xmpp.acc.USER_ID=user1@meet.example.com
org.jitsi.jigasi.xmpp.acc.PASS=user1_password
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
Save and close the file. Restart the jigasi
systemd service.
sudo systemctl status jigasi
Optional: Configure Coturn
If you see the following message during the installation of Jitsi Meet, you need to configure Coturn to make it work properly.
Warning! Could not resolve your external ip address! Error:^
Your turn server will not work till you edit your /etc/turnserver.conf config file.
You need to set your external ip address in external-ip and restart coturn service.
Edit the Coturn configuration file.
sudo nano /etc/turnserver.conf
Find the following line.
external-ip=127.0.0.1
Replace 127.0.0.1 with your server’s public IP address. Save and close the file. Then restart Coturn.
sudo systemctl restart coturn