Skip to main content

Self-Hosting Guide - Manual installation

Manual installation is not recommended

We recommend following the quick-install document. The current document describes the steps that are needed to install a working deployment, but steps are easy to mess up, and the debian packages are more up-to-date, where this document is sometimes not updated to reflect latest changes.

This describes configuring a server on a Debian-based distribution.
For other distributions you can adapt the steps (especially changing the dependencies package installations (e.g. for nginx) and paths accordingly) so that it matches your host's distribution.
You will also need to generate some passwords for YOURSECRET1, YOURSECRET2 and YOURSECRET3.

There are also some complete example config files available, mentioned in each section.

There are additional configurations to be done for a scalable installation.

Network description

This is how the network looks:

                   +                           +
| |
| |
v |
443 |
+-------+ |
| | |
| Nginx | |
| | |
+--+-+--+ |
| | |
+------------+ | | +--------------+ |
| | | | | | |
| Jitsi Meet +<---+ +--->+ prosody/xmpp | |
| |files 5280 | | |
+------------+ +--------------+ v
5222 ^ ^ 5222 10000
+--------+ | | +-------------+
| | | | | |
| jicofo +----^ ^----+ videobridge |
| | | |
+--------+ +-------------+

Install prosody

apt-get install prosody

Configure prosody

Add config file in /etc/prosody/conf.avail/ :

  • add your domain virtual host section:
VirtualHost ""
authentication = "anonymous"
ssl = {
key = "/var/lib/prosody/";
certificate = "/var/lib/prosody/";
modules_enabled = {
c2s_require_encryption = false
  • add domain with authentication for conference focus user:
VirtualHost ""
ssl = {
key = "/var/lib/prosody/";
certificate = "/var/lib/prosody/";
authentication = "internal_hashed"
  • add focus user to server admins:
admins = { "" }
  • and finally configure components:
Component "" "muc"
Component ""
component_secret = "YOURSECRET1"
Component ""
component_secret = "YOURSECRET2"

Add link for the added configuration

ln -s /etc/prosody/conf.avail/ /etc/prosody/conf.d/

Generate certs for the domain:

prosodyctl cert generate
prosodyctl cert generate

Add to the trusted certificates on the local machine:

ln -sf /var/lib/prosody/ /usr/local/share/ca-certificates/
update-ca-certificates -f

Note that the -f flag is necessary if there are symlinks left from a previous installation.

If you are using a JDK package not provided by Debian, as the ones from adoptjdk, you should also make your JDK aware of the new debian certificate keystore replacing or linking the JDK cacerts. Example, if you use JDK from adoptjdk:

cd /usr/lib/jvm/adoptopenjdk-8-hotspot-amd64/jre
ln -sf /etc/ssl/certs/java/cacerts lib/security/cacerts

Create conference focus user:

prosodyctl register focus YOURSECRET3

Restart prosody XMPP server with the new config

prosodyctl restart

Install Nginx

apt-get install nginx

Add a new file in /etc/nginx/sites-available (see also the example config file):

server_names_hash_bucket_size 64;

server {
listen ssl http2;
listen [::]:443 ssl http2;
# tls configuration that is not covered in this guide
# we recommend the use of
# set the root
root /srv/jitsi-meet;
index index.html;
location ~ ^/([a-zA-Z0-9=\?]+)$ {
rewrite ^/(.*)$ / break;
location / {
ssi on;
# BOSH, Bidirectional-streams Over Synchronous HTTP
location /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# external_api.js must be accessible from the root of the
# installation for the electron version of Jitsi Meet to work
location /external_api.js {
alias /srv/jitsi-meet/libs/external_api.min.js;

Add link for the added configuration

cd /etc/nginx/sites-enabled
ln -s ../sites-available/

Install Jitsi Videobridge


This method is no longer supported. You can either install the JVB from and follow these Instructions or clone the repo and build it manually.

Visit to determine the current build number, download and unzip it:

unzip jitsi-videobridge-linux-{arch-buildnum}.zip

Install JRE if missing:

apt-get install openjdk-8-jre

NOTE: When installing on older Debian releases keep in mind that you need JRE >= 1.7.

Create ~/.sip-communicator/ in the home folder of the user that will be starting Jitsi Videobridge:

mkdir -p ~/.sip-communicator
cat > ~/.sip-communicator/ << EOF
# The videobridge uses 443 by default with 4443 as a fallback, but since we're already
# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition

Start the videobridge with:

./ --host=localhost --secret=YOURSECRET1 &

Or autostart it by adding the line in /etc/rc.local:

/bin/bash /root/jitsi-videobridge-linux-{arch-buildnum}/ --host=localhost --secret=YOURSECRET1 </dev/null >> /var/log/jvb.log 2>&1

Install Jitsi Conference Focus (jicofo)

Install JDK and Maven if missing:

apt-get install openjdk-8-jdk maven

NOTE: When installing on older Debian releases keep in mind that you need JDK >= 1.7.

Clone source from Github repo:

git clone

Build the package.

cd jicofo
mvn package -DskipTests -Dassembly.skipAssembly=false

Run jicofo:

unzip target/
cd jicofo-1.1-SNAPSHOT-archive'
./ --host=localhost --secret=YOURSECRET2 --user_name=focus --user_password=YOURSECRET3

Deploy Jitsi Meet

Checkout and configure Jitsi Meet:

cd /srv
git clone
cd jitsi-meet
npm install

NOTE: When installing on older distributions keep in mind that you need Node.js >= 12 and npm >= 6.

Edit host names in /srv/jitsi-meet/config.js (see also the example config file):

var config = {
hosts: {
domain: '',
muc: '',
bridge: '',
focus: ''
useNicks: false,
bosh: '//', // FIXME: use xep-0156 for that
//chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension
//minChromeExtVersion: '0.1' // Required version of Chrome extension

Verify that nginx config is valid and reload nginx:

nginx -t && nginx -s reload

Running behind NAT

Jitsi Videobridge can run behind a NAT, provided that both required ports are routed (forwarded) to the machine that it runs on. By default these ports are TCP/4443 and UDP/10000.

If you do not route these two ports, Jitsi Meet will only work with video for two people, breaking upon 3 or more people trying to show video.

TCP/443 is required for the webserver which can be running on another machine than the Jitsi Videobrige is running on.

The following extra lines need to be added to the file ~/.sip-communicator/ (in the home directory of the user running the videobridge):<Local.IP.Address><Public.IP.Address>

Hold your first conference

You are now all set and ready to have your first meet by going to

Enabling recording

Jibri is a set of tools for recording and/or streaming a Jitsi Meet conference.