Cloud Server with Jitsi Meet

Jitsi Meet is a fully encrypted, open source video conferencing solution.

You can create a cloud server with an out-of-the-box Jitsi Meet application.

Create a cloud server with Jitsi Meet⁠

You can create a cloud server with Jitsi Meet:

with access from the Internet. To do this, you need to create a private subnet and connect a public IP address — you can do this when creating the server. After the server is created, a free TLS certificate from Let's Encrypt® will be automatically issued for the domain you specify. To issue the certificate, you need to add an A-record for the domain and specify the public IP address of the server in the record value. The domain can be added to Selectel's DNS hosting service;
in a private subnet without access from the Internet. After the server is created, no TLS certificate from Let's Encrypt® will be issued, but you can add a custom certificate yourself.

To configure Jitsi Meet when creating a server, you need to specify user data — custom configuration settings for the server operating system.

For a server with access from the Internet, you will need to configure mandatory authorization and create users with the ability to create a conference. For a server on a private subnet, authorization can be disabled — Jitsi Meet can be accessed by domain name.

In the Control panel, on the top menu, click Products and select Cloud Servers.
Click Create Server.
In the Name and Location block:

3.1 In the Name field, enter the name of the server. This will be set as the host name in the operating system.

3.2 In the Region and Pool fields, select the region and pool segment in which the server will be created. The list of available server configurations and resource costs depends on the pool segment. Once the server is created, the pool segment cannot be changed.
In the Source block, select the source from which the server will be created.

Click the default source name, open the Applications tab, select Jitsi <version>, and click Select.
In the Configuration block, select a server configuration of 4 vCPUs, RAM of 8 GB, and boot disk size of 10 GB or more:
- fixed configuration — rulers in which the ratio of resources is fixed;
- or an arbitrary configuration in which any resource ratio can be specified.
The configurations use different processors depending on the line and pool segment.

5.1 To select a fixed configuration, click Fixed, open the tab with the desired ruler and select the configuration.

5.2 To select an arbitrary configuration, click Arbitrary, specify the number of vCPUs and the RAM size.

5.3 To select a local disk as the server boot disk, check the Local SSD NVMe disk checkbox . To select a network disk as the boot disk, do not check the checkbox.

The amount of RAM allocated to the server may be less than the amount specified in the configuration — the operating system kernel reserves some RAM depending on the kernel version and distribution. You can check the allocated amount on the server with sudo dmesg | grep Memory.

After the server is created, you can change the configuration.
If you did not check the Local SSD NVMe disk checkbox in step 5.3., the first specified network disk will be used as the server boot disk. In the Disks:

6.1. In the Disk Type field, select the type of network boot disk.

6.2 Specify the size of the network boot disk in GB or TB. Observe the maximum size limits for network disks.
Optional: Add additional network disks to the server. In the Disks:

7.1. In the Disk Type field, select the network disk type.

7.2 Specify the size of the network disk in GB or TB. Observe the maximum size limits of the network disks.

7.3 To add another additional disk, click Add, select the disk type and specify its size.

Once the server is created, you can disconnect additional disks from it or connect new ones.
In the Network block, connect an existing private subnet with the cloud router or create a new one:
- Existing private subnet
- New private subnet
8.1 Click Private Subnet.
8.2. In the Public IP Address for Internet Access field, select New Public IP Address.
8.3. Expand the block with private subnet settings.
8.4. In the Subnet field, select an existing subnet.
8.5. In the Private IP field, specify the private IP address of the server. The public IP address will be automatically connected to the private address.
Select security groups to filter traffic on server ports. Without security groups, traffic will not be allowed. If there is no block, port security is disabled on the server network . With traffic filtering disabled, all traffic will be allowed.
In the Access block:

10.1 Place an SSH key on the server for secure connection.

To add a new SSH key to the cloud platform, click Add SSH Key, enter the key name, paste the public SSH key in OpenSSH format, and click Add.

If an SSH key is added to the cloud platform, select the existing key in the SSH Key field.

10.2 Optionally: in the Password for "root" field, copy the password of the root user (a user with unlimited rights to all actions on the system). Save the password in a safe place and do not pass it on in public.
In the Advanced Settings block:

11.1 Optional: If you plan to create multiple servers and want to increase the fault tolerance of your infrastructure, add a server to a placement group. To create a new group, click Create Group, enter a group name, and select a placement policy on different hosts:
- preferably soft-anti-affinity. The system will try to place servers on different hosts. If there is no suitable host when creating a server, it will be created on the same host;
- anti-affinity is mandatory. Servers in a group must be located on different hosts. If there is no suitable host when creating a server, the server will not be created.
If a group has been created, select a placement group in the Placement Group field.

11.2 Optional: add server tags to add additional information or filter servers in the list. Operating system and configuration tags are automatically added. To add a new tag, enter a tag in the Tags field.
In the Automation block, in the User data field, insert the script that will be executed when the system boots:
- Creating a server with access from the Internet
- Creating a server without access from the Internet
#cloud-config write_files: - path: "/opt/gomplate/values/user-values.yml" permissions: "0644" content: | jitsi_HTTP_PORT: "80" jitsi_HTTPS_PORT: "443" jitsi_TZ: "<time_zone>" jitsi_PUBLIC_URL: "<jitsi_meet_public_url>" jitsi_IP: "<public_ip_address>" jitsi_ENABLE_HTTP_REDIRECT: "1" letsencrypt: enable: true letsencryptDomain: "<example.com>" letsencryptEmail: "<root@example.com>" auth: enable: true
Specify:
- <time_zone> — time zone, e.g. UTC;
- <jitsi_meet_public_url> — Jitsi Meet public URL in the format https://jitsi.example.com;
- <public_ip_address> — The public IP address that you specified in step 8. You can view it in the control panel in the top menu, click Products → Cloud Servers → Network → tab Public IP addresses;
- letsencrypt: enable: true — parameter to automatically issue a TLS certificate from Let's Encrypt®;
- <example.com> — domain to access Jitsi Meet. For the domain, you must add an A record and specify the public IP address you specified in step 8 in the record value. If the domain is added to Selectel DNS hosting (actual), use the instructions Add a resource record. After the server is created, a TLS certificate from Let's Encrypt® will be automatically issued for the domain;
- <root@example.com> — Jitsi Meet administrator email to create an account and receive Let's Encrypt® notifications;
- auth: enable: true — parameter to enable mandatory authorization for conference creation.
#cloud-config write_files: - path: "/opt/gomplate/values/user-values.yml" permissions: "0644" content: | jitsi_HTTP_PORT: "80" jitsi_HTTPS_PORT: "443" jitsi_TZ: "<time_zone>" jitsi_PUBLIC_URL: "<jitsi_meet_private_url>" jitsi_IP: "<private_ip_address>" jitsi_ENABLE_HTTP_REDIRECT: "1" letsencrypt: enable: false
Specify:
- <time_zone> — time zone, e.g. UTC;
- <jitsi_meet_private_url> — Jitsi Meet private URL in the format of https://meet.local;
- <private_ip_address> — the private IP address you specified in step 8. You can view it in the control panel in the top menu, click Products → Cloud Servers → Network → tab Private Networks;
- letsencrypt: enable: false — parameter specifies that the TLS certificate from Let's Encrypt® will not be issued. It is possible to add a custom certificate.
Check the price of the cloud server.
Click Create.

Create a user with the ability to create a conference⁠

If the cloud server with Jitsi Meet has access from the internet, create users who can create video conferences.

Connect to the cloud server.
Log in as root user.
Create a user with the ability to create a conference:
```
docker exec jitsi-prosody-1 prosodyctl --config /config/prosody.cfg.lua register <username> meet.jitsi <password>
```
Specify:
- <username> — login of the new user;
- <password> — password for the new user.

Access Jitsi Meet⁠

If the cloud server with Jitsi Meet does not have access from the internet, you can access Jitsi Meet by domain name. To do this:

create an A-record on the local DNS server for the Jitsi Meet private URL in the format https://meet.local;
or add an A-record to the hosts file on the clients.

Add a custom certificate⁠

A custom certificate can be added to a cloud server with Jitsi Meet.

If you are using a full certificate chain and private key in .pem format, rename them to cert.crt and cert.key.
Connect to the cloud server.
Log in as root user.
Copy the cert.crt and cert.key files to the /opt/jitsi/data/.jitsi-meet-cfg/web/keys folder
Perform a programmatic reboot the cloud server.

Cloud Server with Jitsi Meet

Create a cloud server with Jitsi Meet⁠​

Create a user with the ability to create a conference⁠​

Access Jitsi Meet⁠​

Add a custom certificate⁠​

Create a cloud server with Jitsi Meet⁠

Create a user with the ability to create a conference⁠

Access Jitsi Meet⁠

Add a custom certificate⁠