Using Jitsi Meet with Puppet for self-hosted video conferencing

2020-04-09 - Louis-Philippe Véronneau

Here's a blog post I wrote for the blog. Many thanks to Ben Ford and all their team!.

With everything that is currently happening around the world, many of us IT folks have had to solve complex problems in a very short amount of time. Pretty quickly at work, I was tasked with finding a way to make virtual meetings easy, private and secure.

Whereas many would have turned to a SaaS offering, we decided to use Jitsi Meet, a modern and fully on-premise FOSS videoconferencing solution. Jitsi works on all platforms by running in a browser and comes with nifty Android and iOS applications.

We've been using our instance quite a bit, and so far everyone from technical to non-technical users have been pretty happy with it.

Jitsi Meet is powered by WebRTC and can be broken into multiple parts across multiple machines if needed. In addition to the webserver running the Jitsi Meet JavaScript code, the base configuration uses the Videobridge to manage users' video feeds, Jicofo as a conference focus to manage media sessions and the Prosody XMPP server to tie it all together.

Here's a network diagram I took from their documentation to show how those applications interact:

A network diagram that shows how the different bits of jitsi meet work together

Getting started with the Jitsi Puppet module

First of all, you'll need a valid domain name and a server with decent bandwidth. Jitsi has published a performance evaluation of the Videobridge to help you spec your instance appropriately. You will also need to open TCP ports 443, 4443 and UDP port 10000 in your firewall. The puppetlabs/firewall module could come in handy here.

Once that is done, you can use the smash/jitsimeet Puppet module on a Debian 10 (Buster) server to spin up an instance. A basic configuration would look like this:

  class { 'jitsimeet':
    fqdn                 => '',
    repo_key             => puppet:///files/apt/jitsimeet.gpg,
    manage_certs         => true,
    jitsi_vhost_ssl_key  => '/etc/letsencrypt/live/'
    jitsi_vhost_ssl_cert => '/etc/letsencrypt/live/'
    auth_vhost_ssl_key   => '/etc/letsencrypt/live/'
    auth_vhost_ssl_cert  => '/etc/letsencrypt/live/'
    jvb_secret           => 'mysupersecretstring',
    focus_secret         => 'anothersupersecretstring',
    focus_user_password  => 'yetanothersecret',
    meet_custom_options  => {
      'enableWelcomePage'         => true,
      'disableThirdPartyRequests' => true,

The jitsimeet module is still pretty young: it clearly isn't perfect and some external help would be very appreciated. If you have some time, here are a few things that would be nice to work on:

  • Tests using puppet-rspec
  • Support for other OSes (only Debian 10 at the moment)
  • Integration with the Apache and Ngnix modules

If you use this module to manage your Jitsi Meet instance, please send patches and bug reports our way!

Learn more