Video conferencing platforms like Zoom, Google Meet, and Teams collect metadata, record calls, and process data through corporate servers. Jitsi Meet is a fully open-source, end-to-end encrypted video conferencing solution you can self-host on your own server. Once set up, you control the infrastructure — no third party has access to your calls.
Why Self-Host Jitsi?
- No accounts required — guests join with a link
- End-to-end encryption available for calls up to 200 participants
- No data collection — you own the server and logs
- Custom domain — host at
meet.yourdomain.com - Free and open source — Apache 2.0 licensed
Server Requirements
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4+ cores |
| RAM | 4 GB | 8 GB |
| Storage | 20 GB | 40 GB |
| Bandwidth | 1 Gbps | 1 Gbps |
| OS | Ubuntu 22.04 LTS | Ubuntu 22.04 LTS |
A VPS from Hetzner, DigitalOcean, or Vultr with 4 GB RAM handles 10–15 simultaneous participants comfortably. Scale up for larger calls.
Prerequisites
- A domain name pointed to your server (e.g.,
meet.example.com) - DNS A record:
meet.example.com → your.server.ip - A fresh Ubuntu 22.04 server
- Root or sudo access
Installation
Step 1: Set Hostname
sudo hostnamectl set-hostname meet.example.com
echo "your.server.ip meet.example.com" | sudo tee -a /etc/hostsStep 2: Add Jitsi Repository
curl https://download.jitsi.org/jitsi-key.gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/jitsi-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" | \
sudo tee /etc/apt/sources.list.d/jitsi-stable.list
sudo apt updateStep 3: Install Jitsi Meet
sudo apt install jitsi-meetDuring installation, you will be prompted for:
- Hostname: Enter
meet.example.com - SSL certificate: Choose “Generate a new self-signed certificate” — you’ll replace this with Let’s Encrypt next
Step 4: Install Let’s Encrypt SSL Certificate
sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.shEnter your email when prompted. This installs Certbot and configures automatic renewal.
Firewall Configuration
Open the required ports:
sudo ufw allow 80/tcp # HTTP (Let's Encrypt renewal)
sudo ufw allow 443/tcp # HTTPS
sudo ufw allow 10000/udp # Jitsi media (JVB)
sudo ufw allow 4443/tcp # Jitsi fallback (TCP media)
sudo ufw enableConfiguring the TURN Server (Critical for NAT Traversal)
Without a TURN server, users behind strict firewalls or NAT cannot connect. Install coturn:
sudo apt install coturnEdit /etc/turnserver.conf:
listening-port=3478
tls-listening-port=5349
fingerprint
lt-cred-mech
realm=meet.example.com
server-name=meet.example.com
cert=/etc/letsencrypt/live/meet.example.com/fullchain.pem
pkey=/etc/letsencrypt/live/meet.example.com/privkey.pem
log-file=/var/log/turnserver/turnserver.log
no-multicast-peers
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=172.16.0.0-172.31.255.255Generate a strong secret for TURN authentication:
openssl rand -hex 32Add to /etc/turnserver.conf:
static-auth-secret=YOUR_GENERATED_SECRET_HEREEnable and start coturn:
sudo systemctl enable coturn
sudo systemctl start coturnLink TURN to Jitsi
Edit /etc/jitsi/meet/meet.example.com-config.js:
p2p: {
enabled: true,
stunServers: [
{ urls: 'stun:meet.example.com:3478' }
]
},Edit /etc/jitsi/videobridge/sip-communicator.properties:
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet.example.com:3478Enabling End-to-End Encryption
Jitsi Meet supports E2EE using the Insertable Streams Web API. Enable it in the config:
// /etc/jitsi/meet/meet.example.com-config.js
e2eeLabels: {
e2ee: 'Video Bridge Encryption',
labelToolTip: 'Audio and Video Communication on this call is encrypted...',
description: 'Enable end-to-end encryption.',
label: 'Enable end-to-end encryption',
warning: 'WARNING: End-to-end encryption is enabled...'
},Users must click the lock icon in the Jitsi UI to enable E2EE for their session.
Restricting Room Creation (Authentication)
By default, anyone who knows your URL can create rooms. Restrict creation to authenticated users:
Edit /etc/prosody/conf.avail/meet.example.com.cfg.lua:
VirtualHost "meet.example.com"
authentication = "internal_plain"Add a guest domain below it:
VirtualHost "guest.meet.example.com"
authentication = "anonymous"
c2s_require_encryption = falseCreate admin users:
sudo prosodyctl register admin meet.example.com STRONGPASSWORDRestart services:
sudo systemctl restart prosody jicofo jitsi-videobridge2Keeping Jitsi Updated
sudo apt update && sudo apt upgrade jitsi-meet jitsi-videobridge2 jicofoJitsi releases updates frequently — subscribe to their GitHub releases page or check monthly.
Testing Your Instance
Open https://meet.example.com in a browser. Create a room and invite a participant. Use WebRTC Internals (chrome://webrtc-internals or about:webrtc in Firefox) to verify ICE candidates are connecting correctly and media is flowing.
Final Thoughts
A self-hosted Jitsi Meet instance gives you complete control over your video communications with no data collected by third parties. The setup takes under an hour on a fresh server and produces a production-ready video conferencing platform with E2EE support, no account requirements, and full audit control over your infrastructure.