Running your own secure communication service with Matrix and Jitsi

jrepinc | 518 points

Extinction Rebellion switched to Jitsi, Matrix etc. From the slide at t=2078:


                      OWN3D           OWNED (self hosted)
  Team Chat           Slack           Mattermost (Team Edition)
  Cloud Storage       Google Drive    Nextcloud (2 instances)
  Collaborative docs  Google docs     Only Office Etherpad-Lite
  Surveys             Google Forms    LimeSurvey
  Video Conferencing  Zoom            Jitsi-Meet
  Webmail             Gmail, etc      Rainloop (Postfix, Dovecot)
  Collaborative Dev   Github          gitlab
  Mailinglist manager Mail Chimp      Mailtrain
  Actions/Operations  WhatsApp, Skype Signal, Wire
  Social              Twitter         Mastodon
  Video               Youtube         Peertube
  Site                                Jekyll
  Admin Gender        Bros            Any

> In this talk Julian will outline his work as sysadmin, systems and security architect for the climate and environmental defense movement Extinction Rebellion. Responsible for 30 server deployments in 11 months, including a community hub spanning dozens of national teams (some of which operate in extremely hostile conditions), he will show why community-owned free and open source infrastructure is mission-critical for the growth, success and safety of global civil disobedience movements.

smartbit | 2 months ago

Here are some text instructions:

Instead of generating the certs with prosody (there was some issue since my system uses p11-kit), I found it easier to just generate them all with certbot. update-ca-trust doesn't seem to correctly add them to the Java keystore and then you'll encounter problems. Certbot does. If you're on a debian based distro you shouldn't have to worry, however.

All you really have to do is copy/paste configs and then also change the url in the config.

Here's the process for adding the certs using p11-kit. and the comment below.

solinent | 2 months ago

Any suggestions on simple auth methods to avoid running an open Jitsi server?

Last time I tested it, it seemed to be very open by default, letting anyone create meetings. I got lost when digging deeper.

If I install-and-forget, I want to avoid situations where strangers are using my Jitsi server and overloading the system, or pretending to be our company. Last I checked, it was not possible to have simple auth, or monitor/list calls.

I also run an Asterisk VoIP server with a WebRTC bridge (because most Linux SIP clients have terrible usability). That can make one pretty paranoid :)

mgbmtl | 2 months ago

I think I may have found a typo in the instructions. Under the section for setting up the Matrix .well-known info, shouldn't the line:

  cat '{ "m.server": "" }' > server
be echo '{ "m.server": "" }' > server instead?
ThinkingGuy | 2 months ago

Does someone have experience running Jitsi with 4+ users? Like in conferences with maybe up to 12 people? Can it handle it?

deepersprout | 2 months ago

Tangentially, I wanted to run Jitsi Meet for some meetings and created an account on Digital Ocean, only for the account to be promptly locked with no access to a human for support...just automated replies rehashing the same text again and again for tickets saying that I could provide more information if I believed that was in error (with no responses after providing additional information). Now I'm looking at trying Linode. Any other provider recommendations are welcome.

AnonC | 2 months ago

What does matrix add to jitsi? Jitsi is already easy to run over https. Does this make it so you can't randomly enter rooms if you know the name and there is no password set?

xrd | 2 months ago

What would the hardware requirements for such a stack be?

Last I read was that synapse requires a lot to memory and I guess that managing audio/video streams will be cpu intensive.

chme | 2 months ago

I hope those things are much better than they used to be. Last I looked, they were a bunch of APIs glued together to look like a media server. No hard features; no guarantees. Almost a mockup of what a media switching server should look like on the outside; nothing inside.

JoeAltmaier | 2 months ago

> The installer magically detects you have nginx installed and adds in an appropriate vhost!

Yes, because those of us who run their own vidconf setup want automagically mangled nginx configs.

Other than that, thank you for the guide.

pmlnr | 2 months ago

I operate a matrix server but I recently found Jami which supposedly is p2p encrypted. Does anyone use it? Downsides?

sschueller | 2 months ago

So, what are the lines I need to add to my docker-compose.yaml ;)

teekert | 2 months ago

Hi guys and thanks for this tutorial. Has I'm new to docker and synapse but I would like to setup the same thing using docker but I'm not finding a clean step by step tutorial on how to do this.

My goal is to set in way I could use docker swarm in future. Any advises or links? thanks in advance

daagma | 2 months ago

Has anyone done a recent comparison of Jitsi and Janus? The only benchmark I can find is from 2018 and seemed a bit shallow. I’d be interested in seeing which one could deliver the best performance while running on a really cheap EC2 box. My guess would be Janus, since it’s C and Jitsi is Java, but maybe Jitsi has something about its architecture that gives it an edge.

Uehreka | 2 months ago
| 2 months ago

Why is Jitsi needed exactly, or it's handling server side video multiplexing? Matrix itself doesn't support it?

shmerl | 2 months ago

I have had a matrix instance on one of my servers running but integrating Jitsi was a real pain. And even when the integration is done correctly the user experience of using it within Matrix is at least weird. It appears as an "attachment" in the conversation and is very non-intuitive for everyone.

illuminated | 2 months ago

I just setup my own Jitsi server at Digital Ocean. It was easy and it works well.

My only tip is that you really have to get the DNS name right. There is no easy way to change it post install. I had a typo on the first pass.

Next step is securing the launch screen. Since it sits behind NGINX, do the configuration there.

joshuaellinger | 2 months ago

Can Jitsi be used as a streaming server?

A small number of people in a call, 3-5, streaming to thousands. Live podcasts etc?

KaoruAoiShiho | 2 months ago

For self hosting .. is there some sort of a guide available that helps understand the resourcing needs relative to concurrent active users?

I'd like to hop on this, and think it will work great, but would like to make sure there's a way to right size a particular installation.

j45 | 2 months ago

Is there a way to integrate a phone call-in number to Jitsi? Maybe via Twilio or something?

diafygi | 2 months ago

Can anyone comment on if this will run successfully on a raspberry pi 3 for a small number of users (<10)?

drcross | 2 months ago

It’s still a ways to go for non technical users. We tried Jitsi to mixed success. Some people had it work flawless the first time, others had to switch browsers, still others couldn’t use it at all, probably because of some privacy or cookie blocking extension.

Open source software needs to be as easy to use and configure as the alternative if they really hope to gain wise adoption.

3fe9a03ccd14ca5 | 2 months ago

is there any way to transfer e2e chats from homeserver account to my own server?

lousken | 2 months ago

Jitsi despite its frequent re-occurence here is a nightmare to configure with so many bells & whistle to setup just one basic functionality. Try setting it up with word-to-word instructions for setup & later SSL certs to work on your own iOS app of Jitsi meet without ripping your hair out.

villgax | 2 months ago

any recommendations on an sufficient instance size for 4-5 people to use it for comms?

eof | 2 months ago

There's also rocket chat! I love matrix, don't get me wrong...

macawfish | 2 months ago


daagma | 2 months ago

Sadly many schools etc probs won't use this since most schools lack proper it-staff.

Huijaaja42 | 2 months ago