FicusOnline Blog

Linux, opensource projects tips 

2020/08/10  Android, Docker, Server, WEB Design

Construct Jitsi which is an open source web conference system on Docker. The conference systems like Zoom and Webex are supplied as free service, althoug in these services, there are some restrictions of time, members and so on to use. The merits for constructing the Jitsi web conference system are no limit to use, in addition, if you need, you could extend the system resources and functions and tweak any codes. Jitsi works on web browser, android OS and Apple iOS.

Jitsi web conference system is composed of the following 5 blocks. the web container works based on the image which put Nginx and Jitsi-Meet together and other container works based on each image of Prosody, Jicofo and VideoBridge. Network communication for SSL (Let's Encrypt) is established via Nginx reverse proxy.

  1. Jitsi-Meet: Web Interface files
  2. Nginx: Web Server
  3. Prosody: XMPP Server
  4. Jicofo: Exchange Users Session, Allocate Video Stream Channel
  5. Jvb:Jitsi Video Bridge, Video Stream Server, Monitor and Control Bandwidth


Port Description
5222 Prosody Clent Listening Port
5280 Prosody Server Listening Port
5347 Prosody Components



Port Description
443 Jitsi Video Bridge Harvester Port
5347 Prosody Components
4443 Jitsi Video Bridge Harvester Port
10000-20000/UDP Web RTC / ICE



Port Description
5222 Prosody Client Port
5347 Prosody Components



Port Description
80 Nginx Listening Port
5280 Prosody Server Listening Port


Install process is like the following.

  1. Configure Nginx Reverse Proxy
  2. SSL Certification by Certbot
  3. Download Jitsi Meet on Docker and Create .env file and docker-compose file
  4. Confirmation of Jitsi Working

Jitsi Meet on Docker

Jitsi Meet


1.Configure Nginx Reverse Proxy

In advance, got the domain for Jitsi system. Prepare another machine for Nginx reverse proxy(in this case, it also works as a docker container, if you don't need to work it as a container, omit the docker command portions) in the same as the network of the machine installed Jitsi.

Create new nginx configuration file for Jitsi domain /etc/nginx/conf.d/jitsi-example.conf (the name is arbitrary)

server {

    server_tokens off;
    # access_log  /var/log/nginx/;
    # error_log   /var/log/nginx/ error;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;



2.SSL Certification by Certbot

Get the SSL Certification for Jitsi domain name by Certbot. Implement the following command on the machine installed nginx reverse proxy(nginx in the docker container)

$ docker exec -ti nginx bash
# certbot --nginx -d

Certbot renew the configuration file of nginx automatically as the following.

server {

    server_tokens off;
    # access_log  /var/log/nginx/;
    # error_log   /var/log/nginx/ error;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    return 404; # managed by Certbot



The SSL certification of Let's Encrypt will be expired after 90 days, add the renewal script in the system cron job on the machine installed nginx reverse proxy.

#certbot in nginx docker
0 1 * * * docker exec nginx bash -c "certbot renew >> /var/log/letsencrypt/renew.log"


3.Download Jitsi Meet on Docker and Create .env file and docker-compose file

Clone or download the latest stable Jitsi branch into the arbitrary directory.

$ git clone -b stable-4857 --single-branch

Move into docker-jitsi-meet directory and create .env file.

$ cd docker-jitsi-meet
$ cp env.example .env

Implement the password script for additing the passwords for security in .env file.

$ ./

Modyfy .env file in accordance with your environment. For the SSL network connection is established by the reverse proxy, the following modifications related to SSL are important.



Will be like the below(extract the portion).

# Basic configuration options

# Directory where all configuration will be stored

# Exposed HTTP port

# Exposed HTTPS port

# System time zone

# Public URL for the web service

# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the README

# Control whether the lobby feature should be enabled or not

# Let's Encrypt configuration

# Enable Let's Encrypt certificate generation

# Domain for which to generate the certificate

# E-Mail for receiving important account notifications (mandatory)

# Authentication configuration (see handbook for details)

# Enable authentication

# Enable guest access

# Select authentication type: internal, jwt or ldap

# Advanced configuration options (you generally don't need to change these)

# Disable HTTPS: handle TLS connections outside of this setup

# Redirect HTTP traffic to HTTPS
# Necessary for Let's Encrypt, relies on standard HTTPS port (443)

# Container restart policy
# Defaults to unless-stopped


For SSL connection by reverse proxy, comment out - '${HTTPS_PORT}:443'  in docker-compose.yml.

version: '3'

    # Frontend
        image: jitsi/web:stable-4857
        restart: ${RESTART_POLICY}
            - '${HTTP_PORT}:80'
            # - '${HTTPS_PORT}:443'
            - ${CONFIG}/web:/config:Z
            - ${CONFIG}/web/letsencrypt:/etc/letsencrypt:Z
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z

Create the directories for Jitsi system blocks.

mkdir -p .jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}

note) If you modified the .env file, you have to delete the above configration directories to validate the changes, and recreate configration directories.


4.Confirmation of Jitsi Working

Start the each container in Jitsi by docker-compose command.

$ docker-compose up -d

Access to the address: and confirm to work.

Conference Start View


Host View(only one host, not activated camera)


Sub Menu( share YouTube, Record Conference)


Share Apprication View, Blowser Tab


Invite Other Member by Email, Chat Function



About SIP call and record the conference extensions, will be reported on next time.


comments powered by Disqus