All Articles

Run your own teleconferencing server with Jitsi on EC2

TLDR; I’ve put together a CloudFormation template with instructions for setting up your own Jitsi instance

Jitsi is a popular, open-source teleconferencing server. With a sudden increase in the use of remote work tools due to coronavirus, and closer scrutiny of the security posture of a popular commercial solution, there’s good reason to examine alternatives.

Popular workplace instant messaging apps provide video-conferencing already, such as Slack and Microsoft Teams. These are good options for teams already using these tools, because they avoid the additional cost of a dedicated third-party tool and they keep shared files and videos within the same workspace.

However, using an in-place tool can sometimes leave something to be desired. For example, Slack doesn’t appear to allow you to share your video-conference with third-parties.

The motivator for setting up my own Jitsi instance was to evaluate tools other than Google Hangouts, which my team had been using up until that point, but with disappointing performance.

Jitsi was an attractive option because it is free, but to ensure the privacy of your own meetings, you need to set up your own server (or pay for a third-party service that uses Jitsi, like 8x8).

AWS recently published a guide for getting Jitsi running on AWS with EC2 and ECS, but their instructions rely on manual setup, which is surprising for those of us used to repeatable and maintainable infrastructure management. I almost exclusively work with serverless, so just even having to spin up and keep a server patched is already too much work.

I’ve put together a CloudFormation template that gets throught the harder setup steps without needing a detailed knowledge of EC2 or CloudFormation. The README provides instructions on how to set it up correctly and configure a Let’s Encrypt certificate for valid TLS certificates.

It has some important limitations though. There is no limitations on who can create a meeting or list the meetings already created, which isn’t suitable for most setups.

I’d like to explore customising the front-end to introduce some kind of authentication and access control, which the tool jicofo seems to support but jitsi-meet doesn’t seem to be configured for. (I link to instructions on how to restrict who can host meetings, which is enough to prevent abuse, but others can still see what meetings are in progress).