# Instalação Jitsi Docker

Procedimentos de instalação do Jitsi em docker

# Repositório Jitsi Docker

Link: [https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file](https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file)

git clone [https://github.com/jitsi/docker-jitsi-meet.git](https://github.com/jitsi/docker-jitsi-meet.git)

Jitsi-contrib: [https://github.com/jitsi-contrib](https://github.com/jitsi-contrib)

# Jitsi Meet on Docker

<div class="markdown-heading" dir="auto" id="bkmrk-" style="text-align: justify;">[<svg aria-hidden="true" class="octicon octicon-link" height="16" version="1.1" viewbox="0 0 16 16" width="16"><path d="m7.775 3.275 1.25-1.25a3.5 3.5 0 1 1 4.95 4.95l-2.5 2.5a3.5 3.5 0 0 1-4.95 0 .751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018 1.998 1.998 0 0 0 2.83 0l2.5-2.5a2.002 2.002 0 0 0-2.83-2.83l-1.25 1.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042Zm-4.69 9.64a1.998 1.998 0 0 0 2.83 0l1.25-1.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042l-1.25 1.25a3.5 3.5 0 1 1-4.95-4.95l2.5-2.5a3.5 3.5 0 0 1 4.95 0 .751.751 0 0 1-.018 1.042.751.751 0 0 1-1.042.018 1.998 1.998 0 0 0-2.83 0l-2.5 2.5a1.998 1.998 0 0 0 0 2.83Z"></path></svg>](https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file#jitsi-meet-on-docker)</div>[Jitsi](https://jitsi.org/) is a set of Open Source projects that allows you to easily build and deploy secure videoconferencing solutions.

[Jitsi Meet](https://jitsi.org/jitsi-meet/) is a fully encrypted, 100% Open Source video conferencing solution that you can use all day, every day, for free — with no account needed.

This repository contains the necessary tools to run a Jitsi Meet stack on [Docker](https://www.docker.com/) using [Docker Compose](https://docs.docker.com/compose/).

All our images are published on [DockerHub](https://hub.docker.com/u/jitsi/).

## Supported architectures

<div class="markdown-heading" dir="auto" id="bkmrk--2" style="text-align: justify;">[<svg aria-hidden="true" class="octicon octicon-link" height="16" version="1.1" viewbox="0 0 16 16" width="16"><path d="m7.775 3.275 1.25-1.25a3.5 3.5 0 1 1 4.95 4.95l-2.5 2.5a3.5 3.5 0 0 1-4.95 0 .751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018 1.998 1.998 0 0 0 2.83 0l2.5-2.5a2.002 2.002 0 0 0-2.83-2.83l-1.25 1.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042Zm-4.69 9.64a1.998 1.998 0 0 0 2.83 0l1.25-1.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042l-1.25 1.25a3.5 3.5 0 1 1-4.95-4.95l2.5-2.5a3.5 3.5 0 0 1 4.95 0 .751.751 0 0 1-.018 1.042.751.751 0 0 1-1.042.018 1.998 1.998 0 0 0-2.83 0l-2.5 2.5a1.998 1.998 0 0 0 0 2.83Z"></path></svg>](https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file#supported-architectures)</div>Starting with `stable-7439` the published images are available for `amd64` and `arm64`.

## Tags

<div class="markdown-heading" dir="auto" id="bkmrk--4" style="text-align: justify;">[<svg aria-hidden="true" class="octicon octicon-link" height="16" version="1.1" viewbox="0 0 16 16" width="16"><path d="m7.775 3.275 1.25-1.25a3.5 3.5 0 1 1 4.95 4.95l-2.5 2.5a3.5 3.5 0 0 1-4.95 0 .751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018 1.998 1.998 0 0 0 2.83 0l2.5-2.5a2.002 2.002 0 0 0-2.83-2.83l-1.25 1.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042Zm-4.69 9.64a1.998 1.998 0 0 0 2.83 0l1.25-1.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042l-1.25 1.25a3.5 3.5 0 1 1-4.95-4.95l2.5-2.5a3.5 3.5 0 0 1 4.95 0 .751.751 0 0 1-.018 1.042.751.751 0 0 1-1.042.018 1.998 1.998 0 0 0-2.83 0l-2.5 2.5a1.998 1.998 0 0 0 0 2.83Z"></path></svg>](https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file#tags)</div>These are the currently published tags for all our images:

<table id="bkmrk-tag-description-stab"><thead><tr><th>Tag</th><th>Description</th></tr></thead><tbody><tr><td>`stable`</td><td>Points to the latest stable release</td></tr><tr><td>`stable-NNNN-X`</td><td>A stable release</td></tr><tr><td>`unstable`</td><td>Points to the latest unstable release</td></tr><tr><td>`unstable-YYYY-MM-DD`</td><td>Daily unstable release</td></tr><tr><td>`latest`</td><td>Deprecated, no longer updated (will be removed)</td></tr></tbody></table>

## Installation

<div class="markdown-heading" dir="auto" id="bkmrk--6" style="text-align: justify;">[<svg aria-hidden="true" class="octicon octicon-link" height="16" version="1.1" viewbox="0 0 16 16" width="16"><path d="m7.775 3.275 1.25-1.25a3.5 3.5 0 1 1 4.95 4.95l-2.5 2.5a3.5 3.5 0 0 1-4.95 0 .751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018 1.998 1.998 0 0 0 2.83 0l2.5-2.5a2.002 2.002 0 0 0-2.83-2.83l-1.25 1.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042Zm-4.69 9.64a1.998 1.998 0 0 0 2.83 0l1.25-1.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042l-1.25 1.25a3.5 3.5 0 1 1-4.95-4.95l2.5-2.5a3.5 3.5 0 0 1 4.95 0 .751.751 0 0 1-.018 1.042.751.751 0 0 1-1.042.018 1.998 1.998 0 0 0-2.83 0l-2.5 2.5a1.998 1.998 0 0 0 0 2.83Z"></path></svg>](https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file#installation)</div>The installation manual is available [here](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker).

### Kubernetes

<div class="markdown-heading" dir="auto" id="bkmrk--8" style="text-align: justify;">[<svg aria-hidden="true" class="octicon octicon-link" height="16" version="1.1" viewbox="0 0 16 16" width="16"><path d="m7.775 3.275 1.25-1.25a3.5 3.5 0 1 1 4.95 4.95l-2.5 2.5a3.5 3.5 0 0 1-4.95 0 .751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018 1.998 1.998 0 0 0 2.83 0l2.5-2.5a2.002 2.002 0 0 0-2.83-2.83l-1.25 1.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042Zm-4.69 9.64a1.998 1.998 0 0 0 2.83 0l1.25-1.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042l-1.25 1.25a3.5 3.5 0 1 1-4.95-4.95l2.5-2.5a3.5 3.5 0 0 1 4.95 0 .751.751 0 0 1-.018 1.042.751.751 0 0 1-1.042.018 1.998 1.998 0 0 0-2.83 0l-2.5 2.5a1.998 1.998 0 0 0 0 2.83Z"></path></svg>](https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file#kubernetes)</div>If you plan to install the jitsi-meet stack on a Kubernetes cluster you can find tools and tutorials in the project [Jitsi on Kubernetes](https://github.com/jitsi-contrib/jitsi-kubernetes).

## TODO

<div class="markdown-heading" dir="auto" id="bkmrk--10" style="text-align: justify;">[<svg aria-hidden="true" class="octicon octicon-link" height="16" version="1.1" viewbox="0 0 16 16" width="16"><path d="m7.775 3.275 1.25-1.25a3.5 3.5 0 1 1 4.95 4.95l-2.5 2.5a3.5 3.5 0 0 1-4.95 0 .751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018 1.998 1.998 0 0 0 2.83 0l2.5-2.5a2.002 2.002 0 0 0-2.83-2.83l-1.25 1.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042Zm-4.69 9.64a1.998 1.998 0 0 0 2.83 0l1.25-1.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042l-1.25 1.25a3.5 3.5 0 1 1-4.95-4.95l2.5-2.5a3.5 3.5 0 0 1 4.95 0 .751.751 0 0 1-.018 1.042.751.751 0 0 1-1.042.018 1.998 1.998 0 0 0-2.83 0l-2.5 2.5a1.998 1.998 0 0 0 0 2.83Z"></path></svg>](https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file#todo)</div>- Builtin TURN server.

# Self-Hosting Guide - Docker Installation

Link: [https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/)

Update 04/07/2024

## Quick start[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#quick-start "Direct link to Quick start")

In order to quickly run Jitsi Meet on a machine running Docker and Docker Compose, follow these steps:

1. Download and extract the [latest release](https://github.com/jitsi/docker-jitsi-meet/releases/latest). **DO NOT** clone the git repository. See below if you are interested in running test images:
    
    ```bash
    wget $(curl -s https://api.github.com/repos/jitsi/docker-jitsi-meet/releases/latest | grep 'zip' | cut -d\" -f4)
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Toggle word wrap" class="clean-btn" title="Toggle word wrap" type="button"><svg aria-hidden="true" class="wordWrapButtonIcon_Bwma" viewbox="0 0 24 24"><path d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z" fill="currentColor"></path></svg></button><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
2. Unzip the package:
    
    ```bash
    unzip <filename>
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
3. Create a `.env` file by copying and adjusting `env.example`:
    
    ```bash
    cp env.example .env
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
4. Set strong passwords in the security section options of `.env` file by running the following bash script
    
    ```bash
    ./gen-passwords.sh
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
5. Create required `CONFIG` directories
    
    
    - For linux:
    
    ```bash
    mkdir -p ~/.jitsi-meet-cfg/{web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Toggle word wrap" class="clean-btn" title="Toggle word wrap" type="button"><svg aria-hidden="true" class="wordWrapButtonIcon_Bwma" viewbox="0 0 24 24"><path d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z" fill="currentColor"></path></svg></button><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
    - For Windows:
    
    ```bash
    echo web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri | % { mkdir "~/.jitsi-meet-cfg/$_" }
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Toggle word wrap" class="clean-btn" title="Toggle word wrap" type="button"><svg aria-hidden="true" class="wordWrapButtonIcon_Bwma" viewbox="0 0 24 24"><path d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z" fill="currentColor"></path></svg></button><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
6. Run `docker compose up -d`
7. Access the web UI at [`https://localhost:8443`](https://localhost:8443/) (or a different port, in case you edited the `.env` file).

**NOTE**  
HTTP (not HTTPS) is also available (on port 8000, by default), but that's e.g. for a reverse proxy setup; direct access via HTTP instead HTTPS leads to WebRTC errors such as *Failed to access your microphone/camera: Cannot use microphone/camera for an unknown reason. Cannot read property 'getUserMedia' of undefined* or *navigator.mediaDevices is undefined*.

If you want to use jigasi too, first configure your env file with SIP credentials and then run Docker Compose as follows:

```bash
docker compose -f docker-compose.yml -f jigasi.yml up
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk-" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>If you want to enable document sharing via [Etherpad](https://github.com/ether/etherpad-lite), configure it and run Docker Compose as follows:

```bash
docker compose -f docker-compose.yml -f etherpad.yml up
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--1" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>If you want to use jibri too, first configure a host as described in Jitsi Broadcasting Infrastructure configuration section and then run Docker Compose as follows:

```bash
docker compose -f docker-compose.yml -f jibri.yml up -d
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--2" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>or to use jigasi too:

```bash
docker compose -f docker-compose.yml -f jigasi.yml -f jibri.yml up -d
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--3" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>### Updating[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#updating "Direct link to Updating")

If you want to update, simply run

```bash
wget $(curl -s https://api.github.com/repos/jitsi/docker-jitsi-meet/releases/latest | grep 'zip' | cut -d\" -f4)
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--4" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Toggle word wrap" class="clean-btn" title="Toggle word wrap" type="button"><svg aria-hidden="true" class="wordWrapButtonIcon_Bwma" viewbox="0 0 24 24"><path d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z" fill="currentColor"></path></svg></button><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>again (just like how you initially downloaded Jitsi). Then unzip and overwrite all when being asked:

```bash
unzip <filename>
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--5" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>### Testing development / unstable builds[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#testing-development--unstable-builds "Direct link to Testing development / unstable builds")

**Download the latest code:**

git clone https://github.com/jitsi/docker-jitsi-meet &amp;&amp; cd docker-jitsi-meet

NOTE

The code in `master` is designed to work with the unstable images. Do not run it with release images.

Run `docker compose up` as usual.

Every day a new "unstable" image build is uploaded.

### Building your own images[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#building-your-own-images "Direct link to Building your own images")

**Download the latest code:**

git clone https://github.com/jitsi/docker-jitsi-meet &amp;&amp; cd docker-jitsi-meet

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--6" style="text-align: justify;"></div>The provided `Makefile` provides a comprehensive way of building the whole stack or individual images.

To build all images:

**make**

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--7" style="text-align: justify;"></div>To build a specific image (the web image for example):

**make build\_web**

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--8" style="text-align: justify;"></div>Once your local build is ready make sure to add `JITSI_IMAGE_VERSION=latest` to your `.env` file.

### Security note[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#security-note "Direct link to Security note")

This setup used to have default passwords for internal accounts used across components. In order to make the default setup secure by default these have been removed and the respective containers won't start without having a password set.

Strong passwords may be generated as follows: `./gen-passwords.sh` This will modify your `.env` file (a backup is saved in `.env.bak`) and set strong passwords for each of the required options. Passwords are generated using `openssl rand -hex 16` .

DO NOT reuse any of the passwords.

## Architecture[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#architecture "Direct link to Architecture")

A Jitsi Meet installation can be broken down into the following components:

- A web interface
- An XMPP server
- A conference focus component
- A video router (could be more than one)
- A SIP gateway for audio calls
- A Broadcasting Infrastructure for recording or streaming a conference.

![](https://jitsi.github.io/handbook/assets/images/docker-jitsi-meet-afafdf87fea30a2fa6412baa4a3f8248.png)

The diagram shows a typical deployment in a host running Docker. This project separates each of the components above into interlinked containers. To this end, several container images are provided.

### External Ports[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#external-ports "Direct link to External Ports")

The following external ports must be opened on a firewall:

- `80/tcp` for Web UI HTTP (really just to redirect, after uncommenting `ENABLE_HTTP_REDIRECT=1` in `.env`)
- `443/tcp` for Web UI HTTPS
- `10000/udp` for RTP media over UDP

Also `20000-20050/udp` for jigasi, in case you choose to deploy that to facilitate SIP access.

E.g. on a CentOS/Fedora server this would be done like this (without SIP access):

```bash
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --add-port=10000/udp
sudo firewall-cmd --reload
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--10" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>See [the corresponding section in the debian/ubuntu setup guide](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall).

### Images[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#images "Direct link to Images")

- **base**: Debian stable base image with the [S6 Overlay](https://github.com/just-containers/s6-overlay) for process control and the [Jitsi repositories](https://jitsi.org/downloads/) enabled. All other images are based on this one.
- **base-java**: Same as the above, plus Java (OpenJDK).
- **web**: Jitsi Meet web UI, served with nginx.
- **prosody**: [Prosody](https://prosody.im/), the XMPP server.
- **jicofo**: [Jicofo](https://github.com/jitsi/jicofo), the XMPP focus component.
- **jvb**: [Jitsi Videobridge](https://github.com/jitsi/jitsi-videobridge), the video router.
- **jigasi**: [Jigasi](https://github.com/jitsi/jigasi), the SIP (audio only) gateway.
- **jibri**: [Jibri](https://github.com/jitsi/jibri), the broadcasting infrastructure.

### Design considerations[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#design-considerations "Direct link to Design considerations")

Jitsi Meet uses XMPP for signaling, thus the need for the XMPP server. The setup provided by these containers does not expose the XMPP server to the outside world. Instead, it's kept completely sealed, and routing of XMPP traffic only happens on a user-defined network.

The XMPP server can be exposed to the outside world, but that's out of the scope of this project.

## Configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#configuration "Direct link to Configuration")

The configuration is performed via environment variables contained in a `.env` file. You can copy the provided `env.example` file as a reference.

<table id="bkmrk-variable-description" style="width: 117.859%;"><thead><tr><th style="width: 18.8259%;">Variable</th><th style="width: 56.7189%;">Description</th><th style="width: 24.423%;">Example</th></tr></thead><tbody><tr><td style="width: 18.8259%;">`CONFIG`</td><td style="width: 56.7189%;">Directory where all configuration will be stored</td><td style="width: 24.423%;">/opt/jitsi-meet-cfg</td></tr><tr><td style="width: 18.8259%;">`TZ`</td><td style="width: 56.7189%;">System Time Zone</td><td style="width: 24.423%;">Europe/Amsterdam</td></tr><tr><td style="width: 18.8259%;">`HTTP_PORT`</td><td style="width: 56.7189%;">Exposed port for HTTP traffic</td><td style="width: 24.423%;">8000</td></tr><tr><td style="width: 18.8259%;">`HTTPS_PORT`</td><td style="width: 56.7189%;">Exposed port for HTTPS traffic</td><td style="width: 24.423%;">8443</td></tr><tr><td style="width: 18.8259%;">`JVB_ADVERTISE_IPS`</td><td style="width: 56.7189%;">IP addresses of the Docker host (comma separated), needed for LAN environments</td><td style="width: 24.423%;">192.168.1.1</td></tr><tr><td style="width: 18.8259%;">`PUBLIC_URL`</td><td style="width: 56.7189%;">Public URL for the web service</td><td style="width: 24.423%;">[https://meet.example.com](https://meet.example.com/)</td></tr></tbody></table>

<span style="text-decoration: underline;"><span style="text-align: justify;">NOTE</span></span>

<div class="theme-admonition theme-admonition-note alert alert--secondary admonition_LlT9" id="bkmrk--11" style="text-align: justify;"></div>The mobile apps won't work with self-signed certificates (the default). See below for instructions on how to obtain a proper certificate with Let's Encrypt.

### TLS Configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#tls-configuration "Direct link to TLS Configuration")

#### Let's Encrypt configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#lets-encrypt-configuration "Direct link to Let's Encrypt configuration")

If you want to expose your Jitsi Meet instance to the outside traffic directly, but don't own a proper TLS certificate, you are in luck because Let's Encrypt support is built right in. Here are the required options:

<table id="bkmrk-variable-description-1"><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ENABLE_LETSENCRYPT`</td><td>Enable Let's Encrypt certificate generation</td><td>1</td></tr><tr><td>`LETSENCRYPT_DOMAIN`</td><td>Domain for which to generate the certificate</td><td>meet.example.com</td></tr><tr><td>`LETSENCRYPT_EMAIL`</td><td>E-Mail for receiving important account notifications (mandatory)</td><td><alice@atlanta.net></td></tr></tbody></table>

In addition, you will need to set `HTTP_PORT` to 80 and `HTTPS_PORT` to 443 and PUBLIC\_URL to your domain. You might also consider to redirect HTTP traffic to HTTPS by setting `ENABLE_HTTP_REDIRECT=1`.

**Let's Encrypt rate limit warning**: Let's Encrypt has a limit to how many times you can submit a request for a new certificate for your domain name. At the time of writing, the current limit is five new (duplicate) certificates for the same domain name every seven days. Because of this, it is recommended that you disable the Let's Encrypt environment variables from `.env` if you plan on deleting the `.jitsi-meet-cfg` folder. Otherwise, you might want to consider moving the `.jitsi-meet-cfg` folder to a different location so you have a safe place to find the certificate that already Let's Encrypt issued. Or do initial testing with Let's Encrypt disabled, then re-enable Let's Encrypt once you are done testing.

NOTE

When you move away from `LETSENCRYPT_USE_STAGING`, you will have to manually clear the certificates from `.jitsi-meet-cfg/web`.

For more information on Let's Encrypt's rate limits, visit: [https://letsencrypt.org/docs/rate-limits/](https://letsencrypt.org/docs/rate-limits/)

#### Using existing TLS certificate and key[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#using-existing-tls-certificate-and-key "Direct link to Using existing TLS certificate and key")

If you own a proper TLS certificate and don't need a Let's Encrypt certificate, you can configure Jitsi Meet container to use it.

Unlike Let's Encrypt certificates, this is not configured through the `.env`file, but by telling Jitsi Meet's `web` service to mount the following two volumes:

- mount `/path/to/your/cert.key` file to `/config/keys/cert.key` mount point
- mount `/path/to/your/cert.fullchain` file to the `/config/keys/cert.crt` mount point.

Doing it in `docker-compose.yml` file should look like this:

```yaml
services:
    web:
        ...
        volumes:
            ...
            - /path/to/your/cert.fullchain:/config/keys/cert.crt
            - /path/to/your/cert.key:/config/keys/cert.key
```

<div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--12" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>### Features configuration (config.js)[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#features-configuration-configjs "Direct link to Features configuration (config.js)")

<table id="bkmrk-variable-description-2" style="width: 108.93%;"><thead><tr><th style="width: 22.6387%;">Variable</th><th style="width: 68.1555%;">Description</th><th style="width: 9.17349%;">Example</th></tr></thead><tbody><tr><td style="width: 22.6387%;">`TOOLBAR_BUTTONS`</td><td style="width: 68.1555%;">Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma)</td><td style="width: 9.17349%;"> </td></tr><tr><td style="width: 22.6387%;">`HIDE_PREMEETING_BUTTONS`</td><td style="width: 68.1555%;">Hide the buttons at pre-join screen. Add the buttons name separated with comma</td><td style="width: 9.17349%;"> </td></tr><tr><td style="width: 22.6387%;">`ENABLE_LOBBY`</td><td style="width: 68.1555%;">Control whether the lobby feature should be enabled or not</td><td style="width: 9.17349%;">1</td></tr><tr><td style="width: 22.6387%;">`ENABLE_AV_MODERATION`</td><td style="width: 68.1555%;">Control whether the A/V moderation should be enabled or not</td><td style="width: 9.17349%;">1</td></tr><tr><td style="width: 22.6387%;">`ENABLE_PREJOIN_PAGE`</td><td style="width: 68.1555%;">Show a prejoin page before entering a conference</td><td style="width: 9.17349%;">1</td></tr><tr><td style="width: 22.6387%;">`ENABLE_WELCOME_PAGE`</td><td style="width: 68.1555%;">Enable the welcome page</td><td style="width: 9.17349%;">1</td></tr><tr><td style="width: 22.6387%;">`ENABLE_CLOSE_PAGE`</td><td style="width: 68.1555%;">Enable the close page</td><td style="width: 9.17349%;">0</td></tr><tr><td style="width: 22.6387%;">`DISABLE_AUDIO_LEVELS`</td><td style="width: 68.1555%;">Disable measuring of audio levels</td><td style="width: 9.17349%;">0</td></tr><tr><td style="width: 22.6387%;">`ENABLE_NOISY_MIC_DETECTION`</td><td style="width: 68.1555%;">Enable noisy mic detection</td><td style="width: 9.17349%;">1</td></tr><tr><td style="width: 22.6387%;">`ENABLE_BREAKOUT_ROOMS`</td><td style="width: 68.1555%;">Enable breakout rooms</td><td style="width: 9.17349%;">1</td></tr></tbody></table>

### Jigasi SIP gateway (audio only) configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#jigasi-sip-gateway-audio-only-configuration "Direct link to Jigasi SIP gateway (audio only) configuration")

If you want to enable the SIP gateway, these options are required:

<table id="bkmrk-variable-description-3"><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`JIGASI_SIP_URI`</td><td>SIP URI for incoming / outgoing calls</td><td><test@sip2sip.info></td></tr><tr><td>`JIGASI_SIP_PASSWORD`</td><td>Password for the specified SIP account</td><td>`<unset>`</td></tr><tr><td>`JIGASI_SIP_SERVER`</td><td>SIP server (use the SIP account domain if in doubt)</td><td>sip2sip.info</td></tr><tr><td>`JIGASI_SIP_PORT`</td><td>SIP server port</td><td>5060</td></tr><tr><td>`JIGASI_SIP_TRANSPORT`</td><td>SIP transport</td><td>UDP</td></tr></tbody></table>

#### Display Dial-In information[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#display-dial-in-information "Direct link to Display Dial-In information")

<table id="bkmrk-variable-description-4"><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`DIALIN_NUMBERS_URL`</td><td>URL to the JSON with all Dial-In numbers</td><td>[https://meet.example.com/dialin.json](https://meet.example.com/dialin.json)</td></tr><tr><td>`CONFCODE_URL`</td><td>URL to the API for checking/generating Dial-In codes</td><td>[https://jitsi-api.jitsi.net/conferenceMapper](https://jitsi-api.jitsi.net/conferenceMapper)</td></tr></tbody></table>

The JSON with the Dial-In numbers should look like this:

```json
{"message":"Dial-In numbers:","numbers":{"DE": ["+49-721-0000-0000"]},"numbersEnabled":true}
```

<div class="language-json codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--13" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>### Recording / live streaming configuration with Jibri[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#recording--live-streaming-configuration-with-jibri "Direct link to Recording / live streaming configuration with Jibri")

<details class="details_lb9f isBrowser_bmU9 alert alert--info details_b_Ee" data-collapsed="true" id="bkmrk-if-you-are-using-a-r"><summary>If you are using a release older than 7439 some extra setup is necessary.</summary>

 </details>If you want to enable Jibri these options are required:

<table id="bkmrk-variable-description-5"><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ENABLE_RECORDING`</td><td>Enable recording / live streaming</td><td>1</td></tr></tbody></table>

Extended Jibri configuration:

<table id="bkmrk-variable-description-6" style="width: 100.001%;"><thead><tr><th style="width: 32.6474%;">Variable</th><th style="width: 48.9737%;">Description</th><th style="width: 18.4658%;">Example</th></tr></thead><tbody><tr><td style="width: 32.6474%;">`JIBRI_RECORDER_USER`</td><td style="width: 48.9737%;">Internal recorder user for Jibri client connections</td><td style="width: 18.4658%;">recorder</td></tr><tr><td style="width: 32.6474%;">`JIBRI_RECORDER_PASSWORD`</td><td style="width: 48.9737%;">Internal recorder password for Jibri client connections</td><td style="width: 18.4658%;">`<unset>`</td></tr><tr><td style="width: 32.6474%;">`JIBRI_RECORDING_DIR`</td><td style="width: 48.9737%;">Directory for recordings inside Jibri container</td><td style="width: 18.4658%;">/config/recordings</td></tr><tr><td style="width: 32.6474%;">`JIBRI_FINALIZE_RECORDING_SCRIPT_PATH`</td><td style="width: 48.9737%;">The finalizing script. Will run after recording is complete</td><td style="width: 18.4658%;">/config/finalize.sh</td></tr><tr><td style="width: 32.6474%;">`JIBRI_XMPP_USER`</td><td style="width: 48.9737%;">Internal user for Jibri client connections.</td><td style="width: 18.4658%;">jibri</td></tr><tr><td style="width: 32.6474%;">`JIBRI_STRIP_DOMAIN_JID`</td><td style="width: 48.9737%;">Prefix domain for strip inside Jibri (please see env.example for details)</td><td style="width: 18.4658%;">muc</td></tr><tr><td style="width: 32.6474%;">`JIBRI_BREWERY_MUC`</td><td style="width: 48.9737%;">MUC name for the Jibri pool</td><td style="width: 18.4658%;">jibribrewery</td></tr><tr><td style="width: 32.6474%;">`JIBRI_PENDING_TIMEOUT`</td><td style="width: 48.9737%;">MUC connection timeout</td><td style="width: 18.4658%;">90</td></tr></tbody></table>

### Jitsi Meet configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#jitsi-meet-configuration "Direct link to Jitsi Meet configuration")

Jitsi-Meet uses two configuration files for changing default settings within the web interface: `config.js` and `interface_config.js`. The files are located within the `CONFIG/web/` directory configured within your environment file.

These files are re-created on every container restart. If you'd like to provide your own settings, create your own config files: `custom-config.js` and `custom-interface_config.js`.

It's enough to provide your relevant settings only, the docker scripts will append your custom files to the default ones!

### Authentication[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication "Direct link to Authentication")

Authentication can be controlled with the environment variables below. If guest access is enabled, unauthenticated users will need to wait until a user authenticates before they can join a room. If guest access is not enabled, every user will need to authenticate before they can join.

If authentication is enabled, once an authenticated user logged in, it is always logged in before the session timeout. You can set `ENABLE_AUTO_LOGIN=0` to disable this default auto login feature or you can set `JICOFO_AUTH_LIFETIME` to limit the session lifetime.

<table id="bkmrk-variable-description-7"><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ENABLE_AUTH`</td><td>Enable authentication</td><td>1</td></tr><tr><td>`ENABLE_GUESTS`</td><td>Enable guest access</td><td>1</td></tr><tr><td>`AUTH_TYPE`</td><td>Select authentication type (internal, jwt or ldap)</td><td>internal</td></tr><tr><td>`ENABLE_AUTO_LOGIN`</td><td>Enable auto login</td><td>1</td></tr><tr><td>`JICOFO_AUTH_LIFETIME`</td><td>Select session timeout value for an authenticated user</td><td>3 hours</td></tr></tbody></table>

#### Internal authentication[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#internal-authentication "Direct link to Internal authentication")

The default authentication mode (`internal`) uses XMPP credentials to authenticate users. To enable it you have to enable authentication with `ENABLE_AUTH` and set `AUTH_TYPE` to `internal`, then configure the settings you can see below.

Internal users must be created with the `prosodyctl` utility in the `prosody` container. In order to do that, first, execute a shell in the corresponding container:

```bash
docker compose exec prosody /bin/bash
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--14" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>Once in the container, run the following command to create a user:

```bash
prosodyctl --config /config/prosody.cfg.lua register TheDesiredUsername meet.jitsi TheDesiredPassword
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--15" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Toggle word wrap" class="clean-btn" title="Toggle word wrap" type="button"><svg aria-hidden="true" class="wordWrapButtonIcon_Bwma" viewbox="0 0 24 24"><path d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z" fill="currentColor"></path></svg></button><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>Note that the command produces no output.

To delete a user, run the following command in the container:

```bash
prosodyctl --config /config/prosody.cfg.lua unregister TheDesiredUsername meet.jitsi
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--16" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>To list all users, run the following command in the container:

```bash
find /config/data/meet%2ejitsi/accounts -type f -exec basename {} .dat \;
```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--17" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>#### Authentication using LDAP[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication-using-ldap "Direct link to Authentication using LDAP")

You can use LDAP to authenticate users. To enable it you have to enable authentication with `ENABLE_AUTH` and set `AUTH_TYPE` to `ldap`, then configure the settings you can see below.

<table id="bkmrk-variable-description-8"><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`LDAP_URL`</td><td>URL for ldap connection</td><td>ldaps://ldap.domain.com/</td></tr><tr><td>`LDAP_BASE`</td><td>LDAP base DN. Can be empty.</td><td>DC=example,DC=domain,DC=com</td></tr><tr><td>`LDAP_BINDDN`</td><td>LDAP user DN. Do not specify this parameter for the anonymous bind.</td><td>CN=binduser,OU=users,DC=example,DC=domain,DC=com</td></tr><tr><td>`LDAP_BINDPW`</td><td>LDAP user password. Do not specify this parameter for the anonymous bind.</td><td>LdapUserPassw0rd</td></tr><tr><td>`LDAP_FILTER`</td><td>LDAP filter.</td><td>(sAMAccountName=%u)</td></tr><tr><td>`LDAP_AUTH_METHOD`</td><td>LDAP authentication method.</td><td>bind</td></tr><tr><td>`LDAP_VERSION`</td><td>LDAP protocol version</td><td>3</td></tr><tr><td>`LDAP_USE_TLS`</td><td>Enable LDAP TLS</td><td>1</td></tr><tr><td>`LDAP_TLS_CIPHERS`</td><td>Set TLS ciphers list to allow</td><td>SECURE256:SECURE128</td></tr><tr><td>`LDAP_TLS_CHECK_PEER`</td><td>Require and verify LDAP server certificate</td><td>1</td></tr><tr><td>`LDAP_TLS_CACERT_FILE`</td><td>Path to CA cert file. Used when server certificate verification is enabled</td><td>/etc/ssl/certs/ca-certificates.crt</td></tr><tr><td>`LDAP_TLS_CACERT_DIR`</td><td>Path to CA certs directory. Used when server certificate verification is enabled.</td><td>/etc/ssl/certs</td></tr><tr><td>`LDAP_START_TLS`</td><td>Enable START\_TLS, requires LDAPv3, URL must be ldap:// not ldaps://</td><td>0</td></tr></tbody></table>

#### Authentication using JWT tokens[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication-using-jwt-tokens "Direct link to Authentication using JWT tokens")

You can use JWT tokens to authenticate users. To enable it you have to enable authentication with `ENABLE_AUTH` and set `AUTH_TYPE` to `jwt`, then configure the settings you can see below.

<table id="bkmrk-variable-description-9" style="width: 110.121%;"><thead><tr><th style="width: 22.2812%;">Variable</th><th style="width: 53.857%;">Description</th><th style="width: 23.8295%;">Example</th></tr></thead><tbody><tr><td style="width: 22.2812%;">`JWT_APP_ID`</td><td style="width: 53.857%;">Application identifier</td><td style="width: 23.8295%;">my\_jitsi\_app\_id</td></tr><tr><td style="width: 22.2812%;">`JWT_APP_SECRET`</td><td style="width: 53.857%;">Application secret known only to your token</td><td style="width: 23.8295%;">my\_jitsi\_app\_secret</td></tr><tr><td style="width: 22.2812%;">`JWT_ACCEPTED_ISSUERS`</td><td style="width: 53.857%;">(Optional) Set asap\_accepted\_issuers as a comma separated list</td><td style="width: 23.8295%;">my\_web\_client,my\_app\_client</td></tr><tr><td style="width: 22.2812%;">`JWT_ACCEPTED_AUDIENCES`</td><td style="width: 53.857%;">(Optional) Set asap\_accepted\_audiences as a comma separated list</td><td style="width: 23.8295%;">my\_server1,my\_server2</td></tr><tr><td style="width: 22.2812%;">`JWT_ASAP_KEYSERVER`</td><td style="width: 53.857%;">(Optional) Set asap\_keyserver to a url where public keys can be found</td><td style="width: 23.8295%;">[https://example.com/asap&gt;](https://example.com/asap%3E)</td></tr><tr><td style="width: 22.2812%;">`JWT_ALLOW_EMPTY`</td><td style="width: 53.857%;">(Optional) Allow anonymous users with no JWT while validating JWTs when provided</td><td style="width: 23.8295%;">0</td></tr><tr><td style="width: 22.2812%;">`JWT_AUTH_TYPE`</td><td style="width: 53.857%;">(Optional) Controls which module is used for processing incoming JWTs</td><td style="width: 23.8295%;">token</td></tr><tr><td style="width: 22.2812%;">`JWT_TOKEN_AUTH_MODULE`</td><td style="width: 53.857%;">(Optional) Controls which module is used for validating JWTs</td><td style="width: 23.8295%;">token\_verification</td></tr></tbody></table>

This can be tested using the [jwt.io](https://jwt.io/#debugger-io) debugger. Use the following sample payload:

```json
{
  "context": {
    "user": {
      "avatar": "https://robohash.org/john-doe",
      "name": "John Doe",
      "email": "jdoe@example.com"
    }
  },
  "aud": "my_jitsi_app_id",
  "iss": "my_jitsi_app_id",
  "sub": "meet.jitsi",
  "room": "*"
}
```

<div class="language-json codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--18" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>#### Authentication using Matrix[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication-using-matrix "Direct link to Authentication using Matrix")

For more information see the documentation of the "Prosody Auth Matrix User Verification" [here](https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification).

<table id="bkmrk-variable-description-10" style="width: 112.025%;"><thead><tr><th style="width: 27.0473%;">Variable</th><th style="width: 53.8563%;">Description</th><th style="width: 19.0642%;">Example</th></tr></thead><tbody><tr><td style="width: 27.0473%;">`MATRIX_UVS_URL`</td><td style="width: 53.8563%;">Base URL to the matrix user verification service (without ending slash)</td><td style="width: 19.0642%;">[https://uvs.example.com:3000&gt;](https://uvs.example.com:3000%3E)</td></tr><tr><td style="width: 27.0473%;">`MATRIX_UVS_ISSUER`</td><td style="width: 53.8563%;">(optional) The issuer of the auth token to be passed through. Must match what is being set as `iss` in the JWT.</td><td style="width: 19.0642%;">issuer (default)</td></tr><tr><td style="width: 27.0473%;">`MATRIX_UVS_AUTH_TOKEN`</td><td style="width: 53.8563%;">(optional) user verification service auth token, if authentication enabled</td><td style="width: 19.0642%;">changeme</td></tr><tr><td style="width: 27.0473%;">`MATRIX_UVS_SYNC_POWER_LEVELS`</td><td style="width: 53.8563%;">(optional) Make Matrix room moderators owners of the Prosody room.</td><td style="width: 19.0642%;">1</td></tr></tbody></table>

#### Authentication using Hybrid Matrix Token[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication-using-hybrid-matrix-token "Direct link to Authentication using Hybrid Matrix Token")

You can use `Hybrid Matrix Token` to authenticate users. It supports `Matrix` and `JWT Token` authentications on the same setup. To enable it you have to enable authentication with `ENABLE_AUTH` and set `AUTH_TYPE` to `hybrid_matrix_token`, then configure the settings you can see below.

For more information see the documentation of the "Hybrid Matrix Token" [here](https://github.com/jitsi-contrib/prosody-plugins/tree/main/auth_hybrid_matrix_token).

<table id="bkmrk-variable-description-11" style="width: 100.001%; height: 334.123px;"><thead><tr style="height: 29.537px;"><th style="width: 26.5726%; height: 29.537px;">Variable</th><th style="width: 57.0714%; height: 29.537px;">Description</th><th style="width: 16.4428%; height: 29.537px;">Example</th></tr></thead><tbody><tr style="height: 57.5463px;"><td style="width: 26.5726%; height: 57.5463px;">`MATRIX_UVS_URL`</td><td style="width: 57.0714%; height: 57.5463px;">Base URL to the matrix user verification service (without ending slash)</td><td style="width: 16.4428%; height: 57.5463px;">[https://uvs.example.com:3000&gt;](https://uvs.example.com:3000%3E)</td></tr><tr style="height: 46.6088px;"><td style="width: 26.5726%; height: 46.6088px;">`MATRIX_UVS_ISSUER`</td><td style="width: 57.0714%; height: 46.6088px;">(optional) The issuer of the auth token to be passed through. Must match what is being set as `iss` in the JWT. It allows all issuers (`*`) by default.</td><td style="width: 16.4428%; height: 46.6088px;">my\_issuer</td></tr><tr style="height: 29.8032px;"><td style="width: 26.5726%; height: 29.8032px;">`MATRIX_UVS_AUTH_TOKEN`</td><td style="width: 57.0714%; height: 29.8032px;">(optional) user verification service auth token, if authentication enabled</td><td style="width: 16.4428%; height: 29.8032px;">my\_matrix\_secret</td></tr><tr style="height: 34.875px;"><td style="width: 26.5726%; height: 34.875px;">`MATRIX_UVS_SYNC_POWER_LEVELS`</td><td style="width: 57.0714%; height: 34.875px;">(optional) Make Matrix room moderators owners of the Prosody room.</td><td style="width: 16.4428%; height: 34.875px;">1</td></tr><tr style="height: 29.8032px;"><td style="width: 26.5726%; height: 29.8032px;">`MATRIX_LOBBY_BYPASS`</td><td style="width: 57.0714%; height: 29.8032px;">(optional) Allow Matrix room members to bypass Jitsi lobby check.</td><td style="width: 16.4428%; height: 29.8032px;">1</td></tr><tr style="height: 29.8032px;"><td style="width: 26.5726%; height: 29.8032px;">`JWT_APP_ID`</td><td style="width: 57.0714%; height: 29.8032px;">Application identifier</td><td style="width: 16.4428%; height: 29.8032px;">my\_jitsi\_app\_id</td></tr><tr style="height: 29.8032px;"><td style="width: 26.5726%; height: 29.8032px;">`JWT_APP_SECRET`</td><td style="width: 57.0714%; height: 29.8032px;">Application secret known only to your token</td><td style="width: 16.4428%; height: 29.8032px;">my\_jitsi\_app\_secret</td></tr><tr style="height: 46.3426px;"><td style="width: 26.5726%; height: 46.3426px;">`JWT_ALLOW_EMPTY`</td><td style="width: 57.0714%; height: 46.3426px;">(Optional) Allow anonymous users with no JWT while validating JWTs when provided</td><td style="width: 16.4428%; height: 46.3426px;">0</td></tr></tbody></table>

#### External authentication[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#external-authentication "Direct link to External authentication")

<table id="bkmrk-variable-description-12" style="width: 100.001%;"><thead><tr><th style="width: 15.6079%;">Variable</th><th style="width: 57.0743%;">Description</th><th style="width: 27.4047%;">Example</th></tr></thead><tbody><tr><td style="width: 15.6079%;">`TOKEN_AUTH_URL`</td><td style="width: 57.0743%;">Authenticate using external service or just focus external auth window if there is one already.</td><td style="width: 27.4047%;">[https://auth.meet.example.com/{room}&gt;](https://auth.meet.example.com/%7Broom%7D%3E)</td></tr></tbody></table>

### Shared document editing using Etherpad[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#shared-document-editing-using-etherpad "Direct link to Shared document editing using Etherpad")

You can collaboratively edit a document via [Etherpad](https://github.com/ether/etherpad-lite). In order to enable it, set the config options below and run Docker Compose with the additional config file `etherpad.yml`.

Here are the required options:

<table id="bkmrk-variable-description-13"><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ETHERPAD_URL_BASE`</td><td>Set etherpad-lite URL</td><td>[http://etherpad.meet.jitsi:9001&gt;](http://etherpad.meet.jitsi:9001%3E)</td></tr></tbody></table>

### Transcription configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#transcription-configuration "Direct link to Transcription configuration")

If you want to enable the Transcribing function, these options are required:

<table id="bkmrk-variable-description-14"><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ENABLE_TRANSCRIPTIONS`</td><td>Enable Jigasi transcription in a conference</td><td>1</td></tr><tr><td>`GC_PROJECT_ID`</td><td>`project_id` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_PRIVATE_KEY_ID`</td><td>`private_key_id` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_PRIVATE_KEY`</td><td>`private_key` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_CLIENT_EMAIL`</td><td>`client_email` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_CLIENT_ID`</td><td>`client_id` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_CLIENT_CERT_URL`</td><td>`client_x509_cert_url` from Google Cloud Credentials</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_RECORD_AUDIO`</td><td>Jigasi will record audio when transcriber is on</td><td>true</td></tr><tr><td>`JIGASI_TRANSCRIBER_SEND_TXT`</td><td>Jigasi will send transcribed text to the chat when transcriber is on</td><td>true</td></tr><tr><td>`JIGASI_TRANSCRIBER_ADVERTISE_URL`</td><td>Jigasi will post an url to the chat with transcription file</td><td>true</td></tr></tbody></table>

For setting the Google Cloud Credentials please read [https://cloud.google.com/text-to-speech/docs/quickstart-protocol&gt;](https://cloud.google.com/text-to-speech/docs/quickstart-protocol%3E) section "Before you begin" paragraph 1 to 5.

### Sentry logging configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#sentry-logging-configuration "Direct link to Sentry logging configuration")

<table id="bkmrk-variable-description-15"><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`JVB_SENTRY_DSN`</td><td>Sentry Data Source Name (Endpoint for Sentry project)</td><td>https://public:private@host:port/1&gt;</td></tr><tr><td>`JICOFO_SENTRY_DSN`</td><td>Sentry Data Source Name (Endpoint for Sentry project)</td><td>https://public:private@host:port/1&gt;</td></tr><tr><td>`JIGASI_SENTRY_DSN`</td><td>Sentry Data Source Name (Endpoint for Sentry project)</td><td>https://public:private@host:port/1&gt;</td></tr><tr><td>`SENTRY_ENVIRONMENT`</td><td>Optional environment info to filter events</td><td>production</td></tr><tr><td>`SENTRY_RELEASE`</td><td>Optional release info to filter events</td><td>1.0.0</td></tr></tbody></table>

### TURN server configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#turn-server-configuration "Direct link to TURN server configuration")

Configure external TURN servers.

<table id="bkmrk-variable-description-16"><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`TURN_CREDENTIALS`</td><td>Credentials for TURN servers</td><td> </td></tr><tr><td>`TURN_HOST`</td><td>TURN server hostnames as a comma separated list (UDP or TCP transport)</td><td> </td></tr><tr><td>`TURN_PORT`</td><td>TURN server port (UDP or TCP transport)</td><td>443</td></tr><tr><td>`TURN_TRANSPORT`</td><td>TURN server protocols as a comma separated list (UDP or TCP or both)</td><td>tcp</td></tr><tr><td>`TURNS_HOST`</td><td>TURN server hostnames as a comma separated list (TLS transport)</td><td> </td></tr><tr><td>`TURNS_PORT`</td><td>TURN server port (TLS transport)</td><td>443</td></tr></tbody></table>

### Advanced configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-configuration "Direct link to Advanced configuration")

These configuration options are already set and generally don't need to be changed.

<table id="bkmrk-variable-description-17" style="width: 100.001%;"><thead><tr><th style="width: 24.6625%;">Variable</th><th style="width: 45.2792%;">Description</th><th style="width: 30.0261%;">Default value</th></tr></thead><tbody><tr><td style="width: 24.6625%;">`XMPP_DOMAIN`</td><td style="width: 45.2792%;">Internal XMPP domain</td><td style="width: 30.0261%;">meet.jitsi</td></tr><tr><td style="width: 24.6625%;">`XMPP_AUTH_DOMAIN`</td><td style="width: 45.2792%;">Internal XMPP domain for authenticated services</td><td style="width: 30.0261%;">auth.meet.jitsi</td></tr><tr><td style="width: 24.6625%;">`XMPP_SERVER`</td><td style="width: 45.2792%;">Internal XMPP server name xmpp.meet.jitsi</td><td style="width: 30.0261%;">xmpp.meet.jitsi</td></tr><tr><td style="width: 24.6625%;">`XMPP_BOSH_URL_BASE`</td><td style="width: 45.2792%;">Internal XMPP server URL for BOSH module</td><td style="width: 30.0261%;">[http://xmpp.meet.jitsi:5280&gt;](http://xmpp.meet.jitsi:5280%3E)</td></tr><tr><td style="width: 24.6625%;">`XMPP_MUC_DOMAIN`</td><td style="width: 45.2792%;">XMPP domain for the MUC</td><td style="width: 30.0261%;">muc.meet.jitsi</td></tr><tr><td style="width: 24.6625%;">`XMPP_INTERNAL_MUC_DOMAIN`</td><td style="width: 45.2792%;">XMPP domain for the internal MUC</td><td style="width: 30.0261%;">internal-muc.meet.jitsi</td></tr><tr><td style="width: 24.6625%;">`XMPP_GUEST_DOMAIN`</td><td style="width: 45.2792%;">XMPP domain for unauthenticated users</td><td style="width: 30.0261%;">guest.meet.jitsi</td></tr><tr><td style="width: 24.6625%;">`XMPP_RECORDER_DOMAIN`</td><td style="width: 45.2792%;">Domain for the jibri recorder</td><td style="width: 30.0261%;">recorder.meet.jitsi</td></tr><tr><td style="width: 24.6625%;">`XMPP_MODULES`</td><td style="width: 45.2792%;">Custom Prosody modules for XMPP\_DOMAIN (comma separated)</td><td style="width: 30.0261%;">info,alert</td></tr><tr><td style="width: 24.6625%;">`XMPP_MUC_MODULES`</td><td style="width: 45.2792%;">Custom Prosody modules for MUC component (comma separated)</td><td style="width: 30.0261%;">info,alert</td></tr><tr><td style="width: 24.6625%;">`XMPP_INTERNAL_MUC_MODULES`</td><td style="width: 45.2792%;">Custom Prosody modules for internal MUC component (comma separated)</td><td style="width: 30.0261%;">info,alert</td></tr><tr><td style="width: 24.6625%;">`GLOBAL_MODULES`</td><td style="width: 45.2792%;">Custom prosody modules to load in global configuration (comma separated)</td><td style="width: 30.0261%;">statistics,alert</td></tr><tr><td style="width: 24.6625%;">`GLOBAL_CONFIG`</td><td style="width: 45.2792%;">Custom configuration string with escaped newlines</td><td style="width: 30.0261%;">foo = bar;\\nkey = val;</td></tr><tr><td style="width: 24.6625%;">`RESTART_POLICY`</td><td style="width: 45.2792%;">Container restart policy</td><td style="width: 30.0261%;">defaults to `unless-stopped`</td></tr><tr><td style="width: 24.6625%;">`DISABLE_HTTPS`</td><td style="width: 45.2792%;">Handle TLS connections outside of this setup</td><td style="width: 30.0261%;">0</td></tr><tr><td style="width: 24.6625%;">`ENABLE_HTTP_REDIRECT`</td><td style="width: 45.2792%;">Redirect HTTP traffic to HTTPS</td><td style="width: 30.0261%;">0</td></tr><tr><td style="width: 24.6625%;">`LOG_LEVEL`</td><td style="width: 45.2792%;">Controls which logs are output from prosody and associated modules</td><td style="width: 30.0261%;">info</td></tr><tr><td style="width: 24.6625%;">`ENABLE_HSTS`</td><td style="width: 45.2792%;">Send a `strict-transport-security` header to force browsers to use a secure and trusted connection. Recommended for production use.</td><td style="width: 30.0261%;">1</td></tr><tr><td style="width: 24.6625%;">`ENABLE_IPV6`</td><td style="width: 45.2792%;">Provides means to disable IPv6 in environments that don't support it</td><td style="width: 30.0261%;">1</td></tr><tr><td style="width: 24.6625%;">`ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX`</td><td style="width: 45.2792%;">Enabled older unsafe regex for JVB colibri-ws URLs. WARNING: Enable with caution, this regex allows connections to arbitrary internal IP addresses and is not recommended for production use. Unsafe regex is defined as `[a-zA-Z0-9-\._]+`</td><td style="width: 30.0261%;">0</td></tr><tr><td style="width: 24.6625%;">`COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME`</td><td style="width: 45.2792%;">DNS name to look up JVB IP address, used for default value of `COLIBRI_WEBSOCKET_REGEX`</td><td style="width: 30.0261%;">jvb</td></tr><tr><td style="width: 24.6625%;">`COLIBRI_WEBSOCKET_REGEX`</td><td style="width: 45.2792%;">Overrides the colibri regex used for proxying to JVB. Recommended to override in production with values matching possible JVB IP ranges</td><td style="width: 30.0261%;">defaults to `dig $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME` unless `DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP` is set to true</td></tr><tr><td style="width: 24.6625%;">`DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP`</td><td style="width: 45.2792%;">Controls whether to run `dig $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME` when defining COLIBRI\_WEBSOCKET\_REGEX</td><td style="width: 30.0261%;">0</td></tr></tbody></table>

#### Advanced Prosody options[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-prosody-options "Direct link to Advanced Prosody options")

<table id="bkmrk-variable-description-18"><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`PROSODY_RESERVATION_ENABLED`</td><td>Enable Prosody's reservation REST API</td><td>false</td></tr><tr><td>`PROSODY_RESERVATION_REST_BASE_URL`</td><td>Base URL of Prosody's reservation REST API</td><td> </td></tr><tr><td>`PROSODY_AUTH_TYPE`</td><td>Select authentication type for Prosody (internal, jwt or ldap)</td><td>`AUTH_TYPE`</td></tr></tbody></table>

#### Advanced Jicofo options[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-jicofo-options "Direct link to Advanced Jicofo options")

<table id="bkmrk-variable-description-19" style="width: 100.001%;"><thead><tr><th style="width: 26.9258%;">Variable</th><th style="width: 61.3652%;">Description</th><th style="width: 11.5577%;">Default value</th></tr></thead><tbody><tr><td style="width: 26.9258%;">`JICOFO_COMPONENT_SECRET`</td><td style="width: 61.3652%;">XMPP component password for Jicofo</td><td style="width: 11.5577%;">s3cr37</td></tr><tr><td style="width: 26.9258%;">`JICOFO_AUTH_USER`</td><td style="width: 61.3652%;">XMPP user for Jicofo client connections</td><td style="width: 11.5577%;">focus</td></tr><tr><td style="width: 26.9258%;">`JICOFO_AUTH_PASSWORD`</td><td style="width: 61.3652%;">XMPP password for Jicofo client connections</td><td style="width: 11.5577%;">`<unset>`</td></tr><tr><td style="width: 26.9258%;">`JICOFO_ENABLE_AUTH`</td><td style="width: 61.3652%;">Enable authentication in Jicofo</td><td style="width: 11.5577%;">`ENABLE_AUTH`</td></tr><tr><td style="width: 26.9258%;">`JICOFO_AUTH_TYPE`</td><td style="width: 61.3652%;">Select authentication type for Jicofo (internal, jwt or ldap)</td><td style="width: 11.5577%;">`AUTH_TYPE`</td></tr><tr><td style="width: 26.9258%;">`JICOFO_AUTH_LIFETIME`</td><td style="width: 61.3652%;">Select session timeout value for an authenticated user</td><td style="width: 11.5577%;">24 hours</td></tr><tr><td style="width: 26.9258%;">`JICOFO_ENABLE_HEALTH_CHECKS`</td><td style="width: 61.3652%;">Enable health checks inside Jicofo, allowing the use of the REST api to check Jicofo's status</td><td style="width: 11.5577%;">false</td></tr></tbody></table>

#### Advanced JVB options[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-jvb-options "Direct link to Advanced JVB options")

<table id="bkmrk-variable-description-20" style="width: 100.001%;"><thead><tr><th style="width: 20.9706%;">Variable</th><th style="width: 44.2003%;">Description</th><th style="width: 34.916%;">Default value</th></tr></thead><tbody><tr><td style="width: 20.9706%;">`JVB_AUTH_USER`</td><td style="width: 44.2003%;">XMPP user for JVB MUC client connections</td><td style="width: 34.916%;">jvb</td></tr><tr><td style="width: 20.9706%;">`JVB_AUTH_PASSWORD`</td><td style="width: 44.2003%;">XMPP password for JVB MUC client connections</td><td style="width: 34.916%;">`<unset>`</td></tr><tr><td style="width: 20.9706%;">`JVB_STUN_SERVERS`</td><td style="width: 44.2003%;">STUN servers used to discover the server's public IP</td><td style="width: 34.916%;">stun.l.google.com:19302, stun1.l.google.com:19302, stun2.l.google.com:19302</td></tr><tr><td style="width: 20.9706%;">`JVB_PORT`</td><td style="width: 44.2003%;">UDP port for media used by Jitsi Videobridge</td><td style="width: 34.916%;">10000</td></tr><tr><td style="width: 20.9706%;">`JVB_COLIBRI_PORT`</td><td style="width: 44.2003%;">COLIBRI REST API port of JVB exposed to localhost</td><td style="width: 34.916%;">8080</td></tr><tr><td style="width: 20.9706%;">`JVB_BREWERY_MUC`</td><td style="width: 44.2003%;">MUC name for the JVB pool</td><td style="width: 34.916%;">jvbbrewery</td></tr><tr><td style="width: 20.9706%;">`COLIBRI_REST_ENABLED`</td><td style="width: 44.2003%;">Enable the COLIBRI REST API</td><td style="width: 34.916%;">true</td></tr><tr><td style="width: 20.9706%;">`SHUTDOWN_REST_ENABLED`</td><td style="width: 44.2003%;">Enable the shutdown REST API</td><td style="width: 34.916%;">true</td></tr></tbody></table>

#### Advanced Jigasi options[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-jigasi-options "Direct link to Advanced Jigasi options")

<table id="bkmrk-variable-description-21"><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`JIGASI_ENABLE_SDES_SRTP`</td><td>Enable SDES srtp</td><td>0</td></tr><tr><td>`JIGASI_SIP_KEEP_ALIVE_METHOD`</td><td>Keepalive method</td><td>OPTIONS</td></tr><tr><td>`JIGASI_HEALTH_CHECK_SIP_URI`</td><td>Health-check extension</td><td> </td></tr><tr><td>`JIGASI_HEALTH_CHECK_INTERVAL`</td><td>Health-check interval</td><td>300000</td></tr><tr><td>`JIGASI_XMPP_USER`</td><td>XMPP user for Jigasi MUC client connections</td><td>jigasi</td></tr><tr><td>`JIGASI_XMPP_PASSWORD`</td><td>XMPP password for Jigasi MUC client connections</td><td>`<unset>`</td></tr><tr><td>`JIGASI_BREWERY_MUC`</td><td>MUC name for the Jigasi pool</td><td>jigasibrewery</td></tr><tr><td>`JIGASI_PORT_MIN`</td><td>Minimum port for media used by Jigasi</td><td>20000</td></tr><tr><td>`JIGASI_PORT_MAX`</td><td>Maximum port for media used by Jigasi</td><td>20050</td></tr></tbody></table>

### Running behind NAT or on a LAN environment[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#running-behind-nat-or-on-a-lan-environment "Direct link to Running behind NAT or on a LAN environment")

When running running in a LAN environment, or on the public Internet via NAT, the `JVB_ADVERTISE_IPS` env variable should be set. This variable allows to control which IP addresses the JVB will advertise for WebRTC media traffic.

**NOTE**

This variable used to be called `DOCKER_HOST_ADDRESS` but it got renamed for clarity and to support a list of IPs.

If your users are coming in over the Internet (and not over LAN), this will likely be your public IP address. If this is not set up correctly, calls will crash when more than two users join a meeting.

The public IP address is attempted to be discovered via [STUN](https://en.wikipedia.org/wiki/STUN). STUN servers can be specified with the `JVB_STUN_SERVERS` option.

**NOTE**

Due to a bug in the docker version currently in the Debian repos (20.10.5), [Docker does not listen on IPv6 ports](https://forums.docker.com/t/docker-doesnt-open-ipv6-ports/106201/2), so for that combination you will have to [manually obtain the latest version](https://docs.docker.com/engine/install/debian/).

#### Split horizon[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#split-horizon "Direct link to Split horizon")

If you are running in a split horizon environemt (LAN internal clients connect to a local IP and other clients connect to a public IP) you can specify multiple advertised IPs by separating them with commas:

```text
JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4
```

<div class="codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--19" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>#### Offline / airgapped installation[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#offline--airgapped-installation "Direct link to Offline / airgapped installation")

If your setup does not have access to the Internet you'll need to disable STUN on the JVB since discovering its own IP address will fail, but that is not necessary on that type of environment.

```text
JVB_DISABLE_STUN=true
```

<div class="codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--20" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>## Accessing server logs[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#accessing-server-logs "Direct link to Accessing server logs")

The default bahavior of `docker-jitsi-meet` is to log to `stdout`.

While the logs are sent to `stdout`, they are not lost: unless configured to drop all logs, Docker keeps them available for future retrieval and processing.

If you need to access the container's logs you have multiple options. Here are the main ones:

- run `docker compose logs -t -f <service_name>` from command line, where `<service_name>` is one of `web`, `prosody`,`jvb`, `jicofo`. This command will output the logs for the selected service to stdout with timestamps.
- use a standard [docker logging driver](https://docs.docker.com/config/containers/logging/configure/) to redirect the logs to the desired target (for instance `syslog` or `splunk`).
- search [docker hub](https://hub.docker.com/search?q=) for a third party [docker logging driver plugin](https://docs.docker.com/config/containers/logging/plugins/)
- or [write your own driver plugin](https://docs.docker.com/engine/extend/plugins_logging/) if you have a very specific need.

For instance, if you want to have all logs related to a `<service_name>` written to `/var/log/jitsi/<service_name>` as `json` output, you could use [docker-file-log-driver](https://github.com/deep-compute/docker-file-log-driver) and configure it by adding the following block in your `docker-compose.yml` file, at the same level as the `image` block of the selected `<service_name>`:

```
services:
    <service_name>:
        image: ...
        ...
        logging:
            driver: file-log-driver
            options:
                fpath: "/jitsi/<service_name>.log"

```

<div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--21" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>If you want to only display the `message` part of the log in `json` format, simply execute the following command (for instance if `fpath` was set to `/jitsi/jvb.log`) which uses `jq` to extract the relevant part of the logs:

```text
sudo cat /var/log/jitsi/jvb.log | jq -r '.msg' | jq -r '.message'
```

<div class="codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--22" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>## Build Instructions[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#build-instructions "Direct link to Build Instructions")

Building your images allows you to edit the configuration files of each image individually, providing more customization for your deployment.

The docker images can be built by running the `make` command in the main repository folder. If you need to overwrite existing images from the remote source, use `FORCE_REBUILD=1 make`.

If you are on the unstable branch, build the images with `FORCE_REBUILD=1 JITSI_RELEASE=unstable make`.

You are now able to run `docker compose up` as usual.

## Running behind a reverse proxy[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#running-behind-a-reverse-proxy "Direct link to Running behind a reverse proxy")

By default this setup is using WebSocket connections for 2 core components:

- Signalling (XMPP)
- Bridge channel (colibri)

Due to the hop-by-hop nature of WebSockets the reverse proxy must properly terminate and forward WebSocket connections. There 2 routes require such treatment:

- /xmpp-websocket
- /colibri-ws

With nginx, these routes can be forwarded using the following config snippet:

```nginx
location /xmpp-websocket {
    proxy_pass https://localhost:8443;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}
location /colibri-ws {
    proxy_pass https://localhost:8443;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}
```

<div class="language-nginx codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--23" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>In addition we need a route for /http-bind as XMPP over BOSH is still used by mobile clients:

```nginx
location /http-bind {
    proxy_pass https://localhost:8443;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}
```

<div class="language-nginx codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--24" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>With apache, `mod_proxy` and `mod_proxy_wstunnel` need to be enabled and these routes can be forwarded using the following config snippet:

```apache
<IfModule mod_proxy.c>
    <IfModule mod_proxy_wstunnel.c>
        ProxyTimeout 900
        <Location "/xmpp-websocket">
            ProxyPass "wss://localhost:8443/xmpp-websocket"
        </Location>
        <Location "/colibri-ws/">
            ProxyPass "wss://localhost:8443/colibri-ws/"
        </Location>
        <Location "/http-bind">
            ProxyPass "http://localhost:8443/http-bind"
        </Location>
    </IfModule>
</IfModule>
```

<div class="language-apache codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--25" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>where `https://localhost:8443/` is the url of the web service's ingress.

### Disabling WebSocket connections

NOTE

This is not the recommended setup.

If using WebSockets is not an option, these environment variables can be set to fallback to HTTP polling and WebRTC datachannels:

```
ENABLE_SCTP=1
ENABLE_COLIBRI_WEBSOCKET=0
ENABLE_XMPP_WEBSOCKET=0
```

# Scalable setup Jitsi Docker

Link: [https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable)

A single server Jitsi installation is good for a limited size of concurrent conferences. The first limiting factor is the videobridge component, that handles the actual video and audio traffic. It is easy to scale the video bridges horizontally by adding as many as needed. In a cloud based environment, additionally the bridges can be scaled up or down as needed.  
  
**DANGER**

The [Youtube Tutorial on Scaling](https://www.youtube.com/watch?v=LyGV4uW8km8) is outdated and describes an old configuration method. The current default Jitsi Meet install is already configured for horizontal scalability.  
  
**NOTE**

Building a scalable infrastructure is not a task for beginning Jitsi Administrators. The instructions assume that you have installed a single node version successfully, and that you are comfortable installing, configuring and debugging Linux software. This is not a step-by-step guide, but will show you, which packages to install and which configurations to change. It is highly recommended to use configuration management tools like Ansible or Puppet to manage the installation and configuration.

## Architecture (Single Jitsi-Meet, multiple videobridges)[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#architecture-single-jitsi-meet-multiple-videobridges "Direct link to Architecture (Single Jitsi-Meet, multiple videobridges)")

A first step is to split the functions of the central jitsi-meet instance (with nginx, prosody and jicofo) and videobridges.

A simplified diagram (with open network ports) of an installation with one Jitsi-Meet instance and three videobridges that are load balanced looks as follows. Each box is a server/VM.

```
               +                                       +
               |                                       |
               |                                       |
               v                                       v
          80, 443 TCP                          443 TCP, 10000 UDP
       +--------------+                     +---------------------+
       |  nginx       |  5222 TCP           |                     |
       |  Jitsi Meet  |<-------------------+|  jitsi-videobridge  |
       |  prosody     |         |           |                     |
       |  jicofo      |         |           +---------------------+
       +--------------+         |
                                |           +---------------------+
                                |           |                     |
                                +----------+|  jitsi-videobridge  |
                                |           |                     |
                                |           +---------------------+
                                |
                                |           +---------------------+
                                |           |                     |
                                +----------+|  jitsi-videobridge  |
                                            |                     |
                                            +---------------------+

```

<div class="codeBlockContainer_Ckt0 theme-code-block" id="bkmrk-" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>## Machine Sizing[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#machine-sizing "Direct link to Machine Sizing")

The Jitsi-Meet server will generally not have that much load (unless you have many) conferences going at the same time. A 4 CPU, 8 GB machine will probably be fine.

The videobridges will have more load. 4 or 8 CPU with 8 GB RAM seems to be a good configuration.

### Installation of Jitsi-Meet[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#installation-of-jitsi-meet "Direct link to Installation of Jitsi-Meet")

Assuming that the installation will run under the following FQDN: `meet.example.com` and you have SSL cert and key in `/etc/ssl/meet.example.com.{crt,key}`

Set the following DebConf variables prior to installing the packages. (We are not installing the `jitsi-meet` package which would handle that for us)

Install the `debconf-utils` package

```text
$ cat << EOF | sudo debconf-set-selections
jitsi-videobridge   jitsi-videobridge/jvb-hostname  string  meet.example.com
jitsi-meet  jitsi-meet/jvb-serve    boolean false
jitsi-meet-prosody  jitsi-videobridge/jvb-hostname  string  meet.example.com
jitsi-meet-web-config   jitsi-meet/cert-choice  select  I want to use my own certificate
jitsi-meet-web-config   jitsi-meet/cert-path-crt    string  /etc/ssl/meet.example.com.crt
jitsi-meet-web-config   jitsi-meet/cert-path-key    string  /etc/ssl/meet.example.com.key
jitsi-meet-web-config   jitsi-meet/jaas-choice  boolean false
EOF
```

<div class="codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--1" style="text-align: justify;"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>To enable integration with [Jitsi Meet Components](https://jaas.8x8.vc/#/components) for telephony support, set the `jitsi-meet/jaas-choice` option above to `true`.

On the jitsi-meet server, install the following packages:

- `nginx`
- `prosody`
- `jicofo`
- `jitsi-meet-web`
- `jitsi-meet-prosody`
- `jitsi-meet-web-config`

### Installation of Videobridge(s)[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#installation-of-videobridges "Direct link to Installation of Videobridge(s)")

For simplicities sake, set the same `debconf` variables as above and install

- `jitsi-videobridge2`

### Configuration of jitsi-meet[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#configuration-of-jitsi-meet "Direct link to Configuration of jitsi-meet")

#### Firewall[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#firewall "Direct link to Firewall")

Open the following ports:

Open to world:

- 80 TCP
- 443 TCP

Open to the videobridges only

- 5222 TCP (for Prosody)

#### NGINX[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#nginx "Direct link to NGINX")

Create the `/etc/nginx/sites-available/meet.example.com.conf` as usual

#### Jitsi-Meet[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#jitsi-meet "Direct link to Jitsi-Meet")

Adapt `/usr/share/jitsi-meet/config.js` and `/usr/share/jitsi-meet/interface-config.js` to your specific needs

#### Jicofo[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#jicofo "Direct link to Jicofo")

No changes necessary from the default install.

### Configuration of the Videobridge[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#configuration-of-the-videobridge "Direct link to Configuration of the Videobridge")

#### Firewall[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#firewall-1 "Direct link to Firewall")

Open the following ports:

Open to world:

- 10000 UDP (for media)

#### jitsi-videobridge2[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#jitsi-videobridge2 "Direct link to jitsi-videobridge2")

No changes necessary from the default setup.

## Testing[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable#testing "Direct link to Testing")

After restarting all services (`prosody`, `jicofo` and all the `jitsi-videobridge2`) you can see in `/var/log/prosody/prosody.log` and `/var/log/jitsi/jicofo.log` that the videobridges connect to Prososy and that Jicofo picks them up.

When a new conference starts, Jicofo picks a videobridge and schedules the conference on it.

# Self-Hosting Guide - Docker (2025)

Link: [https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/) <span class="theme-last-updated">Last updated on **<time datetime="2025-03-07T12:16:18.000Z">Mar 7, 2025</time>**</span>

## Quick start[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#quick-start "Direct link to Quick start")

In order to quickly run Jitsi Meet on a machine running Docker and Docker Compose, follow these steps:

<div class="theme-doc-markdown markdown" id="bkmrk-download-and-extract" style="text-align: justify;">1. Download and extract the [latest release](https://github.com/jitsi/docker-jitsi-meet/releases/latest). **DO NOT** clone the git repository. See below if you are interested in running test images:
    
    ```
    wget $(curl -s https://api.github.com/repos/jitsi/docker-jitsi-meet/releases/latest | grep 'zip' | cut -d\" -f4)
    
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Toggle word wrap" class="clean-btn" title="Toggle word wrap" type="button"><svg aria-hidden="true" class="wordWrapButtonIcon_Bwma" viewbox="0 0 24 24"><path d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z" fill="currentColor"></path></svg></button><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
2. Unzip the package:
    
    ```
    unzip <filename>
    
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
3. Create a `.env` file by copying and adjusting `env.example`:
    
    ```
    cp env.example .env
    
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
4. Set strong passwords in the security section options of `.env` file by running the following bash script
    
    ```
    ./gen-passwords.sh
    
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
5. Create required `CONFIG` directories
    
    
    - For linux:
    
    ```bash
    mkdir -p ~/.jitsi-meet-cfg/{web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Toggle word wrap" class="clean-btn" title="Toggle word wrap" type="button"><svg aria-hidden="true" class="wordWrapButtonIcon_Bwma" viewbox="0 0 24 24"><path d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z" fill="currentColor"></path></svg></button><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
    - For Windows:
    
    ```
    echo web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri
    
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>```
     mkdir "~/.jitsi-meet-cfg/$_"
    
    ```
    
    <div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>
6. Run `docker compose up -d`
7. Access the web UI at [`https://localhost:8443`](https://localhost:8443/) (or a different port, in case you edited the `.env` file).ote

</div>HTTP (não HTTPS) também está disponível (na porta 8000, por padrão), mas isso é, por exemplo, para uma configuração de proxy reverso; acesso direto via HTTP em vez de HTTPS leva a erros WebRTC, como *Falha ao acessar seu microfone/câmera: Não é possível usar o microfone/câmera por um motivo desconhecido. Não é possível ler a propriedade 'getUserMedia' de undefined* ou *navigator.mediaDevices é undefined*.

**IMPORTANT**: When deploying Jitsi Meet for real use you must set the `PUBLIC_URL` env variable to the real domain where your setup is running.

If you want to use jigasi too, first configure your env file with SIP credentials and then run Docker Compose as follows:

```bash
docker compose -f docker-compose.yml -f jigasi.yml up
```

<div class="theme-doc-markdown markdown" id="bkmrk-" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>If you want to enable document sharing via [Etherpad](https://github.com/ether/etherpad-lite), configure it and run Docker Compose as follows:

```bash
docker compose -f docker-compose.yml -f etherpad.yml up
```

<div class="theme-doc-markdown markdown" id="bkmrk--1" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>If you want to use jibri too, first configure a host as described in Jitsi Broadcasting Infrastructure configuration section and then run Docker Compose as follows:

```bash
docker compose -f docker-compose.yml -f jibri.yml up -d
```

<div class="theme-doc-markdown markdown" id="bkmrk--2" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>or to use jigasi too:

```bash
docker compose -f docker-compose.yml -f jigasi.yml -f jibri.yml up -d
```

<div class="theme-doc-markdown markdown" id="bkmrk--3" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>To include a transcriber component, run Docker Compose as follows:

```bash
docker compose -f docker-compose.yml -f transcriber.yml up -d
```

<div class="theme-doc-markdown markdown" id="bkmrk--4" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>Or for them all together:

```bash
docker compose -f docker-compose.yml -f transcriber.yml -f jigasi.yml -f jibri.yml up -d
```

<div class="theme-doc-markdown markdown" id="bkmrk--5" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>For the log analysis project, you will need both log-analyser.yml and grafana.yml files. This project allows you to analyze docker logs in grafana. If you want to run the log analyzer, run the Docker files as follows:

```bash
docker-compose -f docker-compose.yml -f log-analyser.yml -f grafana.yml up -d
```

<div class="theme-doc-markdown markdown" id="bkmrk--6" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>Follow [this](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-log-analyser) document for detailed information on log analysis.

### Updating[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#updating "Direct link to Updating")

If you want to update, simply run

```bash
wget $(curl -s https://api.github.com/repos/jitsi/docker-jitsi-meet/releases/latest | grep 'zip' | cut -d\" -f4)
```

<div class="theme-doc-markdown markdown" id="bkmrk--7" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Toggle word wrap" class="clean-btn" title="Toggle word wrap" type="button"><svg aria-hidden="true" class="wordWrapButtonIcon_Bwma" viewbox="0 0 24 24"><path d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z" fill="currentColor"></path></svg></button><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>again (just like how you initially downloaded Jitsi). Then unzip and overwrite all when being asked:

```bash
unzip <filename>
```

<div class="theme-doc-markdown markdown" id="bkmrk--8" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>### Testing development / unstable builds[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#testing-development--unstable-builds "Direct link to Testing development / unstable builds")

Download the latest code:

```bash
git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meet
```

<div class="theme-doc-markdown markdown" id="bkmrk-note" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block">  
</div><div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb">Note</div><div class="admonitionContent_BuS1">  
</div></div></div>The code in `master` is designed to work with the unstable images. Do not run it with release images.

Run `docker compose up` as usual.

Every day a new "unstable" image build is uploaded.

### Building your own images[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#building-your-own-images "Direct link to Building your own images")

Download the latest code:

```bash
git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meet
```

<div class="theme-doc-markdown markdown" id="bkmrk--9" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>The provided `Makefile` provides a comprehensive way of building the whole stack or individual images.

To build all images:

```bash
make
```

<div class="theme-doc-markdown markdown" id="bkmrk--10" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>To build a specific image (the web image for example):

```bash
make build_web
```

<div class="theme-doc-markdown markdown" id="bkmrk--11" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>Once your local build is ready make sure to add `JITSI_IMAGE_VERSION=latest` to your `.env` file.

### Security note[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#security-note "Direct link to Security note")

This setup used to have default passwords for internal accounts used across components. In order to make the default setup secure by default these have been removed and the respective containers won't start without having a password set.

Strong passwords may be generated as follows: `./gen-passwords.sh` This will modify your `.env` file (a backup is saved in `.env.bak`) and set strong passwords for each of the required options. Passwords are generated using `openssl rand -hex 16` .

DO NOT reuse any of the passwords.

## Architecture[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#architecture "Direct link to Architecture")

A Jitsi Meet installation can be broken down into the following components:

<div class="theme-doc-markdown markdown" id="bkmrk-a-web-interface-an-x" style="text-align: justify;">- A web interface
- An XMPP server
- A conference focus component
- A video router (could be more than one)
- A SIP gateway for audio calls
- A Broadcasting Infrastructure for recording or streaming a conference.

</div>![](https://jitsi.github.io/handbook/assets/images/docker-jitsi-meet-afafdf87fea30a2fa6412baa4a3f8248.png)

The diagram shows a typical deployment in a host running Docker. This project separates each of the components above into interlinked containers. To this end, several container images are provided.

### External Ports[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#external-ports "Direct link to External Ports")

The following external ports must be opened on a firewall:

<div class="theme-doc-markdown markdown" id="bkmrk-80%2Ftcp%C2%A0for-web-ui-ht" style="text-align: justify;">- `80/tcp` for Web UI HTTP (really just to redirect, after uncommenting `ENABLE_HTTP_REDIRECT=1` in `.env`)
- `443/tcp` for Web UI HTTPS
- `10000/udp` for RTP media over UDP

</div>Also `20000-20050/udp` for jigasi, in case you choose to deploy that to facilitate SIP access.

E.g. on a CentOS/Fedora server this would be done like this (without SIP access):

```bash
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --add-port=10000/udp
sudo firewall-cmd --reload
```

<div class="theme-doc-markdown markdown" id="bkmrk--13" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>See [the corresponding section in the debian/ubuntu setup guide](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall).

### Images[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#images "Direct link to Images")

<div class="theme-doc-markdown markdown" id="bkmrk-base%3A-debian-stable-" style="text-align: justify;">- **base**: Debian stable base image with the [S6 Overlay](https://github.com/just-containers/s6-overlay) for process control and the [Jitsi repositories](https://jitsi.org/downloads/) enabled. All other images are based on this one.
- **base-java**: Same as the above, plus Java (OpenJDK).
- **web**: Jitsi Meet web UI, served with nginx.
- **prosody**: [Prosody](https://prosody.im/), the XMPP server.
- **jicofo**: [Jicofo](https://github.com/jitsi/jicofo), the XMPP focus component.
- **jvb**: [Jitsi Videobridge](https://github.com/jitsi/jitsi-videobridge), the video router.
- **jigasi**: [Jigasi](https://github.com/jitsi/jigasi), the SIP (audio only) gateway.
- **jibri**: [Jibri](https://github.com/jitsi/jibri), the broadcasting infrastructure.

</div>### Design considerations[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#design-considerations "Direct link to Design considerations")

Jitsi Meet uses XMPP for signaling, thus the need for the XMPP server. The setup provided by these containers does not expose the XMPP server to the outside world. Instead, it's kept completely sealed, and routing of XMPP traffic only happens on a user-defined network.

The XMPP server can be exposed to the outside world, but that's out of the scope of this project.

## Configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#configuration "Direct link to Configuration")

The configuration is performed via environment variables contained in a `.env` file. You can copy the provided `env.example` file as a reference.

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`CONFIG`</td><td>Directory where all configuration will be stored</td><td>/opt/jitsi-meet-cfg</td></tr><tr><td>`TZ`</td><td>System Time Zone</td><td>Europe/Amsterdam</td></tr><tr><td>`HTTP_PORT`</td><td>Exposed port for HTTP traffic</td><td>8000</td></tr><tr><td>`HTTPS_PORT`</td><td>Exposed port for HTTPS traffic</td><td>8443</td></tr><tr><td>`JVB_ADVERTISE_IPS`</td><td>IP addresses of the Docker host (comma separated), needed for LAN environments</td><td>192.168.1.1</td></tr><tr><td>`PUBLIC_URL`</td><td>Public URL for the web service</td><td>[https://meet.example.com](https://meet.example.com/)</td></tr></tbody></table>

<div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb">Note</div><div class="admonitionContent_BuS1">  
</div></div></div>The mobile apps won't work with self-signed certificates (the default). See below for instructions on how to obtain a proper certificate with Let's Encrypt.

### TLS Configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#tls-configuration "Direct link to TLS Configuration")

#### Let's Encrypt configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#lets-encrypt-configuration "Direct link to Let's Encrypt configuration")

If you want to expose your Jitsi Meet instance to the outside traffic directly, but don't own a proper TLS certificate, you are in luck because Let's Encrypt support is built right in. Here are the required options:

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-1" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ENABLE_LETSENCRYPT`</td><td>Enable Let's Encrypt certificate generation</td><td>1</td></tr><tr><td>`LETSENCRYPT_DOMAIN`</td><td>Domain for which to generate the certificate</td><td>meet.example.com</td></tr><tr><td>`LETSENCRYPT_EMAIL`</td><td>E-Mail for receiving important account notifications (mandatory)</td><td><alice@atlanta.net></td></tr></tbody></table>

</div>In addition, you will need to set `HTTP_PORT` to 80 and `HTTPS_PORT` to 443 and PUBLIC\_URL to your domain. You might also consider to redirect HTTP traffic to HTTPS by setting `ENABLE_HTTP_REDIRECT=1`.

**Let's Encrypt rate limit warning**: Let's Encrypt has a limit to how many times you can submit a request for a new certificate for your domain name. At the time of writing, the current limit is five new (duplicate) certificates for the same domain name every seven days. Because of this, it is recommended that you disable the Let's Encrypt environment variables from `.env` if you plan on deleting the `.jitsi-meet-cfg` folder. Otherwise, you might want to consider moving the `.jitsi-meet-cfg` folder to a different location so you have a safe place to find the certificate that already Let's Encrypt issued. Or do initial testing with Let's Encrypt disabled, then re-enable Let's Encrypt once you are done testing.

<div class="theme-doc-markdown markdown" id="bkmrk-note-1" style="text-align: justify;"><div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb">Note</div><div class="admonitionContent_BuS1">  
</div></div></div>When you move away from `LETSENCRYPT_USE_STAGING`, you will have to manually clear the certificates from `.jitsi-meet-cfg/web`.

For more information on Let's Encrypt's rate limits, visit: [https://letsencrypt.org/docs/rate-limits/](https://letsencrypt.org/docs/rate-limits/)

#### Using existing TLS certificate and key[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#using-existing-tls-certificate-and-key "Direct link to Using existing TLS certificate and key")

If you own a proper TLS certificate and don't need a Let's Encrypt certificate, you can configure Jitsi Meet container to use it.

Unlike Let's Encrypt certificates, this is not configured through the `.env`file, but by telling Jitsi Meet's `web` service to mount the following two volumes:

<div class="theme-doc-markdown markdown" id="bkmrk-mount%C2%A0%2Fpath%2Fto%2Fyour%2F" style="text-align: justify;">- mount `/path/to/your/cert.key` file to `/config/keys/cert.key` mount point
- mount `/path/to/your/cert.fullchain` file to the `/config/keys/cert.crt` mount point.

</div>Doing it in `docker-compose.yml` file should look like this:

```yaml
services:
    web:
        ...
        volumes:
            ...
            - /path/to/your/cert.fullchain:/config/keys/cert.crt
            - /path/to/your/cert.key:/config/keys/cert.key
```

<div class="theme-doc-markdown markdown" id="bkmrk--14" style="text-align: justify;"><div class="language-yaml codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>### Features configuration (config.js)[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#features-configuration-configjs "Direct link to Features configuration (config.js)")

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-2" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`TOOLBAR_BUTTONS`</td><td>Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma)</td><td> </td></tr><tr><td>`HIDE_PREMEETING_BUTTONS`</td><td>Hide the buttons at pre-join screen. Add the buttons name separated with comma</td><td> </td></tr><tr><td>`ENABLE_LOBBY`</td><td>Control whether the lobby feature should be enabled or not</td><td>1</td></tr><tr><td>`ENABLE_AV_MODERATION`</td><td>Control whether the A/V moderation should be enabled or not</td><td>1</td></tr><tr><td>`ENABLE_PREJOIN_PAGE`</td><td>Show a prejoin page before entering a conference</td><td>1</td></tr><tr><td>`ENABLE_WELCOME_PAGE`</td><td>Enable the welcome page</td><td>1</td></tr><tr><td>`ENABLE_CLOSE_PAGE`</td><td>Enable the close page</td><td>0</td></tr><tr><td>`DISABLE_AUDIO_LEVELS`</td><td>Disable measuring of audio levels</td><td>0</td></tr><tr><td>`ENABLE_NOISY_MIC_DETECTION`</td><td>Enable noisy mic detection</td><td>1</td></tr><tr><td>`ENABLE_BREAKOUT_ROOMS`</td><td>Enable breakout rooms</td><td>1</td></tr></tbody></table>

</div>### Jigasi SIP gateway (audio only) configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#jigasi-sip-gateway-audio-only-configuration "Direct link to Jigasi SIP gateway (audio only) configuration")

If you want to enable the SIP gateway, these options are required:

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-3" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`JIGASI_SIP_URI`</td><td>SIP URI for incoming / outgoing calls</td><td><test@sip2sip.info></td></tr><tr><td>`JIGASI_SIP_PASSWORD`</td><td>Password for the specified SIP account</td><td>`<unset>`</td></tr><tr><td>`JIGASI_SIP_SERVER`</td><td>SIP server (use the SIP account domain if in doubt)</td><td>sip2sip.info</td></tr><tr><td>`JIGASI_SIP_PORT`</td><td>SIP server port</td><td>5060</td></tr><tr><td>`JIGASI_SIP_TRANSPORT`</td><td>SIP transport</td><td>UDP</td></tr></tbody></table>

</div>#### Display Dial-In information[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#display-dial-in-information "Direct link to Display Dial-In information")

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-4" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`DIALIN_NUMBERS_URL`</td><td>URL to the JSON with all Dial-In numbers</td><td>[https://meet.example.com/dialin.json](https://meet.example.com/dialin.json)</td></tr><tr><td>`CONFCODE_URL`</td><td>URL to the API for checking/generating Dial-In codes</td><td>[https://jitsi-api.jitsi.net/conferenceMapper](https://jitsi-api.jitsi.net/conferenceMapper)</td></tr></tbody></table>

</div>The JSON with the Dial-In numbers should look like this:

```json
{"message":"Dial-In numbers:","numbers":{"DE": ["+49-721-0000-0000"]},"numbersEnabled":true}
```

<div class="theme-doc-markdown markdown" id="bkmrk--15" style="text-align: justify;"><div class="language-json codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>### Recording / live streaming configuration with Jibri

[Details:](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#recording--live-streaming-configuration-with-jibri "Direct link to Recording / live streaming configuration with Jibri")

[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#recording--live-streaming-configuration-with-jibri "Direct link to Recording / live streaming configuration with Jibri")[If you are using a release older than 7439 some extra setup is necessary.Before running Jibri **on releases older than 7439**, you need to set up an ALSA loopback device on the host. This **will not** work on a non-Linux host.](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#recording--live-streaming-configuration-with-jibri "Direct link to Recording / live streaming configuration with Jibri")

For CentOS 7, the module is already compiled with the kernel, so just run:

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk-%23-configure-5-captur"><div class="codeBlockContent_biex">```
# configure 5 capture/playback interfaces
echo "options snd-aloop enable=1,1,1,1,1 index=0,1,2,3,4" > /etc/modprobe.d/alsa-loopback.conf
# setup autoload the module
echo "snd_aloop" > /etc/modules-load.d/snd_aloop.conf
# load the module
modprobe snd-aloop
# check that the module is loaded
lsmod | grep snd_aloop
```

</div></div>For Ubuntu:

```
# install the module
apt update && apt install linux-image-extra-virtual
# configure 5 capture/playback interfaces
echo "options snd-aloop enable=1,1,1,1,1 index=0,1,2,3,4" > /etc/modprobe.d/alsa-loopback.conf
# setup autoload the module
echo "snd-aloop" >> /etc/modules
# check that the module is loaded
lsmod | grep snd_aloop

```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--16"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div><div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary" id="bkmrk-note-2"><div class="admonitionHeading_Gvgb">Note</div></div>If you are running on AWS you may need to reboot your machine to use the generic kernel instead of the "aws" kernel. If after reboot, your machine is still using the "aws" kernel, you'll need to manually update the grub file. So just run:

```
# open the grub file in editor
nano /etc/default/grub
# Modify the value of GRUB_DEFAULT from "0" to "1>2"
# Save and exit from file

# Update grub
update-grub
# Reboot the machine
reboot now

```

<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--17"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>For using multiple Jibri instances, you have to select different loopback interfaces for each instance manually.

Default the first instance has:

```
...
slave.pcm "hw:Loopback,0,0"
...
slave.pcm "hw:Loopback,0,1"
...
slave.pcm "hw:Loopback,1,1"
...
slave.pcm "hw:Loopback,1,0"
...

```

<div class="codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--18"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>To setup the second instance, run container with changed `/home/jibri/.asoundrc`:

```
...
slave.pcm "hw:Loopback_1,0,0"
...
slave.pcm "hw:Loopback_1,0,1"
...
slave.pcm "hw:Loopback_1,1,1"
...
slave.pcm "hw:Loopback_1,1,0"
...

```

<div class="codeBlockContainer_Ckt0 theme-code-block" id="bkmrk--19"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div>Also you can use numbering id for set loopback interface. The third instance will have `.asoundrc` that looks like:

```
...
slave.pcm "hw:2,0,0"
...
slave.pcm "hw:2,0,1"
...
slave.pcm "hw:2,1,1"
...
slave.pcm "hw:2,1,0"
...

```

If you want to enable Jibri these options are required:

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-5" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ENABLE_RECORDING`</td><td>Enable recording / live streaming</td><td>1</td></tr></tbody></table>

</div>Extended Jibri configuration:

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-6" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`JIBRI_RECORDER_USER`</td><td>Internal recorder user for Jibri client connections</td><td>recorder</td></tr><tr><td>`JIBRI_RECORDER_PASSWORD`</td><td>Internal recorder password for Jibri client connections</td><td>`<unset>`</td></tr><tr><td>`JIBRI_RECORDING_DIR`</td><td>Directory for recordings inside Jibri container</td><td>/config/recordings</td></tr><tr><td>`JIBRI_FINALIZE_RECORDING_SCRIPT_PATH`</td><td>The finalizing script. Will run after recording is complete</td><td>/config/finalize.sh</td></tr><tr><td>`JIBRI_XMPP_USER`</td><td>Internal user for Jibri client connections.</td><td>jibri</td></tr><tr><td>`JIBRI_STRIP_DOMAIN_JID`</td><td>Prefix domain for strip inside Jibri (please see env.example for details)</td><td>muc</td></tr><tr><td>`JIBRI_BREWERY_MUC`</td><td>MUC name for the Jibri pool</td><td>jibribrewery</td></tr><tr><td>`JIBRI_PENDING_TIMEOUT`</td><td>MUC connection timeout</td><td>90</td></tr></tbody></table>

</div>### Jitsi Meet configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#jitsi-meet-configuration "Direct link to Jitsi Meet configuration")

Jitsi-Meet uses two configuration files for changing default settings within the web interface: `config.js` and `interface_config.js`. The files are located within the `CONFIG/web/` directory configured within your environment file.

These files are re-created on every container restart. If you'd like to provide your own settings, create your own config files: `custom-config.js` and `custom-interface_config.js`.

It's enough to provide your relevant settings only, the docker scripts will append your custom files to the default ones!

### Authentication[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication "Direct link to Authentication")

Authentication can be controlled with the environment variables below. If guest access is enabled, unauthenticated users will need to wait until a user authenticates before they can join a room. If guest access is not enabled, every user will need to authenticate before they can join.

If authentication is enabled, once an authenticated user logged in, it is always logged in before the session timeout. You can set `ENABLE_AUTO_LOGIN=0` to disable this default auto login feature or you can set `JICOFO_AUTH_LIFETIME` to limit the session lifetime.

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-7" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ENABLE_AUTH`</td><td>Enable authentication</td><td>1</td></tr><tr><td>`ENABLE_GUESTS`</td><td>Enable guest access</td><td>1</td></tr><tr><td>`AUTH_TYPE`</td><td>Select authentication type (internal, jwt or ldap)</td><td>internal</td></tr><tr><td>`ENABLE_AUTO_LOGIN`</td><td>Enable auto login</td><td>1</td></tr><tr><td>`JICOFO_AUTH_LIFETIME`</td><td>Select session timeout value for an authenticated user</td><td>3 hours</td></tr></tbody></table>

</div>#### Internal authentication[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#internal-authentication "Direct link to Internal authentication")

The default authentication mode (`internal`) uses XMPP credentials to authenticate users. To enable it you have to enable authentication with `ENABLE_AUTH` and set `AUTH_TYPE` to `internal`, then configure the settings you can see below.

Internal users must be created with the `prosodyctl` utility in the `prosody` container. In order to do that, first, execute a shell in the corresponding container:

```bash
docker compose exec prosody /bin/bash
```

<div class="theme-doc-markdown markdown" id="bkmrk--20" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>Once in the container, run the following command to create a user:

```bash
prosodyctl --config /config/prosody.cfg.lua register TheDesiredUsername meet.jitsi TheDesiredPassword
```

<div class="theme-doc-markdown markdown" id="bkmrk--21" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Toggle word wrap" class="clean-btn" title="Toggle word wrap" type="button"><svg aria-hidden="true" class="wordWrapButtonIcon_Bwma" viewbox="0 0 24 24"><path d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z" fill="currentColor"></path></svg></button><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>Note that the command produces no output.

To delete a user, run the following command in the container:

```bash
prosodyctl --config /config/prosody.cfg.lua unregister TheDesiredUsername meet.jitsi
```

<div class="theme-doc-markdown markdown" id="bkmrk--22" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>To list all users, run the following command in the container:

```bash
find /config/data/meet%2ejitsi/accounts -type f -exec basename {} .dat \;
```

<div class="theme-doc-markdown markdown" id="bkmrk--23" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>#### Authentication using LDAP[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication-using-ldap "Direct link to Authentication using LDAP")

You can use LDAP to authenticate users. To enable it you have to enable authentication with `ENABLE_AUTH` and set `AUTH_TYPE` to `ldap`, then configure the settings you can see below.

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-8" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`LDAP_URL`</td><td>URL for ldap connection</td><td>ldaps://ldap.domain.com/</td></tr><tr><td>`LDAP_BASE`</td><td>LDAP base DN. Can be empty.</td><td>DC=example,DC=domain,DC=com</td></tr><tr><td>`LDAP_BINDDN`</td><td>LDAP user DN. Do not specify this parameter for the anonymous bind.</td><td>CN=binduser,OU=users,DC=example,DC=domain,DC=com</td></tr><tr><td>`LDAP_BINDPW`</td><td>LDAP user password. Do not specify this parameter for the anonymous bind.</td><td>LdapUserPassw0rd</td></tr><tr><td>`LDAP_FILTER`</td><td>LDAP filter.</td><td>(sAMAccountName=%u)</td></tr><tr><td>`LDAP_AUTH_METHOD`</td><td>LDAP authentication method.</td><td>bind</td></tr><tr><td>`LDAP_VERSION`</td><td>LDAP protocol version</td><td>3</td></tr><tr><td>`LDAP_USE_TLS`</td><td>Enable LDAP TLS</td><td>1</td></tr><tr><td>`LDAP_TLS_CIPHERS`</td><td>Set TLS ciphers list to allow</td><td>SECURE256:SECURE128</td></tr><tr><td>`LDAP_TLS_CHECK_PEER`</td><td>Require and verify LDAP server certificate</td><td>1</td></tr><tr><td>`LDAP_TLS_CACERT_FILE`</td><td>Path to CA cert file. Used when server certificate verification is enabled</td><td>/etc/ssl/certs/ca-certificates.crt</td></tr><tr><td>`LDAP_TLS_CACERT_DIR`</td><td>Path to CA certs directory. Used when server certificate verification is enabled.</td><td>/etc/ssl/certs</td></tr><tr><td>`LDAP_START_TLS`</td><td>Enable START\_TLS, requires LDAPv3, URL must be ldap:// not ldaps://</td><td>0</td></tr></tbody></table>

</div>#### Authentication using JWT tokens[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication-using-jwt-tokens "Direct link to Authentication using JWT tokens")

You can use JWT tokens to authenticate users. To enable it you have to enable authentication with `ENABLE_AUTH` and set `AUTH_TYPE` to `jwt`, then configure the settings you can see below.

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-9" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`JWT_APP_ID`</td><td>Application identifier</td><td>my\_jitsi\_app\_id</td></tr><tr><td>`JWT_APP_SECRET`</td><td>Application secret known only to your token</td><td>my\_jitsi\_app\_secret</td></tr><tr><td>`JWT_ACCEPTED_ISSUERS`</td><td>(Optional) Set asap\_accepted\_issuers as a comma separated list</td><td>my\_web\_client,my\_app\_client</td></tr><tr><td>`JWT_ACCEPTED_AUDIENCES`</td><td>(Optional) Set asap\_accepted\_audiences as a comma separated list</td><td>my\_server1,my\_server2</td></tr><tr><td>`JWT_ASAP_KEYSERVER`</td><td>(Optional) Set asap\_keyserver to a url where public keys can be found</td><td>[https://example.com/asap&gt;](https://example.com/asap%3E)</td></tr><tr><td>`JWT_ALLOW_EMPTY`</td><td>(Optional) Allow anonymous users with no JWT while validating JWTs when provided</td><td>0</td></tr><tr><td>`JWT_AUTH_TYPE`</td><td>(Optional) Controls which module is used for processing incoming JWTs</td><td>token</td></tr><tr><td>`JWT_TOKEN_AUTH_MODULE`</td><td>(Optional) Controls which module is used for validating JWTs</td><td>token\_verification</td></tr></tbody></table>

</div>This can be tested using the [jwt.io](https://jwt.io/#debugger-io) debugger. Use the following sample payload:

```json
{
  "context": {
    "user": {
      "avatar": "https://robohash.org/john-doe",
      "name": "John Doe",
      "email": "jdoe@example.com"
    }
  },
  "aud": "my_jitsi_app_id",
  "iss": "my_jitsi_app_id",
  "sub": "meet.jitsi",
  "room": "*"
}
```

<div class="theme-doc-markdown markdown" id="bkmrk--24" style="text-align: justify;"><div class="language-json codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>#### Authentication using Matrix[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication-using-matrix "Direct link to Authentication using Matrix")

For more information see the documentation of the "Prosody Auth Matrix User Verification" [here](https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification).

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-10" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`MATRIX_UVS_URL`</td><td>Base URL to the matrix user verification service (without ending slash)</td><td>`https://uvs.example.com:3000`</td></tr><tr><td>`MATRIX_UVS_ISSUER`</td><td>(optional) The issuer of the auth token to be passed through. Must match what is being set as `iss` in the JWT.</td><td>issuer (default)</td></tr><tr><td>`MATRIX_UVS_AUTH_TOKEN`</td><td>(optional) user verification service auth token, if authentication enabled</td><td>changeme</td></tr><tr><td>`MATRIX_UVS_SYNC_POWER_LEVELS`</td><td>(optional) Make Matrix room moderators owners of the Prosody room.</td><td>1</td></tr></tbody></table>

</div>#### Authentication using Hybrid Matrix Token[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#authentication-using-hybrid-matrix-token "Direct link to Authentication using Hybrid Matrix Token")

You can use `Hybrid Matrix Token` to authenticate users. It supports `Matrix` and `JWT Token` authentications on the same setup. To enable it you have to enable authentication with `ENABLE_AUTH` and set `AUTH_TYPE` to `hybrid_matrix_token`, then configure the settings you can see below.

For more information see the documentation of the "Hybrid Matrix Token" [here](https://github.com/jitsi-contrib/prosody-plugins/tree/main/auth_hybrid_matrix_token).

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-11" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`MATRIX_UVS_URL`</td><td>Base URL to the matrix user verification service (without ending slash)</td><td>`https://uvs.example.com:3000`</td></tr><tr><td>`MATRIX_UVS_ISSUER`</td><td>(optional) The issuer of the auth token to be passed through. Must match what is being set as `iss` in the JWT. It allows all issuers (`*`) by default.</td><td>my\_issuer</td></tr><tr><td>`MATRIX_UVS_AUTH_TOKEN`</td><td>(optional) user verification service auth token, if authentication enabled</td><td>my\_matrix\_secret</td></tr><tr><td>`MATRIX_UVS_SYNC_POWER_LEVELS`</td><td>(optional) Make Matrix room moderators owners of the Prosody room.</td><td>1</td></tr><tr><td>`MATRIX_LOBBY_BYPASS`</td><td>(optional) Allow Matrix room members to bypass Jitsi lobby check.</td><td>1</td></tr><tr><td>`JWT_APP_ID`</td><td>Application identifier</td><td>my\_jitsi\_app\_id</td></tr><tr><td>`JWT_APP_SECRET`</td><td>Application secret known only to your token</td><td>my\_jitsi\_app\_secret</td></tr><tr><td>`JWT_ALLOW_EMPTY`</td><td>(Optional) Allow anonymous users with no JWT while validating JWTs when provided</td><td>0</td></tr></tbody></table>

</div>#### External authentication[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#external-authentication "Direct link to External authentication")

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-12" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`TOKEN_AUTH_URL`</td><td>Authenticate using external service or just focus external auth window if there is one already.</td><td>[https://auth.meet.example.com/{room}&gt;](https://auth.meet.example.com/%7Broom%7D%3E)</td></tr></tbody></table>

</div>### Shared document editing using Etherpad[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#shared-document-editing-using-etherpad "Direct link to Shared document editing using Etherpad")

You can collaboratively edit a document via [Etherpad](https://github.com/ether/etherpad-lite). In order to enable it, set the config options below and run Docker Compose with the additional config file `etherpad.yml`.

Here are the required options:

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-13" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ETHERPAD_URL_BASE`</td><td>Set etherpad-lite URL</td><td>`http://etherpad.meet.jitsi:9001`</td></tr></tbody></table>

</div>### Transcription configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#transcription-configuration "Direct link to Transcription configuration")

If you want to enable the Transcribing function, set the config options below and run Docker Compose with the additional config file transcriber.yml.

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-14" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Example</th></tr></thead><tbody><tr><td>`ENABLE_TRANSCRIPTIONS`</td><td>Enable Jigasi transcription in a conference</td><td>1</td></tr></tbody></table>

</div>In addition, the following are options are used to configure the various transcription backends and features:

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-15" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Default</th></tr></thead><tbody><tr><td>`GC_PROJECT_ID`</td><td>`project_id` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_PRIVATE_KEY_ID`</td><td>`private_key_id` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_PRIVATE_KEY`</td><td>`private_key` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_CLIENT_EMAIL`</td><td>`client_email` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_CLIENT_ID`</td><td>`client_id` from Google Cloud Credentials</td><td> </td></tr><tr><td>`GC_CLIENT_CERT_URL`</td><td>`client_x509_cert_url` from Google Cloud Credentials</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_ADVERTISE_URL`</td><td>Jigasi will post an url to the chat with transcription file</td><td>true</td></tr><tr><td>`JIGASI_TRANSCRIBER_CUSTOM_SERVICE`</td><td>Jigasi will use this class for custom transcriptions instead of google cloud</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_CUSTOM_TRANSLATION_SERVICE`</td><td>Jigasi will use this class for custom transctions instead of google cloud</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_ENABLE_SAVING`</td><td>Jigasi will save results to a transcription file</td><td>true</td></tr><tr><td>`JIGASI_TRANSCRIBER_FILTER_SILENCE`</td><td>Jigasi will filter silent audio and not forward to backends</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_LIBRETRANSLATE_URL`</td><td>URL for libretranslate services</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_OCI_COMPARTMENT`</td><td>OCI compartment for use with Oracle Cloud Speech AI services</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_OCI_REGION`</td><td>OCI region name for use with Oracle Cloud Speech AI services</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_RECORD_AUDIO`</td><td>Jigasi will record audio when transcriber is on</td><td>true</td></tr><tr><td>`JIGASI_TRANSCRIBER_REMOTE_CONFIG_URL`</td><td>URL to control transcriber custom service based on conference details</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_SEND_TXT`</td><td>Jigasi will send transcribed text to the chat when transcriber is on</td><td>true</td></tr><tr><td>`JIGASI_TRANSCRIBER_USER`</td><td>Jigasi XMPP user</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_VOSK_URL`</td><td>URL for use with vosk backend</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_WHISPER_URL`</td><td>URL for use with whisper backend</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_WHISPER_PRIVATE_KEY_NAME`</td><td>Private Key ID of the private key to use with whisper</td><td> </td></tr><tr><td>`JIGASI_TRANSCRIBER_WHISPER_PRIVATE_KEY`</td><td>Private Key material to use with whisper, without newlines or START/END delimiters</td><td> </td></tr></tbody></table>

</div>For setting the Google Cloud Credentials please read [https://cloud.google.com/text-to-speech/docs/quickstart-protocol](https://cloud.google.com/text-to-speech/docs/quickstart-protocol) &gt; section "Before you begin" paragraph 1 to 5.

### Sentry logging configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#sentry-logging-configuration "Direct link to Sentry logging configuration")

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-16" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`JVB_SENTRY_DSN`</td><td>Sentry Data Source Name (Endpoint for Sentry project)</td><td>`https://public:private@host:port/1`</td></tr><tr><td>`JICOFO_SENTRY_DSN`</td><td>Sentry Data Source Name (Endpoint for Sentry project)</td><td>`https://public:private@host:port/1`</td></tr><tr><td>`JIGASI_SENTRY_DSN`</td><td>Sentry Data Source Name (Endpoint for Sentry project)</td><td>`https://public:private@host:port/1`</td></tr><tr><td>`SENTRY_ENVIRONMENT`</td><td>Optional environment info to filter events</td><td>production</td></tr><tr><td>`SENTRY_RELEASE`</td><td>Optional release info to filter events</td><td>1.0.0</td></tr></tbody></table>

</div>### TURN server configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#turn-server-configuration "Direct link to TURN server configuration")

Configure external TURN servers.

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-17" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`TURN_CREDENTIALS`</td><td>Credentials for TURN servers</td><td> </td></tr><tr><td>`TURN_HOST`</td><td>TURN server hostnames as a comma separated list (UDP or TCP transport)</td><td> </td></tr><tr><td>`TURN_PORT`</td><td>TURN server port (UDP or TCP transport)</td><td>443</td></tr><tr><td>`TURN_TRANSPORT`</td><td>TURN server protocols as a comma separated list (UDP or TCP or both)</td><td>tcp</td></tr><tr><td>`TURNS_HOST`</td><td>TURN server hostnames as a comma separated list (TLS transport)</td><td> </td></tr><tr><td>`TURNS_PORT`</td><td>TURN server port (TLS transport)</td><td>443</td></tr><tr><td>`TURN_TLL`</td><td>TURN max allocation duration (sec)</td><td>86400</td></tr></tbody></table>

</div>### Advanced configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-configuration "Direct link to Advanced configuration")

These configuration options are already set and generally don't need to be changed.

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-18" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`XMPP_DOMAIN`</td><td>Internal XMPP domain</td><td>meet.jitsi</td></tr><tr><td>`XMPP_AUTH_DOMAIN`</td><td>Internal XMPP domain for authenticated services</td><td>auth.meet.jitsi</td></tr><tr><td>`XMPP_SERVER`</td><td>Internal XMPP server name xmpp.meet.jitsi</td><td>xmpp.meet.jitsi</td></tr><tr><td>`XMPP_BOSH_URL_BASE`</td><td>Internal XMPP server URL for BOSH module</td><td>`http://xmpp.meet.jitsi:5280`</td></tr><tr><td>`XMPP_MUC_DOMAIN`</td><td>XMPP domain for the MUC</td><td>muc.meet.jitsi</td></tr><tr><td>`XMPP_INTERNAL_MUC_DOMAIN`</td><td>XMPP domain for the internal MUC</td><td>internal-muc.meet.jitsi</td></tr><tr><td>`XMPP_GUEST_DOMAIN`</td><td>XMPP domain for unauthenticated users</td><td>guest.meet.jitsi</td></tr><tr><td>`XMPP_RECORDER_DOMAIN`</td><td>Domain for the jibri recorder</td><td>recorder.meet.jitsi</td></tr><tr><td>`XMPP_MODULES`</td><td>Custom Prosody modules for XMPP\_DOMAIN (comma separated)</td><td>info,alert</td></tr><tr><td>`XMPP_MUC_MODULES`</td><td>Custom Prosody modules for MUC component (comma separated)</td><td>info,alert</td></tr><tr><td>`XMPP_INTERNAL_MUC_MODULES`</td><td>Custom Prosody modules for internal MUC component (comma separated)</td><td>info,alert</td></tr><tr><td>`GLOBAL_MODULES`</td><td>Custom prosody modules to load in global configuration (comma separated)</td><td>statistics,alert</td></tr><tr><td>`GLOBAL_CONFIG`</td><td>Custom configuration string with escaped newlines</td><td>foo = bar;\\nkey = val;</td></tr><tr><td>`RESTART_POLICY`</td><td>Container restart policy</td><td>defaults to `unless-stopped`</td></tr><tr><td>`DISABLE_HTTPS`</td><td>Handle TLS connections outside of this setup</td><td>0</td></tr><tr><td>`ENABLE_HTTP_REDIRECT`</td><td>Redirect HTTP traffic to HTTPS</td><td>0</td></tr><tr><td>`LOG_LEVEL`</td><td>Controls which logs are output from prosody and associated modules</td><td>info</td></tr><tr><td>`ENABLE_HSTS`</td><td>Send a `strict-transport-security` header to force browsers to use a secure and trusted connection. Recommended for production use.</td><td>1</td></tr><tr><td>`ENABLE_IPV6`</td><td>Provides means to disable IPv6 in environments that don't support it</td><td>1</td></tr><tr><td>`ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX`</td><td>Enabled older unsafe regex for JVB colibri-ws URLs. WARNING: Enable with caution, this regex allows connections to arbitrary internal IP addresses and is not recommended for production use. Unsafe regex is defined as `[a-zA-Z0-9-\._]+`</td><td>0</td></tr><tr><td>`COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME`</td><td>DNS name to look up JVB IP address, used for default value of `COLIBRI_WEBSOCKET_REGEX`</td><td>jvb</td></tr><tr><td>`COLIBRI_WEBSOCKET_REGEX`</td><td>Overrides the colibri regex used for proxying to JVB. Recommended to override in production with values matching possible JVB IP ranges</td><td>defaults to `dig $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME` unless `DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP` is set to true</td></tr><tr><td>`DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP`</td><td class="align-left">Controls whether to run `dig $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME` when defining COLIBRI\_WEBSOCKET\_REGEX</td><td>0</td></tr></tbody></table>

</div>#### Advanced Prosody options[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-prosody-options "Direct link to Advanced Prosody options")

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-19" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`PROSODY_RESERVATION_ENABLED`</td><td>Enable Prosody's reservation REST API</td><td>false</td></tr><tr><td>`PROSODY_RESERVATION_REST_BASE_URL`</td><td>Base URL of Prosody's reservation REST API</td><td> </td></tr><tr><td>`PROSODY_AUTH_TYPE`</td><td>Select authentication type for Prosody (internal, jwt or ldap)</td><td>`AUTH_TYPE`</td></tr><tr><td>`PROSODY_ENABLE_METRICS`</td><td>Enables the http\_openmetrics module which exposes Prometheus metrics at `/metrics`</td><td>false</td></tr><tr><td>`PROSODY_METRICS_ALLOWED_CIDR`</td><td>CIDR block permitted to access metrics</td><td>172.16.0.0/12</td></tr></tbody></table>

</div>#### Advanced Jicofo options[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-jicofo-options "Direct link to Advanced Jicofo options")

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-20" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`JICOFO_COMPONENT_SECRET`</td><td>XMPP component password for Jicofo</td><td>s3cr37</td></tr><tr><td>`JICOFO_AUTH_USER`</td><td>XMPP user for Jicofo client connections</td><td>focus</td></tr><tr><td>`JICOFO_AUTH_PASSWORD`</td><td>XMPP password for Jicofo client connections</td><td>`<unset>`</td></tr><tr><td>`JICOFO_ENABLE_AUTH`</td><td>Enable authentication in Jicofo</td><td>`ENABLE_AUTH`</td></tr><tr><td>`JICOFO_AUTH_TYPE`</td><td>Select authentication type for Jicofo (internal, jwt or ldap)</td><td>`AUTH_TYPE`</td></tr><tr><td>`JICOFO_AUTH_LIFETIME`</td><td>Select session timeout value for an authenticated user</td><td>24 hours</td></tr><tr><td>`JICOFO_ENABLE_HEALTH_CHECKS`</td><td>Enable health checks inside Jicofo, allowing the use of the REST api to check Jicofo's status</td><td>false</td></tr></tbody></table>

</div>#### Advanced JVB options[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-jvb-options "Direct link to Advanced JVB options")

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-21" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`JVB_AUTH_USER`</td><td>XMPP user for JVB MUC client connections</td><td>jvb</td></tr><tr><td>`JVB_AUTH_PASSWORD`</td><td>XMPP password for JVB MUC client connections</td><td>`<unset>`</td></tr><tr><td>`JVB_STUN_SERVERS`</td><td>STUN servers used to discover the server's public IP</td><td>stun.l.google.com:19302, stun1.l.google.com:19302, stun2.l.google.com:19302</td></tr><tr><td>`JVB_PORT`</td><td>UDP port for media used by Jitsi Videobridge</td><td>10000</td></tr><tr><td>`JVB_COLIBRI_PORT`</td><td>COLIBRI REST API port of JVB exposed to localhost</td><td>8080</td></tr><tr><td>`JVB_BREWERY_MUC`</td><td>MUC name for the JVB pool</td><td>jvbbrewery</td></tr><tr><td>`COLIBRI_REST_ENABLED`</td><td>Enable the COLIBRI REST API</td><td>true</td></tr><tr><td>`SHUTDOWN_REST_ENABLED`</td><td>Enable the shutdown REST API</td><td>true</td></tr></tbody></table>

</div>#### Advanced Jigasi options[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#advanced-jigasi-options "Direct link to Advanced Jigasi options")

<div class="theme-doc-markdown markdown" id="bkmrk-variable-description-22" style="text-align: justify;"><table><thead><tr><th>Variable</th><th>Description</th><th>Default value</th></tr></thead><tbody><tr><td>`JIGASI_ENABLE_SDES_SRTP`</td><td>Enable SDES srtp</td><td>0</td></tr><tr><td>`JIGASI_SIP_KEEP_ALIVE_METHOD`</td><td>Keepalive method</td><td>OPTIONS</td></tr><tr><td>`JIGASI_HEALTH_CHECK_SIP_URI`</td><td>Health-check extension</td><td> </td></tr><tr><td>`JIGASI_HEALTH_CHECK_INTERVAL`</td><td>Health-check interval</td><td>300000</td></tr><tr><td>`JIGASI_XMPP_USER`</td><td>XMPP user for Jigasi MUC client connections</td><td>jigasi</td></tr><tr><td>`JIGASI_XMPP_PASSWORD`</td><td>XMPP password for Jigasi MUC client connections</td><td>`<unset>`</td></tr><tr><td>`JIGASI_BREWERY_MUC`</td><td>MUC name for the Jigasi pool</td><td>jigasibrewery</td></tr><tr><td>`JIGASI_PORT_MIN`</td><td>Minimum port for media used by Jigasi</td><td>20000</td></tr><tr><td>`JIGASI_PORT_MAX`</td><td>Maximum port for media used by Jigasi</td><td>20050</td></tr></tbody></table>

</div>### Running behind NAT or on a LAN environment[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#running-behind-nat-or-on-a-lan-environment "Direct link to Running behind NAT or on a LAN environment")

When running running in a LAN environment, or on the public Internet via NAT, the `JVB_ADVERTISE_IPS` env variable should be set. This variable allows to control which IP addresses the JVB will advertise for WebRTC media traffic. It is necessary to set it regardless of the use of a reverse proxy, since it's the IP address that will receive the media (audio / video) and not HTTP traffic, hence it's oblivious to the reverse proxy.

<div class="theme-doc-markdown markdown" id="bkmrk-note-3" style="text-align: justify;"><div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb">Note</div><div class="admonitionContent_BuS1">  
</div></div></div>This variable used to be called `DOCKER_HOST_ADDRESS` but it got renamed for clarity and to support a list of IPs.

If your users are coming in over the Internet (and not over LAN), this will likely be your public IP address. If this is not set up correctly, calls will crash when more than two users join a meeting.

The public IP address is attempted to be discovered via [STUN](https://en.wikipedia.org/wiki/STUN). STUN servers can be specified with the `JVB_STUN_SERVERS` option.

<div class="theme-doc-markdown markdown" id="bkmrk-note-4" style="text-align: justify;"><div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb">Note</div><div class="admonitionContent_BuS1">  
</div></div></div>Due to a bug in the docker version currently in the Debian repos (20.10.5), [Docker does not listen on IPv6 ports](https://forums.docker.com/t/docker-doesnt-open-ipv6-ports/106201/2), so for that combination you will have to [manually obtain the latest version](https://docs.docker.com/engine/install/debian/).

#### Split horizon[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#split-horizon "Direct link to Split horizon")

If you are running in a split horizon environemt (LAN internal clients connect to a local IP and other clients connect to a public IP) you can specify multiple advertised IPs by separating them with commas:

```text
JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4
```

<div class="theme-doc-markdown markdown" id="bkmrk--25" style="text-align: justify;"><div class="codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>#### Offline / airgapped installation[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#offline--airgapped-installation "Direct link to Offline / airgapped installation")

If your setup does not have access to the Internet you'll need to disable STUN on the JVB since discovering its own IP address will fail, but that is not necessary on that type of environment.

```text
JVB_DISABLE_STUN=true
```

<div class="theme-doc-markdown markdown" id="bkmrk--26" style="text-align: justify;"><div class="codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>### Adjust UDP buffers[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#adjust-udp-buffers "Direct link to Adjust UDP buffers")

If you are experiencing issues with UDP traffic, like synchronization issues, skipping frames and similar, or if you expect a high traffic and big conferences, you might want to adjust the UDP buffer sizes. You need to do that on the host system, that hosts the jvb container. To do so you can get this [sysctl config file](https://github.com/jitsi/jitsi-videobridge/blob/master/config/20-jvb-udp-buffers.conf) and save it in `/etc/sysctl.d` and load it via: `sysctl --system`.

## Accessing server logs[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#accessing-server-logs "Direct link to Accessing server logs")

The default bahavior of `docker-jitsi-meet` is to log to `stdout`.

While the logs are sent to `stdout`, they are not lost: unless configured to drop all logs, Docker keeps them available for future retrieval and processing.

If you need to access the container's logs you have multiple options. Here are the main ones:

<div class="theme-doc-markdown markdown" id="bkmrk-run%C2%A0docker-compose-l" style="text-align: justify;">- run `docker compose logs -t -f <service_name>` from command line, where `<service_name>` is one of `web`, `prosody`,`jvb`, `jicofo`. This command will output the logs for the selected service to stdout with timestamps.
- use a standard [docker logging driver](https://docs.docker.com/config/containers/logging/configure/) to redirect the logs to the desired target (for instance `syslog` or `splunk`).
- search [docker hub](https://hub.docker.com/search?q=) for a third party [docker logging driver plugin](https://docs.docker.com/config/containers/logging/plugins/)
- or [write your own driver plugin](https://docs.docker.com/engine/extend/plugins_logging/) if you have a very specific need.

</div>For instance, if you want to have all logs related to a `<service_name>` written to `/var/log/jitsi/<service_name>` as `json` output, you could use [docker-file-log-driver](https://github.com/deep-compute/docker-file-log-driver) and configure it by adding the following block in your `docker-compose.yml` file, at the same level as the `image` block of the selected `<service_name>`:

```yaml
services:
    <service_name>:
        image: ...
        ...
        logging:
            driver: file-log-driver
            options:
                fpath: "/jitsi/<service_name>.log"
```

<div class="theme-doc-markdown markdown" id="bkmrk--27" style="text-align: justify;"><div class="language-yaml codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>If you want to only display the `message` part of the log in `json` format, simply execute the following command (for instance if `fpath` was set to `/jitsi/jvb.log`) which uses `jq` to extract the relevant part of the logs:

```text
sudo cat /var/log/jitsi/jvb.log | jq -r '.msg' | jq -r '.message'
```

<div class="theme-doc-markdown markdown" id="bkmrk--28" style="text-align: justify;"><div class="codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>## Build Instructions[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#build-instructions "Direct link to Build Instructions")

Building your images allows you to edit the configuration files of each image individually, providing more customization for your deployment.

The docker images can be built by running the `make` command in the main repository folder. If you need to overwrite existing images from the remote source, use `FORCE_REBUILD=1 make`.

If you are on the unstable branch, build the images with `FORCE_REBUILD=1 JITSI_RELEASE=unstable make`.

You are now able to run `docker compose up` as usual.

## Running behind a reverse proxy[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#running-behind-a-reverse-proxy "Direct link to Running behind a reverse proxy")

When running behing a reverse proxy from the same host, the communication between the proxy and Jitsi Meet is often in HTTP and not HTTPS since we generally don't have valid certificates for `localhost`.

<div class="theme-doc-markdown markdown" id="bkmrk-note-5" style="text-align: justify;"><div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb">Note</div><div class="admonitionContent_BuS1">  
</div></div></div>Jitsi Meet does not currently work well when deployed in a subdirectory.

### Disable HTTPS[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#disable-https "Direct link to Disable HTTPS")

HTTPS can be disabled in the Docker Compose configuration (since HTTPS will probably not work on localhost):

```bash
DISABLE_HTTPS=1
ENABLE_HTTP_REDIRECT=0
ENABLE_LETS_ENCRYPT=0
```

<div class="theme-doc-markdown markdown" id="bkmrk--29" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>### Do not expose the Jitsi Meet's ports publicly[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#do-not-expose-the-jitsi-meets-ports-publicly "Direct link to Do not expose the Jitsi Meet's ports publicly")

By default, the `HTTP_PORT` and `HTTPS_PORT` are binding to any ip address, so are publicly open unless a firewall blocks them. When using a reverse proxy, this is not necessary. This can be changed by updating the web container's ports configuration:

```yaml
            - '127.0.0.1:${HTTP_PORT}:80'
            - '127.0.0.1:${HTTPS_PORT}:443'
```

<div class="theme-doc-markdown markdown" id="bkmrk--30" style="text-align: justify;"><div class="language-yaml codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>instead of

```yaml
            - '${HTTP_PORT}:80'
            - '${HTTPS_PORT}:443'
```

<div class="theme-doc-markdown markdown" id="bkmrk--31" style="text-align: justify;"><div class="language-yaml codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>### Reverse proxy configuration[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#reverse-proxy-configuration "Direct link to Reverse proxy configuration")

By default this setup is using WebSocket connections for 2 core components:

<div class="theme-doc-markdown markdown" id="bkmrk-signalling-%28xmpp%29-br" style="text-align: justify;">- Signalling (XMPP)
- Bridge channel (colibri)

</div>Due to the hop-by-hop nature of WebSockets the reverse proxy must properly terminate and forward WebSocket connections. There 2 routes require such treatment:

<div class="theme-doc-markdown markdown" id="bkmrk-%2Fxmpp-websocket-%2Fcol" style="text-align: justify;">- `/xmpp-websocket`
- `/colibri-ws`

</div>The other HTTP requests must be handled by the web container.

In the following configuration examples, `http://localhost:8000/` is the url of the web service's ingress (`8000` corresponds to `HTTP_PORT`).

#### nginx[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#nginx "Direct link to nginx")

With nginx, these routes can be forwarded using the following config snippet:

```nginx
location /xmpp-websocket {
    proxy_pass http://localhost:8000/xmpp-websocket;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

location /colibri-ws {
    proxy_pass http://localhost:8000/colibri-ws;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

location / {
    proxy_pass http://localhost:8000/;
    proxy_http_version 1.1;
}
```

<div class="theme-doc-markdown markdown" id="bkmrk--32" style="text-align: justify;"><div class="language-nginx codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>#### Apache[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#apache "Direct link to Apache")

With Apache, `mod_proxy`, `mod_proxy_http` and `mod_proxy_wstunnel` need to be enabled.

The reverse proxy can be configured using the following config snippet:

```apache
<IfModule mod_proxy.c>
    <IfModule mod_proxy_wstunnel.c>
        ProxyTimeout 900
        ProxyPass /xmpp-websocket ws://localhost:8000/xmpp-websocket
        ProxyPass /colibri-ws/ ws://localhost:8000/colibri-ws/
        ProxyPass / http://localhost:8000/
        ProxyPassReverse / http://localhost:8000/
    </IfModule>
</IfModule>
```

<div class="theme-doc-markdown markdown" id="bkmrk--33" style="text-align: justify;"><div class="language-apache codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>### Disabling WebSocket connections[​](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#disabling-websocket-connections "Direct link to Disabling WebSocket connections")

<div class="theme-doc-markdown markdown" id="bkmrk-note-6" style="text-align: justify;"><div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb">Note</div><div class="admonitionContent_BuS1">  
</div></div></div>This is not the recommended setup.

If using WebSockets is not an option, these environment variables can be set to fallback to HTTP polling and WebRTC datachannels:

```bash
ENABLE_SCTP=1
ENABLE_COLIBRI_WEBSOCKET=0
ENABLE_XMPP_WEBSOCKET=0
```

<div class="theme-doc-markdown markdown" id="bkmrk--34" style="text-align: justify;"><div class="language-bash codeBlockContainer_Ckt0 theme-code-block"><div class="codeBlockContent_biex"><div class="buttonGroup__atx"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_eSgA"><svg class="copyButtonIcon_y97N" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div><footer class="theme-doc-footer docusaurus-mt-lg" id="bkmrk-last-updated-on%C2%A0mar-"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col" style="text-align: justify;"><span class="theme-last-updated">Last updated on **<time datetime="2025-03-07T12:16:18.000Z">Mar 7, 2025</time>**</span></div></div></footer>