Jitsi private video conferencing on synology NAS

In these days of physical isolation I wanted to spend my free time to check and implement a videoconferencing solution for my private use.

After googling I found Jitsi and in few minutes I was able to setup a test environment on my computer using docker.

I wanted to implement this on my Synology NAS (DS918) using docker containers. All explanations below are coming from the Jitsi github page, with a little customization to fit my needs.

I assume that you are familiar with docker, SSH access & certificate installation/request.

You need to download the file https://github.com/jitsi/docker-jitsi-meet/archive/master.zip

Upload and extract on your NAS the content of the zip file. In my installation it is the folder /volume1/docker

Open an SSH console to your NAS

Go to the folder you just created it will be something like:

cd /volume1/docker/docker-jitsi-meet-master

Copy the environment file:

cp env.example .env

Set strong passwords:

./gen-passwords.sh

Create a folder where to store the configuration files:

mkdir /volume1/docker/docker-jitsi-config/

mkdir -p /volume1/docker/docker-jitsi-config/{web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}

Edit the .env file and change the line CONFIG=~/.jitsi-meet-cfg to CONFIG=/volume1/docker/docker-jitsi-config

Enable authentication, guest access and internal authentication:

ENABLE_AUTH=1

ENABLE_GUESTS=1

AUTH_TYPE=internal

Customize the lines related to your environment and the docker host IP (your NAS interface). I use afraid DNS route my personal domain to my NAS public IP.

PUBLIC_URL=https://meet.mydomain.com

DOCKER_HOST_ADDRESS=192.168.X.X

You can now create and run the docker containers:

docker-compose up -d

To protect access to your meeting solution connect to the prosody container:

docker exec -it docker-jitsi-meet-master_prosody_1 /bin/bash

and create register your user:
prosodyctl --config /config/prosody.cfg.lua register TheDesiredUsername meet.jitsi TheDesiredPassword

You can use the Synology NAS reverse proxy to redirect your domain HTTPS to your container on port 8443 (Application Portal > Reverse Proxy > Create). This is mandatory to have a fully working solution. (avoiding problem with video content)

You need also to generate a certificate and install it on your NAS (Security > Certificates > Create)

I use a letsencrypt certificate but you can also import one.

Configure the certificate to be presented for meet.mydomain.com (Security > Certificates > Configure)

After completing these steps you should have a working private videoconferencing solution, with authenticated host and guest access activated on your Synology NAS.

9 Sept. 2020 – Edited after Mchl Grdlv comments.

30 Comments

  1. I follow your tut but i m keep getting “Your connection has been disconnected” error. any ideas why? i had added ENABLE_XMPP_WEBSOCKET=0
    to the .env
    but doesnt seem to work.

  2. First of all: Thank you for this tutorial. It helped me a lot.
    Now to two suggested improvements:
    1. In the router you have to open two more ports besides of port 443 (HTTPS). These are the ports 10000 (UDP) and 4443 (TCP). If I understood the manual correctly this is necessary if you want to establish a conference with more than two participiciants.
    2. In the configuration window of the reverse proxy it is necessary to define two user defined headers: 1. “Upgrade” with the value “$http_upgrade” and 2. “Connection” with the value “$connection_upgrade”. You can do this by choosing “WebSocket” from the Dropdown-List “Create”. If not, you will not be able to enable the camera and the microphone when you start a conference. And you will not be asked for the username and password if you have configured “ENABLE_AUTH = 1”.
    I have now set up a second Jitsi server with the latest docker files (2021-08-26) and this only worked with the two “modifications” I mentioned above. The first Jitsi server I created at the end of the last year worked without these “modifications” however I only had “conferences” with one more participiciant.

  3. Thanks a lot for your how to … I was really happy see the first time the Jitsi Webpage via LAN IP and HTTPS domain …
    I can create or start a room but than in both cases it says “Your connection has been disconnected (translated from German)” and it tries to refresh. I suppose it has something to do with the Authentication? I Enabled AUTH_TYPE=internal and didn’t understand what this do and how it belongs to:
    prosodyctl –config /config/prosody.cfg.lua register TheDesiredUsername meet.jitsi TheDesiredPassword
    If I create a user and password here were is it needed?

    Thanks a lot for all your work!
    Steffen

  4. And,
    Important my .env settings.
    # Disable HTTPS: handle TLS connections outside of this setup
    DISABLE_HTTPS=1

    indeed my certificate is handled by the reverse proxy

  5. Hi

    Great information! How could I work out, in advance of setting up, the likely number of people I could have connected to the NAS? I have a DS218. It would be great to get an understanding of the number of people that could be connected with cameras on, simultaneously.

    Thanks!

  6. Hey Cedric,
    Thanks a lot for the simple and clear explanation. I think something you might add because it made a great difference to me and took me time to find out is that on the port you forward on your reverse proxy, you shall enable websocket, otherwise you won’t be able to connect from outside.
    Thanks again,
    Cheers

  7. I tried to start with latest release of Jitsi. With that container are starting as wanted. But I just get a grey site. In the log I got the message that permission is denied for config.js. config.js is existing and has complete read access. Do you know what is happening?

  8. Hello,
    thank you for this manual, but I am stack with docker deployment step:

    docker-compose up -d
    ERROR: Couldn’t connect to Docker daemon at http+docker://localhost – is it running?
    If it’s at a non-standard location, specify the URL with the DOCKER_HOST environment variable.

    My Docker runs on Synology, I am not sure if I set it correctly. My Synology nas local IP is 192.168.1.100. So it should be there this?
    DOCKER_HOST_ADDRESS=192.168.1.100 ??
    Because docker itself there has some internal network (what I can see in the docker network config is 172.17.0.1 – gateway). But Even I tried this, same error. Can you please give me some clue?

    Thank you,Jan

    • I’m also stuck on “docker-compose up -d”.

      I get ERROR:
      ————————————–
      Can’t find a suitable configuration file in this directory or any
      parent. Are you in the right directory?

      Supported filenames: docker-compose.yml, docker-compose.yaml
      ————————————–

      Did I miss something?

      • Nevermind. I was tired, was not on the correct folder.

        But now I get this error when trying to start it:

        Start container docker-jitsi-meet-master_prosody_1 failed: {“message”:”Bind mount failed: ‘/root/.jitsi-meet-cfg/prosody/prosody-plugins-custom’ does not exists”}.

    • Hi , I was able to install it. The error I made is that I forgot to uncomment

      ENABLE_AUTH=1
      ENABLE_GUESTS=1
      AUTH_TYPE=internal

      in the .env file . So my bad 🙁

      Now I was able to complete the installation. I see the dockers running in the docker=package-center on my Synology DS920+

      But now I’m struggling with the URL’s. In your instructions, you mentioned, as example :

      PUBLIC_URL=https://meet.mydomain.com

      My NAS, which is accessible from the Internet, has (sub)domain-name :
      nas..be

      Ideally, I would like to have. for this Jitsi-application, the sub-domain :
      meet..be

      But I guess this will not be possible, isn’t it ? As all https-traffic (port 443) traffic , initiated by somebody on the internet will go to port 5001 (Synology DSM). This because my router has a NAT-translation from the public IP-address of my NAS (port 443) to the internal IP-address (192.168.1.207) of my NAS (port 5001).

      Maybe I’m wrong , but is the only way to have the Jitsi on my NAS accessible from the internet, is to register a new domain-name ?

      Also : apart from the access from Internet, I had expected that I could see the Jitsi-pages (application), by going (on my local-PC, same LAN as my Synology) ) to https://192.168.1.207:8443 . But that does not work at all. Should that not work ?

      • Hi,

        external access:
        You need to declare the meet..be as a cname for your domain, then the reverse proxy configuration should redirect the traffic to your docker container based on the domain name.

        For the internal access
        Did you also put DOCKER_HOST_ADDRESS=192.168.1.207 in the .env file?
        what do you get with the command below?
        telnet 192.168.1.207 8443

        Cheers

        • Aho, ok, I will setup a CNAME. Once replicated after some hours, I will test.

          About the Telnet to port 8443 : I had tried that already before : it’s working, but it’s getting closed immediately. Normally, with a telnet to a port, and when it works, you get connected and the screen stays black, until you hit -Z

          Here, it connects, but closes immediately (so I get the command-prompt again). Which looks for me something is wrong

          • Hi Cedric. I was not able to work on this the last weeks due to other priorities. But now I would like to have this working.

            Your last question was : “Do you have another container or service running on this 8443 port?”

            In the Application-portal, I do not see other applications running on 8443.

            And, when I stop the 4 docker-containers I see in the docker-packages (docker-jitsi-meet-master-jicofo_1 ; docker-jitsi-meet-master-jvb_1 ; docker-jitsi-meet-master-prosody_1 ; docker-jitsi-meet-master-web_1), then my

            telnet 192.168.1.207 8443

            does not work.

            Which makes me believe it’s one of the jitsi-processes which “sees” my Telnet, but then releases the connection again as something is still not setup correctly.

            Also, when I browse to https://meet..be:8443, it first says “…. closed the connection, then “….reset the connection”

            Is there anything you recommend me to do further ? Maybe I have to redo all from scratch ?

  9. Hi,

    this looks for me very interesting: I’m having a Synology DS920+, used for our Cohousing.

    I’m looking for a video-conference solution on which the (audio and video) data does not go over the Internet, but stays on our local-LAN, when the participating-user is working from the local-LAN.

    I would like to try what you have explained in this post. But I assume after reading the article briefly (need to read in more details), that the traffic just stays on the Local-LAN ?

    Thanks for your answer

      • Hi, I’m trying to install. I’m on the step to “protect access to your meeting solution connect to the prosody container:

        I can successfully execute :

        docker exec -it docker-jitsi-meet-master_prosody_1 /bin/bash

        But on the command

        prosodyctl –config /config/prosody.cfg.lua register meet.jitsi

        I have an error :

        **************************
        Prosody was unable to find the configuration file.
        We looked for: /etc/prosody/prosody.cfg.lua
        A sample config file is included in the Prosody download called prosody.cfg.lua.dist
        Copy or rename it to prosody.cfg.lua and edit as necessary.
        More help on configuring Prosody can be found at https://prosody.im/doc/configure
        Good luck!
        **************************

        I see there is no directory /etc/prosody

        Do I have to install something about prosody, prior to execute this step ?

        Many thanks, Eddy

          • Thanks. Now I have that error anymore. But now I have another error:

            The given hostname does not exist in the config

            I’m new to Jitsi and Prosody (and as well to Docker). I read many pages of the Prosody-manuals in the last hours. And I will do more.

            What I understand from now is that the error I have has probably to do with the host-name I mentioned in my command. I have used first was :

            prosodyctl –config /config/prosody.cfg.lua register meet.jitsi

            Then I thought I had to use, as hostname, the one I specified in the variable PUBLIC_URL in the .env file.

            I have set PUBLIC_URL as : https://meet.MyDomainName.be

            So, I had used, as command:

            prosodyctl –config /config/prosody.cfg.lua register meet.MyDomainName.be

            Then I have another error:

            The given hostname does not exist in the config

            Which makes me believe my errors have indeed to see with the host-name.

            I searched in several documentation-pages what they mean by that host-name in the “prosodyctl” command. But I cannot really find it.

            Your help would be much appreciated

            Many thanks!
            Eddy

Leave a Reply

Your email address will not be published. Required fields are marked *