Deploying Jami

Introduction

Jami is a free, open-source distributed communication platform that enables secure video calls, voice calls, messaging, and file sharing without relying on central servers. Using a pure peer-to-peer architecture, Jami connects participants directly to each other, eliminating the need for intermediary infrastructure that could be monitored or compromised.

Developed by Savoir-faire Linux and part of the GNU project, Jami emphasizes privacy and security through end-to-end encryption and decentralized identity management using OpenDHT (Distributed Hash Table). The platform works across all major operating systems including Linux, Windows, macOS, Android, and iOS.

Key highlights of Jami:

Peer-to-Peer Architecture: Direct connections between users without central servers
End-to-End Encryption: All communications encrypted by default
Video Conferencing: High-quality video calls for individuals and groups
Voice Calls: Crystal-clear audio communication
Instant Messaging: Encrypted text messaging with offline message delivery
File Sharing: Secure peer-to-peer file transfers
Screen Sharing: Share your screen during calls
Decentralized Identity: No phone number or email required
Cross-Platform: Native apps for desktop and mobile
Open Source: Licensed under GPLv3

This guide covers deploying Jami’s web interface and related services on Klutch.sh for development or gateway purposes.

Why Deploy Jami Components on Klutch.sh

While Jami’s core functionality is peer-to-peer, certain components benefit from server deployment:

Web Interface Development: Deploy the Jami web client for browser-based access to Jami networks.

TURN Server: Provide relay services for clients behind restrictive NATs or firewalls.

Bootstrap Node: Help new clients discover the DHT network.

Account Management Server: For organizations managing multiple Jami accounts.

HTTPS by Default: Klutch.sh provides automatic SSL certificates for secure web access.

GitHub Integration: Connect your configuration repository for automated deployments.

Always-On Availability: Server components remain accessible 24/7 for clients.

Prerequisites

Before deploying Jami components on Klutch.sh, ensure you have:

A Klutch.sh account
A GitHub account with a repository for your configuration
Understanding of Jami’s peer-to-peer architecture
Basic familiarity with Docker and containerization concepts
(Optional) A custom domain for your Jami services

Understanding Jami Architecture

Jami uses a unique distributed architecture:

OpenDHT Network: Distributed hash table for peer discovery and signaling.

Direct Peer Connections: Audio, video, and data flow directly between participants.

Local Daemon: Each client runs a local daemon handling network communications.

End-to-End Encryption: All communications encrypted with user-controlled keys.

ICE/STUN/TURN: NAT traversal for establishing peer connections.

For deployment purposes, you might need:

Jami Web: Browser-based interface for Jami communication.

TURN Server: Relay for clients that cannot establish direct connections.

Account Management: Backend for organization-managed accounts.

Preparing Your Repository

Repository Structure

jami-deploy/
├── Dockerfile
├── README.md
└── .dockerignore

Creating the Dockerfile for Jami Web

For deploying the Jami web interface:

FROM node:18-alpine

WORKDIR /app

# Clone jami-web repository
RUN apk add --no-cache git && \
    git clone https://review.jami.net/jami-web.git .

# Install dependencies
RUN npm install

# Build the application
RUN npm run build

# Expose port
EXPOSE 3000

# Start the server
CMD ["npm", "start"]

Creating the .dockerignore File

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store
.env
.env.local
node_modules

Environment Variables Reference

Variable	Required	Default	Description
`JAMI_WEB_PORT`	No	3000	Port for the web interface
`JAMI_DAEMON_HOST`	Yes	-	Address of the Jami daemon
`JAMI_DAEMON_PORT`	No	5000	Port for daemon communication
`NODE_ENV`	No	production	Node.js environment

Deploying Jami Web on Klutch.sh

Push Your Repository to GitHub

Initialize your repository and push to GitHub:

git init
git add Dockerfile .dockerignore README.md
git commit -m "Initial Jami web deployment configuration"
git remote add origin https://github.com/yourusername/jami-deploy.git
git push -u origin main

Create a New Project on Klutch.sh

Navigate to the Klutch.sh dashboard and create a new project. Give it a descriptive name like “jami” or “jami-web”.

Create a New App

Within your project, create a new app:

Connect your GitHub repository
Select the repository containing your Dockerfile
Configure HTTP traffic on port 3000

Set Environment Variables

Configure the required environment variables:

Variable	Value
`NODE_ENV`	`production`
`JAMI_DAEMON_HOST`	Your daemon host (if applicable)

Deploy Your Application

Click Deploy to start the build process.

Access Jami Web

Once deployment completes, access your Jami web interface at https://your-app-name.klutch.sh.

Deploying a TURN Server

For clients behind restrictive NATs, deploy a TURN server.

TURN Server Dockerfile

FROM coturn/coturn:latest

# Copy configuration
COPY turnserver.conf /etc/coturn/turnserver.conf

# Expose ports
EXPOSE 3478/udp
EXPOSE 3478/tcp
EXPOSE 5349/tcp

CMD ["turnserver", "-c", "/etc/coturn/turnserver.conf"]

TURN Configuration

Create a turnserver.conf:

# TURN server configuration for Jami
listening-port=3478
tls-listening-port=5349

# Credentials
user=jami:your-secure-password
realm=your-domain.com

# Logging
log-file=stdout
verbose

# Security
fingerprint
lt-cred-mech

Using Jami

Creating an Account

On the Jami client:

Download Jami for your platform
Launch the application
Choose “Create new account”
Optionally set a username
Your Jami ID is generated locally

Adding Contacts

Connect with others:

Share your Jami ID or username
Add contacts by their ID or username
Wait for contact request acceptance
Start communicating

Making Calls

Initiate calls:

Select a contact
Click the video or audio call button
Wait for the connection to establish
Enjoy encrypted communication

Group Calls

For conferences:

Create a conversation with multiple contacts
Start a call in the group
Participants join as available
Use screen sharing if needed

Production Best Practices

Security Recommendations

Account Security: Keep your Jami account keys secure
TURN Credentials: Use strong passwords for TURN servers
Network Security: Ensure proper firewall configuration
Regular Updates: Keep all components updated

Network Configuration

For optimal connectivity:

Enable UPnP on your network if possible
Configure port forwarding for direct connections
Deploy TURN servers for fallback connectivity

Backup Strategy

Account Keys: Back up your Jami account archive
Configuration: Back up any server configurations
Contacts: Export contact list periodically

Troubleshooting Common Issues

Connection Problems

Symptoms: Cannot connect to contacts.

Solutions:

Check network connectivity
Verify firewall settings allow Jami traffic
Use a TURN server if direct connections fail
Ensure both parties are online

Audio/Video Quality Issues

Symptoms: Poor call quality.

Solutions:

Check bandwidth availability
Reduce video quality settings
Ensure direct connection is established
Check hardware (camera, microphone) functionality

Account Sync Issues

Symptoms: Different devices show different data.

Solutions:

Ensure account is properly linked
Check network connectivity on all devices
Allow time for DHT synchronization

Additional Resources

Conclusion

Jami provides a unique approach to communication by eliminating central servers entirely. While the core peer-to-peer functionality runs locally on user devices, deploying supporting infrastructure like TURN servers or the web interface on Klutch.sh can enhance accessibility and connectivity.

The combination of Jami’s privacy-first design and Klutch.sh’s reliable hosting provides a solid foundation for organizations and individuals seeking truly private communications without the security concerns of centralized infrastructure.