Deploying Jitsi Video Bridge

Introduction

Jitsi Video Bridge (JVB) is the core media routing component of the Jitsi Meet video conferencing platform. As a WebRTC-compatible Selective Forwarding Unit (SFU), JVB routes video streams among conference participants without mixing or transcoding, enabling efficient multi-party video calls.

Deploying standalone JVB instances allows you to scale your Jitsi Meet infrastructure horizontally. When a single video bridge reaches capacity, additional bridges can handle new conferences, distributing the load across multiple servers and geographic regions.

Key highlights of Jitsi Video Bridge:

SFU Architecture: Routes video streams without CPU-intensive mixing
WebRTC Compatible: Standard WebRTC stack with ICE, DTLS, and SRTP
Scalable Design: Add multiple bridges to handle more participants
Simulcast Support: Receive multiple quality layers, forward optimal streams
Bandwidth Estimation: Adaptive quality based on network conditions
Recording Support: Integration with Jibri for session recording
Geographic Distribution: Deploy bridges close to users
Low Latency: Optimized for real-time video routing
Resource Efficient: Handles many streams with moderate resources
Open Source: Apache 2.0 licensed

This guide walks through deploying a standalone Jitsi Video Bridge on Klutch.sh, configuring it to connect to your existing Jitsi Meet infrastructure.

Why Deploy JVB on Klutch.sh

Deploying Jitsi Video Bridge on Klutch.sh provides several advantages:

Simplified Deployment: Klutch.sh handles Docker container deployment for additional video bridges.

Geographic Distribution: Deploy bridges in different regions closer to your users.

Scalability: Add capacity without modifying your main Jitsi installation.

Persistent Configuration: Maintain consistent settings across restarts.

Environment Variable Management: Securely store XMPP credentials and configuration.

Custom Domains: Configure proper DNS for video bridge endpoints.

Always-On Availability: Video bridges remain accessible 24/7.

Prerequisites

Before deploying JVB on Klutch.sh, ensure you have:

A Klutch.sh account
A GitHub account with a repository for your JVB configuration
An existing Jitsi Meet deployment with Prosody XMPP server
JVB authentication credentials from your main Jitsi installation
Basic familiarity with Docker and networking concepts
Understanding of Jitsi architecture

Understanding JVB Architecture

JVB operates within the Jitsi ecosystem:

XMPP Connection: JVB connects to Prosody (XMPP server) for signaling and coordination.

Jicofo Coordination: The Jitsi Focus component assigns conferences to available bridges.

Media Streams: Audio/video flows directly between clients and the video bridge.

ICE/STUN/TURN: NAT traversal for establishing media connections.

Octo: Optional protocol for cascading multiple JVBs in a single conference.

Preparing Your Repository

Repository Structure

jvb-deploy/
├── Dockerfile
├── README.md
└── .dockerignore

Creating the Dockerfile

FROM jitsi/jvb:latest

# JVB configuration via environment variables
ENV JVB_BREWERY_MUC=jvbbrewery
ENV JVB_AUTH_USER=jvb
ENV JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443

# UDP port for media
EXPOSE 10000/udp

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
  CMD curl -f http://localhost:8080/about/health || exit 1

Creating the .dockerignore File

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store
.env
.env.local

Environment Variables Reference

Variable	Required	Default	Description
`JVB_AUTH_USER`	Yes	jvb	Username for XMPP authentication
`JVB_AUTH_PASSWORD`	Yes	-	Password for XMPP authentication
`XMPP_SERVER`	Yes	-	XMPP server hostname
`XMPP_AUTH_DOMAIN`	Yes	-	XMPP authentication domain
`XMPP_INTERNAL_MUC_DOMAIN`	Yes	-	Internal MUC domain
`JVB_BREWERY_MUC`	No	jvbbrewery	MUC room for JVB coordination
`JVB_PORT`	No	10000	UDP port for media
`JVB_STUN_SERVERS`	No	-	STUN servers for NAT traversal
`JVB_ADVERTISE_IPS`	No	-	Public IP address to advertise
`PUBLIC_URL`	No	-	Public URL for the video bridge
`JVB_OCTO_BIND_ADDRESS`	No	-	Address for Octo (cascading)
`JVB_OCTO_REGION`	No	-	Region identifier for Octo

Deploying JVB on Klutch.sh

Get Credentials from Main Jitsi Installation

From your existing Jitsi Meet deployment, note:

JVB_AUTH_PASSWORD from the main .env file
XMPP server hostname
Authentication domain
Internal MUC domain

Push Your Repository to GitHub

Initialize your repository and push to GitHub:

git init
git add Dockerfile .dockerignore README.md
git commit -m "Initial JVB deployment configuration"
git remote add origin https://github.com/yourusername/jvb-deploy.git
git push -u origin main

Create a New Project on Klutch.sh

Navigate to the Klutch.sh dashboard and create a new project. Give it a descriptive name like “jvb” or “videobridge”.

Create a New App

Within your project, create a new app:

Connect your GitHub repository
Select the repository containing your Dockerfile
Configure traffic settings for the health check port

Set Environment Variables

Configure the required environment variables:

Variable	Value
`JVB_AUTH_USER`	`jvb`
`JVB_AUTH_PASSWORD`	Password from main Jitsi install
`XMPP_SERVER`	Your Prosody server address
`XMPP_AUTH_DOMAIN`	`auth.meet.jitsi` (adjust for your setup)
`XMPP_INTERNAL_MUC_DOMAIN`	`internal-muc.meet.jitsi`
`JVB_BREWERY_MUC`	`jvbbrewery`
`JVB_ADVERTISE_IPS`	Public IP of this JVB instance
`JVB_STUN_SERVERS`	`meet-jit-si-turnrelay.jitsi.net:443`

Configure Networking

JVB requires UDP port 10000 for media. Ensure this is accessible from clients.

Deploy Your Application

Click Deploy to start the build process.

Verify Connection

Check logs to confirm JVB connected to your XMPP server:

INFO: [conference-id] Joining conference...
INFO: [conference-id] Joined MUC...

Configuring Your Main Jitsi for Multiple Bridges

Jicofo Configuration

Update Jicofo to use the bridge brewery:

JICOFO_AUTH_USER=focus
JICOFO_AUTH_PASSWORD=your-focus-password
XMPP_MUC_DOMAIN=muc.meet.jitsi
JVB_BREWERY_MUC=jvbbrewery@internal.auth.meet.jitsi

Bridge Selection Strategy

Jicofo selects bridges based on:

Available capacity (number of participants)
Region matching (if configured)
Health status
Random selection among equally loaded bridges

Regional Deployment

Geographic Distribution

Deploy JVBs in regions close to your users:

# US East JVB
JVB_OCTO_REGION=us-east

# EU West JVB
JVB_OCTO_REGION=eu-west

# Asia Pacific JVB
JVB_OCTO_REGION=ap-south

Octo Configuration

Enable Octo for cross-region conferences:

JVB_OCTO_BIND_ADDRESS=0.0.0.0
JVB_OCTO_BIND_PORT=4096
JVB_OCTO_REGION=us-east
JICOFO_OCTO_ENABLED=true

With Octo, participants in different regions connect to their nearest JVB, and the bridges cascade media between each other.

Monitoring JVB

Health Endpoint

Check JVB health:

curl http://your-jvb:8080/about/health

Statistics

Get JVB statistics:

curl http://your-jvb:8080/colibri/stats

Response includes:

{
  "conferences": 5,
  "participants": 25,
  "videostreams": 50,
  "loss_rate_upload": 0.01,
  "loss_rate_download": 0.02,
  "bit_rate_upload": 5000000,
  "bit_rate_download": 25000000
}

Prometheus Metrics

JVB exposes Prometheus-compatible metrics:

curl http://your-jvb:8080/metrics

Production Best Practices

Security Recommendations

Secure Passwords: Use strong, unique passwords for JVB authentication
Firewall Rules: Only allow necessary ports (UDP 10000, TCP 8080)
Network Isolation: Place JVB in appropriate network segment
TLS/DTLS: Ensure encrypted media transport

Performance Tuning

UDP Buffer Sizes: Increase system UDP buffer for high load
CPU Allocation: JVB is CPU-bound for packet routing
Memory: 4-8 GB recommended for busy bridges
Network: Low latency, high bandwidth connection essential

Capacity Planning

Approximate capacity per JVB:

Participants	Recommended Resources
Up to 50	2 vCPU, 4 GB RAM
50-100	4 vCPU, 8 GB RAM
100-200	8 vCPU, 16 GB RAM

Troubleshooting Common Issues

JVB Not Connecting to XMPP

Symptoms: JVB fails to join the brewery MUC.

Solutions:

Verify XMPP server is reachable
Check authentication credentials match main installation
Ensure MUC domain is correct
Review Prosody logs for errors

Media Not Flowing

Symptoms: Participants can’t hear/see each other.

Solutions:

Verify UDP port 10000 is accessible
Check JVB_ADVERTISE_IPS is set correctly
Ensure STUN/TURN is configured
Review network/firewall rules

High Packet Loss

Symptoms: Poor video/audio quality.

Solutions:

Check network bandwidth
Review JVB statistics for overload
Add additional JVB instances
Verify no CPU throttling

Additional Resources

Conclusion

Deploying additional Jitsi Video Bridges on Klutch.sh enables you to scale your video conferencing infrastructure horizontally. By distributing load across multiple bridges and placing them geographically close to users, you can provide better performance and handle more concurrent participants.

The combination of JVB’s efficient SFU architecture and Klutch.sh’s container hosting provides a solid foundation for enterprise-grade video conferencing that scales with your needs.