Deploying OpenVidu on Ubuntu

Installation process

Ubuntu Xenial 16.04 and Ubuntu Bionic 18.04 are supported (see Ubuntu Bionic limitations).

1. Install KMS

Ubuntu Xenial 16.04

sudo echo "deb [arch=amd64] xenial kms6" | sudo tee /etc/apt/sources.list.d/kurento.list
sudo apt-key adv --keyserver --recv-keys 5AFA7A83
sudo apt-get update
sudo apt-get -y install kurento-media-server

Ubuntu Bionic 18.04

sudo echo "deb [arch=amd64] bionic kms6" | sudo tee /etc/apt/sources.list.d/kurento.list
sudo apt-key adv --keyserver --recv-keys 5AFA7A83
sudo apt-get update
sudo apt-get -y install kurento-media-server

After installing KMS, it is necessary to change the default user running it to the current one with this line:

sudo sed -i "s/DAEMON_USER=\"kurento\"/DAEMON_USER=\"${USER}\"/g" /etc/default/kurento-media-server

2. Install COTURN

sudo apt-get -y install coturn

This is a great implementation of a STUN/TURN server, necessary for connecting your users under some complicated circumstances. You can check its documentation here.

3. Install Redis

sudo apt-get -y install redis-server

4. File /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini


5. File /etc/turnserver.conf

redis-userdb="ip= dbname=0 password=turn connect_timeout=30"

6. File /etc/default/coturn


7. Init services

sudo service redis-server restart
sudo service coturn restart
sudo service kurento-media-server restart

8. Init Openvidu Server JAR executable

java -jar -Dopenvidu.secret=YOUR_SECRET -Dopenvidu.publicurl=https://YOUR_MACHINE_PUBLIC_IP:4443/ openvidu-server-{VERSION}.jar

Being YOUR_SECRET the password you want for securing your OpenVidu Server. This will be needed for connecting to OpenVidu Server dashboard and for consuming OpenVidu Server REST API. Keep it safe!

1) You will need Java 8 to run OpenVidu Server:

sudo apt-get install -y openjdk-8-jre

2) You can get any version of OpenVidu Server running:


3) If you want to enable recording module of OpenVidu Server to record your sessions, you must install Docker CE and add some more system properties to the java -jar command. Check out Recording section to learn more

Go to Using your own certificate to add your certificate to the JAR instead of using the self-signed default one (which will launch a security warning on the user's browser).

9. Finally check your server

You can connect to OpenVidu dashboard through https://YOUR_OPENVIDU_SERVER_MACHINE_PUBLIC_IP:4443 (authorization is OPENVIDUAPP:YOUR_SECRET). Make sure you allow TCP and UDP inbound connections to your machine!

To connect your application to OpenVidu Server, use the same URL https://YOUR_OPENVIDU_SERVER_MACHINE_PUBLIC_IP:4443. To learn more, check out Connecting your app to OpenVidu.

Server network requirements

In order for this deployment to work, you will have to meet 2 sets of needs in the machine hosting your services:

  • First of all, you certainly need the machine to have a public, reachable IP. The reason is pretty simple: we are precisely installing COTURN service to cover those situations where the final users are hidden behind NATs or complex networks (learn more). If the COTURN itself is running inside an unreachable machine, your video transmission will probably fail. And also make sure the server bandwidth is significant, as each media connection can potentially consume up to several MBs.

  • Besides, the server needs some ports opened in the firewall:

    • 4443 TCP (OpenVidu Server listens on port 4443 by default)
    • 3478 TCP (COTURN listens on port 3478 by default)
    • 49152 - 65535 UDP (these ports are strongly recommended to be opened, as WebRTC randomly exchanges media through any of them)

If you were still in trouble, we provide a ready-to-use Amazon CloudFormation Stack to easily deploy OpenVidu in just a few minutes here.

Using your own certificate

OpenVidu Server is a Java application and therefore needs a Java keystore (.jks) for providing security certificates. If you don't have it, you can easily obtain a .jks file from your certificate and private key files (.crt and .key respectively, or maybe both of them being .pem). You do so by using openssl and keytool :

# Export certificate in p12 format (password will be asked)
# YOUR_CRT.crt and YOUR_KEY.key files may be YOUR_CRT.pem and YOUR_KEY.pem files instead
openssl pkcs12 -export -name YOUR_KEYSTORE_ALIAS -in YOUR_CRT.crt -inkey YOUR_PRIVATE_KEY.key -out p12keystore.p12

# Generate jks (password will be asked again)
keytool -importkeystore -srckeystore p12keystore.p12 -srcstoretype pkcs12 -deststoretype pkcs12 -alias YOUR_KEYSTORE_ALIAS -destkeystore YOUR_KEYSTORE_NAME.jks

In order to use your JKS, just give the proper value to the following OpenVidu Server properties on launch:

  • server.ssl.key-store=/PATH/TO/YOUR_KEYSTORE_NAME.jks
  • server.ssl.key-store-password=value_provided_when_generating_jks
  • server.ssl.key-alias=YOUR_KEYSTORE_ALIAS

java -jar -Dopenvidu.secret=MY_SECRET -Dserver.ssl.key-store=/opt/openvidu/my_keystore.jks -Dserver.ssl.key-store-password=MY_KEYSTORE_SECRET -Dserver.ssl.key-alias=my_cert_alias openvidu-server-2.5.0.jar

Remember we provide a super simple way of using a FREE, AUTOMATIC and 100% VALID certificate thanks to Let's Encrypt technology: when deploying your CloudFormation Stack, just fill in the form fields with the values from the column LET'S ENCRYPT CERTIFICATE

Ubuntu Bionic limitations

OpenVidu supports Ubuntu Xenial 16.04 and Ubuntu Bionic 18.04. OpenCV filters will not work in Bionic.

Regarding filters explained in Voice and video filters section, this will affect FaceOverlayFilter and ChromaFilter. In fact, no built-in module explained in Kurento Docs will work in Ubuntu Bionic (PointerDetectorFilter, CrowdDetectorFilter, PlateDetectorFIlter).

ZBarFilter and GStreamer filters work fine in Ubuntu Bionic.