<color #22b14c>**Hosting and installing a server JitsiMeet**</color> {{howhard>3}} \\ 
This server provides you your own system for video conferencing. It should be available at URL "https://jitsi.mydomain.tld" and use a valid  SSL certificate. \\
The server is a LCX contaienr running on Proxmox. It is placed behind an OPNSense which works as a reverse proxy (HAProxy).\\
The conf of OPNSense (incl. DNS etc...) is out of the scope of this tuto.\\
The jitsi machine must be reachable at ports 80 TCP, 443 TCP and 10000 UDP. \\

====== Installing the container ======
Installation of a container "Ubuntu 22" on the Proxmox. I set 2 Cores and 4GB RAM. \\
The next step (not mandatory) is to activate SSH on the container (more comfortable than using the Console of the Proxmox). => you know what to do.... \\

===== Installing nginx =====
<code># apt-get install nginx </code>
No config needed.


====== Installation of JitsiMeet ======
Following this tuto: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
  * The hostname **"jitsi"** is given by the container name set in Proxmox. => check ''etc/hosts'' but don't modify!

  * <code># apt install software-properties-common
# apt-add-repository universe
# apt update

# curl -sL https://prosody.im/files/prosody-debian-packages.key -o /etc/apt/keyrings/prosody-debian-packages.key
# echo "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/prosody-debian-packages.list
# apt install lua5.2

# curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
# echo "deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" | tee /etc/apt/sources.list.d/jitsi-stable.list

# apt-get update
  
# apt install jitsi-meet </code>
During the installation let Jitsi generate a self signed cert. \\ 
Reboot and "https://jitsi.mydomain.tld" should now display the welcome screen. 
  

====== Settings behind a NAT and for using with a dynamic IP======
===== NAT =====
The following extra lines need to be added to the file ''/etc/jitsi/videobridge/sip-communicator.properties'' with the internal and external IPs:

<code>org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>   | at the beginning of the file
# org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES     | add # to comment this line

org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>       | at the end of the file </code>

===== dynamic IP =====
__Target:__ the current external IP must be present into the conf file in order that Jitsi runs correctly. \\ 
Following steps are therefore necessary by using a dynamic IP:
  * a script in order to compare the current external IP with the IP present into the conf file and to replace it if it has changed since last IP-check
  * run the script at bootup
  * run the script regularly
  
==== Finding the current external IP and enter it into the conf file ====
(this script comes from an internet forum... and is modified!)
<code> # nano  /etc/init.d/script_IP.sh </code>
<code>
#!/bin/sh
 
### BEGIN INIT INFO
# Provides:          Nom du script
# Required-Start:    $local_fs $network
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Description courte
# Description:       Description longue
### END INIT INFO


DNSNAME="jitsi.domain.tld"                           ##### adjust according your settings

# get the actual IP from the Internet
IPint=$(curl ifcfg.me)

# get the configured IP of Jitsi
IPjitsi=$(grep 'NAT_HARVESTER_PUBLIC_ADDRESS' /etc/jitsi/videobridge/sip-communicator.properties |  grep -oE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+")

if [ "$IPjitsi" = "$IPint" ]
then
        echo "IP has not been changed!"
        exit 0
fi

#clear config
sed -i '/NAT_HARVESTER_PUBLIC_ADDRESS/d' /etc/jitsi/videobridge/sip-communicator.properties

#get IP and renew line
echo org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=$IPint >> /etc/jitsi/videobridge/sip-communicator.properties

#restart services
systemctl restart jicofo
systemctl restart prosody
systemctl restart jitsi-videobridge2 
</code>
<code> # chmod +x /etc/init.d/script_IP.sh </code>

===== run the script at bootup =====
Source: https://www.jbnet.fr/systeme/linux/debian-executer-un-script-au-demarrage-de-la-machine.html
<code># cd /etc/init.d 
# update-rc.d script_IP.sh defaults </code>

===== run the script every hour =====
<code># nano /etc/cron.d/IP_jitsi </code>
<code>0 */1 * * * root /etc/init.d/script_IP.sh </code>
<note>When the script runs, it happens that Jitsi get interrupted (even if the IP is still current) => I run it only every hour to avoid frequent breakdowns of the communication. As the IP changes only 1x per day I think this is sufficient</note>


====== Enabling the authentication ======

  * into ''/etc/prosody/conf.avail/jitsi.domain.tld.cfg.lua'' <code>VirtualHost "jitsi.domain.tld"
authentication = "internal_hashed"     | instad of jitsi-anonymous

... and add another virtualhost after it:

VirtualHost "guest.jitsi.domain.tld"
    authentication = "anonymous"
    c2s_require_encryption = false
</code>

  * into ''/etc/jitsi/jicofo/jicofo.conf'' add at the beginng: <code>jicofo {
  authentication: {
    enabled: true
    type: XMPP
    login-url: jitsi.domain.tld
  } </code>

  * create the authenticated user <code># prosodyctl register the_user jitsi.domain.tls the_password_of_the_user </code>

\\
or follow this tuto: https://crosstalksolutions.com/how-to-enable-jitsi-server-authentication/