Outils pour utilisateurs

Outils du site


Panneau latéral

Menu tree

welcome:self_hosting:installing_a_server_jitsimeet

Hosting and installing a server JitsiMeet

Difficulté
Moyen

This server provides you your own system for video conferencing. It should be available at URLhttps://jitsi.mydomain.tld” and use a valid SSL certificate.
The server is a LCX contaienr running on Proxmox. It is placed behind an OPNSense which works as a reverse proxy (HAProxy).
The conf of OPNSense (incl. DNS etc…) is out of the scope of this tuto.
The jitsi machine must be reachable at ports 80 TCP, 443 TCP and 10000 UDP.

Installing the container

Installation of a container “Ubuntu 22” on the Proxmox. I set 2 Cores and 4GB RAM.
The next step (not mandatory) is to activate SSH on the container (more comfortable than using the Console of the Proxmox). ⇒ you know what to do….

Installing nginx

# apt-get install nginx 

No config needed.

Installation of JitsiMeet

Following this tuto: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart

  • The hostname “jitsi” is given by the container name set in Proxmox. ⇒ check etc/hosts but don't modify!
  • # apt install software-properties-common
    # apt-add-repository universe
    # apt update
    
    # curl -sL https://prosody.im/files/prosody-debian-packages.key -o /etc/apt/keyrings/prosody-debian-packages.key
    # echo "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/prosody-debian-packages.list
    # apt install lua5.2
    
    # curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
    # echo "deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" | tee /etc/apt/sources.list.d/jitsi-stable.list
    
    # apt-get update
      
    # apt install jitsi-meet 

During the installation let Jitsi generate a self signed cert.
Reboot and “https://jitsi.mydomain.tld” should now display the welcome screen.

Settings behind a NAT and for using with a dynamic IP

NAT

The following extra lines need to be added to the file /etc/jitsi/videobridge/sip-communicator.properties with the internal and external IPs:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>   | at the beginning of the file
# org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES     | add # to comment this line

org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>       | at the end of the file 

dynamic IP

Target: the current external IP must be present into the conf file in order that Jitsi runs correctly.
Following steps are therefore necessary by using a dynamic IP:

  • a script in order to compare the current external IP with the IP present into the conf file and to replace it if it has changed since last IP-check
  • run the script at bootup
  • run the script regularly

Finding the current external IP and enter it into the conf file

(this script comes from an internet forum… and is modified!)

 # nano  /etc/init.d/script_IP.sh 
#!/bin/sh
 
### BEGIN INIT INFO
# Provides:          Nom du script
# Required-Start:    $local_fs $network
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Description courte
# Description:       Description longue
### END INIT INFO


DNSNAME="jitsi.domain.tld"                           ##### adjust according your settings

# get the actual IP from the Internet
IPint=$(curl ifcfg.me)

# get the configured IP of Jitsi
IPjitsi=$(grep 'NAT_HARVESTER_PUBLIC_ADDRESS' /etc/jitsi/videobridge/sip-communicator.properties |  grep -oE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+")

if [ "$IPjitsi" = "$IPint" ]
then
        echo "IP has not been changed!"
        exit 0
fi

#clear config
sed -i '/NAT_HARVESTER_PUBLIC_ADDRESS/d' /etc/jitsi/videobridge/sip-communicator.properties

#get IP and renew line
echo org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=$IPint >> /etc/jitsi/videobridge/sip-communicator.properties

#restart services
systemctl restart jicofo
systemctl restart prosody
systemctl restart jitsi-videobridge2 
 # chmod +x /etc/init.d/script_IP.sh 

run the script at bootup

Source: https://www.jbnet.fr/systeme/linux/debian-executer-un-script-au-demarrage-de-la-machine.html

# cd /etc/init.d 
# update-rc.d script_IP.sh defaults 

run the script every hour

# nano /etc/cron.d/IP_jitsi 
0 */1 * * * root /etc/init.d/script_IP.sh 
When the script runs, it happens that Jitsi get interrupted (even if the IP is still current) ⇒ I run it only every hour to avoid frequent breakdowns of the communication. As the IP changes only 1x per day I think this is sufficient

Enabling the authentication

  • into /etc/prosody/conf.avail/jitsi.domain.tld.cfg.lua
    VirtualHost "jitsi.domain.tld"
    authentication = "internal_hashed"     | instad of jitsi-anonymous
    
    ... and add another virtualhost after it:
    
    VirtualHost "guest.jitsi.domain.tld"
        authentication = "anonymous"
        c2s_require_encryption = false
  • into /etc/jitsi/jicofo/jicofo.conf add at the beginng:
    jicofo {
      authentication: {
        enabled: true
        type: XMPP
        login-url: jitsi.domain.tld
      } 
  • create the authenticated user
    # prosodyctl register the_user jitsi.domain.tls the_password_of_the_user 


or follow this tuto: https://crosstalksolutions.com/how-to-enable-jitsi-server-authentication/

welcome/self_hosting/installing_a_server_jitsimeet.txt · Dernière modification: 2023/09/21 16:54 de arnaud

DokuWiki Appliance - Powered by TurnKey Linux