Outils pour utilisateurs

Outils du site


welcome:self_hosting:installing_a_server_jitsimeet

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Révision précédente
welcome:self_hosting:installing_a_server_jitsimeet [2020/05/05 19:14]
welcome:self_hosting:installing_a_server_jitsimeet [2023/09/21 16:54] (Version actuelle)
arnaud [Enabling the authentication]
Ligne 1: Ligne 1:
 +<color #22b14c>**Hosting and installing a server JitsiMeet**</color> {{howhard>3}} \\ 
 +This server provides you your own system for video conferencing. It should be available at URL "https://jitsi.mydomain.tld" and use a valid  SSL certificate. \\
 +The server is a LCX contaienr running on Proxmox. It is placed behind an OPNSense which works as a reverse proxy (HAProxy).\\
 +The conf of OPNSense (incl. DNS etc...) is out of the scope of this tuto.\\
 +The jitsi machine must be reachable at ports 80 TCP, 443 TCP and 10000 UDP. \\
  
 +====== Installing the container ======
 +Installation of a container "Ubuntu 22" on the Proxmox. I set 2 Cores and 4GB RAM. \\
 +The next step (not mandatory) is to activate SSH on the container (more comfortable than using the Console of the Proxmox). => you know what to do.... \\
 +
 +===== Installing nginx =====
 +<code># apt-get install nginx </code>
 +No config needed.
 +
 +
 +====== Installation of JitsiMeet ======
 +Following this tuto: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
 +  * The hostname **"jitsi"** is given by the container name set in Proxmox. => check ''etc/hosts'' but don't modify!
 +
 +  * <code># apt install software-properties-common
 +# apt-add-repository universe
 +# apt update
 +
 +# curl -sL https://prosody.im/files/prosody-debian-packages.key -o /etc/apt/keyrings/prosody-debian-packages.key
 +# echo "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/prosody-debian-packages.list
 +# apt install lua5.2
 +
 +# curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
 +# echo "deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" | tee /etc/apt/sources.list.d/jitsi-stable.list
 +
 +# apt-get update
 +  
 +# apt install jitsi-meet </code>
 +During the installation let Jitsi generate a self signed cert. \\ 
 +Reboot and "https://jitsi.mydomain.tld" should now display the welcome screen. 
 +  
 +
 +
 +====== Settings behind a NAT and for using with a dynamic IP======
 +===== NAT =====
 +The following extra lines need to be added to the file ''/etc/jitsi/videobridge/sip-communicator.properties'' with the internal and external IPs:
 +
 +<code>org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>   | at the beginning of the file
 +# org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES     | add # to comment this line
 +
 +org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>       | at the end of the file </code>
 +
 +===== dynamic IP =====
 +__Target:__ the current external IP must be present into the conf file in order that Jitsi runs correctly. \\ 
 +Following steps are therefore necessary by using a dynamic IP:
 +  * a script in order to compare the current external IP with the IP present into the conf file and to replace it if it has changed since last IP-check
 +  * run the script at bootup
 +  * run the script regularly
 +  
 +==== Finding the current external IP and enter it into the conf file ====
 +(this script comes from an internet forum... and is modified!)
 +<code> # nano  /etc/init.d/script_IP.sh </code>
 +<code>
 +#!/bin/sh
 + 
 +### BEGIN INIT INFO
 +# Provides:          Nom du script
 +# Required-Start:    $local_fs $network
 +# Required-Stop:     $local_fs
 +# Default-Start:     2 3 4 5
 +# Default-Stop:      0 1 6
 +# Short-Description: Description courte
 +# Description:       Description longue
 +### END INIT INFO
 +
 +
 +DNSNAME="jitsi.domain.tld"                           ##### adjust according your settings
 +
 +# get the actual IP from the Internet
 +IPint=$(curl ifcfg.me)
 +
 +# get the configured IP of Jitsi
 +IPjitsi=$(grep 'NAT_HARVESTER_PUBLIC_ADDRESS' /etc/jitsi/videobridge/sip-communicator.properties |  grep -oE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+")
 +
 +if [ "$IPjitsi" = "$IPint" ]
 +then
 +        echo "IP has not been changed!"
 +        exit 0
 +fi
 +
 +#clear config
 +sed -i '/NAT_HARVESTER_PUBLIC_ADDRESS/d' /etc/jitsi/videobridge/sip-communicator.properties
 +
 +#get IP and renew line
 +echo org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=$IPint >> /etc/jitsi/videobridge/sip-communicator.properties
 +
 +#restart services
 +systemctl restart jicofo
 +systemctl restart prosody
 +systemctl restart jitsi-videobridge2 
 +</code>
 +<code> # chmod +x /etc/init.d/script_IP.sh </code>
 +
 +===== run the script at bootup =====
 +Source: https://www.jbnet.fr/systeme/linux/debian-executer-un-script-au-demarrage-de-la-machine.html
 +<code># cd /etc/init.d 
 +# update-rc.d script_IP.sh defaults </code>
 +
 +===== run the script every hour =====
 +<code># nano /etc/cron.d/IP_jitsi </code>
 +<code>0 */1 * * * root /etc/init.d/script_IP.sh </code>
 +<note>When the script runs, it happens that Jitsi get interrupted (even if the IP is still current) => I run it only every hour to avoid frequent breakdowns of the communication. As the IP changes only 1x per day I think this is sufficient</note>
 +
 +
 +
 +
 +====== Enabling the authentication ======
 +
 +  * into ''/etc/prosody/conf.avail/jitsi.domain.tld.cfg.lua'' <code>VirtualHost "jitsi.domain.tld"
 +authentication = "internal_hashed"     | instad of jitsi-anonymous
 +
 +... and add another virtualhost after it:
 +
 +VirtualHost "guest.jitsi.domain.tld"
 +    authentication = "anonymous"
 +    c2s_require_encryption = false
 +</code>
 +
 +  * into ''/etc/jitsi/jicofo/jicofo.conf'' add at the beginng: <code>jicofo {
 +  authentication: {
 +    enabled: true
 +    type: XMPP
 +    login-url: jitsi.domain.tld
 +  } </code>
 +
 +  * create the authenticated user <code># prosodyctl register the_user jitsi.domain.tls the_password_of_the_user </code>
 +
 +\\
 +or follow this tuto: https://crosstalksolutions.com/how-to-enable-jitsi-server-authentication/

DokuWiki Appliance - Powered by TurnKey Linux