Différences

Ci-dessous, les différences entre deux révisions de la page.

--- welcome:self_hosting:installing_a_server_jitsimeet [2020/05/05 19:14]
+++ welcome:self_hosting:installing_a_server_jitsimeet [2023/09/21 16:54] (Version actuelle)
arnaud [Enabling the authentication]
@@ Ligne 1: / Ligne 1: @@
+<color #22b14c>**Hosting and installing a server JitsiMeet**</color> {{howhard>3}} \\
+This server provides you your own system for video conferencing. It should be available at URL "https://jitsi.mydomain.tld" and use a valid  SSL certificate. \\
+The server is a LCX contaienr running on Proxmox. It is placed behind an OPNSense which works as a reverse proxy (HAProxy).\\
+The conf of OPNSense (incl. DNS etc...) is out of the scope of this tuto.\\
+The jitsi machine must be reachable at ports 80 TCP, 443 TCP and 10000 UDP. \\
+====== Installing the container ======
+Installation of a container "Ubuntu 22" on the Proxmox. I set 2 Cores and 4GB RAM. \\
+The next step (not mandatory) is to activate SSH on the container (more comfortable than using the Console of the Proxmox). => you know what to do.... \\
+===== Installing nginx =====
+<code># apt-get install nginx </code>
+No config needed.
+====== Installation of JitsiMeet ======
+Following this tuto: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
+  * The hostname **"jitsi"** is given by the container name set in Proxmox. => check ''etc/hosts'' but don't modify!
+  * <code># apt install software-properties-common
+# apt-add-repository universe
+# apt update
+# curl -sL https://prosody.im/files/prosody-debian-packages.key -o /etc/apt/keyrings/prosody-debian-packages.key
+# echo "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/prosody-debian-packages.list
+# apt install lua5.2
+# curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
+# echo "deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" | tee /etc/apt/sources.list.d/jitsi-stable.list
+# apt-get update
+# apt install jitsi-meet </code>
+During the installation let Jitsi generate a self signed cert. \\
+Reboot and "https://jitsi.mydomain.tld" should now display the welcome screen.
+====== Settings behind a NAT and for using with a dynamic IP======
+===== NAT =====
+The following extra lines need to be added to the file ''/etc/jitsi/videobridge/sip-communicator.properties'' with the internal and external IPs:
+<code>org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>   | at the beginning of the file
+# org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES     | add # to comment this line
+org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>       | at the end of the file </code>
+===== dynamic IP =====
+__Target:__ the current external IP must be present into the conf file in order that Jitsi runs correctly. \\
+Following steps are therefore necessary by using a dynamic IP:
+  * a script in order to compare the current external IP with the IP present into the conf file and to replace it if it has changed since last IP-check
+  * run the script at bootup
+  * run the script regularly
+==== Finding the current external IP and enter it into the conf file ====
+(this script comes from an internet forum... and is modified!)
+<code> # nano  /etc/init.d/script_IP.sh </code>
+<code>
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          Nom du script
+# Required-Start:    $local_fs $network
+# Required-Stop:     $local_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Description courte
+# Description:       Description longue
+### END INIT INFO
+DNSNAME="jitsi.domain.tld"                           ##### adjust according your settings
+# get the actual IP from the Internet
+IPint=$(curl ifcfg.me)
+# get the configured IP of Jitsi
+IPjitsi=$(grep 'NAT_HARVESTER_PUBLIC_ADDRESS' /etc/jitsi/videobridge/sip-communicator.properties |  grep -oE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+")
+if [ "$IPjitsi" = "$IPint" ]
+then
+        echo "IP has not been changed!"
+        exit 0
+fi
+#clear config
+sed -i '/NAT_HARVESTER_PUBLIC_ADDRESS/d' /etc/jitsi/videobridge/sip-communicator.properties
+#get IP and renew line
+echo org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=$IPint >> /etc/jitsi/videobridge/sip-communicator.properties
+#restart services
+systemctl restart jicofo
+systemctl restart prosody
+systemctl restart jitsi-videobridge2
+</code>
+<code> # chmod +x /etc/init.d/script_IP.sh </code>
+===== run the script at bootup =====
+Source: https://www.jbnet.fr/systeme/linux/debian-executer-un-script-au-demarrage-de-la-machine.html
+<code># cd /etc/init.d
+# update-rc.d script_IP.sh defaults </code>
+===== run the script every hour =====
+<code># nano /etc/cron.d/IP_jitsi </code>
+<code>0 */1 * * * root /etc/init.d/script_IP.sh </code>
+<note>When the script runs, it happens that Jitsi get interrupted (even if the IP is still current) => I run it only every hour to avoid frequent breakdowns of the communication. As the IP changes only 1x per day I think this is sufficient</note>
+====== Enabling the authentication ======
+  * into ''/etc/prosody/conf.avail/jitsi.domain.tld.cfg.lua'' <code>VirtualHost "jitsi.domain.tld"
+authentication = "internal_hashed"     | instad of jitsi-anonymous
+... and add another virtualhost after it:
+VirtualHost "guest.jitsi.domain.tld"
+    authentication = "anonymous"
+    c2s_require_encryption = false
+</code>
+  * into ''/etc/jitsi/jicofo/jicofo.conf'' add at the beginng: <code>jicofo {
+  authentication: {
+    enabled: true
+    type: XMPP
+    login-url: jitsi.domain.tld
+  } </code>
+  * create the authenticated user <code># prosodyctl register the_user jitsi.domain.tls the_password_of_the_user </code>
+\\
+or follow this tuto: https://crosstalksolutions.com/how-to-enable-jitsi-server-authentication/

Wiki-GuedeL

Outils pour utilisateurs

Outils du site

Différences

Outils de la page