Wiki-GuedeL

Outils pour utilisateurs

Outils du site

Piste:
welcome:self_hosting:installing_a_server_jitsimeet

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Prochaine révision 		Révision précédente
welcome:self_hosting:installing_a_server_jitsimeet [2020/07/05 19:26]
127.0.0.1 modification externe 		welcome:self_hosting:installing_a_server_jitsimeet [2023/09/21 16:54] (Version actuelle)
arnaud [Enabling the authentication]
Ligne 1: Ligne 1:
 <color #22b14c>**Hosting and installing a server JitsiMeet**</color> {{howhard>3}} \\  <color #22b14c>**Hosting and installing a server JitsiMeet**</color> {{howhard>3}} \\ 
-This server provides you your own system for video conferencing. It should be available at URL "https://jitsi.mydomain.tld" and use a valid  SSL certificate.+This server provides you your own system for video conferencing. It should be available at URL "https://jitsi.mydomain.tld" and use a valid  SSL certificate. \\ 
 +The server is a LCX contaienr running on Proxmox. It is placed behind an OPNSense which works as a reverse proxy (HAProxy).\\ 
 +The conf of OPNSense (incl. DNS etc...) is out of the scope of this tuto.\\ 
 +The jitsi machine must be reachable at ports 80 TCP, 443 TCP and 10000 UDP. \\ 
 ====== Installing the container ====== ====== Installing the container ======
-Installation of a container "Debian 10" on the Proxmox. From a terminal of the Proxmox:  \\ +Installation of a container "Ubuntu 22" on the Proxmox. I set 2 Cores and 4GB RAM. \\ 
-<code># pveam available       ### to find the right template +The next step (not mandatory) is to activate SSH on the container (more comfortable than using the Console of the Proxmox). => you know what to do.... \\ 
-# pveam download local debian-10.0-standard_10.0-1_amd64.tar.gz     ### in my case </code> + 
-The template is stored under "local". \\  +===== Installing nginx ===== 
-The rest of the installation is done from the GUI.I set 2 Cores and 4GB RAM. \\ +<code># apt-get install nginx </code> 
-The next step (not mandatory) is to activate SSH on the container (more comfortable than using the Console of the Proxmox). => you knwo what to do....+No config needed. 
  
 ====== Installation of JitsiMeet ====== ====== Installation of JitsiMeet ======
-Following theses tutos\\  https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md \\  +Following this tuto: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart 
-https://www.scaleway.com/en/docs/setting-up-jitsi-meet-videoconferencing-on-debian-buster/ and  \\  +  * The hostname **"jitsi"** is given by the container name set in Proxmox=> check ''etc/hosts'' but don'modify!
-https://community.nethserver.org/t/deploying-jitsi-meet-on-nethserver-independent-video-conferencing/15051/9 \\+
  
-  * The hostname **"jitsi"** is given by the container name set in Proxmox. +  * <code># apt install software-properties-common 
-  * <code># apt update && apt upgrade +# apt-add-repository universe 
-# sed -i 's/^127.0.1.1.*$/127.0.1.1 jitsi.mydomain.tld jitsi/g' /etc/hosts +# apt update
-# sed -i 's/^127.0.0.1.*$/127.0.0.1 localhost jitsi.mydomain.tld jitsi/g' /etc/hosts </code> +
-  * no installation of nginx nor apache +
-  * <code>wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - +
-# sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list" +
-# apt update </code> +
-  * <code># apt-get -y --no-install-recommends install jitsi-meet </code>+
  
-====== Settings of the internal network ====== +# curl -sL https://prosody.im/files/prosody-debian-packages.key -o /etc/apt/keyrings/prosody-debian-packages.key 
-The jitsi machine must be reachable at ports 80 TCP, 443 TCP and 10000 UDP\\ +# echo "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -scmain" | tee /etc/apt/sources.list.d/prosody-debian-packages.list 
-In my case, the container "jitsiis placed into the DMZ, behind a firewall\\ +# apt install lua5.2
-My main web server is a Nethserver placed into the DMZ too. The firewall forwards all http/https request to this Nethserver (NAT).+
  
-===== Settings for firewall/DNS ===== +# curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor /usr/share/keyrings/jitsi-keyring.gpg' 
-  * port opening and forwarding for 10000 UDP to the jitsi +# echo "deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/" | tee /etc/apt/sources.list.d/jitsi-stable.list
-  * into the DNS-resolver: +
-    * jitsi.mydomain.tld =as an alias of the Nethserver +
-    * container-jitsi.mydomain.tld => the IP of the container (I use it for SSH connections with the container)+
  
-===== Settings of the ReverseProxy ===== +# apt-get update 
-The webserver Nethserver acts as [[https://docs.nethserver.org/en/v7/proxy_pass.html|ReverseProxy]] to redirect http/https requests "jitsi.domain.tld" to the container. \\ +   
-This will allows to use the valid SSL certificate of the Nethserver for "jitsi.domain.tld" without copying the certificate on the jitsi machine. \\  +# apt install jitsi-meet </code> 
-  * Get the Letsencrypt certificate covering the subdomain "jitsi.domain.tld" by the nethserver and use it as default certificate+During the installation let Jitsi generate a self signed cert. \\  
-  * Settings of the ReverseProxy: +Reboot and "https://jitsi.mydomain.tld" should now display the welcome screen.  
-    * URL: https://IP of the jitsi container +  
-    * Certificate SSL/TLS: default +
-    * Accept non valid SSL certificate from the target: ticked +
-    * Forward the name of the host to the target: ticked+
  
  
-====== Enabling the authentication ====== +====== Settings behind a NAT and for using with a dynamic IP====== 
-Following this tuto: https://crosstalksolutions.com/how-to-enable-jitsi-server-authentication/+===== NAT ===== 
 +The following extra lines need to be added to the file ''/etc/jitsi/videobridge/sip-communicator.properties'' with the internal and external IPs: 
 + 
 +<code>org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>   | at the beginning of the file 
 +# org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES     | add # to comment this line 
 + 
 +org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>       | at the end of the file </code>
  
-====== Settings for using with a dynamic IP======+===== dynamic IP =====
 __Target:__ the current external IP must be present into the conf file in order that Jitsi runs correctly. \\  __Target:__ the current external IP must be present into the conf file in order that Jitsi runs correctly. \\ 
 Following steps are therefore necessary by using a dynamic IP: Following steps are therefore necessary by using a dynamic IP:
Ligne 55: Ligne 52:
   * run the script at bootup   * run the script at bootup
   * run the script regularly   * run the script regularly
-===== Finding the current external IP and enter it into the conf file ===== +   
-(this script comes from an internet forum!)+==== Finding the current external IP and enter it into the conf file ==== 
 +(this script comes from an internet forum... and is modified!)
 <code> # nano  /etc/init.d/script_IP.sh </code> <code> # nano  /etc/init.d/script_IP.sh </code>
 <code> <code>
Ligne 75: Ligne 73:
  
 # get the actual IP from the Internet # get the actual IP from the Internet
-IPint=$(host -tA $DNSNAME 8.8.8.8 | grep address | cut -d " " -f4 )+IPint=$(curl ifcfg.me)
  
 # get the configured IP of Jitsi # get the configured IP of Jitsi
 IPjitsi=$(grep 'NAT_HARVESTER_PUBLIC_ADDRESS' /etc/jitsi/videobridge/sip-communicator.properties |  grep -oE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+") IPjitsi=$(grep 'NAT_HARVESTER_PUBLIC_ADDRESS' /etc/jitsi/videobridge/sip-communicator.properties |  grep -oE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+")
  
-if [ "$IPjitsi" == "$IPint" ]+if [ "$IPjitsi" = "$IPint" ]
 then then
         echo "IP has not been changed!"         echo "IP has not been changed!"
Ligne 108: Ligne 106:
 <code>0 */1 * * * root /etc/init.d/script_IP.sh </code> <code>0 */1 * * * root /etc/init.d/script_IP.sh </code>
 <note>When the script runs, it happens that Jitsi get interrupted (even if the IP is still current) => I run it only every hour to avoid frequent breakdowns of the communication. As the IP changes only 1x per day I think this is sufficient</note> <note>When the script runs, it happens that Jitsi get interrupted (even if the IP is still current) => I run it only every hour to avoid frequent breakdowns of the communication. As the IP changes only 1x per day I think this is sufficient</note>
 +
 +
 +
 +
 +====== Enabling the authentication ======
 +
 +  * into ''/etc/prosody/conf.avail/jitsi.domain.tld.cfg.lua'' <code>VirtualHost "jitsi.domain.tld"
 +authentication = "internal_hashed"     | instad of jitsi-anonymous
 +
 +... and add another virtualhost after it:
 +
 +VirtualHost "guest.jitsi.domain.tld"
 +    authentication = "anonymous"
 +    c2s_require_encryption = false
 +</code>
 +
 +  * into ''/etc/jitsi/jicofo/jicofo.conf'' add at the beginng: <code>jicofo {
 +  authentication: {
 +    enabled: true
 +    type: XMPP
 +    login-url: jitsi.domain.tld
 +  } </code>
 +
 +  * create the authenticated user <code># prosodyctl register the_user jitsi.domain.tls the_password_of_the_user </code>
 +
 +\\
 +or follow this tuto: https://crosstalksolutions.com/how-to-enable-jitsi-server-authentication/
welcome/self_hosting/installing_a_server_jitsimeet.1593977172.txt.gz · Dernière modification: 2020/07/05 19:26 de 127.0.0.1

Outils de la page

Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki
DokuWiki Appliance - Powered by TurnKey Linux