Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
welcome:self_hosting:installing_a_server_jitsimeet [2020/07/05 19:26] 127.0.0.1 modification externe |
welcome:self_hosting:installing_a_server_jitsimeet [2023/09/21 16:54] (Version actuelle) arnaud [Enabling the authentication] |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
<color # | <color # | ||
- | This server provides you your own system for video conferencing. It should be available at URL " | + | This server provides you your own system for video conferencing. It should be available at URL " |
+ | The server is a LCX contaienr running on Proxmox. It is placed behind an OPNSense which works as a reverse proxy (HAProxy).\\ | ||
+ | The conf of OPNSense (incl. DNS etc...) is out of the scope of this tuto.\\ | ||
+ | The jitsi machine must be reachable at ports 80 TCP, 443 TCP and 10000 UDP. \\ | ||
====== Installing the container ====== | ====== Installing the container ====== | ||
- | Installation of a container "Debian 10" on the Proxmox. From a terminal of the Proxmox: | + | Installation of a container "Ubuntu 22" on the Proxmox. I set 2 Cores and 4GB RAM. \\ |
- | < | + | The next step (not mandatory) is to activate SSH on the container (more comfortable than using the Console of the Proxmox). => you know what to do.... |
- | # pveam download local debian-10.0-standard_10.0-1_amd64.tar.gz | + | |
- | The template is stored under " | + | ===== Installing nginx ===== |
- | The rest of the installation is done from the GUI.I set 2 Cores and 4GB RAM. \\ | + | < |
- | The next step (not mandatory) is to activate SSH on the container (more comfortable than using the Console of the Proxmox). => you knwo what to do.... | + | No config needed. |
====== Installation of JitsiMeet ====== | ====== Installation of JitsiMeet ====== | ||
- | Following | + | Following |
- | https:// | + | * The hostname **" |
- | https:// | + | |
- | | + | * < |
- | | + | # apt-add-repository universe |
- | # sed -i ' | + | # apt update |
- | # sed -i ' | + | |
- | * no installation of nginx nor apache | + | |
- | * < | + | |
- | # sh -c "echo 'deb https:// | + | |
- | # apt update | + | |
- | * < | + | |
- | ====== Settings of the internal network ====== | + | # curl -sL https:// |
- | The jitsi machine must be reachable at ports 80 TCP, 443 TCP and 10000 UDP. \\ | + | # echo "deb [signed-by=/ |
- | In my case, the container "jitsi" | + | # apt install lua5.2 |
- | My main web server is a Nethserver placed into the DMZ too. The firewall forwards all http/https request to this Nethserver | + | |
- | ===== Settings for firewall/ | + | # curl -sL https://download.jitsi.org/ |
- | * port opening and forwarding for 10000 UDP to the jitsi | + | # echo "deb [signed-by=/ |
- | * into the DNS-resolver: | + | |
- | * jitsi.mydomain.tld => as an alias of the Nethserver | + | |
- | * container-jitsi.mydomain.tld => the IP of the container (I use it for SSH connections with the container) | + | |
- | ===== Settings of the ReverseProxy ===== | + | # apt-get update |
- | The webserver Nethserver acts as [[https:// | + | |
- | This will allows to use the valid SSL certificate of the Nethserver for " | + | # apt install jitsi-meet </code> |
- | * Get the Letsencrypt certificate covering the subdomain | + | During |
- | | + | Reboot and "https://jitsi.mydomain.tld" |
- | * URL: https://IP of the jitsi container | + | |
- | * Certificate SSL/TLS: default | + | |
- | * Accept non valid SSL certificate from the target: ticked | + | |
- | * Forward the name of the host to the target: ticked | + | |
- | ====== | + | ====== |
- | Following this tuto: https://crosstalksolutions.com/how-to-enable-jitsi-server-authentication/ | + | ===== NAT ===== |
+ | The following extra lines need to be added to the file '' | ||
+ | |||
+ | < | ||
+ | # org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES | ||
+ | |||
+ | org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=< | ||
- | ====== Settings for using with a dynamic IP====== | + | ===== dynamic IP ===== |
__Target:__ the current external IP must be present into the conf file in order that Jitsi runs correctly. \\ | __Target:__ the current external IP must be present into the conf file in order that Jitsi runs correctly. \\ | ||
Following steps are therefore necessary by using a dynamic IP: | Following steps are therefore necessary by using a dynamic IP: | ||
Ligne 55: | Ligne 52: | ||
* run the script at bootup | * run the script at bootup | ||
* run the script regularly | * run the script regularly | ||
- | ===== Finding the current external IP and enter it into the conf file ===== | + | |
- | (this script comes from an internet forum!) | + | ==== Finding the current external IP and enter it into the conf file ==== |
+ | (this script comes from an internet forum... and is modified!) | ||
< | < | ||
< | < | ||
Ligne 75: | Ligne 73: | ||
# get the actual IP from the Internet | # get the actual IP from the Internet | ||
- | IPint=$(host -tA $DNSNAME 8.8.8.8 | grep address | cut -d " " -f4 ) | + | IPint=$(curl ifcfg.me) |
# get the configured IP of Jitsi | # get the configured IP of Jitsi | ||
IPjitsi=$(grep ' | IPjitsi=$(grep ' | ||
- | if [ " | + | if [ " |
then | then | ||
echo "IP has not been changed!" | echo "IP has not been changed!" | ||
Ligne 108: | Ligne 106: | ||
< | < | ||
< | < | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== Enabling the authentication ====== | ||
+ | |||
+ | * into ''/ | ||
+ | authentication = " | ||
+ | |||
+ | ... and add another virtualhost after it: | ||
+ | |||
+ | VirtualHost " | ||
+ | authentication = " | ||
+ | c2s_require_encryption = false | ||
+ | </ | ||
+ | |||
+ | * into ''/ | ||
+ | authentication: | ||
+ | enabled: true | ||
+ | type: XMPP | ||
+ | login-url: jitsi.domain.tld | ||
+ | } </ | ||
+ | |||
+ | * create the authenticated user < | ||
+ | |||
+ | \\ | ||
+ | or follow this tuto: https:// |