JITSI-MEET - Quick Install: Difference between revisions

From Wiki.IT-Arts.net
imported>Z
No edit summary
imported>Z
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 11: Line 11:
----
----


<p style="font-size:1.25em">'''Base Policy:'''</p>
; Base Policy:
<p style="font-size:1.15em">Anonymous conference creation is allowed.<br />
: Anonymous conference creation is allowed.
Conference password is optional.<br />
: Conference password is optional.
The conference ends when the last leaves.</p>
: The conference ends when the last leaves.


----
----
Line 22: Line 22:
= Basic Jitsi Install on Debian 10 =
= Basic Jitsi Install on Debian 10 =


Started with a Debian 10 netinstall and some standart :
Started with a Debian 10 netinstall and some standard packages:
  <nowiki>
  <nowiki>
apt-get install -y --force-yes tree strace vim screen unzip unrar-free p7zip-full nmap traceroute sysstat locate openssh-server htop iftop iotop tcpdump curl wget rsync lm-sensors dnsutils dnstop iputils-ping iputils-tracepath locales-all iproute2 net-tools mtr-tiny snmp whois apt-transport-https ca-certificates software-properties-common dirmngr</nowiki>
apt install -y --force-yes tree strace vim screen unzip unrar-free p7zip-full nmap traceroute sysstat locate openssh-server htop iftop iotop tcpdump curl wget rsync lm-sensors dnsutils dnstop iputils-ping iputils-tracepath locales-all iproute2 net-tools mtr-tiny snmp whois apt-transport-https ca-certificates software-properties-common dirmngr</nowiki>
 
And:
<nowiki>
apt install -y snmpd fail2ban qemu-guest-agent glances</nowiki>





Latest revision as of 21:05, 27 March 2020


This document describes the required steps for a quick Jitsi Meet installation on a Debian based GNU/Linux system. Debian 8 (Jessie) or later, and Ubuntu 14.04 or later are supported out-of-the-box.

Debian Wheezy and other older systems may require additional things to be done. Specifically for Wheezy, libc needs to be updated.

Also note that a recent default Ubuntu installation has only the main repository enabled, and Jitsi Meet needs packages from universe. Check your /etc/apt/sources.list file, and if universe is not present refer to Ubuntu's documentation on how to enable it. (Usually it amounts to copying the main lines and changing to universe.)

N.B.: All commands are supposed to be run by root. If you are logged in as a regular user with sudo rights, please prepend sudo to each of the commands.


Base Policy
Anonymous conference creation is allowed.
Conference password is optional.
The conference ends when the last leaves.


Basic Jitsi Install on Debian 10

Started with a Debian 10 netinstall and some standard packages:

apt install -y --force-yes tree strace vim screen unzip unrar-free p7zip-full nmap traceroute sysstat locate openssh-server htop iftop iotop tcpdump curl wget rsync lm-sensors dnsutils dnstop iputils-ping iputils-tracepath locales-all iproute2 net-tools mtr-tiny snmp whois apt-transport-https ca-certificates software-properties-common dirmngr


Verify /etc/hosts

Edit /etc/hosts like:

127.0.0.1 meet.example.org


Add the repository

echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -


Update & Install Jitsi Meet

apt-get update
apt-get -y install jitsi-meet

If you get an error: E: The method driver /usr/lib/apt/methods/https could not be found. run:

apt-get install -y apt-transport-https 


Let's Encrypt SSL Certificate

Simply run the following in your shell:

/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

If auto Cerbot fails at verification step, reboot the whole machine then retry and the problem will be solved.


Advanced NAT Configuration

If installation is on a machine behind NAT further configuration of jitsi-videobridge is needed in order for it to be accessible. Provided that all required ports are routed (forwarded) to the machine that it runs on. By default these ports are (TCP/443 or TCP/4443 and UDP 10000). The following extra lines need to be added the file /etc/jitsi/videobridge/sip-communicator.properties

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>

See the documentation of ice4j for details.


Systemd Configuration

Default deployments on systems using systemd will have low default values for maximum processes and open files. If the used bridge will expect higher number of participants the default values need to be adjusted (the default values are good for less than 100 participants). To update the values edit /etc/systemd/system.conf and make sure you have the following values:

DefaultLimitNOFILE=65000
DefaultLimitNPROC=65000
DefaultTasksMax=65000

To load the values and check them look here for details, see section Systemd details below.



Open a Conference

Launch a web browser (Chrome, Chromium or latest Opera) and enter in the URL bar the hostname (or IP address) you used in the previous step.

Confirm that you trust the self-signed certificate of the newly installed Jitsi Meet.

Enjoy!


Adding SIP-Gateway to Jitsi Meet

Jigasi, Jitsi Gateway to SIP : a server-side application that links allows regular SIP clients to join Jitsi Meet conferences hosted by Jitsi Videobridge.


Install Jigasi

apt-get -y install jigasi

During the installation, you will be asked to enter your SIP account and password. This account will be used to invite the other SIP participants.


Reload Jitsi Meet

Launch again a browser with the Jitsi Meet URL and you'll see a telephone icon on the right end of the toolbar. Use it to invite SIP accounts to join the current conference.


Systemd Details

To reload the systemd changes on a running system execute systemctl daemon-reload and service jitsi-videobridge restart.

To check the tasks part execute service jitsi-videobridge status and you should see Tasks: XX (limit: 65000).

To check the files and process part execute cat /proc/`cat /var/run/jitsi-videobridge/jitsi-videobridge.pid`/limits and you should see:

Max processes             65000                65000                processes
Max open files            65000                65000                files


Setting up a clean TURN server

The project is using google TURN servers by default...


coTURN

To do.


Changing the Base Policy

By default, anyone who has access to your jitsi instance will be able to start a conference: if your server is open to the world, anyone can have a chat with anyone else. If you want to limit the ability to start a conference to registered users, set up a "secure domain". Follow the instructions at https://github.com/jitsi/jicofo#secure-domain.

Authentication for Jisti-meet is done through the program ‘Prosody’. By configuring these settings only users created by prosodyctl will be able to access Jitsi-meet sessions.


Jigasi for SIP

If needed, install jigasi which which is an application that assist with authentication in Jitsi-meet

apt-get install jigasi -y


Prosody Setup

Edit the prosody configuration file for your server at /etc/prosody/conf.avail/YOUR-SERVER-HOSTNAME.cfg.lua.

Locate the virtual host with your hostname(should be at the top of the file) and change authentication options to “internal_plain”. It should look like this afterwards.

VirtualHost “YOUR-SERVER-HOSTNAME”
authentication = “internal_plain”

-In jicofo you need to specify your domain in the additional configuration property. Jicofo will only accept conference requests from authenticated domains. Add your domain with the following command.

sudo cat “org.jitsi.jicofo.auth.URL=XMPP:YOUR-SERVER-HOSTNAME” >> /etc/jitsi/jicofo/sip-communicator.properties


Create Users

Create user using prosodyctl. This is where we create users that will sign into Jitsi-meet.

prosodyctl register USERNAME YOUR-SERVER-HOSTNAME PASSWORD


Restart the Server

Finally you need to restart the whole machine, go:

reboot


Sources