JITSI-MEET - Quick Install: Difference between revisions
imported>Z No edit summary |
imported>Z No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 11: | Line 11: | ||
---- | ---- | ||
; Base Policy: | |||
: Anonymous conference creation is allowed. | |||
Conference password is optional. | : Conference password is optional. | ||
The conference ends when the last leaves. | : The conference ends when the last leaves. | ||
---- | ---- | ||
Line 22: | Line 22: | ||
= Basic Jitsi Install on Debian 10 = | = Basic Jitsi Install on Debian 10 = | ||
Started with a Debian 10 netinstall and some | Started with a Debian 10 netinstall and some standard packages: | ||
<nowiki> | <nowiki> | ||
apt | apt install -y --force-yes tree strace vim screen unzip unrar-free p7zip-full nmap traceroute sysstat locate openssh-server htop iftop iotop tcpdump curl wget rsync lm-sensors dnsutils dnstop iputils-ping iputils-tracepath locales-all iproute2 net-tools mtr-tiny snmp whois apt-transport-https ca-certificates software-properties-common dirmngr</nowiki> | ||
Latest revision as of 21:05, 27 March 2020
This document describes the required steps for a quick Jitsi Meet installation on a Debian based GNU/Linux system. Debian 8 (Jessie) or later, and Ubuntu 14.04 or later are supported out-of-the-box.
Debian Wheezy and other older systems may require additional things to be done. Specifically for Wheezy, libc needs to be updated.
Also note that a recent default Ubuntu installation has only the main repository enabled, and Jitsi Meet needs packages from universe. Check your /etc/apt/sources.list file, and if universe is not present refer to Ubuntu's documentation on how to enable it. (Usually it amounts to copying the main lines and changing to universe.)
N.B.: All commands are supposed to be run by root. If you are logged in as a regular user with sudo rights, please prepend sudo to each of the commands.
- Base Policy
- Anonymous conference creation is allowed.
- Conference password is optional.
- The conference ends when the last leaves.
Basic Jitsi Install on Debian 10
Started with a Debian 10 netinstall and some standard packages:
apt install -y --force-yes tree strace vim screen unzip unrar-free p7zip-full nmap traceroute sysstat locate openssh-server htop iftop iotop tcpdump curl wget rsync lm-sensors dnsutils dnstop iputils-ping iputils-tracepath locales-all iproute2 net-tools mtr-tiny snmp whois apt-transport-https ca-certificates software-properties-common dirmngr
Verify /etc/hosts
Edit /etc/hosts like:
127.0.0.1 meet.example.org
Add the repository
echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
Update & Install Jitsi Meet
apt-get update apt-get -y install jitsi-meet
If you get an error: E: The method driver /usr/lib/apt/methods/https could not be found. run:
apt-get install -y apt-transport-https
Let's Encrypt SSL Certificate
Simply run the following in your shell:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
If auto Cerbot fails at verification step, reboot the whole machine then retry and the problem will be solved.
Advanced NAT Configuration
If installation is on a machine behind NAT further configuration of jitsi-videobridge is needed in order for it to be accessible. Provided that all required ports are routed (forwarded) to the machine that it runs on. By default these ports are (TCP/443 or TCP/4443 and UDP 10000). The following extra lines need to be added the file /etc/jitsi/videobridge/sip-communicator.properties
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address> org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>
See the documentation of ice4j for details.
Systemd Configuration
Default deployments on systems using systemd will have low default values for maximum processes and open files. If the used bridge will expect higher number of participants the default values need to be adjusted (the default values are good for less than 100 participants). To update the values edit /etc/systemd/system.conf and make sure you have the following values:
DefaultLimitNOFILE=65000 DefaultLimitNPROC=65000 DefaultTasksMax=65000
To load the values and check them look here for details, see section Systemd details below.
Open a Conference
Launch a web browser (Chrome, Chromium or latest Opera) and enter in the URL bar the hostname (or IP address) you used in the previous step.
Confirm that you trust the self-signed certificate of the newly installed Jitsi Meet.
Enjoy!
Adding SIP-Gateway to Jitsi Meet
Jigasi, Jitsi Gateway to SIP : a server-side application that links allows regular SIP clients to join Jitsi Meet conferences hosted by Jitsi Videobridge.
Install Jigasi
apt-get -y install jigasi
During the installation, you will be asked to enter your SIP account and password. This account will be used to invite the other SIP participants.
Reload Jitsi Meet
Launch again a browser with the Jitsi Meet URL and you'll see a telephone icon on the right end of the toolbar. Use it to invite SIP accounts to join the current conference.
Systemd Details
To reload the systemd changes on a running system execute systemctl daemon-reload and service jitsi-videobridge restart.
To check the tasks part execute service jitsi-videobridge status and you should see Tasks: XX (limit: 65000).
To check the files and process part execute cat /proc/`cat /var/run/jitsi-videobridge/jitsi-videobridge.pid`/limits and you should see:
Max processes 65000 65000 processes Max open files 65000 65000 files
Setting up a clean TURN server
The project is using google TURN servers by default...
coTURN
To do.
Changing the Base Policy
By default, anyone who has access to your jitsi instance will be able to start a conference: if your server is open to the world, anyone can have a chat with anyone else. If you want to limit the ability to start a conference to registered users, set up a "secure domain". Follow the instructions at https://github.com/jitsi/jicofo#secure-domain.
Authentication for Jisti-meet is done through the program ‘Prosody’. By configuring these settings only users created by prosodyctl will be able to access Jitsi-meet sessions.
Jigasi for SIP
If needed, install jigasi which which is an application that assist with authentication in Jitsi-meet
apt-get install jigasi -y
Prosody Setup
Edit the prosody configuration file for your server at /etc/prosody/conf.avail/YOUR-SERVER-HOSTNAME.cfg.lua.
Locate the virtual host with your hostname(should be at the top of the file) and change authentication options to “internal_plain”. It should look like this afterwards.
VirtualHost “YOUR-SERVER-HOSTNAME” authentication = “internal_plain”
-In jicofo you need to specify your domain in the additional configuration property. Jicofo will only accept conference requests from authenticated domains. Add your domain with the following command.
sudo cat “org.jitsi.jicofo.auth.URL=XMPP:YOUR-SERVER-HOSTNAME” >> /etc/jitsi/jicofo/sip-communicator.properties
Create Users
Create user using prosodyctl. This is where we create users that will sign into Jitsi-meet.
prosodyctl register USERNAME YOUR-SERVER-HOSTNAME PASSWORD
Restart the Server
Finally you need to restart the whole machine, go:
reboot