Required knowledge

Terminology

Hostname: A hostname is the first part from the left of a FQDN (fully qualified domain name). For example of the FQDN savannah.gnu.org the hostname would be savannah.
TLD: TLD stands for top-level domain.
Domain: The part of a URL immediately before the TLD.
Subdomain: Any part (except for protocol, like https:// and similar) before the domain.

Jitsi Meet setup steps

(following the guide at https://www.scaleway.com/en/docs/setting-up-jitsi-meet-videoconferencing-on-debian-buster/)

Run the following commands to configure your hostname, corresponding to your subdomain and domain:

#+begin_src shell hostnamectl set-hostname jitsi sed --in-place='backup' 's/^127.0.1.1.*$/127.0.1.1 .. /g' /etc/hosts sed --in-place='backup' 's/^127.0.0.1.*$/127.0.0.1 localhost .. /g' /etc/hosts #+end_src

For <ALTERNATE-NAME> we are choosing jitsi.

This code does the following:

set the system's hostname to jitsi in /etc/hostname
uses sed to replace all occurrences of, which 127.0.1.1 followed by an arbitrary string, with 127.0.1.1 <SUBDOMAIN>.<DOMAIN>.<TLD> <ALTERNATE-NAME> in place (--in-place), meaning that the file is changed directly, instead of outputting to stdout, and creating backups with the suffix backup (--in-place='backup').
uses sed to replace all occurrences of, which 127.0.0.1 followed by an arbitrary string, with 127.0.0.1 localhost <SUBDOMAIN>.<DOMAIN>.<TLD> <ALTERNATE-NAME> in place (--in-place), meaning that the file is changed directly, instead of outputting to stdout, and creating backups with the suffix backup (--in-place='backup').

Update and upgrade system packges:

#+begin_src shell apt update && apt upgrade #+end_src

Install required system packages:

#+begin_src shell apt-get install lsb-release #+end_src

Install NGINX:

#+begin_src shell apt-get install --yes nginx systemctl start nginx.service systemctl enable nginx.service #+end_src

Add apt key of Jitsi:

#+begin_src shell wget --quiet --output-document - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - #+end_src

Add Jitsi repository to sources:

#+begin_src shell sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list" #+end_src

Update repositories:

#+begin_src shell apt-get update #+end_src

Install Jitsi Meet:

#+begin_src shell apt-get install --yes jitsi-meet #+end_src

Enter FQDN: <SUBDOMAIN>.<DOMAIN>.<TLD>

Choose self-signed certificate

Run letsencrypt script:

#+begin_src shell bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh #+end_src

Enter a valid e-mail address.

If the script finishes without errors, you should be able to visit your Jitsi Meet instance at <SUBDOMAIN>.<DOMAIN>.<TLD>.

Port forwarding

Run the following ufw commands:

sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw allow 10000/udp sudo ufw allow 22/tcp sudo ufw allow 3478/udp sudo ufw allow 5349/tcp sudo ufw enable

User management

Apparently user management is done via a tool named "prosody":

#+begin_quote Prosody is a modern XMPP communication server. It aims to be easy to set up and configure, and efficient with system resources. Additionally, for developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols. #+end_quote

(https://wiki.archlinux.org/index.php/Prosody)

Prosody is written in Lua and can apparently be configured and extended by editing Lua scripts and adding Lua scripts in specific directories, which Prosody knows about.

User creation

Initially user creation will not work:

#+begin_src shell prosodyctl register .. '' #+end_src

Will result in:

#+begin_src quote Error: Account creation/modification not supported. #+end_src

Without any explanation, why this might be the case.

To fix the problem with user creation, apparently one has to change the authentication method for users on the Jitsi Meet instance inside a configuration file:

config file: /etc/prosody/conf.avail/<FQDN>.cfg.lua

change it to be:

#+begin_src lua VirtualHost ".." -- enabled = false -- Remove this line to enable this host authentication = "internal_hashed" #+end_src

Add the following line to ~/etc/jitsi/jicofo/sip-communicator.properties~:

#+begin_src lua org.jitsi.jicofo.auth.URL=XMPP:.. #+end_src

Then register the user as tried before:

#+begin_src shell prosodyctl register .. '' #+end_src

Restart Jitsi stuff:

#+begin_src shell systemctl restart prosody systemctl restart jicofo systemctl restart jitsi-videobridge2 #+end_src

Change /etc/prosody/conf.avail/<SUBDOMAIN>.<DOMAIN>.<TLD>.cfg.lua to:

#+begin_src lua VirtualHost "guest..." authentication = "anonymous" modules_enabled = { "turncredentials"; } c2s_require_encryption = false #+end_src

Note, that you do not need to create a DNS record for the guest subdomain. The user guide says the following:

#+begin_quote Note that guest.jitsi-meet.example.com is internal to Jitsi, and you do not need to (and should not) create a DNS record for it, or generate an SSL/TLS certificate, or do any web server configuration. #+end_quote

(https://jitsi.github.io/handbook/docs/devops-guide/secure-domain)

Also change the config at /etc/jitsi/meet/<SUBDOMAIN>.<DOMAIN>.<TLD>-config.js to:

#+begin_src lua var config = { hosts: { domain: '..', anonymousdomain: 'guest...', ... }, ... } #+end_src

List all users

ls -l /var/lib/prosody/*/accounts/*

Configuration files

/etc/prosody/conf.avail/[your-hostname].cfg.lua
/etc/jitsi/meet/[your-hostname]-config.js
/etc/jitsi/jicofo/sip-communicator.properties

To do [0/4]

[ ] What does Jigasi do?
[ ] What exactly is SIP and how does it relate to XMPP and Gajim?
[ ] Is it possible to connect to my Jitsi-Meet instance using Gajim?
[ ] Do we need to up any limits?

#+begin_src shell # /etc/systemd/system.conf DefaultLimitNOFILE=65000 DefaultLimitNPROC=65000 DefaultTasksMax=65000 #+end_src

setup-jitsi-meet.org 6.7 KB Permalink Geschiedenis Ruwe