From 26170676e10d80c0210798f079078d93d2a8ce93 Mon Sep 17 00:00:00 2001 From: Matthew Duggan Date: Wed, 16 Apr 2014 09:01:07 +0900 Subject: [PATCH 1/3] Install instructions in markdown format. --- INSTALL.md | 198 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 198 insertions(+) create mode 100644 INSTALL.md diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 000000000..2630c0939 --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,198 @@ +# Server Installation for jitmeet + +## Install prosody and otalk modules +```sh +echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list +wget --no-check-certificate https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add - +apt-get update +apt-get install prosody-trunk +apt-get install git lua-zlib lua-sec-prosody lua-dbi-sqlite3 liblua5.1-bitop-dev liblua5.1-bitop0 +git clone https://github.com/andyet/otalk-server.git +cd otalk-server +cp -r mod* /usr/lib/prosody/modules +``` + +## Configure prosody +Modify the config file in `/etc/prosody/prosody.cfg.lua`: +- modules to enable/add: compression, bosh, smacks3, smacks2, carbons, mam, lastactivity, offline, pubsub, adhoc, websocket, http_altconnect +- comment out: `c2s_require_encryption = true`, and `s2s_secure_auth = false` +- change `authentication = "internal_hashed"` +- add this: +``` +daemonize = true +cross_domain_bosh = true; +storage = {archive2 = "sql2"} +sql = { driver = "SQLite3", database = "prosody.sqlite" } +default_archive_policy = "roster" +``` +- configure your domain by editing the example.com virtual host section section: +``` +VirtualHost "jitmeet.example.com" +authentication = "anonymous" +ssl = { + key = "/var/lib/prosody/jitmeet.example.com.key"; + certificate = "/var/lib/prosody/jitmeet.example.com.crt"; +} +``` +- and finally configure components: +``` +Component "conference.jitmeet.example.com" "muc" +Component "jitsi-videobridge.jitmeet.example.com" + component_secret = "YOURSECRET1" +``` +- check the example config file, next to the document (prosody.cfg.lua) + +Generate certs for the domain: +```sh +prosodyctl cert generate jitmeet.example.com +``` + +## Install nginx +```sh +apt-get install nginx +``` + +Add nginx config for domain in `/etc/nginx/nginx.conf`: +``` +tcp_nopush on; +types_hash_max_size 2048; +server_names_hash_bucket_size 64; +``` + +Add a new file in /etc/nginx/sites-available (see the jitmeet.example.com file for example) +``` +server { + listen 80; + server_name jitmeet.example.com; + # set the root + root /srv/jitmeet.example.com; + index index.html; + location ~ ^/([a-zA-Z0-9]+)$ { + rewrite ^/(.*)$ / break; + } + # BOSH + location /http-bind { + proxy_pass http://localhost:5280/http-bind; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $http_host; + } + # xmpp websockets + location /xmpp-websocket { + proxy_pass http://localhost:5280; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + tcp_nodelay on; + } +} +``` + +Add link for the added configuration +```sh +cd /etc/nginx/sites-enabled +ln -s ../sites-available/jitmeet.example.com jitmeet.example.com +``` +check the example config files, next to the document (nginx.conf and jitmeet.example.com) + +## Fix firewall if needed +```sh +ufw allow 80 +ufw allow 5222 +``` + +## Install videobridge +```sh +wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-{arch-buildnum}.zip +unzip jitsi-videobridge-linux-{arch-buildnum}.zip +``` + +Install JRE if missing: +``` +apt-get install default-jre +``` + +In the user home that will be starting the jitsi video bridge create `.sip-communicator` folder and add the file `sip-communicator.properties` with one line in it: +``` +org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false +``` + +Start the videobrdige with: +```sh +./jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 & +``` +Or autostart it by adding the line in `/etc/rc.local`: +```sh +/bin/bash /root/jitsi-videobridge-linux-x64-74/jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 > /var/log/jvb.log 2>&1 +``` + +Checkout and configure jitmeet: +```sh +cd /srv +git clone https://github.com/jitsi/jitmeet.git +mv jitmeet/ jitmeet.example.com +``` + +Edit `/srv/jitmeet.example.com/config.js`: +``` +var config = { + hosts: { + domain: 'jitmeet.example.com', + muc: 'conference.jitmeet.example.com', + bridge: 'jitsi-videobridge.jitmeet.example.com' + }, + useNicks: false, + bosh: '//jitmeet.example.com/http-bind' // FIXME: use xep-0156 for that +}; +``` +check the example config file, next to the document (config.js) + + +## Install [Turn server](https://github.com/andyet/otalk-server/tree/master/restund) +```sh +apt-get install make gcc +wget http://creytiv.com/pub/re-0.4.7.tar.gz +tar zxvf re-0.4.7.tar.gz +ln -s re-0.4.7 re +cd re-0.4.7 +make install PREFIX=/usr +cd .. +wget http://creytiv.com/pub/restund-0.4.2.tar.gz +wget https://raw.github.com/andyet/otalk-server/master/restund/restund-auth.patch +tar zxvf restund-0.4.2.tar.gz +cd restund-0.4.2/ +patch -p1 < ../restund-auth.patch +make install PREFIX=/usr +cp debian/restund.init /etc/init.d/restund +chmod +x /etc/init.d/restund +cd /etc +wget https://raw.github.com/andyet/otalk-server/master/restund/restund.conf +``` + +Configure addresses and ports as desired, and the password to be configured in prosody: +``` +realm jitmeet.example.com +# share this with your prosody server +auth_shared YOURSECRET2 + +# modules +module_path /usr/lib/restund/modules +turn_relay_addr [turn ip address] +``` + +Configure prosody to use it in `/etc/prosody/prosody.cfg.lua`. Add to your virtual host: +``` +turncredentials_secret = "YOURSECRET2"; +turncredentials = { + { type = "turn", host = "turn.address.ip.configured", port = 80, transport = "tcp" } +} +``` + +Reload prosody if needed +``` +prosodyctl reload +telnet localhost 5582 +module:reload("turncredentials", "jitmeet.example.com") +quit +``` + From 5ed9914334737c35c81d11ecccc4bb7758ae82df Mon Sep 17 00:00:00 2001 From: Matthew Duggan Date: Wed, 16 Apr 2014 11:50:02 +0900 Subject: [PATCH 2/3] Update to match latest version of google doc instructions. --- INSTALL.md | 46 +++++++++++++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 2630c0939..d768c1446 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,5 +1,11 @@ # Server Installation for jitmeet +This describes configuring a server `jitmeet.example.com`. You will nedd to +change references to that to match your host, and generate some passwords for +`YOURSECRET1` and `YOURSECRET2`. + +There are also some complete [example config files](https://www.dropbox.com/sh/jgp4s8kp6xuyubr/5FACgJmqLD) available.. + ## Install prosody and otalk modules ```sh echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list @@ -40,13 +46,18 @@ Component "conference.jitmeet.example.com" "muc" Component "jitsi-videobridge.jitmeet.example.com" component_secret = "YOURSECRET1" ``` -- check the example config file, next to the document (prosody.cfg.lua) +- check the example config file, next to the document (`prosody.cfg.lua`) Generate certs for the domain: ```sh prosodyctl cert generate jitmeet.example.com ``` +Restart prosody XMPP server with the new config +```sh +prosodyctl restart +``` + ## Install nginx ```sh apt-get install nginx @@ -93,7 +104,7 @@ Add link for the added configuration cd /etc/nginx/sites-enabled ln -s ../sites-available/jitmeet.example.com jitmeet.example.com ``` -check the example config files, next to the document (nginx.conf and jitmeet.example.com) +check the example config files for more info. ## Fix firewall if needed ```sh @@ -123,7 +134,7 @@ Start the videobrdige with: ``` Or autostart it by adding the line in `/etc/rc.local`: ```sh -/bin/bash /root/jitsi-videobridge-linux-x64-74/jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 > /var/log/jvb.log 2>&1 +/bin/bash /root/jitsi-videobridge-linux-{arch-buildnum}/jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 > /var/log/jvb.log 2>&1 ``` Checkout and configure jitmeet: @@ -133,7 +144,7 @@ git clone https://github.com/jitsi/jitmeet.git mv jitmeet/ jitmeet.example.com ``` -Edit `/srv/jitmeet.example.com/config.js`: +Edit host names in `/srv/jitmeet.example.com/config.js`: ``` var config = { hosts: { @@ -143,10 +154,18 @@ var config = { }, useNicks: false, bosh: '//jitmeet.example.com/http-bind' // FIXME: use xep-0156 for that + desktopSharing: 'ext', // Desktop sharing method. Can be set to 'ext', 'webrtc' or false to disable. + chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension + minChromeExtVersion: '0.1' // Required version of Chrome extension }; ``` check the example config file, next to the document (config.js) +Restart nginx to get the new configuration: +```sh +invoke-rc.d nginx restart +``` + ## Install [Turn server](https://github.com/andyet/otalk-server/tree/master/restund) ```sh @@ -155,14 +174,14 @@ wget http://creytiv.com/pub/re-0.4.7.tar.gz tar zxvf re-0.4.7.tar.gz ln -s re-0.4.7 re cd re-0.4.7 -make install PREFIX=/usr +sudo make install PREFIX=/usr cd .. wget http://creytiv.com/pub/restund-0.4.2.tar.gz wget https://raw.github.com/andyet/otalk-server/master/restund/restund-auth.patch tar zxvf restund-0.4.2.tar.gz cd restund-0.4.2/ patch -p1 < ../restund-auth.patch -make install PREFIX=/usr +sudo make install PREFIX=/usr cp debian/restund.init /etc/init.d/restund chmod +x /etc/init.d/restund cd /etc @@ -184,7 +203,7 @@ Configure prosody to use it in `/etc/prosody/prosody.cfg.lua`. Add to your virt ``` turncredentials_secret = "YOURSECRET2"; turncredentials = { - { type = "turn", host = "turn.address.ip.configured", port = 80, transport = "tcp" } + { type = "turn", host = "turn.address.ip.configured", port = 3478, transport = "tcp" } } ``` @@ -196,3 +215,16 @@ module:reload("turncredentials", "jitmeet.example.com") quit ``` +## Running behind NAT +In case of videobridge being installed on a machine behind NAT, add the following extra lines to the file `~/.sip-communicator/sip-communicator.properties` (in the home of user running the videobridge): +``` +org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS= +org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS= +``` + +So the file should look like this at the end: +``` +org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false +org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS= +org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS= +``` From 92fdbdc5de1f234b5549409a7e1abdb7bda10693 Mon Sep 17 00:00:00 2001 From: Matthew Duggan Date: Wed, 16 Apr 2014 12:04:42 +0900 Subject: [PATCH 3/3] Make references to example config files more consistent --- INSTALL.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index d768c1446..410e844ba 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -4,7 +4,7 @@ This describes configuring a server `jitmeet.example.com`. You will nedd to change references to that to match your host, and generate some passwords for `YOURSECRET1` and `YOURSECRET2`. -There are also some complete [example config files](https://www.dropbox.com/sh/jgp4s8kp6xuyubr/5FACgJmqLD) available.. +There are also some complete [example config files](https://www.dropbox.com/sh/jgp4s8kp6xuyubr/5FACgJmqLD) available, mentioned in each section. ## Install prosody and otalk modules ```sh @@ -19,7 +19,8 @@ cp -r mod* /usr/lib/prosody/modules ``` ## Configure prosody -Modify the config file in `/etc/prosody/prosody.cfg.lua`: +Modify the config file in `/etc/prosody/prosody.cfg.lua` (see also the example config file): + - modules to enable/add: compression, bosh, smacks3, smacks2, carbons, mam, lastactivity, offline, pubsub, adhoc, websocket, http_altconnect - comment out: `c2s_require_encryption = true`, and `s2s_secure_auth = false` - change `authentication = "internal_hashed"` @@ -46,7 +47,6 @@ Component "conference.jitmeet.example.com" "muc" Component "jitsi-videobridge.jitmeet.example.com" component_secret = "YOURSECRET1" ``` -- check the example config file, next to the document (`prosody.cfg.lua`) Generate certs for the domain: ```sh @@ -70,7 +70,7 @@ types_hash_max_size 2048; server_names_hash_bucket_size 64; ``` -Add a new file in /etc/nginx/sites-available (see the jitmeet.example.com file for example) +Add a new file `jitmeet.example.com` in `/etc/nginx/sites-available` (see also the example config file): ``` server { listen 80; @@ -104,7 +104,6 @@ Add link for the added configuration cd /etc/nginx/sites-enabled ln -s ../sites-available/jitmeet.example.com jitmeet.example.com ``` -check the example config files for more info. ## Fix firewall if needed ```sh @@ -144,7 +143,7 @@ git clone https://github.com/jitsi/jitmeet.git mv jitmeet/ jitmeet.example.com ``` -Edit host names in `/srv/jitmeet.example.com/config.js`: +Edit host names in `/srv/jitmeet.example.com/config.js` (see also the example config file): ``` var config = { hosts: { @@ -159,7 +158,6 @@ var config = { minChromeExtVersion: '0.1' // Required version of Chrome extension }; ``` -check the example config file, next to the document (config.js) Restart nginx to get the new configuration: ```sh