jiti-meet/INSTALL.md

6.9 KiB

Server Installation for Jitsi Meet

This describes configuring a server jitmeet.example.com. You will need to change references to that to match your host, and generate some passwords for YOURSECRET1 and YOURSECRET2.

There are also some complete example config files available, mentioned in each section.

Install prosody and otalk modules

echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list
wget --no-check-certificate https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -
apt-get update
apt-get install prosody-trunk
apt-get install git lua-zlib lua-sec-prosody lua-dbi-sqlite3 liblua5.1-bitop-dev liblua5.1-bitop0
git clone https://github.com/andyet/otalk-server.git
cd otalk-server
cp -r mod* /usr/lib/prosody/modules

Configure prosody

Modify the config file in /etc/prosody/prosody.cfg.lua (see also the example config file):

  • modules to enable/add: compression, bosh, smacks, carbons, mam, lastactivity, offline, pubsub, adhoc, websocket, http_altconnect
  • comment out: c2s_require_encryption = true, and s2s_secure_auth = false
  • change authentication = "internal_hashed"
  • add this:
daemonize = true
cross_domain_bosh = true;
storage = {archive2 = "sql2"}
sql = { driver = "SQLite3", database = "prosody.sqlite" }
default_archive_policy = "roster"
  • configure your domain by editing the example.com virtual host section section:
VirtualHost "jitmeet.example.com"
authentication = "anonymous"
ssl = {
    key = "/var/lib/prosody/jitmeet.example.com.key";
    certificate = "/var/lib/prosody/jitmeet.example.com.crt";
}
  • and finally configure components:
Component "conference.jitmeet.example.com" "muc"
Component "jitsi-videobridge.jitmeet.example.com"
    component_secret = "YOURSECRET1"

Generate certs for the domain:

prosodyctl cert generate jitmeet.example.com

Restart prosody XMPP server with the new config

prosodyctl restart

Install nginx

apt-get install nginx

Add nginx config for domain in /etc/nginx/nginx.conf:

tcp_nopush on;
types_hash_max_size 2048;
server_names_hash_bucket_size 64;

Add a new file jitmeet.example.com in /etc/nginx/sites-available (see also the example config file):

server {
    listen 80;
    server_name jitmeet.example.com;
    # set the root
    root /srv/jitmeet.example.com;
    index index.html;
    location ~ ^/([a-zA-Z0-9]+)$ {
        rewrite ^/(.*)$ / break;
    }
    # BOSH
    location /http-bind {
        proxy_pass      http://localhost:5280/http-bind;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }
    # xmpp websockets
    location /xmpp-websocket {
        proxy_pass http://localhost:5280;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        tcp_nodelay on;
    }
}

Add link for the added configuration

cd /etc/nginx/sites-enabled
ln -s ../sites-available/jitmeet.example.com jitmeet.example.com

Fix firewall if needed

ufw allow 80
ufw allow 5222

Install videobridge

wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-{arch-buildnum}.zip
unzip jitsi-videobridge-linux-{arch-buildnum}.zip

Install JRE if missing:

apt-get install default-jre

In the user home that will be starting the jitsi video bridge create .sip-communicator folder and add the file sip-communicator.properties with one line in it:

org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false

Start the videobrdige with:

./jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 &

Or autostart it by adding the line in /etc/rc.local:

/bin/bash /root/jitsi-videobridge-linux-{arch-buildnum}/jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 </dev/null >> /var/log/jvb.log 2>&1

Checkout and configure jitmeet:

cd /srv
git clone https://github.com/jitsi/jitsi-meet.git
mv jitsi-meet/ jitmeet.example.com

Edit host names in /srv/jitmeet.example.com/config.js (see also the example config file):

var config = {
    hosts: {
        domain: 'jitmeet.example.com',
        muc: 'conference.jitmeet.example.com',
        bridge: 'jitsi-videobridge.jitmeet.example.com'
    },
    useNicks: false,
    bosh: '//jitmeet.example.com/http-bind' // FIXME: use xep-0156 for that
    desktopSharing: 'false', // Desktop sharing method. Can be set to 'ext', 'webrtc' or false to disable.
    //chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension
    //minChromeExtVersion: '0.1' // Required version of Chrome extension
};

Restart nginx to get the new configuration:

invoke-rc.d nginx restart

Install Turn server

apt-get install make gcc
wget http://creytiv.com/pub/re-0.4.7.tar.gz
tar zxvf re-0.4.7.tar.gz
ln -s re-0.4.7 re
cd re-0.4.7
sudo make install PREFIX=/usr
cd ..
wget http://creytiv.com/pub/restund-0.4.2.tar.gz
wget https://raw.github.com/andyet/otalk-server/master/restund/restund-auth.patch
tar zxvf restund-0.4.2.tar.gz
cd restund-0.4.2/
patch -p1 < ../restund-auth.patch
sudo make install PREFIX=/usr
cp debian/restund.init /etc/init.d/restund
chmod +x /etc/init.d/restund
cd /etc
wget https://raw.github.com/andyet/otalk-server/master/restund/restund.conf

Configure addresses and ports as desired, and the password to be configured in prosody:

realm           jitmeet.example.com
# share this with your prosody server
auth_shared     YOURSECRET2

# modules
module_path     /usr/lib/restund/modules
turn_relay_addr [turn ip address]

Configure prosody to use it in /etc/prosody/prosody.cfg.lua. Add to your virtual host:

turncredentials_secret = "YOURSECRET2";
turncredentials = {
    { type = "turn", host = "turn.address.ip.configured", port = 3478, transport = "tcp" }
}

Add turncredentials module in the "modules_enabled" section

Reload prosody if needed

prosodyctl reload
telnet localhost 5582
module:reload("turncredentials", "jitmeet.example.com")
quit

Running behind NAT

In case of videobridge being installed on a machine behind NAT, add the following extra lines to the file ~/.sip-communicator/sip-communicator.properties (in the home of user running the videobridge):

org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>

So the file should look like this at the end:

org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>