6.9 KiB
Server Installation for Jitsi Meet
This describes configuring a server jitmeet.example.com
. You will need to
change references to that to match your host, and generate some passwords for
YOURSECRET1
and YOURSECRET2
.
There are also some complete example config files available, mentioned in each section.
Install prosody and otalk modules
echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list
wget --no-check-certificate https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -
apt-get update
apt-get install prosody-trunk
apt-get install git lua-zlib lua-sec-prosody lua-dbi-sqlite3 liblua5.1-bitop-dev liblua5.1-bitop0
git clone https://github.com/andyet/otalk-server.git
cd otalk-server
cp -r mod* /usr/lib/prosody/modules
Configure prosody
Modify the config file in /etc/prosody/prosody.cfg.lua
(see also the example config file):
- modules to enable/add: compression, bosh, smacks, carbons, mam, lastactivity, offline, pubsub, adhoc, websocket, http_altconnect
- comment out:
c2s_require_encryption = true
, ands2s_secure_auth = false
- change
authentication = "internal_hashed"
- add this:
daemonize = true
cross_domain_bosh = true;
storage = {archive2 = "sql2"}
sql = { driver = "SQLite3", database = "prosody.sqlite" }
default_archive_policy = "roster"
- configure your domain by editing the example.com virtual host section section:
VirtualHost "jitmeet.example.com"
authentication = "anonymous"
ssl = {
key = "/var/lib/prosody/jitmeet.example.com.key";
certificate = "/var/lib/prosody/jitmeet.example.com.crt";
}
- and finally configure components:
Component "conference.jitmeet.example.com" "muc"
Component "jitsi-videobridge.jitmeet.example.com"
component_secret = "YOURSECRET1"
Generate certs for the domain:
prosodyctl cert generate jitmeet.example.com
Restart prosody XMPP server with the new config
prosodyctl restart
Install nginx
apt-get install nginx
Add nginx config for domain in /etc/nginx/nginx.conf
:
tcp_nopush on;
types_hash_max_size 2048;
server_names_hash_bucket_size 64;
Add a new file jitmeet.example.com
in /etc/nginx/sites-available
(see also the example config file):
server {
listen 80;
server_name jitmeet.example.com;
# set the root
root /srv/jitmeet.example.com;
index index.html;
location ~ ^/([a-zA-Z0-9]+)$ {
rewrite ^/(.*)$ / break;
}
# BOSH
location /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# xmpp websockets
location /xmpp-websocket {
proxy_pass http://localhost:5280;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
tcp_nodelay on;
}
}
Add link for the added configuration
cd /etc/nginx/sites-enabled
ln -s ../sites-available/jitmeet.example.com jitmeet.example.com
Fix firewall if needed
ufw allow 80
ufw allow 5222
Install videobridge
wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-{arch-buildnum}.zip
unzip jitsi-videobridge-linux-{arch-buildnum}.zip
Install JRE if missing:
apt-get install default-jre
In the user home that will be starting the jitsi video bridge create .sip-communicator
folder and add the file sip-communicator.properties
with one line in it:
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
Start the videobrdige with:
./jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 &
Or autostart it by adding the line in /etc/rc.local
:
/bin/bash /root/jitsi-videobridge-linux-{arch-buildnum}/jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 </dev/null >> /var/log/jvb.log 2>&1
Checkout and configure jitmeet:
cd /srv
git clone https://github.com/jitsi/jitsi-meet.git
mv jitsi-meet/ jitmeet.example.com
Edit host names in /srv/jitmeet.example.com/config.js
(see also the example config file):
var config = {
hosts: {
domain: 'jitmeet.example.com',
muc: 'conference.jitmeet.example.com',
bridge: 'jitsi-videobridge.jitmeet.example.com'
},
useNicks: false,
bosh: '//jitmeet.example.com/http-bind' // FIXME: use xep-0156 for that
desktopSharing: 'false', // Desktop sharing method. Can be set to 'ext', 'webrtc' or false to disable.
//chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension
//minChromeExtVersion: '0.1' // Required version of Chrome extension
};
Restart nginx to get the new configuration:
invoke-rc.d nginx restart
Install Turn server
apt-get install make gcc
wget http://creytiv.com/pub/re-0.4.7.tar.gz
tar zxvf re-0.4.7.tar.gz
ln -s re-0.4.7 re
cd re-0.4.7
sudo make install PREFIX=/usr
cd ..
wget http://creytiv.com/pub/restund-0.4.2.tar.gz
wget https://raw.github.com/andyet/otalk-server/master/restund/restund-auth.patch
tar zxvf restund-0.4.2.tar.gz
cd restund-0.4.2/
patch -p1 < ../restund-auth.patch
sudo make install PREFIX=/usr
cp debian/restund.init /etc/init.d/restund
chmod +x /etc/init.d/restund
cd /etc
wget https://raw.github.com/andyet/otalk-server/master/restund/restund.conf
Configure addresses and ports as desired, and the password to be configured in prosody:
realm jitmeet.example.com
# share this with your prosody server
auth_shared YOURSECRET2
# modules
module_path /usr/lib/restund/modules
turn_relay_addr [turn ip address]
Configure prosody to use it in /etc/prosody/prosody.cfg.lua
. Add to your virtual host:
turncredentials_secret = "YOURSECRET2";
turncredentials = {
{ type = "turn", host = "turn.address.ip.configured", port = 3478, transport = "tcp" }
}
Add turncredentials module in the "modules_enabled" section
Reload prosody if needed
prosodyctl reload
telnet localhost 5582
module:reload("turncredentials", "jitmeet.example.com")
quit
Running behind NAT
In case of videobridge being installed on a machine behind NAT, add the following extra lines to the file ~/.sip-communicator/sip-communicator.properties
(in the home of user running the videobridge):
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>
So the file should look like this at the end:
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>