6.9 KiB
Server Installation for Jitsi Meet
This describes configuring a server jitmeet.example.com. You will need to
change references to that to match your host, and generate some passwords for
YOURSECRET1 and YOURSECRET2.
There are also some complete example config files available, mentioned in each section.
Install prosody and otalk modules
echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list
wget --no-check-certificate https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -
apt-get update
apt-get install prosody-trunk
apt-get install git lua-zlib lua-sec-prosody lua-dbi-sqlite3 liblua5.1-bitop-dev liblua5.1-bitop0
git clone https://github.com/andyet/otalk-server.git
cd otalk-server
cp -r mod* /usr/lib/prosody/modules
Configure prosody
Modify the config file in /etc/prosody/prosody.cfg.lua (see also the example config file):
- modules to enable/add: compression, bosh, smacks, carbons, mam, lastactivity, offline, pubsub, adhoc, websocket, http_altconnect
- comment out:
c2s_require_encryption = true, ands2s_secure_auth = false - change
authentication = "internal_hashed" - add this:
daemonize = true
cross_domain_bosh = true;
storage = {archive2 = "sql2"}
sql = { driver = "SQLite3", database = "prosody.sqlite" }
default_archive_policy = "roster"
- configure your domain by editing the example.com virtual host section section:
VirtualHost "jitmeet.example.com"
authentication = "anonymous"
ssl = {
key = "/var/lib/prosody/jitmeet.example.com.key";
certificate = "/var/lib/prosody/jitmeet.example.com.crt";
}
- and finally configure components:
Component "conference.jitmeet.example.com" "muc"
Component "jitsi-videobridge.jitmeet.example.com"
component_secret = "YOURSECRET1"
Generate certs for the domain:
prosodyctl cert generate jitmeet.example.com
Restart prosody XMPP server with the new config
prosodyctl restart
Install nginx
apt-get install nginx
Add nginx config for domain in /etc/nginx/nginx.conf:
tcp_nopush on;
types_hash_max_size 2048;
server_names_hash_bucket_size 64;
Add a new file jitmeet.example.com in /etc/nginx/sites-available (see also the example config file):
server {
listen 80;
server_name jitmeet.example.com;
# set the root
root /srv/jitmeet.example.com;
index index.html;
location ~ ^/([a-zA-Z0-9]+)$ {
rewrite ^/(.*)$ / break;
}
# BOSH
location /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# xmpp websockets
location /xmpp-websocket {
proxy_pass http://localhost:5280;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
tcp_nodelay on;
}
}
Add link for the added configuration
cd /etc/nginx/sites-enabled
ln -s ../sites-available/jitmeet.example.com jitmeet.example.com
Fix firewall if needed
ufw allow 80
ufw allow 5222
Install videobridge
wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-{arch-buildnum}.zip
unzip jitsi-videobridge-linux-{arch-buildnum}.zip
Install JRE if missing:
apt-get install default-jre
In the user home that will be starting the jitsi video bridge create .sip-communicator folder and add the file sip-communicator.properties with one line in it:
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
Start the videobrdige with:
./jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 &
Or autostart it by adding the line in /etc/rc.local:
/bin/bash /root/jitsi-videobridge-linux-{arch-buildnum}/jvb.sh --host=localhost --domain=jitmeet.example.com --port=5347 --secret=YOURSECRET1 </dev/null >> /var/log/jvb.log 2>&1
Checkout and configure jitmeet:
cd /srv
git clone https://github.com/jitsi/jitsi-meet.git
mv jitsi-meet/ jitmeet.example.com
Edit host names in /srv/jitmeet.example.com/config.js (see also the example config file):
var config = {
hosts: {
domain: 'jitmeet.example.com',
muc: 'conference.jitmeet.example.com',
bridge: 'jitsi-videobridge.jitmeet.example.com'
},
useNicks: false,
bosh: '//jitmeet.example.com/http-bind' // FIXME: use xep-0156 for that
desktopSharing: 'false', // Desktop sharing method. Can be set to 'ext', 'webrtc' or false to disable.
//chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension
//minChromeExtVersion: '0.1' // Required version of Chrome extension
};
Restart nginx to get the new configuration:
invoke-rc.d nginx restart
Install Turn server
apt-get install make gcc
wget http://creytiv.com/pub/re-0.4.7.tar.gz
tar zxvf re-0.4.7.tar.gz
ln -s re-0.4.7 re
cd re-0.4.7
sudo make install PREFIX=/usr
cd ..
wget http://creytiv.com/pub/restund-0.4.2.tar.gz
wget https://raw.github.com/andyet/otalk-server/master/restund/restund-auth.patch
tar zxvf restund-0.4.2.tar.gz
cd restund-0.4.2/
patch -p1 < ../restund-auth.patch
sudo make install PREFIX=/usr
cp debian/restund.init /etc/init.d/restund
chmod +x /etc/init.d/restund
cd /etc
wget https://raw.github.com/andyet/otalk-server/master/restund/restund.conf
Configure addresses and ports as desired, and the password to be configured in prosody:
realm jitmeet.example.com
# share this with your prosody server
auth_shared YOURSECRET2
# modules
module_path /usr/lib/restund/modules
turn_relay_addr [turn ip address]
Configure prosody to use it in /etc/prosody/prosody.cfg.lua. Add to your virtual host:
turncredentials_secret = "YOURSECRET2";
turncredentials = {
{ type = "turn", host = "turn.address.ip.configured", port = 3478, transport = "tcp" }
}
Add turncredentials module in the "modules_enabled" section
Reload prosody if needed
prosodyctl reload
telnet localhost 5582
module:reload("turncredentials", "jitmeet.example.com")
quit
Running behind NAT
In case of videobridge being installed on a machine behind NAT, add the following extra lines to the file ~/.sip-communicator/sip-communicator.properties (in the home of user running the videobridge):
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>
So the file should look like this at the end:
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>