Skip to content
Install jitsi-meet with nginx and (optionally) certbot on Ubuntu with Ansible
Branch: master
Clone or download

Latest commit

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
defaults Add flag to disable server_names_hash_bucket_size modification Mar 23, 2020
handlers Finally Mar 16, 2020
meta Some fixes Mar 16, 2020
tasks Disable handler lint suggestion Mar 23, 2020
templates Put server_names_hash_bucket_size into global nginx.conf Mar 23, 2020
tests ansible-galaxy init Mar 16, 2020
vars Initial Scratch Mar 16, 2020
.travis.yml ansible-galaxy init Mar 16, 2020
LICENSE Some fixes Mar 16, 2020
README.md Fix Quick Install instructions Mar 23, 2020

README.md

jitsi_meet

An Ansible role to install Jitsi Meet.

Introduction

This is an Ansible role that installs Jitsi Meet with nginx as TLS terminating proxy and (optionally) a Let's Encrypt certificate (via certbot) on Ubuntu Bionic (18.04).

Requirements

  • A domain must point to your server in order to use Let's Encrypt
  • Your firewall must allow ports 80/tcp, 443/tcp, 4443/tcp, 10000/udp
    • If your server is behind a NAT, then make sure to forward these ports.

Role Variables

  • apt_mirror: On Ubuntu, universe must be enabled. This variable should indicate your system mirror. Defaults to http://archive.ubuntu.com/ubuntu
  • jitsi_domain: Under which domain will Jitsi be accessible. Must be a domain name if you intend to use Let's Encrypt. Can be an IP otherwise. Defaults to {{ inventory_hostname }}.
  • certbot_enabled: Whether to install certbot and request a certificate for {{ jitsi_domain }}. Defaults to false.
  • certbot_admin_email: Which email address to register for Let's Encrypt. Required if certbot_enabled=true. The email should exist. No default value.
  • jitsi_nat: Whether you're running jitsi meet behind a NAT. Defaults to false. If enabled, you must set jitsi_nat_local_ip and jitsi_nat_public_ip.
  • jitsi_nat_public_ip: The public IP of your jitsi meet host. Defaults to the IPv4 reported by ipify.
  • jitsi_nat_private_ip: The private IP of your jitsi meet host. Defaults to the IPv4 that Ansible considers to be the default for the host.
  • nginx_server_names_hash_bucket_size: The server_names_hash_bucket_size of nginx. Will be declared in the global nginx.conf if nginx_modify_server_names_hash_bucket_size is set to true. Defaults to 64.
  • nginx_modify_server_names_hash_bucket_size: Whether to change the value of server_names_hash_bucket_size in the global nginx.conf file. Defaults to true.

Also look at geerlingguy/ansible-role-certbot/.../defaults/main.yml for further configuration settings that are related to certbot.

Dependencies

Depends on the geerlingguy.certbot Ansible role for the Let's Encrypt / certbot tasks:

ansible-galaxy install geerlingguy.certbot

Quickstart

Install Ansible:

# on macOS with Homebrew
brew install ansible

# on Debian
sudo apt update
sudo apt install software-properties-common
sudo apt-add-repository --yes --update ppa:ansible/ansible
sudo apt install ansible

# or via Python / pip
sudo python3 -m pip install ansible

Setup a new server with Ubuntu 18.04 or get one on Digital Ocean, Vultr, Hetzner Cloud, Cloudscale, Azure, Google Cloud, AWS, ...

Make sure you can login via your SSH key:

ssh-copy-id ubuntu@my-jitsi-server.com
ssh ubuntu@my-jitsi-server.com

Create an inventory file:

# jitsi.ini
[jitsi]
my-jitsi-server.com jitsi_domain=my-jitsi-server.com certbot_admin_email=admin@my-jitsi-server.com

[jitsi:vars]
ansible_user=ubuntu
ansible_become=yes # set to `no` if you log in via root
apt_mirror=http://archive.ubuntu.com/ubuntu # change to the mirror you already use
certbot_enabled=yes
jitsi_nat=no # turn on if your server is behind a NAT.

Create a playbook file:

# jitsi.yml
- hosts: jitsi
  roles:
      - cimnine.jitsi_meet

Install the required dependencies:

ansible-galaxy install cimnine.jitsi_meet
ansible-galaxy install geerlingguy.certbot

Run the playbook file on the inventory:

# if `sudo` on your server does not require a password:
ansible-playbook -i jitsi.ini jitsi.yml

# or if `sudo` on your server requires a password:
ansible-playbook -K -i jitsi.ini jitsi.yml

Uninstall

The following commands help you to remove the installation. They might not completely remove every file, but it's enough to start again should you messed up something.

systemctl stop jitsi-videobridge
systemctl disable jitsi-videobridge
apt-get purge -y jigasi jitsi-meet jitsi-meet-web-config jitsi-meet-prosody jitsi-meet-web jicofo jitsi-videobridge

systemctl stop nginx
systemctl disable nginx
apt-get purge -y nginx nginx-common nginx-full

apt purge certbot

rm -rf /etc/jitsi /etc/nginx /etc/letsencrypt

crontab -e -u root

reboot

License

MIT

You can’t perform that action at this time.