Permalink
Switch branches/tags
stable/jitsi-meet_3229 stable/jitsi-meet_3135 stable/jitsi-meet_2988 jitsi-meet_3346 jitsi-meet_3345 jitsi-meet_3344 jitsi-meet_3343 jitsi-meet_3342 jitsi-meet_3341 jitsi-meet_3340 jitsi-meet_3339 jitsi-meet_3338 jitsi-meet_3337 jitsi-meet_3336 jitsi-meet_3335 jitsi-meet_3334 jitsi-meet_3333 jitsi-meet_3332 jitsi-meet_3331 jitsi-meet_3330 jitsi-meet_3329 jitsi-meet_3328 jitsi-meet_3327 jitsi-meet_3326 jitsi-meet_3325 jitsi-meet_3324 jitsi-meet_3323 jitsi-meet_3322 jitsi-meet_3321 jitsi-meet_3320 jitsi-meet_3319 jitsi-meet_3318 jitsi-meet_3317 jitsi-meet_3316 jitsi-meet_3315 jitsi-meet_3314 jitsi-meet_3313 jitsi-meet_3312 jitsi-meet_3311 jitsi-meet_3310 jitsi-meet_3309 jitsi-meet_3308 jitsi-meet_3307 jitsi-meet_3306 jitsi-meet_3305 jitsi-meet_3304 jitsi-meet_3303 jitsi-meet_3302 jitsi-meet_3301 jitsi-meet_3300 jitsi-meet_3299 jitsi-meet_3298 jitsi-meet_3297 jitsi-meet_3296 jitsi-meet_3295 jitsi-meet_3294 jitsi-meet_3293 jitsi-meet_3292 jitsi-meet_3291 jitsi-meet_3290 jitsi-meet_3289 jitsi-meet_3288 jitsi-meet_3287 jitsi-meet_3286 jitsi-meet_3285 jitsi-meet_3284 jitsi-meet_3283 jitsi-meet_3282 jitsi-meet_3281 jitsi-meet_3280 jitsi-meet_3279 jitsi-meet_3278 jitsi-meet_3277 jitsi-meet_3276 jitsi-meet_3275 jitsi-meet_3274 jitsi-meet_3273 jitsi-meet_3272 jitsi-meet_3271 jitsi-meet_3270 jitsi-meet_3269 jitsi-meet_3268 jitsi-meet_3267 jitsi-meet_3266 jitsi-meet_3265 jitsi-meet_3264 jitsi-meet_3263 jitsi-meet_3262 jitsi-meet_3261 jitsi-meet_3260 jitsi-meet_3259 jitsi-meet_3258 jitsi-meet_3257 jitsi-meet_3256 jitsi-meet_3255 jitsi-meet_3254 jitsi-meet_3253 jitsi-meet_3252 jitsi-meet_3251 jitsi-meet_3250
Nothing to show
Find file Copy path
260 lines (220 sloc) 8.34 KB

Server Installation for Jitsi Meet

⚠️ WARNING: Manual installation is not recommended. We recommend following the quick-install document. The current document describes the steps that are needed to install a working deployment, but steps are easy to mess up, and the debian packages are more up-to-date, where this document sometimes is not updated to latest changes.

This describes configuring a server jitsi.example.com running Debian or a Debian Derivative. You will need to change references to that to match your host, and generate some passwords for YOURSECRET1, YOURSECRET2 and YOURSECRET3.

There are also some complete example config files available, mentioned in each section.

Network description

This is how the network looks:

                   +                           +
                   |                           |
                   |                           |
                   v                           |
                  443                          |
               +-------+                       |
               |       |                       |
               | NginX |                       |
               |       |                       |
               +--+-+--+                       |
                  | |                          |
+------------+    | |    +--------------+      |
|            |    | |    |              |      |
| jitsi-meet +<---+ +--->+ prosody/xmpp |      |
|            |files 5280 |              |      |
+------------+           +--------------+      v
                     5222,5347^    ^5347      4443
                +--------+    |    |    +-------------+
                |        |    |    |    |             |
                | jicofo +----^    ^----+ videobridge |
                |        |              |             |
                +--------+              +-------------+

Install prosody

apt-get install prosody

Configure prosody

Add config file in /etc/prosody/conf.avail/jitsi.example.com.cfg.lua :

  • add your domain virtual host section:
VirtualHost "jitsi.example.com"
    authentication = "anonymous"
    ssl = {
        key = "/var/lib/prosody/jitsi.example.com.key";
        certificate = "/var/lib/prosody/jitsi.example.com.crt";
    }
    modules_enabled = {
        "bosh";
        "pubsub";
    }
    c2s_require_encryption = false
  • add domain with authentication for conference focus user:
VirtualHost "auth.jitsi.example.com"
    ssl = {
        key = "/var/lib/prosody/auth.jitsi.example.com.key";
        certificate = "/var/lib/prosody/auth.jitsi.example.com.crt";
    }
    authentication = "internal_plain"
  • add focus user to server admins:
admins = { "focus@auth.jitsi.example.com" }
  • and finally configure components:
Component "conference.jitsi.example.com" "muc"
Component "jitsi-videobridge.jitsi.example.com"
    component_secret = "YOURSECRET1"
Component "focus.jitsi.example.com"
    component_secret = "YOURSECRET2"

Add link for the added configuration

ln -s /etc/prosody/conf.avail/jitsi.example.com.cfg.lua /etc/prosody/conf.d/jitsi.example.com.cfg.lua

Generate certs for the domain:

prosodyctl cert generate jitsi.example.com
prosodyctl cert generate auth.jitsi.example.com

Add auth.jitsi.example.com to the trusted certificates on the local machine:

ln -sf /var/lib/prosody/auth.jitsi.example.com.crt /usr/local/share/ca-certificates/auth.jitsi.example.com.crt
update-ca-certificates -f

Note that the -f flag is necessary if there are symlinks left from a previous installation.

Create conference focus user:

prosodyctl register focus auth.jitsi.example.com YOURSECRET3

Restart prosody XMPP server with the new config

prosodyctl restart

Install nginx

apt-get install nginx

Add a new file jitsi.example.com in /etc/nginx/sites-available (see also the example config file):

server_names_hash_bucket_size 64;

server {
    listen 443;
    # tls configuration that is not covered in this guide
    # we recommend the use of https://certbot.eff.org/
    server_name jitsi.example.com;
    # set the root
    root /srv/jitsi.example.com;
    index index.html;
    location ~ ^/([a-zA-Z0-9=\?]+)$ {
        rewrite ^/(.*)$ / break;
    }
    location / {
        ssi on;
    }
    # BOSH, Bidirectional-streams Over Synchronous HTTP
    # https://en.wikipedia.org/wiki/BOSH_(protocol)
    location /http-bind {
        proxy_pass      http://localhost:5280/http-bind;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }
}

Add link for the added configuration

cd /etc/nginx/sites-enabled
ln -s ../sites-available/jitsi.example.com jitsi.example.com

Install Jitsi Videobridge

wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-{arch-buildnum}.zip
unzip jitsi-videobridge-linux-{arch-buildnum}.zip

Install JRE if missing:

apt-get install default-jre

NOTE: When installing on older Debian releases keep in mind that you need JRE >= 1.7.

In the user home that will be starting Jitsi Videobridge create .sip-communicator folder and add the file sip-communicator.properties with one line in it:

org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false

Start the videobridge with:

./jvb.sh --host=localhost --domain=jitsi.example.com --port=5347 --secret=YOURSECRET1 &

Or autostart it by adding the line in /etc/rc.local:

/bin/bash /root/jitsi-videobridge-linux-{arch-buildnum}/jvb.sh --host=localhost --domain=jitsi.example.com --port=5347 --secret=YOURSECRET1 </dev/null >> /var/log/jvb.log 2>&1

Install Jitsi Conference Focus (jicofo)

Install JDK and Maven if missing:

apt-get install default-jdk maven

NOTE: When installing on older Debian releases keep in mind that you need JDK >= 1.7.

Clone source from Github repo:

git clone https://github.com/jitsi/jicofo.git

Build distribution package. Replace {os-name} with one of: 'lin', 'lin64', 'macosx', 'win', 'win64'.

cd jicofo
mvn package -DskipTests -Dassembly.skipAssembly=false

Run jicofo:

=======
unzip target/jicofo-{os-name}-1.0-SNAPSHOT.zip
cd jicofo-{os-name}-1.0-SNAPSHOT'
./jicofo.sh --host=localhost --domain=jitsi.example.com --secret=YOURSECRET2 --user_domain=auth.jitsi.example.com --user_name=focus --user_password=YOURSECRET3

Deploy Jitsi Meet

Checkout and configure Jitsi Meet:

cd /srv
git clone https://github.com/jitsi/jitsi-meet.git
mv jitsi-meet/ jitsi.example.com
npm install
make

Edit host names in /srv/jitsi.example.com/config.js (see also the example config file):

var config = {
    hosts: {
        domain: 'jitsi.example.com',
        muc: 'conference.jitsi.example.com',
        bridge: 'jitsi-videobridge.jitsi.example.com',
        focus: 'focus.jitsi.example.com'
    },
    useNicks: false,
    bosh: '//jitsi.example.com/http-bind', // FIXME: use xep-0156 for that
    //chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension
    //minChromeExtVersion: '0.1' // Required version of Chrome extension
};

Restart nginx to get the new configuration:

invoke-rc.d nginx restart

Running behind NAT

Jitsi-Videobridge can run behind a NAT, provided that all required ports are routed (forwarded) to the machine that it runs on. By default these ports are (TCP/443 or TCP/4443 and UDP 10000-20000).

The following extra lines need to be added the file ~/.sip-communicator/sip-communicator.properties (in the home directory of the user running the videobridge):

org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>

So the file should look like this at the end:

org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>

Hold your first conference

You are now all set and ready to have your first meet by going to http://jitsi.example.com

Enabling recording

Jibriis a set of tools for recording and/or streaming a Jitsi Meet conference.