SDB:Jitsi
Jitsi is a secure, simple and scalable video conference application that you can use as a standalone app or embed in your web application.
It consists of the following components:
- Jitsi-Meet
- Jitsi-Videobridge
- Jitsi-Jicofo
- Jitsi-Jibri
- Jitsi-Jigasi
In the following you will find help for configuring the applications.
This document describes the steps for a quick Jitsi-Meet installation, paired with a single Videobridge and a single Jicofo on openSUSE Leap 15.2.
Note: Many of the installation steps require root access.
Installation
- Add the OBS repository:
Note: When Jitsi-Meet is merged into openSUSE Factory, this will be obsolete.zypper addrepo https://download.opensuse.org/repositories/home:/SchoolGuy:/jitsi/openSUSE_Leap_15.2/home:SchoolGuy:jitsi.repo
- Refresh the repositories:
zypper refresh
- Install Jitsi-Meet and its dependencies:
zypper install nginx prosody lua51-zlib jitsi-meet jitsi-videobridge jitsi-jicofo
optional Add-Ons
- Install the Jibri Add-On:
zypper install jitsi-jibri
- Install the Jigasi Add-On:
zypper install jitsi-jigasi
Configuration
The following sections describe how to configure the different packages.
Replace <FQDN>
with your domain name and YOURSECRET3
with a strong password.
Prosody
Open and adjust the Prosody configuration file under /etc/prosody/prosody.cfg.lua:
---------- Server-wide settings ---------- admins = { "focus@auth.<FQDN>" } cross_domain_bosh = true; component_ports = { 5347 } modules_enabled = { -- HTTP modules "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" -- jitsi "smacks"; "mam"; "lastactivity"; "offline"; "pubsub"; "adhoc"; "websocket"; "http_altconnect"; "compression"; }
Create a new configuration file named <FQDN>.cfg.lua in /etc/prosody/conf.avail/ with the following content:
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } -- As per https://prosody.im/doc/setting_up_bosh#proxying_requests consider_bosh_secure = true -- domain mapper options, must at least have domain base set to use the mapper muc_mapper_domain_base = "<FQDN>"; turncredentials_secret = "YOURSECRET3"; turncredentials = { { type = "stun", host = "<FQDN>", port = "3478" }, { type = "turn", host = "<FQDN>", port = "3478", transport = "udp" }, -- { type = "turns", host = "<FQDN>", port = "443", transport = "tcp" } }; VirtualHost "<FQDN>" authentication = "anonymous" ssl = { key = "/var/lib/prosody/<FQDN>.key"; certificate = "/var/lib/prosody/<FQDN>.crt"; } speakerstats_component = "speakerstats.<FQDN>" conference_duration_component = "conferenceduration.<FQDN>" modules_enabled = { "bosh"; "pubsub"; "speakerstats"; "turncredentials"; "conference_duration"; } c2s_require_encryption = false Component "conference.<FQDN>" "muc" modules_enabled = { "muc_meeting_id"; "muc_domain_mapper"; } admins = { "focus@auth.<FQDN>" } muc_room_locking = false muc_room_default_public_jids = true -- internal muc component Component "internal.auth.<FQDN>" "muc" modules_enabled = { "ping"; } admins = { "focus@auth.<FQDN>" } muc_room_locking = false muc_room_default_public_jids = true muc_room_cache_size = 1000 Component "jitsi-videobridge.<FQDN>" component_secret = "YOURSECRET3" VirtualHost "auth.<FQDN>" ssl = { key = "/var/lib/prosody/auth.<FQDN>.key"; certificate = "/var/lib/prosody/auth.<FQDN>.crt"; } authentication = "internal_plain" Component "focus.<FQDN>" component_secret = "YOURSECRET3" Component "speakerstats.<FQDN>" "speakerstats_component" muc_component = "conference.<FQDN>" Component "conferenceduration.<FQDN>" "conference_duration_component" muc_component = "conference.<FQDN>"
Create a symlink for the configuration:
ln --symbolic /etc/prosody/conf.avail/<FQDN>.cfg.lua /etc/prosody/conf.d/<FQDN>.cfg.lua
Create the certificates via prosodyctl cert generate <DOMAIN>
- The value <DOMAIN> represents the following URLs.
auth.<FQDN>
conference.<FQDN>
conferenceduration.<FQDN>
internal.auth.<FQDN>
FQDN
focus.<FQDN>
jitsi-videobridge.<FQDN>
callcontrol.<FQDN>
Note: This is only needed if you deploy Jigasirecorder.<FQDN>
Note: This is only needed if you deploy Jibri
Symlink all generated *.crt
and *.key
files from /var/lib/prosody/ to /etc/prosody/certs/.
Note: Please do not link other certificates.
Add the certificates to the system keystore:
ln --symbolic --force /var/lib/prosody/auth.<FQDN>.crt /usr/local/share/ca-certificates/auth.<FQDN>.crt update-ca-certificates --fresh
Create conference focus user:
prosodyctl register focus auth.<FQDN> YOURSECRET3
Nginx
Edit the file /etc/nginx/vhosts.d/jitsi-meet.conf (which was installed along with jitsi-meet
) and do the following:
- Check the
server_name
value. - Check the TLS certificates (Let's Encrypt for production use, Prosody for testing, for example).
Note: If you are using an existing server, please make sure to adjust the websocket and bosh part, too.
Jitsi-Meet
Edit the file /srv/jitsi-meet/config.js:
var config = { hosts: { domain: '<FQDN>', muc: 'conference.<FQDN>', bridge: 'jitsi-videobridge.<FQDN>', focus: 'focus.<FQDN>' }, useNicks: false, bosh: '//<FQDN>/http-bind', };
Note: Please be aware that this is the minimal configuration.
Jitsi-Videobridge
Note: We use a combination of the new Videobridge configuration and the legacy one with the sip-communicator.properties file. We have to do this because of the STATISTICS_TRANSPORT
property.
If we remove org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
from sip-communicator.properties, the videobridge will not work!
- Go to the directory /etc/jitsi/videobridge
- Edit the file jitsi-videobridge.conf
- Set
JVB_HOSTNAME
to your<FQDN>
. - Set
JVB_SECRET
to your own secret. - Edit the file application.conf and adjust the values under
apis
andwebsockets
, especially set a unique ID as muc_nickname with uuidgen for example.
apis { xmpp-client { configs { xmpp-server-1 { hostname="localhost" domain = "auth.${FQDN}" username = "focus" password = "YOURSECRET3" muc_jids = "JvbBrewery@internal.auth.${FQDN}" # The muc_nickname must be unique across all jitsi-videobridge instances muc_nickname = "unique-id" disable_certificate_verification = true } } } } websockets { enabled=true server-id="default-id" domain="${FQDN}" }
Jitsi-Jicofo
- Go to the directory /etc/jitsi/jicofo
- Edit the file jitsi-jicofo.conf
- Set the property
JICOFO_HOSTNAME
to<FQDN>
. - Set the property
JICOFO_SECRET
to the password the Prosody user got in above setup. - Set the property
JICOFO_AUTH_DOMAIN
toauth.<FQDN>
. - Set the property
JICOFO_AUTH_USER
to the Prosody user from above setup.
- Set the property
- Edit the file sip-cmmunicator.properties
- Set the property
org.jitsi.jicofo.BRIDGE_MUC
toJvbBrewery@internal.auth.<FQDN>
. - Set the property
org.jitsi.jicofo.jibri.BREWERY
toJibriBrewery@internal.auth.<FQDN>
. - Depending on your cert setup set
org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED
totrue
orfalse
.
- Set the property
Jitsi-Jibri
Edit the file /etc/prosody/conf.avail/<FQDN>.cfg.lua and the following snippet at the end of the file:
VirtualHost "recorder.<FQDN>" modules_enabled = { "ping"; } authentication = "internal_plain"
- Run
prosodyctl register jibri auth.<FQDN> YOURSECRET3
and replaceYOURSECRET3
with an appropiate one. - Run
prosodyctl register recorder recorder.<FQDN> YOURSECRET3
and replaceYOURSECRET3
with an appropriate one. - Go to the directory /etc/jitsi/jibri and edit the following properties you see listed below. The rest can be left as is.
jibri{ api{ environments = [ { xmpp-domain = "<FQDN>" control-muc { domain = "internal.<FQDN>" } control-login { domain = "recorder.<FQDN>" username = "recorder" password = "YOURSECRET3" } call-login { domain = "recorder.<FQDN>" username = "recorder" password = "YOURSECRET3" } } ] } }
Edit the file /etc/jitsi/jicofo/sip-communicator.properties and add the following properties:
org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.<FQDN> org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
Edit the file /srv/jitsi-meet/config.js and set the following properties:
fileRecordingsEnabled: true, // If you want to enable file recording liveStreamingEnabled: true, // If you want to enable live streaming hiddenDomain: 'recorder.<FQDN>',
Edit /srv/jitsi-meet/interface_config.js and make sure the TOOLBAR_BUTTONS
array contains the recording and the livestreaming value if you want those features.
TOOLBAR_BUTTONS: [ 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen', 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording', 'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand', 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts', 'tileview', 'videobackgroundblur', 'download', 'help', 'mute-everyone', 'security' ],
Jitsi-Jigasi
Note from openSUSE packagers: We've packaged it but we don't have the infrastructure to set up this component. Hence we can't provide a guide for this so far.
Services
Now everything should be working. That means you are ready to start everything up:
systemctl start prosody systemctl start jitsi-videbridge systemctl start jitsi-jicofo systemctl start jitsi-jibri (if configured and installed beforehand) systemctl start jitsi-jigasi (if configured and installed beforehand) systemctl start nginx
Final notes
- The Jitsi Software has a lot of dependencies and thus we recommend to run this on a dedicated host for Jitsi.
- Updating Jitsi is crucial to get rid of bugs and updated dependencies with possible security fixes.
- Although tempted through Chrome: Don't install a full X11 stack like KDE or Gnome for this.
- Don't mix the rpms or debs with a source installation of the same component.
- Securely backup your configuration, preferably in a VCS. This saves time and pain when doing rollbacks or dealing with other problems.