Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
software:jitsi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:jitsi [2020/04/11 15:22] rodolicosoftware:jitsi [2021/07/27 02:06] (current) rodolico
Line 3: Line 3:
 Just some notes for me, but may be useful for others. Just some notes for me, but may be useful for others.
  
-Jitsi is a video bridge server. It allows two or more users to do video chat. It uses Prosody for an XMPP chat also, and appears to use Prosody for authentication.+Jitsi is a video bridge server. It allows two or more users to do video chat. It uses [[software:prosody|Prosody]] for an XMPP chat also, and appears to use Prosody for authentication. It can be run in a standard web browser, though it is much better on Chrome/Chromium based browsers (FireFox is supported, but may have some weirdness). 
 + 
 +===== Backing up ===== 
 + 
 +You can back up lots of stuff, but the important part is /etc/prosody, /etc/jitsi and the location of the XMPP config files. Jitsi uses prosody, an XMPP server, for authentication. 
 + 
 +The XMPP user configuration files are in /var/lib/prosody under a URL encoded directory name the same as your server. Assuming your server name is //jitsi.example.com//, the directory is /var/lib/prosody/jitsi%20example%20com. Replace this with your REAL server name to back up. /path/to/backup is wherever you want to back up to. 
 +  * /var/lib/prosody/jitsi%20example%20com/accounts contains all of the accounts you have 
 +  * /var/lib/prosody/jitsi%20example%20com/roster is the linkage, ie the list of "buddies" amongst the accounts. 
 +<code bash> 
 +mkdir -p /path/to/backup/etc 
 +cp -av /etc/prosody /etc/jitsi /path/to/backup/etc 
 +mkdir -p /path/to/backup/varlib 
 +cp -av  /var/lib/prosody/jitsi%20example%20com/accounts /var/lib/prosody/jitsi%20example%20com/roster /path/to/backup/varlib 
 +</code> 
 + 
 +===== Installation ====== 
 + 
 +For Devuan and other Debian derivatives, I do this. I use apache since I'm used to it. If you do not have a web server installed, the following will install nginx since it is lighter weight. certbot is also very useful so you can get real SSL certs, and jitsi has a script that will set that up also. 
 + 
 +You MUST have a DNS A record set to your server before doing any of this. A CNAME may work, but I always put in an A record. 
 + 
 +<code bash> 
 +# Add the repo 
 +wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - 
 +echo deb https://download.jitsi.org stable/ > /etc/apt/sources.list.d/jitsi-stable.list 
 +apt update 
 +# Do the installation 
 +# get the web server and certbot installed and configured 
 +apt -y install apache2 certbot 
 +# make sure everything works 
 +# the jitsi-meet package will install everything needed 
 +# you will be asked for server name (your A record) 
 +# you will also be asked if you want a self signed SSL cert, choose that and we'll replace it  
 +# with certbot later 
 +apt -y install jitsi-meet  
 +# now, run the script to to the certbot setup 
 +/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh 
 +</code> 
 + 
 +===== Configure ===== 
 + 
 +Finally, we need to make some configuration file changes. Again, replace jitsi.example.com with your server name. In the code below, a minus sign means "find and remove this line" and a plus sign means "add this line"
 + 
 +====/etc/prosody/conf.avail/jitsi.example.com.cfg.lua==== 
 +<code> 
 +- authentication = "anonymous" 
 ++ authentication = "internal_plain" 
 +</code> 
 + 
 +<code bash> 
 +# add a block for guest at bottom of the file 
 +echo 'VirtualHost "guest.jitsi.example.com"' >> /etc/prosody/conf.avail/jitsi.example.com.cfg.lua 
 +echo '    authentication = "anonymous"' >> /etc/prosody/conf.avail/jitsi.example.com.cfg.lua 
 +echo '    c2s_require_encryption = false' >> /etc/prosody/conf.avail/jitsi.example.com.cfg.lua 
 +</code> 
 + 
 +====/etc/jitsi/meet/jitsi.example.com-config.js==== 
 +<code> 
 +- // anonymousdomain: 'guest.jitsi.example.com', 
 ++ anonymousdomain: 'guest.jitsi.example.com', 
 +</code> 
 + 
 +<code bash> 
 +# add this line to sip-communicator.properties 
 +echo 'org.jitsi.jicofo.auth.URL=XMPP:jitsi.example.com' >> /etc/jitsi/jicofo/sip-communicator.properties 
 +</code> 
 + 
 +<code bash> 
 +# add your first user, in this case, user1 with a password of Password 
 +prosodyctl register user1 jitsi.example.com Password 
 +</code> 
 + 
 +====/etc/letsencrypt/renewal-hooks/deploy/prosody.sh==== 
 + 
 +This file is a hook that will update prosody's SSL cert when certbot updates the main cert. If it does not exist, run the following. 
 +<code bash> 
 +# DO NOT RUN unless /etc/letsencrypt/renewal-hooks/deploy/prosody.sh does not exist 
 +echo '#!/bin/sh' > /etc/letsencrypt/renewal-hooks/deploy/prosody.sh 
 +echo '/usr/bin/prosodyctl --root cert import /etc/letsencrypt/live' >> /etc/letsencrypt/renewal-hooks/deploy/prosody.sh 
 +chmod 700 /etc/letsencrypt/renewal-hooks/deploy/prosody.sh 
 +</code> 
 + 
 +Now, finally, we run it one time to get prosody updated. After this, it will run after a new SSL cert is created automatically 
 +<code bash> 
 +/etc/letsencrypt/renewal-hooks/deploy/prosody.sh 
 +</code> 
 + 
 +==== restart everything ==== 
 +<code bash> 
 +service prosody restart 
 +service jicofo restart 
 +service jitsi-videobridge2 restart 
 +</code>
  
 ===== Quick Notes ===== ===== Quick Notes =====
 +
 +==== Uninstall ====
 +
 +Note: most of the time you do not need to remove prosody, so I put that on a separate line. If you do remove prosody, be sure to back up /var/lib/prosody first, or you'll have to add all your users.
 +<code bash>
 +apt purge jigasi jitsi-meet jitsi-meet-web-config jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jicofo jitsi-videobridge2
 +apt purge prosody # only if you really, really need to
 +apt autoremove
 +</code>
 +
 +==== Can't create an XMPP room ====
 +
 +By default, jitsi does not allow you to create new rooms in when you are using it for straight XMPP. In this case, edit the file **/etc/prosody/conf.avail/jitsi.example.com**
 +  - Find line similar to //Component "conference.jitsi.example.com"//
 +  - find line under that //restrict_room_creation = true//
 +  - change 'true' to 'false'
 +  - restart everything
 +
  
 ==== Location of authentication files ==== ==== Location of authentication files ====
 User authentication file (plain text, so don't trust it) User authentication file (plain text, so don't trust it)
 <code> <code>
-/var/lib/prosody/server%2ename%2edomain/accounts+/var/lib/prosody/jitsi%2eexample%2ecom/accounts
 </code> </code>
 Basically, the server name with the dots replaced with %2e Basically, the server name with the dots replaced with %2e
Line 37: Line 148:
     - File transfer Proxy: I still leave at proxy.eu.jabber.ord, but looks like we can set it to the same machine if we add a module.     - File transfer Proxy: I still leave at proxy.eu.jabber.ord, but looks like we can set it to the same machine if we add a module.
  
 +===== Client Software =====
 +
 +In addition to using a web browser, there is client software for Windows, Linux and OS/X. There are also apps for Android and IOS which can be downloaded from their respective stores.
 +
 +For workstations, there are two types of programs; a "normal" one and an AppImage one.
 +
 +==== Standard Workstation Program ====
 +
 +Standard installers can be downloaded from https://desktop.jitsi.org/Main/Download.html. Note that I had issues with the Linux version (Debian specifically). Using this will install the program globally, so all users on a system can run the program. It requires administrator privileges to install.
 +
 +==== AppImage ====
 +
 +An AppImage is a way of packaging a program that does not use an installer. Instead, it includes all of the libraries, etc... in its one package. For this reason, you do not need administrator privileges, and removing a program is mainly a matter of deleting a file. When I had the issue with the standard Debian image, I tried the AppImage copy and it ran just fine.
 +
 +AppImage's for Jitsi Desktop can be found at https://appimage.github.io/jitsi-meet/
 +
 +==== Android ====
 +
 +While the jitsi app is available in the standard Android Store, a better way of doing it is to install f-droid (https://f-droid.org). This is a repository of true open source software for the Android. Installing F-Droid is a little complex, but instructions are on their site. Once installed, you have access to free and open source Android apps that do not spy on you, or track your information. And, in many cases, there are alternative versions of commercial apps for Android in F-Droid which are better than the paid versions.
 +
 +==== IOS ====
  
 +Apple is not known for being open, though their operating system, like Android, is based on open source software. I, personally, do not own an iPhone or iPad, so I **can not and do not recommend the following** strictly because I don't know. However, it appears something similar to F-Droid exists. Check out https://aptoideapkx.com/f-droid-for-ios/, but do your own research before you install it on your device.
  
 ===== Links ===== ===== Links =====
Line 45: Line 178:
   * https://github.com/jitsi/jicofo#secure-domain   * https://github.com/jitsi/jicofo#secure-domain
   * https://dev.to/noandrea/self-hosted-jitsi-server-with-authentication-ie7   * https://dev.to/noandrea/self-hosted-jitsi-server-with-authentication-ie7
 +  * https://f-droid.org
 +  * https://desktop.jitsi.org/Main/Download.html
 +  * https://appimage.github.io/jitsi-meet/
 +  * https://prosody.im/doc/letsencrypt
 +  * https://www.digitalocean.com/community/tutorials/how-to-install-jitsi-meet-on-ubuntu-20-04
 +  * https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
 +  * 
software/jitsi.1586636527.txt.gz · Last modified: 2020/04/11 15:22 by rodolico