Self-Hosting Guide - openSUSE
This document describes the steps for a quick Jitsi-Meet installation, paired with a single Videobridge and a single Jicofo on openSUSE Leap 15.2.
Note: Many of the installation steps require root access.
Installation
- Add the OBS repository:
Note: When Jitsi-Meet is merged into openSUSE Factory, this will be obsolete.
zypper addrepo https://download.opensuse.org/repositories/home:/SchoolGuy:/jitsi/openSUSE_Leap_15.2/home:SchoolGuy:jitsi.repo
- Refresh the repositories:
zypper refresh
- Install Jitsi-Meet and its dependencies:
zypper install nginx prosody lua51-zlib jitsi-meet jitsi-videobridge jitsi-jicofo
optional Add-Ons
- Install the Jibri Add-On:
zypper install jitsi-jibri - Install the Jigasi Add-On:
zypper install jitsi-jigasi
Configuration
The following sections describe how to configure the different packages.
Replace <FQDN> with your domain name and YOURSECRET3 with a strong password.
Prosody
- Open and adjust the Prosody configuration file under
/etc/prosody/prosody.cfg.lua:
---------- Server-wide settings ----------
admins = { "focus@auth.<FQDN>" }
cross_domain_bosh = true;
modules_enabled = {
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
-- jitsi
"smacks";
"mam";
"lastactivity";
"offline";
"pubsub";
"adhoc";
"websocket";
"http_altconnect";
"compression";
}
- Create a new configuration file named
<FQDN>.cfg.luain/etc/prosody/conf.avail/with the following content:
/etc/prosody/conf.avail/meet.example.org.cfg.lua
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
-- As per https://prosody.im/doc/setting_up_bosh#proxying_requests
consider_bosh_secure = true
-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "<FQDN>";
turncredentials_secret = "YOURSECRET3";
turncredentials = {
{ type = "stun", host = "<FQDN>", port = "3478" },
{ type = "turn", host = "<FQDN>", port = "3478", transport = "udp" },
-- { type = "turns", host = "<FQDN>", port = "443", transport = "tcp" }
};
VirtualHost "<FQDN>"
authentication = "anonymous"
ssl = {
key = "/var/lib/prosody/<FQDN>.key";
certificate = "/var/lib/prosody/<FQDN>.crt";
}
speakerstats_component = "speakerstats.<FQDN>"
conference_duration_component = "conferenceduration.<FQDN>"
modules_enabled = {
"bosh";
"pubsub";
"speakerstats";
"turncredentials";
"conference_duration";
}
c2s_require_encryption = false
Component "conference.<FQDN>" "muc"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
}
admins = { "focus@auth.<FQDN>" }
muc_room_locking = false
muc_room_default_public_jids = true
-- internal muc component
Component "internal.auth.<FQDN>" "muc"
modules_enabled = {
"ping";
}
admins = { "focus@auth.<FQDN>" }
muc_room_locking = false
muc_room_default_public_jids = true
muc_room_cache_size = 1000
Component "jitsi-videobridge.<FQDN>"
component_secret = "YOURSECRET3"
VirtualHost "auth.<FQDN>"
ssl = {
key = "/var/lib/prosody/auth.<FQDN>.key";
certificate = "/var/lib/prosody/auth.<FQDN>.crt";
}
authentication = "internal_plain"
Component "focus.<FQDN>"
component_secret = "YOURSECRET3"
Component "speakerstats.<FQDN>" "speakerstats_component"
muc_component = "conference.<FQDN>"
Component "conferenceduration.<FQDN>" "conference_duration_component"
muc_component = "conference.<FQDN>"
Create a symlink for the configuration:
ln --symbolic /etc/prosody/conf.avail/<FQDN>.cfg.lua /etc/prosody/conf.d/<FQDN>.cfg.luaCreate the certificates via
prosodyctl cert generate <DOMAIN>.
The value<DOMAIN>represents the following URLs.* `auth.<FQDN>`
* `conference.<FQDN>`
* `conferenceduration.<FQDN>`
* `internal.auth.<FQDN>`
* `FQDN`
* `focus.<FQDN>`
* `jitsi-videobridge.<FQDN>`
* `callcontrol.<FQDN>` __Note:__ This is only needed if you deploy Jigasi
* `recorder.<FQDN>` __Note:__ This is only needed if you deploy Jibri/var/lib/prosody/: Symlink all generated*.crtand*.keyfiles to/etc/prosody/certs/.
note
Please do not link other certificates.
- Add the certificates to the system keystore:
ln --symbolic --force /var/lib/prosody/auth.<FQDN>.crt /usr/local/share/ca-certificates/auth.<FQDN>.crtupdate-ca-certificates --fresh
- Create conference focus user:
prosodyctl register focus auth.<FQDN> YOURSECRET3
Nginx
Edit the file jitsi-meet.conf in /etc/nginx/vhosts.d/ (which was installed
along with jitsi-meet) and do the following:
- Check the
server_namevalue. - Check the TLS certificates (Let's Encrypt for production use, Prosody for testing, for example).
Note: If you are using an existing server, please make sure to adjust the websocket and bosh part, too.
Jitsi-Meet
- Go to
/srv/jitsi-meetand editconfig.js:
/srv/jitsi-meet/config.js
var config = {
hosts: {
domain: '<FQDN>',
muc: 'conference.<FQDN>',
bridge: 'jitsi-videobridge.<FQDN>',
focus: 'focus.<FQDN>'
},
useNicks: false,
bosh: '//<FQDN>/http-bind',
};
Note: Please be aware that this is the minimal configuration.
Jitsi-Videobridge
Note: We use a combination of the new Videobridge configuration
and the legacy one with the sip-communicator.properties file. We have
to do this because of the STATISTICS_TRANSPORT property.
If we remove org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
from sip-communicator.properties, the videobridge will not work!
- Go to the directory
/etc/jitsi/videobridge - Edit the file
jitsi-videobridge.conf- Set
JVB_HOSTNAMEto your<FQDN>. - Set
JVB_SECRETto your own secret.
- Set
- Edit the file
application.confand adjust the values underapisandwebsockets, especially set a unique ID asmuc_nicknamewithuuidgenfor example.
apis {
xmpp-client {
configs {
xmpp-server-1 {
hostname="localhost"
domain = "auth.${FQDN}"
username = "focus"
password = "YOURSECRET3"
muc_jids = "JvbBrewery@internal.auth.${FQDN}"
# The muc_nickname must be unique across all jitsi-videobridge instances
muc_nickname = "unique-id"
disable_certificate_verification = true
}
}
}
}
websockets {
enabled=true
server-id="default-id"
domain="${FQDN}"
}
Jitsi-Jicofo
- Go to the directory
/etc/jitsi/jicofo - Edit the file
jitsi-jicofo.conf- Set the property
JICOFO_HOSTNAMEto<FQDN>. - Set the property
JICOFO_SECRETto the password the Prosody user got in above setup. - Set the property
JICOFO_AUTH_DOMAINtoauth.<FQDN>. - Set the property
JICOFO_AUTH_USERto the Prosody user from above setup.
- Set the property
- Edit the file
sip-cmmunicator.properties- Set the property
org.jitsi.jicofo.BRIDGE_MUCtoJvbBrewery@internal.auth.<FQDN>. - Set the property
org.jitsi.jicofo.jibri.BREWERYtoJibriBrewery@internal.auth.<FQDN>. - Depending on your cert setup set
org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLEDtotrueorfalse.
- Set the property
Add-On: Jitsi-Jibri
- Add to the file
/etc/prosody/conf.avail/<FQDN>.cfg.luathe following snippet at the end of the file.
VirtualHost "recorder.<FQDN>"
modules_enabled = {
"ping";
}
authentication = "internal_plain"
- Run
prosodyctl register jibri auth.<FQDN> YOURSECRET3and replaceYOURSECRET3with an appropiate one. prosodyctl register recorder recorder.<FQDN> YOURSECRET3and replaceYOURSECRET3with an appropiate one.- Go to the directory
/etc/jitsi/jibriand edit the following properties you see listed below. The rest can be left as is.
jibri{
api{
environments = [
{
xmpp-domain = "<FQDN>"
control-muc {
domain = "internal.<FQDN>"
}
control-login {
domain = "recorder.<FQDN>"
username = "recorder"
password = "YOURSECRET3"
}
call-login {
domain = "recorder.<FQDN>"
username = "recorder"
password = "YOURSECRET3"
}
}
]
}
}
- Edit the file
/etc/jitsi/jicofo/sip-communicator.propertiesand add the following properties:
org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.<FQDN>
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
- Edit the file
/srv/jitsi-meet/config.jsand set the following properties:
fileRecordingsEnabled: true, // If you want to enable file recording
liveStreamingEnabled: true, // If you want to enable live streaming
hiddenDomain: 'recorder.<FQDN>',
- Edit
/srv/jitsi-meet/interface_config.jsand make sure theTOOLBAR_BUTTONSarray contains therecordingand thelivestreamingvalue if you want those features.
TOOLBAR_BUTTONS: [
'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen',
'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
'tileview', 'videobackgroundblur', 'download', 'help', 'mute-everyone', 'security'
],
Add-On: Jitsi-Jigasi
Note from openSUSE packagers: We've packaged it but we don't have the infrastructure to set up this component. Hence we can't provide a guide for this so far.
Services
Now everything should be working. That means you are ready to start everything up:
systemctl start prosodysystemctl start jitsi-videbridgesystemctl start jitsi-jicofosystemctl start jitsi-jibri(if configured and installed beforehand)systemctl start jitsi-jigasi(if configured and installed beforehand)systemctl start nginx
Final notes
- The Jitsi Software has a lot of dependencies and thus we recommend to run this on a dedicated host for Jitsi.
- Updating Jitsi is crucial to get rid of bugs and updated dependencies with possible security fixes.
- Although tempted through Chrome: Don't install a full X11 stack like KDE or Gnome for this.
- Don't mix the
rpmsordebswith a source installation of the same component. - Securely backup your configuration, preferably in a VCS. This saves time and pain when doing rollbacks or dealing with other problems.