Self-Hosting Guide - openSUSE
This document describes the steps for a quick Jitsi-Meet installation, paired with a single Videobridge and a single Jicofo on openSUSE Leap 15.2.
note
Many of the installation steps require root access.
Installation
- Add the OBS repository:
Note: When Jitsi-Meet is merged into openSUSE Factory, this will be obsolete.
zypper addrepo https://download.opensuse.org/repositories/home:/SchoolGuy:/jitsi/openSUSE_Leap_15.2/home:SchoolGuy:jitsi.repo
- Refresh the repositories:
zypper refresh
- Install Jitsi-Meet and its dependencies:
zypper install nginx prosody lua51-zlib jitsi-meet jitsi-videobridge jitsi-jicofo
optional Add-Ons
- Install the Jibri Add-On:
zypper install jitsi-jibri - Install the Jigasi Add-On:
zypper install jitsi-jigasi
Configuration
The following sections describe how to configure the different packages.
Replace <FQDN> with your domain name and YOURSECRET3 with a strong password.
Prosody
- Open and adjust the Prosody configuration file under
/etc/prosody/prosody.cfg.lua:
---------- Server-wide settings ----------
admins = { "focus@auth.<FQDN>" }
cross_domain_bosh = true;
modules_enabled = {
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
-- jitsi
"smacks";
"mam";
"lastactivity";
"offline";
"pubsub";
"adhoc";
"websocket";
"http_altconnect";
"compression";
}
- Create a new configuration file named
<FQDN>.cfg.luain/etc/prosody/conf.avail/with the following content:
/etc/prosody/conf.avail/meet.example.org.cfg.lua
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
-- As per https://prosody.im/doc/setting_up_bosh#proxying_requests
consider_bosh_secure = true
-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "<FQDN>";
turncredentials_secret = "YOURSECRET3";
turncredentials = {
{ type = "stun", host = "<FQDN>", port = "3478" },
{ type = "turn", host = "<FQDN>", port = "3478", transport = "udp" },
-- { type = "turns", host = "<FQDN>", port = "443", transport = "tcp" }
};
VirtualHost "<FQDN>"
authentication = "anonymous"
ssl = {
key = "/var/lib/prosody/<FQDN>.key";
certificate = "/var/lib/prosody/<FQDN>.crt";
}
speakerstats_component = "speakerstats.<FQDN>"
conference_duration_component = "conferenceduration.<FQDN>"
modules_enabled = {
"bosh";
"pubsub";
"speakerstats";
"turncredentials";
"conference_duration";
}
c2s_require_encryption = false
Component "conference.<FQDN>" "muc"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
}
admins = { "focus@auth.<FQDN>" }
muc_room_locking = false
muc_room_default_public_jids = true
-- internal muc component
Component "internal.auth.<FQDN>" "muc"
modules_enabled = {
"ping";
}
admins = { "focus@auth.<FQDN>" }
muc_room_locking = false
muc_room_default_public_jids = true
muc_room_cache_size = 1000
Component "jitsi-videobridge.<FQDN>"
component_secret = "YOURSECRET3"
VirtualHost "auth.<FQDN>"
ssl = {
key = "/var/lib/prosody/auth.<FQDN>.key";
certificate = "/var/lib/prosody/auth.<FQDN>.crt";
}
authentication = "internal_plain"
Component "focus.<FQDN>"
component_secret = "YOURSECRET3"
Component "speakerstats.<FQDN>" "speakerstats_component"
muc_component = "conference.<FQDN>"
Component "conferenceduration.<FQDN>" "conference_duration_component"
muc_component = "conference.<FQDN>"
-
Create a symlink for the configuration:
ln --symbolic /etc/prosody/conf.avail/<FQDN>.cfg.lua /etc/prosody/conf.d/<FQDN>.cfg.lua -
Create the certificates via
prosodyctl cert generate <DOMAIN>.
The value<DOMAIN>represents the following URLs.auth.<FQDN>conference.<FQDN>conferenceduration.<FQDN>internal.auth.<FQDN>FQDNfocus.<FQDN>jitsi-videobridge.<FQDN>callcontrol.<FQDN>Note: This is only needed if you deploy Jigasirecorder.<FQDN>Note: This is only needed if you deploy Jibri
-
/var/lib/prosody/: Symlink all generated*.crtand*.keyfiles to/etc/prosody/certs/.
note
Please do not link other certificates.
- Add the certificates to the system keystore:
ln --symbolic --force /var/lib/prosody/auth.<FQDN>.crt /usr/local/share/ca-certificates/auth.<FQDN>.crtupdate-ca-certificates --fresh
- Create conference focus user:
prosodyctl register focus auth.<FQDN> YOURSECRET3
Nginx
Edit the file jitsi-meet.conf in /etc/nginx/vhosts.d/ (which was installed
along with jitsi-meet) and do the following:
- Check the
server_namevalue. - Check the TLS certificates (Let's Encrypt for production use, Prosody for testing, for example).
Mobile apps
The jitsi mobile apps require a valid certificate signed by a trusted Certificate Authority, so if you don't have TLS configured, the mobile apps won't be able to connect to your jitsi instance.
note
If you are using an existing server, please make sure to adjust the websocket and bosh part, too.
Jitsi-Meet
- Go to
/srv/jitsi-meetand editconfig.js:
/srv/jitsi-meet/config.js
var config = {
hosts: {
domain: '<FQDN>',
muc: 'conference.<FQDN>',
bridge: 'jitsi-videobridge.<FQDN>',
focus: 'focus.<FQDN>'
},
useNicks: false,
bosh: '//<FQDN>/http-bind',
};
note
Please be aware that this is the minimal configuration.
Jitsi-Videobridge
note
We use a combination of the new Videobridge configuration
and the legacy one with the sip-communicator.properties file. We have
to do this because of the STATISTICS_TRANSPORT property.
If we remove org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
from sip-communicator.properties, the videobridge will not work!
- Go to the directory
/etc/jitsi/videobridge - Edit the file
jitsi-videobridge.conf- Set
JVB_HOSTNAMEto your<FQDN>. - Set
JVB_SECRETto your own secret.
- Set
- Edit the file
application.confand adjust the values underapisandwebsockets, especially set a unique ID asmuc_nicknamewithuuidgenfor example.
apis {
xmpp-client {
configs {
xmpp-server-1 {
hostname="localhost"
domain = "auth.${FQDN}"
username = "focus"
password = "YOURSECRET3"
muc_jids = "JvbBrewery@internal.auth.${FQDN}"
# The muc_nickname must be unique across all jitsi-videobridge instances
muc_nickname = "unique-id"
disable_certificate_verification = true
}
}
}
}
websockets {
enabled=true
server-id="default-id"
domain="${FQDN}"
}
Jitsi-Jicofo
- Go to the directory
/etc/jitsi/jicofo - Edit the file
jitsi-jicofo.conf- Set the property
JICOFO_HOSTNAMEto<FQDN>. - Set the property
JICOFO_SECRETto the password the Prosody user got in above setup. - Set the property
JICOFO_AUTH_DOMAINtoauth.<FQDN>. - Set the property
JICOFO_AUTH_USERto the Prosody user from above setup.
- Set the property
- Edit the file
sip-cmmunicator.properties- Set the property
org.jitsi.jicofo.BRIDGE_MUCtoJvbBrewery@internal.auth.<FQDN>. - Set the property
org.jitsi.jicofo.jibri.BREWERYtoJibriBrewery@internal.auth.<FQDN>. - Depending on your cert setup set
org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLEDtotrueorfalse.
- Set the property
Add-On: Jitsi-Jibri
- Add to the file
/etc/prosody/conf.avail/<FQDN>.cfg.luathe following snippet at the end of the file.
VirtualHost "recorder.<FQDN>"
modules_enabled = {
"ping";
}
authentication = "internal_plain"
- Run
prosodyctl register jibri auth.<FQDN> YOURSECRET3and replaceYOURSECRET3with an appropiate one. prosodyctl register recorder recorder.<FQDN> YOURSECRET3and replaceYOURSECRET3with an appropiate one.- Go to the directory
/etc/jitsi/jibriand edit the following properties you see listed below. The rest can be left as is.
jibri{
api{
environments = [
{
xmpp-domain = "<FQDN>"
control-muc {
domain = "internal.<FQDN>"
}
control-login {
domain = "recorder.<FQDN>"
username = "recorder"
password = "YOURSECRET3"
}
call-login {
domain = "recorder.<FQDN>"
username = "recorder"
password = "YOURSECRET3"
}
}
]
}
}
- Edit the file
/etc/jitsi/jicofo/sip-communicator.propertiesand add the following properties:
org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.<FQDN>
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
- Edit the file
/srv/jitsi-meet/config.jsand set the following properties:
fileRecordingsEnabled: true, // If you want to enable file recording
liveStreamingEnabled: true, // If you want to enable live streaming
hiddenDomain: 'recorder.<FQDN>',
- Edit
/srv/jitsi-meet/interface_config.jsand make sure theTOOLBAR_BUTTONSarray contains therecordingand thelivestreamingvalue if you want those features.
TOOLBAR_BUTTONS: [
'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen',
'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
'tileview', 'videobackgroundblur', 'download', 'help', 'mute-everyone', 'security'
],
Add-On: Jitsi-Jigasi
Note from openSUSE packagers:
We've packaged it but we don't have the infrastructure to set up this component. Hence we can't provide a guide for this so far.
Services
Now everything should be working. That means you are ready to start everything up:
systemctl start prosodysystemctl start jitsi-videbridgesystemctl start jitsi-jicofosystemctl start jitsi-jibri(if configured and installed beforehand)systemctl start jitsi-jigasi(if configured and installed beforehand)systemctl start nginx
Final notes
- The Jitsi Software has a lot of dependencies and thus we recommend to run this on a dedicated host for Jitsi.
- Updating Jitsi is crucial to get rid of bugs and updated dependencies with possible security fixes.
- Although tempted through Chrome: Don't install a full X11 stack like KDE or Gnome for this.
- Don't mix the
rpmsordebswith a source installation of the same component. - Securely backup your configuration, preferably in a VCS. This saves time and pain when doing rollbacks or dealing with other problems.