Self-Hosting Guide - openSUSE
This document describes the steps for a quick Jitsi-Meet installation, paired with a single Videobridge and a single Jicofo on openSUSE Leap 15.2.
Many of the installation steps require root access.
Installation
- Add the OBS repository:
Note: When Jitsi-Meet is merged into openSUSE Factory, this will be obsolete.
zypper addrepo https://download.opensuse.org/repositories/home:/SchoolGuy:/jitsi/openSUSE_Leap_15.2/home:SchoolGuy:jitsi.repo
- Refresh the repositories:
zypper refresh
- Install Jitsi-Meet and its dependencies:
zypper install nginx prosody lua51-zlib jitsi-meet jitsi-videobridge jitsi-jicofo
optional Add-Ons
- Install the Jibri Add-On:
zypper install jitsi-jibri
- Install the Jigasi Add-On:
zypper install jitsi-jigasi
Configuration
The following sections describe how to configure the different packages.
Replace <FQDN>
with your domain name and YOURSECRET3
with a strong password.
Prosody
- Open and adjust the Prosody configuration file under
/etc/prosody/prosody.cfg.lua
:
---------- Server-wide settings ----------
admins = { "focus@auth.<FQDN>" }
cross_domain_bosh = true;
modules_enabled = {
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
-- jitsi
"smacks";
"mam";
"lastactivity";
"offline";
"pubsub";
"adhoc";
"websocket";
"http_altconnect";
"compression";
}
- Create a new configuration file named
<FQDN>.cfg.lua
in/etc/prosody/conf.avail/
with the following content:
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
-- As per https://prosody.im/doc/setting_up_bosh#proxying_requests
consider_bosh_secure = true
-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "<FQDN>";
turncredentials_secret = "YOURSECRET3";
turncredentials = {
{ type = "stun", host = "<FQDN>", port = "3478" },
{ type = "turn", host = "<FQDN>", port = "3478", transport = "udp" },
-- { type = "turns", host = "<FQDN>", port = "443", transport = "tcp" }
};
VirtualHost "<FQDN>"
authentication = "anonymous"
ssl = {
key = "/var/lib/prosody/<FQDN>.key";
certificate = "/var/lib/prosody/<FQDN>.crt";
}
speakerstats_component = "speakerstats.<FQDN>"
conference_duration_component = "conferenceduration.<FQDN>"
modules_enabled = {
"bosh";
"pubsub";
"speakerstats";
"turncredentials";
"conference_duration";
}
c2s_require_encryption = false
Component "conference.<FQDN>" "muc"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
}
admins = { "focus@auth.<FQDN>" }
muc_room_locking = false
muc_room_default_public_jids = true
-- internal muc component
Component "internal.auth.<FQDN>" "muc"
modules_enabled = {
"ping";
}
admins = { "focus@auth.<FQDN>" }
muc_room_locking = false
muc_room_default_public_jids = true
muc_room_cache_size = 1000
Component "jitsi-videobridge.<FQDN>"
component_secret = "YOURSECRET3"
VirtualHost "auth.<FQDN>"
ssl = {
key = "/var/lib/prosody/auth.<FQDN>.key";
certificate = "/var/lib/prosody/auth.<FQDN>.crt";
}
authentication = "internal_plain"
Component "focus.<FQDN>"
component_secret = "YOURSECRET3"
Component "speakerstats.<FQDN>" "speakerstats_component"
muc_component = "conference.<FQDN>"
Component "conferenceduration.<FQDN>" "conference_duration_component"
muc_component = "conference.<FQDN>"
-
Create a symlink for the configuration:
ln --symbolic /etc/prosody/conf.avail/<FQDN>.cfg.lua /etc/prosody/conf.d/<FQDN>.cfg.lua
-
Create the certificates via
prosodyctl cert generate <DOMAIN>
.
The value<DOMAIN>
represents the following URLs.auth.<FQDN>
conference.<FQDN>
conferenceduration.<FQDN>
internal.auth.<FQDN>
FQDN
focus.<FQDN>
jitsi-videobridge.<FQDN>
callcontrol.<FQDN>
Note: This is only needed if you deploy Jigasirecorder.<FQDN>
Note: This is only needed if you deploy Jibri
-
/var/lib/prosody/
: Symlink all generated*.crt
and*.key
files to/etc/prosody/certs/
.
Please do not link other certificates.
- Add the certificates to the system keystore:
ln --symbolic --force /var/lib/prosody/auth.<FQDN>.crt /usr/local/share/ca-certificates/auth.<FQDN>.crt
update-ca-certificates --fresh
- Create conference focus user:
prosodyctl register focus auth.<FQDN> YOURSECRET3
Nginx
Edit the file jitsi-meet.conf
in /etc/nginx/vhosts.d/
(which was installed
along with jitsi-meet
) and do the following:
- Check the
server_name
value. - Check the TLS certificates (Let's Encrypt for production use, Prosody for testing, for example).
The jitsi mobile apps require a valid certificate signed by a trusted Certificate Authority, so if you don't have TLS configured, the mobile apps won't be able to connect to your jitsi instance.
If you are using an existing server, please make sure to adjust the websocket and bosh part, too.
Jitsi-Meet
- Go to
/srv/jitsi-meet
and editconfig.js
:
var config = {
hosts: {
domain: '<FQDN>',
muc: 'conference.<FQDN>',
bridge: 'jitsi-videobridge.<FQDN>',
focus: 'focus.<FQDN>'
},
useNicks: false,
bosh: '//<FQDN>/http-bind',
};
Please be aware that this is the minimal configuration.
Jitsi-Videobridge
We use a combination of the new Videobridge configuration
and the legacy one with the sip-communicator.properties
file. We have
to do this because of the STATISTICS_TRANSPORT
property.
If we remove org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
from sip-communicator.properties
, the videobridge will not work!
- Go to the directory
/etc/jitsi/videobridge
- Edit the file
jitsi-videobridge.conf
- Set
JVB_HOSTNAME
to your<FQDN>
. - Set
JVB_SECRET
to your own secret.
- Set
- Edit the file
application.conf
and adjust the values underapis
andwebsockets
, especially set a unique ID asmuc_nickname
withuuidgen
for example.
apis {
xmpp-client {
configs {
xmpp-server-1 {
hostname="localhost"
domain = "auth.${FQDN}"
username = "focus"
password = "YOURSECRET3"
muc_jids = "JvbBrewery@internal.auth.${FQDN}"
# The muc_nickname must be unique across all jitsi-videobridge instances
muc_nickname = "unique-id"
disable_certificate_verification = true
}
}
}
}
websockets {
enabled=true
server-id="default-id"
domain="${FQDN}"
}
Jitsi-Jicofo
- Go to the directory
/etc/jitsi/jicofo
- Edit the file
jitsi-jicofo.conf
- Set the property
JICOFO_HOSTNAME
to<FQDN>
. - Set the property
JICOFO_SECRET
to the password the Prosody user got in above setup. - Set the property
JICOFO_AUTH_DOMAIN
toauth.<FQDN>
. - Set the property
JICOFO_AUTH_USER
to the Prosody user from above setup.
- Set the property
- Edit the file
sip-cmmunicator.properties
- Set the property
org.jitsi.jicofo.BRIDGE_MUC
toJvbBrewery@internal.auth.<FQDN>
. - Set the property
org.jitsi.jicofo.jibri.BREWERY
toJibriBrewery@internal.auth.<FQDN>
. - Depending on your cert setup set
org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED
totrue
orfalse
.
- Set the property
Add-On: Jitsi-Jibri
- Add to the file
/etc/prosody/conf.avail/<FQDN>.cfg.lua
the following snippet at the end of the file.
VirtualHost "recorder.<FQDN>"
modules_enabled = {
"ping";
}
authentication = "internal_plain"
- Run
prosodyctl register jibri auth.<FQDN> YOURSECRET3
and replaceYOURSECRET3
with an appropiate one. prosodyctl register recorder recorder.<FQDN> YOURSECRET3
and replaceYOURSECRET3
with an appropiate one.- Go to the directory
/etc/jitsi/jibri
and edit the following properties you see listed below. The rest can be left as is.
jibri{
api{
environments = [
{
xmpp-domain = "<FQDN>"
control-muc {
domain = "internal.<FQDN>"
}
control-login {
domain = "recorder.<FQDN>"
username = "recorder"
password = "YOURSECRET3"
}
call-login {
domain = "recorder.<FQDN>"
username = "recorder"
password = "YOURSECRET3"
}
}
]
}
}
- Edit the file
/etc/jitsi/jicofo/sip-communicator.properties
and add the following properties:
org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.<FQDN>
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
- Edit the file
/srv/jitsi-meet/config.js
and set the following properties:
fileRecordingsEnabled: true, // If you want to enable file recording
liveStreamingEnabled: true, // If you want to enable live streaming
hiddenDomain: 'recorder.<FQDN>',
- Edit
/srv/jitsi-meet/interface_config.js
and make sure theTOOLBAR_BUTTONS
array contains therecording
and thelivestreaming
value if you want those features.
TOOLBAR_BUTTONS: [
'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen',
'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
'tileview', 'videobackgroundblur', 'download', 'help', 'mute-everyone', 'security'
],
Add-On: Jitsi-Jigasi
We've packaged it but we don't have the infrastructure to set up this component. Hence we can't provide a guide for this so far.
Services
Now everything should be working. That means you are ready to start everything up:
systemctl start prosody
systemctl start jitsi-videbridge
systemctl start jitsi-jicofo
systemctl start jitsi-jibri
(if configured and installed beforehand)systemctl start jitsi-jigasi
(if configured and installed beforehand)systemctl start nginx
Final notes
- The Jitsi Software has a lot of dependencies and thus we recommend to run this on a dedicated host for Jitsi.
- Updating Jitsi is crucial to get rid of bugs and updated dependencies with possible security fixes.
- Although tempted through Chrome: Don't install a full X11 stack like KDE or Gnome for this.
- Don't mix the
rpms
ordebs
with a source installation of the same component. - Securely backup your configuration, preferably in a VCS. This saves time and pain when doing rollbacks or dealing with other problems.