Skip to content

Instantly share code, notes, and snippets.

@avoidik

avoidik/jitsi-meet-multi-server.md

Forked from facsiaginsa/jitsi-meet-multi-server.md
Created March 8, 2021 10:26
Show Gist options
  • Save avoidik/779f5d5cb99e1ac24052eab75dac8256 to your computer and use it in GitHub Desktop.
Save avoidik/779f5d5cb99e1ac24052eab75dac8256 to your computer and use it in GitHub Desktop.
Download ZIP
This tutorial is for jitsi-meet installation using 2 server or more. The main server will contain jitsi-meet react source code, prosody, nginx, and jicofo. The videobridge will be installed seperatelly on the second server and so on.
Raw
jitsi-meet-multi-server.md

How to Install Jitsi Meet with Multi Server Configuration

This tutorial is for jitsi-meet installation using 2 server or more. The main server will contain jitsi-meet react source code, prosody, nginx, and jicofo. The videobridge will be installed seperatelly on the second server and so on.

Prerequisite

  1. Minimum 2 server with 1 IP Public each
  2. Ubuntu 18.04

Sudo Privileges

Before start we make sure that we will have no permission issue on the installation.

sudo su

Main Server

On this server we will run the nginx, prosody, and jicofo.

Update apt repo

apt-get update

Install NGINX

apt-get install nginx

note that we need to install nginx before installing jitsi-meet so the jitsi-meet not using jetty as the web server

Install Jitsi-Meet, nodejs, make, and latest prosody

wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list
wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt update
sudo apt install --no-install-recommends jitsi-meet && apt install lua-sec nodejs make

you will be asked the domain, and ssl option when installing jitsi-meet. For me, I prefer use let's encrypt and then change it later.

Cleaning Not Used Files & Service

remove default site config files on nginx

rm /etc/nginx/site-enabled/default
rm /etc/nginx/site-available/default

stop jitsi videbridge as it will be running on the second server, not in the main server

/etc/init.d/jitsi-videobridge stop

Prosody Global Config

open global prosody configuration file /etc/prosody/prosody.cfg.lua and add this statement:

component_interface = "0.0.0.0"
compinent_ports = { 5347 }
network_backend = "epoll"

Prosody Virtual Host Config

Open your config /etc/prosody/conf.d/<your.domain.com>.cfg.lua and adjust your file like this

-- plugin from repo
plugin_paths = { "/usr/share/jitsi-meet/resources/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "<your.domain.com>"

cross_domain_bosh = false
cross_domain_websocket = true
consider_bosh_secure = true
consider_websocket_secure = true

VirtualHost "<your.domain.com>"
        -- enabled = false -- Remove this line to enable this host
        authentication = "anonymous"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        --app_id="example_app_id"
        --app_secret="example_app_secret"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/<your.domain.com>.key";
                certificate = "/etc/prosody/certs/<your.domain.com>.crt";
        }
        speakerstats_component = "speakerstats.<your.domain.com>"
        conference_duration_component = "conferenceduration.<your.domain.com>"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "websocket";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "conference_duration";
            "muc_lobby_rooms"
        }
        c2s_require_encryption = false
        lobby_muc = "lobby.<your.domain.com>"
        main_muc = "conference.<your.domain.com>"
        muc_lobby_whitelist = { "recorder.<your.domain.com>" }

Component "conference.<your.domain.com>" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
    }
    admins = { "focus@auth.<your.domain.com>" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.<your.domain.com>" "muc"
    storage = "memory"
    modules_enabled = {
      "ping";
    }
    admins = { "focus@auth.<your.domain.com>", "jvb@auth.<your.domain.com>" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.<your.domain.com>"
    ssl = {
        key = "/etc/prosody/certs/auth.<your.domain.com>.key";
        certificate = "/etc/prosody/certs/auth.<your.domain.com>.crt";
    }
    authentication = "internal_plain"

Component "focus.<your.domain.com>"
    component_secret = "S4TKfRmB"

Component "speakerstats.<your.domain.com>" "speakerstats_component"
    muc_component = "conference.<your.domain.com>"

Component "conferenceduration.<your.domain.com>" "conference_duration_component"
    muc_component = "conference.<your.domain.com>"

Component "lobby.<your.domain.com>" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true

You can comment or delete other line if there are any different with your file.

Restart Prosody

/etc/init.d/prosody restart

Look at JVB Password in Prosody

You can check the password by execute this command

cat /var/lib/prosody/auth%2e<your%2edomain%2ecom>/accounts/jvb.dat

This password will be used by jvb on the second server to connect to prosody

Second Server

On this server we will run the jitsi videobridge2.

Install Jitsi-Videobridge

wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
sudo apt-get update
sudo apt-get install jitsi-videobridge2

you will be asked the domain, input the domain of the main server. This JVB server doesn't need a domain.

Config file

open /etc/jitsi/videobridge/config make sure you the config is already right:

# Jitsi Videobridge settings

# sets the XMPP domain (default: none)
JVB_HOSTNAME= --> leave this blank

# sets the hostname of the XMPP server (default: domain if set, localhost otherwise)
JVB_HOST= --> leave this blank

# sets the port of the XMPP server (default: 5275)
JVB_PORT=5347 --> adjust this value to prosody listen port 

# sets the shared secret used to authenticate to the XMPP server
JVB_SECRET=6iHFEg3U --> it doesn't matter anymore

# extra options to pass to the JVB daemon
JVB_OPTS="--apis=rest,"

# adds java system props that are passed to jvb (default are for home and logging config file)
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG$

sip-communicator.properties file

open /etc/jitsi/videobridge/sip-communicator.properties and then add these statement

org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=<your.domain.com>
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.<your.domain.com>
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=<your jvb password> --> from jvb.dat
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.<your.domain.com>
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=<unique name for the jvb>
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

If your JVB server is behind NAT, also add this 2 statement on this file

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>

Restart All Services

on main server

/etc/init.d/prosody restart
/etc/init.d/jicofo restart

on jvb server

/etc/init.d/jitsi-videobridge2 restart

Checking

To make sure all setup is success, you can check jicofo log

grep 'Added new videobridge' /var/log/jitsi/jicofo.log

You should see your videobridge nickname there.

Extra

To add more Videobridge, just install the jitsi-videobridge on the new server and follow the Second Server installation.

@avoidik
Copy link
Author

avoidik commented Mar 8, 2021

https://github.com/christiancuri/Docs

@avoidik
Copy link
Author

avoidik commented Oct 4, 2021 

try {
    let o = JSON.parse(localStorage.getItem("features/base/settings"));
    o.startWithVideoMuted = true;
    o.startWithAudioMuted = true;
    localStorage.setItem("features/base/settings", JSON.stringify(o))
} catch {
}

@avoidik
Copy link
Author

avoidik commented Oct 4, 2021 

import jwt
import datetime
from dateutil.relativedelta import relativedelta

BASE_DOMAIN = 'sjitsi.example.com'
JWT_SECRET_KEY = '...'

token_payload = {
  "context": {
    "user": {
      "name": "<username>",
      "email": "<email>"
    }
  },
  "moderator": True,
  "aud": "jitsi",
  "iss": "jitsi",
  "sub": BASE_DOMAIN,
  "room": "*",
  "exp": datetime.datetime.utcnow() + relativedelta(years=1)
}

encoded = jwt.encode(token_payload, JWT_SECRET_KEY, algorithm="HS256")

print("https://{domain}/?jwt={jwt}".format(domain=BASE_DOMAIN, jwt=encoded.decode()))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment