Jitsi Digitalocean

Social distancing has shaped an increase in usage of remote working tools.One such tool is Jitsi video conferencing. In this article Iwant to describe how easy it is to spin up a free video conferencing server.The tools used are Jitsi, the open source and free video conferencing software,Terraform and Ansible.As cloud provider I leverage Digital Ocean because of its competitive pricing.

Note that while the software is free, depending on which server you provision,different costs may apply.

Jitsi

Jitsi (https://jitsi.org/) is an open source video conferencing solutionthat is encrypted and leverages the latest Web standards. Thus, you onlyneed a browser to talk to other people.It was founded in 2013 by Emil Ivov. The name Jitsi comes from theBulgarian word жици which means “wires”. Since 2013 the developercommunity around Jitsi has continued to increase.

So when I heard about Jitsi Meet, an open source alternative to Google Hangouts and Zoom, I was quite interested. Hosted version of Jitsi Meet is ready to use however the self-hosted option grants complete control. Most people would be fine to use Jitsi Meet’s online version. That said nothing compares to self-hosting. Deploy Jitsi Meet to DigitalOcean with Terraform. Contribute to 41north/jitsi-do development by creating an account on GitHub.

Digitalocean jitsi meet

Server Creation

In order to quickly create a server on Digital Ocean I use the tool Terraform (https://www.terraform.io/).It can reproducibly create server instances on most cloud platforms just by writingconfiguration files.

This is what an example instance of Jitsi would look like. It is recommended tohave at a minimum a server with 3GB, better 4GB of RAM.

You need to adapt the path to you public key file and the regionwhere the server resides in.

Then run the commands:

You will be asked your Digital Ocean token that you can retrieve from theconsole of Digital Ocean.

DNS Configuration

Once your server is created you can find the IP address in the terraform.tfstatefile under ip4_address.

Digitalocean

You now apply this address to your DNS configuration. In CloudFlare for example,your create a DNS A record with the IP address as content and “DNS Only”.

After you have applied the DNS changes, you need to wait until they are updated in the DNSservers. This can take a while and you can check with dig or nslookup if this is the case.

Software Installation

For an automated installation of Jitsi on the Ubuntu Linux server we use the free Ansible (https://www.ansible.com/)tool. You can install it on Mac with a simple brew install ansible. For otheroperating systems check the installation guide on ansible.com.

Jitsi Digitalocean Download

In order for the Ansible script to work you need to adapt three variables. One is found inthe hosts file. There you need to change the ansible_host to your IP server address.Then there are two variables in the install_jitsi.yml script. One is the domain name (domain_name)which is the domain you have configured, for example with Cloudflare or your DNS system.The other variable is the email address (email_address) you need for the Let’s Encrypt software thatwill generate a valid TLS certificate.

hosts

install_jitsi.yml

In order to run the installation of Jitsi on your target host you need to runthe following command:

Testing

If everything went fine with the installation you can check it andenter the domain name you configured in the browser.

The video conferencing interface of Jitsi should now appear and youcan start creating a room and go chatting.

Conclusion

While there is now a Digital Ocean Marketplace image ofJitsi (https://marketplace.digitalocean.com/apps/jitsi-server),I think the solution in this article can be flexibly applied toother environments as well, like an in-house server or serversat other cloud providers.

Jitsi Digitalocean App

References

GitHub source code: https://github.com/tderflinger/jitsi-deployment

Jitsi Digitalocean

Jitsi: https://jitsi.org/

Digitalocean Jitsi Meet

Terraform: https://www.terraform.io/

Ansible: https://www.ansible.com/

Digital Ocean: https://www.digitalocean.com/

Wikipedia Jitsi: https://en.wikipedia.org/wiki/Jitsi

Apr 7th, 2020
Never
Not a member of Pastebin yet?Sign Up, it unlocks many cool features!
  1. // Conectarse por ssh como root
  2. apt upgrade -y
  3. hostnamectl set-hostname jitsimeet
  4. sed-i's/^127.0.1.1.*$/127.0.1.1 jitsimeet.example.com jitsimeet/g'/etc/hosts
  5. // Definir reglas de firewall y habilitarlo
  6. ufw allow OpenSSH
  7. ufw allow https
  8. ufw enable
  9. // Instalar java
  10. apt install-y openjdk-8-jre-headless
  11. // Definir variable de entorno JAVA_HOME
  12. echo'JAVA_HOME=$(readlink -f /usr/bin/java sed 's:bin/java::')'sudotee-a/etc/profile
  13. systemctl start nginx.service
  14. apt-get install liblua5.2
  15. luarocks install basexx
  16. luarocks install luacrypto
  17. mkdir src
  18. luarocks download lua-cjson
  19. cd lua-cjson-2.1.0.6-1/lua-cjson
  20. len = lua_rawlen(l, -1);
  21. LUA_INCLUDE_DIR = /usr/include/lua5.2
  22. wget https://prosody.im/files/prosody-debian-packages.key -O-sudoapt-key add -
  23. echo deb http://packages.prosody.im/debian $(lsb_release -sc) main sudotee-a/etc/apt/sources.list
  24. apt-get update
  25. apt-get install prosody
  26. chown root:prosody /etc/prosody/certs/localhost.key
  27. wget-qO - https://download.jitsi.org/jitsi-key.gpg.key sudoapt-key add -
  28. sh-c'echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list'
  29. // Durante la instalación pregunta nombre del host.
  30. // Ingresar el FQDN (jitsimeet.example.com --> reemplazar por lo que corresponda
  31. // Pregunta por el cerificado: elegir autofirmado.
  32. apt-get install jitsi-meet
  33. // Instalar certificado letsencrypt
  34. /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
  35. // Verificaciones y correciones manuales en la configuración de prosody
  36. // Asegurarse que /etc/prosody/prosody.cfg.lua contenga al final la siguiente linea:
  37. Include 'conf.d/*.cfg.lua'
  38. // Verificar que client to server encryption esté en 'false'. Si no no funciona:
  39. c2s_require_encryption=false
  40. // edit /etc/prosody/conf.d/<host>.cfg.lua so first line is --plugin_paths = {'/usr/share/jitsi-meet/prosody-plugins/'}
  41. Under you domain config change authentication to 'token' and provide application ID, secret and optionally token lifetime:
  42. VirtualHost 'jitmeet.example.com'
  43. app_id = 'example_app_id'; -- application identifier
  44. app_secret = 'example_app_secret'; -- application secret known only to your token
  45. allow_empty_token = false; -- tokens are verified only if they are supplied by the client
  46. // Enable room name token verification plugin in your MUC component config section:
  47. Component 'conference.jitmeet.example.com''muc'
  48. //if config file not updated to authentication = 'token'do those edits then run
  49. sed-i's/module:hook/module:hook_global/g'/usr/share/jitsi-meet/prosody-plugins/mod_auth_token.lua
  50. reboot
RAW Paste Data