Jitsi-meet
Jitsi はセキュアなビデオ会議ソリューションを簡単に構築・デプロイすることができるオープンソースプロジェクトのセットです。Jitsi の中心は Jitsi Videobridge と Jitsi Meet で、インターネット上で会議を行うことができます。コミュニティの他のプロジェクトを使うことでオーディオ会議やダイアルイン、録音、サイマルキャストなどの機能を有効化できます。
目次
インストール
jitsi-meet-binAUR, jitsi-videobridge-binAUR, jicofo-binAUR をインストールしてください。
また jitsi-meet-gitAUR, jitsi-videobridgeAUR, jicofo-gitAUR をインストールしてください。
設定
git パッケージの設定
If your server name is example.com
then a common choice for your jitsi will be meet.example.com
. You will need to update DNS record for your server with an entry meet
. The remainder assumes that you have done this.
Also you should have SSL/TLS certificates for your meet.example.com
domain, for example see certbot.
The remaining instructions in bash
to make it clear what needs replacing. Pasting the commands into a bash shell with root permissions should give you a working install.
Replace the domain name with your own:
export JITSIFQDN=meet.example.com
Specify correct path to generated certificates:
export JITSIFQDN_CRT=/etc/letsencrypt/live/meet.example.com/fullchain.pem export JITSIFQDN_KEY=/etc/letsencrypt/live/meet.example.com/privkey.pem
Passwords are needed. We set up some shell variables to hold them for later use. You can replace $(mktemp XXXXXXX)
with your own passwords if you want, but the random strings generated by mktemp
should be fine.
export SECRET1=$(mktemp -u XXXXXXXX) export SECRET2=$(mktemp -u XXXXXXXX) export SECRET3=$(mktemp -u XXXXXXXX)
prosody の設定
prosody is a prerequisite and you will need to add a configuration to it for your Jitsi services. If you do not already have a prosody server set up, install prosody and lua52-sec now. The rest of the prosody configuration assumes you have a local install of prosody.
First make sure there is a subdirectory to hold custom configurations and that prosody loads it:
mkdir -p /etc/prosody/conf.d cat >> /etc/prosody/prosody.cfg.lua <<=== Include "conf.d/*.cfg.lua" ===
Create the prosody config file for your domain:
cat > /etc/prosody/conf.d/$JITSIFQDN.cfg.lua <<=== VirtualHost "${JITSIFQDN}" authentication = "anonymous" ssl = { key = "/var/lib/prosody/${JITSIFQDN}.key"; certificate = "/var/lib/prosody/${JITSIFQDN}.crt"; } modules_enabled = { "bosh"; "pubsub"; } c2s_require_encryption = false VirtualHost "auth.${JITSIFQDN}" ssl = { key = "/var/lib/prosody/auth.${JITSIFQDN}.key"; certificate = "/var/lib/prosody/auth.${JITSIFQDN}.crt"; } authentication = "internal_plain" admins = { "focus@auth.${JITSIFQDN}" } Component "conference.${JITSIFQDN}" "muc" Component "jitsi-videobridge.${JITSIFQDN}" component_secret = "${SECRET1}" Component "focus.${JITSIFQDN}" component_secret = "${SECRET2}" ===
Generate the certificates that prosody needs. This is interactive:
prosodyctl cert generate $JITSIFQDN
prosodyctl cert generate auth.$JITSIFQDN
Register the focus user:
prosodyctl register focus auth.$JITSIFQDN $SECRET3
Trust the certificate:
trust anchor /var/lib/prosody/auth.$JITSIFQDN.crt
prosody
サービスを再起動してください。
jitsi-videobridge の設定
jitsi-videobridge の設定:
cat > /etc/jitsi-videobridge/jitsi-videobridge.conf <<=== flags="--host=localhost --domain=${JITSIFQDN} --port=5347 --secret=${SECRET1}" ===
ログや SIP コミュニケータの設定を同じフォルダに保持したい場合、以下のように行うことができます。
cat >> /etc/jitsi-videobridge/jitsi-videobridge.conf <<=== VIDEOBRIDGE_DEBUG_OPTIONS="-Djava.util.logging.config.file=/etc/jitsi-videobridge/logging.properties -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jitsi-videobridge -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc ===
cp /opt/jitsi-videobridge/lib/logging.properties /etc/jitsi-videobridge/logging.properties cat > /etc/jitsi-videobridge/sip-communicator.properties <<=== org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=focus@auth.${JITSIFQDN}/.* org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false org.jitsi.videobridge.TCP_HARVESTER_PORT=4443 ===
jitsi-videobridge
サービスを起動・有効化してください。
jicofo の設定
cat > /etc/jicofo/jicofo.conf <<=== flags="--host=localhost --domain=${JITSIFQDN} --secret=${SECRET2} --user_domain=auth.${JITSIFQDN} --user_name=focus --user_password=${SECRET3}" ===
jicofo
サービスを起動・有効化してください。
jitsi-meet の設定
cp /opt/jitsi-meet/config.js /opt/jitsi-meet/config.js.orig cat > /opt/jitsi-meet/config.js <<=== var domainroot = "${JITSIFQDN}" var config = { hosts: { domain: domainroot, muc: 'conference.'+domainroot, bridge: 'jitsi-videobridge.'+domainroot, focus: 'focus.'+domainroot }, useNicks: false, bosh: '//'+domainroot+'/http-bind', } ===
nginx の設定
こちらは最小限の nginx 設定ですが、これは https://ssl-config.mozilla.org/#server=nginx&version=1.16.1&config=intermediate&openssl=1.1.1f&guideline=5.4 からの推奨 HTTPS 設定と Jitsi-meet ドキュメントで推奨される最小設定を単純にマージしたものです。この設定は十分に動作しますが、自分自身のサーバーに適応させることをお勧めします。
sed -i "/^http.*{/a include /etc/nginx/${JITSIFQDN}.conf;" /etc/nginx/nginx.conf
#WARNING - The config file text uses bash escapes. If copying for hand editing, each '\$' needs to be replaced with '$' # and each '${VARIABLE}' needs to be replaced. cat > /etc/nginx/${JITSIFQDN}.conf <<=== # Redirect http to https server { listen 80; listen [::]:80; server_name call.mechadept.nz; return 301 https://\$host\$request_uri; } # Mozilla intermediate config server { listen 443 ssl http2; listen [::]:443 ssl http2; #ssl_certificate /path/to/signed_cert_plus_intermediates; #ssl_certificate_key /path/to/private_key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam # ssl_dhparam /path/to/dhparam; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; #} #Merge mozilla config with jitsi recommended one ssl_certificate /etc/letsencrypt/live/${JITSIFQDN}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${JITSIFQDN}/privkey.pem; error_page 404 /static/404.html; # Jitsi recommended settings below #server { # listen 80; server_name ${JITSIFQDN}; # set the root root /opt/jitsi-meet; index index.html; location ~ ^/([a-zA-Z0-9=\?]+)\$ { rewrite ^/(.*)\$ / break; } location / { ssi on; } # BOSH location /http-bind { proxy_pass http://localhost:5280/http-bind; proxy_set_header X-Forwarded-For \$remote_addr; proxy_set_header Host \$http_host; } # xmpp websockets location /xmpp-websocket { proxy_pass http://localhost:5280/xmpp-websocket; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host \$host; tcp_nodelay on; } } ===
それから nginx
サービスを再起動してください。
ヒントとテクニック
NAT 経由で実行
以下のポートをサーバーに転送する必要があります:
HTTPS:
- TCP/443
Jitsi Videobridge:
- TCP/4443
- UDP/10000