Jitsi

From Open Source Ecology
Jump to: navigation, search

Https://meet.jit.si/opensourceecology

OSE is testing self-hosting Jitsi Meet with our own Jitsi Videobridge for scaleable video confernencing

Scaling

OSE needs 10-12 people on our weekly calls. Moreover, we'd like to be able to support 100+ participants in webinars (where the majority of users are listen-only).

Jitsi Videobridge is an SFU (Selective Forwarding Unit) that is designed to run thousands of video streams from a single server. It's written in NodeJS and users can connect from their browsers with WebRTC.

Jitsi published this performance evaluation showing how a single server with similar specs to our server could handle >1,000 participants before the server's CPU became a bottleneck. 

* https://jitsi.org/jitsi-videobridge-performance-evaluation/

POC

In 2018, OSE began testing running a self-hosted Jitsi Meet instance since the public Jitsi Meet site run by Atlassian for free (https://meet.jit.si) struggles with 5-12 participants.

The biggest expected issue with hosting Jitsi on our server is wading through the installation of all the components in CentOS7 (which our server runs) while the software is streamlined to work well in Debian.

Installation in CentOS

These commands will install Jitsi Meet on a Centos7 server. There was no good guide for this, besides trying to translate the instructions intended for Debian 

* https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md

# become root
sudo su -

# first, update software
yum update -y

# install my prereqs
yum install -y vim screen wget unzip git

# fire-up a screen
screen -S jitsiInstall

########
# epel #
########

# enable epel repo
cat << EOF > /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - \$basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - \$basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - \$basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
EOF

# and epel key
cat << EOF > /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB
OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm
jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP
vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM
jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5
S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ
n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB
9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95
T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj
GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf
uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB
tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk
5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q
ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu
MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re
9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax
CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv
HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB
VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q
thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc
ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4
vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt
RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw==
=hdPa
-----END PGP PUBLIC KEY BLOCK-----
EOF

# update again
yum update

###########
# prosody #
###########

# install jitsi prereqs
yum install -y prosody

# configure prosody
mkdir -p /etc/prosody/conf.avail/
cat << EOF > /etc/prosody/conf.avail/jitsi.opensourceecology.org.cfg.lua
VirtualHost "jitsi.opensourceecology.org"
	authentication = "anonymous"
	ssl = {
		key = "/var/lib/prosody/jitsi.opensourceecology.org.key";
		certificate = "/var/lib/prosody/jitsi.opensourceecology.org.crt";
	}
	modules_enabled = {
		"bosh";
		"pubsub";
	}
	c2s_require_encryption = false

VirtualHost "auth.jitsi.opensourceecology.org"
	ssl = {
		key = "/var/lib/prosody/auth.jitsi.opensourceecology.org.key";
		certificate = "/var/lib/prosody/auth.jitsi.opensourceecology.org.crt";
	}
	authentication = "internal_plain"

admins = { "focus@auth.jitsi.opensourceecology.org" }

Component "conference.jitsi.opensourceecology.org" "muc"
Component "jitsi-videobridge.jitsi.opensourceecology.org"
	component_secret = "YOURSECRET1"
Component "focus.jitsi.opensourceecology.org"
	component_secret = "YOURSECRET2"
EOF
	
ln -s /etc/prosody/conf.avail/jitsi.opensourceecology.org.cfg.lua /etc/prosody/conf.d/jitsi.opensourceecology.org.cfg.lua
	
prosodyctl cert generate jitsi.opensourceecology.org
prosodyctl cert generate auth.jitsi.opensourceecology.org
	
mkdir -p /usr/local/share/ca-certificates
ln -sf /var/lib/prosody/auth.jitsi.opensourceecology.org.crt /usr/local/share/ca-certificates/auth.jitsi.opensourceecology.org.crt
	
# this binary doesn't exist; TODO: find out if it's necessary?
update-ca-certificates -f
	
prosodyctl register focus auth.jitsi.opensourceecology.org YOURSECRET3
	
#########
# nginx #
#########
	
# install it from the repos
yum install -y nginx

# create config file for jitsi.opensourceecology.org
# TODO: add vhost-specific log files
mkdir -p /var/www/html/jitsi.opensourceecology.org/htdocs
cat << EOF > /etc/nginx/conf.d/jitsi.opensourceecology.org.conf
server_names_hash_bucket_size 64;

server {
	listen 443;
	# tls configuration that is not covered in this guide
	# we recommend the use of https://certbot.eff.org/
	server_name jitsi.opensourceecology.org;
	# set the root
	root /var/www/html/jitsi.opensourceecology.org/htdocs;
	index index.html;
	location ~ ^/([a-zA-Z0-9=\?]+)$ {
		rewrite ^/(.*)$ / break;
	}
	location / {
		ssi on;
	}
	# BOSH
	location /http-bind {
		proxy_pass      http://localhost:5280/http-bind;
		proxy_set_header X-Forwarded-For \$remote_addr;
		proxy_set_header Host \$http_host;
	}
}
EOF

# start nginx if it's not already started
service nginx status || service nginx start

# reload nginx config
nginx -t && service nginx reload

#####################
# Jitsi Videobridge #
#####################
	
# install depends
yum install -y java-1.8.0-openjdk
	
# TODO: figure out ideal settings for this user
adduser jitsi

su - jitsi

# download jitsi videobridge
mkdir -p $HOME/sandbox
pushd $HOME/sandbox
wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-1053.zip
unzip jitsi-videobridge-linux-x64-1053.zip
pushd jitsi-videobridge-linux-x64-1053

cat << EOF > $HOME/.sip-communicator
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
EOF

nohup ./jvb.sh --host=localhost --domain=jitsi.opensourceecology.org --port=5347 --secret=YOURSECRET1 &

popd
popd
exit

#########
# maven #
#########

wget http://mirror.metrocast.net/apache/maven/maven-3/3.5.3/binaries/apache-maven-3.5.3-bin.tar.gz
tar -xzvf apache-maven-*.tar.gz -C /usr/local
pushd /usr/local
ln -s apache-maven-* maven
popd

#########
# jicfo #
#########

# install jdk
yum install -y java-1.8.0-openjdk-devel

su - jitsi

# download jicofo
pushd $HOME/sandbox
git clone https://github.com/jitsi/jicofo.git
pushd jicofo
/usr/local/maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false

unzip target/jicofo-linux-x64-*-SNAPSHOT.zip
pushd jicofo-linux-x64-*
nohup ./jicofo.sh --host=localhost --domain=jitsi.opensourceecology.org --secret=YOURSECRET2 --user_domain=auth.jitsi.opensourceecology.org --user_name=focus --user_password=YOURSECRET3 &

##############
# jitsi meet #
##############

pushd /var/www/html/jitsi.opensourceecology.org
git clone https://github.com/jitsi/jitsi-meet.git
mv htdocs htdocs.`date "+%Y%m%d_%H%M%S"`.old
mv "jitsi-meet" "htdocs"
pushd htdocs

# this is where the npm install hits a ton of dependency hell issues, which have yet to be resolved.
yum install -y npm nodejs
npm install

See also

Videoconferencing

Retrieved from "https://wiki.opensourceecology.org/index.php?title=Jitsi&oldid=203389"