[Debian10] jitsi-meet安裝
發表於 : 2020-04-13, 17:13
jitsi.org
Jitsi Meet 1.0.33 安裝 - FB - 向聖夫
XOOP輕鬆架
官方:https://jitsi.github.io/handbook/docs/d ... quickstart
系統需求https://jitsi-club.gitlab.io/jitsi-self ... tallation/
Server: should work on 1 core, 1GB RAM - suggested (at least) 2 core, 2GB RAM (scale at your needs)
OS: debian 10 minimal (just sshd and base system utilities) - ubuntu 18.04
hostname: meet.example.com (change it to the actual domain you are using)
create DNS A records for meet.example.com.
NOTE: you do not need to create a DNS record for auth.meet.example.com. It is just an internal domain used by jicofo to connect to prosody.
安裝流程
以PVE standard Debian10.0-1範本建立的CT為例
初始化系統 https://jitsi-club.gitlab.io/jitsi-self ... quirements
安裝金鑰管理、Ngnix、JavaJDK11
防火牆設定
官方說明:
The following ports need to be open in your firewall, to allow traffic to the Jitsi Meet server:
80 TCP - for SSL certificate verification / renewal with Let's Encrypt
443 TCP - for general access to Jitsi Meet
10000 UDP - for general network video/audio communications
22 TCP - if you access you server using SSH (change the port accordingly if it's not 22)
3478 UDP - for quering the stun server (coturn, optional, needs config.js change to enable it)
5349 TCP - for fallback network video/audio communications over TCP (when UDP is blocked for example), served by coturn
安裝jitsimeet
Install the Jitsi repository key onto your system:
方法1
Create a sources.list.d file with the repository:
方法2(官方)
Update your package list:
Install the full suite:
安裝畫面
│Jitsi Meet is best to be set up with an SSL certificate. Having no certificate, a self-signed one will │
│ be generated. By choosing self-signed you will later have a chance to install Let???s Encrypt │
│ certificates. Having a certificate signed by a recognised CA, it can be uploaded on the server and │
│ point its location. The default filenames will be /etc/ssl/--domain.name--.key for the key and │
│ /etc/ssl/--domain.name--.crt for the certificate.│
建立與匯入Lets Encrypt憑證
檢查防火牆與DNS設定
此script老舊,無法使用
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
延伸閱讀:[Nginx] Lets Encrypt
設定完SSL憑證後
重啟nginx服務
測試是否可正常使用,設定完畢,接下來請保護您的伺服器
保護Domain https://jitsi.github.io/handbook/docs/d ... ure-domain
Prosody configuration
# /etc/prosody/conf.avail/*.cfg.lua
Enable authentication
Inside the VirtualHost "[your-hostname]" block, replace anonymous authentication with hashed password authentication:
Enable anonymous login for guests
Add this block after the previous VirtualHost to enable the anonymous login method for guests:
Jitsi Meet configuration
In config.js, the anonymousdomain options has to be set.
# /etc/jitsi/meet/*-config.js
Jicofo configuration
# /etc/jitsi/jicofo/sip-communicator.properties
When running Jicofo, specify your main domain in an additional configuration property. Jicofo will accept conference allocation requests only from the authenticated domain.
Create users in Prosody (internal auth)
Finally, run prosodyctl to create a user in Prosody:
and then restart prosody, jicofo and jitsi-videobridge2
更多選項
# /etc/jitsi/meet/*-config.js
requireDisplayName: true,
enableWelcomePage: false,
defaultLanguage: 'zh-tw',
設定完成
Jitsi Meet 1.0.33 安裝 - FB - 向聖夫
XOOP輕鬆架
官方:https://jitsi.github.io/handbook/docs/d ... quickstart
系統需求https://jitsi-club.gitlab.io/jitsi-self ... tallation/
Server: should work on 1 core, 1GB RAM - suggested (at least) 2 core, 2GB RAM (scale at your needs)
OS: debian 10 minimal (just sshd and base system utilities) - ubuntu 18.04
hostname: meet.example.com (change it to the actual domain you are using)
create DNS A records for meet.example.com.
NOTE: you do not need to create a DNS record for auth.meet.example.com. It is just an internal domain used by jicofo to connect to prosody.
安裝流程
以PVE standard Debian10.0-1範本建立的CT為例
初始化系統 https://jitsi-club.gitlab.io/jitsi-self ... quirements
代碼: 選擇全部
apt-get update代碼: 選擇全部
# 需求套件
apt install -y nginx gnupg2 openjdk-11-jdk
# Ensure support for apt repositories served via HTTPS
apt install apt-transport-https
代碼: 選擇全部
ufw allow https
ufw allow 10000/udp
ufw enable
ufw status verboseThe following ports need to be open in your firewall, to allow traffic to the Jitsi Meet server:
80 TCP - for SSL certificate verification / renewal with Let's Encrypt
443 TCP - for general access to Jitsi Meet
10000 UDP - for general network video/audio communications
22 TCP - if you access you server using SSH (change the port accordingly if it's not 22)
3478 UDP - for quering the stun server (coturn, optional, needs config.js change to enable it)
5349 TCP - for fallback network video/audio communications over TCP (when UDP is blocked for example), served by coturn
安裝jitsimeet
Install the Jitsi repository key onto your system:
方法1
代碼: 選擇全部
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -代碼: 選擇全部
vi /etc/apt/sources.list.d/jitsi-stable.list
deb https://download.jitsi.org stable/代碼: 選擇全部
curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null代碼: 選擇全部
apt-get -y update代碼: 選擇全部
apt-get -y install jitsi-meet│Jitsi Meet is best to be set up with an SSL certificate. Having no certificate, a self-signed one will │
│ be generated. By choosing self-signed you will later have a chance to install Let???s Encrypt │
│ certificates. Having a certificate signed by a recognised CA, it can be uploaded on the server and │
│ point its location. The default filenames will be /etc/ssl/--domain.name--.key for the key and │
│ /etc/ssl/--domain.name--.crt for the certificate.│
建立與匯入Lets Encrypt憑證
檢查防火牆與DNS設定
此script老舊,無法使用
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
延伸閱讀:[Nginx] Lets Encrypt
設定完SSL憑證後
重啟nginx服務
測試是否可正常使用,設定完畢,接下來請保護您的伺服器
保護Domain https://jitsi.github.io/handbook/docs/d ... ure-domain
Prosody configuration
# /etc/prosody/conf.avail/*.cfg.lua
Enable authentication
Inside the VirtualHost "[your-hostname]" block, replace anonymous authentication with hashed password authentication:
代碼: 選擇全部
VirtualHost "*你的網域*"
authentication = "internal_hashed"Add this block after the previous VirtualHost to enable the anonymous login method for guests:
代碼: 選擇全部
VirtualHost "guest.jitsi-meet.example.com"
authentication = "anonymous"
c2s_require_encryption = falseIn config.js, the anonymousdomain options has to be set.
# /etc/jitsi/meet/*-config.js
代碼: 選擇全部
var config = {
hosts: {
domain: 'jitsi-meet.example.com',
anonymousdomain: 'guest.jitsi-meet.example.com',
...
},
...
}# /etc/jitsi/jicofo/sip-communicator.properties
When running Jicofo, specify your main domain in an additional configuration property. Jicofo will accept conference allocation requests only from the authenticated domain.
代碼: 選擇全部
org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.comFinally, run prosodyctl to create a user in Prosody:
代碼: 選擇全部
sudo prosodyctl register <username> jitsi-meet.example.com <password>代碼: 選擇全部
systemctl restart prosody
systemctl restart jicofo
systemctl restart jitsi-videobridge2更多選項
# /etc/jitsi/meet/*-config.js
requireDisplayName: true,
enableWelcomePage: false,
defaultLanguage: 'zh-tw',
設定完成