FicusOnline Blog

Linux, opensource projects tips 

2020/08/10  Android, Docker, Server, WEB Design


Construct Jitsi which is an open source web conference system on Docker. The conference systems like Zoom and Webex are supplied as free service, althoug in these services, there are some restrictions of time, members and so on to use. The merits for constructing the Jitsi web conference system are no limit to use, in addition, if you need, you could extend the system resources and functions and tweak any codes. Jitsi works on web browser, android OS and Apple iOS.

Jitsi web conference system is composed of the following 5 blocks. the web container works based on the image which put Nginx and Jitsi-Meet together and other container works based on each image of Prosody, Jicofo and VideoBridge. Network communication for SSL (Let's Encrypt) is established via Nginx reverse proxy.

  1. Jitsi-Meet: Web Interface files
  2. Nginx: Web Server
  3. Prosody: XMPP Server
  4. Jicofo: Exchange Users Session, Allocate Video Stream Channel
  5. Jvb:Jitsi Video Bridge, Video Stream Server, Monitor and Control Bandwidth

Jitsi-Prosody

Port Description
5222 Prosody Clent Listening Port
5280 Prosody Server Listening Port
5347 Prosody Components

 

Jitsi-Videobridge

Port Description
443 Jitsi Video Bridge Harvester Port
5347 Prosody Components
4443 Jitsi Video Bridge Harvester Port
10000-20000/UDP Web RTC / ICE

 

Jitsi-Jicofo

Port Description
5222 Prosody Client Port
5347 Prosody Components

 

Jitsi-Meet

Port Description
80 Nginx Listening Port
5280 Prosody Server Listening Port

 

Install process is like the following.

  1. Configure Nginx Reverse Proxy
  2. SSL Certification by Certbot
  3. Download Jitsi Meet on Docker and Create .env file and docker-compose file
  4. Confirmation of Jitsi Working

Jitsi Meet on Docker
https://github.com/jitsi/docker-jitsi-meet/tree/stable-4857

Jitsi Meet
https://meet.jit.si/

 


1.Configure Nginx Reverse Proxy

In advance, got the domain for Jitsi system. Prepare another machine for Nginx reverse proxy(in this case, it also works as a docker container, if you don't need to work it as a container, omit the docker command portions) in the same as the network of the machine installed Jitsi.

Create new nginx configuration file for Jitsi domain /etc/nginx/conf.d/jitsi-example.conf (the name is arbitrary)

server {
    server_name www.jitsi-example.com;

    server_tokens off;
    # access_log  /var/log/nginx/www.jitsi-example.com.access.log;
    # error_log   /var/log/nginx/www.jitsi-example.com.error.log error;

    location / {
        proxy_pass http://192.168.xx.xxx:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

}

 


2.SSL Certification by Certbot

Get the SSL Certification for Jitsi domain name by Certbot. Implement the following command on the machine installed nginx reverse proxy(nginx in the docker container)

$ docker exec -ti nginx bash
# certbot --nginx -d www.jitsi-example.com

Certbot renew the configuration file of nginx automatically as the following.

server {
    server_name www.jitsi-example.com;

    server_tokens off;
    # access_log  /var/log/nginx/www.jitsi-example.com.access.log;
    # error_log   /var/log/nginx/www.jitsi-example.com.error.log error;

    location / {
        proxy_pass http://192.168.xx.xxx:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }



    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.jitsi-example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.jitsi-example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = www.jitsi-example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name www.jitsi-example.com;
    listen 80;
    return 404; # managed by Certbot


}

 

The SSL certification of Let's Encrypt will be expired after 90 days, add the renewal script in the system cron job on the machine installed nginx reverse proxy.

#certbot in nginx docker
0 1 * * * docker exec nginx bash -c "certbot renew >> /var/log/letsencrypt/renew.log"

 


3.Download Jitsi Meet on Docker and Create .env file and docker-compose file

Clone or download the latest stable Jitsi branch into the arbitrary directory.

$ git clone -b stable-4857 --single-branch https://github.com/jitsi/docker-jitsi-meet.git

Move into docker-jitsi-meet directory and create .env file.

$ cd docker-jitsi-meet
$ cp env.example .env

Implement the password script for additing the passwords for security in .env file.

$ ./gen-passwords.sh

Modyfy .env file in accordance with your environment. For the SSL network connection is established by the reverse proxy, the following modifications related to SSL are important.

DISABLE_HTTPS=1

#ENABLE_HTTP_REDIRECT=1

Will be like the below(extract the portion).


#
# Basic configuration options
#

# Directory where all configuration will be stored
CONFIG=./.jitsi-meet-cfg

# Exposed HTTP port
HTTP_PORT=8000

# Exposed HTTPS port
#HTTPS_PORT=8443

# System time zone
TZ=JST

# Public URL for the web service
PUBLIC_URL=https://www.jitsi-example.com

# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the README
DOCKER_HOST_ADDRESS=192.168.x.xx

# Control whether the lobby feature should be enabled or not
ENABLE_LOBBY=1

#
# Let's Encrypt configuration
#

# Enable Let's Encrypt certificate generation
#ENABLE_LETSENCRYPT=0

# Domain for which to generate the certificate
#LETSENCRYPT_DOMAIN=meet.example.com

# E-Mail for receiving important account notifications (mandatory)
#LETSENCRYPT_EMAIL=alice@atlanta.net


#
# Authentication configuration (see handbook for details)
#

# Enable authentication
ENABLE_AUTH=1

# Enable guest access
ENABLE_GUESTS=1

# Select authentication type: internal, jwt or ldap
AUTH_TYPE=internal

#
# Advanced configuration options (you generally don't need to change these)
#

# Disable HTTPS: handle TLS connections outside of this setup
DISABLE_HTTPS=1

# Redirect HTTP traffic to HTTPS
# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
#ENABLE_HTTP_REDIRECT=1

# Container restart policy
# Defaults to unless-stopped
RESTART_POLICY=unless-stopped

 

For SSL connection by reverse proxy, comment out - '${HTTPS_PORT}:443'  in docker-compose.yml.

version: '3'

services:
    # Frontend
    web:
        image: jitsi/web:stable-4857
        restart: ${RESTART_POLICY}
        ports:
            - '${HTTP_PORT}:80'
            # - '${HTTPS_PORT}:443'
        volumes:
            - ${CONFIG}/web:/config:Z
            - ${CONFIG}/web/letsencrypt:/etc/letsencrypt:Z
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
        environment:

Create the directories for Jitsi system blocks.

mkdir -p .jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}

note) If you modified the .env file, you have to delete the above configration directories to validate the changes, and recreate configration directories.

 


4.Confirmation of Jitsi Working

Start the each container in Jitsi by docker-compose command.

$ docker-compose up -d

Access to the address: https://www.jitsi-example.com and confirm to work.

Conference Start View

 

Host View(only one host, not activated camera)

 

Sub Menu( share YouTube, Record Conference)

 

Share Apprication View, Blowser Tab

 

Invite Other Member by Email, Chat Function

 

 

About SIP call and record the conference extensions, will be reported on next time.

 

comments powered by Disqus