10

Jitsi Meet - WebRTC, Linux, macOS, Windows, iOS Android. Zoom, . Jitsi Meet , , TLS . , Jitsi Meet Ubuntu 18.04 20.04, Debian 10.

>    Jitsi Meet  Linux

Jitsi Meet

  • (Screensharing)
  • ,
  • .
  • DTLS-SRTP
  • ,
  • Dropbox
  • YouTube Live YouTube
  • Android iOS
  • Jits Meet -

:

  • Linux non-root user sudo
  • ,

1. Jitsi Meet

Jitsi Meet Ubuntu . Jitsi, . SSH, , Jitsi.

echo 'deb https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list

Jitsi, APT , .

wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -

Jitsi HTTPS-, apt-transport-https, APT HTTPS- Jitsi.

sudo apt install apt-transport-https

Jitsi Meet Ubuntu.

sudo apt update
sudo apt install jitsi-meet

Jitsi. , -, . , meet.example.com.

TLS (Generate a new self-signed certificate), Lets Encryption.

Generate a new self-signed certificate

Linux, /etc/sysctl.d/20-jvb-udp-buffers.conf. Jitsi Meet . :

systemctl status jitsi-videobridge2

:

? jitsi-videobridge2.service - Jitsi Videobridge
   Loaded: loaded (/lib/systemd/system/jitsi-videobridge2.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-04-24 12:11:13 UTC; 3min 27s ago
 Main PID: 3665 (java)
    Tasks: 37 (limit: 65000)
   CGroup: /system.slice/jitsi-videobridge2.service
           L-3665 java -Xmx3072m -XX:+UseConcMarkSweepGC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HO	

jitsi-meet ,

  • openjdk-8-jre-headless: Java. , Jitsi Meet Java.
  • jicofo: Jitsi Conference Focus (systemctl status jicofo)
  • prosody: Jabber / XMPP (systemctl status prosody)
  • coturn: TURN STUN VoIP (systemctl status coturn)

2.

Jitsi Meet UDP, . ( Ubuntu netstat, sudo apt install net-tools, .)

sudo netstat -lnptu | grep java
sudo netstat -lnptu | grep java

-, TCP- 80 443. UDP- 10000 5000. UFW, , .

sudo ufw allow 80,443/tcp
sudo ufw allow 10000,5000/udp	

3. Let's Encrypt TLS

DNS ( ), DNS A Jitsi (meet.example.com). , Lets Encrypt TLS:

sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

, . certbot TLS.

This script will:
- Need a working DNS record pointing to this machine(for domain jitsi.example.com)
- Download certbot-auto from https://dl.eff.org to /usr/local/sbin
- Install additional dependencies in order to request Lets Encrypt certificate
- If running with jetty serving web content, will stop Jitsi Videobridge
- Configure and reload nginx or apache2, whichever is used
- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks
- Add command in weekly cron job to renew certificates regularly

You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
by providing an email address for important account notifications
Enter your email and press [ENTER]:

, , , TLS .

TLS

, http-01, , - Apache Nginx 80 IP-. http-01, . . DNS.

sudo certbot --agree-tos -a dns-cloudflare -i nginx --redirect --hsts --staple-ocsp --email me@example.com -d meet.example.com

:

  • --agree-tos: .
  • -a dns-cloudflare: DNS cloudflare , Cloudflare DNS.
  • -i nginx: nginx TLS. Apache, nginx apache.
  • --redirect: HTTPS 301 .
  • --hsts: Strict-Transport-Security HTTP. TLS . SSL/TLS.
  • --staple-ocsp: OCSP. OCSP , TLS.

4. HTTP2

HTTP2 -. HTTP2 Nginx, .

sudo nano /etc/nginx/sites-enabled/meet.example.com.conf

.

listen 443 ssl;
listen [::]:443 ssl;	

http2 .

listen 443 ssl http2;
listen [::]:443 ssl http2;

. Nginx, .

sudo systemctl reload nginx

5. -

https://meet.example.com, . - . - .

Jitsi Meet

Go. .


6.

Jitsi Meet, . , Prosody.

sudo nano /etc/prosody/conf.d/meet.example.com.cfg.lua

.

authentication = "anonymous"

, .

authentication = "internal_plain"

, , , . , A DNS guest.meet.example.com.

VirtualHost "guest.meet.example.com"
    authentication = "anonymous"
    c2s_require_encryption = false

. Jitsi Meet.

sudo nano /etc/jitsi/meet/meet.example.com-config.js

:

// anonymousdomain: 'guest.example.com',

. meet.example.com Jitsi Meet.

anonymousdomain: 'guest.meet.example.com',

. Jicofo.

sudo nano /etc/jitsi/jicofo/sip-communicator.properties

.

org.jitsi.jicofo.auth.URL=XMPP:meet.example.com

. systemd, .

sudo systemctl restart jitsi-videobridge2 prosody jicofo

Jisi Meet, . .

sudo prosodyctl register username meet.example.com

, Jitsi Meet, .


, Nginx (/var/log/nginx/error.log), , . systemd.

sudo journalctl -eu jitsi-videobridge2
sudo journalctl -eu prosody
sudo journalctl -eu jicofo	

You have been disconnected ( ) Jitsi, , meet.example.com Jitsi Meet .

You have been disconnected

: Jigasi

Jitsi , . jigasi ( Jitsi SIP).

sudo apt install jigasi

SIP. , SIP OnSIP.com.

SIP Username

6, Jigasi.

sudo nano /etc/jitsi/jigasi/sip-communicator.properties

.

# org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
# org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
# org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false	

, 6.

org.jitsi.jigasi.xmpp.acc.USER_ID=user1@meet.example.com
org.jitsi.jigasi.xmpp.acc.PASS=user1_password
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false	

. jigasi systemd.

sudo systemctl restart jigasi

: Coturn

Jitsi Meet , Coturn, .

Warning! Could not resolve your external ip address! Error:^
Your turn server will not work till you edit your /etc/turnserver.conf config file.
You need to set your external ip address in external-ip and restart coturn service.

Coturn.

sudo nano /etc/turnserver.conf

.

external-ip=127.0.0.1

127.0.0.1 IP- . . Coturn.

sudo systemctl restart coturn

! Jitsi Meet Linux .


>