Skip to content

Latest commit

 

History

History
477 lines (325 loc) · 11.7 KB

INSTALL.md

File metadata and controls

477 lines (325 loc) · 11.7 KB

Jitsi Cluster Deployment

Jitsi Cluster

This guide contains step-by-step instructions to deploy LXC based Jitsi cluster on Debian 11 Bullseye.

1. JMS (Jitsi Meet Server)

The JMS server contains:

  • Jitsi-Meet
    Jitsi web interface published through Nginx

  • Prosody
    XMPP server

  • Jicofo
    Jitsi Conference Focus service

  • Coturn
    TURN server

  • JVB
    Jitsi Video Bridge service

    This internal JVB may be disabled on JMS if there are additional JVBs. This is the recommended way for the production environment.

1.1 Prerequisites

1.1.1 Supported distribution

Debian 11 Bullseye

1.1.2 Server specifications

  • At least 2 CPU cores
  • At least 8 GB RAM
  • At least 8 GB disk

1.1.3 DNS records

  • DNS A record for JMS which points to this server
    e.g. jitsi.nordeck.corp

  • DNS CNAME record for TURN as an alias for JMS
    e.g. turn.nordeck.corp

Both FQDNs must be resolvable. Test them using the following commands:

host jitsi.nordeck.corp
host turn.nordeck.corp

1.1.4 Public Ports

  • TCP/443

  • TCP/80
    If Lets Encrypt is used

  • TCP/5222
    If there are additional JVB, Jibri or Video-SIP-Gateway nodes which access JMS through the public IP

  • UDP/10000
    If the internal JVB on JMS will be kept enabled. It is enabled by default.

1.2 Installation

1.2.1 Login to the server

Login to the server as root user

1.2.2 Installer script

Download ni, the Nordeck Installer script

cd /root
wget -O ni https://raw.githubusercontent.com/nordeck/bullseye-lxc-base/main/installer/ni

1.2.3 Installer config

Download nordeck-jitsi.conf into /root/ folder:

cd /root
wget -O nordeck-jitsi.conf https://raw.githubusercontent.com/nordeck/bullseye-lxc-jitsi/main/installer/nordeck-jitsi.conf

And customize it if needed. For example add your FQDNs into it:

echo export JITSI_FQDN=jitsi.nordeck.corp >>nordeck-jitsi.conf
echo export TURN_FQDN=turn.nordeck.corp >>nordeck-jitsi.conf

1.2.4 Running the installer

Run the installer

cd /root
bash ni nordeck-jitsi

1.2.5 Let's Encrypt certificate

Let's say the host address of JMS is jitsi.nordeck.corp and the host address of TURN is turn.nordeck.corp. To set the Let's Encrypt certificate:

set-letsencrypt-cert jitsi.nordeck.corp,turn.nordeck.corp

Be careful, no space between host addresses.

2. Additional JVB (Jitsi Video Bridge)

2.1 Prerequisites

2.1.1 Supported distribution

Debian 11 Bullseye

2.1.2 Server specifications

  • At least 2 CPU cores
  • At least 4 GB RAM
  • At least 8 GB disk

2.1.3 Public Ports

  • UDP/10000

  • TCP/9090
    The signaling port... This port must be accessible for JMS

  • TCP/22
    SSH port... This port must be accessible for JMS

2.1.4 SSH server

Install openssh-server if not already exists:

apt-get install openssh-server

2.1.5 JMS public key

The SSH public key of JMS must be in /root/.ssh/authorized_keys on JVB.

Set JITSI_HOST according to your Jitsi FQDN.

mkdir -p /root/.ssh
chmod 700 /root/.ssh

JITSI_HOST=jitsi.nordeck.corp

# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub

wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys

2.2 Installation

Login as root to JMS and run add-jvb-node command using IP address of JVB:

add-jvb-node <JVB-IP-ADDRESS>

3. Additional Jibri

3.1 Prerequisites

3.1.1 Supported distribution

Debian 11 Bullseye

3.1.2 Server specifications

  • At least 4 CPU cores for each Jibri instance.
  • At least 4 GB RAM for each Jibri instance.
  • At least 8 GB disk.
  • More disk space if recorded files will be stored on this server.
  • Maximum 16 Jibri instances supported on a single server.

3.1.3 Public Ports

  • TCP/22
    SSH port... This port must be accessible for JMS

3.1.4 SSH server

Install openssh-server if not already exists:

apt-get install openssh-server

3.1.5 JMS public key

The SSH public key of JMS must be in /root/.ssh/authorized_keys on Jibri.

Set JITSI_HOST according to your Jitsi FQDN.

mkdir -p /root/.ssh
chmod 700 /root/.ssh

JITSI_HOST=jitsi.nordeck.corp

# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub

wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys

3.2 Installation

Login as root to JMS and run add-jibri-node command using IP address of Jibri:

add-jibri-node <JIBRI-IP-ADDRESS>

4. Additional Video SIP Gateway

4.1 Prerequisites

4.1.1 Supported distribution

Debian 11 Bullseye

4.1.2 Server specifications

  • At least 8 CPU cores for each video-sip-gateway instance.
  • At least 8 GB RAM for each video-sip-gateway instance.
  • At least 8 GB disk.
  • Maximum 4 video-sip-gateway instances supported on a single server.

4.1.3 Public Ports

  • TCP/22
    SSH port... This port must be accessible for JMS

4.1.4 SSH server

Install openssh-server if not already exists:

apt-get install openssh-server

4.1.5 JMS public key

The SSH public key of JMS must be in /root/.ssh/authorized_keys on video-sip-gateway.

Set JITSI_HOST according to your Jitsi FQDN.

mkdir -p /root/.ssh
chmod 700 /root/.ssh

JITSI_HOST=jitsi.nordeck.corp

# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub

wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys

4.2 Configuration

Before adding the video-sip-gateway node, update pjsua.config template on JMS according to your environment. add-sip-node command uses it to configure the nodes.

The template file is in the nordeck-jitsi container.

  • Path in container:
    /root/meta/pjsua.config

  • Path on host:
    /var/lib/lxc/nordeck-jitsi/rootfs/root/meta/pjsua.config

Add SIP account info into it using the following format:

--id "jitsi <sip:SIP_USER@SIP_SERVER_ADDRESS>"
--registrar "sip:SIP_SERVER_ADDRESS"
--realm "*"
--username "SIP_USER"
--password "SIP_PASSWORD"

4.3 Installation

Login as root to JMS and run add-sip-node command using IP address of video-sip-gateway:

add-sip-node <SIP-IP-ADDRESS>

4.4 Updating the PJSUA configuration

First, update the template files to change the PJSUA configuration. The template files are in the nordeck-jitsi container.

  • Paths in container:

    • /root/meta/pjsua.config
    • /root/meta/env.sidecar.sip
  • Paths on host:

    • /var/lib/lxc/nordeck-jitsi/rootfs/root/meta/pjsua.config
    • /var/lib/lxc/nordeck-jitsi/rootfs/root/meta/env.sidecar.sip

Then run update-sip-config command using IP address of video-sip-gateway:

update-sip-config <SIP-IP-ADDRESS>

Be careful, if there is an active SIP session while running this command, it will be canceled.

4.5 Dial-plan

Update /var/lib/lxc/nordeck-dialplan/rootfs/home/dialplan/app/dial-plan.json to set available SIP peers for Jitsi UI. This list is only accessible for moderator users.

5. Additional Video SIP Gateway (without LXC)

5.1 Prerequisites

5.1.1 Supported distribution

Debian 11 Bullseye

5.1.2 Server specifications

  • At least 8 CPU cores
  • At least 8 GB RAM
  • At least 8 GB disk.

5.1.3 Public Ports

  • TCP/5060 and UDP/5060
    SIP ports... These ports must be open if there will be direct incoming SIP call (a call from a remote SIP device without using a SIP server in the middle)

  • TCP/22
    SSH port... This port must be accessible for JMS

5.1.4 SSH server

Install openssh-server if not already exists:

apt-get install openssh-server

5.1.5 JMS public key

The SSH public key of JMS must be in /root/.ssh/authorized_keys on video-sip-gateway.

Set JITSI_HOST according to your Jitsi FQDN.

mkdir -p /root/.ssh
chmod 700 /root/.ssh

JITSI_HOST=jitsi.nordeck.corp

# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub

wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys

5.2 Installation

Login as root to JMS and run add-sip-vm command using IP address of video-sip-gateway:

add-sip-vm <SIP-IP-ADDRESS>

5.3 Warnings

Some ports are publicly open by default in VM setup. Don't forget to limit their accessibility by using a firewall if the network interface is publicly accessible for this VM.

Publicly open ports:

  • TCP/2222, Jibri's external API
  • TCP/3333, Jibri's internal API
  • TCP/8017, component-sidecar

6. Sponsors

Nordeck