This guide contains step-by-step instructions to deploy LXC
based Jitsi
cluster on Debian 11 Bullseye
.
- 1. JMS (Jitsi Meet Server)
- 2. Additional JVB (Jitsi Video Bridge)
- 3. Additional Jibri
- 4. Additional Video SIP Gateway
- 5. Additional Video SIP Gateway (without LXC)
- 6. Sponsors
The JMS
server contains:
-
Jitsi-Meet
Jitsi web interface published throughNginx
-
Prosody
XMPP server -
Jicofo
Jitsi Conference Focus service -
Coturn
TURN server -
JVB
Jitsi Video Bridge service
This internalJVB
may be disabled onJMS
if there are additionalJVBs
. This is the recommended way for the production environment.
Debian 11 Bullseye
- At least 2 CPU cores
- At least 8 GB RAM
- At least 8 GB disk
-
DNS A record
forJMS
which points to this server
e.g.jitsi.nordeck.corp
-
DNS CNAME record
forTURN
as an alias forJMS
e.g.turn.nordeck.corp
Both FQDNs must be resolvable. Test them using the following commands:
host jitsi.nordeck.corp
host turn.nordeck.corp
-
TCP/443
-
TCP/80
If Lets Encrypt is used -
TCP/5222
If there are additionalJVB
,Jibri
orVideo-SIP-Gateway
nodes which accessJMS
through the public IP -
UDP/10000
If the internalJVB
onJMS
will be kept enabled. It is enabled by default.
Login to the server as root
user
Download ni
, the Nordeck Installer script
cd /root
wget -O ni https://raw.githubusercontent.com/nordeck/bullseye-lxc-base/main/installer/ni
Download nordeck-jitsi.conf into /root/
folder:
cd /root
wget -O nordeck-jitsi.conf https://raw.githubusercontent.com/nordeck/bullseye-lxc-jitsi/main/installer/nordeck-jitsi.conf
And customize it if needed. For example add your FQDNs into it:
echo export JITSI_FQDN=jitsi.nordeck.corp >>nordeck-jitsi.conf
echo export TURN_FQDN=turn.nordeck.corp >>nordeck-jitsi.conf
Run the installer
cd /root
bash ni nordeck-jitsi
Let's say the host address of JMS
is jitsi.nordeck.corp
and the host address
of TURN
is turn.nordeck.corp
. To set the Let's Encrypt certificate:
set-letsencrypt-cert jitsi.nordeck.corp,turn.nordeck.corp
Be careful, no space between host addresses.
Debian 11 Bullseye
- At least 2 CPU cores
- At least 4 GB RAM
- At least 8 GB disk
-
UDP/10000
-
TCP/9090
The signaling port... This port must be accessible forJMS
-
TCP/22
SSH
port... This port must be accessible forJMS
Install openssh-server
if not already exists:
apt-get install openssh-server
The SSH public key of JMS
must be in /root/.ssh/authorized_keys
on JVB
.
Set JITSI_HOST
according to your Jitsi FQDN.
mkdir -p /root/.ssh
chmod 700 /root/.ssh
JITSI_HOST=jitsi.nordeck.corp
# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys
Login as root
to JMS
and run add-jvb-node
command using IP address of
JVB
:
add-jvb-node <JVB-IP-ADDRESS>
Debian 11 Bullseye
- At least 4 CPU cores for each
Jibri
instance. - At least 4 GB RAM for each
Jibri
instance. - At least 8 GB disk.
- More disk space if recorded files will be stored on this server.
- Maximum 16
Jibri
instances supported on a single server.
TCP/22
SSH
port... This port must be accessible forJMS
Install openssh-server
if not already exists:
apt-get install openssh-server
The SSH public key of JMS
must be in /root/.ssh/authorized_keys
on Jibri
.
Set JITSI_HOST
according to your Jitsi FQDN.
mkdir -p /root/.ssh
chmod 700 /root/.ssh
JITSI_HOST=jitsi.nordeck.corp
# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys
Login as root
to JMS
and run add-jibri-node
command using IP address of
Jibri
:
add-jibri-node <JIBRI-IP-ADDRESS>
Debian 11 Bullseye
- At least 8 CPU cores for each
video-sip-gateway
instance. - At least 8 GB RAM for each
video-sip-gateway
instance. - At least 8 GB disk.
- Maximum 4
video-sip-gateway
instances supported on a single server.
TCP/22
SSH
port... This port must be accessible forJMS
Install openssh-server
if not already exists:
apt-get install openssh-server
The SSH public key of JMS
must be in /root/.ssh/authorized_keys
on
video-sip-gateway
.
Set JITSI_HOST
according to your Jitsi FQDN.
mkdir -p /root/.ssh
chmod 700 /root/.ssh
JITSI_HOST=jitsi.nordeck.corp
# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys
Before adding the video-sip-gateway
node, update pjsua.config
template on
JMS
according to your environment. add-sip-node
command uses it to configure
the nodes.
The template file is in the nordeck-jitsi
container.
-
Path in container:
/root/meta/pjsua.config
-
Path on host:
/var/lib/lxc/nordeck-jitsi/rootfs/root/meta/pjsua.config
Add SIP account info into it using the following format:
--id "jitsi <sip:SIP_USER@SIP_SERVER_ADDRESS>"
--registrar "sip:SIP_SERVER_ADDRESS"
--realm "*"
--username "SIP_USER"
--password "SIP_PASSWORD"
Login as root
to JMS
and run add-sip-node
command using IP address of
video-sip-gateway
:
add-sip-node <SIP-IP-ADDRESS>
First, update the template files to change the PJSUA
configuration. The
template files are in the nordeck-jitsi
container.
-
Paths in container:
/root/meta/pjsua.config
/root/meta/env.sidecar.sip
-
Paths on host:
/var/lib/lxc/nordeck-jitsi/rootfs/root/meta/pjsua.config
/var/lib/lxc/nordeck-jitsi/rootfs/root/meta/env.sidecar.sip
Then run update-sip-config
command using IP address of video-sip-gateway
:
update-sip-config <SIP-IP-ADDRESS>
Be careful, if there is an active SIP session while running this command, it will be canceled.
Update /var/lib/lxc/nordeck-dialplan/rootfs/home/dialplan/app/dial-plan.json
to set available SIP peers for Jitsi
UI. This list is only accessible for
moderator users.
Debian 11 Bullseye
- At least 8 CPU cores
- At least 8 GB RAM
- At least 8 GB disk.
-
TCP/5060
andUDP/5060
SIP
ports... These ports must be open if there will be direct incomingSIP
call (a call from a remote SIP device without using a SIP server in the middle) -
TCP/22
SSH
port... This port must be accessible forJMS
Install openssh-server
if not already exists:
apt-get install openssh-server
The SSH public key of JMS
must be in /root/.ssh/authorized_keys
on
video-sip-gateway
.
Set JITSI_HOST
according to your Jitsi FQDN.
mkdir -p /root/.ssh
chmod 700 /root/.ssh
JITSI_HOST=jitsi.nordeck.corp
# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys
Login as root
to JMS
and run add-sip-vm
command using IP address of
video-sip-gateway
:
add-sip-vm <SIP-IP-ADDRESS>
Some ports are publicly open by default in VM setup. Don't forget to limit their accessibility by using a firewall if the network interface is publicly accessible for this VM.
Publicly open ports:
TCP/2222
, Jibri's external APITCP/3333
, Jibri's internal APITCP/8017
, component-sidecar