Installation of serverside components for video conferencing

This document describes the installation of Videoconferencing backend.

You will need a server with the latest stable Debian installed and you should be able to create DNS records for your chosen domain.

In this installation guide we will install the following items on the machine:

  • Jisti backend
  • Web UI frontend
  • Conference management server
  • SSO server

Different parts are distributed in different ways:

  • Jitsi backend: Debian packages, Luarocks packages, zip package.
  • Web UI frontend: zip package
  • Conference management server (and possibly SSO server): Our docker repository
  • videobridge (possibly multiple videobridge servers): Debian repository

The DNS names for this tutorial will be

  • conf.example.com for your backend
  • ui.conf.example.com for Web UI frontend
  • conferencing-management.example.com
  • sso.example.com for SSO

Videobridge does not need any DNS name.

Download the zipfile from Acrobits with some additional files. We will use them during installation.

This is the address of the zipfile: https://dist.acrobits.net/conference-files/conference-files.zip

Jitsi backend

Begin the installation by enabling our Debian repository

Note

This step is the same as in the SIPIS installation guide.

Note

You can use the official Jitsi repositories instead of our repository. We just keep the package version that is known to work.

wget -O - https://dist.acrobits.cz/debian/acrobits.gpg.key | apt-key add -

Create file /etc/apt/sources.list.d/Acrobits.list with

deb http://username:password@dist.acrobits.cz/debian buster main

Start by installing the package jitsi-videobridge2. The installation will ask for your domain (conf.example.com in this guide).

Stop and disable the jitsi-videobridge2 service using appropriate systemctl commands, unless you expect low traffic and wish to use the same machine for your videobridge.

Keep the files from /etc/jitsi/videobridge. You will need them later.

Then install the following packages:

  • jitsi-meet-prosody
  • jicofo
  • nginx
  • luarocks
  • liblua5.2-dev

Use luarocks to install packages basexx and net-url:

luarocks install basexx
luarocks install net-url

Additional files we will use in this section are from our Zip package in backend directory.

Apply the patch from the zip file. That is, run the following command:

patch /usr/lib/prosody/modules/muc/muc.lib.lua < muc_owner_allow_kick.patch

Replace file /usr/share/jitsi-meet/prosody-plugins/mod_token_verification.lua with the one from our zipfile.

Place file mod_muc_status.lua to /usr/share/jitsi-meet/prosody-plugins/.

Run luarocks make in luajwtjitsi directory from our ZIP file. This will install fixed version of luajwtjitsi package.

Open the prosody configuration file for your server: /etc/prosody/conf.d/conf.example.com.cfg.lua

Note

In the following steps, replace conf.example.com with your domain.

Add the following to the top of the file, just below plugin_paths:

admins = { "focus@auth.conf.example.com" }

Change cross_domain_bosh to true.

In section for your domain (VirtualHost "conf.example.com") set the following

authentication = "token"
app_id="acrobits_csp"
asap_key_server = "https://conf.example.com/conferencing/public-keys"
enable_domain_verification = true

Also add the following modules to the modules_enabled section

  • presence_identity
  • muc_status

In the conference subdomain section (under Component "conference.conf.example.com" "muc") set the same app_id and asap_key_server as in previous main section. Enable module token_verification and set restrict_room_creation = "local"

Get the TLS certificate for your domain (conf.example.com in this guide) and for your auth subdomain (auth.conf.example.com). Place the certificate (along with keys) into /etc/prosody/certs. You should have the following files there:

  • auth.conf.example.com.crt
  • auth.conf.example.com.key
  • conf.example.com.crt
  • conf.example.com.key

Make sure that the access rights of the certificates and keys are set so that prosody can access them.

Note

auth subdomain is used for connection from videobridges to prosody. It is not strictly necessary to use valid certificate here, but if you use self signed certificate, you need to configure your videobridges to accept it.

Make sure that /etc/jitsi/jicofo/sip-communicator.properties contains

org.jitsi.jicofo.auth.URL=XMPP:conf.example.com

Place config.js file from our zipfile to /var/www/conferencing/config.js. Edit it and replace all occurences of conf.example.com with your domain. Also replace ui.conf.example.com with the domain for your web UI.

The nginx configuration file for the backend is nginx_backend.conf. Place it into /etc/nginx/sites-enabled and edit the server name and paths to your certificates.

Restart services prosody, nginx and jicofo.

Conferencing management server

Conferencing management server is a service that controls access to your conference server. It uses a SSO server and an external authentication service to check the user’s credentials.

Start by installing Docker and Docker Compose. Then add our Docker registry.

docker login -u customer -p Aen1ieB5sh docker.acrobits.net

There are three options for how to install conference management server:

# You do not have your own SSO server. # You have one but wish to run conference management server on a different machine # You have one and wish to run conference management server on the same machine

Without own SSO

In this section we will use files in conferencing-management/separate_sso directory in provided ZIP file.

Place a file application.yml to /etc/acrobits/conferencing_management/application.yml.

Create a directory (let’s call it conferencing somewhere on the server and place the file docker-compose.yml there. Then run docker-compose up -d in this directory. This should download the needed docker images and start them up.

Install nginx (using Debian package manager) and place nginx_conferencing.conf into /etc/nginx/sites-enabled/. Edit it and change the domain name and paths to the TLS certificate and key. Then reload the nginx configuration.

With own SSO on a different machine

The procedure is identical to the previous case. The only difference is that you need to edit the file /etc/acrobits/conferencing_management/application.yml and put the address of your SSO server there.

With SSO on the same machine

Find snippets of configuration files in with_sso directory.

Edit docker-compose.yml that you used for your current SSO and Contact server installation. Add an additional service section to it with the content from docker-compose.snip. Then run docker-compose up -d to start it.

Then edit the nginx configuration and add an additional location section with the content from nginx_conferencing.snip. Reload the nginx configuration.

Web GUI

Warning

This part is not yet available.

Install nginx from Debian packages.

Download the package with Web GUI. Unpack it into /var/www/conferencing/conferencing (you should have a file /var/www/conferencing/conferencing/index.html there).

Place ui.conf into /etc/nginx/sites-enabled and edit it to set the TLS certificate and the server name. Reload nginx.

Videobridge

Enable our Debian repository. Then install package jitsi-videobridge2.

Replace the file /etc/jitsi/videobridge/sip-communicator.properties with the one from your backend server and change the item org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME to a different random string (every videobridge needs to have a different MUC_NICKNAME). Restart the service jitsi-videobridge2.

Note

You can use command uuid to generate a random nickname for your videobridge.