cimnine.jitsi_meet

jitsi_meet

An Ansible role for installing Jitsi Meet.

Introduction

This is an Ansible role to install Jitsi Meet using nginx as a TLS proxy and (optionally) a Let's Encrypt certificate via certbot on Ubuntu Bionic (18.04).

Requirements

  • You need a domain that points to your server to use Let's Encrypt.
  • Your firewall must allow the following ports: 80/tcp, 443/tcp, 4443/tcp, 10000/udp.
    • If your server is behind a NAT, ensure these ports are forwarded.

Role Variables

  • apt_mirror: On Ubuntu, the universe repository must be enabled. This variable specifies your system mirror. Default is http://archive.ubuntu.com/ubuntu.
  • jitsi_domain: The domain where Jitsi will be accessible. Must be a domain name if using Let's Encrypt; can be an IP address otherwise. Default is {{ inventory_hostname }}.
  • certbot_enabled: Whether to install certbot and get a certificate for {{ jitsi_domain }}. Default is false.
  • certbot_admin_email: The email address for Let's Encrypt registration. Required if certbot_enabled=true. No default value.
  • jitsi_nat: If you are running Jitsi Meet behind a NAT. Default is false. If true, you need to set jitsi_nat_local_ip and jitsi_nat_public_ip.
  • jitsi_nat_public_ip: The public IP of your Jitsi Meet host. Default is the IPv4 given by ipify.
  • jitsi_nat_private_ip: The private IP of your Jitsi Meet host. Default is the IPv4 Ansible sees as default for the host.
  • nginx_server_names_hash_bucket_size: The server_names_hash_bucket_size in nginx. Will be set in the global nginx.conf if nginx_modify_server_names_hash_bucket_size is true. Default is 64.
  • nginx_modify_server_names_hash_bucket_size: Whether to modify server_names_hash_bucket_size in the global nginx.conf. Default is true.

For more configuration settings related to certbot, check geerlingguy/ansible-role-certbot/.../defaults/main.yml.

Dependencies

Depends on the geerlingguy.certbot Ansible role for Let's Encrypt / certbot tasks:

ansible-galaxy install geerlingguy.certbot

Quickstart

Install Ansible:

# on macOS using Homebrew
brew install ansible

# on Debian
sudo apt update
sudo apt install software-properties-common
sudo apt-add-repository --yes --update ppa:ansible/ansible
sudo apt install ansible

# or using Python / pip
sudo python3 -m pip install ansible

Set up a new server with Ubuntu 18.04 or obtain one from Digital Ocean, Vultr, Hetzner Cloud, Cloudscale, Azure, Google Cloud, AWS, etc.

Ensure you can log in using your SSH key:

ssh-copy-id [email protected]
ssh [email protected]

Create an inventory file:

# jitsi.ini
[jitsi]
my-jitsi-server.com jitsi_domain=my-jitsi-server.com [email protected]

[jitsi:vars]
ansible_user=ubuntu
ansible_become=yes # set to `no` if you log in as root
apt_mirror=http://archive.ubuntu.com/ubuntu # change to your current mirror
certbot_enabled=yes
jitsi_nat=no # enable if your server is behind a NAT.

Create a playbook file:

# jitsi.yml
- hosts: jitsi
  roles:
      - cimnine.jitsi_meet

Install the required dependencies:

ansible-galaxy install cimnine.jitsi_meet
ansible-galaxy install geerlingguy.certbot

Run the playbook on the inventory:

# if `sudo` on your server does not require a password:
ansible-playbook -i jitsi.ini jitsi.yml

# if `sudo` on your server requires a password:
ansible-playbook -K -i jitsi.ini jitsi.yml

Configuration

Jitsi Meet can be configured through this Ansible role. To do this, the file /etc/jitsi/meet/{{ jitsi_domain }}-config.js will be replaced with a file managed by this role.

To enable this, set the variable: managed_jitsi_config to yes.

Add the last line to your jitsi.ini:

# jitsi.ini
[jitsi]
my-jitsi-server.com jitsi_domain=my-jitsi-server.com [email protected]
[jitsi:vars]
ansible_user=ubuntu
ansible_become=yes
apt_mirror=http://archive.ubuntu.com/ubuntu # change to your current mirror
certbot_enabled=yes
jitsi_nat=no
managed_jitsi_config=yes  # manage your Jitsi config with this role

Then define all required configuration variables. The defaults can be found in defaults/main.yml. Provide all variables, not only those you want to change! Be careful with empty variables like analytics: {}: due to Jitsi’s workings, this must be an empty object and not null.

All settings and their effects are documented in jitsi-meet config.js.

A simple example is:

jitsi_config:
  hosts:
    domain: "{{ jitsi_domain }}"
    muc: "conference.{{ jitsi_domain }}"
  bosh: "//{{ jitsi_domain }}/http-bind"
  clientNode: "http://jitsi.org/jitsimeet"
  testing:
    enableFirefoxMulticast: false
    p2pTestMode: false
  desktopSharingChromeExtId: null
  desktopSharingChromeSources: [ 'screen', 'window', 'tab' ]
  desktopSharingChromeMinExtVersion: '0.1'
  channelLastN: -1
  enableWelcomePage: true
  enableUserRolesBasedOnToken: false
  p2p:
    enabled: true
    stunServers:
      - urls: 'stun:stun.l.google.com:19302'
      - urls: 'stun:stun1.l.google.com:19302'
      - urls: 'stun:stun2.l.google.com:19302'
    preferH264: true
  analytics: {}
  deploymentInfo: {}
  localRecording: {}
  e2eping: {}
  deploymentUrls: {}

Note: The requirements for config.js may change anytime when updating Jitsi Meet, and upstream does not communicate much about this. Check any CHANGELOG and announcements from the Jitsi Meet project for any new required values before updating.

Note: The structure is case-sensitive and must match the variable settings in config.js exactly. For example, webrctIceUdpDisable is not the same as WebRTCIceUDPDisable. Jitsi inconsistently names variables (e.g., mixes URL and Url), so pay attention to the exact name.

Uninstall

The following commands will help you remove the installation. They might not delete every file, but it's enough to start over if something went wrong.

systemctl stop jitsi-videobridge
systemctl disable jitsi-videobridge
apt-get purge -y jigasi jitsi-meet jitsi-meet-web-config jitsi-meet-prosody jitsi-meet-web jicofo jitsi-videobridge

systemctl stop nginx
systemctl disable nginx
apt-get purge -y nginx nginx-common nginx-full

apt purge certbot

rm -rf /etc/jitsi /etc/nginx /etc/letsencrypt

crontab -e -u root

reboot

License

MIT

Informazioni sul progetto

Install jitsi-meet with nginx and (optionally) certbot

Installa
ansible-galaxy install cimnine.jitsi_meet
Licenza
mit
Download
663
Proprietario
Called myself «serious software architect» as a joke, then ended up sticking to that.