cimnine.jitsi_meet
jitsi_meet
An Ansible role for installing Jitsi Meet.
Introduction
This is an Ansible role to install Jitsi Meet using nginx as a TLS proxy and (optionally) a Let's Encrypt certificate via certbot on Ubuntu Bionic (18.04).
Requirements
- You need a domain that points to your server to use Let's Encrypt.
- Your firewall must allow the following ports: 80/tcp, 443/tcp, 4443/tcp, 10000/udp.
- If your server is behind a NAT, ensure these ports are forwarded.
Role Variables
apt_mirror: On Ubuntu, the universe repository must be enabled. This variable specifies your system mirror. Default ishttp://archive.ubuntu.com/ubuntu.jitsi_domain: The domain where Jitsi will be accessible. Must be a domain name if using Let's Encrypt; can be an IP address otherwise. Default is{{ inventory_hostname }}.certbot_enabled: Whether to install certbot and get a certificate for{{ jitsi_domain }}. Default isfalse.certbot_admin_email: The email address for Let's Encrypt registration. Required ifcertbot_enabled=true. No default value.jitsi_nat: If you are running Jitsi Meet behind a NAT. Default isfalse. If true, you need to setjitsi_nat_local_ipandjitsi_nat_public_ip.jitsi_nat_public_ip: The public IP of your Jitsi Meet host. Default is the IPv4 given by ipify.jitsi_nat_private_ip: The private IP of your Jitsi Meet host. Default is the IPv4 Ansible sees as default for the host.nginx_server_names_hash_bucket_size: Theserver_names_hash_bucket_sizein nginx. Will be set in the globalnginx.confifnginx_modify_server_names_hash_bucket_sizeistrue. Default is64.nginx_modify_server_names_hash_bucket_size: Whether to modifyserver_names_hash_bucket_sizein the globalnginx.conf. Default istrue.
For more configuration settings related to certbot, check geerlingguy/ansible-role-certbot/.../defaults/main.yml.
Dependencies
Depends on the geerlingguy.certbot Ansible role for Let's Encrypt / certbot tasks:
ansible-galaxy install geerlingguy.certbot
Quickstart
# on macOS using Homebrew
brew install ansible
# on Debian
sudo apt update
sudo apt install software-properties-common
sudo apt-add-repository --yes --update ppa:ansible/ansible
sudo apt install ansible
# or using Python / pip
sudo python3 -m pip install ansible
Set up a new server with Ubuntu 18.04 or obtain one from Digital Ocean, Vultr, Hetzner Cloud, Cloudscale, Azure, Google Cloud, AWS, etc.
Ensure you can log in using your SSH key:
ssh-copy-id [email protected]
ssh [email protected]
Create an inventory file:
# jitsi.ini
[jitsi]
my-jitsi-server.com jitsi_domain=my-jitsi-server.com [email protected]
[jitsi:vars]
ansible_user=ubuntu
ansible_become=yes # set to `no` if you log in as root
apt_mirror=http://archive.ubuntu.com/ubuntu # change to your current mirror
certbot_enabled=yes
jitsi_nat=no # enable if your server is behind a NAT.
Create a playbook file:
# jitsi.yml
- hosts: jitsi
roles:
- cimnine.jitsi_meet
Install the required dependencies:
ansible-galaxy install cimnine.jitsi_meet
ansible-galaxy install geerlingguy.certbot
Run the playbook on the inventory:
# if `sudo` on your server does not require a password:
ansible-playbook -i jitsi.ini jitsi.yml
# if `sudo` on your server requires a password:
ansible-playbook -K -i jitsi.ini jitsi.yml
Configuration
Jitsi Meet can be configured through this Ansible role. To do this, the file /etc/jitsi/meet/{{ jitsi_domain }}-config.js will be replaced with a file managed by this role.
To enable this, set the variable: managed_jitsi_config to yes.
Add the last line to your jitsi.ini:
# jitsi.ini
[jitsi]
my-jitsi-server.com jitsi_domain=my-jitsi-server.com [email protected]
[jitsi:vars]
ansible_user=ubuntu
ansible_become=yes
apt_mirror=http://archive.ubuntu.com/ubuntu # change to your current mirror
certbot_enabled=yes
jitsi_nat=no
managed_jitsi_config=yes # manage your Jitsi config with this role
Then define all required configuration variables. The defaults can be found in defaults/main.yml. Provide all variables, not only those you want to change! Be careful with empty variables like analytics: {}: due to Jitsi’s workings, this must be an empty object and not null.
All settings and their effects are documented in jitsi-meet config.js.
A simple example is:
jitsi_config:
hosts:
domain: "{{ jitsi_domain }}"
muc: "conference.{{ jitsi_domain }}"
bosh: "//{{ jitsi_domain }}/http-bind"
clientNode: "http://jitsi.org/jitsimeet"
testing:
enableFirefoxMulticast: false
p2pTestMode: false
desktopSharingChromeExtId: null
desktopSharingChromeSources: [ 'screen', 'window', 'tab' ]
desktopSharingChromeMinExtVersion: '0.1'
channelLastN: -1
enableWelcomePage: true
enableUserRolesBasedOnToken: false
p2p:
enabled: true
stunServers:
- urls: 'stun:stun.l.google.com:19302'
- urls: 'stun:stun1.l.google.com:19302'
- urls: 'stun:stun2.l.google.com:19302'
preferH264: true
analytics: {}
deploymentInfo: {}
localRecording: {}
e2eping: {}
deploymentUrls: {}
Note:
The requirements for config.js may change anytime when updating Jitsi Meet, and upstream does not communicate much about this. Check any CHANGELOG and announcements from the Jitsi Meet project for any new required values before updating.
Note:
The structure is case-sensitive and must match the variable settings in config.js exactly. For example, webrctIceUdpDisable is not the same as WebRTCIceUDPDisable. Jitsi inconsistently names variables (e.g., mixes URL and Url), so pay attention to the exact name.
Uninstall
The following commands will help you remove the installation. They might not delete every file, but it's enough to start over if something went wrong.
systemctl stop jitsi-videobridge
systemctl disable jitsi-videobridge
apt-get purge -y jigasi jitsi-meet jitsi-meet-web-config jitsi-meet-prosody jitsi-meet-web jicofo jitsi-videobridge
systemctl stop nginx
systemctl disable nginx
apt-get purge -y nginx nginx-common nginx-full
apt purge certbot
rm -rf /etc/jitsi /etc/nginx /etc/letsencrypt
crontab -e -u root
reboot
License
MIT
Install jitsi-meet with nginx and (optionally) certbot
ansible-galaxy install cimnine.jitsi_meet