Ceci est une ancienne révision du document !
Install Jitsi on CentOS 7
This page give needed steps to install and configure Jitsi on a CentOS server. If like me, you're not a big Docker fan, and you're happier with EL based systems instead of Debian, it might be useful to you. In this guide, you'll learn :
- How to build latest versions of all components
- Get a working install with prosody, jicofo, meet, videobridge
- Configure jigasi and integrate it with an Asterisk/FreePBX server to have both inbound and outbound phone call from a Jitsi conference
- Integrate Etherpad
Jitsi is composed of several components, and also relies on 3rd party ones. Here is a quick overview of which are using for what :
- An XMPP server is needed to route messages between all those components. We will use prosody for this
- Videobridge is the SFU1). It will receive all the video and audio streams, and handle relay to the other participants
- Jicofo is the component which will handle stream negociation and room management
- Meet is the user interface of Jitsi. It's also available as an mobile app and an Electron desktop app (but here we'll install the web interface only)
- Jigasi is a SIP gateway. It can register on a SIP server and bridge phones and Jitsi rooms. Both outbound (call phone numbers from Jitsi) and inbound (join Jitsi rooms from a phone) are possible
- ConferenceMapper API is a small daemon needed for inbound calls to work. It'll associate a PIN to each Jitsi room and is needed so that a phone call can be routed to the correct Jitsi room
In this example, will use visio.fws.fr as jitsi domain name. You'll need to adapt this
Enable EPEL repo
If not already done
yum install epel-release
Install prosody
Prosody is available in EPEL, so we can install it easily
mkdir -p /opt/prosody/modules yum install prosody lua-ldap lua-cyrussasl
Jitsi can also use some 3rd party prosody modules
for MOD in https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/ext_events.lib.lua \ https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/util.lib.lua \ https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/mod_speakerstats.lua \ https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/mod_speakerstats_component.lua \ https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/mod_turncredentials.lua \ https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/mod_conference_duration.lua \ https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/mod_conference_duration_component.lua \ https://raw.githubusercontent.com/prosody-modules/mod_auth_ldap/master/mod_auth_ldap.lua ; do wget -P /opt/prosody/modules $MOD done
Now, lets configure it
cat <<_EOF > /etc/prosody.cfg.lua plugin_paths = { "/opt/prosody/modules" } admins = { } modules_enabled = { "roster"; "saslauth"; "tls"; "dialback"; "disco"; "carbons"; "pep"; "private"; "blocklist"; "vcard4"; "vcard_legacy"; "version"; "uptime"; "time"; "ping"; "register"; "admin_adhoc"; "bosh"; "pubsub"; } modules_disabled = { } allow_registration = false c2s_require_encryption = true s2s_require_encryption = true s2s_secure_auth = false c2s_ports = { 5222, } s2s_port = { 5269, } http_port = { 5280, } component_ports = { 5347, } component_interface = "0.0.0.0" authentication = "internal_hashed" log = { info = "*syslog"; error = "*syslog"; } certificates = "/etc/pki/prosody/"; pidfile = "/run/prosody/prosody.pid"; daemonize = false; VirtualHost "localhost" Include "conf.d/*.cfg.lua" _EOF cat <<_EOF > /etc/prosody/conf.d/jitsi.cfg.lua muc_mapper_domain_base = "visio.fws.fr"; admins = { "focus@auth.visio.fws.fr" } http_default_host = "visio.fws.fr" -- If you have a turn server, you can configure it here -- turncredentials_secret = "TURN_SECRET"; -- turncredentials = { -- { -- type = "turns", -- host = "turn.example.net", -- port = "3478", -- transport = "udp" -- } -- }; cross_domain_bosh = false; cross_domain_websocket = true; consider_bosh_secure = true; VirtualHost "visio.fws.fr" authentication = "anonymous" ssl = { key = "/etc/prosody/certs/jitsi.key"; certificate = "/etc/prosody/certs/jitsi.crt"; } modules_enabled = { "bosh"; "pubsub"; "ping"; "websocket"; "turncredentials"; "speakerstats"; "conference_duration"; } c2s_require_encryption = false allow_unencrypted_plain_auth = true speakerstats_component = "speakerstats.visio.fws.fr" conference_duration_component = "conferenceduration.visio.fws.fr" VirtualHost "auth.visio.fws.fr" ssl = { key = "/etc/prosody/certs/jitsi.key"; certificate = "/etc/prosody/certs/jitsi.crt"; } authentication = "internal_hashed" c2s_require_encryption = false Component "conference.visio.fws.fr" "muc" storage = "memory" modules_enabled = { "ping"; } muc_room_locking = false muc_room_default_public_jids = true Component "internal.auth.visio.fws.fr" "muc" storage = "memory" modules_enabled = { "ping"; } muc_room_cache_size = 1000 Component "focus.visio.fws.fr" component_secret = FOCUS_COMPONENT_SECRET" Component "speakerstats.visio.fws.fr" "speakerstats_component" muc_component = "conference.visio.fws.fr" Component "conferenceduration.visio.fws.fr" "conference_duration_component" muc_component = "conference.visio.fws.fr" _EOF
Now we can start and enable the daemon
systemctl enable --now prosody
And we have to create some xmpp user accounts which will be used by Jitsi (adapt the passwords of course)
prosodyctl register jvb auth.visio.fws.fr JVB_XMPP_PASS prosodyctl register focus auth.visio.fws.fr FOCUS_XMPP_PASS prosodyctl register jigasi auth.visio.fws.fr JIGASI_XMPP_PASS
Install a recent maven
Maven is available with yum, but its version is too old to build videobridge. So we'll install a newer one
yum install java-1.8.0-openjdk
mkdir -p /opt/maven/apache-maven/ wget https://miroir.univ-lorraine.fr/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz tar xvzf apache-maven-3.6.3-bin.tar.gz rsync -rvP --del apache-maven-3.6.3/ /opt/maven/apache-maven/ rm -rf apache-maven-3.6.3-bin.tar.gz apache-maven-3.6.3/ cat <<_EOF > /etc/profile.d/maven.sh #!/bin/sh export JAVA_HOME=/usr/lib/jvm/jre-openjdk export M2_HOME=/opt/maven/apache-maven export MAVEN_HOME=/opt/maven/apache-maven export PATH=${M2_HOME}/bin:${PATH} _EOF chmod +x /etc/profile.d/maven.sh exec bash
Create a jitsi user
useradd -d /opt/jitsi jitsi
Install Videobridge
yum install git
mkdir /opt/jitsi/{src,videobridge} cd /opt/jitsi/src git clone https://github.com/jitsi/jitsi-videobridge.git cd jitsi-videobridge /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
unzip target/jitsi-videobridge-2.1-SNAPSHOT-archive.zip -d /tmp/ rsync -rvP --del /tmp/jitsi-videobridge-2.1-SNAPSHOT/ /opt/jitsi/videobridge/ rm -rf /tmp/jitsi-videobridge-2.1-SNAPSHOT/
Now we have to configure videobridge
mkdir -p /opt/jitsi/etc/videobridge cat <<_EOF > /opt/jitsi/etc/videobridge/videobridge.conf JVB_OPTS="--apis=rest" JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/opt/jitsi/etc -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge" _EOF cat <<_EOF > /opt/jitsi/etc/videobridge/sip-communicator.properties org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=10000 org.jitsi.videobridge.TCP_HARVESTER_PORT=4443 org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false org.ice4j.ipv6.DISABLED=true # If behind NAT, set your private, and public IP here # org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.99.2.19 # org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=10.11.12.13 org.jitsi.videobridge.ENABLE_STATISTICS=true org.jitsi.videobridge.STATISTICS_TRANSPORT=muc org.jitsi.videobridge.STATISTICS_INTERVAL=5000 org.jitsi.videobridge.xmpp.user.acc1.HOSTNAME=jitsi.fws.fr org.jitsi.videobridge.xmpp.user.acc1.DOMAIN=auth.visio.fws.fr org.jitsi.videobridge.xmpp.user.acc1.USERNAME=jvb org.jitsi.videobridge.xmpp.user.acc1.PASSWORD=JVB_PASSWORD org.jitsi.videobridge.xmpp.user.acc1.MUC_JIDS=JvbBrewery@internal.auth.visio.fws.fr # This is just a nickname for the videobridge. # If you run several videobridge instances, make sure each one uses a unique name org.jitsi.videobridge.xmpp.user.acc1.MUC_NICKNAME=jitsi.fws.fr _EOF
Now we'll create a systemd unit for the videobridge service
mkdir -p /etc/systemd/system cat <<_EOF > /etc/systemd/system/jitsi-videobridge.service [Unit] Description=Jitsi Videobridge After=network.target [Service] Type=simple SuccessExitStatus=143 EnvironmentFile=/opt/jitsi/etc/videobridge/videobridge.conf User=jitsi Group=jitsi PrivateTmp=true PrivateDevices=true ProtectHome=true ProtectSystem=full ReadOnlyDirectories=/opt/jitsi/etc /opt/jitsi/videobridge Restart=on-failure StartLimitInterval=0 RestartSec=30 # more threads for this process TasksMax=65000 # allow more open files for this process LimitNPROC=65000 LimitNOFILE=65000 ExecStart=/opt/jitsi/videobridge/jvb.sh ${JVB_OPTS} [Install] WantedBy=multi-user.target _EOF systemctl daemon-reload systemctl enable --now jitsi-videobridge
Install Jicofo
cd /opt/jitsi/src git clone https://github.com/jitsi/jicofo.git cd jicofo /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false unzip target/jicofo-1.1-SNAPSHOT-archive.zip -d /tmp mkdir -p /opt/jitsi/jicofo rsync -rvP --del /tmp/jicofo-1.1-SNAPSHOT/ /opt/jitsi/jicofo/
Now that jicofo is installed, it must be configured
mkdir -p /opt/jitsi/etc/jicofo cat <<_EOF > /opt/jitsi/etc/jicofo/jicofo.conf JICOFO_HOST=jitsi.fws.fr JICOFO_DOMAIN=visio.fws.fr JICOFO_USER=focus JICOFO_USERDOMAIN=auth.visio.fws.fr JICOFO_SECRET='FOCUS_COMPONENT_SECRET' JICOFO_USER_PASS='FOCUS_XMPP_PASS' JICOFO_OPTS='' JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/opt/jitsi/etc -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo" _EOF cat <<_EOF > /opt/jitsi/etc/jicofo/sip-communicator.properties org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.visio.fws.fr # Comment this line if you do not intend to use Jigasi org.jitsi.jicofo.jigasi.BREWERY=JigasiBrewery@internal.auth.visio.fws.fr _EOF
Now we can create a systemd unit and start jicofo
cat <<_EOF > /etc/systemd/system/jitsi-jicofo.service [Unit] Description=Jitsi Conference Focus After=network.target [Service] Type=simple SuccessExitStatus=143 EnvironmentFile=/opt/jitsi/etc/jicofo/jicofo.conf User=jitsi Group=jitsi PrivateTmp=true PrivateDevices=true ProtectHome=true ProtectSystem=full ReadOnlyDirectories=/opt/jitsi/etc /opt/jitsi/jicofo Restart=on-failure StartLimitInterval=0 RestartSec=30 ExecStart=/opt/jitsi/jicofo/jicofo.sh \ --host=${JICOFO_HOST} \ --domain=${JICOFO_DOMAIN} \ --secret=${JICOFO_SECRET} \ --user_domain=${JICOFO_USERDOMAIN} \ --user_name=${JICOFO_USER} \ --user_password=${JICOFO_USER_PASS} \ ${JICOFO_OPT} [Install] WantedBy=multi-user.target _EOF systemctl daemon-reload systemctl enable --now jitsi-jicofo