tuto:linux_divers:jitsi

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Prochaine révision 		Révision précédente
tuto:linux_divers:jitsi [24/04/2020 12:30]
dani 		tuto:linux_divers:jitsi [28/05/2020 11:22] (Version actuelle)
dani [Install Jitsi on CentOS 7]
Ligne 1: Ligne 1:
 ====== Install Jitsi on CentOS 7 ====== ====== Install Jitsi on CentOS 7 ======
  
-This page give needed steps to install and configure Jitsi on a CentOS server. If like me, you're not a big Docker fan, and you're happier with EL based systems instead of Debian, it might be useful to you. In this guide, you'll learn :+This page gives the needed steps to install and configure Jitsi on a CentOS server. If like me, you're not a big Docker fan, and you're happier with EL based systems, it might be useful to you. In this guide, you'll learn :
   * How to build latest versions of all components   * How to build latest versions of all components
   * Get a working install with prosody, jicofo, meet, videobridge   * Get a working install with prosody, jicofo, meet, videobridge
Ligne 8: Ligne 8:
  
 <note tip>We deploy all this with ansible, see [[https://git.fws.fr/fws/ansible-roles/src/branch/master/roles/prosody|prosody]] [[https://git.fws.fr/fws/ansible-roles/src/branch/master/roles/jitsi|jitsi]] and [[https://git.fws.fr/fws/ansible-roles/src/branch/master/roles/jitsi_videobridge|jitsi videobridge]] <note tip>We deploy all this with ansible, see [[https://git.fws.fr/fws/ansible-roles/src/branch/master/roles/prosody|prosody]] [[https://git.fws.fr/fws/ansible-roles/src/branch/master/roles/jitsi|jitsi]] and [[https://git.fws.fr/fws/ansible-roles/src/branch/master/roles/jitsi_videobridge|jitsi videobridge]]
-This page are just some notes to help you setting this up if you don't want to play with ansible. It might be out of date though+This page are just some notes to help you setting this up if you don't want to play with ansible. But ansible is our recommanded way to deploy it
 </note> </note>
  
 Jitsi is composed of several components, and also relies on 3rd party ones. Here is a quick overview of which are using for what : Jitsi is composed of several components, and also relies on 3rd party ones. Here is a quick overview of which are using for what :
  
-  * An XMPP server is needed to route messages between all those components. We will use prosody for this+  * An XMPP server is needed to route messages between all the components. We will use prosody for this
   * Videobridge is the SFU((Selective Forwarding Unit)). It will receive all the video and audio streams, and handle relay to the other participants   * Videobridge is the SFU((Selective Forwarding Unit)). It will receive all the video and audio streams, and handle relay to the other participants
   * Jicofo is the component which will handle stream negociation and room management   * Jicofo is the component which will handle stream negociation and room management
Ligne 20: Ligne 20:
   * ConferenceMapper API is a small daemon needed for inbound calls to work. It'll associate a PIN to each Jitsi room and is needed so that a phone call can be routed to the correct Jitsi room   * ConferenceMapper API is a small daemon needed for inbound calls to work. It'll associate a PIN to each Jitsi room and is needed so that a phone call can be routed to the correct Jitsi room
  
-In this example, will use visio.fws.fr as jitsi domain name. You'll need to adapt this+In this example, we will use visio.fws.fr as jitsi domain name. You'll need to adapt this
  
 <note tip>This how to assume you already have a valid SSL cert in /etc/prosody/certs/jitsi.crt with its private key /etc/prosody/certs/jitsi.key.</note> <note tip>This how to assume you already have a valid SSL cert in /etc/prosody/certs/jitsi.crt with its private key /etc/prosody/certs/jitsi.key.</note>
Ligne 49: Ligne 49:
            mod_conference_duration.lua \            mod_conference_duration.lua \
            mod_conference_duration_component.lua; do            mod_conference_duration_component.lua; do
-  wget -P /opt/prosody/modules https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/$MOD+  wget -P /opt/prosody/modules 
 +    https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/$MOD
 done done
-wget -P /opt/prosody/modules https://raw.githubusercontent.com/prosody-modules/mod_auth_ldap/master/mod_auth_ldap.lua+wget -P /opt/prosody/modules 
 +  https://raw.githubusercontent.com/prosody-modules/mod_auth_ldap/master/mod_auth_ldap.lua
 </code> </code>
  
-Now, lets configure it+Now, lets configure it. Edit /etc/prosody/prosody.cfg.lua
  
-<code bash> +<file prosody.cfg.lua lua>
-cat <<_EOF > /etc/prosody.cfg.lua+
  
 plugin_paths = { "/opt/prosody/modules" } plugin_paths = { "/opt/prosody/modules" }
Ligne 120: Ligne 121:
  
 Include "conf.d/*.cfg.lua" Include "conf.d/*.cfg.lua"
 +</file>
  
-_EOF +Now edit **/etc/prosody/conf.d/jitsi.cfg.lua**
- +
-cat <<_EOF > /etc/prosody/conf.d/jitsi.cfg.lua+
  
 +<file jitsi.cfg.lua lua>
 muc_mapper_domain_base = "visio.fws.fr"; muc_mapper_domain_base = "visio.fws.fr";
 admins = { "focus@auth.visio.fws.fr" } admins = { "focus@auth.visio.fws.fr" }
Ligne 194: Ligne 195:
   muc_component = "conference.visio.fws.fr"   muc_component = "conference.visio.fws.fr"
  
-_EOF +</file>
-</code>+
  
 Now we can start and enable the daemon Now we can start and enable the daemon
Ligne 214: Ligne 214:
 Maven is available with yum, but its version is too old to build videobridge. So we'll install a newer one Maven is available with yum, but its version is too old to build videobridge. So we'll install a newer one
 <code bash> <code bash>
-yum install java-1.8.0-openjdk+yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel
 </code> </code>
 <code bash> <code bash>
Ligne 332: Ligne 332:
 systemctl enable --now jitsi-videobridge systemctl enable --now jitsi-videobridge
 </code> </code>
 +
 +<note tip>You have to open ports TCP/4443 and UDP/10000. Those ports must be reachable by participants when they join a room. Unless you use a TURN server</note>
  
 ===== Install Jicofo ===== ===== Install Jicofo =====
Ligne 403: Ligne 405:
 systemctl enable --now jitsi-jicofo systemctl enable --now jitsi-jicofo
 </code> </code>
 +
 +You should check your logs now to be sure jicofo discover your videobridge.
  
 ===== Install Meet ===== ===== Install Meet =====
 +
 +It's time to install the Meet interface now.
 +
 +<code bash>
 +cat <<_EOF > /etc/yum.repos.d/nodejs.repo
 +[nodejs]
 +baseurl = https://rpm.nodesource.com/pub_12.x/el/7/$basearch
 +gpgcheck = 1
 +gpgkey = https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
 +name = Node.js Packages for Enterprise Linux
 +_EOF
 +yum install nodejs
 +</code>
 +
 +<code bash>
 +cd /opt/jitsi/src/
 +git clone https://github.com/jitsi/jitsi-meet.git
 +cd jitsi-meet
 +npm i
 +make
 +</code>
 +
 +This should build Jitsi Meet. We now can put it somewhere to be served by a web server :
 +
 +<code bash>
 +mkdir -p /opt/jitsi/meet
 +rm -rf /opt/jitsi/meet/*
 +mkdir -p /opt/jitsi/meet/css
 +cp -r *.js *.html connection_optimization favicon.ico fonts images libs static sounds LICENSE lang /opt/jitsi/meet/
 +cp css/all.css /opt/jitsi/meet/css/
 +</code>
 +
 +Serving this from your webserver is a bit out of scope for this how to because it can be done in a lot of different ways depending on your infra. Here's a sample nginx conf :
 +
 +<hideen Here's a sample nginx config>
 +<file jitsi.conf>
 +server {
 +  listen 443 ssl http2;
 +  server_name visio.fws.fr;
 +
 +  ssl_certificate_key /etc/prosody/certs/jitsi.key;
 +  ssl_certificate     /etc/prosody/certs/jitsi.crt;
 +
 +  if ($request_method !~ ^(GET|POST|HEAD)$ ) {
 +    return 405;
 +  }
 +
 +  root /opt/jitsi/meet;
 +  index index.html;
 +
 +  # conferenceMapper endpoint
 +  location ~ ^/(phoneNumberList|conferenceMapper) {
 +    proxy_pass http://localhost:8823;
 +    proxy_socket_keepalive on;
 +  }
 +
 +  # BOSH endpoint
 +  location /http-bind {
 +    proxy_socket_keepalive on;
 +    proxy_pass http://localhost:5280/http-bind;
 +    proxy_set_header X-Forwarded-For $remote_addr;
 +    proxy_set_header Host $http_host;
 +  }
 +
 +  # Websocket endpoint
 +  location /xmpp-websocket {
 +    proxy_pass http://localhost:5280/xmpp-websocket?$args;
 +    proxy_http_version 1.1;
 +    proxy_set_header Upgrade $http_upgrade;
 +    proxy_set_header Connection "upgrade";
 +    proxy_set_header Host $http_host;
 +    proxy_set_header X-Forwarded-For $remote_addr;
 +    tcp_nodelay on;
 +  }
 +
 +  # Conference rooms
 +  location ~ ^/([a-zA-Z0-9=\?]+)$ {
 +    rewrite ^/(.*)$ / break;
 +  }
 +  location / {
 +    ssi on;
 +    limit_req zone=limit_req_std burst=100 nodelay;
 +    limit_conn limit_conn_std 80;
 +  }
 +
 +  allow 0.0.0.0/0;
 +  deny all;
 +}
 +</file>
 +</hidden>
 +
 +You also have to edit /opt/jitsi/meet/config.js and adapt it to your needs.
 +<hidden Here's a example of config.js>
 +<file config.js js>
 +var config = {
 +    "bosh": "//visio.fws.fr/http-bind",
 +    "channelLastN": -1,
 +    "clientNode": "http://jitsi.org/jitsimeet",
 +    "desktopSharingChromeExtId": null,
 +    "desktopSharingChromeMinExtVersion": 0.1,
 +    "desktopSharingChromeSources": [
 +        "screen",
 +        "window",
 +        "tab"
 +    ],
 +    "dialInConfCodeUrl": "https://visio.fws.fr/conferenceMapper",
 +    "dialInNumbersUrl": "https://visio.fws.fr/phoneNumberList",
 +    "disableAudioLevels": true,
 +    "disableThirdPartyRequests": true,
 +    "enableCalendarIntegration": false,
 +    "enableLayerSuspension": true,
 +    "enableNoAudioDetection": true,
 +    "enableNoisyMicDetection": false,
 +    "enableWelcomePage": true,
 +    // Uncomment to enable Etherpad integration
 +    //"etherpad_base": "https://etherpad.fws.fr/p/",
 +    "focusUserJid": "focus@auth.visio.fws.fr",
 +    "hosts": {
 +        "domain": "visio.fws.fr",
 +        "muc": "conference.visio.fws.fr"
 +    },
 +    "localRecording": {
 +        "enabled": true
 +    },
 +    "p2p": {
 +        "enabled": true,
 +        "preferH264": true,
 +        "useStunTurn": true
 +    },
 +    "requireDisplayName": false,
 +    "resolution": 480,
 +    "testing": {
 +        "p2pTestMode": false
 +    },
 +    "useStunTurn": true,
 +    "websocket": "wss://visio.fws.fr/xmpp-websocket"
 +};
 +</file>
 +</hidden>
 +
 +Now you should be able to reach the Meet interface and join a conference.
  
 ===== Install Jigasi ===== ===== Install Jigasi =====
 +
 +Now that we have a working Jitsi install, we may want to integrate it with our telephony system. With this, we'll be able to join phone numbers to jitsi conference. Jigasi is the component doing this bridge. It connects to your SIP server just as a phone, and also on prosody as an XMPP user. It can send connect calls to Jitsi Videobridge.
 +
 +For outbound calls, it's quite easy. Once configured and enabled, you'll get a small + in Meet interface from where you can type the number you want to call. The call will be made by Jigasi and routed by your SIP server. If the phone answer, it'll be imédiatly joined in the conf.
 +
 +Inbound calls are a bit trickier, and the general workflow is the following
 +
 +  * Jitsi will associate a PIN for every conference, and register the mapping in the confmapper API server (see below)
 +  * You need a dedicated number for Jitsi (it can be done with an internal number only, but wouldn't have a lot of sense)
 +  * Calls to this number must be routed to a special IVR which will ask the caller to enter the PIN of the conference he wants to join
 +  * Asterisk will query the confmapper API to get the name of the conference matching the PIN
 +  * If a match is found, Asterisk adds the name of the conference to join in a SIP header, and route the call to jigasi
 +  * Jigasi answer the call, get the room from the SIP header, and join the corresponding room
 +
 +
 +But first, lets install Jigasi
 +
 +<code bash>
 +mkdir -p /opt/jitsi/jigasi
 +cd /opt/jitsi/src
 +git clone https://github.com/jitsi/jigasi.git
 +cd jigasi
 +/opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
 +unzip jigasi/target/jigasi-linux-x64-1.1-SNAPSHOT.zip -d /tmp
 +rsync -rvP --del /tmp/jigasi-linux-x64-1.1-SNAPSHOT/ /opt/jitsi/jigasi/
 +</code>
 +
 +Now, we have to configure it. In this example, the SIP server on which we register is ast.fws.fr and we'll use SIP extension 304 with secret SIP_SECRET (we'll see later in this how to how to craete the extension through FreePBHX web interface)
 +
 +<code bash>
 +mkdir -p /opt/jitsi/etc/jigasi
 +cat <<_EOF > /opt/jitsi/jigasi/jigasi.conf
 +JIGASI_OPTS=''
 +JAVA_SYS_PROPS=''
 +_EOF
 +cat <<_EOF > /opt/jitsi/jigasi/sip-communicator.properties
 +# Default room to which inbound called without a Jitsi-Conference-Room header
 +org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME=sip
 +
 +net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false
 +
 +# Disable packet capture
 +net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=false
 +
 +# Enable brewery
 +org.jitsi.jigasi.BREWERY_ENABLED=true
 +org.jitsi.jigasi.MUC_SERVICE_ADDRESS=conference.visio.fws.fr
 +
 +# SIP acount
 +net.java.sip.communicator.impl.protocol.sip.acc=acc
 +net.java.sip.communicator.impl.protocol.sip.acc.ACCOUNT_UID=SIP\:304
 +# THis is the base64 encoded SIP secret. Obtained with
 +# echo -n SIP_SECRET | base64
 +net.java.sip.communicator.impl.protocol.sip.acc.PASSWORD=U0lQX1NFQ1JFVA==
 +net.java.sip.communicator.impl.protocol.sip.acc.PROTOCOL_NAME=SIP
 +net.java.sip.communicator.impl.protocol.sip.acc.SERVER_ADDRESS=ast.fws.fr
 +net.java.sip.communicator.impl.protocol.sip.acc.USER_ID=304
 +net.java.sip.communicator.impl.protocol.sip.acc.KEEP_ALIVE_INTERVAL=25
 +net.java.sip.communicator.impl.protocol.sip.acc.KEEP_ALIVE_METHOD=OPTIONS
 +net.java.sip.communicator.impl.protocol.sip.acc.VOICEMAIL_ENABLED=false
 +net.java.sip.communicator.impl.protocol.sip.acc.OVERRIDE_ENCODINGS=false
 +net.java.sip.communicator.impl.protocol.sip.acc.DOMAIN_BASE=visio.fws.fr
 +net.java.sip.communicator.impl.protocol.sip.acc.PROXY_ADDRESS=ast.fws.fr
 +net.java.sip.communicator.impl.protocol.sip.acc.PROXY_AUTO_CONFIG=false
 +net.java.sip.communicator.impl.protocol.sip.acc.PROXY_PORT=5060
 +net.java.sip.communicator.impl.protocol.sip.acc.PREFERRED_TRANSPORT=UDP
 +
 +# XMPP account
 +net.java.sip.communicator.impl.protocol.jabber.acc=acc
 +net.java.sip.communicator.impl.protocol.jabber.acc.ACCOUNT_UID=Jabber:jigasi@auth.visio.fws.fr
 +net.java.sip.communicator.impl.protocol.jabber.acc.USER_ID=jigasi@auth.visio.fws.fr
 +net.java.sip.communicator.impl.protocol.jabber.acc.IS_SERVER_OVERRIDDEN=true
 +net.java.sip.communicator.impl.protocol.jabber.acc.SERVER_ADDRESS=jitsi.fws.fr
 +# This is the base64 encoded XMPP secret
 +# obtained with echo -n JIGASI_XMPP_PASS | base64
 +net.java.sip.communicator.impl.protocol.jabber.acc.PASSWORD=SklHQVNJX1hNUFBfUEFTUw==
 +net.java.sip.communicator.impl.protocol.jabber.acc.RESOURCE_PRIORITY=30
 +net.java.sip.communicator.impl.protocol.jabber.acc.BREWERY=JigasiBrewery@internal.auth.visio.fws.fr
 +net.java.sip.communicator.impl.protocol.jabber.acc.DOMAIN_BASE=visio.fws.fr
 +
 +org.jitsi.jigasi.xmpp.acc.USER_ID=jigasi@auth.visio.fws.fr
 +org.jitsi.jigasi.xmpp.acc.PASS=JIGASI_XMPP_PASS
 +org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
 +org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
 +org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=jitsi.fws.fr
 +org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
 +org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
 +org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
 +org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
 +org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true
 +
 +_EOF
 +</code>
 +
 +Now we can create a systemd unit and start the service
 +
 +<code bash>
 +cat <<_EOF > /etc/systemd/system/jitsi-jigasi.service
 +[Unit]
 +Description=Jitsi Gateway to SIP
 +After=network.target
 +
 +[Service]
 +Type=simple
 +SuccessExitStatus=143
 +EnvironmentFile=/opt/jitsi/etc/jigasi/jigasi.conf
 +User=jitsi
 +Group=jitsi
 +PrivateTmp=true
 +PrivateDevices=true
 +ProtectHome=true
 +ProtectSystem=full
 +Restart=on-failure
 +StartLimitInterval=0
 +RestartSec=30
 +ExecStart=/opt/jitsi/jigasi/jigasi.sh \
 +            --configdir=/opt/jitsi/etc \
 +            --configdirname=jigasi \
 +            --nocomponent=true \
 +            ${JIGASI_OPT}
 +
 +[Install]
 +WantedBy=multi-user.target
 +_EOF
 +systemctl daemon-reload
 +systemctl enable --now jitsi-jigasi
 +</code>
 +
 +Jigasi is now running, but it's not yet ready to be used.
  
 ===== Install confmapper daemon ===== ===== Install confmapper daemon =====
 +
 +The confmapper daemon is a small tool to register Jitsi room name <-> PIN. We'll use https://github.com/gronke/jitsi-conferencemapper-api as it's a simple and lightweigt daemon in python, using an SQLite database to store the mappings
 +
 +<code bash>
 +yum install python3
 +</code>
 +<code bash>
 +mkdir -p /opt/jitsi/{data,confmapper}
 +chown jitsi:jitsi /opt/jitsi/data
 +chmod 700 /opt/jitsi/data
 +wget -P /opt/jitsi/confmapper/ \
 +  https://raw.githubusercontent.com/gronke/jitsi-conferencemapper-api/master/daemon.py
 +chmod 755 /opt/jitsi/confmapper/daemon.py
 +</code>
 +
 +Now, lets configure it
 +<code bash>
 +cat <<_EOF > /opt/jitsi/confmapper/config.json
 +{
 +    "db_file": "/opt/jitsi/data/confmapper.sqlite",
 +    "expire_seconds": 86400,
 +    "host": "0.0.0.0",
 +    "id_max_length": 4,
 +    "numbers": {
 +        "FR": [
 +            "0510101010"
 +        ]
 +    },
 +    "port": 8823
 +}
 +_EOF
 +</code>
 +
 +Here :
 +    * The daemon listens on 0.0.0.0:8823. You should configure a reverse proxy to make it accessible over HTTPS. The sample nginx configuration does it
 +    * Room mappings will be kept for 1 day
 +    * PIN will be created with 4 digits
 +    * The number 0510101010 is dedicated and will be announced in Jitsi interface. You can set several numbers, including different numbers for different countries
 +
 +In any case, make sure requests to https://visio.fws.fr/conferenceMapper and https://visio.fws.fr/phoneNumberList are routed to this daemon (because those are the URL configured in Jitsi meet
 +
 +Now, we can create a systemd unit and start the service
 +
 +<code bash>
 +cat <<_EOF > /etc/systemd/system/jitsi-confmapper.service
 +[Unit]
 +Description=Jitsi Conference Mapper
 +After=network.target
 +
 +[Service]
 +Type=simple
 +User=jitsi
 +Group=jitsi
 +PrivateTmp=true
 +PrivateDevices=true
 +ProtectHome=true
 +ProtectSystem=full
 +Restart=on-failure
 +StartLimitInterval=0
 +RestartSec=30
 +ExecStart=/opt/jitsi/confmapper/daemon.py
 +
 +[Install]
 +WantedBy=multi-user.target
 +_EOF
 +systemctl daemon-reload
 +systemctl enable --now jitsi-confmapper
 +</code>
  
 ===== Configure Asterisk/FreePBX ===== ===== Configure Asterisk/FreePBX =====
 +==== Create a SIP extension ====
 +Now, we have to configure Asterisk. First step is to create an SIP extension for Jigasi. So we create a PJSIP extension, with ID **304** and secret **SIP_SECRET** (this is what we've configured in jigasi). In the advanced tab of the extension, there's a few things we can change
 +
 +  * You might want to change the Outbound CID to advertize the 0510101010 number
 +  * You might change the context to **outbound-allroutes** if you don't want conference user to be able to call internal numbers. The default context is **from-internal**
 +  * Restrict codecs to alaw and ulaw (I had sound issues with opus and g722, so better to restrict this to known working codecs). For this, type **all** in the **Disallowed Codecs** field, and **alaw&ulaw** in the **Allowed Codec** field
 +  * You should also disable the **Direct Media** option
 +
 +==== Create a custom IVR ====
 +
 +Now, we have to create a custom IVR which will ask callers the PIN of the room they want to join. you can put it in **/etc/asterisk/extension_custom.conf**
 +
 +<code>
 +[jitsi-ivr]
 +exten => s,1,Answer
 +exten => s,n,Set(IVR_MSG=conf-getpin)
 +exten => s,n,Set(TIMEOUT(digit)=3)
 +exten => s,n,Read(JITSI_PIN,${IVR_MSG})
 +
 +; Fetch the conf name from the PIN entered
 +exten => s,n,AGI(jitsi_conf_pin,"https://visio.fws.fr/conferenceMapper",${JITSI_PIN}
 +
 +; If we got a result, dial JIGASI SIP account, else, loop and ask again
 +exten => s,n,GotoIf($["${JITSI_ROOM}" != "error"]?jitsi,1)
 +exten => s,n(error),Playback(conf-invalid)
 +exten => s,n,Goto(s,1)
 +
 +; We got a result, lets join jitsi room
 +exten => jitsi,1,Verbose(PIN ${JITSI_PIN} maps to Jitsi room ${JITSI_ROOM})
 +exten => jitsi,n,Dial(PJSIP/304,,b(jitsi-conference-room-header^addheader^1(${JITSI_ROOM})))
 +</code>
 +
 +==== Create an AGI script to lookup roomname from their PIN ====
 +
 +We have to create an AGI script so that asterisk can query the confmapper daemon to get the name of a room from the PIN. For this, create the script **/usr/share/asterisk/agi-bin/jitsi_conf_pin** with the following content :
 +
 +<code perl>
 +#!/usr/bin/perl
 +
 +use warnings;
 +use strict;
 +use LWP::UserAgent;
 +use JSON;
 +
 +my $ret = 'error';
 +
 +my $url = $ARGV[0] . '?id=' . $ARGV[1];
 +my $ua = LWP::UserAgent->new(timeout => 10);
 +$ua->env_proxy;
 +
 +my $response = $ua->get($url);
 +if ($response->is_success){
 +  my $json = from_json($response->content);
 +  if (defined $json and defined $json->{conference}){
 +    $ret = $json->{conference};
 +    $ret =~ s/@.*//;
 +  }
 +}
 +
 +print "SET VARIABLE JITSI_ROOM $ret\n";
 +</code>
 +
 +The script must be executable
 +<code bash>
 +chmod +x /usr/share/asterisk/agi-bin/jitsi_conf_pin
 +</code>
 +
 +==== Create a Custom Destination pointing on your custom IVR ====
 +OK, now we need to way to route calls to our new custom IVR. For this, we'll create a **Custom Destination** in FreePBX. Just set the target to **jitsi-ivr,s,1**
 +
 +{{ :tuto:linux_divers:jitsi_custom_dest.png |}}
 +
 +This **Custom Destination** make the IVR available in all the FreePBX routing logic.
 +
 +==== Assign an internal number to the IVR to test ====
 +We can assign it an internal number to test it with a new **Misc Application** :
 +
 +{{ :tuto:linux_divers:jitsi_misc_app.png |}}
 +
 +You can now try it. Create a new room in Jitsi, and if you click on the small **i** button (bottom right), you should see a popup with the number to dial and the PIN
 +
 +{{ :tuto:linux_divers:jitsi_conf_ping.png |}}
 +
 +So, this conf has PIN 4845
 +
 +Now, call your internal test number, which points on the custom IVR (381 in the previous screenshot). You should be prompted to enter a PIN. Once typed, asterisk will lookup on the confmapper daemon to find to which room this PIN maps. If found, you'll join the conference right away. If a wrong PI is entered, you'll be prompted again to enter the PIN.
 +
 +Now, all you have to do is to define a new **Inbound Route** which points on the same **Custom Destination**
 +
 +{{ :tuto:linux_divers:jitsi_inbound_route.png |}}
 +
 +
 +===== Integrate with Etherpad =====
 +
 +Deploying an Etherpad instance is out of scope for this guide (but we also have an [[https://git.fws.fr/fws/ansible-roles/src/branch/master/roles/etherpad|ansible role]] for this). But, say you have it available at https://etherpad.fws.fr. All you have to do is to indicate it in **/opt/jitsi/meet/config.js** 
 +
 +<code>
 +[...]
 +      "etherpad_base": "https://etherpad.fws.fr/p/",
 +[...]
 +</code>
  
 +<note tip>The trailing **/** is important</note>
  
 +===== Note on reverse proxy and Content-Security-Policy =====
 +We use a reverse proxy to serve all the web resources, and this reverse proxy insert CSP headers to response. In this case, we have to allow a few things to get everything working :
 +  * In img-src you have to add https://img.youtube.com and https://i.ytimg.com
 +  * In script-src you have to add https://www.youtube.com and https://s.ytimg.com
 +  * In frame-src you have to add https://etherpad.fws.fr wss://etherpad.fws.fr and https://www.youtube.com
 +  * In connect-src you have to add https://storage.googleapis.com
  • tuto/linux_divers/jitsi.1587724228.txt.gz
  • Dernière modification: 24/04/2020 12:30
  • de dani