Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente | ||
tuto:linux_divers:jitsi [24/04/2020 13:06] dani |
tuto:linux_divers:jitsi [28/05/2020 11:22] (Version actuelle) dani [Install Jitsi on CentOS 7] |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
====== Install Jitsi on CentOS 7 ====== | ====== Install Jitsi on CentOS 7 ====== | ||
- | This page give needed steps to install and configure Jitsi on a CentOS server. If like me, you're not a big Docker fan, and you're happier with EL based systems | + | This page gives the needed steps to install and configure Jitsi on a CentOS server. If like me, you're not a big Docker fan, and you're happier with EL based systems, it might be useful to you. In this guide, you'll learn : |
* How to build latest versions of all components | * How to build latest versions of all components | ||
* Get a working install with prosody, jicofo, meet, videobridge | * Get a working install with prosody, jicofo, meet, videobridge | ||
Ligne 8: | Ligne 8: | ||
<note tip>We deploy all this with ansible, see [[https:// | <note tip>We deploy all this with ansible, see [[https:// | ||
- | This page are just some notes to help you setting this up if you don't want to play with ansible. | + | This page are just some notes to help you setting this up if you don't want to play with ansible. |
</ | </ | ||
Jitsi is composed of several components, and also relies on 3rd party ones. Here is a quick overview of which are using for what : | Jitsi is composed of several components, and also relies on 3rd party ones. Here is a quick overview of which are using for what : | ||
- | * An XMPP server is needed to route messages between all those components. We will use prosody for this | + | * An XMPP server is needed to route messages between all the components. We will use prosody for this |
* Videobridge is the SFU((Selective Forwarding Unit)). It will receive all the video and audio streams, and handle relay to the other participants | * Videobridge is the SFU((Selective Forwarding Unit)). It will receive all the video and audio streams, and handle relay to the other participants | ||
* Jicofo is the component which will handle stream negociation and room management | * Jicofo is the component which will handle stream negociation and room management | ||
Ligne 20: | Ligne 20: | ||
* ConferenceMapper API is a small daemon needed for inbound calls to work. It'll associate a PIN to each Jitsi room and is needed so that a phone call can be routed to the correct Jitsi room | * ConferenceMapper API is a small daemon needed for inbound calls to work. It'll associate a PIN to each Jitsi room and is needed so that a phone call can be routed to the correct Jitsi room | ||
- | In this example, will use visio.fws.fr as jitsi domain name. You'll need to adapt this | + | In this example, |
<note tip>This how to assume you already have a valid SSL cert in / | <note tip>This how to assume you already have a valid SSL cert in / | ||
Ligne 56: | Ligne 56: | ||
</ | </ | ||
- | Now, lets configure it | + | Now, lets configure it. Edit / |
- | <code bash> | + | <file prosody.cfg.lua |
- | cat << | + | |
plugin_paths = { "/ | plugin_paths = { "/ | ||
Ligne 122: | Ligne 121: | ||
Include " | Include " | ||
+ | </ | ||
- | _EOF | + | Now edit **/ |
- | + | ||
- | cat << | + | |
+ | <file jitsi.cfg.lua lua> | ||
muc_mapper_domain_base = " | muc_mapper_domain_base = " | ||
admins = { " | admins = { " | ||
Ligne 196: | Ligne 195: | ||
muc_component = " | muc_component = " | ||
- | _EOF | + | </file> |
- | </code> | + | |
Now we can start and enable the daemon | Now we can start and enable the daemon | ||
Ligne 499: | Ligne 497: | ||
deny all; | deny all; | ||
} | } | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | You also have to edit / | ||
+ | <hidden Here's a example of config.js> | ||
+ | <file config.js js> | ||
+ | var config = { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ], | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | // Uncomment to enable Etherpad integration | ||
+ | //" | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | }; | ||
</ | </ | ||
</ | </ | ||
Ligne 575: | Ligne 622: | ||
net.java.sip.communicator.impl.protocol.jabber.acc=acc | net.java.sip.communicator.impl.protocol.jabber.acc=acc | ||
net.java.sip.communicator.impl.protocol.jabber.acc.ACCOUNT_UID=Jabber: | net.java.sip.communicator.impl.protocol.jabber.acc.ACCOUNT_UID=Jabber: | ||
- | net.java.sip.communicator.impl.protocol.jabber.acc.USER_ID=jigasi@auth.conf.fws.fr | + | net.java.sip.communicator.impl.protocol.jabber.acc.USER_ID=jigasi@auth.visio.fws.fr |
net.java.sip.communicator.impl.protocol.jabber.acc.IS_SERVER_OVERRIDDEN=true | net.java.sip.communicator.impl.protocol.jabber.acc.IS_SERVER_OVERRIDDEN=true | ||
net.java.sip.communicator.impl.protocol.jabber.acc.SERVER_ADDRESS=jitsi.fws.fr | net.java.sip.communicator.impl.protocol.jabber.acc.SERVER_ADDRESS=jitsi.fws.fr | ||
Ligne 633: | Ligne 680: | ||
</ | </ | ||
+ | Jigasi is now running, but it's not yet ready to be used. | ||
===== Install confmapper daemon ===== | ===== Install confmapper daemon ===== | ||
- | ===== Integrate with Etherpad | + | The confmapper daemon is a small tool to register Jitsi room name <-> PIN. We'll use https:// |
+ | |||
+ | <code bash> | ||
+ | yum install python3 | ||
+ | </ | ||
+ | <code bash> | ||
+ | mkdir -p / | ||
+ | chown jitsi:jitsi / | ||
+ | chmod 700 / | ||
+ | wget -P / | ||
+ | https:// | ||
+ | chmod 755 / | ||
+ | </ | ||
+ | |||
+ | Now, lets configure it | ||
+ | <code bash> | ||
+ | cat << | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | }, | ||
+ | " | ||
+ | } | ||
+ | _EOF | ||
+ | </ | ||
+ | |||
+ | Here : | ||
+ | * The daemon listens on 0.0.0.0: | ||
+ | * Room mappings will be kept for 1 day | ||
+ | * PIN will be created with 4 digits | ||
+ | * The number 0510101010 is dedicated and will be announced in Jitsi interface. You can set several numbers, including different numbers for different countries | ||
+ | |||
+ | In any case, make sure requests to https:// | ||
+ | |||
+ | Now, we can create a systemd unit and start the service | ||
+ | |||
+ | <code bash> | ||
+ | cat << | ||
+ | [Unit] | ||
+ | Description=Jitsi Conference Mapper | ||
+ | After=network.target | ||
+ | |||
+ | [Service] | ||
+ | Type=simple | ||
+ | User=jitsi | ||
+ | Group=jitsi | ||
+ | PrivateTmp=true | ||
+ | PrivateDevices=true | ||
+ | ProtectHome=true | ||
+ | ProtectSystem=full | ||
+ | Restart=on-failure | ||
+ | StartLimitInterval=0 | ||
+ | RestartSec=30 | ||
+ | ExecStart=/ | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | _EOF | ||
+ | systemctl daemon-reload | ||
+ | systemctl enable --now jitsi-confmapper | ||
+ | </ | ||
===== Configure Asterisk/ | ===== Configure Asterisk/ | ||
+ | ==== Create a SIP extension ==== | ||
+ | Now, we have to configure Asterisk. First step is to create an SIP extension for Jigasi. So we create a PJSIP extension, with ID **304** and secret **SIP_SECRET** (this is what we've configured in jigasi). In the advanced tab of the extension, there' | ||
+ | |||
+ | * You might want to change the Outbound CID to advertize the 0510101010 number | ||
+ | * You might change the context to **outbound-allroutes** if you don't want conference user to be able to call internal numbers. The default context is **from-internal** | ||
+ | * Restrict codecs to alaw and ulaw (I had sound issues with opus and g722, so better to restrict this to known working codecs). For this, type **all** in the **Disallowed Codecs** field, and **alaw& | ||
+ | * You should also disable the **Direct Media** option | ||
+ | |||
+ | ==== Create a custom IVR ==== | ||
+ | |||
+ | Now, we have to create a custom IVR which will ask callers the PIN of the room they want to join. you can put it in **/ | ||
+ | |||
+ | < | ||
+ | [jitsi-ivr] | ||
+ | exten => s,1,Answer | ||
+ | exten => s, | ||
+ | exten => s, | ||
+ | exten => s, | ||
+ | |||
+ | ; Fetch the conf name from the PIN entered | ||
+ | exten => s, | ||
+ | |||
+ | ; If we got a result, dial JIGASI SIP account, else, loop and ask again | ||
+ | exten => s, | ||
+ | exten => s, | ||
+ | exten => s, | ||
+ | |||
+ | ; We got a result, lets join jitsi room | ||
+ | exten => jitsi, | ||
+ | exten => jitsi, | ||
+ | </ | ||
+ | |||
+ | ==== Create an AGI script to lookup roomname from their PIN ==== | ||
+ | |||
+ | We have to create an AGI script so that asterisk can query the confmapper daemon to get the name of a room from the PIN. For this, create the script **/ | ||
+ | |||
+ | <code perl> | ||
+ | # | ||
+ | |||
+ | use warnings; | ||
+ | use strict; | ||
+ | use LWP:: | ||
+ | use JSON; | ||
+ | |||
+ | my $ret = ' | ||
+ | |||
+ | my $url = $ARGV[0] . '? | ||
+ | my $ua = LWP:: | ||
+ | $ua-> | ||
+ | |||
+ | my $response = $ua-> | ||
+ | if ($response-> | ||
+ | my $json = from_json($response-> | ||
+ | if (defined $json and defined $json-> | ||
+ | $ret = $json-> | ||
+ | $ret =~ s/@.*//; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | print "SET VARIABLE JITSI_ROOM $ret\n"; | ||
+ | </ | ||
+ | |||
+ | The script must be executable | ||
+ | <code bash> | ||
+ | chmod +x / | ||
+ | </ | ||
+ | |||
+ | ==== Create a Custom Destination pointing on your custom IVR ==== | ||
+ | OK, now we need to way to route calls to our new custom IVR. For this, we'll create a **Custom Destination** in FreePBX. Just set the target to **jitsi-ivr, | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | This **Custom Destination** make the IVR available in all the FreePBX routing logic. | ||
+ | |||
+ | ==== Assign an internal number to the IVR to test ==== | ||
+ | We can assign it an internal number to test it with a new **Misc Application** : | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | You can now try it. Create a new room in Jitsi, and if you click on the small **i** button (bottom right), you should see a popup with the number to dial and the PIN | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | So, this conf has PIN 4845 | ||
+ | |||
+ | Now, call your internal test number, which points on the custom IVR (381 in the previous screenshot). You should be prompted to enter a PIN. Once typed, asterisk will lookup on the confmapper daemon to find to which room this PIN maps. If found, you'll join the conference right away. If a wrong PI is entered, you'll be prompted again to enter the PIN. | ||
+ | |||
+ | Now, all you have to do is to define a new **Inbound Route** which points on the same **Custom Destination** | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | |||
+ | ===== Integrate with Etherpad ===== | ||
+ | |||
+ | Deploying an Etherpad instance is out of scope for this guide (but we also have an [[https:// | ||
+ | |||
+ | < | ||
+ | [...] | ||
+ | " | ||
+ | [...] | ||
+ | </ | ||
+ | <note tip>The trailing **/** is important</ | ||
+ | ===== Note on reverse proxy and Content-Security-Policy ===== | ||
+ | We use a reverse proxy to serve all the web resources, and this reverse proxy insert CSP headers to response. In this case, we have to allow a few things to get everything working : | ||
+ | * In img-src you have to add https:// | ||
+ | * In script-src you have to add https:// | ||
+ | * In frame-src you have to add https:// | ||
+ | * In connect-src you have to add https:// |