Jitsi Meet Docker Github

• Jitsi Meet Docker Github Login
• Jitsi Meet Docker Github Extension
• Jitsi Meet Docker Github Tutorial

Basic lib-jitsi-meet Angular Implementation. GitHub Gist: instantly share code, notes, and snippets. Jitsi Meet is an open source web app for video conferencing. There's no release for Centos, so we'll show you how to install Jitsi Meet on CentOS using Docker. More about SSD Nodes —simple, high-value VPS cloud computing to help you build amazing experiences on the web. Jitsi Meet on Docker. Contribute to jitsi/docker-jitsi-meet development by creating an account on GitHub. Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application. jitsi/jitsi-meet.

How to migrate away from multiplexing and enable bridge websockets

For a while, we were using nginx multiplexing to serve jitsi-meet content on https(port 443) and use the same port for running a turn server.This proved to be problematic(you cannot use websockets with this setup) and we moved away from it.Here is how to remove multiplexing and enable websockets in favor of WebRTC Data Channels.

1. Dropping multiplexing in nginx

• delete /etc/nginx/modules-enabled/60-jitsi-meet.conf
• Then go to /etc/nginx/site-available/your-conf and change your virtual host to listen on 443 instead of 4444.

1. Edit turnserver config

• make sure your turnserver is listening on standard port tls port 5349. Make sure in /etc/turnserver.conf you have the following: tls-listening-port=5349
• In /etc/prosody/conf.avail/your-conf.cfg.lua prosody is instructed to announce turns turn server on port 5349 by having this line:{ type = 'turns', host = 'your-domain', port = '5349', transport = 'tcp' }. Make sure you replace your-domain with the DNS of your deployment.

1. Add the bridge websocket location in your nginx config (add it after the location = /xmpp-websocket section):

1. Enable bridge channel websocket in jitsi-meet config. In /etc/jitsi/meet/your-conf-config.js make sure you have: openBridgeChannel: 'websocket',
2. Enable the websockets in Jitsi Videobridge. Make sure in /etc/jitsi/videobridge/jvb.conf you have:

Make sure you replace your-domain with the DNS of your deployment.

1. After restarting the bridge (systemctl restart jitsi-videobridge2) and nginx (systemctl restart nginx) you are good to go!

Quick start

In order to quickly run Jitsi Meet on a machine running Docker and Docker Compose,follow these steps:

1. Download and extract the latest release. DO NOT clone the git repository. See below if you are interested in running test images.

2. Create a .env file by copying and adjusting env.example:

3. Set strong passwords in the security section options of .env file by running the following bash script

4. Create required CONFIG directories

   • For linux:
   • For Windows:

5. Run docker-compose up -d

6. Access the web UI at https://localhost:8443 (or a different port, in case you edited the compose file).

Note that HTTP (not HTTPS) is also available (on port 8000, by default), but that's e.g. for a reverse proxy setup;direct access via HTTP instead HTTPS leads to WebRTC errors such as Failed to access your microphone/camera: Cannot use microphone/camera for an unknown reason. Cannot read property 'getUserMedia' of undefined or navigator.mediaDevices is undefined.

If you want to use jigasi too, first configure your env file with SIP credentialsand then run Docker Compose as follows:

If you want to enable document sharing via Etherpad, configure it and run Docker Compose asfollows:

If you want to use jibri too, first configure a host as described in JItsi BRoadcasting Infrastructure configuration sectionand then run Docker Compose as follows:

or to use jigasi too:

Testing development builds

Download the latest code:

The code in master is designed to work with the unstable images. Do not run it with release images.

Build your own images:

Running unstable images

Every day a new 'unstable' image build is uploaded. You can test them by getting the YAML files from the repository and changing latest to unstable or ustable-YYYY-MM-DD for the unstable images of a specific day.

Security note

This setup used to have default passwords for internal accounts used across components. In order to make the default setupsecure by default these have been removed and the respective containers won't start without having a password set.

Strong passwords may be generated as follows: ./gen-passwords.shThis will modify your .env file (a backup is saved in .env.bak) and set strong passwords for each of therequired options. Passwords are generated using openssl rand -hex 16 .

DO NOT reuse any of the passwords.

Architecture

A Jitsi Meet installation can be broken down into the following components:

• A web interface
• An XMPP server
• A conference focus component
• A video router (could be more than one)
• A SIP gateway for audio calls
• A Broadcasting Infrastructure for recording or streaming a conference.

The diagram shows a typical deployment in a host running Docker. This projectseparates each of the components above into interlinked containers. To this end,several container images are provided.

External Ports

The following external ports must be opened on a firewall:

• 80/tcp for Web UI HTTP (really just to redirect, after uncommenting ENABLE_HTTP_REDIRECT=1 in .env)
• 443/tcp for Web UI HTTPS
• 4443/tcp for RTP media over TCP
• 10000/udp for RTP media over UDP

Also 20000-20050/udp for jigasi, in case you choose to deploy that to facilitate SIP access.

E.g. on a CentOS/Fedora server this would be done like this (without SIP access):

Images

• base: Debian stable base image with the S6 Overlay for process control and theJitsi repositories enabled. All other images are based on this one.
• base-java: Same as the above, plus Java (OpenJDK).
• web: Jitsi Meet web UI, served with nginx.
• prosody: Prosody, the XMPP server.
• jicofo: Jicofo, the XMPP focus component.
• jvb: Jitsi Videobridge, the video router.
• jigasi: Jigasi, the SIP (audio only) gateway.
• etherpad: Etherpad, shared document editing addon.
• jibri: Jibri, the broadcasting infrastructure.

Design considerations

Jitsi Meet uses XMPP for signaling, thus the need for the XMPP server. The setup providedby these containers does not expose the XMPP server to the outside world. Instead, it's keptcompletely sealed, and routing of XMPP traffic only happens on a user-defined network.

The XMPP server can be exposed to the outside world, but that's out of the scope of thisproject.

Jitsi Meet Docker Github Login

Configuration

The configuration is performed via environment variables contained in a .env file. Youcan copy the provided env.example file as a reference.

NOTE: The mobile apps won't work with self-signed certificates (the default).See below for instructions on how to obtain a proper certificate with Let's Encrypt.

Let's Encrypt configuration

If you plan on exposing this container setup to the outside traffic directly andwant a proper TLS certificate, you are in luck because Let's Encrypt support isbuilt right in. Here are the required options:

In addition, you will need to set HTTP_PORT to 80 and HTTPS_PORT to 443. You might also consider to redirect HTTP traffic to HTTPS by setting ENABLE_HTTP_REDIRECT=1.

Let's Encrypt rate limit warning: Let's Encrypt has a limit to how many times you can submit a requestfor a new certificate for your domain name. At the time of writing, the current limit is five new (duplicate)certificates for the same domain name every seven days. Because of this, it is recommended that you disable theLet's Encrypt enviroment variables from .env if you plan on deleting the .jitsi-meet-cfg folder. Otherwise, youmight want to consider moving the .jitsi-meet-cfg folder to a different location so you have a safe place to findthe certificate that already Let's Encrypt issued. Or do initial testing with Let's Encrypt disalbed, then re-enableLet's Encrypt once you are done testing.

For more information on Let's Encrypt's rate limits, visit:https://letsencrypt.org/docs/rate-limits/

SIP gateway configuration

If you want to enable the SIP gateway, these options are required:

Display Dial-In information

The JSON with the Dial-In numbers should look like this:

JItsi BRoadcasting Infrastructure (Jibri) configuration

Before running Jibri, you need to set up an ALSA loopback device on the host. This will notwork on a non-Linux host.

For CentOS 7, the module is already compiled with the kernel, so just run:

For Ubuntu:

NOTE: If you are running on AWS you may need to reboot your machine to use the generic kernel insteadof the 'aws' kernel. If after reboot, your machine is still using the 'aws' kernel, you'll need to manually update the grub file. So just run:

If you want to enable Jibri these options are required:

Extended Jibri configuration:

For using multiple Jibri instances, you have to select different loopback interfaces for each instance manually.

Default the first instance has:

To setup the second instance, run container with changed /home/jibri/.asoundrc:

Also you can use numbering id for set loopback interface. The third instance will have .asoundrc that looks like:

Authentication

Authentication can be controlled with the environment variables below. If guestaccess is enabled, unauthenticated users will need to wait until a user authenticatesbefore they can join a room. If guest access is not enabled, every user will needto authenticate before they can join.

Internal authentication

The default authentication mode (internal) uses XMPP credentials to authenticate users.To enable it you have to enable authentication with ENABLE_AUTH and set AUTH_TYPE to internal,then configure the settings you can see below.

Internal users must be created with the prosodyctl utility in the prosody container.In order to do that, first, execute a shell in the corresponding container:

Once in the container, run the following command to create a user:

Note that the command produces no output.

Eclipse ide cost. To delete a user, run the following command in the container:

To list all users, run the following command in the container:

Authentication using LDAP

You can use LDAP to authenticate users. To enable it you have to enable authentication with ENABLE_AUTH andset AUTH_TYPE to ldap, then configure the settings you can see below.

Authentication using JWT tokens

You can use JWT tokens to authenticate users. To enable it you have to enable authentication with ENABLE_AUTH andset AUTH_TYPE to jwt, then configure the settings you can see below.

Security note

This setup used to have default passwords for internal accounts used across components. In order to make the default setupsecure by default these have been removed and the respective containers won't start without having a password set.

Strong passwords may be generated as follows: ./gen-passwords.shThis will modify your .env file (a backup is saved in .env.bak) and set strong passwords for each of therequired options. Passwords are generated using openssl rand -hex 16 .

DO NOT reuse any of the passwords.

Architecture

A Jitsi Meet installation can be broken down into the following components:

• A web interface
• An XMPP server
• A conference focus component
• A video router (could be more than one)
• A SIP gateway for audio calls
• A Broadcasting Infrastructure for recording or streaming a conference.

The diagram shows a typical deployment in a host running Docker. This projectseparates each of the components above into interlinked containers. To this end,several container images are provided.

External Ports

The following external ports must be opened on a firewall:

• 80/tcp for Web UI HTTP (really just to redirect, after uncommenting ENABLE_HTTP_REDIRECT=1 in .env)
• 443/tcp for Web UI HTTPS
• 4443/tcp for RTP media over TCP
• 10000/udp for RTP media over UDP

Also 20000-20050/udp for jigasi, in case you choose to deploy that to facilitate SIP access.

E.g. on a CentOS/Fedora server this would be done like this (without SIP access):

Images

• base: Debian stable base image with the S6 Overlay for process control and theJitsi repositories enabled. All other images are based on this one.
• base-java: Same as the above, plus Java (OpenJDK).
• web: Jitsi Meet web UI, served with nginx.
• prosody: Prosody, the XMPP server.
• jicofo: Jicofo, the XMPP focus component.
• jvb: Jitsi Videobridge, the video router.
• jigasi: Jigasi, the SIP (audio only) gateway.
• etherpad: Etherpad, shared document editing addon.
• jibri: Jibri, the broadcasting infrastructure.

Design considerations

Jitsi Meet uses XMPP for signaling, thus the need for the XMPP server. The setup providedby these containers does not expose the XMPP server to the outside world. Instead, it's keptcompletely sealed, and routing of XMPP traffic only happens on a user-defined network.

The XMPP server can be exposed to the outside world, but that's out of the scope of thisproject.

Jitsi Meet Docker Github Login

Configuration

The configuration is performed via environment variables contained in a .env file. Youcan copy the provided env.example file as a reference.

NOTE: The mobile apps won't work with self-signed certificates (the default).See below for instructions on how to obtain a proper certificate with Let's Encrypt.

Let's Encrypt configuration

If you plan on exposing this container setup to the outside traffic directly andwant a proper TLS certificate, you are in luck because Let's Encrypt support isbuilt right in. Here are the required options:

In addition, you will need to set HTTP_PORT to 80 and HTTPS_PORT to 443. You might also consider to redirect HTTP traffic to HTTPS by setting ENABLE_HTTP_REDIRECT=1.

Let's Encrypt rate limit warning: Let's Encrypt has a limit to how many times you can submit a requestfor a new certificate for your domain name. At the time of writing, the current limit is five new (duplicate)certificates for the same domain name every seven days. Because of this, it is recommended that you disable theLet's Encrypt enviroment variables from .env if you plan on deleting the .jitsi-meet-cfg folder. Otherwise, youmight want to consider moving the .jitsi-meet-cfg folder to a different location so you have a safe place to findthe certificate that already Let's Encrypt issued. Or do initial testing with Let's Encrypt disalbed, then re-enableLet's Encrypt once you are done testing.

For more information on Let's Encrypt's rate limits, visit:https://letsencrypt.org/docs/rate-limits/

SIP gateway configuration

If you want to enable the SIP gateway, these options are required:

Display Dial-In information

The JSON with the Dial-In numbers should look like this:

JItsi BRoadcasting Infrastructure (Jibri) configuration

Before running Jibri, you need to set up an ALSA loopback device on the host. This will notwork on a non-Linux host.

For CentOS 7, the module is already compiled with the kernel, so just run:

For Ubuntu:

NOTE: If you are running on AWS you may need to reboot your machine to use the generic kernel insteadof the 'aws' kernel. If after reboot, your machine is still using the 'aws' kernel, you'll need to manually update the grub file. So just run:

If you want to enable Jibri these options are required:

Extended Jibri configuration:

For using multiple Jibri instances, you have to select different loopback interfaces for each instance manually.

Default the first instance has:

To setup the second instance, run container with changed /home/jibri/.asoundrc:

Also you can use numbering id for set loopback interface. The third instance will have .asoundrc that looks like:

Authentication

Authentication can be controlled with the environment variables below. If guestaccess is enabled, unauthenticated users will need to wait until a user authenticatesbefore they can join a room. If guest access is not enabled, every user will needto authenticate before they can join.

Internal authentication

The default authentication mode (internal) uses XMPP credentials to authenticate users.To enable it you have to enable authentication with ENABLE_AUTH and set AUTH_TYPE to internal,then configure the settings you can see below.

Internal users must be created with the prosodyctl utility in the prosody container.In order to do that, first, execute a shell in the corresponding container:

Once in the container, run the following command to create a user:

Note that the command produces no output.

Eclipse ide cost. To delete a user, run the following command in the container:

To list all users, run the following command in the container:

Authentication using LDAP

You can use LDAP to authenticate users. To enable it you have to enable authentication with ENABLE_AUTH andset AUTH_TYPE to ldap, then configure the settings you can see below.

Authentication using JWT tokens

You can use JWT tokens to authenticate users. To enable it you have to enable authentication with ENABLE_AUTH andset AUTH_TYPE to jwt, then configure the settings you can see below.

This can be tested using the jwt.io debugger. Use the following sample payload:

Shared document editing using Etherpad

You can collaboratively edit a document via Etherpad. In order to enable it, set the config options below and runDocker Compose with the additional config file etherpad.yml.

Here are the required options:

Transcription configuration

If you want to enable the Transcribing function, these options are required:

For setting the Google Cloud Credentials please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section 'Before you begin' paragraph 1 to 5.

Advanced configuration

These configuration options are already set and generally don't need to be changed.

Running behind NAT or on a LAN environment

If running in a LAN environment (as well as on the public Internet, via NAT) is a requirement,the DOCKER_HOST_ADDRESS should be set. This way, the Videobridge will advertise the IP addressof the host running Docker instead of the internal IP address that Docker assigned it, thus making ICEsucceed. If your users are coming in over the Internet (and not over LAN), this will likely be your public IP address. If this is not set up correctly, calls will crash when more than two users join a meeting.

The public IP address is discovered via STUN. STUN servers can be specified with the JVB_STUN_SERVERSoption.

Build Instructions

Building your images allows you to edit the configuration files of each image individually, providing more customization for your deployment.

3pm est in utc. The docker images can be built by running the make command in the main repository folder. If you need to overwrite existing images from the remote source, use FORCE_REBUILD=1 make.

If you are on the unstable branch, build the images with FORCE_REBUILD=1 JITSI_RELEASE=unstable make.

You are now able to run docker-compose up as usual.

Running behind a reverse proxy

By default this setup is using WebSocket connections for 2 core components:

• Sinalling (XMPP)
• Bridge channel (colibri)

Jitsi Meet Docker Github Extension

Due to the hop-by-hop nature of WebSockets the reverse proxy must properly terminate and forward WebSocket connections. There 2 routes require such treatment:

• /xmpp-websocket
• /colibri-ws

With nginx, these routes can be forwarded using the following config snippet:

where https://localhost:8443/ is the url of the web service's ingress.

Jitsi Meet Docker Github Tutorial

TODO: Add Apache example.

Disabling WebSocket connections

This is not the recommended setup.

If using WebSockets is not an option, these environment variables can be set to fallback to HTTP polling and WebRTC datachannels: