Jitsi-Meet(2.0.5870-1)のインストール(2021年5月)[3回目]

更新日 2021-07-28 (水) 13:59:59

OSインストール

  • ubuntu 20.04LTS
    • ubuntu-20.04.2-live-server-amd64.iso

ipv6無効化

  • /etc/default/grub
RUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity"
GRUB_CMDLINE_LINUX="ipv6.disable=1"  ←ipv6.disable=1を追加
# update-grub
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.4.0-65-generic
Found initrd image: /boot/initrd.img-5.4.0-65-generic
done

# reboot
# ip -6 a

(何も表示しないこと確認)

自己署名証明書でnginxをSSL化(参考)

リポジトリを登録

# wget https://download.jitsi.org/jitsi-key.gpg.key

# gpg jitsi-key.gpg.key
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa4096 2021-04-15 [SC]
      FFD65A0DA2BEBDEB73D44C8BB4D2D216F1FD7806
uid           Jitsi <dev@jitsi.org>
sub   rsa4096 2021-04-15 [E]

# apt-key add jitsi-key.gpg.key
OK

リポジトリ追加

  • /etc/apt/sources.list.d/jitsi-stable.listを作成し、以下の1行を記入
deb https://download.jitsi.org stable/
#apt update
#apt upgrade

nginxインストール

# apt install nginx

インストールや起動時に以下のエラー対応

# systemctl status nginx

nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
  • エラー対応

IPv6を停止したため発生したようなのでIPv6の部分をコメントアウト

  • /etc/nginx/sites-available/default
server {
        listen 80 default_server;
##      listen [::]:80 default_server;  ←コメントアウト

        # SSL configuration
(略)
  • [nginxのドキュメントルートは以下]
    root /usr/share/nginx/html

また、indexファイルについては以下ような記載がある

       # Add index.php to the list if you are using PHP
       index index.html index.htm index.nginx-debian.html;

注)nginxの設定ファイル*.confは/etc/nginx/sites-availableの中にある。
例えばDocument Rootなど同じパラメータを複数の設定ファイルで指定した場合、どの設定ファイルのが優先されるか不確定。
どの順で同一ディレクトリ内のファイルを読むかわからないようだ

SSLの設定 (Letsencrypt SSL使用の時は不要)

実験ようなので、今回は自己証明を作成してnginx,Jitsi-Meet両方に同じ証明書を使用する。

自己証明作成

  • openssl インストール
# apt install openssl
  • 秘密鍵の作成(Keyファイル)
# mkdir /etc/nginx/ssl
# cd /etc/nginx/ssl
# openssl genrsa -out server.key 2048
  • CSR(証明書署名要求)の作成
# openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Mie Pref.
Locality Name (eg, city) []:Ise
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ISM
Organizational Unit Name (eg, section) []:Web Team
Common Name (e.g. server FQDN or YOUR name) []:meet.ism21.net
Email Address []:okada@ism21.net

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  • CRT(SSLサーバ証明書)の作成(証明書ファイル)
# openssl x509 -days 3650 -req -signkey server.key -in server.csr -out server.crt

nginxの設定

  • /etc/nginx/sites-available/default
server {
        listen 80 default_server;
##      listen [::]:80 default_server;

        # SSL configuration
        listen 443 ssl;	←追加

        # 証明書を設定 ←追加
        ssl_certificate     /etc/nginx/ssl/server.crt;	←追加
        ssl_certificate_key /etc/nginx/ssl/server.key;	←追加
# systemctl restart nginx
  • 確認
https://meet.ism21.net/

にアクセス(IPはダメ)

JDKのインストール

# apt install -y openjdk-8-jre-headless

Jitsi-Meetのインストール

証明書は先に作成したものを使用する

# apt install -y jitsi-meet
   lqqqqqqqqqqqqqqu Configuring jitsi-videobridge2 tqqqqqqqqqqqqqqqk
      x The value for the hostname that is set in Jitsi Videobridge   x
      x installation.                                                 x
      x                                                               x
      x The hostname of the current installation:                     x
      x                                                               x
      x meet.ism21.net_______________________________________________ x
      x                                                               x
      x                            <Ok>                               x
      x                                                               x
      mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
 qqqqqqqqqqqqqqqqqqqu Configuring jitsi-meet-web-config tqqqqqqqqqqqqqqqqqqqk
 x Jitsi Meet is best to be set up with an SSL certificate. Having no        x
 x certificate, a self-signed one will be generated. By choosing             x
 x self-signed you will later have a chance to install Let’s Encrypt        x
 x certificates. Having a certificate signed by a recognised CA, it can be   x
 x uploaded on the server and point its location. The default filenames      x
 x will be /etc/ssl/--domain.name--.key for the key and                      x
 x /etc/ssl/--domain.name--.crt for the certificate.                         x
 x                                                                           x
 x SSL certificate for the Jitsi Meet instance                               x
 x                                                                           x
 x        Generate a new self-signed certificate (You will later ...         x
 x        I want to use my own certificate  ←ローカル環境のためこちらを選択 x
 x                                                                           x
 x                                                                           x
 x                                  <Ok>                                     x
 x                                                                           x
 mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Let's Encrypt SSLを使用するときは「Generate a new self-signed」を選択する-----注1

  lqqqqqqqqqqqqqqqqqu Configuring jitsi-meet-web-config tqqqqqqqqqqqqqqqqqk
  x The full path to the SSL key file on the server. If it has not been   x
  x uploaded, now is a good time to do so.                                x
  x                                                                       x
  x Full local server path to the SSL key file:                           x
  x                                                                       x
  x /etc/ssl/meet.ism21.net.key__________________________________________ x
  x                                                                       x
  x                                <Ok>                                   x
  x                                                                       x
  mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
lqqqqqqqqqqqqqqqqqqqu Configuring jitsi-meet-web-config tqqqqqqqqqqqqqqqqqqqk
 x The full path to the SSL certificate file on the server. If you haven't   x
 x uploaded it, now is a good time to upload it in another console.          x
 x                                                                           x
 x Full local server path to the SSL certificate file:                       x
 x                                                                           x
 x /etc/ssl/meet.ism21.net.crt______________________________________________ x
 x                                                                           x
 x                                  <Ok>                                     x
 x                                                                           x
 mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Let's Encrypt SSLを使用するときはここのように証明書をこのタイミングで取得

SSL証明書のリンクを作成

先に作成した証明書をJitsi-Meetで使用するため

# cd /etc/ssl
# ln -s /etc/nginx/ssl/server.key meet.ism21.net.key
# ln -s /etc/nginx/ssl/server.crt meet.ism21.net.crt

このままnginxを再起動するとIPV6を停止した場合以下のエラーが再び出る

nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
  • /etc/nginx/sites-available/meet.ism21.net.confの以下を2か所をコメントアウト
server {
    listen 80;
##    listen [::]:80;  ←ここ
    server_name meet.ism21.net;
(略)
server {
    listen 443 ssl;
##    listen [::]:443 ssl;  ←ここ
    server_name meet.ism21.net;

nginxを再起動

# systemctl restart nginx
  • 確認
# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset:>
     Active: active (running) since Tue 2021-05-25 11:04:39 JST; 4min 22s ago
       Docs: man:nginx(8)

インストールパッケージの確認

# apt list --installed | grep jitsi

WARNING: apt does not have a stable CLI interface. Use with caution in scripts. 

jitsi-meet-prosody/stable,now 1.0.4985-1 all [installed,automatic]
jitsi-meet-turnserver/stable,now 1.0.4985-1 all [installed,automatic]
jitsi-meet-web-config/stable,now 1.0.4985-1 all [installed,automatic]
jitsi-meet-web/stable,now 1.0.4985-1 all [installed,automatic]
jitsi-meet/stable,now 2.0.5870-1 all [installed]
jitsi-videobridge2/stable,now 2.1-492-g5edaf7dd-1 all [installed,automatic]
# apt list --installed | grep jico

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.  

jicofo/stable,now 1.0-747-1 all [installed,automatic]

  • ちょっと参考
  • Jitsi-Meet:ウェブインターフェイスであるファイル群
  • Nginx:ウェブサーバ
  • Prosody:XMPPサーバ
  • Jicofo:ユーザセッションの交換、ビデオストリームチャネルの割当
  • Jvb:Jitsi Video Bridge ビデオストリームサーバ、バンド幅の監視・コントロール

WEB会議の作成できるユーザーの制限

ユーザとパスワードを設定

Jitsi-Meetの設定

# cd /etc/prosody/conf.avail/
  • /etc/prosody/conf.avail/meet.ism21.net.cfg.lua
VirtualHost "meet.ism21.net"
    -- enabled = false -- Remove this line to enable this host
    -- authentication = "anonymous"  ←削除
    authentication = "internal_plain" ←追加
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"

(省略)

hitelist jibri to enter lobby enabled rooms

---Add to JE2ISM ----
VirtualHost "guest.meet.ism21.net"
       authentication = "anonymous"
       c2s_require_encryption = false
---ここまで----------

Component "conference.meet.ism21.net" "muc"

ファイルの最後に以下を追加することでVideoが配信されるようになった。 (追加なしでも動く同一LANサーバ環境は動いた←理由不明)

-- Edit By JE2ISM
VirtualHost "guest.meet.hoge-c.com"
         authentication = "anonymous"
         c2s_require_encryption = false
  • /etc/jitsi/meet/meet.ism21.net-config.js
var config = {
    // Connection
    //

    hosts: {
        // XMPP domain.
        domain: 'meet.ism21.net',
        // Add by JE2ISM
        anonymousdomain: 'guest.meet.ism21.net',  ←追加

        // When using authentication, domain for guest users.
  • /etc/jitsi/jicofo/sip-communicator.properties
org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.meet.ism21.net
org.jitsi.jicofo.auth.URL=XMPP:meet.ism21.net ←追加
  • 参考

ユーザ追加

  • prosodyctlについて

次のようにユーザーアカウントを追加するために使用する。

# prosodyctl adduser me@example.com

その後、Prosodyはパスワードの入力を求めるプロンプトが出るので入力する。

アカウントのバッチ登録については、「prosodyctlregister」コマンドで可能になる。これにより、すべてを1行で処理できる。

  • 追加
# prosodyctl register me example.com mypassword

サービス再起動

# systemctl restart jicofo
# systemctl restart prosody
# systemctl restart jitsi-videobridge2.service

参加者すべてがID,パスワードが必要な設定

Jitsi-Meetの設定

以下の変更だけでよいみたい

# cd /etc/prosody/conf.avail/
  • /etc/prosody/conf.avail/meet.ism21.net.cfg.lua
VirtualHost "meet.ism21.net"
    -- enabled = false -- Remove this line to enable this host
    -- authentication = "anonymous"  ←削除
    authentication = "internal_plain" ←追加
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"

参考

Jitsi Meetのポート変更

変更ポート

  • http 80 → 8089
  • https 443 → 4449

portを8089と4449に変更 

以下の3つのファイルを修正

  • /etc/nginx/sites-available/meet.ism21.net.conf
server {
#    listen 80;
    listen 8089;
##    listen [::]:80;
server {
##    listen 443 ssl;
    listen 4449 ssl;
##    listen [::]:443 ssl;
    server_name meet.ism21.net;
  • /etc/jitsi/meet/meet.ism21.net-config.js
    // BOSH URL. FIXME: use XEP-0156 to discover it.
//    bosh: '//meet.ism21.net/http-bind',
    bosh: '//meet.ism21.net:4439/http-bind',
  • /etc/jitsi/videobridge/sip-communicator.properties
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:4449

再起動

# systemctl restart prosody
# systemctl restart jitsi-videobridge2
# systemctl restart jicofo
# systemctl restart nginx

(ここまでポートの変換はOK)


トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2021-07-28 (水) 13:59:59 (61d)