Setting up Jitsi Meet

tested on bionic and debian buster

DNS

meet            IN CNAME france1
*.meet          IN CNAME france1

Sysprep

less /proc/cpuinfo
/aes
/avx
/avx2

vi /etc/hostname

meet

vi /etc/hosts

127.0.0.1       localhost meet.nethence.com meet
#auth.meet.nethence.com internal.auth.meet.nethence.com
#auth.meet internal.auth.meet

Setup

# start from scratch
#apt purge jitsi*
#apt autoremove --purge
#dpkg -l | grep ^rc

apt update
apt full-upgrade
apt install wget gnupg htop

wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
echo deb https://download.jitsi.org stable/ > /etc/apt/sources.list.d/jitsi-stable.list
apt update
apt install jitsi-meet

FQDN otherwise the letsencrypt script will complain later-on
self-signed so you won't be bothered with questions about /etc/ssl/cert location

apt install -y lsb-release
dpkg -l | grep certbot
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

EMAIL

openssl x509 -in /var/lib/prosody/meet.nethence.com.crt -noout -text | less

SSL

vi /etc/nginx/sites-enabled/meet.nethence.com.conf

    # default location
    #ssl_certificate /etc/ssl/meet.nethence.com.crt;
    #ssl_certificate_key /etc/ssl/meet.nethence.com.key;

    # self-signed
    #ssl_certificate /var/lib/prosody/meet.nethence.com.crt;
    #ssl_certificate_key /var/lib/prosody/meet.nethence.com.key;

    # let's encrypt
    ssl_certificate /etc/letsencrypt/live/meet.nethence.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/meet.nethence.com/privkey.pem;

systemctl restart nginx

Fixup

on ubuntu, you need to comment out the first line

vi /etc/nginx/sites-available/DOMAIN.TLD.conf

#server_names_hash_bucket_size 64;

systemctl restart nginx

Ready to go

prosodyctl check

service nginx status
service prosody status
service jicofo status
service jitsi-videobridge2 status

service nginx restart
service prosody restart
service jicofo restart
service jitsi-videobridge2 restart

Acceptance

How good is the box handling the CPU load while encrypting multiple streams?…

htop

Maintenance

dpkg-reconfigure jitsi-meet-web-config
dpkg-reconfigure jitsi-videobridge2
dpkg-reconfigure jitsi-meet-prosody

Firewalling

We like NFTABLES more

    apt purge iptables
    apt install nftables

This is what’s listening altogether on localhost

nmap localhost

25/tcp   open  smtp
80/tcp   open  http
443/tcp  open  https
2222/tcp open  EtherNetIP-1
2812/tcp open  atmtcp
4444/tcp open  krb524
4445/tcp open  upnotifyp
5222/tcp open  xmpp-client
5269/tcp open  xmpp-server
5280/tcp open  xmpp-bosh
5347/tcp open  unknown
8888/tcp open  sun-answerbook

443/udp  open  https
5000/udp open  upnp

and pointing to the serving IP we may see what’s truely listening on the facing network

nmap x.x.x.x

80/tcp   open  http
443/tcp  open  https
2222/tcp open  EtherNetIP-1
4444/tcp open  krb524
4445/tcp open  upnotifyp
5222/tcp open  xmpp-client
5269/tcp open  xmpp-server
5280/tcp open  xmpp-bosh
8888/tcp open  sun-answerbook

443/udp   open          https
5000/udp  open          upnp
10000/udp open|filtered ndmp

Look for

vi /etc/jitsi/videobridge/sip-communicator.properties

We need only 80,443,4444/tcp and 10000/udp – setup nftables accordingly

                #jitsi meet
                tcp dport 80 accept
                tcp dport 443 accept
                tcp dport 4444 accept
                udp dport 10000 accept

Tuning

If you got slow IOPS, tune your fs and mount points a little bit

vi /etc/fstab

/dev/xvda1 / reiser4 defaults,noiversion,auto_da_alloc,noatime 0 1
proc /proc proc defaults 0 0
tmpfs /tmp tmpfs                rw,async,nodev,nosuid,noatime 0 0
#tmpfs /var/log/nginx tmpfs      rw,async,nodev,nosuid,noatime 0 0
tmpfs /var/log/jitsi tmpfs      rw,async,nodev,nosuid,noatime 0 0
#ubuntu -- noatime --> realtime

Resources

https://download.jitsi.org/jitsi/

firewalling

Server Installation for Jitsi Meet https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md

tuning

https://www.linuxliteos.com/forums/tutorials/fast-disk-io-with-ext4-howto/

https://blog.confirm.ch/mount-options-atime-vs-relatime/


HOME | GUIDES | BENCHMARKS | html