Jitsi Meet as a standalone Docker instance

Jitsi Meet | Docker instance | Docker image | NGINX virtual host

see /chat/jitsi-meet for overall dns and sysprep requirements

and see jitsi-meet-image if you would rather build an image

we’re gonna use the dumb-init flavor of our Devuan images, because with SVR4, JVB doesn’t start for some reason (it is probably relying on other components and starts too early)

docker pull pbraun9/devuan

FQDN is required as hostname and we need to open HTTP already for standalone certs

    docker run -d --name meet --hostname meet.nethence.com --workdir /root \
            -p 212.83.155.59:80:80 \
            -p 212.83.155.59:443:443 \
            -p 212.83.155.59:10000:10000/udp \
            pbraun9/devuan
docker logs meet
docker exec -ti meet /bin/bash

if you’ve got some certs already, you might want to share those already

mkdir -p /data/docker/meet/

    -v /data/docker/meet:/var/tmp/meet \

and within the instance

cp /var/tmp/meet/meet.nethence.com/privkey1.pem /etc/ssl/meet.nethence.com.key
cp /var/tmp/meet/meet.nethence.com/fullchain1.pem /etc/ssl/meet.nethence.com.crt
chmod 400 /etc/ssl/meet.nethence.com.key
chmod 444 /etc/ssl/meet.nethence.com.crt

Setup

get ready

apt update
apt full-upgrade -y
apt autoremove --purge
apt install wget gnupg htop lsb-release -y
# TODO try with gnupg1

proceed and eventually pre-install certbot already

    wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
    echo deb https://download.jitsi.org stable/ >> /etc/apt/sources.list
    apt update
    time apt install jitsi-meet certbot -y

PROVIDE FQDN --- or meet-tmp in case you're preparing a docker image

GENERATE CERTS (LE COMES LATER)

# 2m8.697s on xc
# 3m2.256s on xc

Tweak the LE script

    cp -pi /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh.dist
chmod -x /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh.dist
    vi /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

    if [[ $DISTRO = Debian || $DISTRO = Devuan ]]; then

start the web service right away

    service nginx start

check that your virtual IP and FQDN respond remotely and that HTTP responds

ping 212.83.155.59
ping meet.nethence.com
ping auth.meet.nethence.com
curl -I http://meet.nethence.com/

you can now proceed with the LE script

lsb_release -a
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

EMAIL

Behind Docker-or-NAT

we’re assuming a dedicated IP

on the host

    ifconfig eth0:0 $facingip/32
    #ip addr add $facingip/32 dev eth0

within the instance

check for your docker/internal IP

ifconfig

cp -pi /etc/jitsi/videobridge/sip-communicator.properties /etc/jitsi/videobridge/sip-communicator.properties.dist
vi /etc/jitsi/videobridge/sip-communicator.properties

# COMMENT OUT THAT ONE
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443

    org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=172.17.0.2
    org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=212.83.155.59

ln -s /etc/jitsi/videobridge/sip-communicator.properties

Handy scripts

eventually make a few wrapper scripts available

    cat > /root/START <<-EOF
    rm -f /var/run/jicofo.pid
    rm -f /var/run/jitsi-videobridge.pid
    service nginx start
    service prosody start
    service jicofo start
    service jitsi-videobridge2 start
    EOF

    cat > /root/STATUS <<-EOF
    service nginx status
    service prosody status
    service jicofo status
    service jitsi-videobridge2 status
    EOF

    cat > /root/STOP <<-EOF
    service nginx stop
    service prosody stop
    service jicofo stop
    service jitsi-videobridge2 stop
pkill turnserver
    EOF

cat > /root/RESTART <<-EOF
    service nginx restart
    service prosody restart
    service jicofo restart
    service jitsi-videobridge2 restart
EOF

    cat > /root/log <<-EOF
    tail -n0 -F /var/log/* /var/log/*/*
    EOF

    chmod +x /root/START /root/STATUS /root/STOP /root/RESTART /root/log

Ready to go

finally startup the rest

    #rm -f /var/run/jicofo.pid
    #rm -f /var/run/jitsi-videobridge.pid
    #service nginx start
    service prosody start
    service jicofo start
    service jitsi-videobridge2 start

and enable it at boot-time in case that instance got restarted

vi /etc/rc.local

    rm -f /var/run/jicofo.pid
    rm -f /var/run/jitsi-videobridge.pid
    service nginx start
    service prosody start
    service jicofo start
    service jitsi-videobridge2 start

eventually make an image out of it however it will have the FQDN and IPs hard-coded. rather go for the other guide if you wanna build an image.

Troubles

when starting the instance

    docker: Error response from daemon: driver failed programming external connectivity on endpoint meet 
      (d4ce2b4d7f4bcedbf3016f12172e17eb2aad3bfe88650366e0caaae0f106a26a): 
      Error starting userland proxy: listen tcp4 INSTANCE-IP:443: bind: address already in use.

==> NGINX reload nor reopen on the host are not enough, you need to restart it after you’ve tuned listen HOST-IP:80 lines

#nginx -s stop
nginx -s quit
nginx

Resources

dedicated ip

Public accessible IP in container (like bridge network in VirtualBox) https://forums.docker.com/t/public-accessible-ip-in-container-like-bridge-network-in-virtualbox/3668

How to Get A Docker Container IP Address - Explained with Examples https://www.freecodecamp.org/news/how-to-get-a-docker-container-ip-address-explained-with-examples/

How to assign static public IP to docker container https://stackoverflow.com/questions/34688906/how-to-assign-static-public-ip-to-docker-container

Assign static IP to Docker container https://stackoverflow.com/questions/27937185/assign-static-ip-to-docker-container


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | NU | HTML5
PROXYSELLER — the best individual proxy provider
Copyright © 2021 Pierre-Philipp Braun