jitsi meet | standalone | virtual host | image preparation | image usage
https://hub.docker.com/r/pbraun9/meet
here we have a VIP (aka failover IP) and we tuned the host NGINX not to bind to that one
fqdn=meet.$domain
instance=${fqdn%%\.*}
facingip=`curl -s ifconfig.me`
echo $facingip
FQDN as hostname is important for the built-in UPDATE-HOSTNAME script to work. we are simply sharing /var/tmp/meet/ in case we need to push some certs in there.
docker pull pbraun9/meet
mkdir /var/tmp/meet/
docker run -d --name $instance --hostname $fqdn -e facingip=$facingip --workdir /root \
-p $facingip:80:80 \
-p $facingip:443:443 \
-p $facingip:10000:10000/udp \
-v /var/tmp/meet:/var/tmp/meet \
pbraun9/meet
docker logs $instance
docker exec -ti $instance /bin/bash
dpkg-reconfigure jitsi-videobridge2
dpkg-reconfigure jitsi-meet-web-config
dpkg-reconfigure jitsi-meet-prosody
/root/RESTART
/root/STATUS
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
/root/RESTART
^D
cat /etc/jitsi/videobridge/sip-communicator.properties
grep -r meet-tmp /etc/ | grep -v \\.dist # occurrences should be gone
same thing but without docker port mapping (-p). we still need to define docker env var for NAT to work (-e).
then reverse proxy the whole thing (I pushed all possible headers I could, you might try to remove some)
server {
listen 80;
#listen [::]:80;
server_name meet.nethence.com;
return 301 https://meet.nethence.com$request_uri;
# deal with http-01 challenges (no http2 there)
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
# trailing slash matters
alias /var/www/dehydrated/;
}
}
server {
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name meet.nethence.com;
ssl_certificate /etc/dehydrated/certs/meet.nethence.com/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/meet.nethence.com/privkey.pem;
ssl_certificate /etc/dehydrated/certs/ECC/meet.nethence.com/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/ECC/meet.nethence.com/privkey.pem;
access_log /var/log/nginx/meet.access.log compression;
error_log /var/log/nginx/meet.error.log warn;
location / {
proxy_ssl_verify off;
proxy_pass https://172.17.0.2/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
# deal with http-01 challenges (no http2 there)
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
# trailing slash matters
alias /var/www/dehydrated/;
}
}
and don’t forget to provide SNAT and also port-forward UDP 10000
define nic=eth0
table ip nat
flush table ip nat
table ip nat {
# SNAT
chain postrouting {
type nat hook postrouting priority 100;
ip saddr 172.17.0.0/16 oif $nic snat FACING-IP;
}
# DNAT
chain prerouting {
type nat hook prerouting priority dstnat;
iif $nic udp dport 10000 dnat 172.17.0.2;
}
}