#FreeBSD #Jitsi

Jitsi

Jul 7, 2020
2 min read
May 31, 2023 18:15 EEST
pkg install net-im/jicofo net-im/jitsi-videobridge net-im/prosody security/p11-kit www/jitsi-meet

Following host names are used

meet.fechner.net
auth.meet.fechner.net
conference.meet.fechner.net
focus.meet.fechner.net
jitsi-videobridge.meet.fechner.net

Generate secrets using the following shellscript

#!/bin/sh
# generate random password
dd if=/dev/random count=1 bs=25 2>/dev/null | b64encode - | \
sed -e 's/=*$//' -e '/^begin/d' -e '/^$/d'

We prefix the secret with:

VIDEO-
FOCUS-
AUTH-
JICOFO-

Prosody

Edit /usr/local/etc/prosody/prosody.cfg.lua, before the “Virtual hosts” section add the following lines:

pidfile = "/var/run/prosody/prosody.pid";
include "conf.d/*.cfg.lua"
mkdir /usr/local/etc/prosody/conf.d

Now edit /usr/local/etc/prosody/conf.d/meet.fechner.net:

VirtualHost "meet.fechner.net"
        ssl = {
                key = "/var/db/prosody/meet.fechner.net.key";
                certificate = "/var/db/prosody/meet.fechner.net.crt";
        }
        authentication = "anonymous"
        modules_enabled = {
                "bosh";
                "pubsub";
        }
        c2s_require_encryption = false

VirtualHost "auth.meet.fechner.net"
        ssl = {
                key = "/var/db/prosody/auth.meet.fechner.net.key";
                certificate = "/var/db/prosody/auth.meet.fechner.net.crt";
        }
        authentication = "internal_plain"
        admins = { "focus@auth.meet.fechner.net" }

Component "conference.meet.fechner.net" "muc"

Component "jitsi-videobridge.meet.fechner.net"
        component_secret = "VIDEO-"

Component "focus.meet.fechner.net"
        component_secret = "FOCUS-"

Create the certificates (you can use default values):

prosodyctl cert generate meet.fechner.net
prosodyctl cert generate auth.meet.fechner.net

Check the configuration file:

prosodyctl check config

Register a user jicofo can login:

prosodyctl register focus auth.meet.fechner.net AUTH-

Trust the two certificates:

trust anchor /var/db/prosody/meet.fechner.net.crt
trust anchor /var/db/prosody/auth.meet.fechner.net.crt

For logging edit /usr/local/etc/prosody/prosody.cfg.lua:

...
log = {
        info = "/var/log/prosody/prosody.log";
        error = "/var/log/prosody/prosody.err";
        -- "*syslog"; -- Uncomment this for logging to syslog
        -- "*console"; -- Log to the console, useful for debugging with daemonize=false
}
...

Logrotation:

mkdir /usr/local/etc/newsyslog.conf.d

Create the file /usr/local/etc/newsyslog.conf.d/prosody

/var/log/prosody/prosody.* prosody:prosody 600 7 * @T03 JGNC

Execute:

newsyslog -C /var/log/prosody/prosody.log
newsyslog -C /var/log/prosody/prosody.err

Check and start prosody:

prosodyctl check
sysrc prosody_enable="yes"
service prosody start

jicofo

Edit /usr/local/etc/jitsi/jicofo/jicofo.conf

JVB_XMPP_HOST=localhost
JVB_XMPP_DOMAIN=meet.fechner.net
JVB_XMPP_PORT=5347
JVB_XMPP_SECRET=FOCUS-
JVB_XMPP_USER_DOMAIN=auth.meet.fechner.net
JVB_XMPP_USER_NAME=focus
JVB_XMPP_USER_SECRET=AUTH-

MAX_MEMORY=3072m

Make sure you give “JICOFO-*” passphrase in keytool:

keytool -noprompt -keystore /usr/local/etc/jitsi/jicofo/truststore.jks -importcert -alias prosody -file /var/db/prosody/auth.meet.fechner.net.crt

Logrotation, create /usr/local/etc/newsyslog.conf.d/jicofo:

/var/log/jicofo.log 600 7 * @T03 JNC

Create logfile:

newsyslog -C /var/log/jicofo.log
sysrc jicofo_enable="YES"
sysrc jicofo_flags="-Dorg.jitsi.jicofo.auth.URL=XMPP:meet.fechner.net"
service jicofo start

jitsi-meet

Edit /usr/local/www/jitsi-meet/config.js

/* eslint-disable no-unused-vars, no-var */
var domainroot = "meet.fechner.net"

var config = {
    hosts: {
        domain: domainroot,
        muc: 'conference.' + domainroot,
        bridge: 'jitsi-videobridge.' + domainroot,
        focus: 'focus.' + domainroot,
        anonymousdomain: 'guest.' + domainroot
    },

    useNicks: false,
    bosh: '//' + domainroot + '/http-bind',

};

/* eslint-enable no-unused-vars, no-var */

NGINX

Use template jitsi.conf.

Make sure you load accf_http kernel module.

Load the module:

kldload accf_http

Edit /boot/loader.conf:

accf_http_load="YES"

jitsi videobridge

Edit /usr/local/etc/jitsi/videobridge/jitsi-videobridge.conf and replace following lines:

JVB_XMPP_DOMAIN=meet.fechner.net
JVB_XMPP_SECRET=VIDEO-

For logratation create /usr/local/etc/newsyslog.conf.d/jtsi-videobridge:

/var/log/jitsi-videobridge.log 600 7 * @T03 JNC

Create logfile:

newsyslog -C /var/log/jitsi-videobridge.log

Start it with:

sysrc jitsi_videobridge_enable="YES"
service jitsi-videobridge start

Create a user

Related Posts
May 01 Bind 8 min read
Jun 29 ZSH 1 min read
Nov 25 Icinga2 2 min read
Dec 18 Ports 1 min read
Aug 09 NGINX 2 min read