Etherpad Jitsi

Jitsi and Docker Overview

Base image for Jitsi Meet's images (based on Debian and S6 overlay) Container. If you want the communication between the Jitsi Meet and the Etherpad server to be encrypted, use a reverse proxy. If Etherpad will only be accessed via Jitsi and it’s installed on the same server, you don’t need that. Learn more about Jitsi, a free open-source video conferencing software for web & mobile. Make a call, launch on your own servers, integrate into your app, and more.

Jitsi Meet is an open source video conferencing service solution providing fully encrypted and secure high quality and audio without subscription or the need to create an account. The solution can either be installed natively on Ubuntu Bionic Beaver (18.04 LTS) and Debian Buster. Another way to install it, is using a containerized application running on Docker.

This tutorial explains how to install the Jitsi Meet solution on a virtual cloud instance using the Docker Image provided by the Jitsi team, allowing you to deploy your personal Jitsi Meet video conferencing solution in a few easy steps. It is based on a Debian stable base installation and provides all additional modules availabe for Jitsi like Etherpad or jigasi, a gateway allowing SIP connections to the Jitsi Meet instance.

Requirements

  • You have an account and are logged into console.scaleway.com
  • You have configured your SSH Key
  • You have a Scaleway Elements Instance running Ubuntu Bionic Beaver (18.04 LTS)
  • You have installed Docker on the instance
  • For best performances of Jitsi Meet, an instance with at least 4GB RAM is recommended
  • You have a domain or subdomain pointed to your Instance

Setting Up the Solution

1 . Connect to your Scaleway Elements Instance using SSH.

2 . Update the packet cache and upgrade the software already installed on the instance using the apt packet manager:

3 . Install Docker, for more detailed instructions, follow our dedicated tutorial:

4 . Clone the Docker Jitsi Meet repository using git and cd into the downloaded directory:

5 . Copy the env.example file to create a environment (.env) configugration and create the required configuration directories:

6 . Open the .env file in a text editor and edit the basic settings as following:

7 . If you run a firewall on your instance or have configured a stateful cloud firewall using security groups, make sure that the following ports are open:

  • 80/tcp for Web UI HTTP (for redirections, after uncommenting ENABLE_HTTP_REDIRECT=1 in .env)
  • 443/tcp for Web UI HTTPS
  • 4443/tcp for RTP media over TCP
  • 10000/udp for RTP media over UDP

8 . Run docker-compose up -d to download and launch the application.

Note: If you want to use the Etherpad option with Jisi Meet, configure the Etherpad section in the .env file and start the docker container as following: docker-compose -f docker-compose.yml -f etherpad.yml up

Connecting to the Instance

1 . Open a web browser on your local computer and access the web UI at https://<public_instance_ip>/. The Jitsi Meet login screen displays:

Enter a name for your conference and press Go to enter the conference room. It is now possible to share the link, to set a password, configure the audio and video quality and more for the conference.

2 . Happy conferencing :)

For more information concerning the Jitsi Meet Docker image, refer to the official documentation.

Even before COVID-19, most of us were in need for some kind of conference solution. Some use proprietary ones like Google Hangouts, Zoom or one of the other popular ones out there.

But if you are in tightly-regulated industry or just want to have full control over your data and like to use open-source, then chances are high you already stumbled upon Jitsi Meet.

In this post I describe the process to setup a fully-functional Jitsi-Meet instance on AWS (+ Terraform code!)

  • Jitsi Meet (Ubuntu 18.04)
  • Terraform code available (>= 0.12 / HCL2)
  • Authentication (Users need to be authenticated to create new conferences) + Guest access (can only join existing conferences)
  • LetsEncrypt certificate for HTTPS
  • Collaborative working on a shared document during Jitsi conference (etherpad-lite)
  • SQL Database for Jitsi authorized accounts
  • Aurora Serverless (MySQL)
  • Scale down to 0 to reduce costs
  • AutoScalingGroup
  • ASG notifications (+ SNS Topic)
  • CloudWatch Logs (+ CloudWatch Agent)
  • Route53 Public & Private records
  • OPTIONAL: Cross-Account for Public & Private records
  • Allow SSH by workstation IPv4 (can be disabled)
  • Add other allowed IPv4 CIDRs for SSH
  • Restrict Jitsi access CIDRs (Default: not restricted)
Terraform:hajowieland/terraform-aws-jitsi
  1. Clone the git repository git clone https://github.com/hajowieland/terraform-aws-jitsi.git
  2. Create a terraform.tfvars and fill in the below variables as key = value one per line
  3. If your Route53 Public & Private Hosted Zones are in the same AWS Account as where you want to deploy Jitsi, it’s just this:
TF VariableDescriptionTypeDefaultExample
aws_regionAWS Regionstringeu-central-1 (Frankfurt)eu-west-1 (Ireland)
domainJitsi Domainstringexample.comnapo.io
letsencrypt_emailLetsEncrypt E-Mailstring[email protected][email protected]
public_subnet_idsPublic Subnet IDslist(string)'subnet-id-1', 'subnet-id-2', 'subnet-id-3']['subnet-9ab8765', 'subnet-1ab2c345', 'subnet-01234567890ab01cd']
public_zone_idPublic Zone IDstringZ0123publiczoneZC1BDEFGH2I3J
private_zone_idPrivate Zone IDstringZ456privatezoneZ01234567A89BC0D123E4
vpc_idVPC IDstringvpc-123vpc-1a2b3456

Of course you can use it as Terraform module, too:

Here I show you the process of manually setting up Jitsi-Meet on AWS on a single EC2 instance. For a production-ready solution, please use the Terraform code above !)

It shows how the important steps of the EC2 Userdata in the Terraform code work.

Prerequisites

  1. EC2 Instance with Ubuntu 18.04
  2. You can connect to the instance with SSH
  3. MySQL / PostgreSQL database

Raise system limits

Jitsi needs increased files and process limits, so we set them in systemd:

Update System, install Jitsi

During install you get ask these two questions:

  • Hostname: Set to the desired FQDN for your Jitsi instance (e.g.: meet.example.com)
  • Certificate: Choose Generate a new self-signed certificate (we will get a LetsEncrypt certificate later)

Now export the Hostname as environment variable which we will use in the next steps (replace with the FQDN you configured during install):

Etherpad

Now we are going to install etherpad-lite, which is integrated in Jitsi-Meet and allows us to collaboratively work together on a shared document during conferences.

Install etherpad-lite

Download node, clone etherpad-lite git repository and add a etherpad-lite system user:

etherpad-lite systemd

To enable etherpad-lite at startup and be controlled by systemd, create a systemd unit file and enable the service:

You can check if everything is working with:

Enable ethterpad in Meet

The Meet component needs to know that it can now use Ethterpad:

Prosody SQL

To allow users to be created and stored in an SQL database, configure Prosody (the XMPP component of Jitsi) to use the database instead of local filestore:

Now fill in the MySQL / PostgreSQL credentials of your database (database name, user, password and host)

For MySQL:

For PostgreSQL:

Prosody initially used to local filestore for the focus and jvb users, we need them to be converted to our SQL backend.

We can use Prosody Migrator for this task. First we createa Migrator config (fill in your Database data like in the previous step):

For MySQL:

For PostgreSQL:

And then we migrate the local filestore to the SQL database:

Configure Authentication

By default, no authentication is set which means every (unauthenticated!) user can create new conferences (and if you have a public Jitsi instance, this means everyone).

This exposes Jitsi to various spam/flood attacks and the Jitsi instance may be used for unintended purposes.

So we definitely need to set up authentication. In the previous step we configured the database backend for the internal Jitsi users and our authenticated users we can add later.

In Jitsi Meet and Prosody we set up a guest domain:

In Jicofo (the focus component), we configure the XMPP auth url so it connects to XMPP (= Prosody) for authentication:

nginx configuration

Finally we configure nginx for etherpad-lite and for a seperate interface configuration.

The latter allows us for example to modify the visible Toolbar Buttons (TOOLBAR_BUTTONS) in Jitsi.

Etherpad Jitsi

We use a seperate config file for this so it does not get overwritten by a Jitsi update.

Jitsi

LetsEncrypt

As a last step we request a LetsEncrypt certificate. Luckily, Jitsi already provides us with a handy script:

(You get asked for an email adress).

All necessary configuration and auto-renewal (cronjob) will be configured by the script 👍

Eastern time in utc. Universal Time (UTC) to Eastern Standard Time (EST) 12 am UTC: is: 8 pm EST: 1 am UTC: is: 9 pm EST: 2 am UTC: is: 10 pm EST: 3 am UTC: is: 11 pm EST: 4 am UTC: is: 12 am EST: 5 am UTC: is: 1 am EST: 6 am UTC: is: 2 am EST: 7 am UTC: is: 3 am EST: 8 am UTC: is: 4 am EST: 9 am UTC: is: 5 am EST: 10 am UTC: is: 6 am EST: 11 am UTC: is: 7 am EST. Time Difference. Eastern Daylight Time is 4 hours behind of Universal Time Coordinated 2:00 am 02:00 in EDT is 6:00 am 06:00 in UTC. EST to UTC call time Best time for a conference call or a meeting is between 8am-1pm in EST which corresponds to 1pm-6pm in UTC. 2:00 am 02:00 Eastern Daylight Time (EDT). Offset UTC -4:00 hours. EST stands for Eastern Standard Time. UTC is known as Universal Time. UTC is 4 hours ahead of EST. 12:00 am EST 1:00 am EST 2:00 am EST 3:00 am EST 4:00 am EST 5:00 am EST 6:00 am EST 7:00 am EST 8:00 am EST 9:00 am EST 10:00 am EST 11:00 am EST 12:00 pm EST 1:00 pm EST 2:00 pm EST 3:00 pm EST 4:00 pm EST 5:00 pm EST 6:00 pm EST 7:00 pm EST 8:00 pm EST 9:00 pm EST.

Restart services

Now restart all services and then you are ready to use your shiny new Jitsi-Meet instance 👏

Add authenticated users

If you visit Jitsi-Meet with your browser and create a new conference, you have to authenticate as host:

New users can be created in Prosody via prosodyctl:

Etherpad Jitsi Docker

Now try right away to log in with this new user and voilâ –> Now you can invite guests to your conference (they do not have to authenticate - but can only conferences with are created by authenticated users).

To collaborate together on a shared document:

If you encounter any problems or have some ideas on how to enhance the IaC code ➡️ please let me know!

Jitsi Etherpad Lite

I would be very happy to see some Pull Requests on GitHub for the Terraform code of this blog post: