Jitsi Ansible

R/jitsi: Jitsi is a set of open-source projects that allows you to easily build and deploy secure videoconferencing solutions Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts. Aug 26, 2020 Jitsi is a set of open-source, completely free, secure, easy-to-use and cross-platform video conferencing applications for web and mobile. It is stable and reliable and works on Linux, Windows, and Mac OS; Android, and iOS mobile operating systems. The two central applications to Jtisi are Jitsi Videobridge and Jitsi Meet. Together, Ansible and Chocolatey bring faster and more secure deployments to your Windows environments. Use Chocolatey for software/package management and Ansible to automate and guarantee the desired state of your Windows infrastructure, allowing your team to securely deploy applications faster than ever. Learn More Watch On-Demand. Galaxy provides pre-packaged units of work known to Ansible as roles and collections. Content from roles and collections can be referenced in Ansible PlayBooks and immediately put to work. You'll find content for provisioning infrastructure, deploying applications, and all of the tasks you do everyday.

Social distancing has shaped an increase in usage of remote working tools.One such tool is Jitsi video conferencing. In this article Iwant to describe how easy it is to spin up a free video conferencing server.The tools used are Jitsi, the open source and free video conferencing software,Terraform and Ansible.As cloud provider I leverage Digital Ocean because of its competitive pricing.

Note that while the software is free, depending on which server you provision,different costs may apply.

Jitsi

Jitsi (https://jitsi.org/) is an open source video conferencing solutionthat is encrypted and leverages the latest Web standards. Thus, you onlyneed a browser to talk to other people.It was founded in 2013 by Emil Ivov. The name Jitsi comes from theBulgarian word жици which means “wires”. Since 2013 the developercommunity around Jitsi has continued to increase.

Server Creation

In order to quickly create a server on Digital Ocean I use the tool Terraform (https://www.terraform.io/).It can reproducibly create server instances on most cloud platforms just by writingconfiguration files.

This is what an example instance of Jitsi would look like. It is recommended tohave at a minimum a server with 3GB, better 4GB of RAM.

You need to adapt the path to you public key file and the regionwhere the server resides in.

Then run the commands:

You will be asked your Digital Ocean token that you can retrieve from theconsole of Digital Ocean.

DNS Configuration

Once your server is created you can find the IP address in the terraform.tfstatefile under ip4_address.

Jitsi ansible connect

You now apply this address to your DNS configuration. In CloudFlare for example,your create a DNS A record with the IP address as content and “DNS Only”.

Jitsi Meet Ansible Role

After you have applied the DNS changes, you need to wait until they are updated in the DNSservers. This can take a while and you can check with dig or nslookup if this is the case.

Ansible

Software Installation

For an automated installation of Jitsi on the Ubuntu Linux server we use the free Ansible (https://www.ansible.com/)tool. You can install it on Mac with a simple brew install ansible. For otheroperating systems check the installation guide on ansible.com.

In order for the Ansible script to work you need to adapt three variables. One is found inthe hosts file. There you need to change the ansible_host to your IP server address.Then there are two variables in the install_jitsi.yml script. One is the domain name (domain_name)which is the domain you have configured, for example with Cloudflare or your DNS system.The other variable is the email address (email_address) you need for the Let’s Encrypt software thatwill generate a valid TLS certificate.

hosts

install_jitsi.yml

In order to run the installation of Jitsi on your target host you need to runthe following command:

Testing

If everything went fine with the installation you can check it andenter the domain name you configured in the browser.

The video conferencing interface of Jitsi should now appear and youcan start creating a room and go chatting.

Conclusion

While there is now a Digital Ocean Marketplace image ofJitsi (https://marketplace.digitalocean.com/apps/jitsi-server),I think the solution in this article can be flexibly applied toother environments as well, like an in-house server or serversat other cloud providers.

References

GitHub source code: https://github.com/tderflinger/jitsi-deployment

Jitsi: https://jitsi.org/

Terraform: https://www.terraform.io/

Big lots vacuum storage bags. Ansible: https://www.ansible.com/

Digital Ocean: https://www.digitalocean.com/

Wikipedia Jitsi: https://en.wikipedia.org/wiki/Jitsi

A single server Jitsi installation is good for a limited size of concurrent conferences.The first limiting factor is the videobridge component, that handles the actual video and audio traffic.It is easy to scale the video bridges horizontally by adding as many as needed.In a cloud based environment, additionally the bridges can be scaled up or down as needed.

NB: The Youtube Tutorial on Scaling is outdated and describes an old configuration method.

NB: Building a scalable infrastructure is not a task for beginning Jitsi Administrators.The instructions assume that you have installed a single node version successfully, and thatyou are comfortable installing, configuring and debugging Linux software.This is not a step-by-step guide, but will show you, which packages to install and whichconfigurations to change. Use the manual install fordetails on how to setup Jitsi on a single host.It is highly recommended to use configuration management tools like Ansible or Puppet to manage theinstallation and configuration.

Architecture (Single Jitsi-Meet, multiple videobridges)

A first step is to split the functions of the central jitsi-meet instance (with nginx, prosody and jicofo) andvideobridges.

A simplified diagram (with open network ports) of an installation with one Jitsi-Meet instance and threevideobridges that are load balanced looks as follows. Each box is a server/VM.

Jitsi Ansible

Machine Sizing

The Jitsi-Meet server will generally not have that much load (unless you have many) conferencesgoing at the same time. A 4 CPU, 8 GB machine will probably be fine.

The videobridges will have more load. 4 or 8 CPU with 8 GB RAM seems to be a good configuration.

Installation of Jitsi-Meet

Assuming that the installation will run under the following FQDN: meet.example.com and you haveSSL cert and key in /etc/ssl/meet.example.com.{crt,key}

Set the following DebConf variables prior to installing the packages.(We are not installing the jitsi-meet package which would handle that for us)

Install the debconf-utils package

On the jitsi-meet server, install the following packages:

Download
  • nginx
  • prosody
  • jicofo
  • jitsi-meet-web
  • jitsi-meet-prosody
  • jitsi-meet-web-config

Installation of Videobridge(s)

For simplicities sake, set the same debconf variables as above and install

  • jitsi-videobridge2

Configuration of jitsi-meet

Firewall

Open the following ports:

Open to world:

  • 80 TCP
  • 443 TCP

Open to the videobridges only

  • 5222 TCP (for Prosody)
  • 5347 TCP (for Jicofo)

NGINX

Create the /etc/nginx/sites-available/meet.example.com.conf as usual

Prosody

Jitsi Server Ansible

Follow the steps in the manual install for setup tasks

You will need to adapt the following files (see the files in example-config-files/scalable)

  • /etc/prosody/prosody.cfg.lua
  • /etc/prosody/conf.avail/meet.example.com.cfg.lua

Jitsi-Meet

Adapt /usr/share/jitsi-meet/config.js and /usr/share/jitsi-meet/interface-config.js to your specific needs

Jicofo

You will need to adapt the following files (see the files in example-config-files/scalable)

  • /etc/jitsi/jicofo/config (hostname, jicofo_secret, jicofo_password)
  • /etc/jitsi/jicofo/sip-communicator.properties (hostname)

Configuration of the Videobridge

Firewall

Open the following ports:

Open to world:

  • 443 TCP
  • 10000 UDP

jitsi-videobridge2

You will need to adapt the following files (see the files in example-config-files/scalable)

Each videobridge will have to have it's own, unique nickname

  • /etc/jitsi/videobridge/config (hostname, password)
  • /etc/jitsi/jicofo/sip-communicator.properties (hostname of jitsi-meet, nickname of videobridge, vb_password)
Jitsi Ansible

With the latest stable (April 2020) videobridge, it is no longer necessary to set public and private IPadresses in the sip-communicator.properties as the bridge will figure out the correct configuration by itself.

Testing

Matrix Jitsi Ansible

After restarting all services (prosody, jicofo and all the jitsi-videobridge2) you can see in/var/log/prosody/prosody.log and/var/log/jitsi/jicofo.log that the videobridges connect to Prososy and that Jicofo picks them up.

When a new conference starts, Jicofo picks a videobridge and schedules the conference on it.