====== jibri ======
===== docker =====
jibri.yml inside ufficial docker-jitsi-meet does not work in swarm service (/dev/snd and xorg problems)
clone a version of jibri with pulse and xdummy support
git clone https://github.com/prayagsingh/docker-jibri-pulseaudio.git
change Dockerfile with specific chrome version
ARG CHROME_RELEASE=96.0.4664.45
ARG CHROMEDRIVER_MAJOR_RELEASE=96
create empty file ${CONFIG}/conf/jibri/finalize.sh
build image
docker build -t "galileo/jibri:stable-6726-1" .
===== (deprecated) on jitsi meet server =====
-- internal muc component, meant to enable pools of jibri and jigasi clients
Component "internal.auth.csgalileo.org" "muc"
modules_enabled = {
"ping";
}
storage = "null"
muc_room_cache_size = 1000
VirtualHost "jibri.csgalileo.org"
modules_enabled = {
"ping";
}
authentication = "internal_plain"
systemctl reload prosody
systemctl status prosody
====== jitsi ======
apt update
apt install -y curl && curl -s "http://wiki.csgalileo.org/tips:ubuntu:locale?do=export_code&codeblock=1" | /bin/bash
apt install nginx
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
echo 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list
apt-get -y update
apt-get -y install jitsi-meet
Se la macchina è nattata aggiungere le seguenti proprietà alla configurazione del videobridge:
vim /etc/jitsi/videobridge/sip-communicator.properties
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.45.X.X
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=94.230.Y.Y
systemctl restart jitsi-videobridge.service
systemctl restart jicofo
====== HAProxy ======
global
stats socket /tmp/haproxy
lua-load /etc/haproxy/routing.lua
defaults
timeout connect 5000
timeout client 50000
timeout server 50000
timeout check 10000
log global
option httplog
mode http
option dontlognull
frontend ft_http
bind :80
use_backend %[lua.custom_router]
option forwardfor header X-Real-IP
default_backend bk_http_default
frontend ft_https
bind *:443 ssl crt /etc/haproxy/cert.pem alpn h2,http/1.1
option forwardfor header X-Real-IP
option httpchk
use_backend %[lua.custom_router]
default_backend bk_https_default
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
http-response set-header X-Frame-Options sameorigin
http-response set-header X-Content-Type-Options nosniff
http-response set-header X-XSS-Protection 1;mode=block
http-response set-header Referrer-Policy no-referrer-when-downgrade
backend bk_http_default
mode http
server s1 94.230.76.84:8080 check id 1
backend bk_http
mode http
server s2 localhost:8080 check id 2
backend bk_https
mode http
server s2 localhost:4444 check ssl verify none
server s1 94.230.76.84:4444 check ssl verify none backup
backend bk_https_default
mode http
server s1 94.230.76.84:4444 check ssl verify none
server s2 localhost:4444 check ssl verify none backup
== routing.lua ==
local function router(txn, value)
local fe_name = txn.f:fe_name()
local fe_room = txn.f:url_param("room")
local fe_char = fe_room:byte(1)
core.Debug("Returning bk_https \n")
core.Debug(fe_name)
core.Debug(fe_room)
core.Debug(fe_char)
if fe_char % 2 == 1 then
if fe_name == "ft_https" then
core.Debug("Returning bk_https \n")
return "bk_https"
else
core.Debug("Returning bk_http \n")
return "bk_http"
end
else
if fe_name == "ft_https" then
core.Debug("Returning bk_https \n")
return "bk_https_default"
else
core.Debug("Returning bk_http \n")
return "bk_http_default"
end
end
end
core.register_fetches("custom_router", router)
==== Prosody - upgrade last version ====
Versione da 0.10.x (Bionic) a 0.11.5
Eseguire preventivamente il backup delle configurazioni in ''/etc/prosody'', ''/var/lib/prosody''.
echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list
wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -
apt-get update
apt-get install prosody
Modificare lo storage in ''/etc/prosody/conf.d/meet.x.y.lua'' sostituendo ''storage=None'' con ''storage='memory'' in tutti i servizi dove è dichiarato.
Correggere il permesso di lettura al certificato:
chmod +r /etc/prosody/certs/localhost.key
Eseguire ''update-ca-certificates -f'' se al riavvio di prosody nei log viene riportato:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException
Eseguire un controllo della porta ''5347'', se non è in ascolto controllare che in fondo a ''/etc/prosody/prosody.cfg.lua'' vi sia la riga ''Include "conf.d/*.cfg.lua"''
Decommentare in ''/etc/prosody/prosody.cfg.lua'' eventualmente la riga
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
Abilitare in ''/etc/prosody/prosody.cfg.lua'' la tipologia di backend ''epoll'':
admins = { }
network_backend = "epoll"
Riavviare i servizi:
systemctl restart prosody
systemctl restart jicofo
systemctl restart jitsi-videobridge2
Controllare i logs di questi servizi per eventuali altre sorprese.
=== LDAP in seguito upgrade ===
Se si esegue l'upgrade di prosody la versione di lua viene cambiata da ''5.1'' a ''5.2'' e l'autenticazione LDAP cessa di funzionare.
Installare ''luarocks''
apt-get install liblua5.2-dev
cd /tmp
wget https://github.com/luarocks/luarocks/archive/master.zip .
unzip master.zip
cd luarocks-master/
./configure --lua-version=5.2
make build
make install
Installare le dipendenze per LDAP
apt-get install libldap2-dev
apt-get install libssl1.0-dev # Questa non c'e' più in ubuntu 20
luarocks install lualdap
luarocks install luacrypto
luarocks install jwt-jitsi
Inserire in ''/etc/prosody/prosody.cfg.lua'':
consider_bosh_secure = true
Riavviare i servizi.