Show pageOld revisionsBacklinksAdd to bookExport to PDFBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== jibri ====== ===== docker ===== jibri.yml inside ufficial docker-jitsi-meet does not work in swarm service (/dev/snd and xorg problems) clone a version of jibri with pulse and xdummy support <code | download> git clone https://github.com/prayagsingh/docker-jibri-pulseaudio.git </code> change Dockerfile with specific chrome version <code | Dockerfile> ARG CHROME_RELEASE=96.0.4664.45 ARG CHROMEDRIVER_MAJOR_RELEASE=96 </code> create empty file ${CONFIG}/conf/jibri/finalize.sh build image <code> docker build -t "galileo/jibri:stable-6726-1" . </code> ===== (deprecated) on jitsi meet server ===== <file ini /etc/prosody/conf.d/jibri.cfg.lua> -- internal muc component, meant to enable pools of jibri and jigasi clients Component "internal.auth.csgalileo.org" "muc" modules_enabled = { "ping"; } storage = "null" muc_room_cache_size = 1000 VirtualHost "jibri.csgalileo.org" modules_enabled = { "ping"; } authentication = "internal_plain" </file> <code> systemctl reload prosody systemctl status prosody </code> ====== jitsi ====== <code> apt update apt install -y curl && curl -s "http://wiki.csgalileo.org/tips:ubuntu:locale?do=export_code&codeblock=1" | /bin/bash apt install nginx wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add - echo 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list apt-get -y update apt-get -y install jitsi-meet </code> Se la macchina è nattata aggiungere le seguenti proprietà alla configurazione del videobridge: <code> vim /etc/jitsi/videobridge/sip-communicator.properties org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.45.X.X org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=94.230.Y.Y systemctl restart jitsi-videobridge.service systemctl restart jicofo </code> ====== HAProxy ====== global stats socket /tmp/haproxy lua-load /etc/haproxy/routing.lua defaults timeout connect 5000 timeout client 50000 timeout server 50000 timeout check 10000 log global option httplog mode http option dontlognull frontend ft_http bind :80 use_backend %[lua.custom_router] option forwardfor header X-Real-IP default_backend bk_http_default frontend ft_https bind *:443 ssl crt /etc/haproxy/cert.pem alpn h2,http/1.1 option forwardfor header X-Real-IP option httpchk use_backend %[lua.custom_router] default_backend bk_https_default http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload http-response set-header X-Frame-Options sameorigin http-response set-header X-Content-Type-Options nosniff http-response set-header X-XSS-Protection 1;mode=block http-response set-header Referrer-Policy no-referrer-when-downgrade backend bk_http_default mode http server s1 94.230.76.84:8080 check id 1 backend bk_http mode http server s2 localhost:8080 check id 2 backend bk_https mode http server s2 localhost:4444 check ssl verify none server s1 94.230.76.84:4444 check ssl verify none backup backend bk_https_default mode http server s1 94.230.76.84:4444 check ssl verify none server s2 localhost:4444 check ssl verify none backup == routing.lua == <code lua> local function router(txn, value) local fe_name = txn.f:fe_name() local fe_room = txn.f:url_param("room") local fe_char = fe_room:byte(1) core.Debug("Returning bk_https \n") core.Debug(fe_name) core.Debug(fe_room) core.Debug(fe_char) if fe_char % 2 == 1 then if fe_name == "ft_https" then core.Debug("Returning bk_https \n") return "bk_https" else core.Debug("Returning bk_http \n") return "bk_http" end else if fe_name == "ft_https" then core.Debug("Returning bk_https \n") return "bk_https_default" else core.Debug("Returning bk_http \n") return "bk_http_default" end end end core.register_fetches("custom_router", router) </code> ==== Prosody - upgrade last version ==== Versione da 0.10.x (Bionic) a 0.11.5 Eseguire preventivamente il backup delle configurazioni in ''/etc/prosody'', ''/var/lib/prosody''. <code bash> echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add - apt-get update apt-get install prosody </code> Modificare lo storage in ''/etc/prosody/conf.d/meet.x.y.lua'' sostituendo ''storage=None'' con ''storage='memory'' in tutti i servizi dove è dichiarato. Correggere il permesso di lettura al certificato: <code bash> chmod +r /etc/prosody/certs/localhost.key </code> Eseguire ''update-ca-certificates -f'' se al riavvio di prosody nei log viene riportato: <code bash> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException </code> Eseguire un controllo della porta ''5347'', se non è in ascolto controllare che in fondo a ''/etc/prosody/prosody.cfg.lua'' vi sia la riga ''Include "conf.d/*.cfg.lua"'' Decommentare in ''/etc/prosody/prosody.cfg.lua'' eventualmente la riga <code lua> "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. </code> Abilitare in ''/etc/prosody/prosody.cfg.lua'' la tipologia di backend ''epoll'': <code lua> admins = { } network_backend = "epoll" </code> Riavviare i servizi: <code bash> systemctl restart prosody systemctl restart jicofo systemctl restart jitsi-videobridge2 </code> Controllare i logs di questi servizi per eventuali altre sorprese. === LDAP in seguito upgrade === Se si esegue l'upgrade di prosody la versione di lua viene cambiata da ''5.1'' a ''5.2'' e l'autenticazione LDAP cessa di funzionare. Installare ''luarocks'' <code bash> apt-get install liblua5.2-dev cd /tmp wget https://github.com/luarocks/luarocks/archive/master.zip . unzip master.zip cd luarocks-master/ ./configure --lua-version=5.2 make build make install </code> Installare le dipendenze per LDAP <code bash> apt-get install libldap2-dev apt-get install libssl1.0-dev # Questa non c'e' più in ubuntu 20 luarocks install lualdap luarocks install luacrypto luarocks install jwt-jitsi </code> Inserire in ''/etc/prosody/prosody.cfg.lua'': <code lua> consider_bosh_secure = true </code> Riavviare i servizi. tips/jibri.txt Last modified: 2022/07/14 17:08by sscipioni