Construct Jitsi which is an open source web conference system on Docker. The conference systems like Zoom and Webex are supplied as free service, althoug in these services, there are some restrictions of time, members and so on to use. The merits for constructing the Jitsi web conference system are no limit to use, in addition, if you need, you could extend the system resources and functions and tweak any codes. Jitsi works on web browser, android OS and Apple iOS.
Jitsi web conference system is composed of the following 5 blocks. the web container works based on the image which put Nginx and Jitsi-Meet together and other container works based on each image of Prosody, Jicofo and VideoBridge. Network communication for SSL (Let's Encrypt) is established via Nginx reverse proxy.
- Jitsi-Meet: Web Interface files
- Nginx: Web Server
- Prosody: XMPP Server
- Jicofo: Exchange Users Session, Allocate Video Stream Channel
- Jvb:Jitsi Video Bridge, Video Stream Server, Monitor and Control Bandwidth
Jitsi-Prosody
Port | Description |
5222 | Prosody Clent Listening Port |
5280 | Prosody Server Listening Port |
5347 | Prosody Components |
Jitsi-Videobridge
Port | Description |
443 | Jitsi Video Bridge Harvester Port |
5347 | Prosody Components |
4443 | Jitsi Video Bridge Harvester Port |
10000-20000/UDP | Web RTC / ICE |
Jitsi-Jicofo
Port | Description |
5222 | Prosody Client Port |
5347 | Prosody Components |
Jitsi-Meet
Port | Description |
80 | Nginx Listening Port |
5280 | Prosody Server Listening Port |
Install process is like the following.
- Configure Nginx Reverse Proxy
- SSL Certification by Certbot
- Download Jitsi Meet on Docker and Create .env file and docker-compose file
- Confirmation of Jitsi Working
Jitsi Meet on Docker
https://github.com/jitsi/docker-jitsi-meet/tree/stable-4857
Jitsi Meet
https://meet.jit.si/
1.Configure Nginx Reverse Proxy
In advance, got the domain for Jitsi system. Prepare another machine for Nginx reverse proxy(in this case, it also works as a docker container, if you don't need to work it as a container, omit the docker command portions) in the same as the network of the machine installed Jitsi.
Create new nginx configuration file for Jitsi domain /etc/nginx/conf.d/jitsi-example.conf (the name is arbitrary)
server {
server_name www.jitsi-example.com;
server_tokens off;
# access_log /var/log/nginx/www.jitsi-example.com.access.log;
# error_log /var/log/nginx/www.jitsi-example.com.error.log error;
location / {
proxy_pass http://192.168.xx.xxx:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
2.SSL Certification by Certbot
Get the SSL Certification for Jitsi domain name by Certbot. Implement the following command on the machine installed nginx reverse proxy(nginx in the docker container)
$ docker exec -ti nginx bash
# certbot --nginx -d www.jitsi-example.com
Certbot renew the configuration file of nginx automatically as the following.
server {
server_name www.jitsi-example.com;
server_tokens off;
# access_log /var/log/nginx/www.jitsi-example.com.access.log;
# error_log /var/log/nginx/www.jitsi-example.com.error.log error;
location / {
proxy_pass http://192.168.xx.xxx:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.jitsi-example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.jitsi-example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.jitsi-example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.jitsi-example.com;
listen 80;
return 404; # managed by Certbot
}
The SSL certification of Let's Encrypt will be expired after 90 days, add the renewal script in the system cron job on the machine installed nginx reverse proxy.
#certbot in nginx docker
0 1 * * * docker exec nginx bash -c "certbot renew >> /var/log/letsencrypt/renew.log"
3.Download Jitsi Meet on Docker and Create .env file and docker-compose file
Clone or download the latest stable Jitsi branch into the arbitrary directory.
$ git clone -b stable-4857 --single-branch https://github.com/jitsi/docker-jitsi-meet.git
Move into docker-jitsi-meet directory and create .env file.
$ cd docker-jitsi-meet
$ cp env.example .env
Implement the password script for additing the passwords for security in .env file.
$ ./gen-passwords.sh
Modyfy .env file in accordance with your environment. For the SSL network connection is established by the reverse proxy, the following modifications related to SSL are important.
DISABLE_HTTPS=1
#ENABLE_HTTP_REDIRECT=1
Will be like the below(extract the portion).
#
# Basic configuration options
#
# Directory where all configuration will be stored
CONFIG=./.jitsi-meet-cfg
# Exposed HTTP port
HTTP_PORT=8000
# Exposed HTTPS port
#HTTPS_PORT=8443
# System time zone
TZ=JST
# Public URL for the web service
PUBLIC_URL=https://www.jitsi-example.com
# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the README
DOCKER_HOST_ADDRESS=192.168.x.xx
# Control whether the lobby feature should be enabled or not
ENABLE_LOBBY=1
#
# Let's Encrypt configuration
#
# Enable Let's Encrypt certificate generation
#ENABLE_LETSENCRYPT=0
# Domain for which to generate the certificate
#LETSENCRYPT_DOMAIN=meet.example.com
# E-Mail for receiving important account notifications (mandatory)
#[email protected]
#
# Authentication configuration (see handbook for details)
#
# Enable authentication
ENABLE_AUTH=1
# Enable guest access
ENABLE_GUESTS=1
# Select authentication type: internal, jwt or ldap
AUTH_TYPE=internal
#
# Advanced configuration options (you generally don't need to change these)
#
# Disable HTTPS: handle TLS connections outside of this setup
DISABLE_HTTPS=1
# Redirect HTTP traffic to HTTPS
# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
#ENABLE_HTTP_REDIRECT=1
# Container restart policy
# Defaults to unless-stopped
RESTART_POLICY=unless-stopped
For SSL connection by reverse proxy, comment out - '${HTTPS_PORT}:443' in docker-compose.yml.
version: '3'
services:
# Frontend
web:
image: jitsi/web:stable-4857
restart: ${RESTART_POLICY}
ports:
- '${HTTP_PORT}:80'
# - '${HTTPS_PORT}:443'
volumes:
- ${CONFIG}/web:/config:Z
- ${CONFIG}/web/letsencrypt:/etc/letsencrypt:Z
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
environment:
Create the directories for Jitsi system blocks.
mkdir -p .jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
note) If you modified the .env file, you have to delete the above configration directories to validate the changes, and recreate configration directories.
4.Confirmation of Jitsi Working
Start the each container in Jitsi by docker-compose command.
$ docker-compose up -d
Access to the address: https://www.jitsi-example.com and confirm to work.
Conference Start View
Host View(only one host, not activated camera)
Sub Menu( share YouTube, Record Conference)
Share Apprication View, Blowser Tab
Invite Other Member by Email, Chat Function
About SIP call and record the conference extensions, will be reported on next time.