VC Configuration

--- tags: sysadmin, videoconference, config, server, hetzner title: VC Configuration --- # VC (Video-Conf) Configuration This descibes the configuration for the Les Grands Voisins video-chat server. https://vc.lesgrandsvoisins.fr This server is on the [Hetzner machine](https://hackmd.io/@lesgrandsvoisins/SJr65R-tI). ## Configuration Files ``` /etc/nginx/sites-available/vc.lesgrandsvoisins.fr.conf /etc/prosody/conf.avail/vc.lesgrandsvoisins.fr.cfg.lua /etc/jitsi/jicofo/config /etc/jitsi/meet/vc.lesgrandsvoisins.fr-config.js /etc/jitsi/videobridge/config /etc/jitsi/videobridge/sip-communicator.properties /etc/jitsi/jicofo/sip-communicator.properties ``` ## Log Files ``` /var/log/prosody/prosody.err /var/log/prosody/prosody.log /var/log/jitsi/jvb.log /var/log/jitsi/jicofo.log /var/log/nginx/access.log /var/log/nginx/error.log ``` ## Restart Command `systemctl restart nginx jitsi-videobridge2 prosody; systemctl status nginx jitsi-videobridge2 prosody` ## NGINX Configuration /etc/nginx/sites-available/vc.lesgrandsvoisins.fr.conf Lets Encrypt. Root at /usr/share/jitsi-meet Config /config.js at /etc/jitsi/meet/vc.lesgrandsvoisins.fr-config.js; Some kind of external API at /external_api.js at /usr/share/jitsi-meet/libs/external_api.min.js; ### BOSH Configuration in NGINX /http-bind Proxy forwarding to /http-bind on port 5280 * There is also a bit about subdomains. ### Websockets COnfiguration on NIGINX /xmpp-websocket forward to /xmpp-websocket on port 5280 There is also a bit about subdomains. ## PROSODY Configuration /etc/prosody/conf.avail/vc.lesgrandsvoisins.fr.cfg.lua `prosodyctl adduser focus@auth.vchat.mann.fr` root@debian-2gb-fsn1-1:/etc# prosodyctl adduser jvb@auth.vchat.mann.fr ## JITSI Configuration ### JITSI JICOFO #### /etc/jitsi/jicofo/config There is a turncredentials_secret for Prosody. It uses a BOSH plugin. The virtualhost is **vc.lesgrandsvoisins.fr**. There seems to be some discussion about this, especially if we wish to have one Prosody instance for multiple domain names. **conference.vc.lesgrandsvoisins.fr** An "muc" component for Multiple-Users Conference, probably a java service stored in memory. #user `focus@auth.vc.lesgrandsvoisins.fr` ???. It seems to have **speakerstats.vc.lesgrandsvoisins.fr** and **conferenceduration.vc.lesgrandsvoisins.fr** sub components. **internal.auth.vc.lesgrandsvoisins.fr** Users are `focus@auth.vc.lesgrandsvoisins.fr` and `jvb@auth.vc.lesgrandsvoisins.fr` ??? #user There are components with secrets for **focus.vc.lesgrandsvoisins.fr** and **auth.vc.lesgrandsvoisins.fr**. The latter uses internal_plain. The ping is on, it's on the streets! #### /etc/jitsi/jicofo/sip-communicator.properties This specifies that the JICOFO hostname is vc.lesgrandsvoisins.fr and theere is a JICOFO_SECRET (that corresponds to ???) ### JITSI MEET /etc/jitsi/meet/vc.lesgrandsvoisins.fr-config.js This specifies that the XMPP domain is vc.lesgrandsvoisins.fr. There is a static BOSH URL to vc.lesgrandsvoisins.fr ### JITSI VIDEOBRIDGE /etc/jitsi/videobridge/config The videobridge usese vc.lesgrandsvoisins.fr on port 5347 (default was 5275 apparently). There also is a JVB Secret. This uses auth.vc.lesgrandsvoisins.fr on localhost /etc/jitsi/videobridge/sip-communicator.properties This uses internal.auth.vc.lesgrandsvoins.fr. ## Copied Diagram from GitHub This is how the network looks: ``` + + | | | | v | 443 | +-------+ | | | | | Nginx | | | | | +--+-+--+ | | | | +------------+ | | +--------------+ | | | | | | | | | jitsi-meet +<---+ +--->+ prosody/xmpp | | | |files 5280 | | | +------------+ +--------------+ v 5222,5347^ ^5347 4443,10000 +--------+ | | +-------------+ | | | | | | | jicofo +----^ ^----+ videobridge | | | | | +--------+ +-------------+ ``` ## Notes See: https://cmapscloud.ihmc.us:443/rid=1VPF3Z5B3-1BZZ18-PC ![](https://i.imgur.com/0613q82.jpg) Upgraded server to 2 cores because of NGINX race condition. https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864 Trying this for multiple domaines: https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391 Adding * vc.lesgrandsvoisins.fr * vc.lesgrandsvoisins.com * vc.mann.fr Jitsi installation instructions: https://mangolassi.it/topic/18402/install-jitsi-meet-on-debian-9-minimal Jitsi Uses port 5347 Jitsi user prosody What does the user jicofo do? /etc/apt/sources.list: Stadard, no additions This looks like a better option: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md There is a strange thing on the computer. In /etc/hosts, the loopback seems also to be 127.0.1.1 ??? 127.0.1.1 debian-2gb-fsn1-1 debian-2gb-fsn1-1 127.0.0.1 localhost Appended to the line localhost in /etc/hosts 127.0.0.1 localhost vc.lgv.lol vc.lesgrandsvoisins.fr vc.mann.fr vc.lesgrandsvoisins.com lgv.lol This gives a full amd complete installation: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md and is actually necessary to understand what is happening. Using https://github.com/jitsi/jitsi-meet/raw/master/doc/example-config-files/prosody.cfg.lua.example It looks like Prosody can use a different virtualhost for a same instance. That is the route I will take. ```bash prosodyctl cert generate vc.lesgrandsvoisins.fr prosodyctl cert generate auth.vc.lesgrandsvoisins.fr systemctl restart prosody ``` Adding the certificates: ```bash ln -sf /var/lib/prosody/auth.vc.lesgrandsvoisins.fr.crt /usr/local/share/ca-certificates/auth.vc.lesgrandsvoisins.fr.crt update-ca-certificates -f ``` Actually, I don't think the certificcates in /etc/jitsi/meet actually do anything. Adding config in Jitsi Meet ``` cp /etc/jitsi/meet/vc.lgv.lol-config.js /etc/jitsi/meet/vc.lesgrandsvoisins.fr-config.js root@debian-2gb-fsn1-1:/etc/jitsi/meet# openssl genrsa -des3 -out vc.lesgrandsvoisins.fr.key 2048 openssl rsa -in vc.lesgrandsvoisins.fr.key -out vc.lesgrandsvoisins.fr.key openssl req -new -key vc.lesgrandsvoisins.fr.key -out vc.lesgrandsvoisins.fr.csr openssl x509 -req -days 365 -in vc.lesgrandsvoisins.fr.csr -signkey vc.lesgrandsvoisins.fr.key -out vc.lesgrandsvoisins.fr.crt ``` Followed instructions from here for SSL Certificate generation: https://www.akadia.com/services/ssh_test_certificate.html http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions prosodyctl register focus auth.vc.lesgrandsvoisins.fr ******** ## Passwords The passwords defined in vc.lesgrandsvoisins.fr.cfg.lua are used in jicofo/config and videobridge/sip-communicator.properties. vc.lesgrandsvoisins.fr.conf uses vc.lesgrandsvoisins.fr-config.js. vc.lesgrandsvoisins.fr.cfg.lua has two passwords. Setting up certs in /etc/prosody/certs: ``` cd /etc/prosody/certs openssl genrsa -des3 -passout pass:x -out autho.vc.lesgrandsvoisins.fr.key 2048 openssl rsa -passin pass:nada -in autho.vc.lesgrandsvoisins.fr.key -out auth.vc.lesgrandsvoisins.fr.key rm autho.vc.lesgrandsvoisins.fr.key openssl req -new -key auth.vc.lesgrandsvoisins.fr.key -out auth.vc.lesgrandsvoisins.fr.csr openssl x509 -req -sha256 -days 365 -in auth.vc.lesgrandsvoisins.fr.csr -signkey auth.vc.lesgrandsvoisins.fr.key -out auth.vc.lesgrandsvoisins.fr.crt ``` ## Prosody Users DEPRECIATED :! prosodyctl register jvb auth.vc.lesgrandsvoisins.fr F8GH7qDw ## Certificates DONT DO THIS !!!!!! /var/lib/prosody are link to /etc/prosody/certs/ prosodyctl cert generate auth.vc.lesgrandsvoisins.fr ## System services ``` systemctl restart jitsi-videobridge2 prosody nginx systemctl status jitsi-videobridge2 prosody nginx ``` ## Open Ports to the Outside Jitsi requires TCP/443, TCP/4443, UDP/10000 accessible (optionally 80 redirects to 443, 5222 is required internally) https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md#network-description ## Personalizing the UI https://community.jitsi.org/t/customize-welcome-page/24341/2 https://github.com/jitsi/jitsi-meet/tree/master/react/features/welcome/components The key, I think, is that it uses REACT components ```bash # as root aptitude install git cd /etc/jitsi/jitsi-meet ```