INSTALL.md

Jitsi Cluster Deployment

This guide contains step-by-step instructions to deploy LXC based Jitsi cluster on Debian 12 Bookworm.

• 1. JMS (Jitsi Meet Server)
  • 1.1 Prerequisites
    • 1.1.1 Supported distribution
    • 1.1.2 Server specifications
    • 1.1.3 DNS records
    • 1.1.4 Public Ports
  • 1.2 Installation
    • 1.2.1 Login to the server
    • 1.2.2 Installer script
    • 1.2.3 Installer config
    • 1.2.4 Running the installer
    • 1.2.5 Let's Encrypt certificate
• 2. Additional JVB (Jitsi Video Bridge)
  • 2.1 Prerequisites
    • 2.1.1 Supported distribution
    • 2.1.2 Server specifications
    • 2.1.3 Public Ports
    • 2.1.4 SSH server
    • 2.1.5 JMS public key
  • 2.2 Installation
• 3. Additional Jibri
  • 3.1 Prerequisites
    • 3.1.1 Supported distribution
    • 3.1.2 Server specifications
    • 3.1.3 Public Ports
    • 3.1.4 SSH server
    • 3.1.5 JMS public key
  • 3.2 Installation
• 4. Additional SIP-Jibri
  • 4.1 Prerequisites
    • 4.1.1 Supported distribution
    • 4.1.2 Server specifications
    • 4.1.3 Public Ports
    • 4.1.4 SSH server
    • 4.1.5 JMS public key
  • 4.2 Configuration
  • 4.3 Installation
  • 4.4 Updating the PJSUA configuration
  • 4.5 Dial-plan
• 5. Additional SIP-Jibri (without LXC)
  • 5.1 Prerequisites
    • 5.1.1 Supported distribution
    • 5.1.2 Server specifications
    • 5.1.3 Public Ports
    • 5.1.4 SSH server
    • 5.1.5 JMS public key
  • 5.2 Installation
  • 5.3 Warnings
• 6. Sponsors

1. JMS (Jitsi Meet Server)

The JMS server contains:

• Jitsi-Meet
  Jitsi web interface published through Nginx

• Prosody
  XMPP server

• Jicofo
  Jitsi Conference Focus service

• Coturn
  TURN server

• JVB
  Jitsi Video Bridge service
  
  This internal JVB may be disabled on JMS if there are additional JVBs. This is the recommended way for the production environment.

1.1 Prerequisites

1.1.1 Supported distribution

Debian 12 Bookworm

1.1.2 Server specifications

• At least 2 CPU cores
• At least 8 GB RAM
• At least 8 GB disk

1.1.3 DNS records

• DNS A record for JMS which points to this server
  e.g. jitsi.nordeck.corp

• DNS CNAME record for TURN as an alias for JMS
  e.g. turn.nordeck.corp

Both FQDNs must be resolvable. Test them using the following commands:

host jitsi.nordeck.corp
host turn.nordeck.corp

1.1.4 Public Ports

• TCP/443

• TCP/80
  If Lets Encrypt is used

• TCP/5222
  If there are additional JVB, Jibri or SIP-Jibri nodes which access JMS through the public IP

• UDP/10000
  If the internal JVB on JMS will be kept enabled. It is enabled by default.

1.2 Installation

1.2.1 Login to the server

Login to the server as root user

1.2.2 Installer script

Download ni, the Nordeck Installer script

cd /root
wget -O ni https://raw.githubusercontent.com/nordeck/bookworm-lxc-base/main/installer/ni

1.2.3 Installer config

Download nordeck-jitsi.conf into /root/ folder:

cd /root
wget -O nordeck-jitsi.conf https://raw.githubusercontent.com/nordeck/bookworm-lxc-jitsi/main/installer/nordeck-jitsi.conf

And customize it if needed. For example add your FQDNs into it:

echo export JITSI_FQDN=jitsi.nordeck.corp >>nordeck-jitsi.conf
echo export TURN_FQDN=turn.nordeck.corp >>nordeck-jitsi.conf

1.2.4 Running the installer

Run the installer

cd /root
bash ni nordeck-jitsi

1.2.5 Let's Encrypt certificate

Let's say the host address of JMS is jitsi.nordeck.corp and the host address of TURN is turn.nordeck.corp. To set the Let's Encrypt certificate:

set-letsencrypt-cert jitsi.nordeck.corp,turn.nordeck.corp

Be careful, no space between host addresses.

2. Additional JVB (Jitsi Video Bridge)

2.1 Prerequisites

2.1.1 Supported distribution

Debian 12 Bookworm

2.1.2 Server specifications

• At least 2 CPU cores
• At least 4 GB RAM
• At least 8 GB disk

2.1.3 Public Ports

• UDP/10000

• TCP/9090
  The signaling port... This port must be accessible for JMS

• TCP/22
SSH port... This port must be accessible for JMS

2.1.4 SSH server

Install openssh-server if not already exists:

apt-get install openssh-server

2.1.5 JMS public key

The SSH public key of JMS must be in /root/.ssh/authorized_keys on JVB.

Set JITSI_HOST according to your Jitsi FQDN.

mkdir -p /root/.ssh
chmod 700 /root/.ssh

JITSI_HOST=jitsi.nordeck.corp

# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub

wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys

2.2 Installation

Login as root to JMS and run add-jvb-node command using IP address of JVB:

add-jvb-node <JVB-IP-ADDRESS>

3. Additional Jibri

3.1 Prerequisites

3.1.1 Supported distribution

Debian 12 Bookworm

3.1.2 Server specifications

• At least 4 CPU cores for each Jibri instance.
• At least 4 GB RAM for each Jibri instance.
• At least 8 GB disk.
• More disk space if recorded files will be stored on this server.
• Maximum 16 Jibri instances supported on a single server.

3.1.3 Public Ports

• TCP/22
SSH port... This port must be accessible for JMS

3.1.4 SSH server

Install openssh-server if not already exists:

apt-get install openssh-server

3.1.5 JMS public key

The SSH public key of JMS must be in /root/.ssh/authorized_keys on Jibri.

Set JITSI_HOST according to your Jitsi FQDN.

mkdir -p /root/.ssh
chmod 700 /root/.ssh

JITSI_HOST=jitsi.nordeck.corp

# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub

wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys

3.2 Installation

Login as root to JMS and run add-jibri-node command using IP address of Jibri:

add-jibri-node <JIBRI-IP-ADDRESS>

4. Additional SIP-Jibri

4.1 Prerequisites

4.1.1 Supported distribution

Debian 12 Bookworm

4.1.2 Server specifications

• At least 8 CPU cores for each SIP-Jibri instance.
• At least 8 GB RAM for each SIP-Jibri instance.
• At least 8 GB disk.
• Maximum 4 SIP-Jibri instances supported on a single server.

4.1.3 Public Ports

• TCP/22
SSH port... This port must be accessible for JMS

4.1.4 SSH server

Install openssh-server if not already exists:

apt-get install openssh-server

4.1.5 JMS public key

The SSH public key of JMS must be in /root/.ssh/authorized_keys on SIP-Jibri.

Set JITSI_HOST according to your Jitsi FQDN.

mkdir -p /root/.ssh
chmod 700 /root/.ssh

JITSI_HOST=jitsi.nordeck.corp

# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub

wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys

4.2 Configuration

Before adding the SIP-Jibri node, update pjsua.config template on JMS according to your environment. add-sip-node command uses it to configure the nodes.

The template file is in the nordeck-jitsi container.

• Path in container:
  /root/meta/pjsua.config

• Path on host:
  /var/lib/lxc/nordeck-jitsi/rootfs/root/meta/pjsua.config

Add SIP account info into it using the following format:

--id "jitsi <sip:SIP_USER@SIP_SERVER_ADDRESS>"
--registrar "sip:SIP_SERVER_ADDRESS"
--realm "*"
--username "SIP_USER"
--password "SIP_PASSWORD"

4.3 Installation

Login as root to JMS and run add-sip-node command using IP address of SIP-Jibri:

add-sip-node <SIP-IP-ADDRESS>

4.4 Updating the PJSUA configuration

First, update the template files to change the PJSUA configuration. The template files are in the nordeck-jitsi container.

• Paths in container:

  • /root/meta/pjsua.config
  • /root/meta/env.sidecar.sip

• Paths on host:

  • /var/lib/lxc/nordeck-jitsi/rootfs/root/meta/pjsua.config
  • /var/lib/lxc/nordeck-jitsi/rootfs/root/meta/env.sidecar.sip

Then run update-sip-config command using IP address of SIP-Jibri:

update-sip-config <SIP-IP-ADDRESS>

Be careful, if there is an active SIP session while running this command, it will be canceled.

4.5 Dial-plan

Update /var/lib/lxc/nordeck-dialplan/rootfs/home/dialplan/app/dial-plan.json to set available SIP peers for Jitsi UI. This list is only accessible for moderator users.

5. Additional SIP-Jibri (without LXC)

5.1 Prerequisites

5.1.1 Supported distribution

Debian 12 Bookworm

5.1.2 Server specifications

• At least 8 CPU cores
• At least 8 GB RAM
• At least 8 GB disk.

5.1.3 Public Ports

• TCP/5060 and UDP/5060
SIP ports... These ports must be open if there will be direct incoming SIP call (a call from a remote SIP device without using a SIP server in the middle)

• TCP/22
SSH port... This port must be accessible for JMS

5.1.4 SSH server

Install openssh-server if not already exists:

apt-get install openssh-server

5.1.5 JMS public key

The SSH public key of JMS must be in /root/.ssh/authorized_keys on SIP-Jibri.

Set JITSI_HOST according to your Jitsi FQDN.

mkdir -p /root/.ssh
chmod 700 /root/.ssh

JITSI_HOST=jitsi.nordeck.corp

# if there is a self-signed certificate, run it with --no-check-certificate
# wget --no-check-certificate -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub

wget -O /tmp/jms.pub https://$JITSI_HOST/static/jms.pub
cat /tmp/jms.pub >>/root/.ssh/authorized_keys

5.2 Installation

Login as root to JMS and run add-sip-vm command using IP address of SIP-Jibri:

add-sip-vm <SIP-IP-ADDRESS>

5.3 Warnings

Some ports are publicly open by default in VM setup. Don't forget to limit their accessibility by using a firewall if the network interface is publicly accessible for this VM.

Publicly open ports:

• TCP/2222, Jibri's external API
• TCP/3333, Jibri's internal API
• TCP/8017, component-sidecar

6. Sponsors