====== Installation de Jitsi-Meet sur LXC debian buster (10) ======
==== Liens ====
* https://jitsi-club.gitlab.io/jitsi-self-hosting/en/01-deployment-howto/00-installation/
* https://jitsi-club.gitlab.io/jitsi-self-hosting/en/01-deployment-howto/01-authentication/
* https://lemonldap-ng.org/documentation/latest/applications/jitsimeet
===== Installation du container sur le serveur hôte =====
lxc-create -t download -n jitsimeet -- -d debian -r buster -a amd64
Mise à jour du fichier de configuration LXC pour la partie réseau
vim /var/lib/lxc/jitsimeet/config
...
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.name = eth0
lxc.net.0.hwaddr = XX:XX:XX:XX:XX:XX
lxc.net.0.ipv4.address = x.y.z.t/32
lxc.net.0.ipv4.gateway = a.b.c.d
lxc.net.0.ipv6.address = 2001:41d0:.../64
lxc.net.0.ipv6.gateway = 2001:41d0:...
Démarrage et raccordement
lxc-start -n jitsimeet
lxc-attach -n jitsimeet
===== Dans le container =====
Modification réseau, ajout des serveurs de noms
vim /etc/network/interfaces
auto eth0
iface eth0 inet manual
vim /etc/resolv.conf
nameserver 213.186.33.99
nameserver 8.8.8.8
===== Installation de jitsi-meet =====
dpkg-reconfigure locales
apt install sudo wget man bash-completion gpg less bind9-host inetutils-ping
vim /etc/bash.bashrc # Décommenter les lignes concernant bash-completion
source /etc/bash.bashrc
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
apt update
apt -y install jitsi-meet
# Renseigner le domaine à créer
vim /etc/hosts
127.0.1.1 visio.example.com visio
hostname visio
hostname --fqdn
Installation des certificats letsencrypt
apt install python-certbot-nginx
nginx -s stop
certbot certonly -d visio.example.com
vim /etc/nginx/sites-enabled/visio.example.com.conf #Remplacer les certificats auto-signés par les certificats LE
ssl_certificate_key /etc/letsencrypt/live/visio.example.com/privkey.pem;
ssl_certificate /etc/letsencrypt/live/visio.example.com/fullchain.pem;
vim /etc/letsencrypt/renewal/visio.example.com.conf
nginx -s reload
===== Sécurisation de l'authentification =====
Activer l'authentification
vim /etc/prosody/conf.avail/visio.example.com.cfg.lua
VirtualHost "visio.example.com"
-- enabled = false -- Remove this line to enable this host
authentication = "internal_hashed"
...
VirtualHost "guest.visio.example.com"
authentication = "anonymous"
c2s_require_encryption = false
...
vim /etc/jitsi/meet/visio.example.com-config.js
anonymousdomain: 'guest.visio.example.com',
...
echo "org.jitsi.jicofo.auth.URL=XMPP:visio.example.com" >> /etc/jitsi/jicofo/sip-communicator.properties
Certificats pour Prosody
prosodyctl --root cert import /etc/letsencrypt/live
service prosody restart
Renouvellement des certificats Prosody
vim /etc/letsencrypt/renewal-hooks/post/00-prosody-auth.sh
#!/bin/bash
prosodyctl --root cert import /etc/letsencrypt/live
service prosody restart
chmod +x /etc/letsencrypt/renewal-hooks/post/00-prosody-auth.sh
Enregistrer un utilisateur (modérateur)
prosodyctl register user visio.example.com
service prosody restart