====== Installation de Jitsi-Meet sur LXC debian buster (10) ======

==== Liens ====

  * https://jitsi-club.gitlab.io/jitsi-self-hosting/en/01-deployment-howto/00-installation/
  * https://jitsi-club.gitlab.io/jitsi-self-hosting/en/01-deployment-howto/01-authentication/
  * https://lemonldap-ng.org/documentation/latest/applications/jitsimeet

===== Installation du container sur le serveur hôte =====


<code bash>
lxc-create -t download -n jitsimeet -- -d debian -r buster -a amd64
</code>

Mise à jour du fichier de configuration LXC pour la partie réseau
<code>
vim /var/lib/lxc/jitsimeet/config
...
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.name = eth0
lxc.net.0.hwaddr = XX:XX:XX:XX:XX:XX
lxc.net.0.ipv4.address = x.y.z.t/32
lxc.net.0.ipv4.gateway = a.b.c.d
lxc.net.0.ipv6.address = 2001:41d0:.../64
lxc.net.0.ipv6.gateway = 2001:41d0:...
</code>

Démarrage et raccordement
<code>
lxc-start -n jitsimeet 
lxc-attach -n jitsimeet
</code>

===== Dans le container =====

Modification réseau, ajout des serveurs de noms
<code>
vim /etc/network/interfaces
auto eth0
iface eth0 inet manual
</code>

<code>
vim /etc/resolv.conf
nameserver 213.186.33.99
nameserver 8.8.8.8
</code>

===== Installation de jitsi-meet =====

<code>
dpkg-reconfigure locales
apt install sudo wget man bash-completion gpg less bind9-host inetutils-ping 
vim /etc/bash.bashrc # Décommenter les lignes concernant bash-completion
source /etc/bash.bashrc
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
apt update
apt -y install jitsi-meet
# Renseigner le domaine à créer
</code>

<code>
vim /etc/hosts
127.0.1.1	visio.example.com visio
</code>

<code>
hostname visio
hostname --fqdn
</code>

Installation des certificats letsencrypt
<code>
apt install python-certbot-nginx
nginx -s stop
certbot certonly -d visio.example.com
vim /etc/nginx/sites-enabled/visio.example.com.conf #Remplacer les certificats auto-signés par les certificats LE
    ssl_certificate_key /etc/letsencrypt/live/visio.example.com/privkey.pem;
    ssl_certificate /etc/letsencrypt/live/visio.example.com/fullchain.pem;
    
vim /etc/letsencrypt/renewal/visio.example.com.conf
nginx -s reload
</code>

===== Sécurisation de l'authentification =====

Activer l'authentification
<code>
vim /etc/prosody/conf.avail/visio.example.com.cfg.lua
VirtualHost "visio.example.com"
        -- enabled = false -- Remove this line to enable this host
        authentication = "internal_hashed"
        ...
VirtualHost "guest.visio.example.com"
        authentication = "anonymous"
        c2s_require_encryption = false
...       
</code>

<code>
vim /etc/jitsi/meet/visio.example.com-config.js
    anonymousdomain: 'guest.visio.example.com',
    ...
<code>

echo "org.jitsi.jicofo.auth.URL=XMPP:visio.example.com" >> /etc/jitsi/jicofo/sip-communicator.properties
</code>

Certificats pour Prosody

<code>
prosodyctl --root cert import /etc/letsencrypt/live
service prosody restart
</code>

Renouvellement des certificats Prosody
<code>
vim /etc/letsencrypt/renewal-hooks/post/00-prosody-auth.sh
#!/bin/bash
prosodyctl --root cert import /etc/letsencrypt/live
service prosody restart
chmod +x /etc/letsencrypt/renewal-hooks/post/00-prosody-auth.sh
</code>

Enregistrer un utilisateur (modérateur)
<code>
prosodyctl register user visio.example.com
service prosody restart
</code>