Outils pour utilisateurs

Outils du site


jitsi-meet-sur-lxc

Installation de Jitsi-Meet sur LXC debian buster (10)

Liens

Installation du container sur le serveur hôte

lxc-create -t download -n jitsimeet -- -d debian -r buster -a amd64

Mise à jour du fichier de configuration LXC pour la partie réseau

vim /var/lib/lxc/jitsimeet/config
...
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.name = eth0
lxc.net.0.hwaddr = XX:XX:XX:XX:XX:XX
lxc.net.0.ipv4.address = x.y.z.t/32
lxc.net.0.ipv4.gateway = a.b.c.d
lxc.net.0.ipv6.address = 2001:41d0:.../64
lxc.net.0.ipv6.gateway = 2001:41d0:...

Démarrage et raccordement

lxc-start -n jitsimeet 
lxc-attach -n jitsimeet

Dans le container

Modification réseau, ajout des serveurs de noms

vim /etc/network/interfaces
auto eth0
iface eth0 inet manual
vim /etc/resolv.conf
nameserver 213.186.33.99
nameserver 8.8.8.8

Installation de jitsi-meet

dpkg-reconfigure locales
apt install sudo wget man bash-completion gpg less bind9-host inetutils-ping 
vim /etc/bash.bashrc # Décommenter les lignes concernant bash-completion
source /etc/bash.bashrc
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
apt update
apt -y install jitsi-meet
# Renseigner le domaine à créer
vim /etc/hosts
127.0.1.1	visio.example.com visio
hostname visio
hostname --fqdn

Installation des certificats letsencrypt

apt install python-certbot-nginx
nginx -s stop
certbot certonly -d visio.example.com
vim /etc/nginx/sites-enabled/visio.example.com.conf #Remplacer les certificats auto-signés par les certificats LE
    ssl_certificate_key /etc/letsencrypt/live/visio.example.com/privkey.pem;
    ssl_certificate /etc/letsencrypt/live/visio.example.com/fullchain.pem;
    
vim /etc/letsencrypt/renewal/visio.example.com.conf
nginx -s reload

Sécurisation de l'authentification

Activer l'authentification

vim /etc/prosody/conf.avail/visio.example.com.cfg.lua
VirtualHost "visio.example.com"
        -- enabled = false -- Remove this line to enable this host
        authentication = "internal_hashed"
        ...
VirtualHost "guest.visio.example.com"
        authentication = "anonymous"
        c2s_require_encryption = false
...       
vim /etc/jitsi/meet/visio.example.com-config.js
    anonymousdomain: 'guest.visio.example.com',
    ...
<code>

echo "org.jitsi.jicofo.auth.URL=XMPP:visio.example.com" >> /etc/jitsi/jicofo/sip-communicator.properties

Certificats pour Prosody

prosodyctl --root cert import /etc/letsencrypt/live
service prosody restart

Renouvellement des certificats Prosody

vim /etc/letsencrypt/renewal-hooks/post/00-prosody-auth.sh
#!/bin/bash
prosodyctl --root cert import /etc/letsencrypt/live
service prosody restart
chmod +x /etc/letsencrypt/renewal-hooks/post/00-prosody-auth.sh

Enregistrer un utilisateur (modérateur)

prosodyctl register user visio.example.com
service prosody restart
jitsi-meet-sur-lxc.txt · Dernière modification: 2020/04/10 14:12 par pielo