jitsi
About
PLEASE USE CHROME TO SAVE SOME NERVES.
Turnserver Firewalling
For the Firewalling please refer to
matrix#Turnserver Firewalling
Installation
Add jitsi repository
1 apt install apt-transport-https
2 curl 'https://download.jitsi.org/jitsi-key.gpg.key' \
3 |sudo sh -c 'gpg --dearmor \
4 > /usr/share/keyrings/jitsi-keyring.gpg'
5 ### ADD STABLE, TESTING OR UNSTABLE REPO
6 cat <<EOF \
7 |sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
8 deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/
9 #deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org testing/
10 #deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org unstable/
11 EOF
12 #echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' \
13 # |sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
14 apt update
15 ### SKIP INSTALLATION OF THE JITSI ARCHIVE KEYRING ITS OUTDATED
16 ### REPLACE GPG KEYRING
17 apt install -y jitsi-archive-keyring
18 rm /usr/share/keyrings/jitsi-keyring.gpg
19 apt update
Just install the full suite.
Prosodiy acts as the XMPP-Server, that connects the external services
- jicofo (Jitsi Conference Focus)
- jitsi-videobridge2
OpenJDK11 works fine on Debian Buster.
Debconf holds some info
Test your browser
Configure
unattended-upgrades
Make sure to run a up-to-date and secure system!
/etc/apt/apt.conf.d/51unattended-upgrades
1 Unattended-Upgrade::Origins-Pattern:: "o=jitsi.org,l=Jitsi Debian packages repository,a=stable,n=stable";
2 Unattended-Upgrade::Origins-Pattern:: "o=Google LLC,l=Google,a=stable,n=stable";
3 Unattended-Upgrade::Origins-Pattern {
4 "o=Debian,a=stable";
5 "o=Debian,a=stable-updates";
6 "o=Debian,a=testing";
7 "o=Debian,a=testing-updates";
8 "o=Debian,n=sid";
9 "o=Debian,n=${distro_codename},l=Debian";
10 "o=Debian,n=${distro_codename}-updates,l=Debian";
11 "o=Debian,n=bullseye";
12 "o=Debian,n=bullseye-updates";
13 "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
14 "o=Debian Backports,a=buster-backports,l=Debian Backports";
15 "o=Debian Backports,a=bullseye-backports,l=Debian Backports";
16 "o=Debian Backports,a=bookworm-backports,l=Debian Backports";
17 }
The bits that have to match
- Shared Secret between XMPP-Server and Turnserver
/etc/turnserver.conf:static-auth-secret=__STATIC_AUTH_SECRET
/etc/prosody/conf.d/jitsi.rockstable.it.cfg.lua:turncredentials_secret = "__STATIC_AUTH_SECRET";
Credentials for focus@auth.jitsi.rockstable.it
/etc/jitsi/jicofo/config:JICOFO_AUTH_PASSWORD=__JICOFO_AUTH_PASSWORD
- Account in Prosody backend
Credentials for jvb@auth.jitsi.rockstable.it
/etc/jitsi/videobridge/config:JVB_SECRET=__JVB_SECRET
- Account in Prosody backend
Set prosody passwords
If necessary.
When a jid (uid/hostname) has changed, it might be necessary to create the account and adjust the passwords.
nginx
There is a example config at
/usr/share/jitsi-meet-web-config/jitsi-meet.example
/etc/nginx/sites-available/jitsi.rockstable.it.conf
1 server_names_hash_bucket_size 64;
2
3 server {
4 listen 80;
5 listen [::]:80;
6 server_name jitsi.rockstable.it;
7
8 location ^~ /.well-known/acme-challenge/ {
9 default_type "text/plain";
10 root /usr/share/jitsi-meet;
11 }
12 location = /.well-known/acme-challenge/ {
13 return 404;
14 }
15 location / {
16 return 301 https://$host$request_uri;
17 }
18 }
19 server {
20 listen 443 ssl http2;
21 listen [::]:443 ssl http2;
22 server_name jitsi.rockstable.it;
23
24 # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
25 ssl_protocols TLSv1.2 TLSv1.3;
26 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
27 ssl_prefer_server_ciphers off;
28
29 ssl_session_timeout 1d;
30 ssl_session_cache shared:SSL:10m; # about 40000 sessions
31 ssl_session_tickets off;
32
33 add_header Strict-Transport-Security "max-age=63072000" always;
34
35 ssl_certificate /etc/letsencrypt/live/coturn.rockstable.it/fullchain.pem;
36 ssl_certificate_key /etc/letsencrypt/live/coturn.rockstable.it/privkey.pem;
37
38 root /usr/share/jitsi-meet;
39
40 # ssi on with javascript for multidomain variables in config.js
41 ssi on;
42 ssi_types application/x-javascript application/javascript;
43
44 index index.html index.htm;
45 error_page 404 /static/404.html;
46
47 gzip on;
48 gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
49 gzip_vary on;
50 gzip_proxied no-cache no-store private expired auth;
51 gzip_min_length 512;
52
53 location = /config.js {
54 alias /etc/jitsi/meet/jitsi.rockstable.it-config.js;
55 }
56
57 location = /interface_config.js {
58 alias /etc/jitsi/meet/jitsi.rockstable.it-interface_config.js;
59 }
60
61
62 location = /external_api.js {
63 alias /usr/share/jitsi-meet/libs/external_api.min.js;
64 }
65
66 #ensure all static content can always be found first
67 location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
68 {
69 add_header 'Access-Control-Allow-Origin' '*';
70 alias /usr/share/jitsi-meet/$1/$2;
71
72 # cache all versioned files
73 if ($arg_v) {
74 expires 1y;
75 }
76 }
77
78 # BOSH
79 location = /http-bind {
80 proxy_pass http://localhost:5280/http-bind;
81 proxy_set_header X-Forwarded-For $remote_addr;
82 proxy_set_header Host $http_host;
83 }
84
85 # xmpp websockets
86 location = /xmpp-websocket {
87 proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
88 proxy_http_version 1.1;
89 proxy_set_header Upgrade $http_upgrade;
90 proxy_set_header Connection "upgrade";
91 proxy_set_header Host $http_host;
92 tcp_nodelay on;
93 }
94
95 # colibri (JVB) websockets for jvb1
96 location ~ ^/colibri-ws/default-id/(.*) {
97 proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
98 proxy_http_version 1.1;
99 proxy_set_header Upgrade $http_upgrade;
100 proxy_set_header Connection "upgrade";
101 tcp_nodelay on;
102 }
103
104 location ~ ^/([^/?&:'"]+)$ {
105 try_files $uri @root_path;
106 }
107
108 location @root_path {
109 rewrite ^/(.*)$ / break;
110 }
111
112 location ~ ^/([^/?&:'"]+)/config.js$
113 {
114 set $subdomain "$1.";
115 set $subdir "$1/";
116
117 alias /etc/jitsi/meet/jitsi.rockstable.it-config.js;
118 }
119
120 #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
121 location ~ ^/([^/?&:'"]+)/(.*)$ {
122 set $subdomain "$1.";
123 set $subdir "$1/";
124 rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
125 }
126
127 # BOSH for subdomains
128 location ~ ^/([^/?&:'"]+)/http-bind {
129 set $subdomain "$1.";
130 set $subdir "$1/";
131 set $prefix "$1";
132
133 rewrite ^/(.*)$ /http-bind;
134 }
135
136 # websockets for subdomains
137 location ~ ^/([^/?&:'"]+)/xmpp-websocket {
138 set $subdomain "$1.";
139 set $subdir "$1/";
140 set $prefix "$1";
141
142 rewrite ^/(.*)$ /xmpp-websocket;
143 }
144 }
Optimizations:
add a http2 to the listen directives.
add a location for /interface_config.js
Enable the config
Jitsi Meet config.js
Jitsi-Meet example config.js
Default config provided by package jitsi-meet-web-config
/usr/share/jitsi-meet-web-config/config.js
Don't touch anonymousdomain or you won't get a picture.
/etc/jitsi/meet/jitsi.rockstable.it-config.js
1 /* eslint-disable no-unused-vars, no-var */
2
3 var config = {
4 // Connection
5 //
6
7 hosts: {
8 // XMPP domain.
9 domain: 'jitsi.rockstable.it',
10
11 // When using authentication, domain for guest users.
12 //anonymousdomain: 'guest.rockstable.it',
13
14 // Domain for authenticated users. Defaults to <domain>.
15 // authdomain: 'jitsi.rockstable.it',
16
17 // Call control component (Jigasi).
18 // call_control: 'callcontrol.jitsi.rockstable.it',
19
20 // Focus component domain. Defaults to focus.<domain>.
21 // focus: 'focus.jitsi.rockstable.it',
22
23 // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
24 muc: 'conference.<!--# echo var="subdomain" default="" -->jitsi.rockstable.it'
25 },
26
27 // BOSH URL. FIXME: use XEP-0156 to discover it.
28 bosh: '//jitsi.rockstable.it/http-bind',
29
30 // Websocket URL
31 //websocket: 'wss://jitsi.rockstable.it/xmpp-websocket',
32
33 // The name of client node advertised in XEP-0115 'c' stanza
34 //clientNode: 'http://jitsi.org/jitsimeet',
35 clientNode: 'http://jitsi.rockstable.it/',
36
37 // The real JID of focus participant - can be overridden here
38 // Do not change username - FIXME: Make focus username configurable
39 // https://github.com/jitsi/jitsi-meet/issues/7376
40 // focusUserJid: 'focus@auth.jitsi.rockstable.it',
41
42
43 // Testing / experimental features.
44 //
45
46 testing: {
47 // Disables the End to End Encryption feature. Useful for debugging
48 // issues related to insertable streams.
49 // disableE2EE: false,
50
51 // P2P test mode disables automatic switching to P2P when there are 2
52 // participants in the conference.
53 p2pTestMode: false
54
55 // Enables the test specific features consumed by jitsi-meet-torture
56 // testMode: false
57
58 // Disables the auto-play behavior of *all* newly created video element.
59 // This is useful when the client runs on a host with limited resources.
60 // noAutoPlayVideo: false
61
62 // Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
63 // simulcast is turned off for the desktop share. If presenter is turned
64 // on while screensharing is in progress, the max bitrate is automatically
65 // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
66 // the probability for this to be enabled.
67 // capScreenshareBitrate: 1 // 0 to disable
68
69 // Enable callstats only for a percentage of users.
70 // This takes a value between 0 and 100 which determines the probability for
71 // the callstats to be enabled.
72 // callStatsThreshold: 5 // enable callstats for 5% of the users.
73 },
74
75 // Disables ICE/UDP by filtering out local and remote UDP candidates in
76 // signalling.
77 // webrtcIceUdpDisable: false,
78
79 // Disables ICE/TCP by filtering out local and remote TCP candidates in
80 // signalling.
81 // webrtcIceTcpDisable: false,
82
83
84 // Media
85 //
86
87 // Audio
88
89 // Disable measuring of audio levels.
90 // disableAudioLevels: false,
91 // audioLevelsInterval: 200,
92
93 // Enabling this will run the lib-jitsi-meet no audio detection module which
94 // will notify the user if the current selected microphone has no audio
95 // input and will suggest another valid device if one is present.
96 enableNoAudioDetection: true,
97
98 // Enabling this will run the lib-jitsi-meet noise detection module which will
99 // notify the user if there is noise, other than voice, coming from the current
100 // selected microphone. The purpose it to let the user know that the input could
101 // be potentially unpleasant for other meeting participants.
102 enableNoisyMicDetection: true,
103
104 // Start the conference in audio only mode (no video is being received nor
105 // sent).
106 // startAudioOnly: false,
107
108 // Every participant after the Nth will start audio muted.
109 // startAudioMuted: 10,
110
111 // Start calls with audio muted. Unlike the option above, this one is only
112 // applied locally. FIXME: having these 2 options is confusing.
113 // startWithAudioMuted: false,
114
115 // Enabling it (with #params) will disable local audio output of remote
116 // participants and to enable it back a reload is needed.
117 // startSilent: false
118
119 // Sets the preferred target bitrate for the Opus audio codec by setting its
120 // 'maxaveragebitrate' parameter. Currently not available in p2p mode.
121 // Valid values are in the range 6000 to 510000
122 // opusMaxAverageBitrate: 20000,
123
124 // Enables redundancy for Opus
125 // enableOpusRed: false
126
127 // Video
128
129 // Sets the preferred resolution (height) for local video. Defaults to 720.
130 // resolution: 720,
131
132 // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
133 // Use -1 to disable.
134 // maxFullResolutionParticipants: 2,
135
136 // w3c spec-compliant video constraints to use for video capture. Currently
137 // used by browsers that return true from lib-jitsi-meet's
138 // util#browser#usesNewGumFlow. The constraints are independent from
139 // this config's resolution value. Defaults to requesting an ideal
140 // resolution of 720p.
141 constraints: {
142 video: {
143 height: {
144 ideal: 720,
145 max: 1080,
146 min: 240
147 }
148 }
149 },
150
151 // Enable / disable simulcast support.
152 // disableSimulcast: false,
153
154 // Enable / disable layer suspension. If enabled, endpoints whose HD
155 // layers are not in use will be suspended (no longer sent) until they
156 // are requested again.
157 // enableLayerSuspension: false,
158
159 // Every participant after the Nth will start video muted.
160 // startVideoMuted: 10,
161
162 // Start calls with video muted. Unlike the option above, this one is only
163 // applied locally. FIXME: having these 2 options is confusing.
164 // startWithVideoMuted: false,
165
166 // If set to true, prefer to use the H.264 video codec (if supported).
167 // Note that it's not recommended to do this because simulcast is not
168 // supported when using H.264. For 1-to-1 calls this setting is enabled by
169 // default and can be toggled in the p2p section.
170 // This option has been deprecated, use preferredCodec under videoQuality section instead.
171 // preferH264: true,
172
173 // If set to true, disable H.264 video codec by stripping it out of the
174 // SDP.
175 // disableH264: false,
176
177 // Desktop sharing
178
179 // Optional desktop sharing frame rate options. Default value: min:5, max:5.
180 desktopSharingFrameRate: {
181 min: 5,
182 max: 20
183 },
184
185 // Try to start calls with screen-sharing instead of camera video.
186 // startScreenSharing: false,
187
188 // Recording
189
190 // Whether to enable file recording or not.
191 // fileRecordingsEnabled: false,
192 // Enable the dropbox integration.
193 // dropbox: {
194 // appKey: '<APP_KEY>' // Specify your app key here.
195 // // A URL to redirect the user to, after authenticating
196 // // by default uses:
197 // // 'https://jitsi.rockstable.it/static/oauth.html'
198 // redirectURI:
199 // 'https://jitsi.rockstable.it/subfolder/static/oauth.html'
200 // },
201 // When integrations like dropbox are enabled only that will be shown,
202 // by enabling fileRecordingsServiceEnabled, we show both the integrations
203 // and the generic recording service (its configuration and storage type
204 // depends on jibri configuration)
205 // fileRecordingsServiceEnabled: false,
206 // Whether to show the possibility to share file recording with other people
207 // (e.g. meeting participants), based on the actual implementation
208 // on the backend.
209 // fileRecordingsServiceSharingEnabled: false,
210
211 // Whether to enable live streaming or not.
212 // liveStreamingEnabled: false,
213
214 // Transcription (in interface_config,
215 // subtitles and buttons can be configured)
216 // transcribingEnabled: false,
217
218 // Enables automatic turning on captions when recording is started
219 // autoCaptionOnRecord: false,
220
221 // Misc
222
223 // Default value for the channel "last N" attribute. -1 for unlimited.
224 channelLastN: -1,
225
226 // Provides a way to use different "last N" values based on the number of participants in the conference.
227 // The keys in an Object represent number of participants and the values are "last N" to be used when number of
228 // participants gets to or above the number.
229 //
230 // For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
231 // 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
232 // will be used as default until the first threshold is reached.
233 //
234 // lastNLimits: {
235 // 5: 20,
236 // 30: 15,
237 // 50: 10,
238 // 70: 5,
239 // 90: 2
240 // },
241
242 // Specify the settings for video quality optimizations on the client.
243 videoQuality: {
244 // // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
245 // // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
246 // // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
247 // // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
248 // disabledCodec: 'H264',
249 //
250 // // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
251 // // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
252 // // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
253 // // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
254 // // to take effect.
255 // preferredCodec: 'VP8',
256 //
257 // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
258 // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
259 // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
260 // // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
261 // // This is currently not implemented on app based clients on mobile.
262 maxBitratesVideo: {
263 low: 200000,
264 standard: 500000,
265 high: 2000000
266 },
267 //
268 // // The options can be used to override default thresholds of video thumbnail heights corresponding to
269 // // the video quality levels used in the application. At the time of this writing the allowed levels are:
270 // // 'low' - for the low quality level (180p at the time of this writing)
271 // // 'standard' - for the medium quality level (360p)
272 // // 'high' - for the high quality level (720p)
273 // // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
274 // //
275 // // With the default config value below the application will use 'low' quality until the thumbnails are
276 // // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
277 // // the high quality.
278 // minHeightForQualityLvl: {
279 // 360: 'standard,
280 // 720: 'high'
281 // }
282 },
283
284 // // Options for the recording limit notification.
285 // recordingLimit: {
286 //
287 // // The recording limit in minutes. Note: This number appears in the notification text
288 // // but doesn't enforce the actual recording time limit. This should be configured in
289 // // jibri!
290 // limit: 60,
291 //
292 // // The name of the app with unlimited recordings.
293 // appName: 'Unlimited recordings APP',
294 //
295 // // The URL of the app with unlimited recordings.
296 // appURL: 'https://unlimited.recordings.app.com/'
297 // },
298
299 // Disables or enables RTX (RFC 4588) (defaults to false).
300 // disableRtx: false,
301
302 // Disables or enables TCC (the default is in Jicofo and set to true)
303 // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
304 // affects congestion control, it practically enables send-side bandwidth
305 // estimations.
306 // enableTcc: true,
307
308 // Disables or enables REMB (the default is in Jicofo and set to false)
309 // (draft-alvestrand-rmcat-remb-03). This setting affects congestion
310 // control, it practically enables recv-side bandwidth estimations. When
311 // both TCC and REMB are enabled, TCC takes precedence. When both are
312 // disabled, then bandwidth estimations are disabled.
313 // enableRemb: false,
314
315 // Enables ICE restart logic in LJM and displays the page reload overlay on
316 // ICE failure. Current disabled by default because it's causing issues with
317 // signaling when Octo is enabled. Also when we do an "ICE restart"(which is
318 // not a real ICE restart), the client maintains the TCC sequence number
319 // counter, but the bridge resets it. The bridge sends media packets with
320 // TCC sequence numbers starting from 0.
321 // enableIceRestart: false,
322
323 // Defines the minimum number of participants to start a call (the default
324 // is set in Jicofo and set to 2).
325 // minParticipants: 2,
326
327 // Use TURN/UDP servers for the jitsi-videobridge connection (by default
328 // we filter out TURN/UDP because it is usually not needed since the
329 // bridge itself is reachable via UDP)
330 // useTurnUdp: false
331
332 // Enables / disables a data communication channel with the Videobridge.
333 // Values can be 'datachannel', 'websocket', true (treat it as
334 // 'datachannel'), undefined (treat it as 'datachannel') and false (don't
335 // open any channel).
336 // openBridgeChannel: true,
337 openBridgeChannel: 'websocket',
338
339
340 // UI
341 //
342
343 // Hides lobby button
344 // hideLobbyButton: false,
345
346 // Require users to always specify a display name.
347 // requireDisplayName: true,
348
349 // Whether to use a welcome page or not. In case it's false a random room
350 // will be joined when no room is specified.
351 enableWelcomePage: true,
352
353 // Enabling the close page will ignore the welcome page redirection when
354 // a call is hangup.
355 // enableClosePage: false,
356
357 // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
358 // disable1On1Mode: false,
359
360 // Default language for the user interface.
361 // defaultLanguage: 'en',
362
363 // If true all users without a token will be considered guests and all users
364 // with token will be considered non-guests. Only guests will be allowed to
365 // edit their profile.
366 enableUserRolesBasedOnToken: false,
367
368 // Whether or not some features are checked based on token.
369 // enableFeaturesBasedOnToken: false,
370
371 // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
372 // lockRoomGuestEnabled: false,
373
374 // When enabled the password used for locking a room is restricted to up to the number of digits specified
375 // roomPasswordNumberOfDigits: 10,
376 // default: roomPasswordNumberOfDigits: false,
377
378 // Message to show the users. Example: 'The service will be down for
379 // maintenance at 01:00 AM GMT,
380 // noticeMessage: '',
381
382 // Enables calendar integration, depends on googleApiApplicationClientID
383 // and microsoftApiApplicationClientID
384 // enableCalendarIntegration: false,
385
386 // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
387 // prejoinPageEnabled: false,
388
389 // If true, shows the unsafe room name warning label when a room name is
390 // deemed unsafe (due to the simplicity in the name) and a password is not
391 // set or the lobby is not enabled.
392 enableInsecureRoomNameWarning: true,
393
394 // Whether to automatically copy invitation URL after creating a room.
395 // Document should be focused for this option to work
396 // enableAutomaticUrlCopy: false,
397
398 // Stats
399 //
400
401 // Whether to enable stats collection or not in the TraceablePeerConnection.
402 // This can be useful for debugging purposes (post-processing/analysis of
403 // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
404 // estimation tests.
405 // gatherStats: false,
406
407 // The interval at which PeerConnection.getStats() is called. Defaults to 10000
408 // pcStatsInterval: 10000,
409
410 // To enable sending statistics to callstats.io you must provide the
411 // Application ID and Secret.
412 // callStatsID: '',
413 // callStatsSecret: '',
414
415 // Enables sending participants' display names to callstats
416 // enableDisplayNameInStats: false,
417
418 // Enables sending participants' emails (if available) to callstats and other analytics
419 // enableEmailInStats: false,
420
421 // Privacy
422 //
423
424 // If third party requests are disabled, no other server will be contacted.
425 // This means avatars will be locally generated and callstats integration
426 // will not function.
427 // disableThirdPartyRequests: false,
428
429
430 // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
431 //
432
433 p2p: {
434 // Enables peer to peer mode. When enabled the system will try to
435 // establish a direct connection when there are exactly 2 participants
436 // in the room. If that succeeds the conference will stop sending data
437 // through the JVB and use the peer to peer connection instead. When a
438 // 3rd participant joins the conference will be moved back to the JVB
439 // connection.
440 enabled: true,
441
442 // The STUN servers that will be used in the peer to peer connections
443 stunServers: [
444
445 { urls: 'stun:coturn.rockstable.it:3478' },
446 { urls: 'turn:coturn.rockstable.it:5349' }
447 //{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
448 ]
449
450 // Sets the ICE transport policy for the p2p connection. At the time
451 // of this writing the list of possible values are 'all' and 'relay',
452 // but that is subject to change in the future. The enum is defined in
453 // the WebRTC standard:
454 // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
455 // If not set, the effective value is 'all'.
456 // iceTransportPolicy: 'all',
457
458 // If set to true, it will prefer to use H.264 for P2P calls (if H.264
459 // is supported). This setting is deprecated, use preferredCodec instead.
460 // preferH264: true
461
462 // Provides a way to set the video codec preference on the p2p connection. Acceptable
463 // codec values are 'VP8', 'VP9' and 'H264'.
464 // preferredCodec: 'H264',
465
466 // If set to true, disable H.264 video codec by stripping it out of the
467 // SDP. This setting is deprecated, use disabledCodec instead.
468 // disableH264: false,
469
470 // Provides a way to prevent a video codec from being negotiated on the p2p connection.
471 // disabledCodec: '',
472
473 // How long we're going to wait, before going back to P2P after the 3rd
474 // participant has left the conference (to filter out page reload).
475 // backToP2PDelay: 5
476
477 // use XEP-0215 to fetch TURN servers for the JVB connection
478 //useStunTurn: true
479 },
480
481 // use XEP-0215 to fetch TURN servers for the JVB connection
482 //useStunTurn: true,
483
484 analytics: {
485 // The Google Analytics Tracking ID:
486 // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
487
488 // Matomo configuration:
489 // matomoEndpoint: 'https://your-matomo-endpoint/',
490 // matomoSiteID: '42',
491
492 // The Amplitude APP Key:
493 // amplitudeAPPKey: '<APP_KEY>'
494
495 // Configuration for the rtcstats server:
496 // By enabling rtcstats server every time a conference is joined the rtcstats
497 // module connects to the provided rtcstatsEndpoint and sends statistics regarding
498 // PeerConnection states along with getStats metrics polled at the specified
499 // interval.
500 // rtcstatsEnabled: true,
501
502 // In order to enable rtcstats one needs to provide a endpoint url.
503 // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
504
505 // The interval at which rtcstats will poll getStats, defaults to 1000ms.
506 // If the value is set to 0 getStats won't be polled and the rtcstats client
507 // will only send data related to RTCPeerConnection events.
508 // rtcstatsPolIInterval: 1000
509
510 // Array of script URLs to load as lib-jitsi-meet "analytics handlers".
511 // scriptURLs: [
512 // "libs/analytics-ga.min.js", // google-analytics
513 // "https://example.com/my-custom-analytics.js"
514 // ],
515 },
516
517 // Logs that should go be passed through the 'log' event if a handler is defined for it
518 // apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
519
520 // Information about the jitsi-meet instance we are connecting to, including
521 // the user region as seen by the server.
522 deploymentInfo: {
523 // shard: "shard1",
524 // region: "europe",
525 // userRegion: "europe"
526 },
527
528 // Decides whether the start/stop recording audio notifications should play on record.
529 // disableRecordAudioNotification: false,
530
531 // Information for the chrome extension banner
532 // chromeExtensionBanner: {
533 // // The chrome extension to be installed address
534 // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
535
536 // // Extensions info which allows checking if they are installed or not
537 // chromeExtensionsInfo: [
538 // {
539 // id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
540 // path: 'jitsi-logo-48x48.png'
541 // }
542 // ]
543 // },
544
545 // Local Recording
546 //
547
548 // localRecording: {
549 // Enables local recording.
550 // Additionally, 'localrecording' (all lowercase) needs to be added to
551 // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
552 // button to show up on the toolbar.
553 //
554 // enabled: true,
555 //
556
557 // The recording format, can be one of 'ogg', 'flac' or 'wav'.
558 // format: 'flac'
559 //
560
561 // },
562
563 // Options related to end-to-end (participant to participant) ping.
564 // e2eping: {
565 // // The interval in milliseconds at which pings will be sent.
566 // // Defaults to 10000, set to <= 0 to disable.
567 // pingInterval: 10000,
568 //
569 // // The interval in milliseconds at which analytics events
570 // // with the measured RTT will be sent. Defaults to 60000, set
571 // // to <= 0 to disable.
572 // analyticsInterval: 60000,
573 // },
574
575 // If set, will attempt to use the provided video input device label when
576 // triggering a screenshare, instead of proceeding through the normal flow
577 // for obtaining a desktop stream.
578 // NOTE: This option is experimental and is currently intended for internal
579 // use only.
580 // _desktopSharingSourceDevice: 'sample-id-or-label',
581
582 // If true, any checks to handoff to another application will be prevented
583 // and instead the app will continue to display in the current browser.
584 // disableDeepLinking: false,
585
586 // A property to disable the right click context menu for localVideo
587 // the menu has option to flip the locally seen video for local presentations
588 // disableLocalVideoFlip: false,
589
590 // Mainly privacy related settings
591
592 // Disables all invite functions from the app (share, invite, dial out...etc)
593 // disableInviteFunctions: true,
594
595 // Disables storing the room name to the recents list
596 // doNotStoreRoom: true,
597
598 // Deployment specific URLs.
599 // deploymentUrls: {
600 // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
601 // // user documentation.
602 // userDocumentationURL: 'https://docs.example.com/video-meetings.html',
603 // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
604 // // to the specified URL for an app download page.
605 // downloadAppsUrl: 'https://docs.example.com/our-apps.html'
606 // },
607
608 // Options related to the remote participant menu.
609 // remoteVideoMenu: {
610 // // If set to true the 'Kick out' button will be disabled.
611 // disableKick: true
612 // },
613
614 // If set to true all muting operations of remote participants will be disabled.
615 // disableRemoteMute: true,
616
617 /**
618 External API url used to receive branding specific information.
619 If there is no url set or there are missing fields, the defaults are applied.
620 None of the fields are mandatory and the response must have the shape:
621 {
622 // The hex value for the colour used as background
623 backgroundColor: '#fff',
624 // The url for the image used as background
625 backgroundImageUrl: 'https://example.com/background-img.png',
626 // The anchor url used when clicking the logo image
627 logoClickUrl: 'https://example-company.org',
628 // The url used for the image used as logo
629 logoImageUrl: 'https://example.com/logo-img.png'
630 }
631 */
632 // brandingDataUrl: '',
633
634 // The URL of the moderated rooms microservice, if available. If it
635 // is present, a link to the service will be rendered on the welcome page,
636 // otherwise the app doesn't render it.
637 // moderatedRoomServiceUrl: 'https://moderated.jitsi.rockstable.it',
638
639 // List of undocumented settings used in jitsi-meet
640 /**
641 _immediateReloadThreshold
642 debug
643 debugAudioLevels
644 deploymentInfo
645 dialInConfCodeUrl
646 dialInNumbersUrl
647 dialOutAuthUrl
648 dialOutCodesUrl
649 disableRemoteControl
650 displayJids
651 etherpad_base
652 externalConnectUrl
653 firefox_fake_device
654 googleApiApplicationClientID
655 iAmRecorder
656 iAmSipGateway
657 microsoftApiApplicationClientID
658 peopleSearchQueryTypes
659 peopleSearchUrl
660 requireDisplayName
661 tokenAuthUrl
662 */
663
664 /**
665 * This property can be used to alter the generated meeting invite links (in combination with a branding domain
666 * which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
667 * can become https://brandedDomain/roomAlias)
668 */
669 // brandingRoomAlias: null,
670
671 // List of undocumented settings used in lib-jitsi-meet
672 /**
673 _peerConnStatusOutOfLastNTimeout
674 _peerConnStatusRtcMuteTimeout
675 abTesting
676 avgRtpStatsN
677 callStatsConfIDNamespace
678 callStatsCustomScriptUrl
679 desktopSharingSources
680 disableAEC
681 disableAGC
682 disableAP
683 disableHPF
684 disableNS
685 enableLipSync
686 enableTalkWhileMuted
687 forceJVB121Ratio
688 hiddenDomain
689 ignoreStartMuted
690 nick
691 startBitrate
692 */
693
694
695 // Allow all above example options to include a trailing comma and
696 // prevent fear when commenting out the last value.
697 makeJsonParserHappy: 'even if last key had a trailing comma'
698
699 // no configuration value should follow this line.
700 };
701
702 /* eslint-enable no-unused-vars, no-var */
Jitsi-Meet interface_config.js
Adjust the interface to your needs.
Jitsi-Meet example interface_config.js
/etc/jitsi/meet/jitsi.rockstable.it-interface_config.js
1 /* eslint-disable no-unused-vars, no-var, max-len */
2 /* eslint sort-keys: ["error", "asc", {"caseSensitive": false}] */
3
4 var interfaceConfig = {
5 APP_NAME: 'Rockstable Jitsi',
6 AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
7 AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
8
9 /**
10 * A UX mode where the last screen share participant is automatically
11 * pinned. Valid values are the string "remote-only" so remote participants
12 * get pinned but not local, otherwise any truthy value for all participants,
13 * and any falsy value to disable the feature.
14 *
15 * Note: this mode is experimental and subject to breakage.
16 */
17 AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only',
18 BRAND_WATERMARK_LINK: '',
19
20 CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
21 /**
22 * Whether the connection indicator icon should hide itself based on
23 * connection strength. If true, the connection indicator will remain
24 * displayed while the participant has a weak connection and will hide
25 * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is
26 * strong.
27 *
28 * @type {boolean}
29 */
30 CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true,
31
32 /**
33 * How long the connection indicator should remain displayed before hiding.
34 * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED.
35 *
36 * @type {number}
37 */
38 CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000,
39
40 /**
41 * If true, hides the connection indicators completely.
42 *
43 * @type {boolean}
44 */
45 CONNECTION_INDICATOR_DISABLED: false,
46
47 DEFAULT_BACKGROUND: '#474747',
48 DEFAULT_LOCAL_DISPLAY_NAME: 'me',
49 DEFAULT_LOGO_URL: 'images/watermark.png',
50 DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
51 DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.png',
52
53 DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
54
55 DISABLE_FOCUS_INDICATOR: false,
56
57 /**
58 * If true, notifications regarding joining/leaving are no longer displayed.
59 */
60 DISABLE_JOIN_LEAVE_NOTIFICATIONS: false,
61
62 /**
63 * If true, presence status: busy, calling, connected etc. is not displayed.
64 */
65 DISABLE_PRESENCE_STATUS: false,
66
67 /**
68 * Whether the ringing sound in the call/ring overlay is disabled. If
69 * {@code undefined}, defaults to {@code false}.
70 *
71 * @type {boolean}
72 */
73 DISABLE_RINGING: false,
74
75 /**
76 * Whether the speech to text transcription subtitles panel is disabled.
77 * If {@code undefined}, defaults to {@code false}.
78 *
79 * @type {boolean}
80 */
81 DISABLE_TRANSCRIPTION_SUBTITLES: false,
82
83 /**
84 * Whether or not the blurred video background for large video should be
85 * displayed on browsers that can support it.
86 */
87 DISABLE_VIDEO_BACKGROUND: false,
88
89 DISPLAY_WELCOME_PAGE_CONTENT: true,
90 DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
91
92 ENABLE_DIAL_OUT: true,
93
94 ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation.
95
96 FILM_STRIP_MAX_HEIGHT: 120,
97
98 /**
99 * Whether to only show the filmstrip (and hide the toolbar).
100 */
101 filmStripOnly: false,
102
103 GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
104
105 /**
106 * Hide the logo on the deep linking pages.
107 */
108 HIDE_DEEP_LINKING_LOGO: false,
109
110 /**
111 * Hide the invite prompt in the header when alone in the meeting.
112 */
113 HIDE_INVITE_MORE_HEADER: false,
114
115 INITIAL_TOOLBAR_TIMEOUT: 20000,
116 JITSI_WATERMARK_LINK: 'https://jitsi.org',
117
118 LANG_DETECTION: true, // Allow i18n to detect the system language
119 LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', // Documentation reference for the live streaming feature.
120 LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
121
122 /**
123 * Maximum coefficient of the ratio of the large video to the visible area
124 * after the large video is scaled to fit the window.
125 *
126 * @type {number}
127 */
128 MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
129
130 /**
131 * Whether the mobile app Jitsi Meet is to be promoted to participants
132 * attempting to join a conference in a mobile Web browser. If
133 * {@code undefined}, defaults to {@code true}.
134 *
135 * @type {boolean}
136 */
137 MOBILE_APP_PROMO: true,
138
139 NATIVE_APP_NAME: 'Jitsi Meet',
140
141 // Names of browsers which should show a warning stating the current browser
142 // has a suboptimal experience. Browsers which are not listed as optimal or
143 // unsupported are considered suboptimal. Valid values are:
144 // chrome, chromium, edge, electron, firefox, nwjs, opera, safari
145 OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
146
147 POLICY_LOGO: null,
148 PROVIDER_NAME: 'Jitsi',
149
150 /**
151 * If true, will display recent list
152 *
153 * @type {boolean}
154 */
155 RECENT_LIST_ENABLED: true,
156 REMOTE_THUMBNAIL_RATIO: 1, // 1:1
157
158 SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ],
159 SHOW_BRAND_WATERMARK: false,
160
161 /**
162 * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
163 * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
164 * being already installed is done before rendering.
165 */
166 SHOW_CHROME_EXTENSION_BANNER: false,
167
168 SHOW_DEEP_LINKING_IMAGE: false,
169 SHOW_JITSI_WATERMARK: true,
170 SHOW_POWERED_BY: false,
171 SHOW_PROMOTIONAL_CLOSE_PAGE: false,
172 SHOW_WATERMARK_FOR_GUESTS: true, // if watermark is disabled by default, it can be shown only for guests
173
174 /*
175 * If indicated some of the error dialogs may point to the support URL for
176 * help.
177 */
178 SUPPORT_URL: 'https://community.jitsi.org/',
179
180 TOOLBAR_ALWAYS_VISIBLE: false,
181
182 /**
183 * The name of the toolbar buttons to display in the toolbar, including the
184 * "More actions" menu. If present, the button will display. Exceptions are
185 * "livestreaming" and "recording" which also require being a moderator and
186 * some values in config.js to be enabled. Also, the "profile" button will
187 * not display for users with a JWT.
188 * Notes:
189 * - it's impossible to choose which buttons go in the "More actions" menu
190 * - it's impossible to control the placement of buttons
191 * - 'desktop' controls the "Share your screen" button
192 */
193 TOOLBAR_BUTTONS: [
194 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen',
195 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
196 'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
197 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
198 'tileview', 'videobackgroundblur', 'download', 'help', 'mute-everyone', 'security'
199 ],
200
201 TOOLBAR_TIMEOUT: 4000,
202
203 // Browsers, in addition to those which do not fully support WebRTC, that
204 // are not supported and should show the unsupported browser page.
205 UNSUPPORTED_BROWSERS: [],
206
207 /**
208 * Whether to show thumbnails in filmstrip as a column instead of as a row.
209 */
210 VERTICAL_FILMSTRIP: true,
211
212 // Determines how the video would fit the screen. 'both' would fit the whole
213 // screen, 'height' would fit the original video height to the height of the
214 // screen, 'width' would fit the original video width to the width of the
215 // screen respecting ratio.
216 VIDEO_LAYOUT_FIT: 'both',
217
218 /**
219 * If true, hides the video quality label indicating the resolution status
220 * of the current large video.
221 *
222 * @type {boolean}
223 */
224 VIDEO_QUALITY_LABEL_DISABLED: false,
225
226 /**
227 * When enabled, the kick participant button will not be presented for users without a JWT
228 */
229 // HIDE_KICK_BUTTON_FOR_GUESTS: false,
230
231 /**
232 * How many columns the tile view can expand to. The respected range is
233 * between 1 and 5.
234 */
235 // TILE_VIEW_MAX_COLUMNS: 5,
236
237 /**
238 * Specify custom URL for downloading android mobile app.
239 */
240 // MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
241
242 /**
243 * Specify URL for downloading ios mobile app.
244 */
245 // MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
246
247 /**
248 * Specify Firebase dynamic link properties for the mobile apps.
249 */
250 // MOBILE_DYNAMIC_LINK: {
251 // APN: 'org.jitsi.meet',
252 // APP_CODE: 'w2atb',
253 // CUSTOM_DOMAIN: undefined,
254 // IBI: 'com.atlassian.JitsiMeet.ios',
255 // ISI: '1165103905'
256 // },
257
258 /**
259 * Specify mobile app scheme for opening the app from the mobile browser.
260 */
261 // APP_SCHEME: 'org.jitsi.meet',
262
263 /**
264 * Specify the Android app package name.
265 */
266 // ANDROID_APP_PACKAGE: 'org.jitsi.meet',
267
268 /**
269 * Override the behavior of some notifications to remain displayed until
270 * explicitly dismissed through a user action. The value is how long, in
271 * milliseconds, those notifications should remain displayed.
272 */
273 // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,
274
275 // List of undocumented settings
276 /**
277 INDICATOR_FONT_SIZES
278 PHONE_NUMBER_REGEX
279 */
280
281 // Allow all above example options to include a trailing comma and
282 // prevent fear when commenting out the last value.
283 // eslint-disable-next-line sort-keys
284 makeJsonParserHappy: 'even if last key had a trailing comma'
285
286 // No configuration value should follow this line.
287 };
288
289 /* eslint-enable no-unused-vars, no-var, max-len */
Jibri - Recording an Live Streaming
jitsi.org Learn how to Live Stream and Record on your Jitsi Meet Install
/etc/prosody/conf.d/jitsi.rockstable.it.cfg.lua
1 -- internal muc component
2 Component "internal.auth.jitsi.rockstable.it" "muc"
3 storage = "memory"
4 --storage = "null"
5 modules_enabled = {
6 "ping";
7 }
8 muc_room_cache_size = 1000
9
10 VirtualHost "recorder.jitsi.rockstable.it"
11 modules_enabled = {
12 "ping";
13 }
14 authentication = "internal_plain"
Reload prosody
1 systemctl reload prosody.service
Register the users
1 #read PASSWORD
2 PASSWORD_JIBRI="$(pwgen 32 1)"
3 echo "PASSWORD_JIBRI: $PASSWORD_JIBRI"
4 prosodyctl register jibri auth.jitsi.rockstable.it "$PASSWORD_JIBRI"
5 PASSWORD_RECORDER="$(pwgen 32 1)"
6 echo "PASSWORD_RECORDER: $PASSWORD_RECORDER"
7 prosodyctl register recorder recorder.jitsi.rockstable.it "$PASSWORD_RECORDER"
/etc/jitsi/jicofo/sip-communicator.properties
Restart Jicofo
1 systemctl restart jicofo.service
/etc/jitsi/meet/jitsi.rockstable.it-config.js
1 // Recording
2
3 // Whether to enable file recording or not.
4 fileRecordingsEnabled: true,
5 // Enable the dropbox integration.
6 // dropbox: {
7 // appKey: '<APP_KEY>' // Specify your app key here.
8 // // A URL to redirect the user to, after authenticating
9 // // by default uses:
10 // // 'https://jitsi.rockstable.it/static/oauth.html'
11 // redirectURI:
12 // 'https://jitsi.rockstable.it/subfolder/static/oauth.html'
13 // },
14 // When integrations like dropbox are enabled only that will be shown,
15 // by enabling fileRecordingsServiceEnabled, we show both the integrations
16 // and the generic recording service (its configuration and storage type
17 // depends on jibri configuration)
18 // fileRecordingsServiceEnabled: false,
19 // Whether to show the possibility to share file recording with other people
20 // (e.g. meeting participants), based on the actual implementation
21 // on the backend.
22 // fileRecordingsServiceSharingEnabled: false,
23 hiddenDomain: 'recorder.jitsi.rockstable.it',
24
25 // Whether to enable live streaming or not.
26 liveStreamingEnabled: true,
27
28 // Transcription (in interface_config,
29 // subtitles and buttons can be configured)
30 // transcribingEnabled: false,
31
32 // Enables automatic turning on captions when recording is started
33 // autoCaptionOnRecord: false,
Check that the buttons "recording" and "livestreaming" are enabled in
/etc/jitsi/meet/jitsi.rockstable.it-interface_config.js
1 /**
2 * The name of the toolbar buttons to display in the toolbar, including the
3 * "More actions" menu. If present, the button will display. Exceptions are
4 * "livestreaming" and "recording" which also require being a moderator and
5 * some values in config.js to be enabled. Also, the "profile" button will
6 * not display for users with a JWT.
7 * Notes:
8 * - it's impossible to choose which buttons go in the "More actions" menu
9 * - it's impossible to control the placement of buttons
10 * - 'desktop' controls the "Share your screen" button
11 */
12 TOOLBAR_BUTTONS: [
13 'microphone', 'camera', 'closedcaptions', 'desktop', 'embedmeeting', 'fullscreen',
14 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
15 'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
16 'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
17 'tileview', 'videobackgroundblur', 'download', 'help', 'mute-everyone', 'security'
18 ],
Make sure the module snd-aloop is available locate snd-aloop.ko
Install jibri
1 apt install jibri
Add user jibri to groups
Install Google Chrome
When installing the Chrome Driver use the proprietary one or you will get a infobar/banner "Chrome is being controlled by automated test software." They may have the same version, but are still different. :-D
ChromeDriver
Load the kernel module for "a loopback soundcard"
Persist the configuration on boot
/etc/modules-load.d/jitsi.conf
1 snd-aloop
Create a directory to store the recordings in
The configuration provided by the distribution was empty.
/etc/jitsi/jibri/jibri.conf
The method to configure jibri via /etc/jitsi/jibri/config.json seems to be deprecated and the typesafe /etc/jitsi/jibri/jibri.conf should be used instead.
You'll also need the source code of the parser to know the configuration options and an xmpp environment file. :-D
https://github.com/jitsi/jibri/blob/master/src/main/kotlin/org/jitsi/jibri/config/JibriConfig.kt
Download the reference configuration
Install vim syntax for HOCON (Human-Optimized Config Object Notation) files
/etc/jitsi/jibri/jibri.conf
1 jibri {
2 // A unique identifier for this Jibri
3 // TODO: eventually this will be required with no default
4 id = ""
5 // Whether or not Jibri should return to idle state after handling
6 // (successfully or unsuccessfully) a request. A value of 'true'
7 // here means that a Jibri will NOT return back to the IDLE state
8 // and will need to be restarted in order to be used again.
9 single-use-mode = false
10 api {
11 http {
12 external-api-port = 2222
13 internal-api-port = 3333
14 }
15 xmpp {
16 // See example_xmpp_envs.conf for an example of what is expected here
17 environments = [
18 {
19 name = "prod_environment"
20 xmpp-server-hosts = [
21 "jitsi.rockstable.it"
22 ]
23 xmpp-domain = "jitsi.rockstable.it"
24 control-login = {
25 domain = "auth.jitsi.rockstable.it"
26 username = "jibri"
27 password = "Ooraiquoo6kaimoh5ae8aemochi4faengu3quem1veech5ov"
28 }
29 control-muc = {
30 domain = "internal.auth.jitsi.rockstable.it"
31 room-name = "JibriBrewery"
32 nickname = "Jibri1"
33 }
34 call-login = {
35 domain = "recorder.jitsi.rockstable.it"
36 username = "recorder"
37 password = "tahshaideilaeghoh9iexiSahLu5wee4tekeug4Fee1gasie"
38 }
39 strip-from-room-domain = "conference."
40 usage-timeout = 0
41 trust-all-xmpp-certs = true
42 }
43 ]
44 }
45 }
46 recording {
47 recordings-directory = "/srv/recordings"
48 # TODO: make this an optional param and remove the default
49 finalize-script = "/etc/jitsi/jibri/finalize.sh"
50 }
51 streaming {
52 // A list of regex patterns for allowed RTMP URLs. The RTMP URL used
53 // when starting a stream must match at least one of the patterns in
54 // this list.
55 rtmp-allow-list = [
56 // By default, all services are allowed
57 ".*"
58 ]
59 }
60 sip {
61 // The routing rule for the outbound scenario in VoxImplant is based on this prefix
62 outbound-prefix = "out_"
63 }
64 ffmpeg {
65 resolution = "1920x1080"
66 // The audio source that will be used to capture audio on Linux
67 audio-source = "alsa"
68 // The audio device that will be used to capture audio on Linux
69 audio-device = "plug:bsnoop"
70 }
71 chrome {
72 // The flags which will be passed to chromium when launching
73 flags = [
74 "--use-fake-ui-for-media-stream",
75 "--start-maximized",
76 "--kiosk",
77 "--enabled",
78 "--autoplay-policy=no-user-gesture-required"
79 ]
80 }
81 stats {
82 enable-stats-d = true
83 }
84 webhook {
85 // A list of subscribers interested in receiving webhook events
86 subscribers = []
87 }
88 jwt-info {
89 // The path to a .pem file which will be used to sign JWT tokens used in webhook
90 // requests. If not set, no JWT will be added to webhook requests.
91 # signing-key-path = "/path/to/key.pem"
92
93 // The kid to use as part of the JWT
94 # kid = "key-id"
95
96 // The issuer of the JWT
97 # issuer = "issuer"
98
99 // The audience of the JWT
100 # audience = "audience"
101
102 // The TTL of each generated JWT. Can't be less than 10 minutes.
103 # ttl = 1 hour
104 }
105 call-status-checks {
106 // If all clients have their audio and video muted and if Jibri does not
107 // detect any data stream (audio or video) comming in, it will stop
108 // recording after NO_MEDIA_TIMEOUT expires.
109 no-media-timeout = 30 seconds
110
111 // If all clients have their audio and video muted, Jibri consideres this
112 // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
113 all-muted-timeout = 10 minutes
114
115 // When detecting if a call is empty, Jibri takes into consideration for how
116 // long the call has been empty already. If it has been empty for more than
117 // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
118 default-call-empty-timeout = 30 seconds
119 }
120 }
Create an empty filalize script
/etc/jitsi/jibri/finalize.sh
Set script executable
Restart jibri
1 systemctl restart jibri.service
Follow the logs
Test it.
Disable Chrome banner
The recording may contain a disturbing banner: Chrome is being controlled by automated test software.
When installing the Chrome Driver use the proprietary one or you will get a infobar/banner "Chrome is being controlled by automated test software." They may have the same version, but are still different. :-D
ChromeDriver
The undocumented CLI option --disable-infobars has been removed from Chrome in version 77:
chromium.googlesource.com Remove --disable-infobars.
Create a (enterprise) chrome policy
Publish the recordings
Create a directory for publishing
1 install -o jibri -g jitsi -m 755 -d /srv/published
Adjust the finalize script
/etc/jitsi/jibri/finalize.sh
1 #!/bin/bash
2
3 DIR_PUBLISH_PREFIX="/srv/published"
4
5 DIR_RECORD="$1"
6 [ -d "$1" ] || exit 2
7
8 DIR_RECORD_PREFIX="${DIR_RECORD%/*}"
9 RECORD="$(find "$DIR_RECORD" -name '*.mp4')"
10 RECORD_BASE="$(basename "$RECORD")"
11 SESSION="$(cut -f1 -d_ <<< "$RECORD_BASE")"
12 TIME="$(cut -f2 -d_ <<< "$RECORD_BASE"| sed 's/.mp4//')"
13
14 DIR_PUBLISH_SESSION="$DIR_PUBLISH_PREFIX/$SESSION"
15 DIR_PUBLISH_SESSION_TIME="$DIR_PUBLISH_PREFIX/$SESSION/$TIME"
16
17 mkdir "$DIR_PUBLISH_SESSION"
18 ln -s "$DIR_RECORD" "$DIR_PUBLISH_SESSION_TIME"
The root level of the URI is the name of the jitsi session in lower case, so it's important to rewrite the URI to lower case in lua.
Install libnginx-mod-http-lua
1 apt install libnginx-mod-http-lua
The second and any further level of the URI show directory listings. 
Please also see the documentation of
Module ngx_http_autoindex_module
/etc/nginx/sites-available/published
1 ### PUBLISH THE RECORDED SESSIONS
2
3 server {
4 listen 80 default_server;
5 listen [::]:80 default_server;
6
7 # SSL configuration
8 #
9 # listen 443 ssl default_server;
10 # listen [::]:443 ssl default_server;
11 #
12 # Note: You should disable gzip for SSL traffic.
13 # See: https://bugs.debian.org/773332
14 #
15 # Read up on ssl_ciphers to ensure a secure configuration.
16 # See: https://bugs.debian.org/765782
17 #
18 # Self signed certs generated by the ssl-cert package
19 # Don't use them in a production server!
20 #
21 # include snippets/snakeoil.conf;
22
23 root /srv/published;
24
25 # Add index.php to the list if you are using PHP
26 #index index.html index.htm index.nginx-debian.html;
27
28 server_name recordings.jitsi.rockstable.it;
29
30 location / {
31 # First attempt to serve request as file, then
32 # as directory, then fall back to displaying a 404.
33 try_files $uri $uri/ =404;
34 }
35
36 location ~ [A-Z] {
37 rewrite_by_lua_block {
38 ngx.redirect(string.lower(ngx.var.uri), 307);
39 }
40 }
41
42 location ~ /[0-9a-z._-]+ {
43 sendfile on;
44 sendfile_max_chunk 1m;
45 tcp_nopush on;
46 autoindex on;
47 autoindex_exact_size off;
48 autoindex_format html;
49 autoindex_localtime on;
50 }
51 }
Create a index.html with some hints and avoid the ugly 401 (forbidden)
/srv/published/index.html
1 <html>
2 <head>
3 <title>Rockstable Jitsi Recordings</title>
4 </head>
5
6 <body>
7 <h1>Rockstable Jitsi Recordings</h1>
8
9 <p>
10 To access your recordings
11 please append the session name to the URL.
12 Example:<br>
13 <a href="http://recordings.jitsi.rockstable.it/RandomlyGeneratedSessionId">
14 http://recordings.jitsi.rockstable.it/RandomlyGeneratedSessionId
15 </a>
16 </p>
17
18 <h2>Notes</h2>
19 <p>
20 You can find the session name embedded in the conference URL.<br>
21 The case does not matter, it is all converted to lower case letters.
22 </p>
23
24 <p>
25 Recordings are deleted automatically after 3000min (2days and 2hours).
26 to save some space and conform to the law.
27 </p>
28 </body>
29 </html>
Enable the site
To download your files just append the session name to the URL like this
http://recordings.jitsi.rockstable.it/FollowingCharmsProcessUtterly
Cleanup the recordings
To avoid running out of space, conform to General Data Protection Regulation (GDPR) and German Datenschutz-Grundverordnung (DSGVO) the recording need to be purged from the disk regularily.
Therefor create a cleanup skript /etc/jitsi/jibri/cleanup.sh
1 #!/bin/bash
2
3 DEBUG=false
4 DIR_RECORD_PREFIX="/srv/recording"
5 DIR_PUBLISH_PREFIX="/srv/published"
6 ### 2 DAYS AND 2 HOURS
7 MAXAGE_MINS="+3000"
8
9 ### SEARCH AND DESTROY BROKEN LINKS
10 find "$DIR_PUBLISH_PREFIX" -xtype l -delete
11 ### SEARCH OLD RECORDINGS
12 readarray -d '' -t AGED_LINKS \
13 < <(find "$DIR_PUBLISH_PREFIX" -type l -cmin "$MAXAGE_MINS" -print0)
14
15 if [ "${#AGED_LINKS[*]}" -lt 1 ]; then
16 $DEBUG && cat <<-EOF
17 Nothing to do. Exiting…
18 EOF
19 exit 0
20 fi
21
22 $DEBUG && echo "AGES_LINKS: ${AGED_LINKS[*]}"
23 for AGED_LINK in "${AGED_LINKS[@]}"; do
24 $DEBUG && echo "Examining AGED_LINK: '$AGED_LINK'"
25 if [ -L "$AGED_LINK" ]; then
26 DIR="$(readlink -f "$AGED_LINK")"
27 if grep -q "$DIR_RECORD_PREFIX" <<< "$DIR"; then
28 $DEBUG && echo "$DIR is older than and is removed."
29 rm -r "$DIR"
30 unlink "$AGED_LINK"
31 fi
32 else
33 cat <<-EOF
34 AGED_LINK '$AGED_LINK' is not a link. Skipping…
35 EOF
36 fi
37 done
Set the script executable
1 chmod a+x /etc/jitsi/jibri/cleanup.sh
Create a simple cronjob to run the script
crontab -e
1 # Edit this file to introduce tasks to be run by cron.
2 #
3 # Each task to run has to be defined through a single line
4 # indicating with different fields when the task will be run
5 # and what command to run for the task
6 #
7 # To define the time you can provide concrete values for
8 # minute (m), hour (h), day of month (dom), month (mon),
9 # and day of week (dow) or use '*' in these fields (for 'any').
10 #
11 # Notice that tasks will be started based on the cron's system
12 # daemon's notion of time and timezones.
13 #
14 # Output of the crontab jobs (including errors) is sent through
15 # email to the user the crontab file belongs to (unless redirected).
16 #
17 # For example, you can run a backup of all your user accounts
18 # at 5 a.m every week with:
19 # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
20 #
21 # For more information see the manual pages of crontab(5) and cron(8)
22 #
23 #m h dom mon dow command
24 0 * * * * /etc/jitsi/jibri/cleanup.sh
Performance
Of cause performance matters
Increase Memory
A setup should always be persistent across upgrades.
There is a SystemD serivce unit
/lib/systemd/system/jitsi-videobridge2.service
that specifies the nvironmentFile
/etc/jitsi/videobridge/config
and starts
/usr/share/jitsi-videobridge/jvb.sh
which gets its defaults from the environment.
1 grep -q -e "VIDEOBRIDGE_MAX_MEMORY" \
2 -e "VIDEOBRIDGE_DEBUG_OPTIONS" \
3 "/etc/jitsi/videobridge/config" \
4 || echo >> "/etc/jitsi/videobridge/config" \
5 && cat "/usr/share/jitsi-videobridge/lib/videobridge.rc" \
6 >> "/etc/jitsi/videobridge/config"
7 sed -ri 's/# (VIDEOBRIDGE_MAX_MEMORY=)3072m/\14096m/g' \
8 /etc/jitsi/videobridge/config
The restart the videobridge service
1 systemctl restart jitsi-videobridge2.service
SystemD generates a service
/run/systemd/generator.late/jicofo.service
from the SystemV init script
/etc/init.d/jicofo. The init script exports JICOFO_AUTH_PASSWORD and JICOFO_MAX_MEMORY during startup. So instead of modifying
/usr/share/jicofo/jicofo.sh
add the following lines to
/etc/jitsi/jicofo/config
The restart the Jicofo service
1 systemctl restart jicofo.service