diff --git a/docs/devops-guide/docker.md b/docs/devops-guide/docker.md index cc5705ada..88a5e720b 100644 --- a/docs/devops-guide/docker.md +++ b/docs/devops-guide/docker.md @@ -188,7 +188,7 @@ sudo firewall-cmd --permanent --add-port=10000/udp sudo firewall-cmd --reload ``` -See [the corresponding section in the manual setup guide](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall). +See [the corresponding section in the debian/ubuntu setup guide](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall). ### Images diff --git a/docs/devops-guide/manual.md b/docs/devops-guide/manual.md deleted file mode 100644 index 6d59f3dc6..000000000 --- a/docs/devops-guide/manual.md +++ /dev/null @@ -1,290 +0,0 @@ ---- -id: devops-guide-manual -title: Self-Hosting Guide - Manual installation -sidebar_label: Manual installation ---- - -:::warning Manual installation is not recommended -We recommend following the [quick-install](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart/) document. The current document describes the steps that are needed to install a working deployment, but steps are easy to mess up, and the debian packages are more up-to-date, where this document is sometimes not updated to reflect latest changes. -::: - -This describes configuring a server `jitsi.example.com` on a Debian-based distribution. -**For other distributions** you can adapt the steps (especially changing the dependencies package installations (e.g. for nginx) and paths accordingly) so that it matches your host's distribution. -You will also need to generate some passwords for `YOURSECRET1`, `YOURSECRET2` and `YOURSECRET3`. - -There are also some complete [example config files](https://github.com/jitsi/jitsi-meet/tree/master/doc/debian/) available, mentioned in each section. - -There are additional configurations to be done for a [scalable installation](devops-guide-scalable). - -## Network description - - - -This is how the network looks: -``` - + + - | | - | | - v | - 443 | - +-------+ | - | | | - | Nginx | | - | | | - +--+-+--+ | - | | | -+------------+ | | +--------------+ | -| | | | | | | -| Jitsi Meet +<---+ +--->+ prosody/xmpp | | -| |files 5280 | | | -+------------+ +--------------+ v - 5222 ^ ^ 5222 10000 - +--------+ | | +-------------+ - | | | | | | - | jicofo +----^ ^----+ videobridge | - | | | | - +--------+ +-------------+ -``` - -## Install prosody -```bash -apt-get install prosody -``` - -## Configure prosody -Add config file in `/etc/prosody/conf.avail/jitsi.example.com.cfg.lua` : - -- add your domain virtual host section: - -``` -VirtualHost "jitsi.example.com" - authentication = "anonymous" - ssl = { - key = "/var/lib/prosody/jitsi.example.com.key"; - certificate = "/var/lib/prosody/jitsi.example.com.crt"; - } - modules_enabled = { - "bosh"; - "pubsub"; - } - c2s_require_encryption = false -``` -- add domain with authentication for conference focus user: -``` -VirtualHost "auth.jitsi.example.com" - ssl = { - key = "/var/lib/prosody/auth.jitsi.example.com.key"; - certificate = "/var/lib/prosody/auth.jitsi.example.com.crt"; - } - authentication = "internal_hashed" -``` -- add focus user to server admins: -``` -admins = { "focus@auth.jitsi.example.com" } -``` -- and finally configure components: -``` -Component "conference.jitsi.example.com" "muc" -Component "jitsi-videobridge.jitsi.example.com" - component_secret = "YOURSECRET1" -Component "focus.jitsi.example.com" - component_secret = "YOURSECRET2" -``` - -Add link for the added configuration -```bash -ln -s /etc/prosody/conf.avail/jitsi.example.com.cfg.lua /etc/prosody/conf.d/jitsi.example.com.cfg.lua -``` - -Generate certs for the domain: -```bash -prosodyctl cert generate jitsi.example.com -prosodyctl cert generate auth.jitsi.example.com -``` - -Add auth.jitsi.example.com to the trusted certificates on the local machine: -```bash -ln -sf /var/lib/prosody/auth.jitsi.example.com.crt /usr/local/share/ca-certificates/auth.jitsi.example.com.crt -update-ca-certificates -f -``` -Note that the `-f` flag is necessary if there are symlinks left from a previous installation. - -If you are using a JDK package not provided by Debian, as the ones from adoptjdk, you should also make your JDK aware of the new debian certificate keystore replacing or linking the JDK `cacerts`. Example, if you use JDK from adoptjdk: -``` -cd /usr/lib/jvm/adoptopenjdk-8-hotspot-amd64/jre -ln -sf /etc/ssl/certs/java/cacerts lib/security/cacerts -``` - -Create conference focus user: -```bash -prosodyctl register focus auth.jitsi.example.com YOURSECRET3 -``` - -Restart prosody XMPP server with the new config -```bash -prosodyctl restart -``` - -## Install Nginx -```bash -apt-get install nginx -``` - -Add a new file `jitsi.example.com` in `/etc/nginx/sites-available` (see also the example config file): -``` -server_names_hash_bucket_size 64; - -server { - listen 0.0.0.0:443 ssl http2; - listen [::]:443 ssl http2; - # tls configuration that is not covered in this guide - # we recommend the use of https://certbot.eff.org/ - server_name jitsi.example.com; - # set the root - root /srv/jitsi-meet; - index index.html; - location ~ ^/([a-zA-Z0-9=\?]+)$ { - rewrite ^/(.*)$ / break; - } - location / { - ssi on; - } - # BOSH, Bidirectional-streams Over Synchronous HTTP - # https://en.wikipedia.org/wiki/BOSH_(protocol) - location /http-bind { - proxy_pass http://localhost:5280/http-bind; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $http_host; - } - # external_api.js must be accessible from the root of the - # installation for the electron version of Jitsi Meet to work - # https://github.com/jitsi/jitsi-meet-electron - location /external_api.js { - alias /srv/jitsi-meet/libs/external_api.min.js; - } -} -``` - -Add link for the added configuration -```bash -cd /etc/nginx/sites-enabled -ln -s ../sites-available/jitsi.example.com jitsi.example.com -``` - -## Install Jitsi Videobridge - -:::warning -This method is no longer supported. -You can either install the JVB from https://download.jitsi.org/stable/ and follow these [Instructions](https://jitsi.org/downloads/ubuntu-debian-installations-instructions/) or [clone the repo](https://github.com/jitsi/jitsi-videobridge) and build it manually. -::: - -Visit https://download.jitsi.org/jitsi-videobridge/linux to determine the current build number, download and unzip it: -```bash -wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-{arch-buildnum}.zip -unzip jitsi-videobridge-linux-{arch-buildnum}.zip -``` - -Install JRE if missing: -``` -apt-get install openjdk-8-jre -``` - -_NOTE: When installing on older Debian releases keep in mind that you need JRE >= 1.7._ - -Create `~/.sip-communicator/sip-communicator.properties` in the home folder of the user that will be starting Jitsi Videobridge: -```bash -mkdir -p ~/.sip-communicator -cat > ~/.sip-communicator/sip-communicator.properties << EOF -org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false -# The videobridge uses 443 by default with 4443 as a fallback, but since we're already -# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition -org.jitsi.videobridge.TCP_HARVESTER_PORT=4443 -EOF -``` - -Start the videobridge with: -```bash -./jvb.sh --host=localhost --domain=jitsi.example.com --secret=YOURSECRET1 & -``` -Or autostart it by adding the line in `/etc/rc.local`: -```bash -/bin/bash /root/jitsi-videobridge-linux-{arch-buildnum}/jvb.sh --host=localhost --domain=jitsi.example.com --secret=YOURSECRET1 > /var/log/jvb.log 2>&1 -``` - -## Install Jitsi Conference Focus (jicofo) - -Install JDK and Maven if missing: -``` -apt-get install openjdk-8-jdk maven -``` - -_NOTE: When installing on older Debian releases keep in mind that you need JDK >= 1.7._ - -Clone source from Github repo: -```bash -git clone https://github.com/jitsi/jicofo.git -``` -Build the package. -```bash -cd jicofo -mvn package -DskipTests -Dassembly.skipAssembly=false -``` -Run jicofo: -```bash -======= -unzip target/jicofo-1.1-SNAPSHOT-archive.zip -cd jicofo-1.1-SNAPSHOT-archive' -./jicofo.sh --host=localhost --domain=jitsi.example.com --secret=YOURSECRET2 --user_domain=auth.jitsi.example.com --user_name=focus --user_password=YOURSECRET3 -``` - -## Deploy Jitsi Meet -Checkout and configure Jitsi Meet: -```bash -cd /srv -git clone https://github.com/jitsi/jitsi-meet.git -cd jitsi-meet -npm install -make -``` - -_NOTE: When installing on older distributions keep in mind that you need Node.js >= 12 and npm >= 6._ - -Edit host names in `/srv/jitsi-meet/config.js` (see also the example config file): -``` -var config = { - hosts: { - domain: 'jitsi.example.com', - muc: 'conference.jitsi.example.com', - bridge: 'jitsi-videobridge.jitsi.example.com', - focus: 'focus.jitsi.example.com' - }, - useNicks: false, - bosh: '//jitsi.example.com/http-bind', // FIXME: use xep-0156 for that - //chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension - //minChromeExtVersion: '0.1' // Required version of Chrome extension -}; -``` - -Verify that nginx config is valid and reload nginx: -```bash -nginx -t && nginx -s reload -``` - -## Running behind NAT -Jitsi Videobridge can run behind a NAT, provided that both required ports are routed (forwarded) to the machine that it runs on. By default these ports are `TCP/4443` and `UDP/10000`. - -If you do not route these two ports, Jitsi Meet will only work with video for two people, breaking upon 3 or more people trying to show video. - -`TCP/443` is required for the webserver which can be running on another machine than the Jitsi Videobrige is running on. - -The following extra lines need to be added to the file `~/.sip-communicator/sip-communicator.properties` (in the home directory of the user running the videobridge): -``` -org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS= -org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS= -``` - -## Hold your first conference -You are now all set and ready to have your first meet by going to http://jitsi.example.com - -## Enabling recording -[Jibri](https://github.com/jitsi/jibri) is a set of tools for recording and/or streaming a Jitsi Meet conference. diff --git a/docs/devops-guide/scalable.md b/docs/devops-guide/scalable.md index fd97d85e7..1043b817a 100644 --- a/docs/devops-guide/scalable.md +++ b/docs/devops-guide/scalable.md @@ -19,8 +19,7 @@ Building a scalable infrastructure is not a task for beginning Jitsi Administrat The instructions assume that you have installed a single node version successfully, and that you are comfortable installing, configuring and debugging Linux software. This is not a step-by-step guide, but will show you, which packages to install and which -configurations to change. Use the [manual install](devops-guide-manual) for -details on how to setup Jitsi on a single host. +configurations to change. It is highly recommended to use configuration management tools like Ansible or Puppet to manage the installation and configuration. ::: @@ -126,10 +125,6 @@ Open to the videobridges only Create the `/etc/nginx/sites-available/meet.example.com.conf` as usual -#### Prosody - -Follow the steps in the [manual install](devops-guide-manual) for setup tasks - #### Jitsi-Meet Adapt `/usr/share/jitsi-meet/config.js` and `/usr/share/jitsi-meet/interface-config.js` to your specific needs diff --git a/sidebars.js b/sidebars.js index 06d70f8fe..9875c21ab 100644 --- a/sidebars.js +++ b/sidebars.js @@ -128,7 +128,6 @@ module.exports = { "devops-guide/devops-guide-quickstart", "devops-guide/devops-guide-opensuse", "devops-guide/devops-guide-docker", - "devops-guide/devops-guide-manual", ], }, {