Install Jitsi on HestiaCP using docker

Sergi Rodríguez  
27-08-2024 23:39  
6 minutos de lectura  

The official Jitsi Docker allows for easy installation on an empty VM without much difficulty. However, installing Jitsi docker on a VM managed by HestiaCP, which handles multiple (sub)domains, is not straightforward.
 
After spending half a week trying and reading many frustrated accounts of failed attempts, I finally succeeded. Here is what I describe below. It is essentially the same as the official guide, but the key lies in properly defining the ports and the NGINX reverse proxy.

Requeriments

  • Minimum required hardware:  2 CPU + 2Gb RAM
  • From HestiaCP, create a new user and new subdomain: live.mydomain.com
  • From HestiaCP install SSL certificate and set auto-redirect to the https for it.

Create a NGINX template

You could edit the file /etc/nginx/conf.d/domains/live.mydomain.com.ssl.conf directly, but any changes would be lost when you update HestiaCP. To preserve the changes, the correct approach is to create an NGINX template and then assign it to your recently created subdomain.

Note: I chose port 8445 because it is free on my VM, but you can use any other port that is available. Keep in mind that this port number will be used later in the .env file for the Jitsi Docker container to listen on.

cd /usr/local/hestia/data/templates/web/nginx/
cp default.tpl jitsi-port-8445.tpl
cp default.stpl jitsi-port-8445.stpl

We only need to customize the .stpl :

nano jitsi-port-8445.stpl

You must set these lines replacing the existing ones:

location / {
	proxy_pass https://%ip%:8445;
	proxy_http_version 1.1;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	# WebSocket support
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";

	# Aumentar los timeouts para conexiones largas
	proxy_read_timeout 3600s;
	proxy_send_timeout 3600s;

	# Buffering
	proxy_buffering off;
}

also change the port on this @fallback:

location @fallback {
        proxy_pass https://%ip%:8445;
}

and comment this line aswell:

# proxy_hide_header Upgrade;

Create a NGINX template

Then we need set this template as Proxy Template for this subdomain:

  1. go to HestiaCP on web browser
  2. edit the subdomain you have created
  3. click on Advanced options
  4. on Proxy Template choose jitsi-port-8445
  5. click Save

Install docker

sudo apt update
sudo apt upgrade -y

sudo apt install apt-transport-https ca-certificates curl software-properties-common -y

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt update
sudo apt install docker-ce -y
sudo systemctl status docker
docker ps

Install docker compose:

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

docker-compose --version

Install docker of Jitsi:

  • live30 is the user i created on HestiaCP to admin the subdomain live.mydomain.com.
  • I installed it in a new docker directory within the user's home directory, but you can perform the next installation steps in any other directory on your VM. I simply thought it would be a good idea to do it here.
mkdir /home/live30/docker
cd /home/live30/docker

wget $(curl -s https://api.github.com/repos/jitsi/docker-jitsi-meet/releases/latest | grep 'zip' | cut -d\" -f4)

unzip stable-9646
rm -rf stable-9646
mv jitsi-docker-jitsi-meet-1797ac8/ jitsi
cd jitsi

cp env.example .env
./gen-passwords.sh
nano .env

At the .env file you must set these lines as minimum:

  • i recommend to use the absolute path to the .jitsi-meet-cfg directory on CONFIG parameter
  • i recommend to use 2 ports 100% free in your VM
...
CONFIG=/home/live30/docker/jitsi/.jitsi-meet-cfg
HTTP_PORT=8005
HTTPS_PORT=8445
TZ=America/Hermosillo
PUBLIC_URL=https://live.mydomain.com
...
ENABLE_AUTH=1 # let only registered users to create rooms
ENABLE_GUESTS=1
AUTH_TYPE=internal # using username & passdord 
...
RESTART_POLICY=unless-stopped

Permanent storage out of docker container:

mkdir -p ./.jitsi-meet-cfg/{web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}

Modfy docker-compose.yml to set jitsi network with static IPs:

networks:
    meet.jitsi:
      ipam:
         driver: default
         config:
          - subnet: 172.20.0.0/16

on each web service set (incrementing the 172.20.0.2 on ipv4_address):

        networks:
            meet.jitsi:
              ipv4_address: 172.20.0.2

Run docker compose:

docker compose up -d

Create user with authentication

which are the unique which can create rooms:

docker-compose exec prosody prosodyctl --config=/config/prosody.cfg.lua register [USERNAME] meet.jitsi [PASSWORD]

BONUS EXTRA: Change  corner logo

As a final but important detail, especially in professional scenarios, is to change the default logo that appears in the top-left corner on both the home page and the conference view. By default, you see a semi-transparent Jitsi SVG logo. To replace it with your own, follow these steps:

1. upload the new SVG from your local console

scp -P 22 watermark.svg root@live.mydomain.com:/home/live30/docker/jitsi

2. from your VM console:

cd /home/live30/docker/jitsi
nano docker-compose.yml

on "web" service "volumes" add this line:

 - ./watermark.svg:/usr/share/jitsi-meet/images/watermark.svg

3. finally restart your containers:

docker compose up -d --force-recreate

It's all !!!
Enjoy it 😎

 

Etiquetas : jitsi | opensource | guide

Comentarios 0   Visitas 115  

  Comentarios


Añada su comentario:

Comentario:
Nombre:
(pregunta anti-robots)

Enviar

DÍGANOS QUÉ NECESITA

¡¡ Le respondemos antes de 24h !!
Puede dejarnos su teléfono.

Puede rellenar el formulario (pulsar botón derecha) o bien aquí tiene nuestros datos de contacto.

(pregunta anti-robots)

  Enviar

Revisar consentimientos a cookies