Install Jitsi on HestiaCP using docker
6 minutos de lectura
The official Jitsi Docker allows for easy installation on an empty VM without much difficulty. However, installing Jitsi docker on a VM managed by HestiaCP, which handles multiple (sub)domains, is not straightforward.
After spending half a week trying and reading many frustrated accounts of failed attempts, I finally succeeded. Here is what I describe below. It is essentially the same as the official guide, but the key lies in properly defining the ports and the NGINX reverse proxy.
Requeriments
- Minimum required hardware: 2 CPU + 2Gb RAM
- From HestiaCP, create a new user and new subdomain: live.mydomain.com
- From HestiaCP install SSL certificate and set auto-redirect to the https for it.
Create a NGINX template
You could edit the file /etc/nginx/conf.d/domains/live.mydomain.com.ssl.conf
directly, but any changes would be lost when you update HestiaCP. To preserve the changes, the correct approach is to create an NGINX template and then assign it to your recently created subdomain.
Note: I chose port 8445
because it is free on my VM, but you can use any other port that is available. Keep in mind that this port number will be used later in the .env
file for the Jitsi Docker container to listen on.
cd /usr/local/hestia/data/templates/web/nginx/
cp default.tpl jitsi-port-8445.tpl
cp default.stpl jitsi-port-8445.stpl
We only need to customize the .stpl
:
nano jitsi-port-8445.stpl
You must set these lines replacing the existing ones:
location / {
proxy_pass https://%ip%:8445;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Aumentar los timeouts para conexiones largas
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
# Buffering
proxy_buffering off;
}
also change the port on this @fallback:
location @fallback {
proxy_pass https://%ip%:8445;
}
and comment this line aswell:
# proxy_hide_header Upgrade;
Create a NGINX template
Then we need set this template as Proxy Template
for this subdomain:
- go to HestiaCP on web browser
- edit the subdomain you have created
- click on Advanced options
- on Proxy Template choose jitsi-port-8445
- click Save
Install docker
sudo apt update
sudo apt upgrade -y
sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install docker-ce -y
sudo systemctl status docker
docker ps
Install docker compose:
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
Install docker of Jitsi:
live30
is the user i created on HestiaCP to admin the subdomainlive.mydomain.com
.- I installed it in a new
docker
directory within the user's home directory, but you can perform the next installation steps in any other directory on your VM. I simply thought it would be a good idea to do it here.
mkdir /home/live30/docker
cd /home/live30/docker
wget $(curl -s https://api.github.com/repos/jitsi/docker-jitsi-meet/releases/latest | grep 'zip' | cut -d\" -f4)
unzip stable-9646
rm -rf stable-9646
mv jitsi-docker-jitsi-meet-1797ac8/ jitsi
cd jitsi
cp env.example .env
./gen-passwords.sh
nano .env
At the .env file you must set these lines as minimum:
- i recommend to use the absolute path to the
.jitsi-meet-cfg
directory on CONFIG parameter - i recommend to use 2 ports 100% free in your VM
...
CONFIG=/home/live30/docker/jitsi/.jitsi-meet-cfg
HTTP_PORT=8005
HTTPS_PORT=8445
TZ=America/Hermosillo
PUBLIC_URL=https://live.mydomain.com
...
ENABLE_AUTH=1 # let only registered users to create rooms
ENABLE_GUESTS=1
AUTH_TYPE=internal # using username & passdord
...
RESTART_POLICY=unless-stopped
Permanent storage out of docker container:
mkdir -p ./.jitsi-meet-cfg/{web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
Modfy docker-compose.yml
to set jitsi network with static IPs:
networks:
meet.jitsi:
ipam:
driver: default
config:
- subnet: 172.20.0.0/16
on each web service set (incrementing the 172.20.0.2 on ipv4_address):
networks:
meet.jitsi:
ipv4_address: 172.20.0.2
Run docker compose:
docker compose up -d
Create user with authentication
which are the unique which can create rooms:
docker-compose exec prosody prosodyctl --config=/config/prosody.cfg.lua register [USERNAME] meet.jitsi [PASSWORD]
BONUS EXTRA: Change corner logo
As a final but important detail, especially in professional scenarios, is to change the default logo that appears in the top-left corner on both the home page and the conference view. By default, you see a semi-transparent Jitsi SVG logo. To replace it with your own, follow these steps:
1. upload the new SVG from your local console
scp -P 22 watermark.svg root@live.mydomain.com:/home/live30/docker/jitsi
2. from your VM console:
cd /home/live30/docker/jitsi
nano docker-compose.yml
on "web" service "volumes" add this line:
- ./watermark.svg:/usr/share/jitsi-meet/images/watermark.svg
3. finally restart your containers:
docker compose up -d --force-recreate
It's all !!!
Enjoy it 😎
Añada su comentario: