以下安装过程,均使用普通用户身份
1、卸载重新安装
sudo apt purge jigasi jitsi-meet
jitsi-meet-web-config jitsi-meet-prosody jitsi-meet-turnserver
jitsi-meet-web jicofo jitsi-videobridge2
2、设置服务器域名
在腾讯云购买域名并解析到公网IP
root@VM-8-13-ubuntu:~# hostnamectl set-hostname video.zhiying.website
root@VM-8-13-ubuntu:~# vim /etc/hosts
127.0.1.1 localhost.localdomain VM-8-13-ubuntu
127.0.0.1 localhost
1.xxx.xxx.99 video.zhiying.website
jitsi app必须要有证书,而证书只能颁发给域名,IP不行
3、检查域名
root@VM-8-13-ubuntu:~# ping "$(hostname)"
PING video.zhiying.website (1.xxx.xxx.99) 56(84) bytes of data.
64 bytes from video.zhiying.website (1.14.226.99): icmp_seq=1 ttl=63 time=0.372 ms
64 bytes from video.zhiying.website (1.14.226.99): icmp_seq=2 ttl=63 time=0.176 ms
64 bytes from video.zhiying.website (1.14.226.99): icmp_seq=3 ttl=63 time=0.186 ms
64 bytes from video.zhiying.website (1.14.226.99): icmp_seq=4 ttl=63 time=0.198 ms
4、安装jitsi
apt install jitsi-meet
在安装时,填写域名而不是IP地址
video.zhiying.website
选择证书类型时,选择“Generate a new self-signed certificate and create a
Lets-Encrypt Certificate later”在安装完成后,再手动安装SSL证书
5、修改jitsi的80、443端口
- 申请公网证书需要使用这两个端口
- 想要使用80、443端口,需要先备案
1)修改Nginx的配置/etc/nginx/sites-available/domain-name.conf
root@VM-8-13-ubuntu:~# ls /etc/nginx/sites-available/*
/etc/nginx/sites-available/default /etc/nginx/sites-available/video.zhiying.website.conf
root@VM-8-13-ubuntu:~# vim /etc/nginx/sites-available/video.zhiying.website.conf
server {
#listen 80;
#listen [::]:80;
listen 88;
listen [::]:88;
server_name video.zhiying.website;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /usr/share/jitsi-meet;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location / {
#return 301 https://$host$request_uri;
return 301 https://$host:4433/$request_uri;
}
}
server {
#listen 443 ssl;
#listen [::]:443 ssl;
listen 4433 ssl;
listen [::]:4433 ssl;
server_name video.zhiying.website;
2) 修改jitsi的配置/etc/jitsi/meet/domain-name-config.js
root@VM-8-13-ubuntu:~# vim /etc/jitsi/meet/video.zhiying.website-config.js
var config = {
// Connection
//
hosts: {
// XMPP domain.
domain: 'video.zhiying.website',
……
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
//bosh: '//video.zhiying.website/http-bind',
bosh: '//video.zhiying.website:4433/http-bind',
6、开放端口
root@video:~# ufw allow 4433/tcp
root@video:~# ufw allow 88/tcp
root@video:~# ufw status
Status: active
To Action From
-- ------ ----
10000/udp ALLOW Anywhere
3478/udp ALLOW Anywhere
5349/tcp ALLOW Anywhere
4433/tcp ALLOW Anywhere
88/tcp ALLOW Anywhere
10000/udp (v6) ALLOW Anywhere (v6)
3478/udp (v6) ALLOW Anywhere (v6)
5349/tcp (v6) ALLOW Anywhere (v6)
4433/tcp (v6) ALLOW Anywhere (v6)
88/tcp (v6) ALLOW Anywhere (v6)
- 重启jitsi的服务,重启Nginx
root@video:~# sudo systemctl restart prosody
root@video:~# sudo systemctl restart jicofo
root@video:~# sudo systemctl restart jitsi-videobridge2
root@video:~# sudo systemctl restart nginx
重启命令:
sudo systemctl restart prosody
sudo systemctl restart jitsi-videobridge2
sudo systemctl restart jicofo
sudo systemctl restart nginx
问题:重启Nginx报错
root@video:~# sudo systemctl restart nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
具体报错如下:
root@video:~# journalctl -xe
Sep 27 14:27:00 video.zhiying.website nginx[15084]: nginx: [emerg] BIO_new_file("/etc/ssl/video.zhiying.website.crt") failed
(
SSL: error:02001002:system library:fopen:
No such file or directory:fopen('/etc/ssl/video.zhiying.website.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file
)
Sep 27 14:27:00 video.zhiying.website nginx[15084]:
nginx: configuration file /etc/nginx/nginx.conf test failed
Sep 27 14:27:00 video.zhiying.website systemd[1]:
nginx.service: Control process exited, code=exited status=1
Sep 27 14:27:00 video.zhiying.website sudo[15073]:
pam_unix(sudo:session): session closed for user root
Sep 27 14:27:00 video.zhiying.website systemd[1]:
nginx.service: Failed with result 'exit-code'.
Sep 27 14:27:00 video.zhiying.website systemd[1]:
Failed to start A high performance web server and a reverse proxy server.
原因:
未生成证书,但是nginx配置又用到了该证书。注释掉以下两行:
root@video:~# vim /etc/nginx/sites-enabled/video.zhiying.website.conf
#ssl_certificate /etc/ssl/video.zhiying.website.crt;
#ssl_certificate_key /etc/ssl/video.zhiying.website.key;
7、安装证书
检查Nginx的配置文件情况
sudo nginx -T | grep -Ri 'server_name|root|virtual|listen' /etc/nginx
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
ls -l /etc/nginx/conf.d/*.conf
ls -l /etc/nginx/sites-enabled/*
1)从腾讯云申请免费的SSL证书,下载证书到本地
2)将Nginx目录下的证书复制到jitis的根目录/etc/jitsi/meet/
3)修改Nginx的SSL证书验证配置
sudo vim /etc/nginx/sites-available/video.zhiying.website.conf
…………
server {
listen 4433 ssl;
listen [::]:4433 ssl;
#SSL 访问端口号为 443
listen 443 ssl;
#填写绑定证书的域名
server_name cloud.tencent.com;
#证书文件名称
ssl_certificate /etc/jitsi/meet/1_video.zhiying.website_bundle.crt;
#私钥文件名称
ssl_certificate_key /etc/jitsi/meet/2_video.zhiying.website.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers off;
#location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#root html;
#index index.html index.htm;
#}
…………
}
4)重启Nginx
/etc/nginx$ sudo systemctl restart nginx
官方文档步骤:
8、问题
1)将443端口修改为自定义端口后,能访问jitsi首页,但是无法单对单视频通话
主要是
(1)防火墙端口设置
(2)/etc/jitsi/meet/domain-name-config.js、/etc/nginx/sites-available/video.zhiying.website.conf都需要修改
2)能单对单视频通话,但是当房间人数>2时,用户只能看到自己的视频
由于没有使用NAT,所以这个问题跟网络有关。
当网络状态不好、网络带宽不足时,就会出现这种情况
9、参考资料
1)jitsi自托管指南
2)在自定义端口上运行Jitsi
3)How to change the default port 443 to a custom port
4)Nginx 服务器 SSL 证书安装部署
5)Can’t see the videos of other participants
6)Mobile applications(jitsi app下载)
7)WebRTC之完整搭建Jitsi Meet指南
8)搭建Jitsi Meet视频会议服务器
9)WebRTC / Jitsi / 使用 jitsi 官方源安装内网演示环境过程
10)jitsi-videobridge(github源码)
11)Ubuntu18.04下更改apt源为阿里云源
12)vmware15 ubuntu18.04 虚拟机与主机网络设置