Bloody thing.
I'm running Jitsi on a
Devuan server and they
now are migrating to using websockets.
OK, first hurdle.
Websockets
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/web-sockets.md
So I am running my Jitsi behind a Apache reverse proxy (long story as to the reasons)
Here's the bit that works for me after poring over multiple configs and
testing til my eyes bled.
DocumentRoot "/usr/share/jitsi-meet"
# Either one of the following
<Directory "/usr/share/jitsi-meet">
Options Indexes MultiViews Includes FollowSymLinks
AddOutputFilter Includes html
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias "/config.js" "/etc/jitsi/meet/myjitsi.server.com-config.js"
<Location /config.js>
Require all granted
</Location>
Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js"
<Location /external_api.js>
Require all granted
</Location>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/[a-zA-Z0-9]+$
RewriteRule ^/(.*)$ / [PT]
ProxyPreserveHost Off
ProxyTimeout 900
<Location "/http-bind">
RequestHeader set Host "myjitsi.server.com"
ProxyPass http://localhost:5280/http-bind
ProxyPassReverse http://localhost:5280/http-bind
</Location>
<Location "/xmpp-websocket">
RequestHeader set Host "myjitsi.server.com"
RewriteCond ${HTTP:Upgrade} websocket [NC]
RewriteCond ${HTTP:Connection} upgrade [NC]
ProxyPass "ws://localhost:5280/xmpp-websocket"
</Location>
# https://community.jitsi.org/t/colibri-ws-websocket-not-working/88117/4
ProxyPassMatch ^/colibri-ws/default-id ws://localhost:9090
ProxyPassReverse ^/colibri-ws/default-id ws://localhost:9090
#https://community.jitsi.org/t/colibri-ws-websocket-not-working/88117/9
<Location /colibri-ws/default-id> RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] RewriteRule /colibri-ws/default-id/(.*) ws://localhost:9090/colibri-ws/default-id/$1 [P] </Location>
JWT Tokens
JWT tokens are not compulsory. They also current only seem to work via bosh,
not websockets.
I am currently using
authentication = internal_plain and using prosodyctl to set up users (I
don't allow guest access)
This can be changed to
authentication = token but needs setting up. This, like most things
Jitsi, is non trivial.
If you also want to use
openBridgeChannel:websocket with Jitsi meet as recommended, you need to
use tokens. It is a tangled web.
// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
//openBridgeChannel: true,
//openBridgeChannel: websocket,
How to JWT tokens use with Rocketchat:
https://szewong.medium.com/rocket-chat-part-3-installing-jitsi-with-jwt-for-secure-video-conferencing-b6f909e7f92c
Also some other links:
https://community.jitsi.org/t/jwt-tokens-install-guide/53359/9
https://doganbros.com/index.php/jitsi/jitsi-installation-with-jwt-support-on-ubuntu-20-04-lts/
https://github.com/christiancuri/Docs
There are issues with luarocks-cjson
apt-get install --reinstall lua-basexx lua-sec lua-socket lua-cjson libssl1.0-dev luacrypto lua5.2 luarocks
luarocks install luajwtjitsi << but this failed
luarocks build luajwtjitsi << did this again and it worked
service prosody restart && service jicofo restart && service jitsi-videobridge2 restart
Hopefully no errors in the prosody logs and you should see:
token_verification
error 'app_id' must not be empty
In
/etc/prosody/conf.avail/my-server-cfg.lua set these.
-- Properties below are
modified by jitsi-meet-tokens package config
-- and authentication above
is switched to "token"
app_id="myweirdid"
app_secret="somelongweirdsecret"
So that gets the basics running, but it needs more configuration via the links above.
I need to sort out actually using the tokens, and the openBridgeChannel but for now I am happy websockets work, and the basics of the tokens are there.
--------------
As a FYI after a LOT of messing about trying to get a consistent setup I gave up wasting my time.
The reason I didn't use nginx was I was also running a gitlab instance on the same box. That uses an internal nginx service.
In the end I put gitlab on a different port, installed nginx as a standalone system, and added the config plus the ports I wanted.
Here's the basic config I used:
https://raw.githubusercontent.com/jitsi/jitsi-meet/master/doc/debian/jitsi-meet/jitsi-meet.example
Quite frankly the Jitsi docs (and community support for stuff) are awful for the most part. A real shame as it lets the project down.