After a friend of mine told me he wanted to deploy Jitsi on my main webserver, and me saying “sure”, I decided I wanted to get it up and running on a new server both so I knew how to do it, and to avoid the latency issues of videoconferencing from central North America to Germany and back.
Before I go into how I got it working, let me say that the official Quick Start guide is good – but it doesn’t cover anything but itself.
Here’s the basic setup:
What To Do:
Once you have your new CentOS instance up and running (I used Vultr), here’s everything you need to install:
yum -y install epel-release && yum -y upgrade && yum -y install httpd docker docker-compose screen bind-utils certbot git haveged net-tools mod_ssl
I also installed a few other things, but that’s because I’m multi-purposing this server for Squid, and other things, too.
Enable Apache, firewalld, & Docker:
systemctl enable httpd && systemctl enable docker && systemctl enable firewalld
Now get your swap space setup:
fallocate -l 4G /swapfile && chmod 0600 /swapfile && mkswap /swapfil && swapon /swapfile
Add the following line to the bottom of your /etc/fstab:
/swapfile swap swap default 0 0
Restart your VPS:
shutdown -r now
Get your cert from Let’s Encrypt (make sure you’ve already setup appropriate CAA & A records for your domain and any subdomains you want to use):
certbot -t -n --agree-tos --keep --expand --standalone certonly --must-staple --rsa-key-size 4096 --preferred-challenges dns-01,http-01 -m <user>@<domain.tld> -d <jitsi.yourdomain.tld>
Create a root crontab entry to run certbot frequently (I do @weekly ~/renew-le.sh)
Go to the home directory of whatever user you plan to run Jitsi as:
su - <jitsi-user>
Begin the Quick Start directions:
git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meetmv env.example .env- Change the timezone in
.envfromEurope/Amsterdamif you want it to show up in a sane timezone (likeEtc/UTC) mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb}docker-compose up -d
Now configure Apache for SSL. Start with this reference I posted.
But in the [sub]domain-specific conf file z-[sub]domain-tld.conf, add proxy and authentication lines (so that only people you allow to use your video conference can actually use it):
ProxyPreserveHost on
ProxyPass / http://localhost:8000/ nocanon
ProxyPassReverse / http://localhost:8000/
ProxyRequests off
ServerAdmin warren@warrenmyers.com
AllowEncodedSlashes NoDecode
<Proxy http://localhost:8000/*>
Order deny,allow
Allow from all
Authtype Basic
Authname "Password Required"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</Proxy>
RewriteEngine on
RewriteRule ^/meetwith/(.*)$ http://%{HTTP_HOST}/$1 [P]
ProxyPassReverseCookiePath /meetwith /
Reload your configs, and make sure they’re happy, fixing any errors that may exist:
apachectl graceful
Setup at least one user who’ll be able to access the site:
htpasswd -B -c /etc/httpd/.htpasswd <user>
You should also configure firewalld to allow only what you want (http, https, ssh):
firewall-cmd --zone=public --add-service=http && firewall-cmd --zone=public --add-service=https && firewall-cmd --zone=public --add-service=ssh
With any luck, when you now navigate to https://[sub.]domain.tld in your web browser, and enter your username and password you created with htpasswd, you’ll get the Jitsi welcome page!
Other Resources:
- Check out the Jitsi subreddit – r/jitsi
- Jitsi on Twitter: @jitsinews
from antipaucity https://antipaucity.com/2020/03/20/basic-dockerized-jitsi-deployment-with-an-apache-reverse-proxy-on-centos/
via IFTTT