Jitsi

This automated deployment is based on the guide at https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker.

Deploying Jitsi

Prerequisites

You will need to create a DNS record for a new subdomain on your domain. These steps will be uniquie to your domain registrar, but it should be simple to create an A record with the desired subdomain pointed to your server's IP address.

In this example the we'll choose meet as the subdomain, so the URL for the server will be meet.example.org

Single sign-on (SSO)

CHANGE

If you would like to use single sign-on (SSO), you will need to have an IdP solution in place. Otherwise, your users will log in with username and password. Instructions for setting up Postiz with Authentik are provided below.

CHANGE

1. Edit Inventory file

The host group for Jitsi is [jitsi]. Place the following information under that group.

The standard vaules:

The server's IP address.
server_tag= - This could be "jitsi"
ansible_user= - The non-root user
ansible_become_pass="{{ nb_become_pass }}" - or change variable to the appropriate value in the Vault.
ansible_ssh_private_key_file="~/.ssh/id_ed25519_<server_tag>_<nonroot_user>" - The SSH key used to authenticate onto the server.

Extra values:

None.

Example:

[proxy]
203.0.113.73 server_tag=jitsi ansible_user=serveradmin ansible_become_pass="{{ jitsi_become_pass }}" ansible_ssh_private_key_file="~/.ssh/id_ed25519_jitsi_serveradmin"

2. Edit Ansible Vault variables

Edit the Ansible Vault file:

ansible-vault edit group_vars/all/vaulted_vars.yml

Include the following settings:

# Jitsi
# If you have a unique credentials for this server.
jitsi_become_pass: <sudo password for non-root user>

3. Edit .env file

The environmental variables for the Jitsi deployment must be edited before running the playbook. It is located at lt-server-setup/roles/app_jitsi/templates/.env. Open the file in a text editor and make these edits. Refer to the Jitsi documentation for more explanations of the variable. Here are some key variable to touch on to get started quickly.

Basic configuration options

Change time zone. For example:

# System time zone
TZ=America/Chicago

Edit the Public URL and add the server's public IP address in the part below.

# Public URL for the web service (required)
# Keep in mind that if you use a non-standard HTTPS port, it has to appear in the public URL
PUBLIC_URL=https://meet.example.com:${HTTPS_PORT}

# Media IP addresses to advertise by the JVB
# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
JVB_ADVERTISE_IPS=203.0.113.76

4. Add random passwords to .env file

The .env file contains the passwords that the various Docker containers use for inter-container communications. Running the gen-passwords.sh script from the app_jitsi/templates directory will automatically generate and add strong passwords to the .env file. This also helps prevent intruders from impersonating a service account.

sudo chmod +x gen-passwords.sh
./gen-passwords.sh

5. Run Ansible playbook command

ansible-playbook lt_server_deploy.yml --ask-vault-pass --tags jitsi

Post-deployment setup

6. Connect to Jitsi

Jitsi doesn't have a management interface; you log right into the UI by go to the domain you set for the server.

Updating the containers

ansible-playbook lt_server_deploy.yml --ask-vault-pass --tags jitsi-update -vv