Autant que possible, il faut toujours séparer les services qui peuvent l'être.

Il s'agit d'une contextualisation de l'installation rapide du guide officiel.

Bien évidemment dans le fichier de zone, il faut les entrées correspondantes pour le serveur pour y accéder en IPv4 et IPv6.

Quelques paquets à installer avant jitsi: nginx, apt-transport-https

root@vps2:~# apt update
root@vps2:~# apt install nginx gnupg2 apt-transport-https

Le logiciel recommande des entrées statiques dans le fichier /etc/hosts également. Le notre est donc

root@vps2:~# cat /etc/hosts
127.0.0.1       localhost vps2 meet.cmnog.cm
 
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback vps2 meet.cmnog.cm
ff02::1 ip6-allnodes
ff02::2 ip6-allrouter

Ajouter le dépôt de jitsi

root@vps2:~# echo 'deb https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list
wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -

Installation de jitsi-meet

root@vps2:~# apt update
root@vps2:~# apt install jitsi-meet

Pendant l'installation, il vous sera demandé de donner le nom de l'instance jitsi. Dans notre cas: meet.cmnog.cm

Cette procédure permet d'avoir une instance jitsi ouverte à tout public. C'est à dire que n'importe qui peut créer un nouveau salon. Dans notre usage, nous souhaitons restreindre l'ouverture d'un salon à des comptes auorisés. Cela se fait à ajoutant un domaine sécurisé.

Le reste de la documentation tient compte du fait qu'il s'agit d'un domaine sécurisé au sens de jitsi.

Sauter l'installtion de letsencrypt

Installation des certificats

root@vps2:~# apt install certbot
root@vps2:~# systemctl stop nginx
root@vps2:~# certbot certonly --standalone -d meet.cmnog.cm

Les clés seront utilisées dans la déclaration du virtualhost dans nginx.

Jitsi aura besoin de certains comptes xmpp pour son fonctionnement. Les scripts d'installation créeront les comptes utilisés pour son fonctionnement interne. Il faudra rajouter au moins 2 types de comptes:

• Pour ceux qui pourront ouvrir/gérer des salons
• Pour Jibri, qui aura besoin de deux comptes

Pour créer un compte il faut proceder ainsi

root@vps2:~# prosodyctl adduser JID

où JID correspond au compte à créer. Ex: me@meet.cmnog.cm

La configuration fait appel à la modification de certains logiciels.

• /etc/nginx/sites-available/meet.cmnog.cm.conf

server_names_hash_bucket_size 64;
 
server {
    listen 80;
    listen [::]:80;
    server_name meet.cmnog.cm;
 
    location ^~ /.well-known/acme-challenge/ {
       default_type "text/plain";
       root         /usr/share/jitsi-meet;
    }
    location = /.well-known/acme-challenge/ {
       return 404;
    }
    location / {
       return 301 https://$host$request_uri;
    }
}
server {
    listen 4444 ssl http2;
    listen [::]:4444 ssl http2;
    server_name meet.cmnog.cm;
 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
 
    add_header Strict-Transport-Security "max-age=31536000";
 
    ssl_certificate /etc/letsencrypt/live/meet.cmnog.cm/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/meet.cmnog.cm/privkey.pem;
 
    root /usr/share/jitsi-meet;
 
    # ssi on with javascript for multidomain variables in config.js
    ssi on;
    ssi_types application/x-javascript application/javascript;
 
    index index.html index.htm;
    error_page 404 /static/404.html;
 
    location = /config.js {
        alias /etc/jitsi/meet/meet.cmnog.cm-config.js;
    }
 
    location = /external_api.js {
        alias /usr/share/jitsi-meet/libs/external_api.min.js;
    }
 
    #ensure all static content can always be found first
    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
    {
        add_header 'Access-Control-Allow-Origin' '*';
        alias /usr/share/jitsi-meet/$1/$2;
    }
 
    # BOSH
    location = /http-bind {
        proxy_pass      http://localhost:5280/http-bind;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }
 
    # xmpp websockets
    location = /xmpp-websocket {
        proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        tcp_nodelay on;
    }
 
    location ~ ^/([^/?&:'"]+)$ {
        try_files $uri @root_path;
    }
 
    location @root_path {
        rewrite ^/(.*)$ / break;
    }
 
    location ~ ^/([^/?&:'"]+)/config.js$
    {
       set $subdomain "$1.";
       set $subdir "$1/";
 
       alias /etc/jitsi/meet/meet.cmnog.cm-config.js;
    }
 
    #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
    location ~ ^/([^/?&:'"]+)/(.*)$ {
        set $subdomain "$1.";
        set $subdir "$1/";
        rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
    }
 
    # BOSH for subdomains
    location ~ ^/([^/?&:'"]+)/http-bind {
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";
 
        rewrite ^/(.*)$ /http-bind;
    }
 
    # websockets for subdomains
    location ~ ^/([^/?&:'"]+)/xmpp-websocket {
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";
 
        rewrite ^/(.*)$ /xmpp-websocket;
    }
}

• /etc/nginx/modules-enables/60-jitsi-meet.conf

# this is jitsi-meet nginx module configuration
# this forward all http traffic to the nginx virtual host port
# and the rest to the turn server
 
stream {
    upstream web {
        server 127.0.0.1:4444;
    }
    upstream turn {
        server 127.0.0.1:4445;
    }
    # since 1.13.10
    map $ssl_preread_alpn_protocols $upstream {
        ~\bh2\b         web;
        ~\bhttp/1\.     web;
        default         turn;
    }
 
    server {
        listen 443;
        listen [::]:443;
 
        # since 1.11.5
        ssl_preread on;
        proxy_pass $upstream;
 
        # Increase buffer to serve video
        proxy_buffer_size 10m;
    }
}

• /etc/turnserver.conf

root@vps2:~# cat turnserver.conf
# jitsi-meet coturn config. Do not modify this line
lt-cred-mech
use-auth-secret
keep-address-family
static-auth-secret=IwannaBewithYouuuuuuuu
realm=meet.cmnog.cm
cert=/etc/jitsi/meet/meet.cmnog.cm.crt
pkey=/etc/jitsi/meet/meet.cmnog.cm.key
 
no-tcp
listening-port=443
tls-listening-port=4445
external-ip=meet.cmnog.cm
 
syslog

• /etc/prosody/conf.d/meet.cmnog.cm.cfg.lua

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
 
-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "meet.cmnog.cm";
 
turncredentials_secret = "IwannaBewithYouuuuuuuu";
 
turncredentials = {
  { type = "stun", host = "meet.cmnog.cm", port = "443" },
  { type = "turn", host = "meet.cmnog.cm", port = "443", transport = "udp" },
  { type = "turns", host = "meet.cmnog.cm", port = "443", transport = "tcp" }
};
 
cross_domain_bosh = false;
consider_bosh_secure = true;
 
VirtualHost "meet.cmnog.cm"
        -- enabled = false -- Remove this line to enable this host
        authentication = "internal_plain"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        --app_id="example_app_id"
        --app_secret="example_app_secret"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/meet.cmnog.cm.key";
                certificate = "/etc/prosody/certs/meet.cmnog.cm.crt";
        }
        speakerstats_component = "speakerstats.meet.cmnog.cm"
        conference_duration_component = "conferenceduration.meet.cmnog.cm"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "turncredentials";
            "conference_duration";
        }
        c2s_require_encryption = false
 
VirtualHost "guest.meet.cmnog.cm"
        authentication = "anonymous"
        c2s_require_encryption = false
 
VirtualHost "recorder.meet.cmnog.cm"
        modules_enabled = {
            "ping";
    }
        authentication = "internal_plain"
 
Component "conference.meet.cmnog.cm" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "muc_mam";
        -- "token_verification";
    }
    admins = { "focus@auth.meet.cmnog.cm" }
    muc_room_locking = false
    muc_room_default_public_jids = true
 
 
-- internal muc component
Component "internal.auth.meet.cmnog.cm" "muc"
    storage = "memory"
    muc_room_cache_size = 1000
    modules_enabled = {
      "ping";
    }
    admins = { "focus@auth.meet.cmnog.cm", "jvb@auth.meet.cmnog.cm" }
 
VirtualHost "auth.meet.cmnog.cm"
    ssl = {
        key = "/etc/prosody/certs/auth.meet.cmnog.cm.key";
        certificate = "/etc/prosody/certs/auth.meet.cmnog.cm.crt";
    }
    authentication = "internal_plain"
 
Component "focus.meet.cmnog.cm"
    component_secret = "bumbleBe33"
 
Component "speakerstats.meet.cmnog.cm" "speakerstats_component"
    muc_component = "conference.meet.cmnog.cm"
 
Component "conferenceduration.meet.cmnog.cm" "conference_duration_component"
    muc_component = "conference.meet.cmnog.cm"

• /etc/jitsi/meet/meet.cmnog.cm-config.js

/* eslint-disable no-unused-vars, no-var */
 
var config = {
    // Connection
    //
 
    hosts: {
        // XMPP domain.
        domain: 'meet.cmnog.cm',
 
        // When using authentication, domain for guest users.
        anonymousdomain: 'guest.meet.cmnog.cm',
 
        // Domain for authenticated users. Defaults to <domain>.
        // authdomain: 'meet.cmnog.cm',
 
        // Jirecon recording component domain.
        // jirecon: 'jirecon.meet.cmnog.cm',
 
        // Call control component (Jigasi).
        // call_control: 'callcontrol.meet.cmnog.cm',
 
        // Focus component domain. Defaults to focus.<domain>.
        // focus: 'focus.meet.cmnog.cm',
 
        // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
        muc: 'conference.<!--# echo var="subdomain" default="" -->meet.cmnog.cm'
    },
 
    // BOSH URL. FIXME: use XEP-0156 to discover it.
    bosh: '//meet.cmnog.cm/http-bind',
 
    // Websocket URL
    // websocket: 'wss://meet.cmnog.cm/xmpp-websocket',
 
    // The name of client node advertised in XEP-0115 'c' stanza
    clientNode: 'http://jitsi.org/jitsimeet',
 
    // The real JID of focus participant - can be overridden here
    // focusUserJid: 'focus@auth.meet.cmnog.cm',
 
 
    // Testing / experimental features.
    //
 
    testing: {
        // Enables experimental simulcast support on Firefox.
        enableFirefoxSimulcast: false,
 
        // P2P test mode disables automatic switching to P2P when there are 2
        // participants in the conference.
        p2pTestMode: false
 
        // Enables the test specific features consumed by jitsi-meet-torture
        // testMode: false
 
        // Disables the auto-play behavior of *all* newly created video element.
        // This is useful when the client runs on a host with limited resources.
        // noAutoPlayVideo: false
    },
 
    // Disables ICE/UDP by filtering out local and remote UDP candidates in
    // signalling.
    // webrtcIceUdpDisable: false,
 
    // Disables ICE/TCP by filtering out local and remote TCP candidates in
    // signalling.
    // webrtcIceUdpDisable: false,
 
    // Disables ICE/TCP by filtering out local and remote TCP candidates in
    // signalling.
    // webrtcIceTcpDisable: false,
 
 
    // Media
    //
 
    // Audio
 
    // Disable measuring of audio levels.
    // disableAudioLevels: false,
    // audioLevelsInterval: 200,
 
    // Enabling this will run the lib-jitsi-meet no audio detection module which
    // will notify the user if the current selected microphone has no audio
    // input and will suggest another valid device if one is present.
    enableNoAudioDetection: true,
 
    // Enabling this will run the lib-jitsi-meet noise detection module which will
    // notify the user if there is noise, other than voice, coming from the current
    // selected microphone. The purpose it to let the user know that the input could
    // be potentially unpleasant for other meeting participants.
    enableNoisyMicDetection: true,
 
    // Start the conference in audio only mode (no video is being received nor
    // sent).
    // startAudioOnly: false,
 
    // Every participant after the Nth will start audio muted.
    // startAudioMuted: 10,
 
    // Start calls with audio muted. Unlike the option above, this one is only
    // applied locally. FIXME: having these 2 options is confusing.
    // startWithAudioMuted: false,
 
    // Enabling it (with #params) will disable local audio output of remote
    // participants and to enable it back a reload is needed.
    // startSilent: false
 
    // Video
 
 
    // Desktop sharing
 
    // The ID of the jidesha extension for Chrome.
    desktopSharingChromeExtId: null,
 
    // Whether desktop sharing should be disabled on Chrome.
    // desktopSharingChromeDisabled: false,
 
    // The media sources to use when using screen sharing with the Chrome
    // extension.
    desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
 
    // Required version of Chrome extension
    desktopSharingChromeMinExtVersion: '0.1',
 
    // Whether desktop sharing should be disabled on Firefox.
    // desktopSharingFirefoxDisabled: false,
 
    // Try to start calls with screen-sharing instead of camera video.
    // startScreenSharing: false,
 
    // Recording
 
    // Whether to enable file recording or not.
     fileRecordingsEnabled: true,
     hiddenDomain:'recorder.meet.cmnog.cm',
    // Enable the dropbox integration.
    // dropbox: {
    //     appKey: '<APP_KEY>' // Specify your app key here.
    //     // A URL to redirect the user to, after authenticating
    //     // by default uses:
    //     // 'https://meet.cmnog.cm/static/oauth.html'
    //     redirectURI:
    //          'https://meet.cmnog.cm/subfolder/static/oauth.html'
    // },
    // When integrations like dropbox are enabled only that will be shown,
        // by enabling fileRecordingsServiceEnabled, we show both the integrations
    // and the generic recording service (its configuration and storage type
    // depends on jibri configuration)
    // fileRecordingsServiceEnabled: false,
    // Whether to show the possibility to share file recording with other people
    // (e.g. meeting participants), based on the actual implementation
    // on the backend.
    // fileRecordingsServiceSharingEnabled: false,
 
    // Whether to enable live streaming or not.
     liveStreamingEnabled: true,
 
    // Transcription (in interface_config,
    // subtitles and buttons can be configured)
    // transcribingEnabled: false,
 
    // Enables automatic turning on captions when recording is started
    // autoCaptionOnRecord: false,
 
    // Misc
 
    // Default value for the channel "last N" attribute. -1 for unlimited.
    channelLastN: -1,
 
 
    // Defines the minimum number of participants to start a call (the default
    // is set in Jicofo and set to 2).
    // minParticipants: 2,
 
    // Use XEP-0215 to fetch STUN and TURN servers.
    useStunTurn: true,
 
    // Enable IPv6 support.
    // useIPv6: true,
 
    // Enables / disables a data communication channel with the Videobridge.
    // Values can be 'datachannel', 'websocket', true (treat it as
    // 'datachannel'), undefined (treat it as 'datachannel') and false (don't
    // open any channel).
    // openBridgeChannel: true,
 
 
    // UI
    //
 
    // Use display name as XMPP nickname.
    // useNicks: false,
 
    // Require users to always specify a display name.
    // requireDisplayName: true,
 
    // Whether to use a welcome page or not. In case it's false a random room
    // will be joined when no room is specified.
    enableWelcomePage: true,
 
    // Enabling the close page will ignore the welcome page redirection when
    // a call is hangup.
    // enableClosePage: false,
 
    // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
    // disable1On1Mode: false,
 
    // Default language for the user interface.
    // defaultLanguage: 'en',
 
    // If true all users without a token will be considered guests and all users
    // with token will be considered non-guests. Only guests will be allowed to
    // edit their profile.
    enableUserRolesBasedOnToken: false,
 
    // Whether or not some features are checked based on token.
    // enableFeaturesBasedOnToken: false,
 
    // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
    // lockRoomGuestEnabled: false,
 
    // When enabled the password used for locking a room is restricted to up to the number of digits specified
    // roomPasswordNumberOfDigits: 10,
    // default: roomPasswordNumberOfDigits: false,
 
    // Message to show the users. Example: 'The service will be down for
    // maintenance at 01:00 AM GMT,
    // noticeMessage: '',
 
    // Enables calendar integration, depends on googleApiApplicationClientID
    // and microsoftApiApplicationClientID
    // enableCalendarIntegration: false,
 
    // Stats
    //
 
    // Whether to enable stats collection or not in the TraceablePeerConnection.
    // This can be useful for debugging purposes (post-processing/analysis of
    // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
    // estimation tests.
    // gatherStats: false,
 
    // The interval at which PeerConnection.getStats() is called. Defaults to 10000
    // pcStatsInterval: 10000,
 
    // To enable sending statistics to callstats.io you must provide the
    // Application ID and Secret.
    // callStatsID: '',
    // callStatsSecret: '',
 
    // enables sending participants display name to callstats
    // enableDisplayNameInStats: false,
 
    // enables sending participants email if available to callstats and other analytics
    // enableEmailInStats: false,
 
    // Privacy
    //
 
    // If third party requests are disabled, no other server will be contacted.
    // This means avatars will be locally generated and callstats integration
    // will not function.
    // disableThirdPartyRequests: false,
 
 
    // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
    //
 
    p2p: {
        // Enables peer to peer mode. When enabled the system will try to
        // establish a direct connection when there are exactly 2 participants
        // in the room. If that succeeds the conference will stop sending data
        // through the JVB and use the peer to peer connection instead. When a
        // 3rd participant joins the conference will be moved back to the JVB
        // connection.
        enabled: true,
 
        // Use XEP-0215 to fetch STUN and TURN servers.
        useStunTurn: true,
 
        // The STUN servers that will be used in the peer to peer connections
        stunServers: [
 
            // { urls: 'stun:meet.cmnog.cm:443' },
            { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
        ],
 
        // Sets the ICE transport policy for the p2p connection. At the time
        // of this writing the list of possible values are 'all' and 'relay',
        // but that is subject to change in the future. The enum is defined in
        // the WebRTC standard:
        // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
        // If not set, the effective value is 'all'.
        // iceTransportPolicy: 'all',
 
        // If set to true, it will prefer to use H.264 for P2P calls (if H.264
        // is supported).
        preferH264: true
 
        // If set to true, disable H.264 video codec by stripping it out of the
        // SDP.
        // disableH264: false,
 
        // How long we're going to wait, before going back to P2P after the 3rd
        // participant has left the conference (to filter out page reload).
        // backToP2PDelay: 5
    },
 
    analytics: {
        // The Google Analytics Tracking ID:
        // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
 
        // The Amplitude APP Key:
        // amplitudeAPPKey: '<APP_KEY>'
 
        // Array of script URLs to load as lib-jitsi-meet "analytics handlers".
        // scriptURLs: [
        //      "libs/analytics-ga.min.js", // google-analytics
        //      "https://example.com/my-custom-analytics.js"
        // ],
    },
    // Allow all above example options to include a trailing comma and
    // prevent fear when commenting out the last value.
 
    makeJsonParserHappy: 'even if last key had a trailing comma'
 
    // no configuration value should follow this line.
};
 
/* eslint-enable no-unused-vars, no-var */

• /etc/jitsi/videobridge/sip-communicator.properties

root@vps2:~# cat /etc/jitsi/videobridge/sip-communicator.properties 
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.meet.cmnog.cm
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=oulalaaa
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.meet.cmnog.cm
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=29faf056-24c6-490b-95bc-94509ce532c9

Cette instance accueille principalement le nécessaire pour enregistrer les réunions et streamer (sur Youtube). Le composant de jitsi impliqué ici est: jibri.

L'installation s'est faite sur Ubuntu 20.04 qui vient avec une version récente de ffmpeg qui est un ensemble d'outils pour transcodage et streaming de fichiers multimédia.

• Installer le paquet linux-image-extra-virtual afin de pouvoir utiliser le module ALSA.
• ajouter snd-aloop dans /etc/modules
• Si vous voulez charger directement en mémoire vive : modprobe snd-aloop
• Installer ffmpeg
• Installer le navigateur web Chrome et chromedriver

root@stream2:~# curl -sS -o - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add
root@stream2:~# echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list
root@stream2:~# apt update
root@stream2:~# apt install google-chrome-stable

• Ajouter le fichier de gestion de stratégie de chrome

root@stream2:~# mkdir -p /etc/opt/chrome/policies/managed
root@stream2:~# echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' >>/etc/opt/chrome/policies/managed/managed_policies.json

• Installation de chromedriver

root@stream2:~# CHROME_DRIVER_VERSION=`curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE`
root@stream2:~# wget -N http://chromedriver.storage.googleapis.com/$CHROME_DRIVER_VERSION/chromedriver_linux64.zip -P ~/
root@stream2:~# unzip ~/chromedriver_linux64.zip -d ~/
root@stream2:~# rm ~/chromedriver_linux64.zip
root@stream2:~# mv -f ~/chromedriver /usr/local/bin/chromedriver
root@stream2:~# chown root:root /usr/local/bin/chromedriver
root@stream2:~# chmod 0755 /usr/local/bin/chromedrive

root@stream2:~# apt install default-jre-headless curl alsa-utils icewm xdotool xserver-xorg-input-void xserver-xorg-video-dummy

root@stream2:~# wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
root@stream2:~# sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
root@stream2:~# apt update
root@stream2:~# apt install jibri

Ajouter jibri dans certains groupes :

root@stream2:~# for group in adm plugdev; do adduser jibri $group; done

A l'installation; jibri faisait déjà partie des groupes audio et video

Le principal fichier à considérer sur cette instance est /etc/jitsi/jibri/config.json.

{
 
    // Emplacement des enregistrements
    "recording_directory":"/srv/jibri/recordings",
    // The path to the script which will be run on completed recordings
    "finalize_recording_script_path": "",
    "xmpp_environments": [
        {
            // A friendly name for this environment which can be used
            //  for logging, stats, etc.
            "name": "prod environment",
            // The hosts of the XMPP servers to connect to as part of
            //  this environment
            "xmpp_server_hosts": [
                "meet.cmnog.cm"
            ],
            // The xmpp domain we'll connect to on the XMPP server
            "xmpp_domain": "meet.cmnog.cm",
            // Jibri will login to the xmpp server as a privileged user 
            "control_login": {
                // The domain to use for logging in
                "domain": "auth.meet.cmnog.cm",
                // The credentials for logging in
                "username": "jibri",
                "password": "auclairedelalunemonammi"
            },
            // Using the control_login information above, Jibri will join 
            //  a control muc as a means of announcing its availability 
            //  to provide services for a given environment
            "control_muc": {
                "domain": "internal.auth.meet.cmnog.cm",
                "room_name": "JibriBrewery",
                "nickname": "jibri"
            },
            // All participants in a call join a muc so they can exchange
            //  information.  Jibri can be instructed to join a special muc
            //  with credentials to give it special abilities (e.g. not being
            //  displayed to other users like a normal participant)
            "call_login": {
                "domain": "recorder.meet.cmnog.cm",
                "username": "recorder",
                "password": "pretemoitapluMeOui"
            },
 
            "room_jid_domain_string_to_strip_from_start": "conference.",
            "usage_timeout": "0"
        }
    ]
}

Sur l'instance hébergeant jitsi-meet; les sections les plus importantes sont

• prosody
  • le Component “internal.meet.cmnog.cm” “muc”
  • le virtualhost recorder.meet.cmnog.cm
  • la creation de deux comptes xmpp
    • jibri@auth.meet.cmnog.cm
    • recorder@meet.cmnog.cm

• jicofo
  • le fichier /etc/jitsi/jicofo/sip-communicator.properties avec ces deux informations

org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.meet.cmnog.cm
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90

• Dans /etc/jitsi/meet/yourdomain-config.js activez
  • fileRecordingsEnabled: true
  • liveStreamingEnabled: true
  • hiddenDomain: 'recorder.meet.cmnog.cm'