Xmpp Jitsi

Posted on  by admin
  1. Jitsi Xmpp Server
  2. Xmpp Jitsi
  3. Xmpp Jitsi App
  4. Jitsi Xmpp Port
  5. Jitsi Xmpp-websocket

The prosody xmpp server is central in the jitsi-meet system architecture. Jicofo is configured to be an administrator on the prosody xmpp server. The video bridge and other jitsi modules such as jicofo are users on the prosody xmpp server. The system can be expanded to cover various usecases. A brief introduction of Jitsi Meet; How to set up Jitsi Meet? Jitsi Meet features exploration; Conclusion; A brief introduction of Jitsi Meet. Jitsi Meet is a completely free open source, secure and scalable video collaboration software. It provides several popular features such as multiparty video conferencing with full encryption, support.

Since the more or less global lockdown caused by Covid-19 there was a lot talk about video conferencing solutions that can be used for e.g. those people that try to coordinate with coworkers while in home office. One of the solutions is Jitsi Meet, which is NOT packaged in Debian. But there are Debian packages provided by Jitsi itself.

Jitsi relies on an XMPP server. You can see the network overview in the docs. While Jitsi itself uses Prosody as XMPP and their docs only covers that one. But it’s basically irrelevant which XMPP you want to use. Only thing is that you can’t follow the official Jitsi documentation when you are not using Prosody but instead e.g. ejabberd. As always, it’s sometimes difficult to find the correct/best non-official documentation or how-to, so I try to describe what helped me in configuring Jitsi Meet with ejabberd as XMPP server and my own coturn STUN/TURN server…

  • Short video demonstrating how to download the jitsi client and create an XMPP account to use for video chat.
  • Jitsi Meet uses XMPP for signaling, thus the need for the XMPP server. The setup provided by these containers does not expose the XMPP server to the outside world. Instead, it's kept completely sealed, and routing of XMPP traffic only happens on a user-defined network.
  • Jitsi Meet uses XMPP for signaling, thus the need for the XMPP server. The setup provided by these containers does not expose the XMPP server to the outside world. Instead, it's kept completely sealed, and routing of XMPP traffic only happens on a user-defined network.

This is not a step-by-step description, but anyway… here we go with some links:

  • https://github.com/debalance/meet.debalance.de
  • https://blog.jabberhead.tk/2020/03/16/install-jitsi-meet-alongside-ejabberd/
  • https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/ (German)

One of the first issues I stumpled across was that my Java was too old, but this can be quickly solved by update-alternatives:

It was set to jre-7, but I guess this was from years ago when I ran OpenFire as XMPP server.

If something is not working with Jitsi Meet, it helps to not watch the log files only, but also to open the Debug Console in your web browser. That way I catched some XMPP Failures and saw that it tries to connect to some components where the DNS records were missing:

Of course you also need to add some config to your ejabberd.yml:

There is more config that needs to be done, but one of the XMPP Failures I spotted from debug console in Firefox was that it tried to connect to conference.domain.net while I prefer to use chat.domain.net for its brevity. If you prefer conference instead of chat, then you shouldn’t be affected by this. Just make just that your config is consistent with what Jitsi Meet wants to connect to. Maybe not all of the above lines are necessary, but this works for me.

Jitsi config is like this for me with short domains (/etc/jitsi/meet/meet.domain.net-config.js):

In the above config snippet one of the issues solved was to add the port to the bosh setting. Of course you can also take care that your bosh requests get forwarded by your webserver as reverse proxy. Using the port in the config might be a quick way to test whether or not your config is working. It’s easier to solve one issue after the other and make one config change at a time instead of needing to make changes in several places.

/etc/jitsi/jicofo/sip-communicator.properties:

/etc/jitsi/videobridge/sip-communicator.properties:

Sometimes there might be stupid errors like (in my case) wrong hostnames like “chat.meet..domain.net” (a double dot in the domain), but you can spot those easily in the debug console of your browser.

There tons of config options where you can easily make mistakes, but watching your logs and your debug console should really help you in sorting out these kind of errors. The other URLs above are helpful as well and more elaborate then my few lines here. Especially Mike Kuketz has some advanced configuration tips like disabling third party requests with “disableThirdPartyRequests: true” or limiting the number of video streams and such.

Hope this helps…

It is possible to allow only authenticated users to create new conferencerooms. Whenever a new room is about to be created, Jitsi Meet will prompt fora user name and password. After the room is created, others will be able to joinfrom anonymous domain. Here's what has to be configured:

Xmpp Jitsi

Prosody configuration

Jitsi Xmpp Server

If you have installed Jitsi Meet from the Debian package, these changes should be made in /etc/prosody/conf.avail/[your-hostname].cfg.lua

Enable authentication

Inside the VirtualHost '[your-hostname]' block, replace anonymous authentication with hashed password authentication:

Texting

Replace jitsi-meet.example.com with your hostname.

Enable anonymous login for guests

Add this block after the previous VirtualHost to enable the anonymous login method for guests:

Note that guest.jitsi-meet.example.com is internal to Jitsi, and you do not need to (and should not) create a DNS record for it, or generate an SSL/TLS certificate, or do any web server configuration. While it is internal, you should still replace jitsi-meet.example.com with your hostname.

Xmpp Jitsi

Jitsi Meet configuration

In config.js, the anonymousdomain options has to be set.

If you have installed jitsi-meet from the Debian package, these changes should be made in /etc/jitsi/meet/[your-hostname]-config.js.

Xmpp Jitsi

Jicofo configuration

When running Jicofo, specify your main domain in an additional configurationproperty. Jicofo will accept conference allocation requests only from theauthenticated domain.

If you have installed Jicofo from the Debian package, this should go directly on a new line inthe /etc/jitsi/jicofo/sip-communicator.properties:

When using token based authentication, the URL must use EXT_JWT as the scheme instead:

Create users in Prosody (internal auth)

Finally, run prosodyctl to create a user in Prosody:

and then restart prosody, jicofo and jitsi-videobridge2

Optional: Jigasi configuration

Enable Authentication

If you are using Jigasi, set it to authenticate by editing the following lines in /etc/jitsi/jigasi/sip-communicator.properties:

Xmpp Jitsi App

Note that the password is the actual plaintext password, not a base64 encoding.

Debugging

Jitsi Xmpp Port

If you experience problems with a certificate chain, you may need to uncomment the following line, also in sip-communicator.properties:

Jitsi Xmpp-websocket

This should only be used for testing/debugging purposes, or in controlled environments. If you confirm that this is the problem, you should then solve it in another way (e.g. get a signed certificate for Prosody, or add the particular certificate to Jigasi’s trust store).