Ir al contenido

Jitsi detrás de un proxy reverso

Instalar Jibri

Pre requisitos de instalación

  1. Módulo ALSA Loopback – Configurar para cargar en el arranque, cargar en el kernel en ejecución y confirmar
    echo "snd-aloop" >> /etc/modules
     modprobe snd-aloop
     lsmod | grep snd_aloop
    
  2. Google Chrome estable
    curl -sS -o - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add
     echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list
     apt-get -y update
     apt-get -y install google-chrome-stable
    
  3. Políticas gestionadas por Chrome
    mkdir -p /etc/opt/chrome/policies/managed
    echo ‘{ “CommandLineFlagSecurityWarningsEnabled”: false }’ >>/etc/opt/chrome/policies/managed/managed_policies.json
  4. Google Chromedriver
    CHROME_DRIVER_VERSION=`curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE`
     wget -N http://chromedriver.storage.googleapis.com/$CHROME_DRIVER_VERSION/chromedriver_linux64.zip -P ~/
     unzip ~/chromedriver_linux64.zip -d ~/
     rm ~/chromedriver_linux64.zip
     mv -f ~/chromedriver /usr/local/bin/chromedriver
     chown root:root /usr/local/bin/chromedriver
     chmod 0755 /usr/local/bin/chromedriver
    
  5. Paquetes miscelaneos
    apt-get install ffmpeg curl alsa-utils icewm xdotool xserver-xorg-video-dummy
  6. Instalar Jibri
  7. Si se instala en el mismo servidor que Jitsi:
    apt-get install jibri

    Si se instala en un servidor diferente:

    wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
    sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
    apt update && apt install jibri -y
    
  8. Añadir Jibri a los grupos de usuarios necesarios
    usermod -aG adm,audio,video,plugdev jibri
  9. Instalar el SDK de Java
    apt install openjdk-11-jdk
  10. Podemos predeterminar la versión instalada; o
    update-alternatives --config java
    Sólo hay una alternativa en el grupo de enlaces java (provee /usr/bin/java): /usr/lib/jvm/java-11-openjdk-amd64/bin/java
    Nada que configurar.
  11. Modificar “launch.sh”
    nano /opt/jitsi/jibri/launch.sh
  12. Reemplazar la palabra “java” con la ruta completa
    /usr/lib/jvm/java-11-openjdk-amd64/bin/java

Configuración

Configurar Prosody

  1. Abrir el cfg.lua de prosody
    nano /etc/prosody/conf.avail/dominio.edu.ar.cfg.lua
  2. Agregar lo siguiente al final del archivo
    -- internal muc component, meant to enable pools of jibri and jigasi clients
    Component "internal.auth.dominio.edu.ar" "muc"
        modules_enabled = {
            "ping";
        }
        storage = "memory"
        muc_room_cache_size = 1000
        
    VirtualHost "recorder.dominio.edu.ar"
        modules_enabled = {
            "ping";
        }
        authentication = "internal_plain"
    
  3. Crear cuentas – ‘jibri’ y ‘recorder’ (elije tus propias contraseñas, pero anótalas para más adelante)
    prosodyctl register jibri auth.dominio.edu.ar ClaveJ
    prosodyctl register recorder recorder.dominio.edu.ar ClaveR
    

Configurar Jicofo

  1. Abrir jicofo/sim-communicator-propertiesnano /etc/jitsi/jicofo/sip-communicator.properties
  2. Agregar las siguientes lineas
    org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.dominio.edu.ar
    org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
    

Configurar Jitsi Meet

  1. Abrir config.js
    nano /etc/jitsi/meet/dominio.edu.ar-config.js
  2. Definir las siguientes propiedades:Con la última versión estable estas dos opciones
    fileRecordingsEnabled: true, 
    liveStreamingEnabled: true, 
    

    Son reemplazadas por el bloque recordingService

        recordingService: {
             enabled: true,
        //     sharingEnabled: false,
        //     hideStorageWarning: false,
        },
    	hiddenDomain: 'recorder.dominio.edu.ar',
    

Configuración adicional del sistema

  1. Abrir el puerto 5222 en caso que Jibri esté instalado en un servidor separado de Jitsi
    ufw allow 5222/tcp
  2. Crear un directorio para almacenar las grabaciones y asignar la propiedad del directorio a jibri
    mkdir /srv/grabaciones
    chown jibri:jibri /srv/grabaciones
    

Configurar jibri.conf

Prestar mucha atención a esta configuración porque es la responsable de cerca del 90% de los problemas reportados sobre el funcionamiento de Jibri.

  1. Abrir el archivo jibri.confnano /etc/jitsi/jibri/jibri.conf
  2. Copiar y pegar la siguiente configuración en tu archivo jibri.conf (clic en la flecha de abajo para visualizar los detalles de la configuración), asegurándote de editar para reflejar tu nombre de dominio y las contraseñas registradas anteriormente en Prosody para los usuarios “jibri” y “recorder”
jibri.conf
jibri {
// A unique identifier for this Jibri
// TODO: eventually this will be required with no default
id = ""
// Whether or not Jibri should return to idle state after handling
// (successfully or unsuccessfully) a request. A value of ‘true’
// here means that a Jibri will NOT return back to the IDLE state
// and will need to be restarted in order to be used again.
single-use-mode = false
api {
http {
external-api-port = 2222
internal-api-port = 3333
}
xmpp {
// See example_xmpp_envs.conf for an example of what is expected here
environments = [
{
name = "prod environment"
xmpp-server-hosts = ["dominio.edu.ar"]
xmpp-domain = "dominio.edu.ar"

control-muc {
domain = "internal.auth.dominio.edu.ar"
room-name = "JibriBrewery"
nickname = "jibri-nickname"
}

control-login {
domain = "auth.dominio.edu.ar"
username = "jibri"
password = "ClaveJ"
}

call-login {
domain = "recorder.dominio.edu.ar"
username = "recorder"
password = "ClaveR"
}

strip-from-room-domain = "conference."
usage-timeout = 0
trust-all-xmpp-certs = true
}
]
}
}
recording {
recordings-directory = "/srv/grabaciones"
# TODO: make this an optional param and remove the default
finalize-script = "/ruta/para/finalizar.sh"
}
streaming {
// A list of regex patterns for allowed RTMP URLs. The RTMP URL used
// when starting a stream must match at least one of the patterns in
// this list.
rtmp-allow-list = [
// By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = "1920x1080"
// The audio source that will be used to capture audio on Linux
audio-source = "alsa"
// The audio device that will be used to capture audio on Linux
audio-device = "plug:bsnoop"
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--log-file=/var/log/jitsi/jibri/chromedriver.log",
"--ignore-certificate-errors"
]
}
stats {
enable-stats-d = true
}
webhook {
// A list of subscribers interested in receiving webhook events
subscribers = []
}
jwt-info {
// The path to a .pem file which will be used to sign JWT tokens used in webhook
// requests. If not set, no JWT will be added to webhook requests.
# signing-key-path = "/path/to/key.pem"

// The kid to use as part of the JWT
# kid = "key-id"

// The issuer of the JWT
# issuer = "issuer"

// The audience of the JWT
# audience = "audience"

// The TTL of each generated JWT. Can't be less than 10 minutes.
# ttl = 1 hour

}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds

// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes

// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds

}
}
  1. Finalmente, reiniciar todos los servicios y configurar Jibri para que se inicie en el arranque
systemctl restart jitsi-videobridge2 prosody jicofo
systemctl enable --now jibri
Etiquetas: