1

Notes on setting up Jitsi Meet on a personal server. Main thing is to note what we'd need to do to get this set up on an hcoop server

<<TableOfContents: execution failed [list index out of range] (see also the log)>>

10. Setup Script

https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart

Followed the script and got a working install.

Working config out of the box, if we accept having to run this on a dedicated server.

11. Puppet Module Notes

https://gitlab.com/shared-puppet-modules-group/jitsimeet

The puppet modules has a few rough edges that we should fix and contribute upstream.

11.1. Check for Staleness

11.2. Not sure if it's just me or not

11.3. Defects

12. Testing

Using https://meet.unknownlamer.org on my personal DigitalOcean account. With a 2CPU/2G RAM setup, a 4 person conference used around 4Mbps and 10% CPU.

12.1. Things to look out for

13. Security

https://jitsi.github.io/handbook/docs/devops-guide/secure-domain

Need to adapt to kerberos, will have to use SASL: https://prosody.im/doc/cyrus_sasl (we have saslauthd in place for exim, so should be straightforward)

There are some additional steps to auth against sasl:

lua-cyrussasl must be installed from buster-backports on Debian 10.

/etc/prosody/conf.avail/meet-test.hcoop.net.cfg.lua :

...
VirtualHost "meet-test.hcoop.net"
    -- enabled = false -- Remove this line to enable this host
    authentication = "cyrus"
    cyrus_application_name = "xmpp"
    --allow_unencrypted_plain_auth = true -- is this safe ? / it worked fine without it
...
    modules_enabled = {
        "auth_cyrus";
...
    }
...

/etc/sasl/xmpp.conf:

pwcheck_method: saslauthd
mech_list: PLAIN

14. Open Questions

15. FSF setup

https://vcs.fsf.org/?p=jitsi-ansible.git review

15.1. Useful snippets

- name: custom css
  lineinfile:
    path: /usr/share/jitsi-meet/css/all.css
    line: ".header-text-description, .unsupported-desktop-browser__description {display:none!important}"

- name: fellow hacker
  replace:
    path: /usr/share/jitsi-meet/interface_config.js
    regexp: "Fellow Jitster"
    replace: "Fellow Hacker"

- name: link
  replace:
    path: /usr/share/jitsi-meet/interface_config.js
    regexp: "https://jitsi.org"
    replace: "https://{{ inventory_hostname }}/"


- name: hide logo
  replace:
    path: /usr/share/jitsi-meet/interface_config.js
    regexp: "SHOW_WATERMARK_FOR_GUESTS: true,"
    replace: "SHOW_WATERMARK_FOR_GUESTS: false,"

- name: hide logo
  replace:
    path: /usr/share/jitsi-meet/interface_config.js
    regexp: "SHOW_JITSI_WATERMARK: true,"
    replace: "SHOW_JITSI_WATERMARK: false,"


- name: copy watermark logo
  copy:
    src: files/LPlogo.png
    dest: /usr/share/jitsi-meet/images/watermark.png
    owner: root
    group: root
    mode: 0444
  when: j.stat.exists

15.2. Custom index

https://vcs.fsf.org/?p=jitsi-ansible.git;a=blob;f=files/index.html;h=ab0a76f3973b53069ec884b7dcea67931c585a5f;hb=HEAD

We'll want to customize the css at least to match our usual color schema and insert the hcoop logo, and something like the blurb about the coop we include on git.hcoop.net

Also, do we want to add librejs info? Not sure what the licensing on the youtube stuff is...

16. Config changes

16.1. Performance

Recommends disabling currently speaking dot to lower client and server cpu use (fsf does this, I left it on in my testing instance): the detection apparently uses quite a bit of CPU.

Further suggested tweaks to reduce client cpu use:

disableAudioLevels: true

DISABLE_JOIN_LEAVE_NOTIFICATIONS: true,
DISABLE_VIDEO_BACKGROUND: true,
DISABLE_FOCUS_INDICATOR: true,
DISABLE_DOMINANT_SPEAKER_INDICATOR: true,
DISABLE_VIDEO_BACKGROUND: true,

16.2. /etc/jitsi/meet/meet.hcoop.net-config.js

Update: yes, enableLayerSuspension: true is essential, it's not clear why it is not enabled by default at all.

16.3. /usr/share/jitsi-meet/interface_config.js

16.4. /usr/share/jitsi-meet/logging_config.js

Make sure we don't log more than the bare minimum.

16.5. /etc/jitsi/videobridge/config

16.6. /etc/jitsi/jicofo/config

17. Add-Ons / Etc

18. Possible Alternatives