Louis-Philippe Véronneau - jitsihttps://veronneau.org/2020-04-09T00:00:00-04:00Using Jitsi Meet with Puppet for self-hosted video conferencing2020-04-09T00:00:00-04:002020-04-09T00:00:00-04:00Louis-Philippe Véronneautag:veronneau.org,2020-04-09:/using-jitsi-meet-with-puppet-for-self-hosted-video-conferencing.html<p><em>Here's a blog post I wrote for the <a href="https://puppet.com/blog/using-jitsi-meet-for-self-hosted-video-conferencing/">puppet.com blog</a>. Many thanks
to Ben Ford and all their team!</em>.</p>
<p>With everything that is currently happening around the world, many of us IT
folks have had to solve complex problems in a very short amount of time. Pretty
quickly at …</p><p><em>Here's a blog post I wrote for the <a href="https://puppet.com/blog/using-jitsi-meet-for-self-hosted-video-conferencing/">puppet.com blog</a>. Many thanks
to Ben Ford and all their team!</em>.</p>
<p>With everything that is currently happening around the world, many of us IT
folks have had to solve complex problems in a very short amount of time. Pretty
quickly at work, I was tasked with finding a way to make virtual meetings easy,
private and secure.</p>
<p>Whereas many would have turned to a SaaS offering, we decided to use <a href="https://jitsi.org/jitsi-meet/">Jitsi
Meet</a>, a modern and fully on-premise FOSS videoconferencing solution.
Jitsi works on all platforms by running in a browser and comes with nifty
Android and iOS applications.</p>
<p>We've been using our instance quite a bit, and so far everyone from technical
to non-technical users have been pretty happy with it.</p>
<p>Jitsi Meet is powered by WebRTC and can be broken into multiple parts across
multiple machines if needed. In addition to the webserver running the Jitsi
Meet JavaScript code, the base configuration uses the Videobridge to manage
users' video feeds, Jicofo as a conference focus to manage media sessions and
the Prosody XMPP server to tie it all together.</p>
<p>Here's a network diagram I took from their <a href="https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md#network-description">documentation</a> to show
how those applications interact:</p>
<p><img src="/media/blog/2020-04-09/jitsi-diagram.png" width="70%" style="margin-left:15%" title="A network diagram that shows how the different bits of jitsi meet work together" alt="A network diagram that shows how the different bits of jitsi meet work together"></p>
<h2>Getting started with the Jitsi Puppet module</h2>
<p>First of all, you'll need a valid domain name and a server with decent
bandwidth. Jitsi has published a <a href="https://jitsi.org/jitsi-videobridge-performance-evaluation/">performance evaluation</a> of the
Videobridge to help you spec your instance appropriately. You will also need to
open TCP ports 443, 4443 and UDP port 10000 in your firewall. The
<a href="https://forge.puppet.com/puppetlabs/firewall"><code>puppetlabs/firewall</code></a> module could come in handy here.</p>
<p>Once that is done, you can use the <a href="https://forge.puppet.com/smash/jitsimeet"><code>smash/jitsimeet</code></a> Puppet module on
a Debian 10 (Buster) server to spin up an instance. A basic configuration would
look like this:</p>
<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="k">class</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">'jitsimeet'</span><span class="p">:</span>
<span class="w"> </span><span class="na">fqdn</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="s">'jitsi.example.com'</span><span class="p">,</span>
<span class="w"> </span><span class="na">repo_key</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="na">puppet</span><span class="p">:</span><span class="o">///</span><span class="na">files</span><span class="o">/</span><span class="na">apt</span><span class="o">/</span><span class="na">jitsimeet</span><span class="err">.</span><span class="na">gpg</span><span class="p">,</span>
<span class="w"> </span><span class="na">manage_certs</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="k">true</span><span class="p">,</span>
<span class="w"> </span><span class="na">jitsi_vhost_ssl_key</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="s">'/etc/letsencrypt/live/jitsi.example.com/privkey.pem'</span>
<span class="w"> </span><span class="na">jitsi_vhost_ssl_cert</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="s">'/etc/letsencrypt/live/jitsi.example.com/cert.pem'</span>
<span class="w"> </span><span class="na">auth_vhost_ssl_key</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="s">'/etc/letsencrypt/live/auth.jitsi.example.com/privkey.pem'</span>
<span class="w"> </span><span class="na">auth_vhost_ssl_cert</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="s">'/etc/letsencrypt/live/auth.jitsi.example.com/cert.pem'</span>
<span class="w"> </span><span class="na">jvb_secret</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="s">'mysupersecretstring'</span><span class="p">,</span>
<span class="w"> </span><span class="na">focus_secret</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="s">'anothersupersecretstring'</span><span class="p">,</span>
<span class="w"> </span><span class="na">focus_user_password</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="s">'yetanothersecret'</span><span class="p">,</span>
<span class="w"> </span><span class="na">meet_custom_options</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s">'enableWelcomePage'</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="k">true</span><span class="p">,</span>
<span class="w"> </span><span class="s">'disableThirdPartyRequests'</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="k">true</span><span class="p">,</span>
<span class="w"> </span><span class="p">};</span>
<span class="w"> </span><span class="p">}</span>
</code></pre></div>
<p>The <code>jitsimeet</code> module is still pretty young: it clearly isn't perfect and some
external help would be very appreciated. If you have some time, here are a few
things that would be nice to work on:</p>
<ul>
<li>Tests using puppet-rspec</li>
<li>Support for other OSes (only Debian 10 at the moment)</li>
<li>Integration with the Apache and Ngnix modules</li>
</ul>
<p>If you use this module to manage your Jitsi Meet instance, please send patches
and bug reports our way!</p>
<h2>Learn more</h2>
<ul>
<li>Read more about <a href="https://jitsi.org">Jitsi</a></li>
<li>Get involved by <a href="https://gitlab.com/shared-puppet-modules-group/jitsimeet">cloning our repo</a></li>
<li>Read about the <a href="https://gitlab.com/shared-puppet-modules-group">SMASH project</a></li>
<li>See some <a href="https://puppet.com/blog/automating-from-zero-to-something/">advice</a> on getting started with automation</li>
</ul>