Here's a blog post I wrote for the puppet.com blog. Many thanks to Ben Ford and all their team!.
With everything that is currently happening around the world, many of us IT folks have had to solve complex problems in a very short amount of time. Pretty quickly at work, I was tasked with finding a way to make virtual meetings easy, private and secure.
Whereas many would have turned to a SaaS offering, we decided to use Jitsi Meet, a modern and fully on-premise FOSS videoconferencing solution. Jitsi works on all platforms by running in a browser and comes with nifty Android and iOS applications.
We've been using our instance quite a bit, and so far everyone from technical to non-technical users have been pretty happy with it.
Jitsi Meet is powered by WebRTC and can be broken into multiple parts across multiple machines if needed. In addition to the webserver running the Jitsi Meet JavaScript code, the base configuration uses the Videobridge to manage users' video feeds, Jicofo as a conference focus to manage media sessions and the Prosody XMPP server to tie it all together.
Here's a network diagram I took from their documentation to show how those applications interact:
Getting started with the Jitsi Puppet module
First of all, you'll need a valid domain name and a server with decent
bandwidth. Jitsi has published a performance evaluation of the
Videobridge to help you spec your instance appropriately. You will also need to
open TCP ports 443, 4443 and UDP port 10000 in your firewall. The
puppetlabs/firewall module could come in handy here.
Once that is done, you can use the smash/jitsimeet Puppet module on
a Debian 10 (Buster) server to spin up an instance. A basic configuration would
look like this:
class { 'jitsimeet':
fqdn => 'jitsi.example.com',
repo_key => puppet:///files/apt/jitsimeet.gpg,
manage_certs => true,
jitsi_vhost_ssl_key => '/etc/letsencrypt/live/jitsi.example.com/privkey.pem'
jitsi_vhost_ssl_cert => '/etc/letsencrypt/live/jitsi.example.com/cert.pem'
auth_vhost_ssl_key => '/etc/letsencrypt/live/auth.jitsi.example.com/privkey.pem'
auth_vhost_ssl_cert => '/etc/letsencrypt/live/auth.jitsi.example.com/cert.pem'
jvb_secret => 'mysupersecretstring',
focus_secret => 'anothersupersecretstring',
focus_user_password => 'yetanothersecret',
meet_custom_options => {
'enableWelcomePage' => true,
'disableThirdPartyRequests' => true,
};
}
The jitsimeet module is still pretty young: it clearly isn't perfect and some
external help would be very appreciated. If you have some time, here are a few
things that would be nice to work on:
- Tests using puppet-rspec
- Support for other OSes (only Debian 10 at the moment)
- Integration with the Apache and Ngnix modules
If you use this module to manage your Jitsi Meet instance, please send patches and bug reports our way!
Learn more
- Read more about Jitsi
- Get involved by cloning our repo
- Read about the SMASH project
- See some advice on getting started with automation