![[PukiWiki]](image/../localimages/Atom.gif "[PukiWiki]")
iPadからPCに画像が送れないという現象が出たので、この機会にOSのバージョンアップも兼ねてインストールした。新規インストールも問題の現象は変わらいなが、こちら対応と同じ内容でトラブルは回避できた。
インストール開始時言語は「English」を選択
$ sudo passwd root
RUB_TIMEOUT_STYLE=hidden GRUB_TIMEOUT=0 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT="" GRUB_CMDLINE_LINUX="ipv6.disable=1" ←ipv6.disable=1を追加
# update-grub Sourcing file `/etc/default/grub' Sourcing file `/etc/default/grub.d/init-select.cfg' Generating grub configuration file ... Found linux image: /boot/vmlinuz-5.4.0-65-generic Found initrd image: /boot/initrd.img-5.4.0-65-generic done
# reboot
# ip -6 a
設定ファイル
# # See timesyncd.conf(5) for details. [Time] #NTP= NTP=ntp.nict.jp ← NTPサーバ追加 #FallbackNTP=ntp.ubuntu.com #RootDistanceMaxSec=5
# systemctl restart systemd-timesyncd
# systemctl status systemd-timesyncd
● systemd-timesyncd.service - Network Time Synchronization
Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; ve>
Active: active (running) since Mon 2022-10-24 05:37:44 UTC; 9s ago
Docs: man:systemd-timesyncd.service(8)
Main PID: 14614 (systemd-timesyn)
Status: "Initial synchronization to time server 133.243.238.243:123 (ntp.n>
Tasks: 2 (limit: 6985)
Memory: 1.3M
CPU: 109ms
CGroup: /system.slice/systemd-timesyncd.service
mq14614 /lib/systemd/systemd-timesyncd
# timedatectl
Local time: Mon 2022-10-24 05:39:38 UTC
Universal time: Mon 2022-10-24 05:39:38 UTC
RTC time: Mon 2022-10-24 05:39:38
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
# timedatectl set-timezone Asia/Tokyo
# timedatectl
Local time: Mon 2022-10-24 14:41:01 JST ←ここ
Universal time: Mon 2022-10-24 05:41:01 UTC
RTC time: Mon 2022-10-24 05:41:00
Time zone: Asia/Tokyo (JST, +0900) ←ここ
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
# ufw status Status: inactive
# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y [ファイアウォールはアクティブかつシステムの起動時に有効化されます。] Firewall is active and enabled on system startup
# ufw allow in ssh Rule added # ufw allow in 80/tcp Rule added # ufw allow in 443/tcp Rule added # ufw allow in 10000:20000/udp Rule added
# ufw allow from 192.168.0.0/24 to any port ssh Rule added
# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 10000:20000/udp ALLOW Anywhere 22/tcp ALLOW 192.168.0.0/24
# cd ~okada # wget https://download.jitsi.org/jitsi-key.gpg.key --2022-10-24 14:58:11-- https://download.jitsi.org/jitsi-key.gpg.key Resolving download.jitsi.org (download.jitsi.org)... 34.209.97.49, 35.161.96.31, 2600:1f14:5eb:f801:730b:cd02:ffec:70cb, ... Connecting to download.jitsi.org (download.jitsi.org)|34.209.97.49|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 3114 (3.0K) [application/octet-stream] Saving to: ‘jitsi-key.gpg.key’ jitsi-key.gpg.key 100%[===================>] 3.04K --.-KB/s in 0s 2022-10-24 14:58:12 (759 MB/s) - ‘jitsi-key.gpg.key’ saved [3114/3114]
# ls jitsi-key.gpg.key
# apt-key add jitsi-key.gpg.key Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). OK
/etc/apt/sources.list.d/jitsi-stable.listを作成し、以下の1行を記入
deb https://download.jitsi.org stable/
# apt update # apt upgrade
以下の画面が表示されたら「OK」を選択する
Ubuntu 22.04 LTS には needrestart というパッケージが入っていて、パッケージの更新のときに「Daemons using outdated libraries」というダイアログに「Which services should be restarted?」という質問で再起動対象を選ぶ状態になることがあります。
# echo "\$nrconf{restart} = 'a';" | sudo tee /etc/needrestart/conf.d/50local.conf
#cat /etc/needrestart/conf.d/50local.conf
$nrconf{restart} = 'a';
以下でインストールは出来るが起動に失敗する。ipv6を停止したのが原因。ipv6関連をコメントアウトすることで対応する。
# apt install nginx
(略)
invoke-rc.d: initscript nginx, action "start" failed.
× nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2022-10-24 15:07:00 JST; 7ms ago
Docs: man:nginx(8)
Process: 15889 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process o n; (code=exited, status=1/FAILURE)
CPU: 15ms
Oct 24 15:07:00 vmmeeting systemd[1]: Starting A high performance web server and a reverse proxy server...
Oct 24 15:07:00 vmmeeting nginx[15889]: nginx: [emerg] socket() [::]:80 failed (97: Unknown error) ← このあたありが原因
Oct 24 15:07:00 vmmeeting nginx[15889]: nginx: configuration file /etc/nginx/nginx.conf test failed
(最終行)
dpkg: error processing package nginx (--configure):
dependency problems - leaving unconfigured
Processing triggers for ufw (0.36.1-4build1) ...
No apport report written because the error message indicates its a followup error from a previous failure.
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Errors were encountered while processing:
nginx-core
nginx
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
エラー対応
IPv6を停止したため発生したようなのでIPv6の部分をコメントアウト
server {
listen 80 default_server;
## listen [::]:80 default_server; ←コメントアウト
# SSL configuration
(略)
# systemctl start nginx
root@vmmeeting:/etc/nginx/sites-available# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-10-24 15:17:43 JST; 3s ago
Docs: man:nginx(8) ←起動確認
Process: 16050 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 16051 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 16052 (nginx)
Tasks: 9 (limit: 6985)
(略)
# apt install -y openjdk-8-jre-headless
# dpkg -l | grep openjdk ii openjdk-11-jre-headless:amd64 11.0.16+8-0ubuntu1~22.04 amd64 OpenJDK Java runtime, using Hotspot JIT (headless) ii openjdk-8-jre-headless:amd64 8u342-b07-0ubuntu1~22.04 amd64 OpenJDK Java runtime, using Hotspot JIT (headless)
# apt install -y jitsi-meet
''「Let's Encrrypt certificates」を選択
Noを選択
[ダイヤルイン サポートを会議に簡単に追加できます。
無料の JaaS (Jitsi as a Service) アカウントを作成する許可を当社に与える必要があります。
Jitsi ミーティングにテレフォニーを追加することに興味がありますか?]
server {
listen 80;
## listen [::]:80; ←ここ
server_name meet.ism21.net;
server {
listen 443 ssl;
## listen [::]:443 ssl; ←ここ
server_name meet.ism21.net;
# systemctl restart nginx
# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset:>
Active: active (running) since Tue 2022-10-25 11:42:23 JST; 29s ago
Docs: man:nginx(8)
(略)
# apt list --installed | grep jitsi WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
jitsi-meet-prosody/stable,now 1.0.6644-1 all [installed,automatic] jitsi-meet-web-config/stable,now 1.0.6644-1 all [installed,automatic] jitsi-meet-web/stable,now 1.0.6644-1 all [installed,automatic] jitsi-meet/stable,now 2.0.7882-1 all [installed] jitsi-videobridge2/stable,now 2.2-45-ge8b20f06-1 all [installed,automatic] lua-basexx/stable,now 0.4.1-jitsi1 all [installed,automatic] lua-cjson/stable,now 2.1.0.10-jitsi1 amd64 [installed,automatic]
jitsi-meetインストール完了
サーバをインターネットからport80とport443でアクセス可能にしておく。
# cd /usr/share/jitsi-meet/scripts # ./install-letsencrypt-cert.sh ------------------------------------------------------------------------- This script will: - Need a working DNS record pointing to this machine(for hostname ) - Install additional dependencies in order to request Let’s Encrypt certificate (acme.sh) - Configure and reload nginx or apache2, whichever is used - Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks - Configure renew of certificate (略) [Tue Oct 25 12:02:23 PM JST 2022] Installing key to: /etc/jitsi/meet/meet.ism21.net.key [Tue Oct 25 12:02:23 PM JST 2022] Installing full chain to: /etc/jitsi/meet/meet.ism21.net.crt [Tue Oct 25 12:02:23 PM JST 2022] Run reload cmd: systemctl force-reload nginx.service && /usr/share/jitsi-meet/scripts/coturn-le-update.sh meet.ism21.net [Tue Oct 25 12:02:23 PM JST 2022] Reload success
以下のファインガープリントとブラウザの証明書と一致する。
# openssl x509 -sha1 -fingerprint -noout -in meet.ism21.net.crt sha1 Fingerprint=B2:02:31:C5:40:A0:64:56:BB:9F:D0:8D:BE:72:9D:6C:22:45:7B:86
# openssl x509 -sha256 -fingerprint -noout -in meet.ism21.net.crt sha256 Fingerprint=0A:F6:50:3D:52:43:72:65:C2:B9:7A:9A:B4:AD:F9:98:E8:3E:68:B4:EC:5D:65:CB:94:4E:CB:47:DA:D5:5B:60
Jitsi-meetのインストールで証明書は取得しているので、自動更新、マニュアルでの更新に使用するためインストールする。(Let's Encrypt(無料のSSL証明書)の証明書を取得してインストールするツール)
# apt -y install certbot Reading package lists... Done Building dependency tree... Done Reading state information... Done (略)
# systemctl status certbot.timer
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset:>
Active: active (waiting) since Wed 2022-10-26 11:02:34 JST; 59s ago
Trigger: Wed 2022-10-26 14:52:34 JST; 3h 49min left
Triggers: ● certbot.service
Oct 26 11:02:34 vmmeeting systemd[1]: Started Run certbot twice daily
インストールした certbotパッケージは、systemdタイマーを追加することでこれを処理する。 このスクリプトは1日に2回実行され、有効期限の30日以内にある証明書を自動更新する。
# systemctl list-timers NEXT LEFT LAST PASSED UNIT ACTIVATES Wed 2022-10-26 12:11:45 JST 1h 6min left Tue 2022-10-25 14:23:46 JST 20h ago motd-news.timer motd-news.service Wed 2022-10-26 12:59:51 JST 1h 54min left Tue 2022-10-25 10:23:48 JST 24h ago fwupd-refresh.timer fwupd-refresh.service Wed 2022-10-26 14:52:34 JST 3h 47min left n/a n/a certbot.timer certbot.service ←ここ Wed 2022-10-26 14:58:26 JST 3h 52min left Tue 2022-10-25 10:23:48 JST 24h ago apt-daily.timer apt-daily.service Wed 2022-10-26 17:34:50 JST 6h left Wed 2022-10-26 10:55:54 JST 9min ago ua-timer.timer ua-timer.service Wed 2022-10-26 21:45:36 JST 10h left Tue 2022-10-25 10:23:48 JST 24h ago man-db.timer man-db.service
(略)
VirtualHost "meet.ism21.net"
-- authentication = "jitsi-anonymous" -- do not delete me ←コメントアウト
authentication = "internal_plain" ←追加
-- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token"
(略)
main_muc = "conference.meet.ism21.net"
-- muc_lobby_whitelist = { "recorder.meet.ism21.net" } -- Here we can whitelist jibri to enter lobby enabled rooms
---Add to JE2ISM ----
VirtualHost "guest.meet.ism21.net"
authentication = "anonymous"
c2s_require_encryption = false
---ここまで----------
Component "conference.meet.ism21.net" "muc"
restrict_room_creation = true
(略)
Component "metadata.meet.ism21.net" "room_metadata_component"
muc_component = "conference.meet.ism21.net"
breakout_rooms_component = "breakout.meet.ism21.net"
[最終行に追加]
-- Edit By JE2ISM
VirtualHost "guest.meet.ism21.net"
authentication = "anonymous"
c2s_require_encryption = falseroot@vmmeeting:/etc/jitsi/jicofo
hosts: {
// XMPP domain.
domain: 'meet.ism21.net',
// Add by JE2ISM
anonymousdomain: 'guest.meet.ism21.net',
// When using authentication, domain for guest users.
// anonymousdomain: 'guest.example.com',
以下のファイルが無いときは作成し、存在するときは最終行に追加する
org.jitsi.jicofo.auth.URL=XMPP:meet.ism21.net
# prosodyctl adduser okada@meet.ism21.net Enter new password: Retype new password:
# systemctl restart jicofo # systemctl restart prosody # systemctl restart jitsi-videobridge2.service
ブラウザ、スマホで確認
