JitsiMeet Ubuntu22.04LTS

更新日2022-10-27 (木) 07:28:45
作成日:2022年10月26日

iPadからPCに画像が送れないという現象が出たので、この機会にOSのバージョンアップも兼ねてインストールした。新規インストールも問題の現象は変わらいなが、こちら対応と同じ内容でトラブルは回避できた。

インストール環境

Ubuntuのインストール

インストール開始時言語は「English」を選択

ubuntu-inst1.png

ubuntu-inst2.png

ubuntu-inst3.png

ubuntu-inst4.png

ubuntu-inst5.png

ubuntu-inst6.png

ubuntu-inst7.png

ubuntu-inst8.png

ubuntu-inst9.png

ubuntu-inst10.png

ubuntu-inst11.png

Ubuntuの設定

rootのパスワード設定

$ sudo passwd root

ipv6停止

RUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="ipv6.disable=1"  ←ipv6.disable=1を追加
# update-grub
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.4.0-65-generic
Found initrd image: /boot/initrd.img-5.4.0-65-generic
done
# reboot
# ip -6 a

NTP クライアントの設定

設定ファイル

#
# See timesyncd.conf(5) for details.

[Time]
#NTP=
NTP=ntp.nict.jp  ← NTPサーバ追加
#FallbackNTP=ntp.ubuntu.com
#RootDistanceMaxSec=5
# systemctl restart systemd-timesyncd
# systemctl status systemd-timesyncd
● systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; ve>
     Active: active (running) since Mon 2022-10-24 05:37:44 UTC; 9s ago
       Docs: man:systemd-timesyncd.service(8)
   Main PID: 14614 (systemd-timesyn)
     Status: "Initial synchronization to time server 133.243.238.243:123 (ntp.n>
      Tasks: 2 (limit: 6985)
     Memory: 1.3M
        CPU: 109ms
     CGroup: /system.slice/systemd-timesyncd.service
             mq14614 /lib/systemd/systemd-timesyncd

Time ZoneをJSTに変更

# timedatectl
               Local time: Mon 2022-10-24 05:39:38 UTC
           Universal time: Mon 2022-10-24 05:39:38 UTC
                 RTC time: Mon 2022-10-24 05:39:38
                Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
#  timedatectl set-timezone Asia/Tokyo
# timedatectl
               Local time: Mon 2022-10-24 14:41:01 JST    ←ここ
           Universal time: Mon 2022-10-24 05:41:01 UTC
                 RTC time: Mon 2022-10-24 05:41:00
                Time zone: Asia/Tokyo (JST, +0900)        ←ここ
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

ファイアウォールの設定

# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
# ufw status
Status: inactive
# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
[ファイアウォールはアクティブかつシステムの起動時に有効化されます。]
Firewall is active and enabled on system startup
# ufw allow in ssh
Rule added
# ufw allow in 80/tcp
Rule added
# ufw allow in 443/tcp
Rule added
# ufw allow in 10000:20000/udp
Rule added
# ufw allow from 192.168.0.0/24 to any port ssh
Rule added
# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
10000:20000/udp            ALLOW       Anywhere
22/tcp                     ALLOW       192.168.0.0/24

jitsimeetのリポジトリを登録

# cd ~okada
# wget https://download.jitsi.org/jitsi-key.gpg.key
--2022-10-24 14:58:11--  https://download.jitsi.org/jitsi-key.gpg.key
Resolving download.jitsi.org (download.jitsi.org)... 34.209.97.49, 35.161.96.31, 2600:1f14:5eb:f801:730b:cd02:ffec:70cb, ...
Connecting to download.jitsi.org (download.jitsi.org)|34.209.97.49|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3114 (3.0K) [application/octet-stream]
Saving to: ‘jitsi-key.gpg.key’

jitsi-key.gpg.key   100%[===================>]   3.04K  --.-KB/s    in 0s

2022-10-24 14:58:12 (759 MB/s) - ‘jitsi-key.gpg.key’ saved [3114/3114]
# ls
jitsi-key.gpg.key
# apt-key add jitsi-key.gpg.key
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK

/etc/apt/sources.list.d/jitsi-stable.listを作成し、以下の1行を記入

deb https://download.jitsi.org stable/
# apt update
# apt upgrade

以下の画面が表示されたら「OK」を選択する

ubuntu-update.png

Ubuntu 22.04 LTS には needrestart というパッケージが入っていて、パッケージの更新のときに「Daemons using outdated libraries」というダイアログに「Which services should be restarted?」という質問で再起動対象を選ぶ状態になることがあります。

# echo "\$nrconf{restart} = 'a';" | sudo tee /etc/needrestart/conf.d/50local.conf
#cat /etc/needrestart/conf.d/50local.conf
$nrconf{restart} = 'a';

nginxインストール

以下でインストールは出来るが起動に失敗する。ipv6を停止したのが原因。ipv6関連をコメントアウトすることで対応する。

# apt install nginx
(略)
invoke-rc.d: initscript nginx, action "start" failed.
× nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2022-10-24 15:07:00 JST; 7ms ago
     Docs: man:nginx(8)
    Process: 15889 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process o n; (code=exited, status=1/FAILURE)
     CPU: 15ms

Oct 24 15:07:00 vmmeeting systemd[1]: Starting A high performance web server and a reverse proxy server...
Oct 24 15:07:00 vmmeeting nginx[15889]: nginx: [emerg] socket() [::]:80 failed (97: Unknown error)  ← このあたありが原因
Oct 24 15:07:00 vmmeeting nginx[15889]: nginx: configuration file /etc/nginx/nginx.conf test failed

(最終行)

dpkg: error processing package nginx (--configure):
 dependency problems - leaving unconfigured
Processing triggers for ufw (0.36.1-4build1) ...
No apport report written because the error message indicates its a followup error from a previous failure.
                          Processing triggers for man-db (2.10.2-1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Errors were encountered while processing:
 nginx-core
 nginx
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)

エラー対応

IPv6を停止したため発生したようなのでIPv6の部分をコメントアウト

server {
        listen 80 default_server;
##      listen [::]:80 default_server;  ←コメントアウト

        # SSL configuration
(略)

nginxを起動

# systemctl start nginx
root@vmmeeting:/etc/nginx/sites-available# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-10-24 15:17:43 JST; 3s ago
       Docs: man:nginx(8)  ←起動確認
    Process: 16050 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 16051 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 16052 (nginx)
      Tasks: 9 (limit: 6985)
(略)

JDKのインストール

# apt install -y openjdk-8-jre-headless

確認

# dpkg -l | grep openjdk
ii  openjdk-11-jre-headless:amd64         11.0.16+8-0ubuntu1~22.04                amd64        OpenJDK Java runtime, using Hotspot JIT (headless)
ii  openjdk-8-jre-headless:amd64          8u342-b07-0ubuntu1~22.04                amd64        OpenJDK Java runtime, using Hotspot JIT (headless)

Jitsi-Meetのインストール

# apt install -y jitsi-meet

jitsimeet-inst1.png

jitsimeet-inst2.png

''「Let's Encrrypt certificates」を選択

jitsimeet-inst3.png

jitsimeet-inst4.png

jitsimeet-inst5.png

jitsimeet-inst6.png

Noを選択

[ダイヤルイン サポートを会議に簡単に追加できます。
無料の JaaS (Jitsi as a Service) アカウントを作成する許可を当社に与える必要があります。
Jitsi ミーティングにテレフォニーを追加することに興味がありますか?]

nginxのipv6のPort80, 443をコメントアウト

server {
    listen 80;
##    listen [::]:80;  ←ここ
    server_name meet.ism21.net;

server {
    listen 443 ssl;
##    listen [::]:443 ssl;  ←ここ
    server_name meet.ism21.net;
# systemctl restart nginx
# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset:> 
     Active: active (running) since Tue 2022-10-25 11:42:23 JST; 29s ago
       Docs: man:nginx(8)
(略)

jitsimeetのインストール確認

# apt list --installed | grep jitsi

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
jitsi-meet-prosody/stable,now 1.0.6644-1 all [installed,automatic]
jitsi-meet-web-config/stable,now 1.0.6644-1 all [installed,automatic]
jitsi-meet-web/stable,now 1.0.6644-1 all [installed,automatic]
jitsi-meet/stable,now 2.0.7882-1 all [installed]
jitsi-videobridge2/stable,now 2.2-45-ge8b20f06-1 all [installed,automatic]
lua-basexx/stable,now 0.4.1-jitsi1 all [installed,automatic]
lua-cjson/stable,now 2.1.0.10-jitsi1 amd64 [installed,automatic]

jitsi-meetインストール完了

Let’s Encryptの証明書の取得

サーバをインターネットからport80とport443でアクセス可能にしておく。

# cd /usr/share/jitsi-meet/scripts
# ./install-letsencrypt-cert.sh
-------------------------------------------------------------------------
This script will:
- Need a working DNS record pointing to this machine(for hostname )
- Install additional dependencies in order to request Let’s Encrypt certificate (acme.sh)
- Configure and reload nginx or apache2, whichever is used
- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks
- Configure renew of certificate

(略)

[Tue Oct 25 12:02:23 PM JST 2022] Installing key to: /etc/jitsi/meet/meet.ism21.net.key
[Tue Oct 25 12:02:23 PM JST 2022] Installing full chain to: /etc/jitsi/meet/meet.ism21.net.crt
[Tue Oct 25 12:02:23 PM JST 2022] Run reload cmd: systemctl force-reload nginx.service && /usr/share/jitsi-meet/scripts/coturn-le-update.sh meet.ism21.net
[Tue Oct 25 12:02:23 PM JST 2022] Reload success

証明書のフィンガープリントの確認

以下のファインガープリントとブラウザの証明書と一致する。

# openssl x509 -sha1 -fingerprint -noout -in meet.ism21.net.crt
sha1 Fingerprint=B2:02:31:C5:40:A0:64:56:BB:9F:D0:8D:BE:72:9D:6C:22:45:7B:86
# openssl x509 -sha256 -fingerprint -noout -in meet.ism21.net.crt
sha256 Fingerprint=0A:F6:50:3D:52:43:72:65:C2:B9:7A:9A:B4:AD:F9:98:E8:3E:68:B4:EC:5D:65:CB:94:4E:CB:47:DA:D5:5B:60

fingerprint.png

証明書自動更新のためcertbotのインストール

Jitsi-meetのインストールで証明書は取得しているので、自動更新、マニュアルでの更新に使用するためインストールする。(Let's Encrypt(無料のSSL証明書)の証明書を取得してインストールするツール)

インストール

# apt -y install certbot
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
(略)
# systemctl status certbot.timer 
● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset:>
     Active: active (waiting) since Wed 2022-10-26 11:02:34 JST; 59s ago
    Trigger: Wed 2022-10-26 14:52:34 JST; 3h 49min left
   Triggers: ● certbot.service

Oct 26 11:02:34 vmmeeting systemd[1]: Started Run certbot twice daily

インストールした certbotパッケージは、systemdタイマーを追加することでこれを処理する。 このスクリプトは1日に2回実行され、有効期限の30日以内にある証明書を自動更新する。

次回実行時間の確認

# systemctl list-timers
NEXT                        LEFT          LAST                        PASSED    UNIT                           ACTIVATES
Wed 2022-10-26 12:11:45 JST 1h 6min left  Tue 2022-10-25 14:23:46 JST 20h ago   motd-news.timer                motd-news.service
Wed 2022-10-26 12:59:51 JST 1h 54min left Tue 2022-10-25 10:23:48 JST 24h ago   fwupd-refresh.timer            fwupd-refresh.service
Wed 2022-10-26 14:52:34 JST 3h 47min left n/a                         n/a       certbot.timer                  certbot.service   ←ここ
Wed 2022-10-26 14:58:26 JST 3h 52min left Tue 2022-10-25 10:23:48 JST 24h ago   apt-daily.timer                apt-daily.service
Wed 2022-10-26 17:34:50 JST 6h left       Wed 2022-10-26 10:55:54 JST 9min ago  ua-timer.timer                 ua-timer.service
Wed 2022-10-26 21:45:36 JST 10h left      Tue 2022-10-25 10:23:48 JST 24h ago   man-db.timer                   man-db.service

(略)

WEB会議の作成できるユーザーをID、Passwordで制限する設定

VirtualHost "meet.ism21.net"

   -- authentication = "jitsi-anonymous" -- do not delete me  ←コメントアウト
   authentication = "internal_plain"   ←追加
   -- Properties below are modified by jitsi-meet-tokens package config
   -- and authentication above is switched to "token"

(略)

    main_muc = "conference.meet.ism21.net"
    -- muc_lobby_whitelist = { "recorder.meet.ism21.net" } -- Here we can whitelist jibri to enter lobby enabled rooms

---Add to JE2ISM ----
VirtualHost "guest.meet.ism21.net"
       authentication = "anonymous"
       c2s_require_encryption = false
---ここまで----------


Component "conference.meet.ism21.net" "muc"
   restrict_room_creation = true


(略)

Component "metadata.meet.ism21.net" "room_metadata_component"
    muc_component = "conference.meet.ism21.net"
    breakout_rooms_component = "breakout.meet.ism21.net"

[最終行に追加]

-- Edit By JE2ISM
VirtualHost "guest.meet.ism21.net"
         authentication = "anonymous"
         c2s_require_encryption = falseroot@vmmeeting:/etc/jitsi/jicofo
    hosts: {
        // XMPP domain.
        domain: 'meet.ism21.net',
       // Add by JE2ISM
         anonymousdomain: 'guest.meet.ism21.net',

        // When using authentication, domain for guest users.
        // anonymousdomain: 'guest.example.com',

以下のファイルが無いときは作成し、存在するときは最終行に追加する

org.jitsi.jicofo.auth.URL=XMPP:meet.ism21.net

ユーザ登録方法

# prosodyctl adduser okada@meet.ism21.net
Enter new password:
Retype new password:

jitsiMeetサービス再起動

# systemctl restart jicofo
# systemctl restart prosody
# systemctl restart jitsi-videobridge2.service

ブラウザ、スマホで確認


トップ   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS