What is Jitsi?
Jitsi is a collection of Open Source projects which provide state-of-the-art video conferencing capabilities that are secure, easy to use and easy to self-host
Here we are going to create a single VM with all the containers that Jitsi needs to work of course all this can be created in a different and more scalable way, but this is just a starting point
Deploying a Jitsi server on GCP and create a dns record on cloudflare to publish the services
Installing tools
1. Gcloud cli
This terraform code uses the cli authentication so you will need to have installed the azure cli https://cloud.google.com/sdk/docs/install
2. Terraform
If you still doesn’t have Terraform installed on your computer you can follow this link https://www.terraform.io/downloads.html
Deploying Jitsi
1. Git clone
git clone https://gitlab.com/Giondo/jitsi-meet-gcp.git
2. Before running the terraform code
This code is made to work with a pre-existing GCP project
├── README.md
├── gcp
│ ├── cloudflare.tf
│ ├── externalip.tf
│ ├── firewall.tf
│ ├── instance.tf
│ ├── network.tf
│ ├── output.tf
│ ├── provider.tf
│ ├── renderenv.tf
│ ├── scripts
│ │ └── init_script-jitsi.sh
│ ├── state.tf
│ ├── template
│ │ └── env_var.tpl
│ ├── terraform.tfstate
│ ├── terraform.tfstate.backup
│ ├── vars.tf <-- Variables
│ └── versions.tf
Also on the vars.tf file you can declare the default value for the project ID and others variables such a cloudflare API key
3. Login into Google Cloud
gcloud auth application-default login
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?response_type=code&blabla
Credentials saved to file: [/Users/.config/gcloud/application_default_credentials.json]
These credentials will be used by any library that requests Application Default Credentials (ADC).
4. Running terraform code
cd jitsi-meet-gcp/gcp/
terraform init
terraform plan
terraform apply -auto-approve
data.cloudflare_zones.domain: Refreshing state...
data.cloudflare_zones.domain: Reading... [id=2020-10-03 12:45:16.616208 +0000 UTC]
data.cloudflare_zones.domain: Read complete after 0s [id=2020-10-03 12:45:18.561771 +0000 UTC]
google_compute_network.jitsi-network: Creating...
google_compute_address.static_ext_ip: Creating...
google_compute_network.jitsi-network: Still creating... [10s elapsed]
google_compute_address.static_ext_ip: Still creating... [10s elapsed]
google_compute_address.static_ext_ip: Creation complete after 12s [id=projects/playground-s-11-b9d91b31/regions/europe-west4/addresses/ipv4-address]
cloudflare_record.PUBLIC_HOST: Creating...
cloudflare_record.PUBLIC_HOST: Creation complete after 3s [id=78d831f86f1a68798cc091b6c224133a]
google_compute_network.jitsi-network: Still creating... [20s elapsed]
google_compute_network.jitsi-network: Still creating... [30s elapsed]
google_compute_network.jitsi-network: Still creating... [40s elapsed]
google_compute_network.jitsi-network: Creation complete after 44s [id=projects/playground-s-11-b9d91b31/global/networks/jitsi-network]
google_compute_firewall.default: Creating...
google_compute_instance.jitsivm: Creating...
google_compute_instance.jitsivm: Still creating... [10s elapsed]
google_compute_firewall.default: Still creating... [10s elapsed]
google_compute_firewall.default: Creation complete after 11s [id=projects/playground-s-11-b9d91b31/global/firewalls/firewall-jitsi]
google_compute_instance.jitsivm: Creation complete after 15s [id=projects/playground-s-11-b9d91b31/zones/europe-west4-c/instances/jitsi-server]
data.template_file.envvar: Reading...
data.template_file.envvar: Read complete after 0s [id=5cfd98cb73a8c23032db76ad7c980959179e573d96afbbb5c79add10718f1468]
null_resource.pretend_gcp_iam_policy: Creating...
null_resource.pretend_gcp_iam_policy: Provisioning with 'file'...
null_resource.pretend_gcp_iam_policy: Creation complete after 6s [id=9023076274452977881]
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
Outputs:
ExternalIP = 35.204.157.225
InternalIP = 10.164.0.2
PUBLIC_URL = https://meet.virtualinfra.online
vmname = jitsi-server
Checking status
1. ssh to the instance
Please be aware you need to have your private key deployed to the GCP console under Instances–>metadata
ssh 35.204.157.225
2. checking running docker
root@jitsi-server:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0a6fdcaef45 jitsi/jicofo:latest "/init" 5 seconds ago Up 3 seconds docker-jitsi-meet_jicofo_1
164248d618c6 jitsi/jvb:latest "/init" 5 seconds ago Up 3 seconds 0.0.0.0:4443->4443/tcp, 0.0.0.0:10000->10000/udp docker-jitsi-meet_jvb_1
b1524be8c735 jitsi/web:latest "/init" 9 seconds ago Up 4 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp docker-jitsi-meet_web_1
1358242b19e0 jitsi/prosody:latest "/init" 9 seconds ago Up 4 seconds 5222/tcp, 5280/tcp, 5347/tcp docker-jitsi-meet_prosody_1
3. Check let’s encrypt status
You need to identify the web container where nginx is running and check the logs
root@jitsi-server:~# docker logs -f b1524be8c735
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-set-timezone: executing...
[cont-init.d] 01-set-timezone: exited 0.
[cont-init.d] 10-config: executing...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for meet.virtualinfra.online
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/meet.virtualinfra.online/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/meet.virtualinfra.online/privkey.pem
Your cert will expire on 2021-01-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[cont-init.d] 10-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
4. Getting the external IP to connect to the application
The output of the Terraform code will display the URL to connect to
Outputs:
ExternalIP = 35.204.157.225
InternalIP = 10.164.0.2
PUBLIC_URL = https://meet.virtualinfra.online
vmname = jitsi-server
Just open a browser and you will be able to create a Jitsi Meeting just by writing a room name
And That’s it, You’ve created a working Jitsi working server
Pre-requisites
- Gcloud Utils
- Terraform
Features
if you need to enable different features for the Jitsi server please check the env_var.tpl under the template folder or just ssh the instance and check the .env file and regenerate the containers with the command
cd /root/docker-jitsi-meet
docker-compose up -d
Jitsi Working
Reference Links
https://gitlab.com/Giondo/jitsi-meet-gcp
https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker