matrix-docker-ansible-deploy/docs/configuring-playbook-jitsi.md

# Jitsi

The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md).

Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services.

The setup done by the playbook is very similar to [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet).


## Prerequisites

Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md).

You may also need to open the following ports to your server:

- `10000/udp` - RTP media over UDP
- `4443/tcp` - RTP media fallback over TCP


## Installation

Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:

```yaml
matrix_jitsi_enabled: true
```

## Securing your Jitsi instance with strong passwords

Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance.
Execute the following commands in your terminal from the root of this repo:
```bash
cd inventory/scripts
bash generate-jitsi-passwords.sh
```

The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration.

## (Optional) configure internal Jitsi authentication and guests mode

By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration.

If you're fine with such an open Jitsi instance, please skip to [Apply changes](#apply-changes).

If you would like to control who is allowed to open meetings on your new Jitsi instance, then please follow this step to enable Jitsi's `internal` authentication and guests mode. With this optional configuration, all meeting rooms have to be opened by at least one registered user, after that guests are free to join. If a registered host is not present yet, guests are put on hold into a waiting room.

Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:

```yaml
matrix_jitsi_enable_auth: true
matrix_jitsi_enable_guests: true
```

## Apply changes

Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`

## Required if configuring Jitsi with its internal authentication: register new users

Until this gets integrated into the playbook, we need to register new users / meeting hosts for Jitsi manually.
Please SSH into your matrix host machine and execute the following command targeting the `matrix-jitsi-prosody` container:

```bash
docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> matrix-jitsi-web <PASSWORD>
```

Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host.

**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).


## Usage

You can use the self-hosted Jitsi server through Riot, through an Integration Manager like [Dimension](docs/configuring-playbook-dimension.md) or directly at `https://jitsi.DOMAIN`.

To use it via riot-web (the one configured by the playbook at `https://riot.DOMAIN`), just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.


## Troubleshooting

### Rebuilding your Jitsi installation

**If you ever run into any trouble** or **if you change configuration (`matrix_jitsi_*` variables) too much**, we urge you to rebuild your Jitsi setup.

We normally don't require such manual intervention for other services, but Jitsi services generate a lot of configuration files on their own.

These files are not all managed by Ansible (at least not yet), so you may sometimes need to delete them all and start fresh.

To rebuild your Jitsi configuration:

- SSH into the server and do this:
  - stop all Jitsi services (`systemctl stop matrix-jitsi-*`).
  - remove all Jitsi configuration & data (`rm -rf /matrix/jitsi`)
- ask Ansible to set up Jitsi anew and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`)
Add Jitsi support 2020-03-23 15:19:15 +00:00			`# Jitsi`

			`The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md).`

			`Jitsi installation is not enabled by default, because it's not a core component of Matrix services.`

			`The setup done by the playbook is very similar to [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet).`


			`## Prerequisites`

			Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md).

			`You may also need to open the following ports to your server:`

Flip around Jitsi port format to match other ports This matches the way the ports are written in prerequisites.md and is the format that UFW likes. 2020-03-28 04:33:38 +00:00			- `10000/udp` - RTP media over UDP
			- `4443/tcp` - RTP media fallback over TCP
Add Jitsi support 2020-03-23 15:19:15 +00:00

			`## Installation`

			Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:

			```yaml
			`matrix_jitsi_enabled: true`
			```

update Jitsi, add generate-jitsi-passwords script 2020-04-07 23:59:30 +00:00			`## Securing your Jitsi instance with strong passwords`

			`Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance.`
			`Execute the following commands in your terminal from the root of this repo:`
			```bash
			`cd inventory/scripts`
			`bash generate-jitsi-passwords.sh`
			```

			The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration.

add optional Jitsi internal auth+guests docs improve readability 2020-04-05 01:30:14 +00:00			`## (Optional) configure internal Jitsi authentication and guests mode`

			`By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration.`
Reorganize paragraphs a bit 2020-04-05 07:03:51 +00:00
			`If you're fine with such an open Jitsi instance, please skip to [Apply changes](#apply-changes).`

add optional Jitsi internal auth+guests docs improve readability 2020-04-05 01:30:14 +00:00			If you would like to control who is allowed to open meetings on your new Jitsi instance, then please follow this step to enable Jitsi's `internal` authentication and guests mode. With this optional configuration, all meeting rooms have to be opened by at least one registered user, after that guests are free to join. If a registered host is not present yet, guests are put on hold into a waiting room.

			Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:

			```yaml
			`matrix_jitsi_enable_auth: true`
			`matrix_jitsi_enable_guests: true`
			```

			`## Apply changes`

Add Jitsi support 2020-03-23 15:19:15 +00:00			Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`

add optional Jitsi internal auth+guests docs improve readability 2020-04-05 01:30:14 +00:00			`## Required if configuring Jitsi with its internal authentication: register new users`

			`Until this gets integrated into the playbook, we need to register new users / meeting hosts for Jitsi manually.`
			Please SSH into your matrix host machine and execute the following command targeting the `matrix-jitsi-prosody` container:

			```bash
			`docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> matrix-jitsi-web <PASSWORD>`
			```

Add information about rebuilding Jitsi Prosody configuration 2020-04-05 07:01:55 +00:00			Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host.

Undefine Jitsi secrets and require their (re-)definition 2020-04-08 06:37:54 +00:00			`If you get an error like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).`
add optional Jitsi internal auth+guests docs improve readability 2020-04-05 01:30:14 +00:00
Add Jitsi support 2020-03-23 15:19:15 +00:00
Update documentation and changelog 2020-03-24 13:30:14 +00:00			`## Usage`

			You can use the self-hosted Jitsi server through Riot, through an Integration Manager like [Dimension](docs/configuring-playbook-dimension.md) or directly at `https://jitsi.DOMAIN`.

Upgrade riot-web 2020-03-30 13:54:18 +00:00			To use it via riot-web (the one configured by the playbook at `https://riot.DOMAIN`), just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
Undefine Jitsi secrets and require their (re-)definition 2020-04-08 06:37:54 +00:00

			`## Troubleshooting`

			`### Rebuilding your Jitsi installation`

			If you ever run into any trouble or *if you change configuration (`matrix_jitsi_` variables) too much**, we urge you to rebuild your Jitsi setup.

Fix typo 2020-04-08 06:39:38 +00:00			`We normally don't require such manual intervention for other services, but Jitsi services generate a lot of configuration files on their own.`
Undefine Jitsi secrets and require their (re-)definition 2020-04-08 06:37:54 +00:00
			`These files are not all managed by Ansible (at least not yet), so you may sometimes need to delete them all and start fresh.`

			`To rebuild your Jitsi configuration:`

			`- SSH into the server and do this:`
			- stop all Jitsi services (`systemctl stop matrix-jitsi-*`).
			- remove all Jitsi configuration & data (`rm -rf /matrix/jitsi`)
			- ask Ansible to set up Jitsi anew and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`)