101 lines
No EOL
2.8 KiB
Markdown
101 lines
No EOL
2.8 KiB
Markdown
# Service visio.libre-service.eu
|
|
Le service visio.libre-service.eu est un service de vidéo-conférence basé sur le logiciel libre Jitsi : https://jitsi.org/
|
|
|
|
# Intallation
|
|
|
|
## Prérequis
|
|
|
|
Installer les paquets pré-requis :
|
|
```
|
|
apt-get install gnupg2 apt-transport-https openjdk-11-jre-headless
|
|
|
|
```
|
|
|
|
## Choix du serveur HTTP
|
|
Jitsi est prévu pour fonctionner avec Nginx ou Apache. Choix de Apache lors de l'installation du système Debian.
|
|
|
|
## Certificat web
|
|
Dans sa procédure d'installation, Jitsi laisse le choix soit de générer soi-même le certificat, soit de le faire automatiquement. Choix de gérer nous-même.
|
|
Installer les pré-requis :
|
|
```
|
|
apt-get install dehydrated dehydrated-apache2
|
|
systemctl reload apache2.service
|
|
/usr/bin/dehydrated --register --accept-terms
|
|
```
|
|
Ajouter `visio.libre-service.eu` dans `/etc/dehydrated/domains.txt`.
|
|
|
|
Lancer la génération :
|
|
```
|
|
/usr/bin/dehydrated -c
|
|
```
|
|
|
|
Activer le module SSL d'Apache :
|
|
```
|
|
a2enmod ssl
|
|
```
|
|
|
|
Activer un `virtualhost` pour le ssl, puis relancer Apache :
|
|
```
|
|
systemctl reload apache2.service
|
|
```
|
|
|
|
## Firewall
|
|
|
|
Ouverture de ports spécifiques :
|
|
```
|
|
iptables -A OUTPUT -o $WAN -p udp --dport 10000 -j ACCEPT
|
|
iptables -A OUTPUT -o $WAN -p udp --dport 3478 -j ACCEPT
|
|
iptables -A OUTPUT -o $WAN -p tcp --dport 5349 -j ACCEPT
|
|
```
|
|
|
|
## Hostname
|
|
Généraliser le FQDN :
|
|
```
|
|
hostnamectl set-hostname visio.libre-service.eu
|
|
```
|
|
|
|
Modifier le fichier `/etc/hosts` :
|
|
```
|
|
- 127.0.1.1 visio.libre-service.eu visio
|
|
+ 127.0.1.1 visio
|
|
+ 145.239.49.4 visio.libre-service.eu
|
|
```
|
|
|
|
Tester :
|
|
```
|
|
ping "$(hostname)"
|
|
PING visio.libre-service.eu (145.239.49.4) 56(84) bytes of data.
|
|
64 bytes from visio.libre-service.eu (145.239.49.4): icmp_seq=1 ttl=64 time=0.034 ms
|
|
```
|
|
|
|
## Paquets
|
|
Déclarer le dépôt Jitsi :
|
|
```
|
|
curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
|
|
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
|
|
```
|
|
|
|
Mettre à jour la liste des paquets :
|
|
```
|
|
apt update
|
|
```
|
|
|
|
Installer les paquets Jitsi :
|
|
```
|
|
apt install jitsi-meet
|
|
```
|
|
|
|
Répondre aux questions :
|
|
```
|
|
Configuration de jitsi-videobridge2
|
|
The value for the hostname that is set in Jitsi Videobridge installation.
|
|
The hostname of the current installation: visio.libre-service.eu
|
|
|
|
SSL certificate for the Jitsi Meet instance
|
|
Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)
|
|
I want to use my own certificate <-- select this one
|
|
|
|
Full local server path to the SSL key file: /var/lib/dehydrated/certs/visio.libre-service.eu/privkey.pem
|
|
|
|
Full local server path to the SSL certificate file: /var/lib/dehydrated/certs/visio.libre-service.eu/fullchain.pem
|
|
``` |