jitsi-deployment/README.md

# Jitsi Meet on Docker

[Jitsi] is a set of Open Source projects that allows you to easily build and deploy secure
videoconferencing solutions.

[Jitsi Meet] is a fully encrypted, 100% Open Source videoconferencing solution that you can use
all day, every day, for free — with no account needed.

This repository contains the necessary tools to run a Jitsi Meet stack on [Docker] using
[Docker Compose].

**NOTE: This setup is experimental.**

## Table of contents

* [Quick start](#quick-start)
* [Architecture](#architecture)
  - [Images](#images)
  - [Design considerations](#design-considerations)
* [Configurations](#configuration)
  - [Advanced configuration](#advanced-configuration)
  - [Running on a LAN environment](#running-on-a-lan-environment)
* [Limitations](#limitations)

<hr />

## Quick start

In order to quickly run Jitsi Meet on a machine running Docker and Docker Compose,
follow these steps:

* Create a ``.env`` file by copying and adjusting ``env.example``.
* Run ``docker-compose up -d``.
* Access the web UI at ``https://localhost:8443`` (or ``http://localhost:8000`` for HTTP, or
  a different port, in case you edited the compose file).

If you want to use jigasi too, first configure your env file with SIP credentials
and then run Docker Compose as follows: ``docker-compose -f docker-compose.yml -f jigasi.yml up -d``

## Architecture

A Jitsi Meet installation can be broken down into the following components:

* A web interface
* An XMPP server
* A conference focus component
* A video router (could be more than one)
* A SIP gateway for audio calls

![](resources/docker-jitsi-meet.png)

The diagram shows a typical deployment in a host running Docker, with a separate container
(not included in this project) which acts as a reverse proxy and SSL terminator, then
passing the traffic to the web container serving Jitsi Meet.

This project separates each of the components above into interlinked containers. To this end,
several container images are provided.

### Images

* **base**: Debian stable base image with the [S6 Overlay] for process control and the
  [Jitsi repositories] enabled. All other images are based off this one.
* **base-java**: Same as the above, plus Java (OpenJDK).
* **web**: Jitsi Meet web UI, served with nginx.
* **prosody**: [Prosody], the XMPP server.
* **jicofo**: [Jicofo], the XMPP focus component.
* **jvb**: [Jitsi Videobridge], the video router.
* **jigasi**: [Jigasi], the SIP (audio only) gateway.

### Design considerations

Jitsi Meet uses XMPP for signalling, thus the need for the XMPP server. The setup provided
by these containers does not expose the XMPP server to the outside world. Instead, it's kept
completely sealed, and routing of XMPP traffic only happens on a user defined network.

The XMPP server can be exposed to the outside world, but that's out of the scope of this
project.

## Configuration

The configuration is performed via environment variables contained in a ``.env`` file. You
can copy the provided ``env.example`` file as a reference.

Variable | Description | Example
--- | --- | ---
`CONFIG` | Directory where all configuration will be stored | /opt/jitsi-meet-cfg
`TZ` | System Time Zone | Europe/Amsterdam
`HTTP_PORT` | Exposed port for HTTP traffic | 8000
`HTTPS_PORT` | Exposed port for HTTPS traffic | 8443
`DOCKER_HOST_ADDRESS` | IP addrss of the Docker host, needed for LAN environments | 192.168.1.1

If you want to enable the SIP gateway, these options are required:

Variable | Description | Example
--- | --- | ---
`JIGASI_SIP_URI` | SIP URI for incoming / outgoing calls | test@sip2sip.info
`JIGASI_SIP_PASSWORD` | Password for the specified SIP account | passw0rd
`JIGASI_SIP_SERVER` | SIP server (use the SIP account domain if in doubt) | sip2sip.info

### Advanced configuration

These configuration options are already set and generally don't need to be changed.

Variable | Description | Default value
--- | --- | ---
`XMPP_DOMAIN` | Internal XMPP domain | meet.jitsi
`XMPP_AUTH_DOMAIN` | Internal XMPP domain for authenticated services | auth.meet.jitsi
`XMPP_MUC_DOMAIN` | XMPP domain for the MUC | muc.meet.jitsi
`XMPP_INTERNAL_MUC_DOMAIN` | XMPP domain for the internal MUC | internal-muc.meet.jitsi
`JICOFO_COMPONENT_SECRET` | XMPP component password for Jicofo | s3cr37
`JICOFO_AUTH_USER` | XMPP user for Jicofo client connections | focus
`JICOFO_AUTH_PASSWORD` | XMPP password for Jicofo client connections | passw0rd
`JVB_AUTH_USER` | XMPP user for JVB MUC client connections | jvb
`JVB_AUTH_PASSWORD` | XMPP password for JVB MUC client connections | passw0rd
`JVB_STUN_SERVERS` | STUN servers used to discover the server's public IP | stun.l.google.com:19302, stun1.l.google.com:19302, stun2.l.google.com:19302
`JVB_PORT` | Port for media used by Jitsi Videobridge | 10000
`JVB_BREWERY_MUC` | MUC name for the JVB pool | jvbbrewery
`JIGASI_XMPP_USER` | XMPP user for Jigasi MUC client connections | jigasi
`JIGASI_XMPP_PASSWORD` | XMPP password for Jigasi MUC client connections | passw0rd
`JIGASI_BREWERY_MUC` | MUC name for the Jigasi pool | jigasibrewery
`JIGASI_PORT_MIN` | Minimum port for media used by Jigasi | 20000
`JIGASI_PORT_MAX` | Maximum port for media used by Jigasi | 20050

### Running on a LAN environment

If running in a LAN environment (as well as on the public Internet, via NAT) is a requirement,
the ``DOCKER_HOST_ADDRESS`` should be set. This way, the Videobridge will advertise the IP address
of the host running Docker instead of the internal IP address that Docker assigned it, thus making [ICE]
succeed.

The public IP address is discovered via [STUN]. STUN servers can be specified with the ``JVB_STUN_SERVERS``
option.

## TODO

* Support multiple Jitsi Videobridge containers.
* Support container replicas (where applicable).
* Docker Swarm mode.
* Native Let's Encrypt support.
* More services:
  * Jibri.
  * TURN server.

[Jitsi]: https://jitsi.org/
[Jitsi Meet]: https://jitsi.org/jitsi-meet/
[Docker]: https://www.docker.com
[Docker Compose]: https://docs.docker.com/compose/
[Swarm mode]: https://docs.docker.com/engine/swarm/
[S6 Overlay]: https://github.com/just-containers/s6-overlay
[Jitsi repositories]: https://jitsi.org/downloads/
[Prosody]: https://prosody.im/
[Jicofo]: https://github.com/jitsi/jicofo
[Jitsi Videobridge]: https://github.com/jitsi/jitsi-videobridge
[Jigasi]: https://github.com/jitsi/jigasi
[ICE]: https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment
[STUN]: https://en.wikipedia.org/wiki/STUN
doc: add initial README and sample environment files 2018-03-16 10:02:52 +01:00			`# Jitsi Meet on Docker`

			`[Jitsi] is a set of Open Source projects that allows you to easily build and deploy secure`
			`videoconferencing solutions.`

			`[Jitsi Meet] is a fully encrypted, 100% Open Source videoconferencing solution that you can use`
			`all day, every day, for free — with no account needed.`

			`This repository contains the necessary tools to run a Jitsi Meet stack on [Docker] using`
			`[Docker Compose].`

doc: update README 2018-03-16 16:56:58 +01:00			`NOTE: This setup is experimental.`
doc: add initial README and sample environment files 2018-03-16 10:02:52 +01:00
doc: updated README 2018-06-25 08:13:45 +02:00			`## Table of contents`

			`* [Quick start](#quick-start)`
			`* [Architecture](#architecture)`
			`- [Images](#images)`
			`- [Design considerations](#design-considerations)`
			`* [Configurations](#configuration)`
			`- [Advanced configuration](#advanced-configuration)`
			`- [Running on a LAN environment](#running-on-a-lan-environment)`
			`* [Limitations](#limitations)`

			`<hr />`

doc: add initial README and sample environment files 2018-03-16 10:02:52 +01:00			`## Quick start`

			`In order to quickly run Jitsi Meet on a machine running Docker and Docker Compose,`
			`follow these steps:`

			* Create a ``.env`` file by copying and adjusting ``env.example``.
			* Run ``docker-compose up -d``.
doc: fix formatting issue in README 2018-10-17 23:08:33 +02:00			* Access the web UI at ``https://localhost:8443`` (or ``http://localhost:8000`` for HTTP, or
doc: update documentation and sample env file 2018-04-28 17:24:50 +02:00			`a different port, in case you edited the compose file).`
doc: add initial README and sample environment files 2018-03-16 10:02:52 +01:00
jigasi: add jigasi support for SIP audio calls 2018-10-17 11:11:27 +02:00			`If you want to use jigasi too, first configure your env file with SIP credentials`
			and then run Docker Compose as follows: ``docker-compose -f docker-compose.yml -f jigasi.yml up -d``

doc: update README 2018-03-16 16:56:58 +01:00			`## Architecture`

			`A Jitsi Meet installation can be broken down into the following components:`

			`* A web interface`
			`* An XMPP server`
			`* A conference focus component`
			`* A video router (could be more than one)`
jigasi: add jigasi support for SIP audio calls 2018-10-17 11:11:27 +02:00			`* A SIP gateway for audio calls`
doc: update README 2018-03-16 16:56:58 +01:00
doc: add diagram 2018-03-26 21:28:54 +02:00			`![](resources/docker-jitsi-meet.png)`

			`The diagram shows a typical deployment in a host running Docker, with a separate container`
			`(not included in this project) which acts as a reverse proxy and SSL terminator, then`
			`passing the traffic to the web container serving Jitsi Meet.`

doc: update README 2018-03-16 16:56:58 +01:00			`This project separates each of the components above into interlinked containers. To this end,`
			`several container images are provided.`

			`### Images`

			`* base: Debian stable base image with the [S6 Overlay] for process control and the`
			`[Jitsi repositories] enabled. All other images are based off this one.`
			`* base-java: Same as the above, plus Java (OpenJDK).`
			`* web: Jitsi Meet web UI, served with nginx.`
			`* prosody: [Prosody], the XMPP server.`
			`* jicofo: [Jicofo], the XMPP focus component.`
			`* jvb: [Jitsi Videobridge], the video router.`
jigasi: add jigasi support for SIP audio calls 2018-10-17 11:11:27 +02:00			`* jigasi: [Jigasi], the SIP (audio only) gateway.`
doc: update README 2018-03-16 16:56:58 +01:00
			`### Design considerations`

			`Jitsi Meet uses XMPP for signalling, thus the need for the XMPP server. The setup provided`
			`by these containers does not expose the XMPP server to the outside world. Instead, it's kept`
			`completely sealed, and routing of XMPP traffic only happens on a user defined network.`

			`The XMPP server can be exposed to the outside world, but that's out of the scope of this`
			`project.`

			`## Configuration`

doc: update documentation and sample env file 2018-04-28 17:24:50 +02:00			The configuration is performed via environment variables contained in a ``.env`` file. You
doc: updated README 2018-06-25 08:13:45 +02:00			can copy the provided ``env.example`` file as a reference.

			`Variable \| Description \| Example`
			`--- \| --- \| ---`
			`CONFIG` \| Directory where all configuration will be stored \| /opt/jitsi-meet-cfg
			`TZ` \| System Time Zone \| Europe/Amsterdam
core: make HTTP, HTTPS and JVB ports configurable 2018-09-19 22:12:57 +02:00			`HTTP_PORT` \| Exposed port for HTTP traffic \| 8000
			`HTTPS_PORT` \| Exposed port for HTTPS traffic \| 8443
doc: updated README 2018-06-25 08:13:45 +02:00			`DOCKER_HOST_ADDRESS` \| IP addrss of the Docker host, needed for LAN environments \| 192.168.1.1

jigasi: add jigasi support for SIP audio calls 2018-10-17 11:11:27 +02:00			`If you want to enable the SIP gateway, these options are required:`

			`Variable \| Description \| Example`
			`--- \| --- \| ---`
			`JIGASI_SIP_URI` \| SIP URI for incoming / outgoing calls \| test@sip2sip.info
			`JIGASI_SIP_PASSWORD` \| Password for the specified SIP account \| passw0rd
			`JIGASI_SIP_SERVER` \| SIP server (use the SIP account domain if in doubt) \| sip2sip.info

doc: updated README 2018-06-25 08:13:45 +02:00			`### Advanced configuration`

			`These configuration options are already set and generally don't need to be changed.`

			`Variable \| Description \| Default value`
			`--- \| --- \| ---`
			`XMPP_DOMAIN` \| Internal XMPP domain \| meet.jitsi
			`XMPP_AUTH_DOMAIN` \| Internal XMPP domain for authenticated services \| auth.meet.jitsi
			`XMPP_MUC_DOMAIN` \| XMPP domain for the MUC \| muc.meet.jitsi
jvb: use MUC connections for the JVB 2018-10-16 21:15:46 +02:00			`XMPP_INTERNAL_MUC_DOMAIN` \| XMPP domain for the internal MUC \| internal-muc.meet.jitsi
doc: update example env file and documentation 2018-10-17 12:04:12 +02:00			`JICOFO_COMPONENT_SECRET` \| XMPP component password for Jicofo \| s3cr37
doc: updated README 2018-06-25 08:13:45 +02:00			`JICOFO_AUTH_USER` \| XMPP user for Jicofo client connections \| focus
doc: update example env file and documentation 2018-10-17 12:04:12 +02:00			`JICOFO_AUTH_PASSWORD` \| XMPP password for Jicofo client connections \| passw0rd
jvb: use MUC connections for the JVB 2018-10-16 21:15:46 +02:00			`JVB_AUTH_USER` \| XMPP user for JVB MUC client connections \| jvb
doc: update example env file and documentation 2018-10-17 12:04:12 +02:00			`JVB_AUTH_PASSWORD` \| XMPP password for JVB MUC client connections \| passw0rd
			`JVB_STUN_SERVERS` \| STUN servers used to discover the server's public IP \| stun.l.google.com:19302, stun1.l.google.com:19302, stun2.l.google.com:19302
core: make HTTP, HTTPS and JVB ports configurable 2018-09-19 22:12:57 +02:00			`JVB_PORT` \| Port for media used by Jitsi Videobridge \| 10000
jvb: use MUC connections for the JVB 2018-10-16 21:15:46 +02:00			`JVB_BREWERY_MUC` \| MUC name for the JVB pool \| jvbbrewery
jigasi: add jigasi support for SIP audio calls 2018-10-17 11:11:27 +02:00			`JIGASI_XMPP_USER` \| XMPP user for Jigasi MUC client connections \| jigasi
			`JIGASI_XMPP_PASSWORD` \| XMPP password for Jigasi MUC client connections \| passw0rd
			`JIGASI_BREWERY_MUC` \| MUC name for the Jigasi pool \| jigasibrewery
			`JIGASI_PORT_MIN` \| Minimum port for media used by Jigasi \| 20000
			`JIGASI_PORT_MAX` \| Maximum port for media used by Jigasi \| 20050
doc: update README 2018-03-16 16:56:58 +01:00
doc: describe how to run on a LAN environment 2018-03-26 21:45:08 +02:00			`### Running on a LAN environment`

doc: update documentation and sample env file 2018-04-28 17:24:50 +02:00			`If running in a LAN environment (as well as on the public Internet, via NAT) is a requirement,`
doc: describe how to run on a LAN environment 2018-03-26 21:45:08 +02:00			the ``DOCKER_HOST_ADDRESS`` should be set. This way, the Videobridge will advertise the IP address
			`of the host running Docker instead of the internal IP address that Docker assigned it, thus making [ICE]`
			`succeed.`

			The public IP address is discovered via [STUN]. STUN servers can be specified with the ``JVB_STUN_SERVERS``
			`option.`

doc: update README 2018-07-17 10:50:48 +02:00			`## TODO`
doc: update README 2018-03-16 16:56:58 +01:00
doc: updated README 2018-08-09 23:09:21 +02:00			`* Support multiple Jitsi Videobridge containers.`
doc: update README 2018-07-17 10:50:48 +02:00			`* Support container replicas (where applicable).`
			`* Docker Swarm mode.`
			`* Native Let's Encrypt support.`
jigasi: add jigasi support for SIP audio calls 2018-10-17 11:11:27 +02:00			`* More services:`
			`* Jibri.`
			`* TURN server.`
doc: update README 2018-03-16 16:56:58 +01:00
doc: add initial README and sample environment files 2018-03-16 10:02:52 +01:00			`[Jitsi]: https://jitsi.org/`
			`[Jitsi Meet]: https://jitsi.org/jitsi-meet/`
			`[Docker]: https://www.docker.com`
			`[Docker Compose]: https://docs.docker.com/compose/`
			`[Swarm mode]: https://docs.docker.com/engine/swarm/`
doc: update README 2018-03-16 16:56:58 +01:00			`[S6 Overlay]: https://github.com/just-containers/s6-overlay`
			`[Jitsi repositories]: https://jitsi.org/downloads/`
			`[Prosody]: https://prosody.im/`
			`[Jicofo]: https://github.com/jitsi/jicofo`
			`[Jitsi Videobridge]: https://github.com/jitsi/jitsi-videobridge`
jigasi: add jigasi support for SIP audio calls 2018-10-17 11:11:27 +02:00			`[Jigasi]: https://github.com/jitsi/jigasi`
doc: describe how to run on a LAN environment 2018-03-26 21:45:08 +02:00			`[ICE]: https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment`
			`[STUN]: https://en.wikipedia.org/wiki/STUN`