ビデオ会議システム Jitsi Meet on Docker (+ Podman Pods)

Linux Server
2

最新安定版の導入

省略していたSIPゲートウェイJigasiコンテナを追加(音声のみ対応)し、最新安定版として再構築。

docker-compose-jitsi
docker-compose-jitsi752×517 75.8 KB

最新安定版10078-1

Jitsi Docker導入ガイド

最新版のダウンロード

$ wget $(curl -s https://api.github.com/repos/jitsi/docker-jitsi-meet/releases/latest | grep 'zip' | cut -d\" -f4)

展開

$ unzip stable-10078-1

環境変数ファイルの作成

$ cp env.example .env

各コンテナ起動時に必要なセキュリティパスワードを.envに設定するスクリプトを実行

$ ./gen-passwords.sh

各コンテナの設定ファイルディレクトリを、展開したディレクトリ内に作成

$ mkdir -p ~/.jitsi-meet-cfg/{web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}

注) このディレクトリを .env 内で CONFIG=./.jitsi-meet-cfg として指定。

構成ディレクトリ・ファイル一覧

$ tree -aL 1 ../jitsi-docker-jitsi-meet-10078-1
../jitsi-docker-jitsi-meet-10078-1
├── .env
├── .env.bak
├── .github
├── .gitignore
├── .jitsi-meet-cfg
├── CHANGELOG.md
├── LICENSE
├── Makefile
├── README.md
├── base
├── base-java
├── docker-compose.yml
├── env.example
├── etherpad.yml
├── examples
├── gen-passwords.sh
├── grafana.yml
├── jibri
├── jibri.yml
├── jicofo
├── jigasi
├── jigasi.yml
├── jvb
├── log-analyser
├── log-analyser.yml
├── nginx
├── prometheus
├── prometheus.yml
├── prosody
├── release.sh
├── resources
├── transcriber.yml
├── web
└── whiteboard.yml

構成コンテナイメージとポートの確認

  • base: Debian stable base image with the S6 Overlay for process control and the Jitsi repositories enabled. All other images are based on this one.
  • base-java: Same as the above, plus Java (OpenJDK).
  • web: Jitsi Meet web UI, served with nginx.
  • prosody: Prosody, the XMPP server.
  • jicofo: Jicofo, the XMPP focus component.
  • jvb: Jitsi Videobridge, the video router.
  • jigasi: Jigasi, the SIP (audio only) gateway.
  • jibri: Jibri, the broadcasting infrastructure.

Prosody

https://prosody.im/doc/ports

port interfaces service
5000/tcp public File transfer proxy
5222/tcp public Client connections
5269/tcp public Server-to-server connections
5280/tcp private1 HTTP
5281/tcp public HTTPS
5347/tcp private External components
5582/tcp private Telnet console

Nginxリバースプロキシ経由の設定

リバースプロキシでTLS認証を取得するため、WEBコンテナの以下の設定を無効とします。

.env

DISABLE_HTTPS=1
ENABLE_HTTP_REDIRECT=0
ENABLE_LETS_ENCRYPT=0

他にも.env内で以下の必要な設定をして下さい。

.env

#
# Basic configuration options
#

# Directory where all configuration will be stored
CONFIG=./.jitsi-meet-cfg

# Exposed HTTP port (will redirect to HTTPS port)
HTTP_PORT=8000

# Exposed HTTPS port
HTTPS_PORT=8443

# System time zone
TZ=JST

# Public URL for the web service (required)
# Keep in mind that if you use a non-standard HTTPS port, it has to appear in the public URL
#PUBLIC_URL=https://test.ficusonline.com:${HTTPS_PORT}
PUBLIC_URL=https://test.ficusonline.com

# Media IP addresses to advertise by the JVB
# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4

# Enable authentication (will ask for login and password to join the meeting)
ENABLE_AUTH=1

# Enable guest access (if authentication is enabled, this allows for users to be held in lobby until registered user lets them in)
ENABLE_GUESTS=1

# Select authentication type: internal, jwt, ldap or matrix
AUTH_TYPE=internal

リバースプロキシ経由での接続の場合、WEBコンテナへの接続がHTTPとなるため、ウェブソケット(wss)接続エラーが発生します。コンテナ内ではウェブソケットをws接続とするため、以下Nginxの設定 location /xmpp-websocket, location /colibri-ws を追加。

nginx/default.conf

server {
    server_name test.ficusonline.com;

    server_tokens off;
    # access_log  /var/log/nginx/test.ficusonline.com.access.log;
    # error_log   /var/log/nginx/test.ficusonline.com.error.log error;

	location / {
		proxy_pass http://web:80;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
	}
    
	location /xmpp-websocket {
		proxy_pass http://prosody:5280/xmpp-websocket;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}

	location /colibri-ws {
		proxy_pass http://jvb:8080/colibri-ws;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}

    listen 443 ssl; # managed by Certbot
    listen [::]:443 ssl;
    ssl_certificate /etc/letsencrypt/live/ficusonline.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ficusonline.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}
server {
    if ($host = test.ficusonline.com) {
        return 301 https://$host$request_uri;
    } 

    server_name test.ficusonline.com;
    listen [::]:80;
    listen 80;
    return 404; 
}

Nginx専用のdocker-compose-nginx.ymlを作成

docker-compose-nginx.yml

    nginx:
        container_name: nginx
        image: nginx:alpine
        tty: true
        ports:
            - "8080:80"
            - "8443:443"
        volumes:
            # nginx config
            - ./nginx:/etc/nginx/conf.d
            - /etc/letsencrypt:/etc/letsencrypt
        restart: always
        networks:
            meet.jitsi:

jitsi,nginxのdocker-composeファイルを指定して起動

$ docker compose -f docker-compose.yml -f docker-compose-nginx.yml up -d

管理ユーザの登録

ミーティングの管理ユーザの登録はProsodyコンテナ内で行います。

$ docker compose exec prosody bash
# prosodyctl --config /config/prosody.cfg.lua register USER_NAME meet.jitsi PASSWORD

登録ユーザの確認

# find /config/data/meet%2ejitsi/accounts -type f -exec basename {} .dat \;

Jitsiメイン画面

Screenshot from 2025-03-16 11-33-19
Screenshot from 2025-03-16 11-33-19851×932 205 KB

ミーティング画面

Screenshot from 2025-03-16 11-31-00
Screenshot from 2025-03-16 11-31-001914×925 49.7 KB