What is Jitsi?

Jitsi is a collection of Open Source projects which provide state-of-the-art video conferencing capabilities that are secure, easy to use and easy to self-host

Here we are going to create a single VM with all the containers that Jitsi needs to work of course all this can be created in a different and more scalable way, but this is just a starting point

Deploying a Jitsi server on GCP and create a dns record on cloudflare to publish the services

Installing tools

1. Gcloud cli

This terraform code uses the cli authentication so you will need to have installed the azure cli https://cloud.google.com/sdk/docs/install

2. Terraform

If you still doesn’t have Terraform installed on your computer you can follow this link https://www.terraform.io/downloads.html

Deploying Jitsi

1. Git clone

git clone https://gitlab.com/Giondo/jitsi-meet-gcp.git

2. Before running the terraform code

This code is made to work with a pre-existing GCP project

├── README.md
├── gcp
│   ├── cloudflare.tf
│   ├── externalip.tf
│   ├── firewall.tf
│   ├── instance.tf
│   ├── network.tf
│   ├── output.tf
│   ├── provider.tf
│   ├── renderenv.tf
│   ├── scripts
│   │   └── init_script-jitsi.sh
│   ├── state.tf
│   ├── template
│   │   └── env_var.tpl
│   ├── terraform.tfstate
│   ├── terraform.tfstate.backup
│   ├── vars.tf <-- Variables
│   └── versions.tf

Also on the vars.tf file you can declare the default value for the project ID and others variables such a cloudflare API key

3. Login into Google Cloud

gcloud auth application-default login
Your browser has been opened to visit:

    https://accounts.google.com/o/oauth2/auth?response_type=code&blabla


Credentials saved to file: [/Users/.config/gcloud/application_default_credentials.json]

These credentials will be used by any library that requests Application Default Credentials (ADC).

4. Running terraform code

cd jitsi-meet-gcp/gcp/
terraform init
terraform plan

terraform apply -auto-approve

data.cloudflare_zones.domain: Refreshing state...
data.cloudflare_zones.domain: Reading... [id=2020-10-03 12:45:16.616208 +0000 UTC]
data.cloudflare_zones.domain: Read complete after 0s [id=2020-10-03 12:45:18.561771 +0000 UTC]
google_compute_network.jitsi-network: Creating...
google_compute_address.static_ext_ip: Creating...
google_compute_network.jitsi-network: Still creating... [10s elapsed]
google_compute_address.static_ext_ip: Still creating... [10s elapsed]
google_compute_address.static_ext_ip: Creation complete after 12s [id=projects/playground-s-11-b9d91b31/regions/europe-west4/addresses/ipv4-address]
cloudflare_record.PUBLIC_HOST: Creating...
cloudflare_record.PUBLIC_HOST: Creation complete after 3s [id=78d831f86f1a68798cc091b6c224133a]
google_compute_network.jitsi-network: Still creating... [20s elapsed]
google_compute_network.jitsi-network: Still creating... [30s elapsed]
google_compute_network.jitsi-network: Still creating... [40s elapsed]
google_compute_network.jitsi-network: Creation complete after 44s [id=projects/playground-s-11-b9d91b31/global/networks/jitsi-network]
google_compute_firewall.default: Creating...
google_compute_instance.jitsivm: Creating...
google_compute_instance.jitsivm: Still creating... [10s elapsed]
google_compute_firewall.default: Still creating... [10s elapsed]
google_compute_firewall.default: Creation complete after 11s [id=projects/playground-s-11-b9d91b31/global/firewalls/firewall-jitsi]
google_compute_instance.jitsivm: Creation complete after 15s [id=projects/playground-s-11-b9d91b31/zones/europe-west4-c/instances/jitsi-server]
data.template_file.envvar: Reading...
data.template_file.envvar: Read complete after 0s [id=5cfd98cb73a8c23032db76ad7c980959179e573d96afbbb5c79add10718f1468]
null_resource.pretend_gcp_iam_policy: Creating...
null_resource.pretend_gcp_iam_policy: Provisioning with 'file'...
null_resource.pretend_gcp_iam_policy: Creation complete after 6s [id=9023076274452977881]

Apply complete! Resources: 6 added, 0 changed, 0 destroyed.

Outputs:

ExternalIP = 35.204.157.225
InternalIP = 10.164.0.2
PUBLIC_URL = https://meet.virtualinfra.online
vmname = jitsi-server

Checking status

1. ssh to the instance

Please be aware you need to have your private key deployed to the GCP console under Instances–>metadata

ssh 35.204.157.225

2. checking running docker

root@jitsi-server:~# docker ps
CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS              PORTS                                              NAMES
b0a6fdcaef45        jitsi/jicofo:latest    "/init"             5 seconds ago       Up 3 seconds                                                           docker-jitsi-meet_jicofo_1
164248d618c6        jitsi/jvb:latest       "/init"             5 seconds ago       Up 3 seconds        0.0.0.0:4443->4443/tcp, 0.0.0.0:10000->10000/udp   docker-jitsi-meet_jvb_1
b1524be8c735        jitsi/web:latest       "/init"             9 seconds ago       Up 4 seconds        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp           docker-jitsi-meet_web_1
1358242b19e0        jitsi/prosody:latest   "/init"             9 seconds ago       Up 4 seconds        5222/tcp, 5280/tcp, 5347/tcp                       docker-jitsi-meet_prosody_1

3. Check let’s encrypt status

You need to identify the web container where nginx is running and check the logs

root@jitsi-server:~# docker logs -f b1524be8c735
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-set-timezone: executing...
[cont-init.d] 01-set-timezone: exited 0.
[cont-init.d] 10-config: executing...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for meet.virtualinfra.online
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/meet.virtualinfra.online/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/meet.virtualinfra.online/privkey.pem
   Your cert will expire on 2021-01-01. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[cont-init.d] 10-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

4. Getting the external IP to connect to the application

The output of the Terraform code will display the URL to connect to

Outputs:

ExternalIP = 35.204.157.225
InternalIP = 10.164.0.2
PUBLIC_URL = https://meet.virtualinfra.online
vmname = jitsi-server

Just open a browser and you will be able to create a Jitsi Meeting just by writing a room name

And That’s it, You’ve created a working Jitsi working server

Pre-requisites

  • Gcloud Utils
  • Terraform

Features

if you need to enable different features for the Jitsi server please check the env_var.tpl under the template folder or just ssh the instance and check the .env file and regenerate the containers with the command

cd /root/docker-jitsi-meet
docker-compose up -d

Jitsi Working

openshift-installed

https://gitlab.com/Giondo/jitsi-meet-gcp

https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker