Investigate Jitsi Meet and alternatives #148
Labels
No Label
service
accounts
service
discourse
service
drone-ci
service
email
service
garage
service
gitea
service
ipfs
service
mastodon
service
postgres
service
remotestorage
service
wiki
service
xmpp
bug
design
dev environment
docs
duplicate
enhancement
feature
good first issue
idea
invalid
kredits-1
kredits-2
kredits-3
on hold
ops
question
release
major
release
minor
release
patch
security
ui/ux
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: kosmos/chef#148
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
As it is based on XMPP, I think it only needs the videobridge and one other program. No idea, hence this issue.
(Someone offered to donate a considerable amount, in case we offer it for their Kosmos account.)
Found the quick install guide and it seems like we really just need to install an apt package and set up an nginx vhost.
I'll give it a try.
Notes (translate to Chef recipe):
Add meet domain to loopback host entry:
Open firewall for meet traffic:
Add nginx vhost with LE cert (find example config and adapt)
Add
universe
apt repo (required for deps):Add the package repo
Install package, but with flag that prevents adding nginx vhost (conflicts with existing 443 vhosts)
Increase systemd limits for processes and open files. In
/etc/systemd/system.conf
:Also good to know: performance of the videobridge seems to be pretty good. When they introduced it last year, they said it would be orders of magnitude better than what they had before.
https://jitsi.org/jitsi-videobridge-performance-evaluation/
I checked again, and Andromeda is actually not too far from RAM limits, and also using considerable CPU resources already. So it would probably make more sense to throw Jitsi on the new Centaurus, which is going to be online soon.
From my first quick try, it looks like Jitsi Meet is requires Prosody as XMPP server. :/
Have to investigate further. The
jisti-meet
package installs many different packages (incl. Prosody), which, in combination, make up the system.Just got linked to exactly what we need, by @stevenroose@x0f.org:
https://blog.jabberhead.tk/2020/03/16/install-jitsi-meet-alongside-ejabberd/
Just found out it's possible to set up normal XMPP auth for Jitsi Meet room creation after all:
https://www.howtoforge.com/how-to-install-jitsi-meet-video-conferencing-solution-on-debian-10/#set-up-user-authentication-for-jitsi-meet
This is becoming a priority with a deadline now, so we can use an opensource tool for remote participants at the upcoming Kosmos Summit.
Ideally using existing Kosmos XMPP/LDAP accounts for permission to create rooms, of course. And probably even kosmos.chat MUC rooms for the chat in Jitsi.
If we want to record meetings/sessions, there's a Jitsi module called Jibri:
https://github.com/jitsi/jibri
I looked into BigBlueButton this morning, because someone recommended it to me on fedi, after I asked about remote confs with whiteboards.
Summary of my findings, copied over from chat:
I guess BigBlueButton is out of the question... https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-005/-arbitrary-file-disclosure-and-server-side-request-forgery-in-bigbluebutton
For reference:
I'm thinking:
Option 2: We could also just skip using our own ejabberd, but then we'd need to add authenticated room creation functionality to some other Web front-end of ours. I guess
accounts.kosmos.org
would be the natural choice. Not sure if that's better because we control the UX, or worse because it's not directly integrated in the Jitsi Meet front-end.It's probably a blessing that we haven't deployed Jitsi in production yet, because the OpenTalk source code is now available, and they have a Docker Compose setup, too:
https://gitlab.opencode.de/opentalk/ot-setup
I think the whole architecture lends itself much better to integrate with our setup. Here are the services that the official "Lite" setup provides, plus notes for Kosmos infra/deployment:
Here's an overview of the architecture, screenshot from a recent talk (in German):
Note: Kubernetes is entirely optional. However, the system is designed to spawn a new container for every conference, which is nice because if you don't persist anything intentionally (like recordings to S3), then all logs and data are torn down with the container when the meeting/conference ends. Also, it means one instance or even the controller crashing or stalling doesn't impact other running conferences.
Investigate Jitsi Meet requirementsto Investigate Jitsi Meet (and alternatives)Investigate Jitsi Meet (and alternatives)to Investigate Jitsi Meet and alternatives