🗺️

Build a WebRTC web conferencing system on AWS

2021/12/29に公開

Hello everyone.
This article was frequently accessed from overseas, so I will translate it into English and repost it.
I hope it helps.

Today's topic

Build a web conferencing system by certifying it with HTTPS using OSS called Jitsi on EC2 on AWS.
Build with container management using Docker.

Download location

Basically, I am using the latest at that time with a command from docker-hub.
https://github.com/jitsi/docker-jitsi-meet
https://hub.docker.com/u/jitsi/

Current Docker image state

We will prepare the definition file obtained from docker-hub to operate the container with docker-compose.
https://github.com/jitsi/docker-jitsi-meet/releases/tag/stable-6726-1

[root@meet meet]# wget https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/stable-6726-1.tar.gz

[root@meet meet]# ls
stable-6726-1.tar.gz

[root@meet meet]# tar zxf stable-6726-1.tar.gz

[root@meet meet]# ls
docker-jitsi-meet-stable-6726-1  stable-6726-1.tar.gz

[root@meet meet]# rm -rf stable-6726-1.tar.gz

[root@meet meet]# ls
docker-jitsi-meet-stable-6726-1

[root@meet meet]# mv docker-jitsi-meet-stable-6726-1 ./docker-jitsi-meet

Installation procedure

Use the official procedure for installation (initial setting).
https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker

[root@meet meet]# cd ./docker-jitsi-meet/
[root@meet docker-jitsi-meet]# ls
base       CHANGELOG.md        env.example   examples          jibri      jicofo  jigasi.yml  LICENSE   prosody    release.sh  web
base-java  docker-compose.yml  etherpad.yml  gen-passwords.sh  jibri.yml  jigasi  jvb         Makefile  README.md  resources

[root@meet docker-jitsi-meet]# cp env.example .env

*Executing this command will add the password string used to concatenate the container image to the .env file.
[root@meet docker-jitsi-meet]# sh ./gen-passwords.sh

[root@meet docker-jitsi-meet]# mkdir -p ~/.jitsi-meet-cfg/{web/crontabs,web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}

Start for the time being

I started it for the time being. The PORT number is 8443, and when I connect over HTTPS, of course, the certificate fails.

[root@meet docker-jitsi-meet]# docker-compose up -d
[+] Running 4/4
 ⠿ jvb Pulled                                                                                                                                                                                                1.8s
 ⠿ web Pulled                                                                                                                                                                                                1.8s
 ⠿ prosody Pulled                                                                                                                                                                                            1.8s
 ⠿ jicofo Pulled                                                                                                                                                                                             1.8s
[+] Running 5/5
 ⠿ Network docker-jitsi-meet_meet.jitsi   Created                                                                                                                                                            0.0s
 ⠿ Container docker-jitsi-meet-prosody-1  Started                                                                                                                                                            1.5s
 ⠿ Container docker-jitsi-meet-web-1      Started                                                                                                                                                            1.5s
 ⠿ Container docker-jitsi-meet-jicofo-1   Started                                                                                                                                                            3.9s
 ⠿ Container docker-jitsi-meet-jvb-1      Started                                                                                                                                                            3.9s
[root@meet docker-jitsi-meet]#

Set up the Jitsi configuration file.

If you just start it for the time being, there are problems such as there is no certificate in HTTPS and the connection PORT is 8443, so I will customize it.

File (.env) settings

Set your own domain

[root@meet docker-jitsi-meet]# vi .env
...
-#PUBLIC_URL=https://meet.example.com
+PUBLIC_URL=https://meet.yukkuri.me
...

PORT number changed from 8443 to 443

[root@meet docker-jitsi-meet]# vi .env
...
# Exposed HTTPS port
-#HTTPS_PORT=8443
+HTTPS_PORT=443
...

File (docker-compose.yml) settings

Let's Encript Certificate Consolidation

Concatenate the certificates you still made. Concatenation concatenates a Docker host (/home/yukkuri/certificates) with a Docker guest (/config/keys).

[root@meet docker-jitsi-meet]# vi docker-compose.yml
...
services:
    # Frontend
    web:
        image: jitsi/web:stable-6726-1
        restart: ${RESTART_POLICY}
        ports:
-#            - '${HTTP_PORT}:80'
            - '${HTTPS_PORT}:443'
        volumes:
            - ${CONFIG}/web:/config:Z
            - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
+            - /home/yukkuri/certificates/yukkuri.me.crt:/config/keys/cert.crt:Z
+            - /home/yukkuri/certificates/yukkuri.me.key:/config/keys/cert.key:Z
        environment:
...

Restart docker-compose

Now that you have edited the config file, restart the component for the config to take effect.

[root@meet docker-jitsi-meet]# docker-compose stop
[+] Running 4/4
 ⠿ Container docker-jitsi-meet-jicofo-1   Stopped                                                                                                                                                            3.9s
 ⠿ Container docker-jitsi-meet-jvb-1      Stopped                                                                                                                                                            4.0s
 ⠿ Container docker-jitsi-meet-web-1      Stopped                                                                                                                                                            3.6s
 ⠿ Container docker-jitsi-meet-prosody-1  Stopped                                                                                                                                                            3.5s
[root@meet docker-jitsi-meet]# docker-compose up -d
[+] Running 4/4
 ⠿ Container docker-jitsi-meet-prosody-1  Started                                                                                                                                                            1.3s
 ⠿ Container docker-jitsi-meet-jicofo-1   Started                                                                                                                                                            3.2s
 ⠿ Container docker-jitsi-meet-web-1      Started                                                                                                                                                            1.3s
 ⠿ Container docker-jitsi-meet-jvb-1      Started                                                                                                                                                            3.2s
[root@meet docker-jitsi-meet]#

Security group settings on the AWS side

Since it is built on AWS, it is necessary to make a hole in the PORT to be used.
Add the following settings

  • HTTPS (443): WEB connection from client PC
  • UDP (10000): For JVB connection from client PC

Check settings

Actually check the operation.
Edge version 96.0.1054.62 (official build) (64-bit)

Chrome version: 96.0.4664.110 (Official Build) (64-bit)

Future tasks

You need to parse the configuration file.
By the way, in the current situation, you can access and use as much as you want, so you need to narrow down the users by ID/PASS. (I want to upload it at a later date.)

  • I would like everyone to use it, but because it is deployed on AWS, my household will definitely go bankrupt, so EC2 will be stopped until the setting is completed.
  • You only need to accept your home IP in the AWS security group, but just in case.

Time required this time

It took about 4 hours to check the operation roughly.
Even if you move it a little, there are some hurdles, and I think that it is a high hurdle to use it in large numbers or to operate it independently.
ZOOM is also free if the time is short, and I think there are many free web conferencing systems.
However, for business use, we expect that it can be used when there are conditions such as internal security is not permitted unless it is on-premise in-house.
I wonder if the HTTPS setting is quite difficult to understand.

Discussion