Build a WebRTC web conferencing system on AWS
Hello everyone.
This article was frequently accessed from overseas, so I will translate it into English and repost it.
I hope it helps.
Today's topic
Build a web conferencing system by certifying it with HTTPS using OSS called Jitsi on EC2 on AWS.
Build with container management using Docker.
Download location
Basically, I am using the latest at that time with a command from docker-hub.
Current Docker image state
We will prepare the definition file obtained from docker-hub to operate the container with docker-compose.
[root@meet meet]# wget https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/stable-6726-1.tar.gz
[root@meet meet]# ls
stable-6726-1.tar.gz
[root@meet meet]# tar zxf stable-6726-1.tar.gz
[root@meet meet]# ls
docker-jitsi-meet-stable-6726-1 stable-6726-1.tar.gz
[root@meet meet]# rm -rf stable-6726-1.tar.gz
[root@meet meet]# ls
docker-jitsi-meet-stable-6726-1
[root@meet meet]# mv docker-jitsi-meet-stable-6726-1 ./docker-jitsi-meet
Installation procedure
Use the official procedure for installation (initial setting).
[root@meet meet]# cd ./docker-jitsi-meet/
[root@meet docker-jitsi-meet]# ls
base CHANGELOG.md env.example examples jibri jicofo jigasi.yml LICENSE prosody release.sh web
base-java docker-compose.yml etherpad.yml gen-passwords.sh jibri.yml jigasi jvb Makefile README.md resources
[root@meet docker-jitsi-meet]# cp env.example .env
*Executing this command will add the password string used to concatenate the container image to the .env file.
[root@meet docker-jitsi-meet]# sh ./gen-passwords.sh
[root@meet docker-jitsi-meet]# mkdir -p ~/.jitsi-meet-cfg/{web/crontabs,web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
Start for the time being
I started it for the time being. The PORT number is 8443, and when I connect over HTTPS, of course, the certificate fails.
[root@meet docker-jitsi-meet]# docker-compose up -d
[+] Running 4/4
⠿ jvb Pulled 1.8s
⠿ web Pulled 1.8s
⠿ prosody Pulled 1.8s
⠿ jicofo Pulled 1.8s
[+] Running 5/5
⠿ Network docker-jitsi-meet_meet.jitsi Created 0.0s
⠿ Container docker-jitsi-meet-prosody-1 Started 1.5s
⠿ Container docker-jitsi-meet-web-1 Started 1.5s
⠿ Container docker-jitsi-meet-jicofo-1 Started 3.9s
⠿ Container docker-jitsi-meet-jvb-1 Started 3.9s
[root@meet docker-jitsi-meet]#
Set up the Jitsi configuration file.
If you just start it for the time being, there are problems such as there is no certificate in HTTPS and the connection PORT is 8443, so I will customize it.
File (.env) settings
Set your own domain
[root@meet docker-jitsi-meet]# vi .env
...
-#PUBLIC_URL=https://meet.example.com
+PUBLIC_URL=https://meet.yukkuri.me
...
PORT number changed from 8443 to 443
[root@meet docker-jitsi-meet]# vi .env
...
# Exposed HTTPS port
-#HTTPS_PORT=8443
+HTTPS_PORT=443
...
File (docker-compose.yml) settings
Let's Encript Certificate Consolidation
Concatenate the certificates you still made. Concatenation concatenates a Docker host (/home/yukkuri/certificates) with a Docker guest (/config/keys).
[root@meet docker-jitsi-meet]# vi docker-compose.yml
...
services:
# Frontend
web:
image: jitsi/web:stable-6726-1
restart: ${RESTART_POLICY}
ports:
-# - '${HTTP_PORT}:80'
- '${HTTPS_PORT}:443'
volumes:
- ${CONFIG}/web:/config:Z
- ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
+ - /home/yukkuri/certificates/yukkuri.me.crt:/config/keys/cert.crt:Z
+ - /home/yukkuri/certificates/yukkuri.me.key:/config/keys/cert.key:Z
environment:
...
Restart docker-compose
Now that you have edited the config file, restart the component for the config to take effect.
[root@meet docker-jitsi-meet]# docker-compose stop
[+] Running 4/4
⠿ Container docker-jitsi-meet-jicofo-1 Stopped 3.9s
⠿ Container docker-jitsi-meet-jvb-1 Stopped 4.0s
⠿ Container docker-jitsi-meet-web-1 Stopped 3.6s
⠿ Container docker-jitsi-meet-prosody-1 Stopped 3.5s
[root@meet docker-jitsi-meet]# docker-compose up -d
[+] Running 4/4
⠿ Container docker-jitsi-meet-prosody-1 Started 1.3s
⠿ Container docker-jitsi-meet-jicofo-1 Started 3.2s
⠿ Container docker-jitsi-meet-web-1 Started 1.3s
⠿ Container docker-jitsi-meet-jvb-1 Started 3.2s
[root@meet docker-jitsi-meet]#
Security group settings on the AWS side
Since it is built on AWS, it is necessary to make a hole in the PORT to be used.
Add the following settings
- HTTPS (443): WEB connection from client PC
- UDP (10000): For JVB connection from client PC
Check settings
Actually check the operation.
Edge version 96.0.1054.62 (official build) (64-bit)
Chrome version: 96.0.4664.110 (Official Build) (64-bit)
Future tasks
You need to parse the configuration file.
By the way, in the current situation, you can access and use as much as you want, so you need to narrow down the users by ID/PASS. (I want to upload it at a later date.)
- I would like everyone to use it, but because it is deployed on AWS, my household will definitely go bankrupt, so EC2 will be stopped until the setting is completed.
- You only need to accept your home IP in the AWS security group, but just in case.
Time required this time
It took about 4 hours to check the operation roughly.
Even if you move it a little, there are some hurdles, and I think that it is a high hurdle to use it in large numbers or to operate it independently.
ZOOM is also free if the time is short, and I think there are many free web conferencing systems.
However, for business use, we expect that it can be used when there are conditions such as internal security is not permitted unless it is on-premise in-house.
I wonder if the HTTPS setting is quite difficult to understand.
Discussion