Matrix-synapse and jitsi on same server?

Hya,

is it possible to install jitsi and matrix-synapse on the same server?

if yes, how to make possible that jitsi and matrix-synapse talk to each other, i.e, a jitsi client entering a room created on matrix-synapse?

thx in advance

Hi!
It works. I am having both services on the same server. Just use the install instructions from both services seperatly and then modify a specific line in the synapse config.

Edit the config.json at /var/www/riot.yourdomain.com/riot/config.json and change the preferredDomain of the jitsi block from https://jitsi.riot.im to your own self-hosted https://jitsi.domain.com.

I used the following instructions from the matrix team:
https://matrix.org/blog/2020/04/06/running-your-own-secure-communication-service-with-matrix-and-jitsi

The jitsi instance in synapse is only used on calls with at least three participants, so do not wonder if peer-to-peer calls don’t run over the jitsi widget!

Thank you for the answer.

So, they can coexist, listening to different ports, i.e, jitsi at 9883 and matrix-synapse at 9884, correct?

jitsi clients to jitsi and riot client to matrix-synapse, is it correct?

last question, is it possible to share a room by both?

TIA

Of course you could use those ports. But usually jitsi uses port TCP 80, 443, 4443 and UDP 10000 and synapse ports TCP 443, 8448 and internally 8008.

Sharing a room would be possible at least with audio and video but I guess they won’t share the chat function. That means that you can share the riot room’s jitsi conference ID with people who just join the same room over jitsi (browser or app).

I also followed that blog post as well, but there are a couple caveats.

  1. By setting up the nginx and matrix/riot proxies over 443, Jitsi’s quick install won’t add the nginx plugin to direct traffic to the TURN.

  2. Jitsi Meet no longer uses port 4443 by default. You can re-enable the JVB’s TCP harvester (which I did), but this won’t get user’s past corporate firewalls which block everything except valid TLS traffic. The TCP harvester is only useful for getting past firewalls blocking UDP traffic.

I did briefly investigate how to setup the TURN with the other services running, but it seems like Matrix is running it’s own TURN which perhaps we could point Jitsi to. I don’t have anyone with a restrictive enough setup to need to look further yet though.

I didn’t test well enough my setup with all the services yet, but the turn server address you can easily modify yourself in the jitsi config files. The same goes for synapse.

I set up my server according to these instructions and everything goes well until the moment I need to sign certificates for jitsi. There I have the following problems:
root@matrix:~# /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

This script will:

  • Need a working DNS record pointing to this machine(for domain jitsi.server.eu)
  • Download certbot-auto from https://dl.eff.org to /usr/local/sbin
  • Install additional dependencies in order to request Let’s Encrypt certificate
  • If running with jetty serving web content, will stop Jitsi Videobridge
  • Configure and reload nginx or apache2, whichever is used
  • Configure the coturn server to use Let’s Encrypt certificate and add required deploy hooks
  • Add command in weekly cron job to renew certificates regularly

You need to agree to the ACME server’s Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
by providing an email address for important account notifications
Enter your email and press [ENTER]: name@mail.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jitsi.server.eu
Using the webroot path /usr/share/jitsi-meet for all unmatched domains.
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/jitsi.server.eu/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/jitsi.server.eu/privkey.pem
    Your cert will expire on 2021-01-07. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

Configuring nginx
Job for nginx.service failed because the control process exited with error code.
See “systemctl status nginx.service” and “journalctl -xe” for details.
root@matrix:~# systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) (Result: exit-code) since Fri 2020-10-09 13:13:52 CEST; 5min ago
Docs: man:nginx(8)
Process: 4591 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=1/FAILURE)
Main PID: 567 (nginx)
Tasks: 9 (limit: 4915)
CGroup: /system.slice/nginx.service
├─567 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─568 nginx: worker process
├─569 nginx: worker process
├─570 nginx: worker process
├─571 nginx: worker process
├─572 nginx: worker process
├─573 nginx: worker process
├─574 nginx: worker process
└─575 nginx: worker process

Oct 09 13:13:52 matrix systemd[1]: Starting A high performance web server and a reverse proxy server…
Oct 09 13:13:52 matrix systemd[1]: Started A high performance web server and a reverse proxy server.
Oct 09 13:16:29 matrix systemd[1]: Reloading A high performance web server and a reverse proxy server.
Oct 09 13:16:29 matrix nginx[1910]: nginx: [warn] invalid value “TLSv1.3” in /etc/nginx/sites-enabled/jitsi.server
Oct 09 13:16:29 matrix systemd[1]: nginx.service: Control process exited, code=exited status=1
Oct 09 13:16:29 matrix systemd[1]: Reload failed for A high performance web server and a reverse proxy server.
Oct 09 13:18:44 matrix systemd[1]: Reloading A high performance web server and a reverse proxy server.
Oct 09 13:18:44 matrix nginx[4591]: nginx: [warn] invalid value “TLSv1.3” in /etc/nginx/sites-enabled/jitsi.server
Oct 09 13:18:44 matrix systemd[1]: nginx.service: Control process exited, code=exited status=1
Oct 09 13:18:44 matrix systemd[1]: Reload failed for A high performance web server and a reverse proxy server.

how did you solve them?