Raspberry PI and Jitsi (videobridge & Al.) are working together

hi all,
I managed to make Jitsi working with a Raspebrry PI 3 B ( Quad-core 1.2GHz, Broadcom2837 64bit CPU, ARM v8, 1GB Memory).

On the Raspberry PI3 B, it works with 1 meeting with 4 or 5 people. With more people, it begin to lag. I was not able to try other configuration (2 meetings, with 2 people, etc.)
Of course, with more CPU and Memory (RPI4), it could works better.
Now, i’m trying to use the new configuration files and maybe dispatch Nginx, Prosody, Jvb, Jicofo and Jitsi-Meet on two raspberry PI while waiting the arrival of a RPI4.
I try to post what I did (as i have some limitations in the forum due to my newbie status)

From the begining:
Dynamic DNS : MyPublicIP MyFDQN
Fresh install of Debian Buster 10.
raspi-config
change hostname, timezone, localization
vi /etc/dphys-swapfile
CONF_SWAPSIZE=1024
/etc/init.d/dphys-swapfile restart
sudo reboot
sudo apt-get update
sudo apt-get upgrade
sudo reboot
sudo apt-get install openjdk-8-jdk fail2ban wget nginx
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-armhf
sudo apt-get install certbot python-certbot-nginx

vi /etc/hosts
MyPublicIP MyFDQN
vi /etc/nginx/sites-avalaible/MyFDQN

server_names_hash_bucket_size 64;
server {
listen 80;
listen [::]:80;
server_name MyFDQN;
location ^~ /.well-known/acme-challenge/ {
default_type “text/plain”;
root /usr/share/jitsi-meet;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name MyFDQN;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers “EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+a
RSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESG
CM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PS
K:!SRP:!DSS:!RC4:!SEED”;

add_header Strict-Transport-Security "max-age=31536000";
root /usr/share/jitsi-meet;
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
gzip on;
gzip_types text/plain text/css application/javascript application/json;
gzip_vary on;
location = /config.js {
    alias /etc/jitsi/meet/MyFDQN-config.js;
}
location = /external_api.js {
    alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
    add_header 'Access-Control-Allow-Origin' '*';
    alias /usr/share/jitsi-meet/$1/$2;
}
# BOSH
location = /http-bind {
    proxy_pass      http://localhost:5280/http-bind;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $http_host;

}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_set_header Host http_host; tcp_nodelay on; } location ~ ^/([^/?&:'"]+) {
try_files uri @root_path; } location @root_path { rewrite ^/(.*) / break;
}
location ~ ^/([^/?&:’"]+)/config.js$
{
set $subdomain “$1.”;
set $subdir “$1/”;
alias /etc/jitsi/meet/MyFDQN-config.js;
}

colibri (JVB) websockets for jvb1

location ~ ^/colibri-ws/jvb1/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/jvb1/$1$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade http_upgrade; proxy_set_header Connection "upgrade"; tcp_nodelay on;* } #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / location ~ ^/([^/?&:'"]+)/(.*) {
set $subdomain “$1.”;
set $subdir "1/"; rewrite ^/([^/?&:'"]+)/(.*) /$2;
}
# BOSH for subdomains
location ~ ^/([^/?&:’"]+)/http-bind {
set $subdomain “$1.”;
set $subdir “$1/”;
set $prefix "1"; rewrite ^/(.*) /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:’"]+)/xmpp-websocket {
set $subdomain “$1.”;
set $subdir “$1/”;
set $prefix "1"; rewrite ^/(.*) /xmpp-websocket;
}
ssl_certificate /etc/letsencrypt/live/MyFDQN/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/MyFDQN/privkey.pem; # managed by Certbot
}
cd /etc/nginx/sites-enabled
sudo ln -s …/sites-availableMyFDQN MyFDQN
sudo nginx -t
sudo nginx -s reload

vi /etc/hostname
MyFDQN
vi /etc/hosts
127.0.0.1 localhost MyFDQN
sudo reboot
sudo echo ‘deb download.jitsi.org stable/’ >> /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
// Ensure support is available for apt repositories served via HTTPS
sudo apt-get install apt-transport-https
// Retrieve the latest package versions across all repositories
sudo apt-get update
// URL are not complete. Add https download jitsi org and so on at the begininng
wget (…)/stable/jitsi-meet_2.0.4416-1_all.deb
wget (…)/stable/jicofo_1.0-544-1_all.deb
wget (…)/stable/jitsi-meet-web_1.0.3992-1_all.deb
wget (…)/stable/jitsi-meet-web-config_1.0.3992-1_all.deb
wget (…)/stable/jitsi-meet-prosody_1.0.3992-1_all.deb
wget (…)/stable/jitsi-videobridge2_2.1-169-ga28eb88e-1_all.deb
sudo su
apt-get install prosody
apt --fix-broken install
prosodyctl cert generate MyFDQN
prosodyctl cert generate auth.MyFDQN
sudo dpkg -i jitsi-meet-prosody_1.0.3992-1_all.deb
sudo dpkg -i jitsi-meet-web_1.0.3992-1_all.deb
sudo dpkg -i jitsi-meet-web-config_1.0.3992-1_all.deb
apt-get install uuid-runtime
sudo dpkg -i jitsi-videobridge2_2.1-169-ga28eb88e-1_all.deb
sudo dpkg -i jicofo_1.0-544-1_all.deb
sudo dpkg -i jitsi-meet_2.0.4416-1_all.deb
cd /usr/share/jitsi-videobridge

Remember: Rasperry PI have only 1GB RAM!

vi jvb.sh

if [ -z “$VIDEOBRIDGE_MAX_MEMORY” ]; then VIDEOBRIDGE_MAX_MEMORY=1536m; fi

cd /usr/share/jicofo
vi jicofo.sh

exec java -Xmx1024m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp $LOGGING_CONFIG_PARAM $JAVA_SYS_PROPS -cp $cp mainClass @

cd /etc/prosody/conf.avail
vi MyFDQN.cfg.lua
> plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “MyFDQN”;
cross_domain_bosh = false;
consider_bosh_secure = true;

VirtualHost “MyFDQN”
– enabled = false – Remove this line to enable this host
authentication = “anonymous”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/MyFDQN.key”;
certificate = “/etc/prosody/certs/MyFDQN.crt”;
}
speakerstats_component = “speakerstats.MyFDQN”
conference_duration_component = “conferenceduration.MyFDQN”
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“turncredentials”;
“conference_duration”;
}
c2s_require_encryption = false
Component “conference.MyFDQN” “muc”
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
– “token_verification”;
}
admins = { “focus@auth.MyFDQN” }
muc_room_locking = false
muc_room_default_public_jids = true

– internal muc component
Component “internal.authMyFDQN” “muc”
storage = “memory”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.MyFDQN”, “jvb@auth.MyFDQN” }
muc_room_locking = false
muc_room_default_public_jids = true
VirtualHost “auth.MyFDQN”
ssl = {
key = “/etc/prosody/certs/auth.MyFDQN.key”;
certificate = “/etc/prosody/certs/auth.MyFDQN.crt”;
}
authentication = “internal_plain”

Component “focus.MyFDQN”
component_secret = “SECRETFOCUS”

Component “speakerstats.MyFDQN” “speakerstats_component”
muc_component = “conference.MyFDQN”

Component “conferenceduration.MyFDQN” “conference_duration_com
ponent”
muc_component = “conference.MyFDQN”

Component “jitsi-videobridge.MyFDQN”
component_secret = “SECRETVIDEOBRIDGE”
cd /etc/prosody/conf.d
ln -s /etc/prosody/conf.avail/MyFDQN.cfg.lua MyFDQN.cfg.lua
prosodyctl passwd focus@MyFDQN (SECRETFOCUS like in /etc/jitsi/jicofo/config)
prosodyctl adduser jvb@auth.MyFDQN
prosodyctl cert generate MyFDQN
prosodyctl cert generate auth.MyFDQN
prosodyctl cert generate localhost
ln -s /var/lib/prosodyMyFDQN.crt MyFDQN.net.crt
ln -s /var/lib/prosody/auth.MyFDQN.crt auth.MyFDQN.crt
ln -s /var/lib/prosody/localhost.crt localhost.crt

vi /etc/jitsi/videobridge/config

Jitsi Videobridge settings

sets the XMPP domain (default: none)

JVB_HOSTNAME=MyFQDN

sets the hostname of the XMPP server (default: domain if set, localhost otherwise)

JVB_HOST=

sets the port of the XMPP server (default: 5275)

JVB_PORT=5347

sets the shared secret used to authenticate to the XMPP server

JVB_SECRET=VIDEOBRIDGESECRET

extra options to pass to the JVB daemon

JVB_OPTS="–apis=,"

adds java system props that are passed to jvb (default are for home and logging config file)

JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dne
t.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator
.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/videobridge/logging.properties"

vi /etc/jitsi/videobridge/sip-communicator.properties

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=MyLocalIP
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=MyPublicIP
org.jitsi.videobridge.rest.jetty.port=9090
org.jitsi.videobridge.rest.COLIBRI_WS_TLS=true
org.jitsi.videobridge.rest.COLIBRI_WS_SERVER_ID=jvb1
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.MyFQDN
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=SECRETVIDEOBRIDGE

vi /etc/jitsi/jicofo/config

JICOFO_HOST=localhost
JICOFO_HOSTNAME=MyFQDN
JICOFO_SECRET=SECRETJICOFO
JICOFO_PORT=5347
JICOFO_AUTH_DOMAIN=auth.MyFQDN
JICOFO_AUTH_USER=focus
JICOFO_AUTH_PASSWORD=SECRETFOCUS

vi /etc/jitsi/jicofo/sip-communicator.properties

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.MyFQDN
org.jitsi.jicofo.auth.URL=XMPP:MyFQDN

vi /etc/jitsi/meet/MyFQDN-config.js (just the useful lines at the beginning)

var config = {
// Connection
hosts: {
// XMPP domain.
domain: ‘MyFDQN’,
// Bridge.
bridge: ‘jitsi-videobridge.MyFQDN’,
// Domain for authenticated users. Defaults to .
authdomain: ‘auth.MyFQDN’,
// Focus component domain. Defaults to focus..
focus: ‘focus.MyFQDN’,
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: ‘conference.MyFQDN’
},
useNicks: false,
// Does not seems to work but i tried: openSctp:false,
openSctp:false,
openBridgeChannel: ‘websocket’,
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: ‘//MyFQDN/http-bind’,

Then
sudo reboot
/etc/init.d/prosody start
/etc/init.d/jitsi-videobridge2 start
/etc/init.d/jicofo start
nginx -s reload

Enjoy!

hi I5k, does it have to be debian buster 10 OS used? can i use ubuntu os ?