:::
19. 安裝docker
20. 安裝Jitsi meet
- 先設好DNS,底下以 meet.lces.tn.edu.tw 網域為例,伺服器用 nginx,先安裝好 cert-bot,以便安裝憑證。
- 安裝必要套件
apt install gnupg - 安裝 Jitsi repository key
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add - - 添加套件來源
sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list" - 更新套件庫
apt-get -y update - 安裝 Jitsi Meet
apt-get -y install jitsi-meet - 安裝憑證
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh若裝不起來請用
cert-bot --nginx - 修改設定檔
vi /etc/nginx/sites-available/defaultserver_names_hash_bucket_size 64; server { listen 80; listen [::]:80; server_name meet.lces.tn.edu.tw; location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /usr/share/jitsi-meet; } location = /.well-known/acme-challenge/ { return 404; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; listen [::]:443 ssl; server_name meet.lces.tn.edu.tw; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED"; add_header Strict-Transport-Security "max-age=31536000"; ssl_certificate /etc/letsencrypt/live/meet.lces.tn.edu.tw/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/meet.lces.tn.edu.tw/privkey.pem; # managed by Certbot root /usr/share/jitsi-meet; # ssi on with javascript for multidomain variables in config.js ssi on; ssi_types application/x-javascript application/javascript; index index.html index.htm; error_page 404 /static/404.html; gzip on; gzip_types text/plain text/css application/javascript application/json; gzip_vary on; location = /config.js { alias /etc/jitsi/meet/meet.lces.tn.edu.tw-config.js; } location = /external_api.js { alias /usr/share/jitsi-meet/libs/external_api.min.js; } #ensure all static content can always be found first location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ { add_header 'Access-Control-Allow-Origin' '*'; alias /usr/share/jitsi-meet/$1/$2; } # BOSH location = /http-bind { proxy_pass http://localhost:5280/http-bind; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; } # xmpp websockets location = /xmpp-websocket { proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; tcp_nodelay on; } location ~ ^/([^/?&:'"]+)$ { try_files $uri @root_path; } location @root_path { rewrite ^/(.*)$ / break; } location ~ ^/([^/?&:'"]+)/config.js$ { set $subdomain "$1."; set $subdir "$1/"; alias /etc/jitsi/meet/meet.lces.tn.edu.tw-config.js; } #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / location ~ ^/([^/?&:'"]+)/(.*)$ { set $subdomain "$1."; set $subdir "$1/"; rewrite ^/([^/?&:'"]+)/(.*)$ /$2; } # BOSH for subdomains location ~ ^/([^/?&:'"]+)/http-bind { set $subdomain "$1."; set $subdir "$1/"; set $prefix "$1"; rewrite ^/(.*)$ /http-bind; } # websockets for subdomains location ~ ^/([^/?&:'"]+)/xmpp-websocket { set $subdomain "$1."; set $subdir "$1/"; set $prefix "$1"; rewrite ^/(.*)$ /xmpp-websocket; } } - 重啟伺服器
systemctl restart nginx - 大功告成~
