Sorry for my bad english and for occupying this topic.
A bare jitsi-meet installation in a vm or container istn to hard. But if you have jitsi-meet beside nethserver there are some sticking points (or my knowledge is to low maybe).
And using the nethserver-ad or ldap (or ejabberd) wouldtn be a bad idea to simplifying the setup and for athentication.
In my setting the nethserver runs as vm (in proxmox) beside a debian 10 container for jitsi-meet.
My (only one) extermal ip with some subdomains (a/cname in dns) pointing to this external ip.
Some necessary ports are directed to the nethserver vm and his services (e.g. mail, sogo etc.)
Thus nethserver is the main target for tcp 443 and 80 (and becomes letsencrypt certs) so the jitsi-meet installation has no chance to become own letsencrypt certs.
Or is there a Solution?
So i have used the nethserver process for getting an letsencrypt cert with subdomain for the jitsi-meet container and added an reverse proxy entry in nethserver looking for jitsi.domain.tld and pointing to the local ip of the jitsi-meet container. So the subdomain should/is reachable from extern and using the nethserver-letsencrypt-certs.
But, after the jitsi-meet installation, the jitsi-meet site wasnt reacheble over the subdomain. To many redirects and/or some trouble with „get“ requests. It seems that the “turnserver” (installed with jitsi-meet) is the showstopper here.
But jIstsi-meet can run without the turnserver so i installed ist again (from begin) with “apt-get -y --no-install-recommends install jitsi-meet”. Without turnserver the jitsi-meet site appears normal from local and from extern. (with the nethserver main-letsencrypt cert). In this Setting Meetings are possible (Yeah).
All Finished? No. If you prevent jitsi-meet so strangers cannot create (or enter) meeting rooms you need authentication.
There are some way to do this. The jitsi-way is using a own prosody xmpp and userbase. This runs fine.
You can also try to connect to an ldap (wit special modules) but i wasnt successful with that.
So i have stopped an this point and installed the nethserver-ejabberd because of this own ldap integration (jitsi-meet can use ejabberd with limitations) But if you have nethserver-ejabberd installed it was no more possible to enter an meeting room (disconnect).
This appears also when the ejabberd service is stopped. (?)
After uninstalling nethserver-ejabberd (btw not possible in the new server-panel) the problem disappears.
The ejabberd trouble with jitsi-meet is (i think) because of some adress-or service troubles in my setting but i have no idea to correct it. The most installed and configured services in jitsi-meet using his (full) hostname like “jitsi.domain.tld” . (and this is the way jitsi recommends)
But in my setting - i get never the correct ip for this hostname.
An external DNS (like 8.8.8.8) gives back the external IP (as expected). In this setting runs jitsi-meet itselv (without ejabberd or ldap) but you lose internal name resolution so i need a local DNS.
The nethserver DNS (normally used) gives also back a wrong ip, the nethserver-own ip.
I think this is because of the reverse entry or the nethserver-letsencrypt entry fr the subdomain(?) and therefore it isnt possible to set an dns entry for this name additional.
But without local DNS solution it makes no sense to play with jitsi-auth mechanics.
The jitsi-meet own entries for /etc/hosts shows (from begin) two ip entries for his hostname, 127.0.0.1 and the (real) local ip. But “host jitsi.domain.tld” nevertheless gives back nether this ip from this host itselv.
Any Suggestions?
Regards
yummiweb
