首页 > 其他分享 >一次不太成功的内网部署视屏会议系统预研

一次不太成功的内网部署视屏会议系统预研

时间:2022-12-10 16:01:16浏览次数:64  
标签:jitsi Jitsi server meet Meet 预研 内网 docker 视屏

Jitsi Meet

背景

接到一个任务,想在公司内网搭建一个视频会议系统,用于公司内部或与分公司交流,需要内网部署,最好是开源免费。

项目定位

查找了如下几个项目:

最后决定尝试 ​​Jitsi Meet​​​ 这个开源免费的项目。github 中 Star ​​19k​​(20221209)

  • Jitsi Meet - 安全、简单且可扩展的视频会议,您可以将其用作独立应用程序或嵌入到web应用程序中
  • Jitsi Meet是一组开源项目,使用户能够使用和部署具有最先进视频质量和功能的视频会议平台。

Jitsi 是什么

Jitsi是一系列开源项目的集合,这些项目提供了最先进的视频会议功能,这些功能安全、易于使用且易于自托管。

本手册(​​https://jitsi.github.io/handbook/docs/intro​​)旨在成为所有Jitsi文档的一站式商店。

内容分为3个主要方面:

  • 用户指南:旨在帮助服务用户更好地了解所有可用功能以及如何使用它们。
  • 开发者指南:旨在帮助希望在其产品中集成Jitsi-Meet API/SDK或希望通过开发新功能或修复错误来改进Jitsi-Meet的开发者。
  • 自托管指南:专为希望自托管的人、系统管理员或任何希望部署和操作自己的Jitsi Meet实例的人设计。

Jitsi由一系列项目组成:

  • Jitsi Meet,与WebRTC兼容的JavaScript应用程序,使用Jitsi Videobridge提供高质量、可扩展的视频会议。基于React和React Native构建
  • Jitsi Videobridge(JVB)-与WebRTC兼容的服务器,用于在会议参与者之间路由视频流。
  • Jitsi Conference Focus (jicofo) -用于Jitsi会议的服务器端焦点组件,用于管理媒体会话,并充当每个参与者和视频桥之间的负载平衡器。
  • Jitsi Gateway to SIP (jigasi) -允许常规SIP客户端加入Jitsi会议的服务器端应用程序
  • Jitsi Broadcasting Infrastructure (jibri) -用于录制和/或流式传输Jitsi会议的一组工具,通过启动虚拟帧缓冲区中呈现的Chrome实例,并使用ffmpeg捕获和编码输出来工作

效果

启动后,直接通过浏览器访问:

一次不太成功的内网部署视屏会议系统预研_ide

一次不太成功的内网部署视屏会议系统预研_ide_02

安装

直接通过项目 ​​https://github.com/jitsi/docker-jitsi-meet​​ docker 方式安装。

Tip: 笔者环境 ubuntu 20.04。

部分安装过程:

下载 docker-jitsi-meet-master 到本地并进入此目录:

root@pjl:/home/docker-jitsi-meet-master# docker-compose up -d
root@pjl:/home/docker-jitsi-meet-master# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f617d13cda50 jitsi/jvb:unstable "/init" 4 hours ago Up 4 hours 127.0.0.1:8080->8080/tcp, 0.0.0.0:10000->10000/udp, :::10000->10000/udp docker-jitsi-meet-master_jvb_1
5af4885c996a jitsi/jicofo:unstable "/init" 4 hours ago Up 4 hours docker-jitsi-meet-master_jicofo_1
35c4bd9da921 jitsi/prosody:unstable "/init" 4 hours ago Up 4 hours 5222/tcp, 5280/tcp, 5347/tcp docker-jitsi-meet-master_prosody_1
fe3d109c8be6 jitsi/web:unstable "/init" 4 hours ago Up 4 hours 0.0.0.0:8000->80/tcp, :::8000->80/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp docker-jitsi-meet-master_web_1

安装过程参考:

WebSocket connection failed

报错:​​WebSocket connection to 'wss://localhost:8443/xmpp-websocket?room=a' failed: ​

后来自己好了

jitsi meeting Screen sharing failed for 3 people

全屏分享时,如果第三个人进来,屏幕分享就失败了。解决过程​​非常曲折​​,大致过程如下:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 10000/udp
sudo ufw allow 22/tcp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
sudo ufw enable

root@pjl:/home/docker-jitsi-meet-master# sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@pjl:/home/docker-jitsi-meet-master# sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To Action From

-- ------ ----

5911 ALLOW IN Anywhere
10000/udp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
3478/udp ALLOW IN Anywhere
5349/tcp ALLOW IN Anywhere
5911 (v6) ALLOW IN Anywhere (v6)
10000/udp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
3478/udp (v6) ALLOW IN Anywhere (v6)
5349/tcp (v6) ALLOW IN Anywhere (v6)

失败。尝试另一方法:

docker cp f617d13cda50:/etc/jitsi/videobridge/sip-communicator.properties sip-communicator.properties

编辑 vim sip-communicator.properties,新增两条:
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.168.1.223
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=192.168.1.223

docker cp sip-communicator.properties f617d13cda50:/etc/jitsi/videobridge/sip-communicator.properties

systemctl restart docker

失败。尝试另一方法:

ENABLE_XMPP_WEBSOCKET=0
ENABLE_COLIBRI_WEBSOCKET=1
ENABLE_SCTP=1
JVB_PORT=10000

失败。报错如下:

Logger.js:154 2022-07-25T08:41:11.181Z [modules/RTC/BridgeChannel.js] <WebSocket.e.onclose>:  Channel closed: 1006 

[modules/statistics/RTPStatsCollector.js] <nn._processAndEmitReport>: No participant ID returned by LocalTrack[2,video]
[modules/statistics/AvgRTPStatsReporter.js] <Dd.addNext>: bandwidth_upload - invalid value for idx: 1 undefined

在网上一通搜索和尝试,未果。

中途也发现了一些奇怪的问题:chrome 94 有视频分享的按钮,chrome 103 没有分享按钮,超过三人桌面分享消失,退出一人则又有效

firefox 102:
[ "audio", "video" ] TypeError: navigator.mediaDevices is undefined

chrome 103
TypeError: Cannot read properties of undefined (reading 'getUserMedia')


最后修改两点:

  • .env 文件时区:​​TZ=Asia/Shanghai​
  • docker-compose.yml 中 127.0.0.1 改成自己服务器的ip
jvb:
image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
// 127.0.0.1 改成自己服务器的ip
- '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080'

一切都好了。

Tip:真正使用应该还要许多其他问题,首先肯定会对内网造成非常大的压力。

Jitsi Meet 介绍

Keep it Casual. For Free.

  • HD audio video
  • Unlimited free meeting access for up to 100 participants at a time
  • End-to-End encryption
  • Multiple participants can share their screen simultaneously
  • Remotely control other participants desktop
  • Integrations (Google, Microsoft, Slack)

一次不太成功的内网部署视屏会议系统预研_docker_03

What is Jitsi?

Jitsi is a ​​collection of Open Source projects​​​ which provide state-of-the-art video conferencing
capabilities that are secure, easy to use and easy to self-host.

Components

Jitsi comprises a ​​collection of projects​​:

  • ​Jitsi Meet​​ - WebRTC compatible JavaScript application that uses Jitsi Videobridge to provide high quality, scalable video conferences. Build upon React and React Native.
  • ​Jitsi Videobridge (JVB)​​ - WebRTC compatible server designed to route video streams amongst participants in a conference.
  • ​Jitsi Conference Focus (jicofo)​​ - server-side focus component used in Jitsi Meet conferences that manages media sessions and acts as load balancer between each of the participants and the videobridge.
  • ​Jitsi Gateway to SIP (jigasi)​​ - server-side application that allows regular SIP clients to join Jitsi Meet conferences
  • ​Jitsi Broadcasting Infrastructure (jibri)​​ - set of tools for recording and/or streaming a Jitsi Meet conference that works by launching a Chrome instance rendered in a virtual framebuffer and capturing and encoding the output with ffmpeg.

External Software used by Jitsi:

Desktop browsers

Browser

Support

Versions

Notes

Chrome


>= 72

Best results with >= 96

Firefox


>= 68

Best results with >= 101

Safari


>= 14

Best results with >= 15, output device selection unsupported

Edge


>= 79

Edge Legacy is unsupported

Internet Explorer


Join by using a Jitsi link

People can invite each other to Jitsi meetings by simply sending a link.

  1. If you have received such an invite link from a trusted source,
    copy it into your browser's address bar and press Enter / Return.
  2. Your browser may first ask you to grant microphone and/or camera access.
    If you trust the person who invited you, confirm this access request.
    Please refer to the browser's documentation for details (e.g. Firefox、Chrome).
  3. If prompted, enter a name, which will be visible to other participants in the Jitsi Meeting room.
  4. (Optional) Adjust the camera and/or microphone settings via the ​​v​​ dropdown menu items.
  5. Click on ​​Join meeting​​.

Desktop or Mobile Browser

  1. You need a browser (please note our separate information).
  2. Open the browser and in the address bar type, for example "​​https://meet.jit.si​​" (without "") and press Enter.
  3. The page opens as shown in the figure:

一次不太成功的内网部署视屏会议系统预研_docker_03

  1. Now enter a name for your conference (e.g. new meeting) in the "Start new meeting" field.
    Note: Please do not use any special characters, spaces or umlauts, as this can lead to problems.
    Note: Jitsi offers a functionality that automatically suggests names for the conferences. These can be overwritten.
  2. Click the blue ​​Go​​ button.
  3. The following window opens:

一次不太成功的内网部署视屏会议系统预研_docker_05

  1. It is possible that no picture of you will appear at first. To do this, the browser will ask you whether you want to allow camera access. Please confirm this by clicking on ​​allow​​​ or ​​permit​​. Sometimes you also have to click the camera button at the bottom of the screen first to activate the dialog for allowing camera access. Do the same with the microphone the first time you use Jitsi.
  2. Now enter your display name in the "enter your name" field.
  3. Click the blue ​​Join meeting​​ button.
  4. Have fun in your first conference.

IFrame API

Embedding the Jitsi Meet API into your site or app enables you to host and provide secure video meetings with your colleagues, teams, and stakeholders. The Meet API provides a full complement of comprehensive meeting features.

Your Jitsi meetings can be hosted and attended using any device while keeping your data and privacy protected. You can reach your meeting participants anywhere in the world eliminating the need for travel and the associated inconvenience.

The IFrame API enables you to embed Jitsi Meet functionality into your meeting application so you can experience the full functionality of the globally distributed and highly available deployment available with ​​meet.jit.si​​.

You can also embed and integrate the globally distributed and highly available deployment on the ​​meet.jit.si​​ platform itself.

Self-Hosting Guide

Welcome to the Self-Hosting guide!

note:
These guides help you to host your own Jitsi-Meet server.
If you want to have a video conference without setting up any infrastructure, use ​​​https://meet.jit.si​​ instead.

The content is divided in 3 guides:

  • ​​Debian/Ubuntu server guide​​: Describes the quick installation on Debian-based distributions.
  • ​​Docker guide​​: Describes how to use the official Docker image of Jitsi-Meet.
  • ​​Manual installation guide​​: Describes the manual installation of all components (adaptable for other distributions).

note: First, a bit of general advice
Jitsi Meet being based on ​​​WebRTC​​, an encrypted communication link (https) is necessary to get working multimedia, and the setup is not always trivial.

The best option is an Internet server with a certificate for a domain registered in the ​​DNS​​.

While it's possible to setup a server on a private network and/or a self-signed certificate, it can be less straightforward and you can expect difficulties, first if you want access both from the private network and the public internet, and second when using phones as these clients often don't accept self-signed certificates.

In case of trouble with clients using phones, ​​check your certificate​​.

Requirements

note:
Jitsi Meet is a real-time system.
Requirements are very different from a web server and depend on many factors.
Miscalculations can very easily destroy basic functionality rather than cause slow performance.
Avoid adding other functions to your Jitsi Meet setup as it can harm performance and complicate optimizations.

Note that Jitsi Meet design priorizes scalability by adding servers on using a huge server. Check Jitsi-videobridge documentation on adding several bridges to a Jitsi Meet server, and OCTO to go even beyond that (federation of Jitsi Meet servers). If you feel that you are a network and server administration newbie, don't even think of going there.

Jitsi Meet needs, by order of importance
  • Network link: basic speed and reliability are essential. Check speed against the provider claims using any download tool (or ftp), and
    verify latency using a tool such as iperf3.
    Exact calculation is very complex and depend on many optimisations and tricks, but you should at least remember these numbers on resolution:
    180 = 200 kbits/s
    360 = 500 kbits/s
    720 (HD) = 2500 kbits/s
    4k = 10 Mbits/s
    So don't expect to have 20 users using 4K on a server with 100Mbits/s upload and download.
    For a friends/small organization server, 1 Gbits/s will often be enough but for a serious server 10 Gbits/s
    is advisable. Several (or many...) bridges having each a 10 Gbits/s link are used by big deployments.

These requirements concern the videobridge. If there are only external videobridges (as can be the case on high end Jitsi Meet servers), network performance matters much less.

  • RAM: it's usually suggested to get 8 GB.
    For small meetings you can get away with 4 GB, for test servers or very small meetings you can try to use 2 GB.
    For big meetings it's suggested to go the scalable way over getting huge amounts of memory.
  • CPU: very low processor performance can seriously harm a real time system, especially when using a shared server (where your CPU performance can be stolen by other customers of your hoster, check on 'dedicated CPU' if you are getting a VPS, rather than a physical server). However, a consideration is that a Jitsi Meet component, Prosody, can only use ONE (1) core. So getting a lot of cores, let's say more than 32, is not always useful. For a basic server, 4 dedicated cores can be enough.
  • Disk: unless you are doing heavy logging or have very specific needs, you can get away with 250 Gbytes of standard hard disk.
    SSD are more a nice to have than a necessity.

If you want additional services, requirements can go up.

Recording

Jibri needs ONE system per recording.
One Jibri instance = one meeting. For 5 meetings recorded simultaneously, you need 5 Jibris.
There is no workaround to that.
If you are knowledgeable, you can setup Jibris in containers and use a big server to save a bit on resources but that's about it.

Jibri RAM and CPU needs are far higher than Jitsi Meet itself, as it does video encoding.
For ​​​1080x720​​​ you currently need at least 8 GB RAM, for ​​1280x1024​​ 12 GB (this is for recording a single meeting).
If memory is not sufficient or CPU can't encode fast enough, recordings will fail.

While Jibri and Jitsi Meet can technically be hosted in a single server, it's not recommended because Jibri is a resource drain and it can harm Jitsi Meet performance, and can exhaust disk space and stop Jitsi Meet function altogether.

Docker
Quick start

In order to quickly run Jitsi Meet on a machine running Docker and Docker Compose,
follow these steps:

  1. Download and extract the [latest release]. DO NOT clone the git repository. See below if you are interested in running test images.
  2. Create a ​​.env​​ file by copying and adjusting ​​env.example​​:
cp env.example .env
  1. Set strong passwords in the security section options of ​​.env​​ file by running the following bash script
./gen-passwords.sh
  1. Create required ​​CONFIG​​ directories
  • For linux:
mkdir -p ~/.jitsi-meet-cfg/{web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
  • For Windows:
echo web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri | % { mkdir "~/.jitsi-meet-cfg/$_" }
  1. Run ​​docker-compose up -d​
  2. Access the web UI at ​​https://localhost:8443​​ (or a different port, in case you edited the ​​.env​​ file).

note:
HTTP (not HTTPS) is also available (on port 8000, by default), but that's e.g. for a reverse proxy setup;
direct access via HTTP instead HTTPS leads to WebRTC errors such as
Failed to access your microphone/camera: Cannot use microphone/camera for an unknown reason. Cannot read property 'getUserMedia' of undefined
or navigator.mediaDevices is undefined.

If you want to use jigasi too, first configure your env file with SIP credentials
and then run Docker Compose as follows:

docker-compose -f docker-compose.yml -f jigasi.yml up

If you want to enable document sharing via [Etherpad],
configure it and run Docker Compose as follows:

docker-compose -f docker-compose.yml -f etherpad.yml up

If you want to use jibri too, first configure a host as described in JItsi BRoadcasting Infrastructure configuration section
and then run Docker Compose as follows:

docker-compose -f docker-compose.yml -f jibri.yml up -d

or to use jigasi too:

docker-compose -f docker-compose.yml -f jigasi.yml -f jibri.yml up -d
Architecture

A Jitsi Meet installation can be broken down into the following components:

  • A web interface
  • An XMPP server
  • A conference focus component
  • A video router (could be more than one)
  • A SIP gateway for audio calls
  • A Broadcasting Infrastructure for recording or streaming a conference.

一次不太成功的内网部署视屏会议系统预研_docker_06

The diagram shows a typical deployment in a host running Docker. This project
separates each of the components above into interlinked containers. To this end,
several container images are provided.

External Ports

The following external ports must be opened on a firewall:

  • ​80/tcp​​​ for Web UI HTTP (really just to redirect, after uncommenting ​​ENABLE_HTTP_REDIRECT=1​​​ in ​​.env​​)
  • ​443/tcp​​ for Web UI HTTPS
  • ​4443/tcp​​ for RTP media over TCP
  • ​10000/udp​​ for RTP media over UDP

Also ​​20000-20050/udp​​ for jigasi, in case you choose to deploy that to facilitate SIP access.

E.g. on a CentOS/Fedora server this would be done like this (without SIP access):

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --add-port=4443/tcp
sudo firewall-cmd --permanent --add-port=10000/udp
sudo firewall-cmd --reload

See ​​the corresponding section in the manual setup guide​​.

Design considerations

Jitsi Meet uses XMPP for signaling, thus the need for the XMPP server.
The setup provided by these containers does not expose the XMPP server to the outside world.
Instead, it's kept completely sealed, and routing of XMPP traffic only happens on a user-defined network.

The XMPP server can be exposed to the outside world,
but that's out of the scope of this project.

结果

出于某些因素的考虑,最终相关部门决定定制采购。

作者:​​彭加李​​

标签:jitsi,Jitsi,server,meet,Meet,预研,内网,docker,视屏
From: https://blog.51cto.com/u_15551419/5927732

相关文章

  • 一次不太成功的内网部署视屏会议系统预研
    JitsiMeet背景接到一个任务,想在公司内网搭建一个视频会议系统,用于公司内部或与分公司交流,需要内网部署,最好是开源免费。项目定位查找了如下几个项目:tailchat-meeti......
  • cpolar + vue内网穿透配置事项
    场景开了内网穿透之后,本地跑的项目就不需要内网也能访问了。这里用的工具是cpolar,简单,快速上手,有低配免费套餐,能够搭载小型项目,大型项目可能会有请求高并发的情况,这时候......
  • Ubuntu——基于cpolar配置内网穿透,外网随时随地实现SSH访问主机!
    发现了一个超好的免费内网穿透工具!!可以实现外网SSH访问主机,极大地提升工作效率,并解除工作空间的限制!1.安装cpolarUbuntu用户安装Cpolar内网穿透安装完成后,需要进行认......
  • 内网文件分片上传,断点续传
    ​ 一、概述 所谓断点续传,其实只是指下载,也就是要从文件已经下载的地方开始继续下载。在以前版本的HTTP协议是不支持断点的,HTTP/1.1开始就支持了。一般断点下载时才用......
  • 内网穿透——Natapp实现
    转自:NATAPP使用教程(内网穿透)_Willing卡卡的博客-CSDN博客_natappNATAPP内网穿透使用教程        本文主要分享了有关内网穿透NATAPP的使用,包括:注册、建立隧道(免......
  • 红队隧道应用篇之CS正反向连接突破内网(二)
    正向连接环境拓扑图操作步骤在CS客户端新建一个TCP协议的监听,监听端口为4444创建无状态木马(WindowsExecutable(S)),选择上述建立的TCP监听器,随后将无状态木......
  • 内网安全 - 简单域环境搭建
    内网安全-简单域环境搭建使用WindowsServer2012R2,Windows7,WindowsXP配置域控环境。虚拟机的获取和安装不再叙述,安装时网络选择桥接模式。域基础知识这里......
  • 用Ubuntu+SecureCRT实现客户内网控制器的进程状态监控
    一、使用场景描述:用户有一台控制器的三个组件需要进行端口监控,控制器主机因为跟办公网络未在同一个网络区域,因此不能使用ssh进行直连进行监控。客户现场环境如下(见下......
  • 360极速浏览器打不开国内网站的一种解决方法
    360极速浏览器打不开国内网站的一种解决方法​​一、问题描述​​​​二、解决办法​​一、问题描述点击东北大学官方网站,显示您访问的网页出错了。二、解决办法点击右上角......
  • flask 获取客户端ip, 以及检查是不是内网ip
    对于有nginx反向代理的请求,需要在nginx配置中添加如下内容:proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;然后在项目代码中获取ipfromflaskimportr......