Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitized mirror from private repository - 2026-04-18 11:19:59 UTC
Some checks failed
Documentation / Build Docusaurus (push) Failing after 5m14s
Details
Documentation / Deploy to GitHub Pages (push) Has been skipped
Details

Browse Source
This commit is contained in:
Gitea Mirror Bot
2026-04-18 11:19:59 +00:00
commit fb00a325d1
1418 changed files with 359990 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

339
docs/services/individual/jitsi-meet.md Normal file
View File

@@ -0,0 +1,339 @@
# Jitsi Meet - Complete Video Conferencing Platform
**🟡 Communication Service**
## 📋 Service Overview
| Property | Value |
|----------|-------|
| **Service Name** | Jitsi Meet (Complete Stack) |
| **Host** | Atlantis (192.168.0.200) |
| **Category** | Communication |
| **Difficulty** | 🟡 |
| **Docker Images** | `jitsi/web`, `jitsi/prosody`, `jitsi/jicofo`, `jitsi/jvb` |
| **Compose File** | `Atlantis/jitsi/jitsi.yml` |
| **Directory** | `Atlantis/jitsi` |
| **External Domain** | `meet.thevish.io` |
## 🎯 Purpose
Jitsi Meet is a complete open-source video conferencing platform that provides secure, high-quality video calls and meetings. It includes web interface, XMPP server, conference focus, and video bridge components.
## 🌐 Port Forwarding Configuration
### **External Access (Router Port Forwards)**
| Service | External Port | Internal Port | Protocol | Purpose |
|---------|---------------|---------------|----------|---------|
| **Jitsi Web** | 4443 | 4443 | TCP | HTTPS web interface |
| **STUN Server** | 3478 | 3478 | All | NAT traversal for WebRTC |
| **TURN Server** | 5349 | 5349 | All | Relay for restricted networks |
| **RTP Media** | 49160-49200 | 49160-49200 | All | Media streams (40 port range) |
### **Internal Container Ports**
| Component | Container Port | Host Port | Purpose |
|-----------|----------------|-----------|---------|
| **Jitsi Web** | 80, 443 | 5080, 5443 | HTTP/HTTPS interface |
| **JVB** | 10000/udp | 10000/udp | Video bridge |
| **Prosody** | 5222, 5347 | Internal | XMPP server |
## 🚀 Quick Start
### Prerequisites
- Docker and Docker Compose installed
- Port forwarding configured on router
- Domain name pointing to external IP
- SSL certificates (Let's Encrypt recommended)
### Deployment
```bash
# Navigate to service directory
cd Atlantis/jitsi
# Start the complete Jitsi Meet stack
docker-compose up -d
# Check all services status
docker-compose ps
# View logs for all components
docker-compose logs -f
```
### External Access
```bash
# Primary access URL
https://meet.thevish.io
# Alternative domain access
https://meet.vish.gg
# Direct port access (if needed)
https://meet.thevish.io:4443
```
## 🔧 Configuration
### Docker Compose Services
#### **Jitsi Web (Frontend)**
```yaml
web:
image: jitsi/web:stable
container_name: jitsi-web
ports:
- "5080:80" # HTTP (redirects to HTTPS)
- "5443:443" # HTTPS web interface
environment:
- PUBLIC_URL=https://meet.thevish.io
- ENABLE_P2P=0
- ENABLE_TURN=1
- TURN_HOST=turn.thevish.io
- TURN_PORT=3478
- DISABLE_HTTPS=0
```
#### **Prosody (XMPP Server)**
```yaml
prosody:
image: jitsi/prosody:stable
container_name: jitsi-prosody
environment:
- XMPP_DOMAIN=meet.jitsi
- XMPP_AUTH_DOMAIN=auth.meet.jitsi
- XMPP_MUC_DOMAIN=muc.meet.jitsi
```
#### **Jicofo (Conference Focus)**
```yaml
jicofo:
image: jitsi/jicofo:stable
container_name: jitsi-jicofo
environment:
- XMPP_DOMAIN=meet.jitsi
- XMPP_AUTH_DOMAIN=auth.meet.jitsi
- JICOFO_AUTH_USER=focus
```
#### **JVB (Video Bridge)**
```yaml
jvb:
image: jitsi/jvb:stable
container_name: jitsi-jvb
ports:
- "10000:10000/udp" # Video bridge
environment:
- JVB_PORT=10000
- JVB_STUN_SERVERS=stun.l.google.com:19302
- DOCKER_HOST_ADDRESS=meet.thevish.io
```
### Key Environment Variables
| Variable | Value | Description |
|----------|-------|-------------|
| `PUBLIC_URL` | `https://meet.thevish.io` | External access URL |
| `DOCKER_HOST_ADDRESS` | `meet.thevish.io` | Host address for WebRTC |
| `ENABLE_P2P` | `0` | Disable peer-to-peer (force through server) |
| `ENABLE_TURN` | `1` | Enable TURN server for NAT traversal |
| `TURN_HOST` | `turn.thevish.io` | TURN server hostname |
| `TURN_PORT` | `3478` | TURN server port |
## 🌐 Network Architecture
### **External Access Flow**
```
Internet → Router (Port Forward) → Atlantis → Docker Container
Port 4443 → 192.168.0.200:5443 → jitsi-web:443
Port 3478 → 192.168.0.200:3478 → STUN/TURN server
Port 5349 → 192.168.0.200:5349 → TURN server
Port 49160-49200 → 192.168.0.200:49160-49200 → RTP media
```
### **Internal Container Network**
```
meet.jitsi (Docker Network)
├── jitsi-web (Frontend)
├── jitsi-prosody (XMPP Server)
├── jitsi-jicofo (Conference Focus)
└── jitsi-jvb (Video Bridge)
```
## 🔒 Security Considerations
### **External Exposure Assessment**
- **✅ High Security**: HTTPS encryption on port 4443
- **✅ Standard Protocols**: STUN/TURN are industry standard
- **⚠️ Media Ports**: RTP range 49160-49200 exposed for media
- **✅ Authentication**: Meeting rooms can be password protected
### **Security Recommendations**
```bash
# 1. Enable meeting passwords
- Configure lobby mode for meetings
- Require passwords for sensitive meetings
- Use waiting rooms for additional control
# 2. Monitor access logs
- Review Nginx/web server logs regularly
- Monitor for unusual connection patterns
- Set up alerts for failed authentication attempts
# 3. Keep services updated
- Regular updates for all Jitsi components
- Monitor security advisories
- Implement automated security scanning
# 4. Network security
- Firewall rules for specific IP ranges if needed
- Consider VPN access for internal meetings
- Implement rate limiting on web interface
```
## 🚨 Troubleshooting
### **Common Issues**
#### **Can't Access Web Interface**
```bash
# Check external access
curl -I https://meet.thevish.io
curl -I https://meet.vish.gg
# Verify port forwarding
nmap -p 4443 meet.thevish.io
# Check container status
docker-compose ps
docker-compose logs web
```
#### **Video/Audio Not Working**
```bash
# Check STUN/TURN servers
nmap -p 3478,5349 meet.thevish.io
# Verify RTP port range
nmap -p 49160-49200 meet.thevish.io
# Test WebRTC connectivity
# Use browser developer tools → Network tab
# Look for STUN/TURN connection attempts
```
#### **Meeting Connection Issues**
```bash
# Check JVB (Video Bridge) status
docker-compose logs jvb
# Verify XMPP server
docker-compose logs prosody
# Check conference focus
docker-compose logs jicofo
# Test internal connectivity
docker-compose exec web ping prosody
```
### **Performance Optimization**
```bash
# Monitor resource usage
docker stats
# Check bandwidth usage
iftop -i eth0
# Optimize JVB settings for concurrent users
# Edit JVB configuration for higher capacity
```
## 📊 Resource Requirements
### **Recommended Resources**
- **Minimum RAM**: 4GB total for all components
- **Recommended RAM**: 8GB+ for production use
- **CPU**: 4+ cores for multiple concurrent meetings
- **Network**: High bandwidth for media streaming
- **Storage**: 10GB+ for logs and configuration
### **Scaling Considerations**
- **Small meetings (2-4 people)**: Default configuration sufficient
- **Medium meetings (5-15 people)**: Increase JVB memory allocation
- **Large meetings (15+ people)**: Consider multiple JVB instances
- **Enterprise scale**: Implement Jitsi cluster with load balancing
## 🔍 Health Monitoring
### **Service Health Checks**
```bash
# Check all components
docker-compose ps
# Test web interface
curl -f https://meet.thevish.io/config.js
# Verify XMPP server
docker-compose exec prosody prosodyctl status
# Check video bridge
curl -f http://localhost:8080/colibri/stats
```
### **Monitoring Metrics**
- **Active meetings**: Number of concurrent conferences
- **Participant count**: Total users across all meetings
- **Bandwidth usage**: Network utilization for media streams
- **CPU/Memory**: Resource consumption per component
- **Connection success rate**: WebRTC connection establishment
## 🌐 Integration with Homelab
### **Tailscale Access**
```bash
# Internal access via Tailscale
https://atlantis.tail.vish.gg:5443
# Secure admin access
https://atlantis.tail.vish.gg:5080/admin
```
### **Reverse Proxy Integration**
```bash
# If using Nginx Proxy Manager or Traefik
# Configure reverse proxy for clean URLs
# Handle SSL termination at proxy level
# Load balance multiple Jitsi instances
```
### **Monitoring Integration**
```bash
# Prometheus metrics (if enabled)
http://atlantis.tail.vish.gg:8080/metrics
# Grafana dashboard
# Import Jitsi Meet dashboard for monitoring
# Set up alerts for service failures
```
## 📚 Additional Resources
- **Official Documentation**: [Jitsi Meet Handbook](https://jitsi.github.io/handbook/)
- **Docker Hub**: [Jitsi Docker Images](https://hub.docker.com/u/jitsi)
- **Community**: [Jitsi Community Forum](https://community.jitsi.org/)
- **Security Guide**: [Jitsi Security Best Practices](https://jitsi.github.io/handbook/docs/devops-guide/secure)
## 🔗 Related Services
- **Prosody**: XMPP server component
- **Jicofo**: Conference focus component
- **JVB**: Video bridge component
- **Nginx**: Reverse proxy for web interface
- **Coturn**: STUN/TURN server (if separate)
---
*This documentation covers the complete Jitsi Meet platform including external access configuration and port forwarding requirements.*
**Last Updated**: 2025-11-17
**Configuration Source**: `Atlantis/jitsi/jitsi.yml`
**External Access**: `https://meet.thevish.io`