# Jitsi Meet - Complete Video Conferencing Platform

**🟡 Communication Service**

## 📋 Service Overview

| Property | Value |
|----------|-------|
| **Service Name** | Jitsi Meet (Complete Stack) |
| **Host** | Atlantis (192.168.0.200) |
| **Category** | Communication |
| **Difficulty** | 🟡 |
| **Docker Images** | `jitsi/web`, `jitsi/prosody`, `jitsi/jicofo`, `jitsi/jvb` |
| **Compose File** | `Atlantis/jitsi/jitsi.yml` |
| **Directory** | `Atlantis/jitsi` |
| **External Domain** | `meet.thevish.io` |

## 🎯 Purpose

Jitsi Meet is a complete open-source video conferencing platform that provides secure, high-quality video calls and meetings. It includes web interface, XMPP server, conference focus, and video bridge components.

## 🌐 Port Forwarding Configuration

### **External Access (Router Port Forwards)**
| Service | External Port | Internal Port | Protocol | Purpose |
|---------|---------------|---------------|----------|---------|
| **Jitsi Web** | 4443 | 4443 | TCP | HTTPS web interface |
| **STUN Server** | 3478 | 3478 | All | NAT traversal for WebRTC |
| **TURN Server** | 5349 | 5349 | All | Relay for restricted networks |
| **RTP Media** | 49160-49200 | 49160-49200 | All | Media streams (40 port range) |

### **Internal Container Ports**
| Component | Container Port | Host Port | Purpose |
|-----------|----------------|-----------|---------|
| **Jitsi Web** | 80, 443 | 5080, 5443 | HTTP/HTTPS interface |
| **JVB** | 10000/udp | 10000/udp | Video bridge |
| **Prosody** | 5222, 5347 | Internal | XMPP server |

## 🚀 Quick Start

### Prerequisites
- Docker and Docker Compose installed
- Port forwarding configured on router
- Domain name pointing to external IP
- SSL certificates (Let's Encrypt recommended)

### Deployment
```bash
# Navigate to service directory
cd Atlantis/jitsi

# Start the complete Jitsi Meet stack
docker-compose up -d

# Check all services status
docker-compose ps

# View logs for all components
docker-compose logs -f
```

### External Access
```bash
# Primary access URL
https://meet.thevish.io

# Alternative domain access
https://meet.vish.gg

# Direct port access (if needed)
https://meet.thevish.io:4443
```

## 🔧 Configuration

### Docker Compose Services

#### **Jitsi Web (Frontend)**
```yaml
web:
  image: jitsi/web:stable
  container_name: jitsi-web
  ports:
    - "5080:80"    # HTTP (redirects to HTTPS)
    - "5443:443"   # HTTPS web interface
  environment:
    - PUBLIC_URL=https://meet.thevish.io
    - ENABLE_P2P=0
    - ENABLE_TURN=1
    - TURN_HOST=turn.thevish.io
    - TURN_PORT=3478
    - DISABLE_HTTPS=0
```

#### **Prosody (XMPP Server)**
```yaml
prosody:
  image: jitsi/prosody:stable
  container_name: jitsi-prosody
  environment:
    - XMPP_DOMAIN=meet.jitsi
    - XMPP_AUTH_DOMAIN=auth.meet.jitsi
    - XMPP_MUC_DOMAIN=muc.meet.jitsi
```

#### **Jicofo (Conference Focus)**
```yaml
jicofo:
  image: jitsi/jicofo:stable
  container_name: jitsi-jicofo
  environment:
    - XMPP_DOMAIN=meet.jitsi
    - XMPP_AUTH_DOMAIN=auth.meet.jitsi
    - JICOFO_AUTH_USER=focus
```

#### **JVB (Video Bridge)**
```yaml
jvb:
  image: jitsi/jvb:stable
  container_name: jitsi-jvb
  ports:
    - "10000:10000/udp"  # Video bridge
  environment:
    - JVB_PORT=10000
    - JVB_STUN_SERVERS=stun.l.google.com:19302
    - DOCKER_HOST_ADDRESS=meet.thevish.io
```

### Key Environment Variables
| Variable | Value | Description |
|----------|-------|-------------|
| `PUBLIC_URL` | `https://meet.thevish.io` | External access URL |
| `DOCKER_HOST_ADDRESS` | `meet.thevish.io` | Host address for WebRTC |
| `ENABLE_P2P` | `0` | Disable peer-to-peer (force through server) |
| `ENABLE_TURN` | `1` | Enable TURN server for NAT traversal |
| `TURN_HOST` | `turn.thevish.io` | TURN server hostname |
| `TURN_PORT` | `3478` | TURN server port |

## 🌐 Network Architecture

### **External Access Flow**
```
Internet → Router (Port Forward) → Atlantis → Docker Container
    ↓
Port 4443 → 192.168.0.200:5443 → jitsi-web:443
Port 3478 → 192.168.0.200:3478 → STUN/TURN server
Port 5349 → 192.168.0.200:5349 → TURN server
Port 49160-49200 → 192.168.0.200:49160-49200 → RTP media
```

### **Internal Container Network**
```
meet.jitsi (Docker Network)
├── jitsi-web (Frontend)
├── jitsi-prosody (XMPP Server)
├── jitsi-jicofo (Conference Focus)
└── jitsi-jvb (Video Bridge)
```

## 🔒 Security Considerations

### **External Exposure Assessment**
- **✅ High Security**: HTTPS encryption on port 4443
- **✅ Standard Protocols**: STUN/TURN are industry standard
- **⚠️ Media Ports**: RTP range 49160-49200 exposed for media
- **✅ Authentication**: Meeting rooms can be password protected

### **Security Recommendations**
```bash
# 1. Enable meeting passwords
- Configure lobby mode for meetings
- Require passwords for sensitive meetings
- Use waiting rooms for additional control

# 2. Monitor access logs
- Review Nginx/web server logs regularly
- Monitor for unusual connection patterns
- Set up alerts for failed authentication attempts

# 3. Keep services updated
- Regular updates for all Jitsi components
- Monitor security advisories
- Implement automated security scanning

# 4. Network security
- Firewall rules for specific IP ranges if needed
- Consider VPN access for internal meetings
- Implement rate limiting on web interface
```

## 🚨 Troubleshooting

### **Common Issues**

#### **Can't Access Web Interface**
```bash
# Check external access
curl -I https://meet.thevish.io
curl -I https://meet.vish.gg

# Verify port forwarding
nmap -p 4443 meet.thevish.io

# Check container status
docker-compose ps
docker-compose logs web
```

#### **Video/Audio Not Working**
```bash
# Check STUN/TURN servers
nmap -p 3478,5349 meet.thevish.io

# Verify RTP port range
nmap -p 49160-49200 meet.thevish.io

# Test WebRTC connectivity
# Use browser developer tools → Network tab
# Look for STUN/TURN connection attempts
```

#### **Meeting Connection Issues**
```bash
# Check JVB (Video Bridge) status
docker-compose logs jvb

# Verify XMPP server
docker-compose logs prosody

# Check conference focus
docker-compose logs jicofo

# Test internal connectivity
docker-compose exec web ping prosody
```

### **Performance Optimization**
```bash
# Monitor resource usage
docker stats

# Check bandwidth usage
iftop -i eth0

# Optimize JVB settings for concurrent users
# Edit JVB configuration for higher capacity
```

## 📊 Resource Requirements

### **Recommended Resources**
- **Minimum RAM**: 4GB total for all components
- **Recommended RAM**: 8GB+ for production use
- **CPU**: 4+ cores for multiple concurrent meetings
- **Network**: High bandwidth for media streaming
- **Storage**: 10GB+ for logs and configuration

### **Scaling Considerations**
- **Small meetings (2-4 people)**: Default configuration sufficient
- **Medium meetings (5-15 people)**: Increase JVB memory allocation
- **Large meetings (15+ people)**: Consider multiple JVB instances
- **Enterprise scale**: Implement Jitsi cluster with load balancing

## 🔍 Health Monitoring

### **Service Health Checks**
```bash
# Check all components
docker-compose ps

# Test web interface
curl -f https://meet.thevish.io/config.js

# Verify XMPP server
docker-compose exec prosody prosodyctl status

# Check video bridge
curl -f http://localhost:8080/colibri/stats
```

### **Monitoring Metrics**
- **Active meetings**: Number of concurrent conferences
- **Participant count**: Total users across all meetings
- **Bandwidth usage**: Network utilization for media streams
- **CPU/Memory**: Resource consumption per component
- **Connection success rate**: WebRTC connection establishment

## 🌐 Integration with Homelab

### **Tailscale Access**
```bash
# Internal access via Tailscale
https://atlantis.tail.vish.gg:5443

# Secure admin access
https://atlantis.tail.vish.gg:5080/admin
```

### **Reverse Proxy Integration**
```bash
# If using Nginx Proxy Manager or Traefik
# Configure reverse proxy for clean URLs
# Handle SSL termination at proxy level
# Load balance multiple Jitsi instances
```

### **Monitoring Integration**
```bash
# Prometheus metrics (if enabled)
http://atlantis.tail.vish.gg:8080/metrics

# Grafana dashboard
# Import Jitsi Meet dashboard for monitoring
# Set up alerts for service failures
```

## 📚 Additional Resources

- **Official Documentation**: [Jitsi Meet Handbook](https://jitsi.github.io/handbook/)
- **Docker Hub**: [Jitsi Docker Images](https://hub.docker.com/u/jitsi)
- **Community**: [Jitsi Community Forum](https://community.jitsi.org/)
- **Security Guide**: [Jitsi Security Best Practices](https://jitsi.github.io/handbook/docs/devops-guide/secure)

## 🔗 Related Services

- **Prosody**: XMPP server component
- **Jicofo**: Conference focus component  
- **JVB**: Video bridge component
- **Nginx**: Reverse proxy for web interface
- **Coturn**: STUN/TURN server (if separate)

---

*This documentation covers the complete Jitsi Meet platform including external access configuration and port forwarding requirements.*

**Last Updated**: 2025-11-17  
**Configuration Source**: `Atlantis/jitsi/jitsi.yml`  
**External Access**: `https://meet.thevish.io`