Categories
Uncategorized

Jitsi private video conferencing on synology NAS

In these days of physical isolation I wanted to spend my free time to check and implement a videoconferencing solution for my private use.

After googling I found Jitsi and in few minutes I was able to setup a test environment on my computer using docker.

I wanted to implement this on my Synology NAS (DS918) using docker containers. All explanations below are coming from the Jitsi github page, with a little customization to fit my needs.

I assume that you are familiar with docker, SSH access & certificate installation/request.

You need to download the file https://github.com/jitsi/docker-jitsi-meet/archive/master.zip

Upload and extract on your NAS the content of the zip file. In my installation it is the folder /volume1/docker

Open an SSH console to your NAS

Go to the folder you just created it will be something like:

cd /volume1/docker/docker-jitsi-meet-master

Copy the environment file:

cp env.example .env

Set strong passwords:

./gen-passwords.sh

Create a folder where to store the configuration files:

mkdir /volume1/docker/docker-jitsi-config/

mkdir -p /volume1/docker/docker-jitsi-config/{web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}

Edit the .env file and change the line CONFIG=~/.jitsi-meet-cfg to CONFIG=/volume1/docker/docker-jitsi-config

Enable authentication, guest access and internal authentication:

ENABLE_AUTH=1

ENABLE_GUESTS=1

AUTH_TYPE=internal

Customize the lines related to your environment and the docker host IP (your NAS interface). I use afraid DNS route my personal domain to my NAS public IP.

PUBLIC_URL=https://meet.mydomain.com

DOCKER_HOST_ADDRESS=192.168.X.X

You can now create and run the docker containers:

docker-compose up -d

To protect access to your meeting solution connect to the prosody container:

docker exec -it docker-jitsi-meet-master_prosody_1 /bin/bash

and create register your user:
prosodyctl --config /config/prosody.cfg.lua register TheDesiredUsername meet.jitsi TheDesiredPassword

You can use the Synology NAS reverse proxy to redirect your domain HTTPS to your container on port 8443 (Application Portal > Reverse Proxy > Create). This is mandatory to have a fully working solution. (avoiding problem with video content)

You need also to generate a certificate and install it on your NAS (Security > Certificates > Create)

I use a letsencrypt certificate but you can also import one.

Configure the certificate to be presented for meet.mydomain.com (Security > Certificates > Configure)

After completing these steps you should have a working private videoconferencing solution, with authenticated host and guest access activated on your Synology NAS.

9 Sept. 2020 – Edited after Mchl Grdlv comments.

29 replies on “Jitsi private video conferencing on synology NAS”

I follow your tut but i m keep getting “Your connection has been disconnected” error. any ideas why? i had added ENABLE_XMPP_WEBSOCKET=0
to the .env
but doesnt seem to work.

First of all: Thank you for this tutorial. It helped me a lot.
Now to two suggested improvements:
1. In the router you have to open two more ports besides of port 443 (HTTPS). These are the ports 10000 (UDP) and 4443 (TCP). If I understood the manual correctly this is necessary if you want to establish a conference with more than two participiciants.
2. In the configuration window of the reverse proxy it is necessary to define two user defined headers: 1. “Upgrade” with the value “$http_upgrade” and 2. “Connection” with the value “$connection_upgrade”. You can do this by choosing “WebSocket” from the Dropdown-List “Create”. If not, you will not be able to enable the camera and the microphone when you start a conference. And you will not be asked for the username and password if you have configured “ENABLE_AUTH = 1”.
I have now set up a second Jitsi server with the latest docker files (2021-08-26) and this only worked with the two “modifications” I mentioned above. The first Jitsi server I created at the end of the last year worked without these “modifications” however I only had “conferences” with one more participiciant.

Thanks a lot for your how to … I was really happy see the first time the Jitsi Webpage via LAN IP and HTTPS domain …
I can create or start a room but than in both cases it says “Your connection has been disconnected (translated from German)” and it tries to refresh. I suppose it has something to do with the Authentication? I Enabled AUTH_TYPE=internal and didn’t understand what this do and how it belongs to:
prosodyctl –config /config/prosody.cfg.lua register TheDesiredUsername meet.jitsi TheDesiredPassword
If I create a user and password here were is it needed?

Thanks a lot for all your work!
Steffen

Okay now I know for what the prosody user is … jitsi was running and I could enter with the iOS App once but than it crashed now I get the log for nginx:
host not found in upstream “xmpp.meet.jitsi” in /config/nginx/meet.conf:50
I changed all the xmpp to my domain and local IP but nothing fixed it … what should be used for all this xmpp values?

just in case somebody knows

And,
Important my .env settings.
# Disable HTTPS: handle TLS connections outside of this setup
DISABLE_HTTPS=1

indeed my certificate is handled by the reverse proxy

Hi
Thank you for the tutorial,
unfortunately it leads to a grey page my computer try to connects desperately.

hi,
Yes I tried by activating the websocket. But now it leads to an infinite “you have been disconnected”

Hi

Great information! How could I work out, in advance of setting up, the likely number of people I could have connected to the NAS? I have a DS218. It would be great to get an understanding of the number of people that could be connected with cameras on, simultaneously.

Thanks!

Hey Cedric,
Thanks a lot for the simple and clear explanation. I think something you might add because it made a great difference to me and took me time to find out is that on the port you forward on your reverse proxy, you shall enable websocket, otherwise you won’t be able to connect from outside.
Thanks again,
Cheers

I tried to start with latest release of Jitsi. With that container are starting as wanted. But I just get a grey site. In the log I got the message that permission is denied for config.js. config.js is existing and has complete read access. Do you know what is happening?

Hello,
thank you for this manual, but I am stack with docker deployment step:

docker-compose up -d
ERROR: Couldn’t connect to Docker daemon at http+docker://localhost – is it running?
If it’s at a non-standard location, specify the URL with the DOCKER_HOST environment variable.

My Docker runs on Synology, I am not sure if I set it correctly. My Synology nas local IP is 192.168.1.100. So it should be there this?
DOCKER_HOST_ADDRESS=192.168.1.100 ??
Because docker itself there has some internal network (what I can see in the docker network config is 172.17.0.1 – gateway). But Even I tried this, same error. Can you please give me some clue?

Thank you,Jan

I’m also stuck on “docker-compose up -d”.

I get ERROR:
————————————–
Can’t find a suitable configuration file in this directory or any
parent. Are you in the right directory?

Supported filenames: docker-compose.yml, docker-compose.yaml
————————————–

Did I miss something?

Nevermind. I was tired, was not on the correct folder.

But now I get this error when trying to start it:

Start container docker-jitsi-meet-master_prosody_1 failed: {“message”:”Bind mount failed: ‘/root/.jitsi-meet-cfg/prosody/prosody-plugins-custom’ does not exists”}.

Hi , I was able to install it. The error I made is that I forgot to uncomment

ENABLE_AUTH=1
ENABLE_GUESTS=1
AUTH_TYPE=internal

in the .env file . So my bad 🙁

Now I was able to complete the installation. I see the dockers running in the docker=package-center on my Synology DS920+

But now I’m struggling with the URL’s. In your instructions, you mentioned, as example :

PUBLIC_URL=https://meet.mydomain.com

My NAS, which is accessible from the Internet, has (sub)domain-name :
nas..be

Ideally, I would like to have. for this Jitsi-application, the sub-domain :
meet..be

But I guess this will not be possible, isn’t it ? As all https-traffic (port 443) traffic , initiated by somebody on the internet will go to port 5001 (Synology DSM). This because my router has a NAT-translation from the public IP-address of my NAS (port 443) to the internal IP-address (192.168.1.207) of my NAS (port 5001).

Maybe I’m wrong , but is the only way to have the Jitsi on my NAS accessible from the internet, is to register a new domain-name ?

Also : apart from the access from Internet, I had expected that I could see the Jitsi-pages (application), by going (on my local-PC, same LAN as my Synology) ) to https://192.168.1.207:8443 . But that does not work at all. Should that not work ?

Hi,

external access:
You need to declare the meet..be as a cname for your domain, then the reverse proxy configuration should redirect the traffic to your docker container based on the domain name.

For the internal access
Did you also put DOCKER_HOST_ADDRESS=192.168.1.207 in the .env file?
what do you get with the command below?
telnet 192.168.1.207 8443

Cheers

Aho, ok, I will setup a CNAME. Once replicated after some hours, I will test.

About the Telnet to port 8443 : I had tried that already before : it’s working, but it’s getting closed immediately. Normally, with a telnet to a port, and when it works, you get connected and the screen stays black, until you hit -Z

Here, it connects, but closes immediately (so I get the command-prompt again). Which looks for me something is wrong

Hi Cedric. I was not able to work on this the last weeks due to other priorities. But now I would like to have this working.

Your last question was : “Do you have another container or service running on this 8443 port?”

In the Application-portal, I do not see other applications running on 8443.

And, when I stop the 4 docker-containers I see in the docker-packages (docker-jitsi-meet-master-jicofo_1 ; docker-jitsi-meet-master-jvb_1 ; docker-jitsi-meet-master-prosody_1 ; docker-jitsi-meet-master-web_1), then my

telnet 192.168.1.207 8443

does not work.

Which makes me believe it’s one of the jitsi-processes which “sees” my Telnet, but then releases the connection again as something is still not setup correctly.

Also, when I browse to https://meet..be:8443, it first says “…. closed the connection, then “….reset the connection”

Is there anything you recommend me to do further ? Maybe I have to redo all from scratch ?

Hi,

this looks for me very interesting: I’m having a Synology DS920+, used for our Cohousing.

I’m looking for a video-conference solution on which the (audio and video) data does not go over the Internet, but stays on our local-LAN, when the participating-user is working from the local-LAN.

I would like to try what you have explained in this post. But I assume after reading the article briefly (need to read in more details), that the traffic just stays on the Local-LAN ?

Thanks for your answer

Hi, I’m trying to install. I’m on the step to “protect access to your meeting solution connect to the prosody container:

I can successfully execute :

docker exec -it docker-jitsi-meet-master_prosody_1 /bin/bash

But on the command

prosodyctl –config /config/prosody.cfg.lua register meet.jitsi

I have an error :

**************************
Prosody was unable to find the configuration file.
We looked for: /etc/prosody/prosody.cfg.lua
A sample config file is included in the Prosody download called prosody.cfg.lua.dist
Copy or rename it to prosody.cfg.lua and edit as necessary.
More help on configuring Prosody can be found at https://prosody.im/doc/configure
Good luck!
**************************

I see there is no directory /etc/prosody

Do I have to install something about prosody, prior to execute this step ?

Many thanks, Eddy

Thanks. Now I have that error anymore. But now I have another error:

The given hostname does not exist in the config

I’m new to Jitsi and Prosody (and as well to Docker). I read many pages of the Prosody-manuals in the last hours. And I will do more.

What I understand from now is that the error I have has probably to do with the host-name I mentioned in my command. I have used first was :

prosodyctl –config /config/prosody.cfg.lua register meet.jitsi

Then I thought I had to use, as hostname, the one I specified in the variable PUBLIC_URL in the .env file.

I have set PUBLIC_URL as : https://meet.MyDomainName.be

So, I had used, as command:

prosodyctl –config /config/prosody.cfg.lua register meet.MyDomainName.be

Then I have another error:

The given hostname does not exist in the config

Which makes me believe my errors have indeed to see with the host-name.

I searched in several documentation-pages what they mean by that host-name in the “prosodyctl” command. But I cannot really find it.

Your help would be much appreciated

Many thanks!
Eddy

Leave a Reply

Your email address will not be published. Required fields are marked *