Document a scalable installation with multiple videobridges (#5783)

doc/README.md

@@ -41,3 +41,5 @@ Work in progress.
 * [Enabling TURN](https://github.com/jitsi/jitsi-meet/blob/master/doc/turn.md)
 * [Networking FAQ](https://github.com/jitsi/jitsi-meet/blob/master/doc/faq.md)
 * [Cloud APIs](https://github.com/jitsi/jitsi-meet/blob/master/doc/cloud-api.md)
+* [Manual Installation](https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md)
+* [Scalable Installation](https://github.com/jitsi/jitsi-meet/blob/master/doc/scalable-installation.md)

doc/example-config-files/scalable/jicofo_config.scalable.example

@@ -0,0 +1,27 @@
+# Jitsi Conference Focus settings
+# sets the host name of the XMPP server
+JICOFO_HOST=localhost
+
+# sets the XMPP domain (default: none)
+JICOFO_HOSTNAME=meet.example.com
+
+# sets the secret used to authenticate as an XMPP component
+JICOFO_SECRET=$JICOFO_SECRET
+
+# sets the port to use for the XMPP component connection
+JICOFO_PORT=5347
+
+# sets the XMPP domain name to use for XMPP user logins
+JICOFO_AUTH_DOMAIN=auth.meet.example.com
+
+# sets the username to use for XMPP user logins
+JICOFO_AUTH_USER=focus
+
+# sets the password to use for XMPP user logins
+JICOFO_AUTH_PASSWORD=$JICOFO_PASSWORD
+
+# extra options to pass to the jicofo daemon
+JICOFO_OPTS=""
+
+# adds java system props that are passed to jicofo (default are for home and logging config file)
+JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties"

doc/example-config-files/scalable/jicofo_sip-communicator.properties.scalable.example

@@ -0,0 +1,6 @@
+
+org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.meet.example.com
+org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
+
+org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.meet.example.com
+org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90

doc/example-config-files/scalable/meet.example.com.cfg.lua.scalable.example

@@ -0,0 +1,88 @@
+plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
+
+-- domain mapper options, must at least have domain base set to use the mapper
+muc_mapper_domain_base = "meet.example.com";
+
+turncredentials_secret = "turncredentials_secret_test";
+
+turncredentials = {
+  { type = "stun", host = "meet.example.com", port = "443" },
+  { type = "turn", host = "meet.example.com", port = "443", transport = "udp" },
+  { type = "turns", host = "meet.example.com", port = "443", transport = "tcp" }
+};
+
+cross_domain_bosh = false;
+consider_bosh_secure = true;
+
+VirtualHost "meet.example.com"
+        -- enabled = false -- Remove this line to enable this host
+        authentication = "anonymous"
+        -- Properties below are modified by jitsi-meet-tokens package config
+        -- and authentication above is switched to "token"
+        --app_id="example_app_id"
+        --app_secret="example_app_secret"
+        -- Assign this host a certificate for TLS, otherwise it would use the one
+        -- set in the global section (if any).
+        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
+        -- use the global one.
+        ssl = {
+                key = "/etc/prosody/certs/meet.example.com.key";
+                certificate = "/etc/prosody/certs/meet.example.com.crt";
+        }
+        speakerstats_component = "speakerstats.meet.example.com"
+        conference_duration_component = "conferenceduration.meet.example.com"
+        -- we need bosh
+        modules_enabled = {
+            "bosh";
+            "pubsub";
+            "ping"; -- Enable mod_ping
+            "speakerstats";
+            "turncredentials";
+            "conference_duration";
+        }
+        c2s_require_encryption = false
+
+Component "conference.meet.example.com" "muc"
+    storage = "memory"
+    modules_enabled = {
+        "muc_meeting_id";
+        "muc_domain_mapper";
+        -- "token_verification";
+    }
+    admins = { "[email protected]" }
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+
+-- internal muc component
+-- Note: This is also used from jibris
+Component "internal.auth.meet.example.com" "muc"
+    storage = "memory"
+    modules_enabled = {
+      "ping";
+    }
+    admins = { "[email protected]", "[email protected]" }
+
+VirtualHost "auth.meet.example.com"
+    ssl = {
+        key = "/etc/prosody/certs/auth.meet.example.com.key";
+        certificate = "/etc/prosody/certs/auth.meet.example.com.crt";
+    }
+    authentication = "internal_plain"
+
+Component "focus.meet.example.com"
+    component_secret = "jicofo_secret_test"
+
+Component "speakerstats.meet.example.com" "speakerstats_component"
+    muc_component = "conference.meet.example.com"
+
+
+Component "conferenceduration.meet.example.com" "conference_duration_component"
+    muc_component = "conference.meet.example.com"
+
+-- for Jibri
+VirtualHost "recorder.meet.example.com"
+    modules_enabled = {
+        "ping";
+    }
+    authentication = "internal_plain"
+    c2s_require_encryption = false

doc/example-config-files/scalable/prosody.cfg.lua.scalable.example

@@ -0,0 +1,114 @@
+-- Prosody XMPP Server Configuration
+
+---------- Server-wide settings ----------
+-- Settings in this section apply to the whole server and are the default settings
+-- for any virtual hosts
+
+admins = { }
+
+network_backend = "epoll"
+
+-- This is the list of modules Prosody will load on startup.
+-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
+-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
+modules_enabled = {
+
+	-- Generally required
+		"roster"; -- Allow users to have a roster. Recommended ;)
+		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+		"tls"; -- Add support for secure TLS on c2s/s2s connections
+		"dialback"; -- s2s dialback support
+		"disco"; -- Service discovery
+
+	-- Not essential, but recommended
+		"carbons"; -- Keep multiple clients in sync
+		"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
+		"private"; -- Private XML storage (for room bookmarks, etc.)
+		"blocklist"; -- Allow users to block communications with other users
+		"vcard4"; -- User profiles (stored in PEP)
+		"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
+
+	-- Nice to have
+		"version"; -- Replies to server version requests
+		"uptime"; -- Report how long server has been running
+		"time"; -- Let others know the time here on this server
+		"ping"; -- Replies to XMPP pings with pongs
+		"register"; -- Allow users to register on this server using a client and change passwords
+		--"mam"; -- Store messages in an archive and allow users to access it
+		--"csi_simple"; -- Simple Mobile optimizations
+
+	-- Admin interfaces
+		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
+		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
+
+	-- HTTP modules
+		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+		--"websocket"; -- XMPP over WebSockets
+		--"http_files"; -- Serve static files from a directory over HTTP
+
+	-- Other specific functionality
+		--"limits"; -- Enable bandwidth limiting for XMPP connections
+		--"groups"; -- Shared roster support
+		--"server_contact_info"; -- Publish contact information for this service
+		--"announce"; -- Send announcement to all online users
+		--"welcome"; -- Welcome users who register accounts
+		--"watchregistrations"; -- Alert admins of registrations
+		--"motd"; -- Send a message to users when they log in
+		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+		--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
+}
+
+-- These modules are auto-loaded, but should you want
+-- to disable them then uncomment them here:
+modules_disabled = {
+	-- "offline"; -- Store offline messages
+	-- "c2s"; -- Handle client connections
+	-- "s2s"; -- Handle server-to-server connections
+	-- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+}
+
+-- Disable account creation by default, for security
+-- For more information see https://prosody.im/doc/creating_accounts
+allow_registration = false
+
+-- Force clients to use encrypted connections? This option will
+-- prevent clients from authenticating unless they are using encryption.
+
+c2s_require_encryption = true
+
+-- Force servers to use encrypted connections? This option will
+-- prevent servers from authenticating unless they are using encryption.
+
+s2s_require_encryption = true
+
+-- Force certificate authentication for server-to-server connections?
+
+s2s_secure_auth = false
+
+
+-- Required for init scripts and prosodyctl
+pidfile = "/var/run/prosody/prosody.pid"
+
+-- Select the authentication backend to use. The 'internal' providers
+-- use Prosody's configured data storage to store the authentication data.
+
+authentication = "internal_hashed"
+
+archive_expires_after = "1w" -- Remove archived messages after 1 week
+
+-- Logging configuration
+-- For advanced logging see https://prosody.im/doc/logging
+log = {
+	info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
+	error = "/var/log/prosody/prosody.err";
+	-- "*syslog"; -- Uncomment this for logging to syslog
+	-- "*console"; -- Log to the console, useful for debugging with daemonize=false
+}
+
+
+-- Location of directory to find certificates in (relative to main config file):
+certificates = "certs"
+
+VirtualHost "localhost"
+
+Include "conf.d/*.cfg.lua"

doc/example-config-files/scalable/videobridge_config.scalable.example

@@ -0,0 +1,20 @@
+# Jitsi Videobridge settings
+
+# sets the XMPP domain (default: none)
+JVB_HOSTNAME=meet.example.com
+
+# sets the hostname of the XMPP server (default: domain if set, localhost otherwise)
+JVB_HOST=
+
+# sets the port of the XMPP server (default: 5275)
+JVB_PORT=5347
+
+# sets the shared secret used to authenticate to the XMPP server
+JVB_SECRET=$VP_SECRET
+
+# extra options to pass to the JVB daemon
+JVB_OPTS="--apis=rest,"
+
+
+# adds java system props that are passed to jvb (default are for home and logging config file)
+JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/videobridge/logging.properties"

doc/example-config-files/scalable/videobridge_sip-communicator.properties.scalable.example

@@ -0,0 +1,19 @@
+org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
+org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
+
+org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
+
+org.jitsi.videobridge.ENABLE_REST_SHUTDOWN=true
+
+# Enable broadcasting stats/presence in a MUC
+org.jitsi.videobridge.ENABLE_STATISTICS=true
+org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri,rest
+org.jitsi.videobridge.STATISTICS_INTERVAL=5000
+
+org.jitsi.videobridge.xmpp.user.shard-1.HOSTNAME=meet.example.com
+org.jitsi.videobridge.xmpp.user.shard-1.DOMAIN=auth.meet.example.com
+org.jitsi.videobridge.xmpp.user.shard-1.USERNAME=jvb
+org.jitsi.videobridge.xmpp.user.shard-1.PASSWORD=$VB_PASSWORD
+org.jitsi.videobridge.xmpp.user.shard-1.MUC_JIDS=JvbBrewery@internal.auth.meet.example.com
+org.jitsi.videobridge.xmpp.user.shard-1.MUC_NICKNAME=$NICKNAME_OF_VB
+org.jitsi.videobridge.xmpp.user.shard-1.DISABLE_CERTIFICATE_VERIFICATION=true

doc/manual-install.md

@@ -8,6 +8,8 @@ change references to that to match your host, and generate some passwords for
 
 There are also some complete [example config files](https://github.com/jitsi/jitsi-meet/tree/master/doc/example-config-files/) available, mentioned in each section.
 
+There are additional configurations to be done for a [scalable installation](https://github.com/jitsi/jitsi-meet/tree/master/doc/scalable-installation.md)
+
 ## Network description
 
 This is how the network looks: