Skip to content

Installing

Jump to bottom
Akram El Assas edited this page Jun 15, 2023 · 1 revision

Below are the installation instructions on Ubuntu Linux.

Prerequisites

  1. Install git, Node.js, nginx, MongoDB and mongosh.

  2. Configure MongoDB:

mongosh

Create admin user:

db = db.getSiblingDB('admin')
db.createUser({ user: "admin" , pwd: "PASSWORD", roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase"]})

Replace PASSWORD with a strong password.

Secure MongoDB:

sudo nano /etc/mongod.conf

Change configuration as follows:

net:
  port: 27017
  bindIp: 0.0.0.0

security:
  authorization: enabled

Restart MongoDB service:

sudo systemctl restart mongod.service
sudo systemctl status mongod.service

Install Jitsi

  1. Install Jitsi by following Self-Hosting Guide - Debian/Ubuntu server

Use an IP address if you don't have an FQDN.

  1. Install jitsi-meet-tokens:
apt-get install jitsi-meet-tokens

Use the same JWT secret in Wexstream API.

  1. Fix external_api.min.map:
sudo nano /etc/nginx/sites-available/meet.domain.com.conf

Next, locate the following lines:

location = /external_api.js {
    alias /usr/share/jitsi-meet/libs/external_api.min.js;
}

Next, add the following lines under location = /external_api.js { ... }:

location = /external_api.min.js.map {
        alias /usr/share/jitsi-meet/libs/external_api.min.js.map;
}
  1. Change Jitsi port to 444:

Change the port :443 in /etc/nginx/sites-available/meet.domain.com.conf to :444 and comment :80 section.

Change the port :443 in /etc/jitsi/videobridge/jvb.conf to :444.

Set the port :444 in /etc/jitsi/meet/www.wexstream.com-config.js to bosh setting:

bosh: '//www.wexstream.com:444/http-bind',
  1. Fix config.flags:
sudo nano /etc/jitsi/meet/meet.domain-config.js

And add the following line before config.flags.sourceNameSignaling = true;:

config.flags = config.flags || {};
  1. Disable welcomePage:
sudo nano /etc/jitsi/meet/meet.domain-config.js

welcomePage: {
         // Whether to disable welcome page. In case it's disabled a random room
         // will be joined when no room is specified.
         disabled: true,
         // If set,landing page will redirect to this URL.
         // customUrl: ''
},
  1. Update video configuration:
sudo nano /etc/jitsi/meet/meet.domain-config.js

Set the following settings:

defaultLanguage: 'en'
startAudioOnly: true,
enableLayerSuspension: true,
  1. Hide Jitsi watermark:

Open interface_config.js:

sudo nano /usr/share/jitsi-meet/interface_config.js

Set the following setting:

SHOW_JITSI_WATERMARK: false,
  1. Restart jitsi:
sudo /etc/init.d/jicofo restart && sudo /etc/init.d/jitsi-videobridge2 restart && sudo /etc/init.d/prosody restart && sudo /etc/init.d/nginx restart

Instructions

  1. Clone Wexstream repo:
cd /opt
sudo git clone https://github.com/aelassas/wexstream.git
  1. Add permissions:
sudo chown -R $USER:$USER /opt/wexstream
sudo chmod -R +x /opt/wexstream/__scripts
  1. Create deployment shortcut:
sudo ln -s /opt/wexstream/__scripts/ws-deploy.sh /usr/local/bin/ws-deploy
  1. Create Wexstream service:
sudo cp /opt/wexstream/__services/wexstream.service /etc/systemd/system
sudo systemctl enable wexstream.service

You'll need to update User and Group settings in /opt/wexstream/__services/wexstream.service.

  1. Add /opt/wexstream/api/.env file:
NODE_ENV = production
WS_PORT = 4003
WS_HTTPS = true
WS_PRIVATE_KEY = /etc/jitsi/meet/192.168.100.223.key
WS_CERTIFICATE = /etc/jitsi/meet/192.168.100.223.crt
WS_APP_HOST = 192.168.100.223
WS_DB_HOST = 127.0.0.1
WS_DB_PORT = 27017
WS_DB_SSL = false
WS_DB_SSL_KEY = /etc/jitsi/meet/192.168.100.223.key
WS_DB_SSL_CERT = /etc/jitsi/meet/192.168.100.223.crt
WS_DB_SSL_CA = /etc/jitsi/meet/192.168.100.223.ca.pem
WS_DB_DEBUG = false
WS_DB_APP_NAME = wexstream
WS_DB_AUTH_SOURCE = admin
WS_DB_USERNAME = admin
WS_DB_PASSWORD = PASSWORD
WS_DB_NAME = wexstream
WS_JWT_SECRET = JWT_SECRET
WS_JWT_SUB = 192.168.100.223
WS_JWT_EXPIRE_AT = 86400
WS_TOKEN_EXPIRE_AT = 86400
WS_SMTP_HOST = host
WS_SMTP_PORT = 587
WS_SMTP_USER = USER
WS_SMTP_PASS = PASSWORD
WS_SMTP_FROM = no-reply@wexstream.com
WS_ADMIN_EMAIL = admin@wexstream.com
WS_DEFAULT_LANGUAGE = en
WS_CDN = /var/www/cdn/wexstream

You must configure the following options:

WS_APP_HOST
WS_DB_PASSWORD
WS_JWT_SECRET 
WS_JWT_SUB 
WS_SMTP_HOST 
WS_SMTP_PORT 
WS_SMTP_USER 
WS_SMTP_PASS 
WS_SMTP_FROM
WS_ADMIN_EMAIL

WS_JWT_SECRET must be the same as the JWT secret used in Jitsi.

WS_JWT_SUB must be the FQDN or IP of the server where Jitsi is installed.

You must configure the following options:

WS_HTTPS = true
WS_PRIVATE_KEY = /etc/jitsi/meet/192.168.100.223.key
WS_CERTIFICATE = /etc/jitsi/meet/192.168.100.223.crt

If you want to use the database on a dedicated server with TLS, you must configure the following options:

WS_DB_HOST = 127.0.0.1
WS_DB_SSL = false
WS_DB_SSL_KEY = /etc/jitsi/meet/192.168.100.223.key
WS_DB_SSL_CERT = /etc/jitsi/meet/192.168.100.223.crt
WS_DB_SSL_CA = /etc/jitsi/meet/192.168.100.223.ca.pem
  1. Add /opt/wexstream/frontend/.env file:
REACT_APP_NODE_ENV = production
REACT_APP_WS_DEFAULT_LANGUAGE = en
REACT_APP_WS_DATE_FORMAT = llll
REACT_APP_WS_PAGE_SIZE = 30
REACT_APP_WS_JITSI_HOST = 192.168.100.223:444
REACT_APP_WS_JITSI_API = https://192.168.100.223:444/external_api.js
REACT_APP_WS_API_HOST = https://192.168.100.223:4003
REACT_APP_WS_CDN = https://192.168.100.223/cdn/wexstream
REACT_APP_WS_GOOGLE_CLIENT_ID = GOOGLE_CLIENT_ID
REACT_APP_WS_FACEBOOK_APP_ID = FACEBOOK_APP_ID

REACT_APP_WS_GOOGLE_CLIENT_ID is used for Google authentication.

REACT_APP_WS_FACEBOOK_APP_ID is used for Facebook authentication.

You must configure the following options:

REACT_APP_WS_JITSI_HOST 
REACT_APP_WS_JITSI_API
REACT_APP_WS_API_HOST 
REACT_APP_WS_CDN 
REACT_APP_WS_GOOGLE_CLIENT_ID 
REACT_APP_WS_FACEBOOK_APP_ID
  1. Configure nginx:
sudo nano /etc/nginx/sites-available/default

Change the configuration as follows for the frontend:

server {
    root /var/www/wexstream;
    listen 443 http2 ssl default_server;
    server_name 192.168.100.223;
    
    ssl_certificate_key /etc/jitsi/meet/192.168.100.223.key;
    ssl_certificate  /etc/jitsi/meet/192.168.100.223.crt;

    access_log /var/log/nginx/wexstream.access.log;
    error_log /var/log/nginx/wexstream.error.log;

    index index.html;

    location / {
      try_files $uri /index.html =404;
    }

    location /cdn {
      alias /var/www/cdn;
    }

    location ~ .(static)/(js|css|media)/(.+)$ {
      try_files $uri $uri/ /$1/$2/$3;
    }
}

You must configure:

server_name 
ssl_certificate_key 
ssl_certificate
  1. enable firewall and open Wexstream ports:
sudo ufw allow 4003/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 444/tcp
sudo ufw allow 10000/udp
sudo ufw allow 22/tcp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
sudo ufw enable
  1. Start wexstream service:
cd /opt/wexstream/api
npm ci
sudo systemctl start wexstream.service

Make sure that wexstream service is running with the following command:

sudo systemctl status wexstream.service

Make sure that the database connection is established by checking the logs:

tail -f /var/log/wexstream.log
  1. Deploy Wexstream:
ws-deploy all

Wexstream frontend is accessible on port 443.

Copyright © 2023 Akram El Assas. All rights reserved.

  1. Installing
  2. Run from Source
  3. Terms of Service
Clone this wiki locally