{"id":13425134,"url":"https://github.com/amoffat/tf-jitsi","last_synced_at":"2025-03-15T19:32:38.349Z","repository":{"id":41459144,"uuid":"259686662","full_name":"amoffat/tf-jitsi","owner":"amoffat","description":"5-minute self-hosted Jitsi on AWS","archived":true,"fork":false,"pushed_at":"2020-04-28T17:00:08.000Z","size":20,"stargazers_count":75,"open_issues_count":0,"forks_count":11,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-10-28T03:39:21.604Z","etag":null,"topics":["aws","jitsi","terraform"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amoffat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-28T16:06:04.000Z","updated_at":"2024-03-21T19:42:48.000Z","dependencies_parsed_at":"2022-08-19T10:20:54.113Z","dependency_job_id":null,"html_url":"https://github.com/amoffat/tf-jitsi","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amoffat%2Ftf-jitsi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amoffat%2Ftf-jitsi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amoffat%2Ftf-jitsi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amoffat%2Ftf-jitsi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amoffat","download_url":"https://codeload.github.com/amoffat/tf-jitsi/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243781858,"owners_count":20347157,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","jitsi","terraform"],"created_at":"2024-07-31T00:01:05.724Z","updated_at":"2025-03-15T19:32:38.108Z","avatar_url":"https://github.com/amoffat.png","language":"HCL","funding_links":[],"categories":["HCL"],"sub_categories":[],"readme":"# tf-jitsi\n\nI wanted to deploy Jitsi under a subdomain on AWS in 5 minutes, so I built this. My partner used it exclusively,\ninstead of Zoom, [to teach her modern dance classes](https://www.youtube.com/watch?v=a76cv7w1tyQ) to students during\nthe coronavirus quarantine. Give it a try.\n\n# What you'll need\n\n* Terraform installed (Download it [here](https://www.terraform.io/downloads.html))\n    * Terraform is an industry-grade, declarative, IaC (Infrastructure as Code) tool.\n* An AWS account (Sign up [here](https://portal.aws.amazon.com/billing/signup#/start))\n    * The Terraform files describes the Jitsi infrastructure as AWS resources.\n* The name of an SSH keypair on AWS (Create one [here](http://console.aws.amazon.com/ec2/v2/home#KeyPairs:))\n    * When our EC2 instance is started, AWS will give the default user this key, so you can connect with SSH.\n* An existing Route53 hosted zone for your domain (Create one [here](https://console.aws.amazon.com/route53/home#hosted-zones:))\n    * Our Jitsi deployment will be set up on a subdomain in the hosted zone for your domain. Terraform will create the\n    subdomain DNS records in this hosted zone.\n* The ARN of a **star** SSL certificate on AWS (Create one [here](http://console.aws.amazon.com/acm/home))\n    * All tf-jitsi deployments serve their web traffic over TLS, so we need an SSL certificate.\n    * It has to be a star certificate because tf-jitsi allows multiple subdomain deployments under a single domain. \n\nThat's it!\n\n# Deploying\n\n1. Set your config variables by editing `scripts/common.sh`\n    1. Set `subdomain` to be the subdomain you wish your installation to appear under, for example `test`.\n    1. Set `region` to be the AWS region. I use `us-west-2`. **This must be the same region as your keypair and certificate.** See the [full list](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions).\n    1. Change the `instance_type` to a machine with the power you want. See the [full list](https://www.ec2instances.info/).\n    1. Set the `key_name` to be the name of your SSH keypair created in AWS.\n    1. Set `dns_zone`. It will look like `Z4T3BDVSEN6BC`\n    1. Set `cert_arn`. It will start with `arn:aws:acm:`\n    1. If you wish to use non-standard branches, change `jitsi_branch` and `tf_jitsi_branch`.\n        * `jitsi_branch` controls which branch of [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet) is deployed to the EC2 instance.\n        * `tf_jitsi_branch` controls which branch of **this repo** is deployed to the EC2 instance.\n1. Run `scripts/provision_subdomain.sh`. This will\n    * Initialize Terraform, if it hasn't been already,\n    * Create or select a region-based workspace for the base infrastructure.\n    * Deploy the base infrastructure.\n    * Create or select a subdomain-based workspace for the jitsi infrastructure.\n    * Deploy the jitsi infrastructure.\n   \nAnd wait while Terraform spins up your infrastructure. When the instance has been brought up, you'll see the\nfollowing output:\n\n```\nOutputs:\n\ndomain = test.myjitsiserver.com.\npublic_ip = 18.246.106.105\n```\n\nThis is where you can access your Jitsi installation. **The server is still setting up though, however, so give it a\nfew minutes before hitting the url.** It typically takes around 5 minutes before the url will be live.\n\n\n# Teardown\n\n## An individual Jitsi subdomain\n\nThis will teardown an individual subdomain but leave up the common infrastructure that other subdomains may be relying\non.\n\n1. Ensure `scripts/common.sh` is set to the values of the subdomain you wish to destroy. **This is important.**\n1. Run `scripts/destroy_subdomain.sh`\n1. Examine the output to ensure that the resources listed are indeed what you want to destroy. There should be 17.\n1. When ready, type \"yes\" and press return.\n\n## The region-based infrastructure\n\nThis will teardown the common infrastructure for a particular region.\n\n1. Run `scripts/destroy_base.sh \u003cregion_name\u003e`\n1. Examine the output to ensure that the resources listed are indeed what you want to destroy. There should be 4.\n1. When ready, type \"yes\" and press return.\n\n# What is tf-jitsi doing?\n\n* Create the base infrastructure\n    * VPC with CIDR 10.0.0.0/16\n    * Routing table\n    * Single subnet with CIDR 10.0.0.0/16, public IPs enabled\n* Create jitsi infrastructure\n    * EC2 instance\n    * NIC security group\n        * Ingress: 443, 80, 81, 22, 4443 (jitsi videobridge), 1000 (jitsi videobridge)\n    * Network Load Balancer (NLB) using provided cert\n        * TLS 443 -\u003e TCP 80\n        * TCP 80 -\u003e TCP 81\n    * Route53 alias record mapped for subdomain mapped to NLB\n* Provision the jitsi EC2 instance\n    * Pull [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet)\n    * Pull tf-jitsi onto EC2 instance\n    * Overrides some basic configs\n        * Disables HTTPS, as we'll handle that with the NLB\n        * Opens port 81 for HTTP traffic\n        * nginx.conf change to redirect port 81 to port 80\n        * Generates jitsi component passwords, per their readme\n    * Installs a jitsi.service systemd unit\n    * Enable and start the jitsi.service\n\n# Cost\n\nTBD. This depends on your instance type and the amount of **outbound** traffic, which AWS bills at $0.09/GB. Your\nbandwidth depends on your participants as well, both the number and the browsers that they use, as some browsers use\nsimulcast (resulting in more efficient bandwidth usage), while others don't.\n\n# Terraform Architecture\n\nThere's two Terraform modules: \"base\" and \"jitsi\". I structured it this way because I wanted the flexibility to create\nmultiple subdomain deployments using a common infrastructure. This meant that the base had to be separately managed TF\nstate.\n\n## Base module\n\nThe \"base\" module provides common infrastructure for many installations of \"jitsi\" modules. It creates a *per-region*\nworkspace (eg: \"us-west-2\") for its Terraform state. This means you can have multiple base infrastructures in\ndifferent regions. A per-region base infrastructure is required as you cannot link compute resources to subnets outside\nof your region.\n\n## Jitsi module\n\nThe \"jitsi\" module provides an individual installation of Jitsi under a subdomain. It creates *per-subdomain* workspaces\nfor its Terraform state. This means you can have multiple Jitsi installations, under different subdomains, under a\ncommon hostname, all sharing the common \"base\" module infrastructure. For example, you could have:\n\n* `server1.myjitsiserver.com`\n* `server2.myjitsiserver.com`\n* `server3.myjitsiserver.com`\n\nAnd each of these subdomains is running on separate hardware provisioned with tf-jitsi.\n\n# Development\n\nIf you plan to customize tf-jitsi, there's a few tricks you can use.\n\n## Use a branch\n\nYou can specify custom branches in `scripts/common.sh`. You'll also need to change `jitsi/cloud_configs/default.yml`\nto use your own fork repo.\n\n## Tainting an instance\n\nIf you are rapidly iterating on tf-jitsi changes, and you just want to re-deploy the EC2 instance without touching the\nrest of the infrastructure, you can use `terraform taint` via the `scripts/taint_instance.sh` script. This will mark\nthe EC2 instance resource as \"tainted\", so the next time you run `scripts/provision_subdomain.sh`, that particular\nresource (and any of its dependencies) will be re-created, while leaving alone much of the other infrastructure.\n\n# Debugging the EC2 instance\n\n## Connecting\n\n`ssh -i ~/.ssh/your_ssh_keypair.pem ec2-user@ip`\n\n## Things to check\n\n### Did the [cloud-init](https://cloudinit.readthedocs.io/en/latest/) succeed?\n\n* `less /var/log/cloud-init-output.log`\n* `less /var/log/cloud-init.log`\n\n### Is the `jitsi.service` running?\n\n`systemctl status jitsi`\n\nIt should say \"active (running)\"\n\n### What do the logs from the service say?\n\n`journalctl -u jitsi`\n\n### Are the containers running?\n\n`docker ps` should list running containers for the following images:\n\n* `jitsi/jicofo`\n* `jitsi/jvb`\n* `jitsi/web`\n* `jitsi/prosody`\n\n### Are my local services listening?\n\n`curl -I http://localhost:81` should show:\n\n```\nHTTP/1.1 301 Moved Permanently\nServer: nginx\nDate: Tue, 28 Apr 2020 15:14:09 GMT\nContent-Type: text/html\nContent-Length: 178\nConnection: keep-alive\nLocation: https://localhost/\n```\n\n`curl -I http://localhost` should show:\n\n```\nHTTP/1.1 200 OK\nServer: nginx\nDate: Tue, 28 Apr 2020 15:14:15 GMT\nContent-Type: text/html\nConnection: keep-alive\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famoffat%2Ftf-jitsi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famoffat%2Ftf-jitsi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famoffat%2Ftf-jitsi/lists"}