Deploy Jitsi on demand in Hetzner Cloud
Recently the so called BigBrotherAwards have been awarded. In the pool of winners this year were also the well known Zoom video conference tool. This made me thinking, because the Armbian project uses Zoom for their weekly developer meetups.
So I decided to invest a bit of time to explore if it would be possible to deploy a self-hosted Jitsi video-conference server on a Hetzner cloud server on demand, without much configuration needed. And this is what I came up with.
(Even more) Preamble
Basically Hetzner offers Jitsi server as an pre-configured OS image, or App as they call. However when logging in the first time after the server setup was complete it asks you a few questions about which domain it should have and if it should issue a free LetsEncrypt SSL certificate.
While this is perfectly fine for beginners that they offer this guided setup, there is no way to send parameters to their script to automate stuff using cloud-init.
So I had to come up with some dirty hacks.
Requirements
No long stories anymore:
- a primary IPv4 address and/or IPv6 without a server
You may have to create a random cloud server and then delete it right away but keep the primary IPv4.Create one/them in the cloud interface. - a 2nd or 3rd level domain which has a proper
A record
pointing to the IPv4 mentioned above
Plain IPv6 will most likely work too but I decided to go the older route for compatibility reasons.
Deployment
While this is most certain possible with the hcloud tool as well I did not try this (yet). Instead I used Hetzner cloud web interfaces to create the server.
Select the Jitsi app image, a random server type, your existing IPv4 address and in the cloud-init
field you put this:
#cloud-config
runcmd:
- sed -i -e 's/.*read\ -p\ \"Is.*$/break/g' /opt/hcloud/jitsi_setup.sh
- sed -i -e 's/.*read\ -p\ \"Note.*$/le=n/g' /opt/hcloud/jitsi_setup.sh
- export domain=yourdomain.example.com; /opt/hcloud/jitsi_setup.sh
- /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh yourname@example.com yourdomain.example.com
If everything was pre-configured as mentioned in the requirements, after a few minutes the Jitsi instance should be available using your domain.
Technical
As mentioned the script from Hetzner has no switches or similar, so I had to work around a few things in order to let it do its job without user interaction needed.
Here is a breakdown line by line.
export domain=yourdomain.example.com; /opt/hcloud/jitsi_setup.sh
The first question the script asks is the domain name. This could be worked around by pre-filling the variable beforehand. The script checks if it is present already and skips read
if so.
sed -i -e 's/.*read\ -p\ \"Is.*$/break/g' /opt/hcloud/jitsi_setup.sh
This works around a Y/n
question which occurs after the domain name was entered.
sed -i -e 's/.*read\ -p\ \"Note.*$/le=n/g' /opt/hcloud/jitsi_setup.sh
This works around another Y/n
question, which asks if a LetsEncrypt certificate should be issued right away.
The reason for not choosing Y
here is, that Hetzner offers a second script (which is also mentioned in their documentation) that allows to issue the certificate later on. This script supports parameters which I made use of in the last line:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh \ yourname@example.com yourdomain.example.com
I think the parameters are self-explaining.
Conclusion
Using these hacks allows to have a full-featured Jitsi server available on-demand without having to pay full cost per month. The total costs are reduced to the IPv4 address which is 60 cents plus a few cents per hour for the actual meeting which can be as big or as small as the cloud servers can handle.
Bottom line
If somebody from Hetzner reads this and feels to enhance their script now:
Please do so without breaking my hacks or let me know at least :-)