Recently the so called BigBrotherAwards have been awarded. In the pool of winners this year were also the well known Zoom video conference tool. This made me thinking, because the Armbian project uses Zoom for their weekly developer meetups.
So I decided to invest a bit of time to explore if it would be possible to deploy a self-hosted Jitsi video-conference server on a Hetzner cloud server on demand, without much configuration needed. And this is what I came up with.
(Even more) Preamble
Basically Hetzner offers Jitsi server as an pre-configured OS image, or App as they call. However when logging in the first time after the server setup was complete it asks you a few questions about which domain it should have and if it should issue a free LetsEncrypt SSL certificate.
While this is perfectly fine for beginners that they offer this guided setup, there is no way to send parameters to their script to automate stuff using cloud-init.
So I had to come up with some dirty hacks.
No long stories anymore:
- a primary IPv4 address and/or IPv6 without a server
You may have to create a random cloud server and then delete it right away but keep the primary IPv4.Create one/them in the cloud interface.
- a 2nd or 3rd level domain which has a proper
A recordpointing to the IPv4 mentioned above
Plain IPv6 will most likely work too but I decided to go the older route for compatibility reasons.
While this is most certain possible with the hcloud tool as well I did not try this (yet). Instead I used Hetzner cloud web interfaces to create the server.
Select the Jitsi app image, a random server type, your existing IPv4 address and in the
cloud-init field you put this:
#cloud-config runcmd: - sed -i -e 's/.*read\ -p\ \"Is.*$/break/g' /opt/hcloud/jitsi_setup.sh - sed -i -e 's/.*read\ -p\ \"Note.*$/le=n/g' /opt/hcloud/jitsi_setup.sh - export domain=yourdomain.example.com; /opt/hcloud/jitsi_setup.sh - /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh email@example.com yourdomain.example.com
If everything was pre-configured as mentioned in the requirements, after a few minutes the Jitsi instance should be available using your domain.
As mentioned the script from Hetzner has no switches or similar, so I had to work around a few things in order to let it do its job without user interaction needed.
Here is a breakdown line by line.
export domain=yourdomain.example.com; /opt/hcloud/jitsi_setup.sh
The first question the script asks is the domain name. This could be worked around by pre-filling the variable beforehand. The script checks if it is present already and skips
read if so.
sed -i -e 's/.*read\ -p\ \"Is.*$/break/g' /opt/hcloud/jitsi_setup.sh
This works around a
Y/n question which occurs after the domain name was entered.
sed -i -e 's/.*read\ -p\ \"Note.*$/le=n/g' /opt/hcloud/jitsi_setup.sh
This works around another
Y/n question, which asks if a LetsEncrypt certificate should be issued right away.
The reason for not choosing
Y here is, that Hetzner offers a second script (which is also mentioned in their documentation) that allows to issue the certificate later on. This script supports parameters which I made use of in the last line:
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh \ firstname.lastname@example.org yourdomain.example.com
I think the parameters are self-explaining.
Using these hacks allows to have a full-featured Jitsi server available on-demand without having to pay full cost per month. The total costs are reduced to the IPv4 address which is 60 cents plus a few cents per hour for the actual meeting which can be as big or as small as the cloud servers can handle.
If somebody from Hetzner reads this and feels to enhance their script now:
Please do so without breaking my hacks or let me know at least :-)