# Instalação Jitsi Docker Procedimentos de instalação do Jitsi em docker # Repositório Jitsi Docker Link: [https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file](https://github.com/jitsi/docker-jitsi-meet?tab=readme-ov-file) git clone [https://github.com/jitsi/docker-jitsi-meet.git](https://github.com/jitsi/docker-jitsi-meet.git) Jitsi-contrib: [https://github.com/jitsi-contrib](https://github.com/jitsi-contrib) # Jitsi Meet on Docker
Tag | Description |
---|---|
`stable` | Points to the latest stable release |
`stable-NNNN-X` | A stable release |
`unstable` | Points to the latest unstable release |
`unstable-YYYY-MM-DD` | Daily unstable release |
`latest` | Deprecated, no longer updated (will be removed) |
Variable | Description | Example |
---|---|---|
`CONFIG` | Directory where all configuration will be stored | /opt/jitsi-meet-cfg |
`TZ` | System Time Zone | Europe/Amsterdam |
`HTTP_PORT` | Exposed port for HTTP traffic | 8000 |
`HTTPS_PORT` | Exposed port for HTTPS traffic | 8443 |
`JVB_ADVERTISE_IPS` | IP addresses of the Docker host (comma separated), needed for LAN environments | 192.168.1.1 |
`PUBLIC_URL` | Public URL for the web service | [https://meet.example.com](https://meet.example.com/) |
Variable | Description | Example |
---|---|---|
`ENABLE_LETSENCRYPT` | Enable Let's Encrypt certificate generation | 1 |
`LETSENCRYPT_DOMAIN` | Domain for which to generate the certificate | meet.example.com |
`LETSENCRYPT_EMAIL` | E-Mail for receiving important account notifications (mandatory) |
Variable | Description | Example |
---|---|---|
`TOOLBAR_BUTTONS` | Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma) | |
`HIDE_PREMEETING_BUTTONS` | Hide the buttons at pre-join screen. Add the buttons name separated with comma | |
`ENABLE_LOBBY` | Control whether the lobby feature should be enabled or not | 1 |
`ENABLE_AV_MODERATION` | Control whether the A/V moderation should be enabled or not | 1 |
`ENABLE_PREJOIN_PAGE` | Show a prejoin page before entering a conference | 1 |
`ENABLE_WELCOME_PAGE` | Enable the welcome page | 1 |
`ENABLE_CLOSE_PAGE` | Enable the close page | 0 |
`DISABLE_AUDIO_LEVELS` | Disable measuring of audio levels | 0 |
`ENABLE_NOISY_MIC_DETECTION` | Enable noisy mic detection | 1 |
`ENABLE_BREAKOUT_ROOMS` | Enable breakout rooms | 1 |
Variable | Description | Example |
---|---|---|
`JIGASI_SIP_URI` | SIP URI for incoming / outgoing calls | |
`JIGASI_SIP_PASSWORD` | Password for the specified SIP account | ` |
`JIGASI_SIP_SERVER` | SIP server (use the SIP account domain if in doubt) | sip2sip.info |
`JIGASI_SIP_PORT` | SIP server port | 5060 |
`JIGASI_SIP_TRANSPORT` | SIP transport | UDP |
Variable | Description | Example |
---|---|---|
`DIALIN_NUMBERS_URL` | URL to the JSON with all Dial-In numbers | [https://meet.example.com/dialin.json](https://meet.example.com/dialin.json) |
`CONFCODE_URL` | URL to the API for checking/generating Dial-In codes | [https://jitsi-api.jitsi.net/conferenceMapper](https://jitsi-api.jitsi.net/conferenceMapper) |
Variable | Description | Example |
---|---|---|
`ENABLE_RECORDING` | Enable recording / live streaming | 1 |
Variable | Description | Example |
---|---|---|
`JIBRI_RECORDER_USER` | Internal recorder user for Jibri client connections | recorder |
`JIBRI_RECORDER_PASSWORD` | Internal recorder password for Jibri client connections | ` |
`JIBRI_RECORDING_DIR` | Directory for recordings inside Jibri container | /config/recordings |
`JIBRI_FINALIZE_RECORDING_SCRIPT_PATH` | The finalizing script. Will run after recording is complete | /config/finalize.sh |
`JIBRI_XMPP_USER` | Internal user for Jibri client connections. | jibri |
`JIBRI_STRIP_DOMAIN_JID` | Prefix domain for strip inside Jibri (please see env.example for details) | muc |
`JIBRI_BREWERY_MUC` | MUC name for the Jibri pool | jibribrewery |
`JIBRI_PENDING_TIMEOUT` | MUC connection timeout | 90 |
Variable | Description | Example |
---|---|---|
`ENABLE_AUTH` | Enable authentication | 1 |
`ENABLE_GUESTS` | Enable guest access | 1 |
`AUTH_TYPE` | Select authentication type (internal, jwt or ldap) | internal |
`ENABLE_AUTO_LOGIN` | Enable auto login | 1 |
`JICOFO_AUTH_LIFETIME` | Select session timeout value for an authenticated user | 3 hours |
Variable | Description | Example |
---|---|---|
`LDAP_URL` | URL for ldap connection | ldaps://ldap.domain.com/ |
`LDAP_BASE` | LDAP base DN. Can be empty. | DC=example,DC=domain,DC=com |
`LDAP_BINDDN` | LDAP user DN. Do not specify this parameter for the anonymous bind. | CN=binduser,OU=users,DC=example,DC=domain,DC=com |
`LDAP_BINDPW` | LDAP user password. Do not specify this parameter for the anonymous bind. | LdapUserPassw0rd |
`LDAP_FILTER` | LDAP filter. | (sAMAccountName=%u) |
`LDAP_AUTH_METHOD` | LDAP authentication method. | bind |
`LDAP_VERSION` | LDAP protocol version | 3 |
`LDAP_USE_TLS` | Enable LDAP TLS | 1 |
`LDAP_TLS_CIPHERS` | Set TLS ciphers list to allow | SECURE256:SECURE128 |
`LDAP_TLS_CHECK_PEER` | Require and verify LDAP server certificate | 1 |
`LDAP_TLS_CACERT_FILE` | Path to CA cert file. Used when server certificate verification is enabled | /etc/ssl/certs/ca-certificates.crt |
`LDAP_TLS_CACERT_DIR` | Path to CA certs directory. Used when server certificate verification is enabled. | /etc/ssl/certs |
`LDAP_START_TLS` | Enable START\_TLS, requires LDAPv3, URL must be ldap:// not ldaps:// | 0 |
Variable | Description | Example |
---|---|---|
`JWT_APP_ID` | Application identifier | my\_jitsi\_app\_id |
`JWT_APP_SECRET` | Application secret known only to your token | my\_jitsi\_app\_secret |
`JWT_ACCEPTED_ISSUERS` | (Optional) Set asap\_accepted\_issuers as a comma separated list | my\_web\_client,my\_app\_client |
`JWT_ACCEPTED_AUDIENCES` | (Optional) Set asap\_accepted\_audiences as a comma separated list | my\_server1,my\_server2 |
`JWT_ASAP_KEYSERVER` | (Optional) Set asap\_keyserver to a url where public keys can be found | [https://example.com/asap>](https://example.com/asap%3E) |
`JWT_ALLOW_EMPTY` | (Optional) Allow anonymous users with no JWT while validating JWTs when provided | 0 |
`JWT_AUTH_TYPE` | (Optional) Controls which module is used for processing incoming JWTs | token |
`JWT_TOKEN_AUTH_MODULE` | (Optional) Controls which module is used for validating JWTs | token\_verification |
Variable | Description | Example |
---|---|---|
`MATRIX_UVS_URL` | Base URL to the matrix user verification service (without ending slash) | [https://uvs.example.com:3000>](https://uvs.example.com:3000%3E) |
`MATRIX_UVS_ISSUER` | (optional) The issuer of the auth token to be passed through. Must match what is being set as `iss` in the JWT. | issuer (default) |
`MATRIX_UVS_AUTH_TOKEN` | (optional) user verification service auth token, if authentication enabled | changeme |
`MATRIX_UVS_SYNC_POWER_LEVELS` | (optional) Make Matrix room moderators owners of the Prosody room. | 1 |
Variable | Description | Example |
---|---|---|
`MATRIX_UVS_URL` | Base URL to the matrix user verification service (without ending slash) | [https://uvs.example.com:3000>](https://uvs.example.com:3000%3E) |
`MATRIX_UVS_ISSUER` | (optional) The issuer of the auth token to be passed through. Must match what is being set as `iss` in the JWT. It allows all issuers (`*`) by default. | my\_issuer |
`MATRIX_UVS_AUTH_TOKEN` | (optional) user verification service auth token, if authentication enabled | my\_matrix\_secret |
`MATRIX_UVS_SYNC_POWER_LEVELS` | (optional) Make Matrix room moderators owners of the Prosody room. | 1 |
`MATRIX_LOBBY_BYPASS` | (optional) Allow Matrix room members to bypass Jitsi lobby check. | 1 |
`JWT_APP_ID` | Application identifier | my\_jitsi\_app\_id |
`JWT_APP_SECRET` | Application secret known only to your token | my\_jitsi\_app\_secret |
`JWT_ALLOW_EMPTY` | (Optional) Allow anonymous users with no JWT while validating JWTs when provided | 0 |
Variable | Description | Example |
---|---|---|
`TOKEN_AUTH_URL` | Authenticate using external service or just focus external auth window if there is one already. | [https://auth.meet.example.com/{room}>](https://auth.meet.example.com/%7Broom%7D%3E) |
Variable | Description | Example |
---|---|---|
`ETHERPAD_URL_BASE` | Set etherpad-lite URL | [http://etherpad.meet.jitsi:9001>](http://etherpad.meet.jitsi:9001%3E) |
Variable | Description | Example |
---|---|---|
`ENABLE_TRANSCRIPTIONS` | Enable Jigasi transcription in a conference | 1 |
`GC_PROJECT_ID` | `project_id` from Google Cloud Credentials | |
`GC_PRIVATE_KEY_ID` | `private_key_id` from Google Cloud Credentials | |
`GC_PRIVATE_KEY` | `private_key` from Google Cloud Credentials | |
`GC_CLIENT_EMAIL` | `client_email` from Google Cloud Credentials | |
`GC_CLIENT_ID` | `client_id` from Google Cloud Credentials | |
`GC_CLIENT_CERT_URL` | `client_x509_cert_url` from Google Cloud Credentials | |
`JIGASI_TRANSCRIBER_RECORD_AUDIO` | Jigasi will record audio when transcriber is on | true |
`JIGASI_TRANSCRIBER_SEND_TXT` | Jigasi will send transcribed text to the chat when transcriber is on | true |
`JIGASI_TRANSCRIBER_ADVERTISE_URL` | Jigasi will post an url to the chat with transcription file | true |
Variable | Description | Default value |
---|---|---|
`JVB_SENTRY_DSN` | Sentry Data Source Name (Endpoint for Sentry project) | https://public:private@host:port/1> |
`JICOFO_SENTRY_DSN` | Sentry Data Source Name (Endpoint for Sentry project) | https://public:private@host:port/1> |
`JIGASI_SENTRY_DSN` | Sentry Data Source Name (Endpoint for Sentry project) | https://public:private@host:port/1> |
`SENTRY_ENVIRONMENT` | Optional environment info to filter events | production |
`SENTRY_RELEASE` | Optional release info to filter events | 1.0.0 |
Variable | Description | Default value |
---|---|---|
`TURN_CREDENTIALS` | Credentials for TURN servers | |
`TURN_HOST` | TURN server hostnames as a comma separated list (UDP or TCP transport) | |
`TURN_PORT` | TURN server port (UDP or TCP transport) | 443 |
`TURN_TRANSPORT` | TURN server protocols as a comma separated list (UDP or TCP or both) | tcp |
`TURNS_HOST` | TURN server hostnames as a comma separated list (TLS transport) | |
`TURNS_PORT` | TURN server port (TLS transport) | 443 |
Variable | Description | Default value |
---|---|---|
`XMPP_DOMAIN` | Internal XMPP domain | meet.jitsi |
`XMPP_AUTH_DOMAIN` | Internal XMPP domain for authenticated services | auth.meet.jitsi |
`XMPP_SERVER` | Internal XMPP server name xmpp.meet.jitsi | xmpp.meet.jitsi |
`XMPP_BOSH_URL_BASE` | Internal XMPP server URL for BOSH module | [http://xmpp.meet.jitsi:5280>](http://xmpp.meet.jitsi:5280%3E) |
`XMPP_MUC_DOMAIN` | XMPP domain for the MUC | muc.meet.jitsi |
`XMPP_INTERNAL_MUC_DOMAIN` | XMPP domain for the internal MUC | internal-muc.meet.jitsi |
`XMPP_GUEST_DOMAIN` | XMPP domain for unauthenticated users | guest.meet.jitsi |
`XMPP_RECORDER_DOMAIN` | Domain for the jibri recorder | recorder.meet.jitsi |
`XMPP_MODULES` | Custom Prosody modules for XMPP\_DOMAIN (comma separated) | info,alert |
`XMPP_MUC_MODULES` | Custom Prosody modules for MUC component (comma separated) | info,alert |
`XMPP_INTERNAL_MUC_MODULES` | Custom Prosody modules for internal MUC component (comma separated) | info,alert |
`GLOBAL_MODULES` | Custom prosody modules to load in global configuration (comma separated) | statistics,alert |
`GLOBAL_CONFIG` | Custom configuration string with escaped newlines | foo = bar;\\nkey = val; |
`RESTART_POLICY` | Container restart policy | defaults to `unless-stopped` |
`DISABLE_HTTPS` | Handle TLS connections outside of this setup | 0 |
`ENABLE_HTTP_REDIRECT` | Redirect HTTP traffic to HTTPS | 0 |
`LOG_LEVEL` | Controls which logs are output from prosody and associated modules | info |
`ENABLE_HSTS` | Send a `strict-transport-security` header to force browsers to use a secure and trusted connection. Recommended for production use. | 1 |
`ENABLE_IPV6` | Provides means to disable IPv6 in environments that don't support it | 1 |
`ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX` | Enabled older unsafe regex for JVB colibri-ws URLs. WARNING: Enable with caution, this regex allows connections to arbitrary internal IP addresses and is not recommended for production use. Unsafe regex is defined as `[a-zA-Z0-9-\._]+` | 0 |
`COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME` | DNS name to look up JVB IP address, used for default value of `COLIBRI_WEBSOCKET_REGEX` | jvb |
`COLIBRI_WEBSOCKET_REGEX` | Overrides the colibri regex used for proxying to JVB. Recommended to override in production with values matching possible JVB IP ranges | defaults to `dig $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME` unless `DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP` is set to true |
`DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP` | Controls whether to run `dig $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME` when defining COLIBRI\_WEBSOCKET\_REGEX | 0 |
Variable | Description | Default value |
---|---|---|
`PROSODY_RESERVATION_ENABLED` | Enable Prosody's reservation REST API | false |
`PROSODY_RESERVATION_REST_BASE_URL` | Base URL of Prosody's reservation REST API | |
`PROSODY_AUTH_TYPE` | Select authentication type for Prosody (internal, jwt or ldap) | `AUTH_TYPE` |
Variable | Description | Default value |
---|---|---|
`JICOFO_COMPONENT_SECRET` | XMPP component password for Jicofo | s3cr37 |
`JICOFO_AUTH_USER` | XMPP user for Jicofo client connections | focus |
`JICOFO_AUTH_PASSWORD` | XMPP password for Jicofo client connections | ` |
`JICOFO_ENABLE_AUTH` | Enable authentication in Jicofo | `ENABLE_AUTH` |
`JICOFO_AUTH_TYPE` | Select authentication type for Jicofo (internal, jwt or ldap) | `AUTH_TYPE` |
`JICOFO_AUTH_LIFETIME` | Select session timeout value for an authenticated user | 24 hours |
`JICOFO_ENABLE_HEALTH_CHECKS` | Enable health checks inside Jicofo, allowing the use of the REST api to check Jicofo's status | false |
Variable | Description | Default value |
---|---|---|
`JVB_AUTH_USER` | XMPP user for JVB MUC client connections | jvb |
`JVB_AUTH_PASSWORD` | XMPP password for JVB MUC client connections | ` |
`JVB_STUN_SERVERS` | STUN servers used to discover the server's public IP | stun.l.google.com:19302, stun1.l.google.com:19302, stun2.l.google.com:19302 |
`JVB_PORT` | UDP port for media used by Jitsi Videobridge | 10000 |
`JVB_COLIBRI_PORT` | COLIBRI REST API port of JVB exposed to localhost | 8080 |
`JVB_BREWERY_MUC` | MUC name for the JVB pool | jvbbrewery |
`COLIBRI_REST_ENABLED` | Enable the COLIBRI REST API | true |
`SHUTDOWN_REST_ENABLED` | Enable the shutdown REST API | true |
Variable | Description | Default value |
---|---|---|
`JIGASI_ENABLE_SDES_SRTP` | Enable SDES srtp | 0 |
`JIGASI_SIP_KEEP_ALIVE_METHOD` | Keepalive method | OPTIONS |
`JIGASI_HEALTH_CHECK_SIP_URI` | Health-check extension | |
`JIGASI_HEALTH_CHECK_INTERVAL` | Health-check interval | 300000 |
`JIGASI_XMPP_USER` | XMPP user for Jigasi MUC client connections | jigasi |
`JIGASI_XMPP_PASSWORD` | XMPP password for Jigasi MUC client connections | ` |
`JIGASI_BREWERY_MUC` | MUC name for the Jigasi pool | jigasibrewery |
`JIGASI_PORT_MIN` | Minimum port for media used by Jigasi | 20000 |
`JIGASI_PORT_MAX` | Maximum port for media used by Jigasi | 20050 |