EN 
NL Attic Parley
Direct link: https://parley.atticstudios.be
Based on: Jitsi Meet – https://jitsi.org
Table of Contents
Description
Parleley, parlelellyleloooo, par le nee, par…snip, parsley, parno, parley. Parley, that’s the one. Parley. Parley!
Jack Sparrow
Jitsi Meet is an Open Source video conferencing platform. It is a very open platform on which, by default, everyone can start a meeting and invite anyone. All you need to connect is a browser, or an app for Android or iOS mobile devices. It is not the easiest project I have come across, but runs very well ‘out of the box’. If you prefer to skip the self-hosting part, they even run a public hosted service at https://jitsi.org. That is very nice, but for regular use I feel like anyone who can, should host this themselves, so the jitsi.org servers can keep as much resources available for those who cannot.
Usage
Attic Parley has one main objective: simplicity!
If you want to talk to someone, there should be as little requirements as possible to get that other person on your favorite device.
If you would like to talk to a bunch of people, that should not be much harder…
I believe Attic Parley hits the spot nicely.
To start a meeting, simply browse to https://parley.atticstudios.be or open the app on an Android or iOS device, enter a title for your meeting and click ‘GO’:
This title should be one word, you can capitalize ToMakeItMoreReadable, in the meeting the title will be shown with spaces.
Probably the first thing you should do is change your name! You can edit some details and select audio and video devices by clicking on the three dots in the bottom right corner and choosing ‘Me’.
If you created the room, there are also some moderator settings available.
You can enable and disable audio and video on the main screen
You can invite others by sending them a link. That link is always https://parley.atticstudios.be/YourChosenNameForTheMeeting. To join the example above, the link would be
“https://parley.atticstudios.be/AtticParleyMeetingRoom”
When you open the link on a mobile device, it will show a webpage with a link to open the app, or install it if needed.
When others join the meeting, they pop up picture-in-picture. By default, the person that is speaking is shown full-screen. You can switch to a grid of all participants with the 
button on the bottom right.
There are lots of other options and features, but this should actually be all you need to know to start chatting. Feel free to dig deeper and let me know what you find useful! Keep in mind that some things are still experimental, like the virtual background and the screen sharing feature (Chromium only, if I am not mistaking).
Installation
For the original parley.langers.be server I did the complete manual installation. Great learning experience, but unless you want to possibly split up the service over separate servers, I would not recommend it.
For Attic Parley, I used the quick-install guide on a fresh Debian 10.4 vm. That worked rather flawlessly out of the box. The tricky part came later…
For the host installation:
sudo apt install -y curl gnupg2 apt-transport-https
sudo apt-add-repository universe
sudo apt update
sudo nano /etc/hosts
# Add hostname to localhost line
127.0.0.1 localhost parley.atticstudios.be
# Add the Jitsi package repository
curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
# update all package sources + install
sudo apt update
sudo apt install jitsi-meet
# Update config
sudo nano /etc/jitsi/videobridge/sip-communicator.properties
# Comment and add
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.2.3.20
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=81.82.198.97
# I changed the default UDP port to 11000 because I need 10000 for another service
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=11000
sudo nano /etc/systemd/system.conf
# make sure you have the following values if values are smaller, if not do not update.
DefaultLimitNOFILE=65000
DefaultLimitNPROC=65000
DefaultTasksMax=65000
sudo systemctl daemon-reload
sudo systemctl restart jitsi-videobridge2.service
If you do not necessarily want to make things harder than they need to be, that’s it! Forward ports 80, 443, 4443 TCP and 11000 UDP to your server, make sure your chosen domain name points to your router, and you are good to go! But… you will get certificate warnings and will only be able to use a browser because the mobile clients require a valid certificate. This default installation is using a self-signed certificate to make things as easy as possible. To actually use this, you will need a valid certificate for your Jitsi Meet domain name.
There is a guide available to enable Let’s Encrypt certificates to secure the webservices, but because I am trying to get everything bundled behind a single public IP address I need to accept port 443 through a central reverse proxy (and terminate SSL there). I never got this working on parley.langers.be, this was one of a few services I dedicated another public IP address to.
Documentation on how to reverse proxy Jitsi Meet is still non-existing and information found online sparse and rather consequently contradictory. I did learn a thing or two about Nginx in the mean time and I have just lost a range of 16 public IP addresses, so I hesitantly decided to have another go at it. First tests seem good, I think I got it to work this time! Port forwarding looks like this currently:
The magic is in the Nginx reverse proxy server block. To make things work I ended up with this compilation:
Variables: _internalIP_ : private IP address of the Jitsi Meet server
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/parley.atticstudios.be/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/parley.atticstudios.be/privkey.pem;
server_name parley.atticstudios.be;
root /var/www/html/parley.atticstudios.be;
error_page 401 403 404 /404.html;
location / {
ssi on;
proxy_pass https://_internalIP_:4444; #Weirdness! See below
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# Bosch
location /http-bind {
proxy_pass http://_internalIP_:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# xmpp websockets
location /xmpp-websocket {
proxy_pass http://_internalIP_:5280/xmpp-websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
tcp_nodelay on;
}
}
A very strange phenomenon I spent more time on than I liked: port 443 is proxied to port 4444 on the Jitsi Meet server to reach the webinterface. Internally, however, I can simply browse to https://_InternalIP_ to see the landing page. When I proxy_pass to port 443 on _InternalIP_ instead, I end up on a “Bad Gateway” page from the Nginx reverse proxy. The error logged there is
"peer closed connection in SSL handshake while SSL handshaking to upstream"
Possible causes mainly point to SNI on the proxied host or SSL protocol mismatches, neither of which seem likely. In the first case I do not think I should be able to browse to https://_internalIP_ either and if there would not be a matching protocol available on both hosts, they would fail to talk over port 4444 just as well… I’m stumped ????
To make things worse, the Nginx configuration on the Attic Parley server does not contain any reference to port 443 at all! The web interface is hosted on port 4444 only. I have not dug deeper what service is feeding that page to my browser on port 443, then. At the moment I am very happy I found that port number in the Nginx configuration and I have Attic Parley online, one the same IP address as all other services.
I am going to check this box, and move on to the next for now ????????
As with all Open Projects, feel free to use this one at will. Feedback, issues, questions and suggestions very welcome. If you want to host your own, I am happy to help out if I can!