Hey all,
I’ve been working on a fully self-hosted telehealth stack pairing OpenEMR with Jitsi Meet on OpenShift, and wanted to share the result.
The problem
The upstream Jitsi images use s6-overlay as an init system, which requires CAP_SYS_ADMIN — a capability OpenShift’s restricted-v2 SCC explicitly denies. Every container crashes before the application starts. This project fixes that by rebasing all four Jitsi components onto CentOS Stream 10 with direct bash entrypoints. The config generation logic is preserved; only the init system is replaced.
The honest caveat
WebRTC audio and video require inbound UDP. OpenShift Routes are HTTP/HTTPS only, so where this runs depends on your network control:
-
Bare metal on-premise / Single Node OpenShift home lab
— open UDP 10000, everything works -
ROSA / ARO / cloud OCP with cluster-admin
— open Security Groups, use a LoadBalancer service -
OpenShift Developer Sandbox
— media plane is blocked, no workaround
For cloud deployments without cluster-admin privileges, point OpenEMR’s Telehealth module at JaaS (8x8’s hosted Jitsi) instead — HIPAA BAA available, free tier, your patients won’t know the difference.
What’s in the repo
Four Containerfiles, bash entrypoints with OpenShift arbitrary-UID NSS fixes for Java, a single deploy script, and published images at quay.io/ryan_nix/jitsi-openshift.
Repo: https://github.com/ryannix123/openemr-on-openshift/jitsi
— Ryan