## New
- Add jibri configuration to set resolution
- Add perf tools
- Add high performance tuning by default
- Remove old code

## Fix
- Lower ffmpeg resolution 15>17
- Detect IP on CNAME records
- Make sure connection loop hostname is applied.
This commit is contained in:
Luis Guzman 2021-05-15 20:31:55 -05:00 committed by GitHub
commit 08514bb8af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 173 additions and 81 deletions

View File

@ -348,6 +348,18 @@ mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file
cat << NEW_CONF > $JIBRI_CONF cat << NEW_CONF > $JIBRI_CONF
// New XMPP environment config. // New XMPP environment config.
jibri { jibri {
streaming {
// A list of regex patterns for allowed RTMP URLs. The RTMP URL used
// when starting a stream must match at least one of the patterns in
// this list.
rtmp-allow-list = [
// By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = "1920x1080"
}
chrome { chrome {
// The flags which will be passed to chromium when launching // The flags which will be passed to chromium when launching
flags = [ flags = [
@ -361,6 +373,24 @@ jibri {
"--disable-dev-shm-usage" "--disable-dev-shm-usage"
] ]
} }
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording { recording {
recordings-directory = $DIR_RECORD recordings-directory = $DIR_RECORD
finalize-script = $REC_DIR finalize-script = $REC_DIR

View File

@ -21,7 +21,6 @@ if [ ! -f jm-bm.sh ]; then
fi fi
support="https://switnet.net/support" support="https://switnet.net/support"
apt_repo="/etc/apt/sources.list.d" apt_repo="/etc/apt/sources.list.d"
LOC_REC="TBD"
ENABLE_BLESSM="TBD" ENABLE_BLESSM="TBD"
CHD_LTST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" CHD_LTST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)"
CHD_LTST_2D="$(echo $CHD_LTST|cut -d "." -f 1,2)" CHD_LTST_2D="$(echo $CHD_LTST|cut -d "." -f 1,2)"
@ -160,11 +159,6 @@ else
echo "Setting Support custom link" echo "Setting Support custom link"
sed -i "s|https://jitsi.org/live|$support|g" $INT_CONF sed -i "s|https://jitsi.org/live|$support|g" $INT_CONF
fi fi
printf "${Purple}========== Disable Localrecording ==========${Color_Off}\n"
if [ "$LOC_REC" != "on" ]; then
echo "Removing localrecording..."
sed -i "s|'localrecording',||" $INT_CONF
fi
printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n" printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n"
sed -i "s|'videobackgroundblur', ||" $INT_CONF sed -i "s|'videobackgroundblur', ||" $INT_CONF
fi fi

View File

@ -78,7 +78,7 @@ do
fi fi
done done
#Simple DNS test #Simple DNS test
if [ "$PUBLIC_IP" = "$(dig -4 +short $NC_DOMAIN)" ]; then if [ "$PUBLIC_IP" = "$(dig -4 +short $NC_DOMAIN|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then
echo "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing... echo "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...
" "
else else
@ -409,7 +409,7 @@ if [ "$ENABLE_HSTS" = "yes" ]; then
sed -i "s|# add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF sed -i "s|# add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF
fi fi
if [ "$DISTRO_RELEASE" != "xenial" ] && [ ! -z "$PREAD_PROXY" ]; then if [ ! -z "$PREAD_PROXY" ]; then
echo " echo "
Setting up Nextcloud domain on Jitsi Meet turn proxy Setting up Nextcloud domain on Jitsi Meet turn proxy
" "

View File

@ -160,35 +160,12 @@ elif [ "$CHAT_DISABLED" = "yes" ] || [ -z "$CHAT_DISABLED" ]; then
fi fi
done done
#SYSTEM ## JMS system tune up
##Disable swap if [ "$MODE" = "debug" ]; then
swapoff -a bash $PWD/jms-stu.sh -m debug
sed -ir '/\sswap\s/s/^#?/#/' $FSTAB else
bash $PWD/jms-stu.sh
##Kernel fi
#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/tuning_and_optimizing_red_hat_enterprise_linux_for_oracle_9i_and_10g_databases/sect-oracle_9i_and_10g_tuning_guide-adjusting_network_settings-changing_network_kernel_settings
sysctl -w net.core.rmem_default=262144
sysctl -w net.core.wmem_default=262144
sysctl -w net.core.rmem_max=262144
sysctl -w net.core.wmem_max=262144
set_once "net.core.rmem_default=262144" "/etc/sysctl.conf"
set_once "net.core.wmem_default=262144" "/etc/sysctl.conf"
set_once "net.core.rmem_max=262144" "/etc/sysctl.conf"
set_once "net.core.wmem_max=262144" "/etc/sysctl.conf"
#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes
sysctl -w net.ipv4.tcp_timestamps=0
set_once "net.ipv4.tcp_timestamps=0" "/etc/sysctl.conf"
#https://bugzilla.redhat.com/show_bug.cgi?id=1283676
sysctl -w net.core.netdev_max_backlog=100000
set_once "net.core.netdev_max_backlog=100000" "/etc/sysctl.conf"
##nginx
sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf
#Missing docs
#sysctl -w net.ipv4.tcp_low_latency=1
#JVB2 #JVB2
##Loose up logging ##Loose up logging

86
mode/jms-stu.sh Normal file
View File

@ -0,0 +1,86 @@
#!/bin/bash
# System-tune-up to remove system restrictions on a huge load of connections.
# SwITNet Ltd © - 2021, https://switnet.net/
# GPLv3 or later.
#Check if user is root
if ! [ $(id -u) = 0 ]; then
echo "You need to be root or have privileges!"
exit 0
fi
while getopts m: option
do
case "${option}"
in
m) MODE=${OPTARG};;
\?) echo "Usage: sudo ./jms-stu.sh [-m debug]" && exit;;
esac
done
echo '
#--------------------------------------------------
# Starting system tune up configuration
# for high performance
#--------------------------------------------------
'
#DEBUG
if [ "$MODE" = "debug" ]; then
set -x
fi
set_once() {
if [ -z "$(awk '!/^ *#/ && NF {print}' "$2"|grep $(echo $1|awk -F '=' '{print$1}'))" ]; then
echo "Setting "$1" on "$2"..."
echo "$1" | tee -a "$2"
else
echo " \"$(echo $1|awk -F '=' '{print$1}')\" seems present, skipping setting this variable"
fi
}
##Disable swap
swapoff -a
sed -r '/\sswap\s/s/^#?/#/' -i $FSTAB
##Alternative swap tuning (need more documentation).
#vm.swappiness=10
#vm.vfs_cache_pressure=50
##Kernel
#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/tuning_and_optimizing_red_hat_enterprise_linux_for_oracle_9i_and_10g_databases/sect-oracle_9i_and_10g_tuning_guide-adjusting_network_settings-changing_network_kernel_settings
sysctl -w net.core.rmem_default=262144
sysctl -w net.core.wmem_default=262144
sysctl -w net.core.rmem_max=262144
sysctl -w net.core.wmem_max=262144
set_once "net.core.rmem_default=262144" "/etc/sysctl.conf"
set_once "net.core.wmem_default=262144" "/etc/sysctl.conf"
set_once "net.core.rmem_max=262144" "/etc/sysctl.conf"
set_once "net.core.wmem_max=262144" "/etc/sysctl.conf"
#system
#https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
sysctl -w DefaultLimitNOFILE=65000
sysctl -w DefaultLimitNPROC=65000
sysctl -w DefaultTasksMax=65000
set_once "DefaultLimitNOFILE=65000" "/etc/sysctl.conf"
set_once "DefaultLimitNPROC=65000" "/etc/sysctl.conf"
set_once "DefaultTasksMax=65000" "/etc/sysctl.conf"
#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes
sysctl -w net.ipv4.tcp_timestamps=0
set_once "net.ipv4.tcp_timestamps=0" "/etc/sysctl.conf"
#https://bugzilla.redhat.com/show_bug.cgi?id=1283676
sysctl -w net.core.netdev_max_backlog=100000
set_once "net.core.netdev_max_backlog=100000" "/etc/sysctl.conf"
##nginx
sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf
nginx -t
#Missing docs
#sysctl -w net.ipv4.tcp_low_latency=1
echo "System tune up...
Done!"

View File

@ -284,7 +284,7 @@ if [ "$LE_SSL" = "yes" ]; then
fi fi
done done
#Simple DNS test #Simple DNS test
if [ "$PUBLIC_IP" = "$(dig -4 +short $JITSI_DOMAIN)" ]; then if [ "$PUBLIC_IP" = "$(dig -4 +short $JITSI_DOMAIN||awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then
echo "Server public IP & DNS record for $JITSI_DOMAIN seems to match, continuing... echo "Server public IP & DNS record for $JITSI_DOMAIN seems to match, continuing...
" "
else else
@ -327,7 +327,8 @@ echo "# Check and Install HWE kernel if possible..."
HWE_VIR_MOD=$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)") HWE_VIR_MOD=$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")
if [ "$HWE_VIR_MOD" = "1" ]; then if [ "$HWE_VIR_MOD" = "1" ]; then
apt-get -y install \ apt-get -y install \
linux-image-generic-hwe-$(lsb_release -sr) linux-image-generic-hwe-$(lsb_release -sr) \
linux-tools-generic-hwe-$(lsb_release -sr)
else else
apt-get -y install \ apt-get -y install \
linux-image-generic \ linux-image-generic \
@ -414,6 +415,13 @@ Remove Chrome warning...
mkdir -p /etc/opt/chrome/policies/managed mkdir -p /etc/opt/chrome/policies/managed
echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON
## JMS system tune up
if [ "$MODE" = "debug" ]; then
bash $PWD/mode/jms-stu.sh -m debug
else
bash $PWD/mode/jms-stu.sh
fi
echo ' echo '
######################################################################## ########################################################################
Please Setup Your Installation Please Setup Your Installation
@ -546,29 +554,7 @@ do
echo "Static avatar will be enabled" echo "Static avatar will be enabled"
fi fi
done done
# #Enable local audio recording - disabling
#while [[ "$ENABLE_LAR" != "yes" && "$ENABLE_LAR" != "no" ]]
#do
#read -p "> Do you want to enable local audio recording option?: (yes or no)"$'\n' -r ENABLE_LAR
#if [ "$ENABLE_LAR" = "no" ]; then
# echo "Local audio recording option won't be enabled"
#elif [ "$ENABLE_LAR" = "yes" ]; then
# echo "Local audio recording option will be enabled"
#fi
#done
#Secure room initial user
#while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]]
#do
#read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC
#if [ "$ENABLE_SC" = "no" ]; then
# echo "-- Secure rooms won't be enabled."
#elif [ "$ENABLE_SC" = "yes" ]; then
# echo "-- Secure rooms will be enabled."
# read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER
# read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS
#fi
#done
echo " echo "
> Jitsi Meet Auth Method selection. > Jitsi Meet Auth Method selection.
" "
@ -793,19 +779,6 @@ sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\
#sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF #sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF
#fi #fi
#LocalAudioRecording
if [ "$ENABLE_LAR" = "yes" ]; then
echo "# Enabling local recording (audio only)."
LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1)
LR_END=$((LR_STR + 18))
sed -i "$LR_STR,$LR_END{s|// localRecording: {|localRecording: {|}" $MEET_CONF
sed -i "$LR_STR,$LR_END{s|// enabled: true,|enabled: true,|}" $MEET_CONF
sed -i "$LR_STR,$LR_END{s|// format: 'flac'|format: 'flac'|}" $MEET_CONF
sed -i "$LR_STR,$LR_END{s|// }|}|}" $MEET_CONF
sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF
sed -i "s|LOC_REC=.*|LOC_REC=\"on\"|" jitsi-updater.sh
fi
#Setup main language #Setup main language
if [ -z $JB_LANG ] || [ "$JB_LANG" = "en" ]; then if [ -z $JB_LANG ] || [ "$JB_LANG" = "en" ]; then
echo "Leaving English (en) as default language..." echo "Leaving English (en) as default language..."
@ -848,6 +821,18 @@ mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file
cat << NEW_CONF > $JIBRI_CONF cat << NEW_CONF > $JIBRI_CONF
// New XMPP environment config. // New XMPP environment config.
jibri { jibri {
streaming {
// A list of regex patterns for allowed RTMP URLs. The RTMP URL used
// when starting a stream must match at least one of the patterns in
// this list.
rtmp-allow-list = [
// By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = "1920x1080"
}
chrome { chrome {
// The flags which will be passed to chromium when launching // The flags which will be passed to chromium when launching
flags = [ flags = [
@ -861,6 +846,24 @@ jibri {
"--disable-dev-shm-usage" "--disable-dev-shm-usage"
] ]
} }
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording { recording {
recordings-directory = $DIR_RECORD recordings-directory = $DIR_RECORD
finalize-script = $REC_DIR finalize-script = $REC_DIR
@ -1017,11 +1020,11 @@ if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then
sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF
fi fi
#nginx -tlsv1/1.1 #nginx -tlsv1/1.1
if [ "$DROP_TLS1" = "yes" ] && [ "$DIST" != "xenial" ];then if [ "$DROP_TLS1" = "yes" ];then
echo -e "\nDropping TLSv1/1.1 in favor of v1.3\n" echo -e "\nDropping TLSv1/1.1 in favor of v1.3\n"
sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf
#sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF #sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF
elif [ "$DROP_TLS1" = "yes" ] && [ "$DIST" = "xenial" ];then elif [ "$DROP_TLS1" = "yes" ];then
echo -e "\nOnly dropping TLSv1/1.1\n" echo -e "\nOnly dropping TLSv1/1.1\n"
sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf
sed -i "s| TLSv1.3||" $WS_CONF sed -i "s| TLSv1.3||" $WS_CONF
@ -1225,8 +1228,8 @@ if [ "$ENABLE_DOCKERPAD" = "yes" ]; then
bash $PWD/etherpad.sh bash $PWD/etherpad.sh
fi fi
fi fi
#Prevent Jibri conecction issue #Prevent JMS conecction issue
if [ -z "$(grep -n $DOMAIN /etc/hosts)" ];then if [ -z "$(awk "/127.0.0.1/&&/$DOMAIN/{print\$1}" /etc/hosts)" ];then
sed -i "/127.0.0.1/a \\ sed -i "/127.0.0.1/a \\
127.0.0.1 $DOMAIN" /etc/hosts 127.0.0.1 $DOMAIN" /etc/hosts
else else

View File

@ -72,9 +72,9 @@ cd $JIBRI_ENH_PATH
# Default values # Default values
## videoEncodePreset - "veryfast" || h264ConstantRateFactor - 25 ## videoEncodePreset - "veryfast" || h264ConstantRateFactor - 25
# Recomemended values based on: https://trac.ffmpeg.org/wiki/Encode/H.264#crf # Recomemended values based on: https://trac.ffmpeg.org/wiki/Encode/H.264#crf
## videoEncodePreset - "medium" || h264ConstantRateFactor - 15 ## videoEncodePreset - "medium" || h264ConstantRateFactor - 17
sed -i "/videoEncodePreset/s|String =.*|String = \"medium\",|" src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt sed -i "/videoEncodePreset/s|String =.*|String = \"medium\",|" src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt
sed -i "/h264ConstantRateFactor/s|Int =.*|Int = 15,|" src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt sed -i "/h264ConstantRateFactor/s|Int =.*|Int = 17,|" src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt
mvn package mvn package
JIBRI_JAR="$(ls -Sh $JIBRI_ENH_PATH/target|awk '/dependencies/&&/.jar/{print}'|awk 'NR==1{print}')" JIBRI_JAR="$(ls -Sh $JIBRI_ENH_PATH/target|awk '/dependencies/&&/.jar/{print}'|awk 'NR==1{print}')"

View File

@ -96,7 +96,9 @@ apt-get -y purge jibri \
prosody prosody
#Services stop #Services stop
remove_services jibri* remove_services jibri
remove_services jibri-icewm
remove_services jibri-xorg
#Cleaning packages #Cleaning packages
apt-get -y autoremove apt-get -y autoremove