Testing jwt setup

This commit is contained in:
Luis Guzmán 2020-12-12 12:58:45 -06:00
parent f9a601d731
commit e1b46fa846
2 changed files with 24 additions and 16 deletions

View File

@ -4,9 +4,14 @@
# GPLv3 or later. # GPLv3 or later.
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties"
PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua"
PROSODY_SYS="/etc/prosody/prosody.cfg.lua"
APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)" APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)"
SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)" SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)"
echo $APP_ID && echo $SECRET_APP
echo -e "\n$APP_ID" && \
echo -e "$SECRET_APP\n"
## Required openssl for Focal 20.04 ## Required openssl for Focal 20.04
if [ "$(lsb_release -sc)" = "focal" ]; then if [ "$(lsb_release -sc)" = "focal" ]; then
@ -33,12 +38,13 @@ echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-select
apt-get install -y jitsi-meet-tokens apt-get install -y jitsi-meet-tokens
#Setting up #Setting up
sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" /etc/prosody/prosody.cfg.lua sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" $PROSODY_SYS
sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" $PROSODY_FILE
sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" $PROSODY_FILE
#allow_empty_token = true #allow_empty_token = true
#Request auth
sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP
sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF
echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n" echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n"
@ -50,3 +56,5 @@ pyjwt3 --key="$SECRET_APP" \
sub="$DOMAIN" \ sub="$DOMAIN" \
room="*" \ room="*" \
algorithm="HS256" algorithm="HS256"
read -n 1 -s -r -p "Press any key to continue..."$'\n'

View File

@ -653,17 +653,6 @@ sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communi
# Configure Jibri # Configure Jibri
if [ "$ENABLE_SC" = "yes" ]; then if [ "$ENABLE_SC" = "yes" ]; then
## PROSODY
cat << REC-JIBRI >> $PROSODY_FILE
VirtualHost "recorder.$DOMAIN"
modules_enabled = {
"ping";
}
authentication = "internal_plain"
REC-JIBRI
if [ ! -f $MOD_LIST_FILE ]; then if [ ! -f $MOD_LIST_FILE ]; then
echo -e "\n-> Adding external module to list prosody users...\n" echo -e "\n-> Adding external module to list prosody users...\n"
curl -s $MOD_LISTU > $MOD_LIST_FILE curl -s $MOD_LISTU > $MOD_LIST_FILE
@ -674,6 +663,17 @@ REC-JIBRI
fi fi
fi fi
#Enable jibri recording
cat << REC-JIBRI >> $PROSODY_FILE
VirtualHost "recorder.$DOMAIN"
modules_enabled = {
"ping";
}
authentication = "internal_plain"
REC-JIBRI
#Enable Jibri withelist #Enable Jibri withelist
sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE