Merge branch 'master' of https://forge.switnet.net/switnet/quick-jibri-installer into wip_qji_7.4

Reviewed-on: switnet/quick-jibri-installer#110

etherpad-docker.sh

@@ -66,7 +66,8 @@ echo "Add Docker repo"
 if [ "$DOCKER_CE_REPO" = "stable" ]; then
     echo "Docker repository already installed"
 else
-    echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker-ce.list
+    echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > \
+        /etc/apt/sources.list.d/docker-ce.list
     wget -qO - https://download.docker.com/linux/ubuntu/gpg | \
     gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg  >/dev/null
     apt -q2 update
@@ -74,6 +75,9 @@ fi
 
 read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS
 
+# Make sure we can rely on the match strings.
+printf "> Testing match strings on config files.\n"
+test_match "$WS_MATCH1" "$WS_CONF"
 
 # Install required packages
 install_ifnot docker-ce

files/jibri.conf

@@ -0,0 +1,109 @@
+// New XMPP environment config.
+jibri {
+    streaming {
+        // A list of regex patterns for allowed RTMP URLs.  The RTMP URL used
+        // when starting a stream must match at least one of the patterns in
+        // this list.
+        rtmp-allow-list = [
+          // By default, all services are allowed
+          ".*"
+        ]
+    }
+    ffmpeg {
+        resolution = JIBRI_RES_CONF
+    }
+    chrome {
+        // The flags which will be passed to chromium when launching
+        flags = [
+          "--use-fake-ui-for-media-stream",
+          "--start-maximized",
+          "--kiosk",
+          "--enabled",
+          "--disable-infobars",
+          "--autoplay-policy=no-user-gesture-required",
+          "--ignore-certificate-errors",
+          "--disable-dev-shm-usage"
+        ]
+    }
+    stats {
+        enable-stats-d = true
+    }
+    call-status-checks {
+        // If all clients have their audio and video muted and if Jibri does not
+        // detect any data stream (audio or video) comming in, it will stop
+        // recording after NO_MEDIA_TIMEOUT expires.
+        no-media-timeout = 30 seconds
+
+        // If all clients have their audio and video muted, Jibri consideres this
+        // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
+        all-muted-timeout = 10 minutes
+
+        // When detecting if a call is empty, Jibri takes into consideration for how
+        // long the call has been empty already. If it has been empty for more than
+        // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
+        default-call-empty-timeout = 30 seconds
+    }
+    recording {
+         recordings-directory = "DIR_RECORD"
+         finalize-script = "REC_DIR"
+    }
+    api {
+        xmpp {
+            environments = [
+                {
+                // A user-friendly name for this environment
+                name = "JB_NAME"
+
+                // A list of XMPP server hosts to which we'll connect
+                xmpp-server-hosts = [ "DOMAIN" ]
+
+                // The base XMPP domain
+                xmpp-domain = "DOMAIN"
+
+                // The MUC we'll join to announce our presence for
+                // recording and streaming services
+                control-muc {
+                    domain = "internal.auth.DOMAIN"
+                    room-name = "JibriBrewery"
+                    nickname = "Live"
+                }
+
+                // The login information for the control MUC
+                control-login {
+                    domain = "auth.DOMAIN"
+                    username = "jibri"
+                    password = "JB_AUTH_PASS"
+                }
+
+                // An (optional) MUC configuration where we'll
+                // join to announce SIP gateway services
+            //    sip-control-muc {
+            //        domain = "domain"
+            //        room-name = "room-name"
+            //        nickname = "nickname"
+            //    }
+
+                // The login information the selenium web client will use
+                call-login {
+                    domain = "recorder.DOMAIN"
+                    username = "recorder"
+                    password = "JB_REC_PASS"
+                }
+
+                // The value we'll strip from the room JID domain to derive
+                // the call URL
+                strip-from-room-domain = "conference."
+
+                // How long Jibri sessions will be allowed to last before
+                // they are stopped.  A value of 0 allows them to go on
+                // indefinitely
+                usage-timeout = 0 hour
+
+                // Whether or not we'll automatically trust any cert on
+                // this XMPP domain
+                trust-all-xmpp-certs = true
+                }
+            ]
+        }
+    }
+}

grafana.sh

@@ -58,6 +58,7 @@ GRAFANA_INI="/etc/grafana/grafana.ini"
 DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
 WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
 WS_MATCH1="# ensure all static content can always be found first"
+WS_MATCH2="upstream prosody {"
 GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
 
 # Min requirements
@@ -179,10 +180,30 @@ while [ $secs -gt 0 ]; do
 done
 
 if [ -f "$WS_CONF" ]; then
-    sed -i "/$WS_MATCH1/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" "$WS_CONF"
-    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana." "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ location ~ ^/(grafana/|grafana/login) {" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
     sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
     sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana Live WebSocket connections." "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ location /grafana/api/live/ {" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
+
+    sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections." "$WS_CONF"
+    sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i }" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i upstream grafana {" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i \ \ server localhost:3000;" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i }" "$WS_CONF"
     systemctl restart nginx
 else
     echo "No app configuration done to server file, please report to:
@@ -198,7 +219,7 @@ PUT -H "Content-Type: application/json;charset=UTF-8" -d \
   \"oldPassword\": \"admin\",
   \"newPassword\": \"$GRAFANA_PASS\",
   \"confirmNew\": \"$GRAFANA_PASS\"
-}" http://localhost:3000/api/user/password; echo ""
+}" http://127.0.0.1:3000/api/user/password; echo ""
 
 echo "
 # Create InfluxDB datasource
@@ -208,16 +229,16 @@ POST -H 'Content-Type: application/json;charset=UTF-8' -d \
 '{
     "name": "InfluxDB",
     "type": "influxdb",
-    "url": "http://localhost:8086",
+    "url": "http://127.0.0.1:8086",
     "access": "proxy",
     "isDefault": true,
     "database": "jitsi"
-}' http://localhost:3000/api/datasources; echo ""
+}' http://127.0.0.1:3000/api/datasources; echo ""
 
 echo "
 # Add Grafana Dashboard
 "
-grafana_host="http://localhost:3000"
+grafana_host="http://127.0.0.1:3000"
 grafana_cred="admin:$GRAFANA_PASS"
 grafana_datasource="InfluxDB"
 ds=(11969);

images/watermark2.svg

@@ -1,57 +1 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-
-<svg
-   width="0.00026458237mm"
-   height="0.00037725855mm"
-   viewBox="0 0 0.00026458237 0.00037725855"
-   version="1.1"
-   id="svg1"
-   inkscape:version="1.3.2 (1:1.3.2+202311252150+091e20ef0f)"
-   sodipodi:docname="watermark2.svg"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg">
-  <sodipodi:namedview
-     id="namedview1"
-     pagecolor="#ffffff"
-     bordercolor="#000000"
-     borderopacity="0.25"
-     inkscape:showpageshadow="2"
-     inkscape:pageopacity="0.0"
-     inkscape:pagecheckerboard="0"
-     inkscape:deskcolor="#d1d1d1"
-     inkscape:document-units="mm"
-     inkscape:zoom="32.776423"
-     inkscape:cx="3.8442267"
-     inkscape:cy="9.4732729"
-     inkscape:window-width="1918"
-     inkscape:window-height="1008"
-     inkscape:window-x="0"
-     inkscape:window-y="0"
-     inkscape:window-maximized="1"
-     inkscape:current-layer="layer1" />
-  <defs
-     id="defs1" />
-  <g
-     inkscape:label="Capa 1"
-     inkscape:groupmode="layer"
-     id="layer1"
-     transform="translate(-73.084889,-67.205357)">
-    <rect
-       style="fill:#8080ff;stroke:#ffffff;stroke-width:1"
-       id="rect1"
-       width="0"
-       height="0"
-       x="75.899414"
-       y="71.763123" />
-    <rect
-       style="fill:#8080ff;stroke:#ffffff;stroke-width:0.000112676;stroke-dasharray:none"
-       id="rect2"
-       width="0.00015190637"
-       height="0.00026458254"
-       x="73.084946"
-       y="67.205414" />
-  </g>
-</svg>
+<?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" width="1" height="1"/>

jm-bm.sh

@@ -27,7 +27,7 @@ BUNDLE_JS="/usr/share/jitsi-meet/libs/app.bundle.min.js"
 #
 JM_IMG_PATH="/usr/share/jitsi-meet/images"
 WTM2_PATH="$JM_IMG_PATH/watermark2.png"
-WTM2_SVG_PATH="$JM_IMG_PATH/watermark2.png"
+WTM2_SVG_PATH="$JM_IMG_PATH/watermark2.svg"
 FICON_PATH="$JM_IMG_PATH/favicon2.ico"
 REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png"
 #
@@ -74,6 +74,8 @@ if ! grep -q ".leftwatermark{display:none" "$CSS_FILE" ; then
 fi
 #Replace App logo
 sed -i "s|// defaultLogoUrl: .*|    defaultLogoUrl: 'images/watermark2.svg',|" "$MEET_CONF"
+#Overwrite favicon svg
+cp images/watermark2.svg $JM_IMG_PATH/favicon.svg
 
 #Customize room title
 sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE"

quick_jibri_installer.sh

@@ -538,19 +538,20 @@ JB_NAME="Jibri Sessions"
 LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
 MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
 MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua"
-ENABLE_SA="yes"
 MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
 MJS_USER="jbsync_$MJS_RAND_TAIL"
 MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
 FQDN_HOST="fqdn"
 JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf"
 WS_MATCH1="# ensure all static content can always be found first"
+WS_MATCH2="external_api.js"
 MEET_MATCH1="disable simulcast support."
 #GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release"
 
 # Make sure we can rely on the match strings.
 printf "> Testing match strings on config files.\n"
 test_match "$WS_MATCH1" "$WS_CONF"
+test_match "$WS_MATCH2" "$WS_CONF"
 test_match "$MEET_MATCH1" "$MEET_CONF"
 
 # Rename hostname for jitsi server
@@ -867,15 +868,6 @@ sed -i "/hideStorageWarning: false/,/Local recording configuration/s|// },|},|"
 sed -i "/fileRecordingsServiceEnabled: false,/a \\
     hiddenDomain: \'recorder.$DOMAIN\'," "$MEET_CONF"
 
-##Setup main language
-#if [ -z "$JB_LANG" ] || [ "$JB_LANG" = "en" ]; then
-    #echo "Leaving English (en) as default language..."
-    #sed -i "s|// defaultLanguage: 'en',|defaultLanguage: 'en',|" "$MEET_CONF"
-#else
-    #echo "Changing default language to: $JB_LANG"
-    #sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$JB_LANG\',|" "$MEET_CONF"
-#fi
-
 # Recording directory
 if [ ! -d "$DIR_RECORD" ]; then
     mkdir "$DIR_RECORD"
@@ -906,117 +898,15 @@ chmod +x "$REC_DIR"
 
 ## New Jibri Config (2020)
 mv "$JIBRI_CONF" ${JIBRI_CONF}-dpkg-file
-cat << NEW_CONF > "$JIBRI_CONF"
-// New XMPP environment config.
-jibri {
-    streaming {
-        // A list of regex patterns for allowed RTMP URLs.  The RTMP URL used
-        // when starting a stream must match at least one of the patterns in
-        // this list.
-        rtmp-allow-list = [
-          // By default, all services are allowed
-          ".*"
-        ]
-    }
-    ffmpeg {
-        resolution = $JIBRI_RES_CONF
-    }
-    chrome {
-        // The flags which will be passed to chromium when launching
-        flags = [
-          "--use-fake-ui-for-media-stream",
-          "--start-maximized",
-          "--kiosk",
-          "--enabled",
-          "--disable-infobars",
-          "--autoplay-policy=no-user-gesture-required",
-          "--ignore-certificate-errors",
-          "--disable-dev-shm-usage"
-        ]
-    }
-    stats {
-        enable-stats-d = true
-    }
-    call-status-checks {
-        // If all clients have their audio and video muted and if Jibri does not
-        // detect any data stream (audio or video) comming in, it will stop
-        // recording after NO_MEDIA_TIMEOUT expires.
-        no-media-timeout = 30 seconds
-
-        // If all clients have their audio and video muted, Jibri consideres this
-        // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
-        all-muted-timeout = 10 minutes
-
-        // When detecting if a call is empty, Jibri takes into consideration for how
-        // long the call has been empty already. If it has been empty for more than
-        // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
-        default-call-empty-timeout = 30 seconds
-    }
-    recording {
-         recordings-directory = "$DIR_RECORD"
-         finalize-script = "$REC_DIR"
-    }
-    api {
-        xmpp {
-            environments = [
-                {
-                // A user-friendly name for this environment
-                name = "$JB_NAME"
-
-                // A list of XMPP server hosts to which we'll connect
-                xmpp-server-hosts = [ "$DOMAIN" ]
-
-                // The base XMPP domain
-                xmpp-domain = "$DOMAIN"
-
-                // The MUC we'll join to announce our presence for
-                // recording and streaming services
-                control-muc {
-                    domain = "internal.auth.$DOMAIN"
-                    room-name = "$JibriBrewery"
-                    nickname = "Live"
-                }
-
-                // The login information for the control MUC
-                control-login {
-                    domain = "auth.$DOMAIN"
-                    username = "jibri"
-                    password = "$JB_AUTH_PASS"
-                }
-
-                // An (optional) MUC configuration where we'll
-                // join to announce SIP gateway services
-            //    sip-control-muc {
-            //        domain = "domain"
-            //        room-name = "room-name"
-            //        nickname = "nickname"
-            //    }
-
-                // The login information the selenium web client will use
-                call-login {
-                    domain = "recorder.$DOMAIN"
-                    username = "recorder"
-                    password = "$JB_REC_PASS"
-                }
-
-                // The value we'll strip from the room JID domain to derive
-                // the call URL
-                strip-from-room-domain = "conference."
-
-                // How long Jibri sessions will be allowed to last before
-                // they are stopped.  A value of 0 allows them to go on
-                // indefinitely
-                usage-timeout = 0 hour
-
-                // Whether or not we'll automatically trust any cert on
-                // this XMPP domain
-                trust-all-xmpp-certs = true
-                }
-            ]
-        }
-    }
-}
-NEW_CONF
+cp files/jibri.conf "$JIBRI_CONF"
+sed -i "s|JIBRI_RES_CONF|$JIBRI_RES_CONF|g" "$JIBRI_CONF"
+sed -i "s|DIR_RECORD|$DIR_RECORD|g" "$JIBRI_CONF"
+sed -i "s|REC_DIR|$REC_DIR|g" "$JIBRI_CONF"
+sed -i "s|JB_NAME|$JB_NAME|g" "$JIBRI_CONF"
+sed -i "s|DOMAIN|$DOMAIN|g" "$JIBRI_CONF"
+sed -i "s|JibriBrewery|$JibriBrewery|g" "$JIBRI_CONF"
+sed -i "s|JB_AUTH_PASS|$JB_AUTH_PASS|g" "$JIBRI_CONF"
+sed -i "s|JB_REC_PASS|$JB_REC_PASS|g" "$JIBRI_CONF"
 
 #Jibri xorg resolution
 sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF"
@@ -1091,28 +981,6 @@ sed -i "s|MJS_USER=.*|MJS_USER=\"$MJS_USER\"|" add-jvb2-node.sh
 sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh
 ##--
 
-#Tune webserver for Jitsi App control
-if [ -f "$WS_CONF" ]; then
-    sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
-    sed -i "/$WS_MATCH1/i \ \ \ \ location = \/external_api.min.js {" "$WS_CONF"
-    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" "$WS_CONF"
-    sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
-    sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
-    systemctl reload nginx
-else
-    echo "No app configuration done to server file, please report to:"
-    echo "  -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
-fi
-#Static avatar
-if [ "$ENABLE_SA" = "yes" ] && [ -f "$WS_CONF" ]; then
-    cp images/avatar2.png /usr/share/jitsi-meet/images/
-    sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" "$WS_CONF"
-    sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" "$WS_CONF"
-    sed -i "/location \/external_api.min.js/i \ \ \ \ }\\
-\ " "$WS_CONF"
-    sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" "$INT_CONF"
-    sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" "$INT_CONF"
-fi
 #nginx -tlsv1/1.1
 if [ "$DROP_TLS1" = "yes" ];then
     printf "\nDropping TLSv1/1.1\n\n"