2020-12-12 04:04:57 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
# JWT Mode Setup
|
2025-02-20 09:26:11 +00:00
|
|
|
# SwITNet Ltd © - 2025, https://switnet.net/
|
2020-12-12 04:04:57 +00:00
|
|
|
# GPLv3 or later.
|
2022-05-21 01:07:02 +00:00
|
|
|
|
|
|
|
|
while getopts m: option
|
|
|
|
|
do
|
|
|
|
|
case "${option}"
|
|
|
|
|
in
|
|
|
|
|
m) MODE=${OPTARG};;
|
|
|
|
|
\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
#DEBUG
|
|
|
|
|
if [ "$MODE" = "debug" ]; then
|
|
|
|
|
set -x
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
|
2020-12-12 04:04:57 +00:00
|
|
|
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
|
2020-12-12 18:58:45 +00:00
|
|
|
JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties"
|
|
|
|
|
PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua"
|
|
|
|
|
PROSODY_SYS="/etc/prosody/prosody.cfg.lua"
|
2020-12-12 04:04:57 +00:00
|
|
|
APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)"
|
|
|
|
|
SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)"
|
2022-05-21 01:07:02 +00:00
|
|
|
SRP_STR="$(grep -n "VirtualHost \"$DOMAIN\"" "$PROSODY_FILE" | head -n1 | cut -d ":" -f1)"
|
|
|
|
|
SRP_END="$((SRP_STR + 10))"
|
2020-12-12 18:58:45 +00:00
|
|
|
|
2025-09-01 10:56:40 +00:00
|
|
|
# Prosody 0.12 only
|
|
|
|
|
if command -v prosodyctl >/dev/null 2>&1; then
|
|
|
|
|
PROSODY_VER="$(prosodyctl about 2>/dev/null | sed -n 's/^Prosody //p' | awk '{print $1}')"
|
|
|
|
|
case "$PROSODY_VER" in
|
|
|
|
|
0.12.*) : ;;
|
|
|
|
|
*) echo "Prosody $PROSODY_VER NO supported for JWT mode (required 0.12.x)"
|
|
|
|
|
exit 1 ;;
|
|
|
|
|
esac
|
2020-12-12 04:04:57 +00:00
|
|
|
fi
|
|
|
|
|
|
2025-09-01 10:56:40 +00:00
|
|
|
# Install dependencies
|
|
|
|
|
apt-get -y install python3-jwt
|
2020-12-12 04:04:57 +00:00
|
|
|
|
|
|
|
|
echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections
|
|
|
|
|
echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections
|
|
|
|
|
|
|
|
|
|
apt-get install -y jitsi-meet-tokens
|
|
|
|
|
|
2025-09-01 10:56:40 +00:00
|
|
|
# Setting up
|
2022-05-21 01:07:02 +00:00
|
|
|
sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" "$PROSODY_SYS"
|
2020-12-17 14:02:55 +00:00
|
|
|
#-
|
2022-08-19 11:47:21 +00:00
|
|
|
sed -i "$SRP_STR,$SRP_END{s|authentication = \"jitsi-anonymous\"|authentication = \"token\"|}" "$PROSODY_FILE"
|
2022-05-21 01:07:02 +00:00
|
|
|
sed -i "s|--app_id=\"example_app_id\"|app_id=\"$APP_ID\"|" "$PROSODY_FILE"
|
|
|
|
|
sed -i "s|--app_secret=\"example_app_secret\"|app_secret=\"$SECRET_APP\"|" "$PROSODY_FILE"
|
|
|
|
|
sed -i "/app_secret/a \\\\" "$PROSODY_FILE"
|
|
|
|
|
sed -i "/app_secret/a \ \ \ \ allow_empty_token = false" "$PROSODY_FILE"
|
|
|
|
|
sed -i "/app_secret/a \\\\" "$PROSODY_FILE"
|
|
|
|
|
sed -i "/app_secret/a \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" "$PROSODY_FILE"
|
|
|
|
|
sed -i "/app_secret/a \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \"RocketChat\" }" "$PROSODY_FILE"
|
|
|
|
|
sed -i "/app_secret/a \\\\" "$PROSODY_FILE"
|
|
|
|
|
sed -i "s|--allow_empty_token =.*|allow_empty_token = false|" "$PROSODY_FILE"
|
|
|
|
|
sed -i 's|--"token_verification"|"token_verification"|' "$PROSODY_FILE"
|
2020-12-12 04:04:57 +00:00
|
|
|
|
2025-09-01 10:56:40 +00:00
|
|
|
# Request auth
|
|
|
|
|
## JWT via Prosody: don't touch Jicofo
|
|
|
|
|
#sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" "$JICOFO_SIP"
|
2022-05-21 01:07:02 +00:00
|
|
|
sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" "$MEET_CONF"
|
2020-12-12 04:04:57 +00:00
|
|
|
|
2025-09-01 10:56:40 +00:00
|
|
|
# Enable jibri recording
|
2022-05-21 01:07:02 +00:00
|
|
|
cat << REC-JIBRI >> "$PROSODY_FILE"
|
2020-12-16 14:52:35 +00:00
|
|
|
|
|
|
|
|
VirtualHost "recorder.$DOMAIN"
|
|
|
|
|
modules_enabled = {
|
|
|
|
|
"ping";
|
|
|
|
|
}
|
2021-05-06 06:10:21 +00:00
|
|
|
authentication = "internal_hashed"
|
2020-12-16 14:52:35 +00:00
|
|
|
|
|
|
|
|
REC-JIBRI
|
|
|
|
|
|
2025-09-01 10:56:40 +00:00
|
|
|
# Setup guests and lobby
|
2022-05-21 01:07:02 +00:00
|
|
|
cat << P_SR >> "$PROSODY_FILE"
|
2020-12-16 09:04:20 +00:00
|
|
|
VirtualHost "guest.$DOMAIN"
|
2025-09-01 10:56:40 +00:00
|
|
|
authentication = "jitsi-anonymous"
|
2020-12-16 09:04:20 +00:00
|
|
|
c2s_require_encryption = false
|
2020-12-16 14:52:35 +00:00
|
|
|
speakerstats_component = "speakerstats.$DOMAIN"
|
2020-12-16 09:04:20 +00:00
|
|
|
|
2020-12-16 14:52:35 +00:00
|
|
|
modules_enabled = {
|
|
|
|
|
"speakerstats";
|
2021-01-20 14:13:05 +00:00
|
|
|
-- "conference_duration";
|
2020-12-16 14:52:35 +00:00
|
|
|
}
|
2020-12-16 09:04:20 +00:00
|
|
|
P_SR
|
2020-12-12 21:24:50 +00:00
|
|
|
|
2020-12-12 04:04:57 +00:00
|
|
|
echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n"
|
2021-05-06 06:10:21 +00:00
|
|
|
echo -e "\nAPP_ID: $APP_ID" && \
|
|
|
|
|
echo -e "SECRET_APP: $SECRET_APP\n"
|
2020-12-12 21:27:42 +00:00
|
|
|
|
2025-09-01 10:56:40 +00:00
|
|
|
echo -e "You can test JWT authentication with the following token for the next hour:\n"
|
2020-12-12 04:04:57 +00:00
|
|
|
pyjwt3 --key="$SECRET_APP" \
|
|
|
|
|
encode \
|
2025-09-01 10:56:40 +00:00
|
|
|
--alg HS256 \
|
2020-12-12 04:04:57 +00:00
|
|
|
group="Rocket.Chat" \
|
|
|
|
|
aud="$APP_ID" \
|
|
|
|
|
iss="$APP_ID" \
|
|
|
|
|
sub="$DOMAIN" \
|
|
|
|
|
room="*" \
|
2025-09-01 10:56:40 +00:00
|
|
|
exp="$(($(date +%s)+3600))"
|
2020-12-12 18:58:45 +00:00
|
|
|
|
2020-12-16 09:04:20 +00:00
|
|
|
read -n 1 -s -r -p $'\n'"Press any key to continue..."$'\n'
|
