diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 43d9c4f..442f393 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -348,6 +348,18 @@ mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file cat << NEW_CONF > $JIBRI_CONF // New XMPP environment config. jibri { + streaming { + // A list of regex patterns for allowed RTMP URLs. The RTMP URL used + // when starting a stream must match at least one of the patterns in + // this list. + rtmp-allow-list = [ + // By default, all services are allowed + ".*" + ] + } + ffmpeg { + resolution = "1920x1080" + } chrome { // The flags which will be passed to chromium when launching flags = [ @@ -361,6 +373,24 @@ jibri { "--disable-dev-shm-usage" ] } + stats { + enable-stats-d = true + } + call-status-checks { + // If all clients have their audio and video muted and if Jibri does not + // detect any data stream (audio or video) comming in, it will stop + // recording after NO_MEDIA_TIMEOUT expires. + no-media-timeout = 30 seconds + + // If all clients have their audio and video muted, Jibri consideres this + // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires. + all-muted-timeout = 10 minutes + + // When detecting if a call is empty, Jibri takes into consideration for how + // long the call has been empty already. If it has been empty for more than + // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording. + default-call-empty-timeout = 30 seconds + } recording { recordings-directory = $DIR_RECORD finalize-script = $REC_DIR diff --git a/jitsi-updater.sh b/jitsi-updater.sh index df2be6c..241ad31 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -21,7 +21,6 @@ if [ ! -f jm-bm.sh ]; then fi support="https://switnet.net/support" apt_repo="/etc/apt/sources.list.d" -LOC_REC="TBD" ENABLE_BLESSM="TBD" CHD_LTST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" CHD_LTST_2D="$(echo $CHD_LTST|cut -d "." -f 1,2)" @@ -160,11 +159,6 @@ else echo "Setting Support custom link" sed -i "s|https://jitsi.org/live|$support|g" $INT_CONF fi - printf "${Purple}========== Disable Localrecording ==========${Color_Off}\n" - if [ "$LOC_REC" != "on" ]; then - echo "Removing localrecording..." - sed -i "s|'localrecording',||" $INT_CONF - fi printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n" sed -i "s|'videobackgroundblur', ||" $INT_CONF fi diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 0fa958f..f4009da 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -78,7 +78,7 @@ do fi done #Simple DNS test -if [ "$PUBLIC_IP" = "$(dig -4 +short $NC_DOMAIN)" ]; then +if [ "$PUBLIC_IP" = "$(dig -4 +short $NC_DOMAIN|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then echo "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing... " else @@ -409,7 +409,7 @@ if [ "$ENABLE_HSTS" = "yes" ]; then sed -i "s|# add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF fi -if [ "$DISTRO_RELEASE" != "xenial" ] && [ ! -z "$PREAD_PROXY" ]; then +if [ ! -z "$PREAD_PROXY" ]; then echo " Setting up Nextcloud domain on Jitsi Meet turn proxy " diff --git a/mode/chp-mode.sh b/mode/chp-mode.sh index 8e0f7e9..7c4b760 100644 --- a/mode/chp-mode.sh +++ b/mode/chp-mode.sh @@ -160,35 +160,12 @@ elif [ "$CHAT_DISABLED" = "yes" ] || [ -z "$CHAT_DISABLED" ]; then fi done -#SYSTEM -##Disable swap -swapoff -a -sed -ir '/\sswap\s/s/^#?/#/' $FSTAB - -##Kernel -#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/tuning_and_optimizing_red_hat_enterprise_linux_for_oracle_9i_and_10g_databases/sect-oracle_9i_and_10g_tuning_guide-adjusting_network_settings-changing_network_kernel_settings -sysctl -w net.core.rmem_default=262144 -sysctl -w net.core.wmem_default=262144 -sysctl -w net.core.rmem_max=262144 -sysctl -w net.core.wmem_max=262144 -set_once "net.core.rmem_default=262144" "/etc/sysctl.conf" -set_once "net.core.wmem_default=262144" "/etc/sysctl.conf" -set_once "net.core.rmem_max=262144" "/etc/sysctl.conf" -set_once "net.core.wmem_max=262144" "/etc/sysctl.conf" - -#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes -sysctl -w net.ipv4.tcp_timestamps=0 -set_once "net.ipv4.tcp_timestamps=0" "/etc/sysctl.conf" - -#https://bugzilla.redhat.com/show_bug.cgi?id=1283676 -sysctl -w net.core.netdev_max_backlog=100000 -set_once "net.core.netdev_max_backlog=100000" "/etc/sysctl.conf" - -##nginx -sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf - -#Missing docs -#sysctl -w net.ipv4.tcp_low_latency=1 +## JMS system tune up +if [ "$MODE" = "debug" ]; then + bash $PWD/jms-stu.sh -m debug +else + bash $PWD/jms-stu.sh +fi #JVB2 ##Loose up logging diff --git a/mode/jms-stu.sh b/mode/jms-stu.sh new file mode 100644 index 0000000..9041b15 --- /dev/null +++ b/mode/jms-stu.sh @@ -0,0 +1,86 @@ +#!/bin/bash +# System-tune-up to remove system restrictions on a huge load of connections. +# SwITNet Ltd © - 2021, https://switnet.net/ +# GPLv3 or later. + +#Check if user is root +if ! [ $(id -u) = 0 ]; then + echo "You need to be root or have privileges!" + exit 0 +fi + +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo ./jms-stu.sh [-m debug]" && exit;; + esac +done + +echo ' +#-------------------------------------------------- +# Starting system tune up configuration +# for high performance +#-------------------------------------------------- +' + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + +set_once() { +if [ -z "$(awk '!/^ *#/ && NF {print}' "$2"|grep $(echo $1|awk -F '=' '{print$1}'))" ]; then + echo "Setting "$1" on "$2"..." + echo "$1" | tee -a "$2" +else + echo " \"$(echo $1|awk -F '=' '{print$1}')\" seems present, skipping setting this variable" +fi +} + +##Disable swap +swapoff -a +sed -r '/\sswap\s/s/^#?/#/' -i $FSTAB + +##Alternative swap tuning (need more documentation). +#vm.swappiness=10 +#vm.vfs_cache_pressure=50 + +##Kernel +#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/tuning_and_optimizing_red_hat_enterprise_linux_for_oracle_9i_and_10g_databases/sect-oracle_9i_and_10g_tuning_guide-adjusting_network_settings-changing_network_kernel_settings +sysctl -w net.core.rmem_default=262144 +sysctl -w net.core.wmem_default=262144 +sysctl -w net.core.rmem_max=262144 +sysctl -w net.core.wmem_max=262144 +set_once "net.core.rmem_default=262144" "/etc/sysctl.conf" +set_once "net.core.wmem_default=262144" "/etc/sysctl.conf" +set_once "net.core.rmem_max=262144" "/etc/sysctl.conf" +set_once "net.core.wmem_max=262144" "/etc/sysctl.conf" + +#system +#https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart +sysctl -w DefaultLimitNOFILE=65000 +sysctl -w DefaultLimitNPROC=65000 +sysctl -w DefaultTasksMax=65000 +set_once "DefaultLimitNOFILE=65000" "/etc/sysctl.conf" +set_once "DefaultLimitNPROC=65000" "/etc/sysctl.conf" +set_once "DefaultTasksMax=65000" "/etc/sysctl.conf" + +#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes +sysctl -w net.ipv4.tcp_timestamps=0 +set_once "net.ipv4.tcp_timestamps=0" "/etc/sysctl.conf" + +#https://bugzilla.redhat.com/show_bug.cgi?id=1283676 +sysctl -w net.core.netdev_max_backlog=100000 +set_once "net.core.netdev_max_backlog=100000" "/etc/sysctl.conf" + +##nginx +sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf +nginx -t + +#Missing docs +#sysctl -w net.ipv4.tcp_low_latency=1 + +echo "System tune up... + Done!" diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 28b27e0..5806551 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -284,7 +284,7 @@ if [ "$LE_SSL" = "yes" ]; then fi done #Simple DNS test - if [ "$PUBLIC_IP" = "$(dig -4 +short $JITSI_DOMAIN)" ]; then + if [ "$PUBLIC_IP" = "$(dig -4 +short $JITSI_DOMAIN||awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then echo "Server public IP & DNS record for $JITSI_DOMAIN seems to match, continuing... " else @@ -327,7 +327,8 @@ echo "# Check and Install HWE kernel if possible..." HWE_VIR_MOD=$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)") if [ "$HWE_VIR_MOD" = "1" ]; then apt-get -y install \ - linux-image-generic-hwe-$(lsb_release -sr) + linux-image-generic-hwe-$(lsb_release -sr) \ + linux-tools-generic-hwe-$(lsb_release -sr) else apt-get -y install \ linux-image-generic \ @@ -414,6 +415,13 @@ Remove Chrome warning... mkdir -p /etc/opt/chrome/policies/managed echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON +## JMS system tune up +if [ "$MODE" = "debug" ]; then + bash $PWD/mode/jms-stu.sh -m debug +else + bash $PWD/mode/jms-stu.sh +fi + echo ' ######################################################################## Please Setup Your Installation @@ -546,29 +554,7 @@ do echo "Static avatar will be enabled" fi done -# #Enable local audio recording - disabling -#while [[ "$ENABLE_LAR" != "yes" && "$ENABLE_LAR" != "no" ]] -#do -#read -p "> Do you want to enable local audio recording option?: (yes or no)"$'\n' -r ENABLE_LAR -#if [ "$ENABLE_LAR" = "no" ]; then -# echo "Local audio recording option won't be enabled" -#elif [ "$ENABLE_LAR" = "yes" ]; then -# echo "Local audio recording option will be enabled" -#fi -#done -#Secure room initial user -#while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]] -#do -#read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC -#if [ "$ENABLE_SC" = "no" ]; then -# echo "-- Secure rooms won't be enabled." -#elif [ "$ENABLE_SC" = "yes" ]; then -# echo "-- Secure rooms will be enabled." -# read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER -# read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS -#fi -#done echo " > Jitsi Meet Auth Method selection. " @@ -793,19 +779,6 @@ sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\ #sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF #fi -#LocalAudioRecording -if [ "$ENABLE_LAR" = "yes" ]; then - echo "# Enabling local recording (audio only)." - LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1) - LR_END=$((LR_STR + 18)) - sed -i "$LR_STR,$LR_END{s|// localRecording: {|localRecording: {|}" $MEET_CONF - sed -i "$LR_STR,$LR_END{s|// enabled: true,|enabled: true,|}" $MEET_CONF - sed -i "$LR_STR,$LR_END{s|// format: 'flac'|format: 'flac'|}" $MEET_CONF - sed -i "$LR_STR,$LR_END{s|// }|}|}" $MEET_CONF - sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF - sed -i "s|LOC_REC=.*|LOC_REC=\"on\"|" jitsi-updater.sh -fi - #Setup main language if [ -z $JB_LANG ] || [ "$JB_LANG" = "en" ]; then echo "Leaving English (en) as default language..." @@ -848,6 +821,18 @@ mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file cat << NEW_CONF > $JIBRI_CONF // New XMPP environment config. jibri { + streaming { + // A list of regex patterns for allowed RTMP URLs. The RTMP URL used + // when starting a stream must match at least one of the patterns in + // this list. + rtmp-allow-list = [ + // By default, all services are allowed + ".*" + ] + } + ffmpeg { + resolution = "1920x1080" + } chrome { // The flags which will be passed to chromium when launching flags = [ @@ -861,6 +846,24 @@ jibri { "--disable-dev-shm-usage" ] } + stats { + enable-stats-d = true + } + call-status-checks { + // If all clients have their audio and video muted and if Jibri does not + // detect any data stream (audio or video) comming in, it will stop + // recording after NO_MEDIA_TIMEOUT expires. + no-media-timeout = 30 seconds + + // If all clients have their audio and video muted, Jibri consideres this + // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires. + all-muted-timeout = 10 minutes + + // When detecting if a call is empty, Jibri takes into consideration for how + // long the call has been empty already. If it has been empty for more than + // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording. + default-call-empty-timeout = 30 seconds + } recording { recordings-directory = $DIR_RECORD finalize-script = $REC_DIR @@ -1017,11 +1020,11 @@ if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF fi #nginx -tlsv1/1.1 -if [ "$DROP_TLS1" = "yes" ] && [ "$DIST" != "xenial" ];then +if [ "$DROP_TLS1" = "yes" ];then echo -e "\nDropping TLSv1/1.1 in favor of v1.3\n" sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf #sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF -elif [ "$DROP_TLS1" = "yes" ] && [ "$DIST" = "xenial" ];then +elif [ "$DROP_TLS1" = "yes" ];then echo -e "\nOnly dropping TLSv1/1.1\n" sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf sed -i "s| TLSv1.3||" $WS_CONF @@ -1225,8 +1228,8 @@ if [ "$ENABLE_DOCKERPAD" = "yes" ]; then bash $PWD/etherpad.sh fi fi -#Prevent Jibri conecction issue -if [ -z "$(grep -n $DOMAIN /etc/hosts)" ];then +#Prevent JMS conecction issue +if [ -z "$(awk "/127.0.0.1/&&/$DOMAIN/{print\$1}" /etc/hosts)" ];then sed -i "/127.0.0.1/a \\ 127.0.0.1 $DOMAIN" /etc/hosts else diff --git a/tools/jibri-resolution-enhancer.sh b/tools/jibri-resolution-enhancer.sh index 0211749..e32180b 100644 --- a/tools/jibri-resolution-enhancer.sh +++ b/tools/jibri-resolution-enhancer.sh @@ -72,9 +72,9 @@ cd $JIBRI_ENH_PATH # Default values ## videoEncodePreset - "veryfast" || h264ConstantRateFactor - 25 # Recomemended values based on: https://trac.ffmpeg.org/wiki/Encode/H.264#crf -## videoEncodePreset - "medium" || h264ConstantRateFactor - 15 +## videoEncodePreset - "medium" || h264ConstantRateFactor - 17 sed -i "/videoEncodePreset/s|String =.*|String = \"medium\",|" src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt -sed -i "/h264ConstantRateFactor/s|Int =.*|Int = 15,|" src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt +sed -i "/h264ConstantRateFactor/s|Int =.*|Int = 17,|" src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt mvn package JIBRI_JAR="$(ls -Sh $JIBRI_ENH_PATH/target|awk '/dependencies/&&/.jar/{print}'|awk 'NR==1{print}')" diff --git a/tools/start-over.sh b/tools/start-over.sh index d784006..4e88c1a 100644 --- a/tools/start-over.sh +++ b/tools/start-over.sh @@ -96,7 +96,9 @@ apt-get -y purge jibri \ prosody #Services stop -remove_services jibri* +remove_services jibri +remove_services jibri-icewm +remove_services jibri-xorg #Cleaning packages apt-get -y autoremove