quick_jibri_installer.sh: increase support to 22.04

fix key agregation and remove deprecated letsencrypt ppa
This commit is contained in:
Luis Guzmán 2023-02-22 03:44:44 -06:00
parent b67dda5efa
commit 18e4b5ca40
1 changed files with 15 additions and 47 deletions

View File

@ -108,8 +108,8 @@ echo "Add Prosody repo"
if [ "$PROSODY_REPO" = "main" ]; then if [ "$PROSODY_REPO" = "main" ]; then
echo "Prosody repository already installed" echo "Prosody repository already installed"
else else
echo "deb http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list echo "deb [signed-by=/etc/apt/trusted.gpg.d/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list
wget -qO - https://prosody.im/files/prosody-debian-packages.key | apt-key add - curl -s https://prosody.im/files/prosody-debian-packages.key > /etc/apt/trusted.gpg.d/prosody-debian-packages.key
fi fi
} }
dpkg-compare() { dpkg-compare() {
@ -150,24 +150,24 @@ if ! [ "$(id -u)" = 0 ]; then
fi fi
printf "\nOS: %s" "$(lsb_release -sd)" printf "\nOS: %s" "$(lsb_release -sd)"
if [ "$DIST" = "bionic" ] || \ if [ "$DIST" = "focal" ] || \
[ "$DIST" = "focal" ]; then [ "$DIST" = "jammy" ]; then
printf "\nGood, this is a supported platform!" printf "\nGood, this is a supported platform!"
else else
printf "\nSorry, this platform is not supported... exiting" printf "\nSorry, this platform is not supported... exiting"
exit exit
fi fi
#Suggest 20.04 LTS release over 18.04 in April 2022 #Suggest 22.04 LTS release over 20.04 in April 2024
TODAY=$(date +%s) TODAY=$(date +%s)
NEXT_LTS_DATE=$(date -d 2022-04-01 +%s) NEXT_LTS_DATE=$(date -d 2024-04-01 +%s)
if [ "$DIST" = "bionic" ]; then if [ "$DIST" = "focal" ]; then
if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then
echo " > $(lsb_release -sc), even when it's compatible and functional. echo " > $(lsb_release -sc), even when it's compatible and functional.
We suggest to use the next (LTS) release, for longer support and security reasons." We suggest to use the next (LTS) release, for longer support and security reasons."
read -n 1 -s -r -p "Press any key to continue..."$'\n' read -n 1 -s -r -p "Press any key to continue..."$'\n'
else else
echo "Bionic is supported." echo "Focal is supported."
fi fi
fi fi
@ -266,8 +266,8 @@ printf "\nAdd Jitsi repo\n"
if [ "$JITSI_REPO" = "stable" ]; then if [ "$JITSI_REPO" = "stable" ]; then
printf " - Jitsi stable repository already installed\n\n" printf " - Jitsi stable repository already installed\n\n"
else else
echo 'deb http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list echo 'deb [signed-by=/etc/apt/trusted.gpg.d/jitsi-key.gpg.key] http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - curl -s https://download.jitsi.org/jitsi-key.gpg.key > /etc/apt/trusted.gpg.d/jitsi-key.gpg.key
JITSI_REPO="stable" JITSI_REPO="stable"
fi fi
sleep .1 sleep .1
@ -279,7 +279,7 @@ if [ "$LE_SSL" = yes ]; then
printf " - We'll setup Let's Encrypt SSL certs.\n\n" printf " - We'll setup Let's Encrypt SSL certs.\n\n"
else else
printf " - We'll let you choose later on for it." printf " - We'll let you choose later on for it."
printf" Please be aware that a valid SSL cert is required for some features to work properly.\n\n" printf " Please be aware that a valid SSL cert is required for some features to work properly.\n\n"
fi fi
done done
sleep .1 sleep .1
@ -341,7 +341,7 @@ apt-get -y install \
if [ "$LE_SSL" = "yes" ]; then if [ "$LE_SSL" = "yes" ]; then
apt-get -y install \ apt-get -y install \
letsencrypt certbot
if [ "$(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo "# Disable pre-installed ufw, more on firewall see: echo "# Disable pre-installed ufw, more on firewall see:
> https://github.com/switnet-ltd/quick-jibri-installer/wiki/Firewall" > https://github.com/switnet-ltd/quick-jibri-installer/wiki/Firewall"
@ -412,7 +412,8 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then
echo "Google repository already set." echo "Google repository already set."
else else
echo "Installing Google Chrome Stable" echo "Installing Google Chrome Stable"
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - curl -s https://dl.google.com/linux/linux_signing_key.pub | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/google-chrome-key.gpg >/dev/null
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO"
fi fi
apt-get -q2 update apt-get -q2 update
@ -470,8 +471,6 @@ LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
MOD_LISTU="https://prosody.im/files/mod_listusers.lua" MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua"
ENABLE_SA="yes" ENABLE_SA="yes"
CERTBOT_REPO="$(apt-cache policy | awk '/certbot/{print$2}' | awk -F '/' 'NR==1{print$4}')"
CERTBOT_REL_FILE="http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/$(lsb_release -sc)/Release"
GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release" GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release"
MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
MJS_USER="jbsync_$MJS_RAND_TAIL" MJS_USER="jbsync_$MJS_RAND_TAIL"
@ -686,7 +685,7 @@ INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js"
ssl_wa() { ssl_wa() {
if [ "$LE_SSL" = "yes" ]; then if [ "$LE_SSL" = "yes" ]; then
systemctl stop "$1" systemctl stop "$1"
letsencrypt certonly --standalone --renew-by-default --agree-tos --email "$5" -d "$6" certbot certonly --standalone --renew-by-default --agree-tos --email "$5" -d "$6"
sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" "$4" sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" "$4"
sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" "$4" sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" "$4"
systemctl restart "$1" systemctl restart "$1"
@ -700,35 +699,6 @@ if [ "$LE_SSL" = "yes" ]; then
fi fi
} }
enable_letsencrypt() {
if [ "$LE_SSL" = "yes" ]; then
echo '
#--------------------------------------------------
# Starting LetsEncrypt configuration
#--------------------------------------------------
'
#Disabled 'til fixed upstream
#bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
echo "#Set and upgrade certbot PPA if posssible..."
if [ "$CERTBOT_REPO" = "certbot" ]; then
printf "\nCertbot repository already on the system!\nChecking for updates...\n"
apt-get -q2 update
apt-get -yq2 dist-upgrade
elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "200" ]; then
printf "\nAdding cerbot (formerly letsencrypt) PPA repository for latest updates\n"
echo "deb http://ppa.launchpad.net/certbot/certbot/ubuntu $DIST main" > /etc/apt/sources.list.d/certbot.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694
apt-get -q2 update
apt-get -yq2 dist-upgrade
elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "404" ]; then
printf "\nCertbot PPA is not available for %s just yet, it won't be installed...\n" "$(lsb_release -sc)"
fi
else
echo "SSL setup will be skipped."
fi
}
check_jibri() { check_jibri() {
if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ] if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
then then
@ -1194,8 +1164,6 @@ if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then
chmod -R 770 "$DIR_RECORD" chmod -R 770 "$DIR_RECORD"
fi fi
enable_letsencrypt
# Fix prosody not able to read SSL Certs # Fix prosody not able to read SSL Certs
chown -R root:prosody /etc/prosody/certs/ chown -R root:prosody /etc/prosody/certs/
chmod -R 650 /etc/prosody/certs/ chmod -R 650 /etc/prosody/certs/