From 3b8f8be1de23469d0b54a26608fac480dc4c90c8 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 23 Apr 2021 02:33:25 -0500 Subject: [PATCH 01/19] Fix secure rooms on new latest version --- quick_jibri_installer.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 4d1aaa7..cc9d755 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -716,7 +716,7 @@ VirtualHost "recorder.$DOMAIN" REC-JIBRI #Enable Jibri withelist -sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE +sed -i "s|-- muc_lobby_whitelist|muc_lobby_whitelist|" $PROSODY_FILE #Fix Jibri conectivity issues sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS @@ -1002,16 +1002,16 @@ else https://github.com/switnet-ltd/quick-jibri-installer/issues " fi -echo -e "\nDisable \"Blur my background\" until new notice\n" -sed -i "s|'videobackgroundblur', ||" $INT_CONF +#echo -e "\nDisable \"Blur my background\" until new notice\n" +#sed -i "s|'videobackgroundblur', ||" $INT_CONF #================== Setup prosody conf file ================= ###Setup secure rooms if [ "$ENABLE_SC" = "yes" ]; then - SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) + SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | awk -F ':' 'NR==1{print$1}') SRP_END=$((SRP_STR + 10)) - sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE + sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_hashed\"|}" $PROSODY_FILE sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF #Secure room initial user From 40414d9254494e7c0a972863f06a2f7567aef56a Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 23 Apr 2021 03:38:57 -0500 Subject: [PATCH 02/19] New blur works great, removing deprecated lines. --- quick_jibri_installer.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index cc9d755..f1268ea 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1002,9 +1002,6 @@ else https://github.com/switnet-ltd/quick-jibri-installer/issues " fi -#echo -e "\nDisable \"Blur my background\" until new notice\n" -#sed -i "s|'videobackgroundblur', ||" $INT_CONF - #================== Setup prosody conf file ================= ###Setup secure rooms From 632df9b9051c985b56ce2ddd4b2a6a2b201f6af1 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 23 Apr 2021 03:41:19 -0500 Subject: [PATCH 03/19] Remove unused lines from prosody config --- quick_jibri_installer.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index f1268ea..75fed37 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1039,15 +1039,10 @@ VirtualHost "guest.$DOMAIN" authentication = "anonymous" c2s_require_encryption = false speakerstats_component = "speakerstats.$DOMAIN" --- conference_duration_component = "conferenceduration.$DOMAIN" --- lobby_muc = "lobby.$DOMAIN" main_muc = "conference.$DOMAIN" --- muc_lobby_whitelist = { "recorder.$DOMAIN", "auth.$DOMAIN" } modules_enabled = { "speakerstats"; --- "conference_duration"; --- "muc_lobby_rooms"; } P_SR From 5b0583208d32bed021009373b212a7c3ef458210 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 23 Apr 2021 06:57:44 -0500 Subject: [PATCH 04/19] Add enable close page option --- quick_jibri_installer.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 75fed37..27fbf91 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -505,6 +505,16 @@ do echo "Welcome page will be enabled." fi done +#Close page +while [[ "$ENABLE_CLOCP" != "yes" && "$ENABLE_CLOCP" != "no" ]] +do + read -p "> Do you want to enable the actual close page: (yes or no)"$'\n' -r ENABLE_CLOCP + if [ "$ENABLE_CLOCP" = "yes" ]; then + echo "Close page will be enabled." + elif [ "$ENABLE_CLOCP" = "no" ]; then + echo "Close page will be keept disabled." + fi +done #Enable static avatar while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] do @@ -711,7 +721,7 @@ VirtualHost "recorder.$DOMAIN" modules_enabled = { "ping"; } - authentication = "internal_plain" + authentication = "internal_hashed" REC-JIBRI @@ -1062,6 +1072,12 @@ if [ "$ENABLE_WELCP" = "yes" ]; then elif [ "$ENABLE_WELCP" = "no" ]; then sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" $MEET_CONF fi +#Enable close page +if [ "$ENABLE_CLOCP" = "yes" ]; then + sed -i "s|.*enableClosePage:.*| enableClosePage: true,|" $MEET_CONF +elif [ "$ENABLE_CLOCP" = "no" ]; then + sed -i "s|.*enableClosePage:.*| enableClosePage: false,|" $MEET_CONF +fi #Set displayname as not required since jibri can't set it up. sed -i "s|// requireDisplayName: true,|requireDisplayName: false,|" $MEET_CONF From be8fcf3ef3d7ae667b4ed02230a77ee014a156a9 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 23 Apr 2021 06:58:41 -0500 Subject: [PATCH 05/19] Apply brandless mode to svg image. --- jm-bm.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/jm-bm.sh b/jm-bm.sh index ed14b90..a500639 100644 --- a/jm-bm.sh +++ b/jm-bm.sh @@ -76,4 +76,5 @@ else sed -i "s|SUPPORT_URL: .*|SUPPORT_URL: '#',|g" "$INT_CONF" #Logo 2 sed -i "s|watermark.png|watermark2.png|g" "$INT_CONF" + sed -i "s|watermark.svg|watermark2.png|g" "$INT_CONF" fi From de59dc7d247dab14a4e16b4d3350746abf5613e1 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sun, 25 Apr 2021 18:04:12 -0500 Subject: [PATCH 06/19] Fix residual folder on external jibri node sync --- add-jibri-node.sh | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 0790d0e..624c4f0 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -324,10 +324,19 @@ echo "or storage provider, etc.) in this script" >> /tmp/finalize.out chmod -R 770 \$RECORDINGS_DIR +#Rename folder. LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -n -r|awk '{print\$2}'| grep -v "meta\|-" | head -n1)" NJF_NAME="\$(find \$LJF_PATH |grep -e "-"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)" NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME" -mv \$LJF_PATH \$NJF_PATH + +##Prevent empty recording directory failsafe +if [ "\$LJF_PATH" != "\$RECORDINGS_DIR" ]; then + mv \$LJF_PATH \$NJF_PATH + #Workaround for jibri to do cleaning. + ssh -i /home/jibri/jbsync.pem $MJS_USER@$MAIN_SRV_DOMAIN "rm -r \$LJF_PATH" +else + echo "No new folder recorded, not removing anything." +fi exit 0 REC_DIR @@ -425,6 +434,11 @@ echo "$NJN_USER:$NJN_USER_PASS" | chpasswd echo -e "\n---- We'll connect to main server ----" read -n 1 -s -r -p "Press any key to continue..."$'\n' sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" + +#Workaround for jibri to do cleaning. +install -m 0600 -o jibri /home/$NJN_USER/.ssh/id_rsa /home/jibri/jbsync.pem +sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts" + echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts ssh $MJS_USER@$MAIN_SRV_DOMAIN sh -c "'cat >> .ssh/authorized_keys'" < /home/$NJN_USER/.ssh/id_rsa.pub From fedba4cf3f13c358f2dff8387afb4e41f59c294c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 26 Apr 2021 15:58:23 -0500 Subject: [PATCH 07/19] Add partial support for newer version than 2.0.5390-3 Fix and improve some variable checks --- mode/chp-mode.sh | 87 ++++++++++++++++++++++++++++++------------------ 1 file changed, 55 insertions(+), 32 deletions(-) diff --git a/mode/chp-mode.sh b/mode/chp-mode.sh index f361a3a..2e8d63b 100644 --- a/mode/chp-mode.sh +++ b/mode/chp-mode.sh @@ -31,9 +31,20 @@ while [ $secs -gt 0 ]; do : $((secs--)) done } +set_once() { +if [ -z "$(awk '!/^ *#/ && NF {print}' "$2"|grep $(echo $1|awk -F '=' '{print$1}'))" ]; then + echo "Setting "$1" on "$2"..." + echo "$1" | tee -a "$2" +else + echo " \"$(echo $1|awk -F '=' '{print$1}')\" seems present, skipping setting this variable" +fi +} +# True if $1 is greater than $2 +version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; } + LTS_REL="$(lsb_release -d | awk '{print$4}')" -DOMAIN="$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" JVB_LOG_POP="/etc/jitsi/videobridge/logging.properties" JVB_RC="/usr/share/jitsi-videobridge/lib/videobridge.rc" JICOFO_LOG_POP="/etc/jitsi/videobridge/logging.properties" @@ -102,7 +113,7 @@ echo " #-------------------------------------------------- " echo "If you are using a high volume of users we recommend to use nHD (640x360), -or at most qHD (960x540) resolution as default, since bandwith increase +or at most qHD (960x540) resolution as default, since bandwith increase exponentially with the more concurrent users on a meeting. Either way, choose your desired video resolution. " @@ -160,18 +171,18 @@ sysctl -w net.core.rmem_default=262144 sysctl -w net.core.wmem_default=262144 sysctl -w net.core.rmem_max=262144 sysctl -w net.core.wmem_max=262144 -echo 'net.core.rmem_default=262144' | tee -a /etc/sysctl.conf -echo 'net.core.wmem_default=262144' | tee -a /etc/sysctl.conf -echo 'net.core.rmem_max=262144' | tee -a /etc/sysctl.conf -echo 'net.core.wmem_max=262144' | tee -a /etc/sysctl.conf +set_once "net.core.rmem_default=262144" "/etc/sysctl.conf" +set_once "net.core.wmem_default=262144" "/etc/sysctl.conf" +set_once "net.core.rmem_max=262144" "/etc/sysctl.conf" +set_once "net.core.wmem_max=262144" "/etc/sysctl.conf" #https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes sysctl -w net.ipv4.tcp_timestamps=0 -echo 'net.ipv4.tcp_timestamps=0' | tee -a /etc/sysctl.conf +set_once "net.ipv4.tcp_timestamps=0" "/etc/sysctl.conf" #https://bugzilla.redhat.com/show_bug.cgi?id=1283676 sysctl -w net.core.netdev_max_backlog=100000 -echo 'net.core.netdev_max_backlog=100000' | tee -a /etc/sysctl.conf +set_once "net.core.netdev_max_backlog=100000" "/etc/sysctl.conf" ##nginx sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf @@ -180,7 +191,7 @@ sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf #sysctl -w net.ipv4.tcp_low_latency=1 #JVB2 -##Loose up logging +##Loose up logging # https://community.jitsi.org/t/23641/13 sed -i "/java.util.logging.FileHandler.level/s|ALL|WARNING|g" $JVB_LOG_POP sed -i "s|^.level=INFO|.level=WARNING|" $JVB_LOG_POP @@ -284,19 +295,35 @@ sed -i "s|OPTIMAL_BROWSERS: \[.*|OPTIMAL_BROWSERS: \[ 'chrome', 'chromium', 'ele sed -i "s|UNSUPPORTED_BROWSERS: .*|UNSUPPORTED_BROWSERS: \[ 'nwjs', 'safari', 'firefox' \],|" $INT_CONF_JS_HP ### Toolbars -sed -i "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" $INT_CONF_JS_HP - -sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ TOOLBAR_BUTTONS: \[" $INT_CONF_JS_HP -sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," $INT_CONF_JS_HP -if [ -z "$CHAT_DISABLED" ] || [ "$CHAT_DISABLED" = "yes" ]; then -sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," $INT_CONF_JS_HP +if version_gt "$(apt-show-versions jitsi-meet|awk '{print$2}')" "2.0.5390-3" ; then + #New toolbar in config.js + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ toolbarButtons:: \[" $MEET_CONF_HP + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," $MEET_CONF_HP + if [ -z "$CHAT_DISABLED" ] || [ "$CHAT_DISABLED" = "yes" ]; then + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," $MEET_CONF_HP + else + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording'," $MEET_CONF_HP + fi + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'livestreaming', 'etherpad', 'settings', 'raisehand'," $MEET_CONF_HP + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," $MEET_CONF_HP + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'" $MEET_CONF_HP + sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \]," $MEET_CONF_HP else -sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording'," $INT_CONF_JS_HP + #Old toolbar in interface.js (soon deprecated on newer versions) + sed -i "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" $INT_CONF_JS_HP + + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ TOOLBAR_BUTTONS: \[" $INT_CONF_JS_HP + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," $INT_CONF_JS_HP + if [ -z "$CHAT_DISABLED" ] || [ "$CHAT_DISABLED" = "yes" ]; then + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," $INT_CONF_JS_HP + else + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording'," $INT_CONF_JS_HP + fi + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'livestreaming', 'etherpad', 'settings', 'raisehand'," $INT_CONF_JS_HP + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," $INT_CONF_JS_HP + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'" $INT_CONF_JS_HP + sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \]," $INT_CONF_JS_HP fi -sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'livestreaming', 'etherpad', 'settings', 'raisehand'," $INT_CONF_JS_HP -sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," $INT_CONF_JS_HP -sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'security'" $INT_CONF_JS_HP -sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \]," $INT_CONF_JS_HP #Check config file echo -e "\n# Checking $MEET_CONF file for errors\n" @@ -304,23 +331,19 @@ CHECKJS_MEET_CHP=$(esvalidate $MEET_CONF_HP| cut -d ":" -f2) if [ -z "$CHECKJS_MEET_CHP" ]; then echo -e "\n# The $MEET_CONF_HP configuration seems correct. =)\n" else -echo " -Watch out!, there seems to be an issue on $MEET_CONF line: -$CHECKJS -Most of the times this is due upstream changes, please report to -https://github.com/switnet-ltd/quick-jibri-installer/issues -" +echo -e "\n Watch out!, there seems to be an issue on $MEET_CONF_HP line: + $CHECKJS_MEET_CHP + Most of the times this is due upstream changes, please report to + https://github.com/switnet-ltd/quick-jibri-installer/issues\n" fi CHECKJS_INT_CHP=$(esvalidate $INT_CONF_JS_HP| cut -d ":" -f2) if [ -z "$CHECKJS_INT_CHP" ]; then echo -e "\n# The $INT_CONF_JS_HP configuration seems correct. =)\n" else -echo " -Watch out!, there seems to be an issue on $MEET_CONF line: -$CHECKJS -Most of the times this is due upstream changes, please report to -https://github.com/switnet-ltd/quick-jibri-installer/issues -" +echo -e "\n Watch out!, there seems to be an issue on $INT_CONF_JS_HP line: + $CHECKJS_INT_CHP + Most of the times this is due upstream changes, please report to + https://github.com/switnet-ltd/quick-jibri-installer/issues\n" fi sed -i "s|$MEET_CONF|$MEET_CONF_HP|g" $WS_CONF From d5ac52d98e8971a01f5a6dd6da5c32f2c7c3613b Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 26 Apr 2021 17:06:54 -0500 Subject: [PATCH 08/19] Add FQDN option to be used as hostname. --- quick_jibri_installer.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 27fbf91..92a781b 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -433,10 +433,21 @@ GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_rele MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" MJS_USER="jbsync_$MJS_RAND_TAIL" MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" +FQDN_HOST="fqdn" # Rename hostname for jitsi server -#hostnamectl set-hostname "jitsi.${DOMAIN}" -#sed -i "1i ${PUBLIC_IP} jitsi.${DOMAIN}" /etc/hosts +while [[ "$FQDN_HOST" != "yes" && "$FQDN_HOST" != "no" && ! -z "$FQDN_HOST" ]] +do + echo -e "> Do you want to use your internet domain ($DOMAIN) as a fqdn hotsname?: (yes or no)" && \ + read -p "Leave empty to default to your current one ($(hostname -f)): "$'\n' FQDN_HOST + if [ "$FQDN_HOST" = "yes" ]; then + echo "We'll use your domain ($DOMAIN) as a fqdn hostname, changes will show on reboot." + hostnamectl set-hostname "${DOMAIN}" + sed -i "1i ${PUBLIC_IP} ${DOMAIN}" /etc/hosts + else + echo "We'll keep the current one ($(hostname -f)) you're using." + fi +done #Sysadmin email if [ "$LE_SSL" = "yes" ]; then From 2af68d90e0d2af60556fcd9549228f28ad239a8b Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 26 Apr 2021 18:42:14 -0500 Subject: [PATCH 09/19] New domain variable --- add-jvb2-node.sh | 2 +- grafana.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index 8d844fd..a651b07 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -59,7 +59,7 @@ START=0 LAST=TBD THIS_SRV_DIST=$(lsb_release -sc) -JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) +JITSI_REPO=$(apt-cache policy | awk '/jitsi/&&/stable/{print$3}' | awk -F / 'NR==1{print$1}') JVB2_CONF="/etc/jitsi/videobridge/config" JVB2_NCONF="/etc/jitsi/videobridge/jvb.conf" JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties" diff --git a/grafana.sh b/grafana.sh index 12177c1..f5aba5b 100644 --- a/grafana.sh +++ b/grafana.sh @@ -46,7 +46,7 @@ systemctl status $1 MAIN_TEL="/etc/telegraf/telegraf.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" GRAFANA_INI="/etc/grafana/grafana.ini" -DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') +DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf" GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" From a7dc7e19a73cb7831f3caaf64c731fc6a93b70a3 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 26 Apr 2021 19:27:17 -0500 Subject: [PATCH 10/19] Fix typo and readability --- quick_jibri_installer.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 92a781b..e6635a9 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -438,7 +438,7 @@ FQDN_HOST="fqdn" # Rename hostname for jitsi server while [[ "$FQDN_HOST" != "yes" && "$FQDN_HOST" != "no" && ! -z "$FQDN_HOST" ]] do - echo -e "> Do you want to use your internet domain ($DOMAIN) as a fqdn hotsname?: (yes or no)" && \ + echo -e "> Do you want to use your internet domain ($DOMAIN) as a fqdn hostname?: (yes or no)" && \ read -p "Leave empty to default to your current one ($(hostname -f)): "$'\n' FQDN_HOST if [ "$FQDN_HOST" = "yes" ]; then echo "We'll use your domain ($DOMAIN) as a fqdn hostname, changes will show on reboot." @@ -463,8 +463,7 @@ You can define the language, for a complete list of the supported languages See here: https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json -Jitsi Meet web interface will be set to use such language. -" +Jitsi Meet web interface will be set to use such language." read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r JB_LANG echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n" #Participant @@ -519,7 +518,7 @@ done #Close page while [[ "$ENABLE_CLOCP" != "yes" && "$ENABLE_CLOCP" != "no" ]] do - read -p "> Do you want to enable the actual close page: (yes or no)"$'\n' -r ENABLE_CLOCP + read -p "> Do you want to enable the close page on exit the room: (yes or no)"$'\n' -r ENABLE_CLOCP if [ "$ENABLE_CLOCP" = "yes" ]; then echo "Close page will be enabled." elif [ "$ENABLE_CLOCP" = "no" ]; then @@ -1009,15 +1008,15 @@ if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then fi #nginx -tlsv1/1.1 if [ "$DROP_TLS1" = "yes" ] && [ "$DIST" != "xenial" ];then - echo -e "\nDropping TLSv1/1.1 in favor of v1.3" + echo -e "\nDropping TLSv1/1.1 in favor of v1.3\n" sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf #sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF elif [ "$DROP_TLS1" = "yes" ] && [ "$DIST" = "xenial" ];then - echo -e "\nOnly dropping TLSv1/1.1" + echo -e "\nOnly dropping TLSv1/1.1\n" sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf sed -i "s| TLSv1.3||" $WS_CONF elif [ "$DROP_TLS1" = "no" ];then - echo "No TLSv1/1.1 dropping was done." + echo -e "\nNo TLSv1/1.1 dropping was done.\n" else echo "No condition meet, please report to https://github.com/switnet-ltd/quick-jibri-installer/issues " From 9923b8c566dae3009bffe7fdcb288af8649a94b2 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 26 Apr 2021 19:30:36 -0500 Subject: [PATCH 11/19] Add Nextcloud domain simple DNS test. --- jra_nextcloud.sh | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 1f0f593..ec27ee7 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -60,16 +60,39 @@ JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" if [ -f $JITSI_MEET_PROXY ];then PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) fi +PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" -while [[ -z "$NC_DOMAIN" ]] +while [[ "$ANS_NCD" != "yes" ]] do - read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN - if [ -z "$NC_DOMAIN" ];then - echo "-- This field is mandatory." - elif [ "$NC_DOMAIN" = "$DOMAIN" ]; then - echo "-- You can not use the same domain for both, Jitsi Meet and JRA via Nextcloud." - fi + read -p "> Please set your domain (or subdmain) here for Nextcloud: (e.g.: jitsi.domain.com)"$'\n' -r NC_DOMAIN + if [ -z "$NC_DOMAIN" ];then + echo "-- This field is mandatory." + elif [ "$NC_DOMAIN" = "$DOMAIN" ]; then + echo "-- You can not use the same domain for both, Jitsi Meet and JRA via Nextcloud." + fi + read -p "> Did you mean?: $NC_DOMAIN (yes or no)"$'\n' -r ANS_NCD + if [ "$ANS_NCD" = "yes" ]; then + echo "Alright, let's use $NC_DOMAIN." + else + echo "Please try again." + fi done + #Simple DNS test +if [ "$PUBLIC_IP" = "$(dig -4 +short $NC_DOMAIN)" ]; then + echo "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing... +" +else + echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match." + echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail." + read -p " > Do you want to continue?: (yes or no)"$'\n' -r DNS_CONTINUE + if [ "$DNS_CONTINUE" = "yes" ]; then + echo " - We'll continue anyway..." + else + echo " - Exiting for now..." + exit + fi +fi + NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf" while [[ -z "$NC_USER" ]] do From 7473035b38dc54d3d0403b987f692af53abd7341 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 26 Apr 2021 20:20:49 -0500 Subject: [PATCH 12/19] Fix postgres version query --- jra_nextcloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index ec27ee7..b9f67ca 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -41,7 +41,7 @@ DISTRO_RELEASE="$(lsb_release -sc)" DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')" PHPVER="7.4" -PSGVER="$(apt-cache madison postgresql | awk -F '[|+]' 'NR==1{print $2}')" +PSGVER="$(apt-cache madison postgresql|awk -F'[ +]' 'NR==1{print $3}')" PHP_FPM_DIR="/etc/php/$PHPVER/fpm" PHP_INI="$PHP_FPM_DIR/php.ini" PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf" @@ -64,7 +64,7 @@ PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" while [[ "$ANS_NCD" != "yes" ]] do - read -p "> Please set your domain (or subdmain) here for Nextcloud: (e.g.: jitsi.domain.com)"$'\n' -r NC_DOMAIN + read -p "> Please set your domain (or subdmain) here for Nextcloud: (e.g.: cloud.domain.com)"$'\n' -r NC_DOMAIN if [ -z "$NC_DOMAIN" ];then echo "-- This field is mandatory." elif [ "$NC_DOMAIN" = "$DOMAIN" ]; then From 9a46e4d36e87e965979ba7700ce043bfcae6725c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 26 Apr 2021 22:01:35 -0500 Subject: [PATCH 13/19] Fix path for key --- add-jibri-node.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 624c4f0..2ed0dea 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -437,7 +437,7 @@ sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N #Workaround for jibri to do cleaning. install -m 0600 -o jibri /home/$NJN_USER/.ssh/id_rsa /home/jibri/jbsync.pem -sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts" +sudo -u jibri ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts From b59d24a41e39d13a8204e257750f09f05b5e77cd Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 26 Apr 2021 22:07:04 -0500 Subject: [PATCH 14/19] Satisfy imagick requirement & disable support app --- jra_nextcloud.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index b9f67ca..d5d9479 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -171,12 +171,14 @@ install_ifnot postgresql-$PSGVER # PHP 7.4 add_php74 apt-get install -y \ + imagemagick \ php$PHPVER-fpm \ php$PHPVER-bcmath \ php$PHPVER-bz2 \ php$PHPVER-curl \ php$PHPVER-gd \ php$PHPVER-gmp \ + php$PHPVER-imagick \ php$PHPVER-intl \ php$PHPVER-json \ php$PHPVER-ldap \ @@ -187,7 +189,6 @@ apt-get install -y \ php$PHPVER-xml \ php$PHPVER-xmlrpc \ php$PHPVER-zip \ - php-imagick \ redis-server \ unzip @@ -478,6 +479,7 @@ Addding & Setting up Files External App for Local storage... " sudo -u www-data php $NC_PATH/occ app:install files_external sudo -u www-data php $NC_PATH/occ app:enable files_external +sudo -u www-data php $NC_PATH/occ app:disable support sudo -u www-data php $NC_PATH/occ files_external:import /tmp/jra-nc-app-ef.json usermod -a -G jibri www-data From 417977afe71a67407fa79214dd6706fc8a2f031a Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 26 Apr 2021 22:08:10 -0500 Subject: [PATCH 15/19] Fi grammar --- quick_jibri_installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index e6635a9..85da930 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -518,7 +518,7 @@ done #Close page while [[ "$ENABLE_CLOCP" != "yes" && "$ENABLE_CLOCP" != "no" ]] do - read -p "> Do you want to enable the close page on exit the room: (yes or no)"$'\n' -r ENABLE_CLOCP + read -p "> Do you want to enable the close page on room exit: (yes or no)"$'\n' -r ENABLE_CLOCP if [ "$ENABLE_CLOCP" = "yes" ]; then echo "Close page will be enabled." elif [ "$ENABLE_CLOCP" = "no" ]; then From f5fb297c143b1c9b729748db3d41c284dbf4eba0 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 27 Apr 2021 07:09:22 -0500 Subject: [PATCH 16/19] Fix typo on varible query --- tools/test-jibri-env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/test-jibri-env.sh b/tools/test-jibri-env.sh index cfa6be5..6ade25b 100644 --- a/tools/test-jibri-env.sh +++ b/tools/test-jibri-env.sh @@ -154,7 +154,7 @@ if [ -z $SND_AL_MODULE ]; then please try rebooting.\nFor now wait 'til the end of the recommended kernel installation." echo "# Check and Install HWE kernel if possible..." if uname -r | grep -q aws;then - KNL_HWE="$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr)|awk 'NR__1{print$3}'|cut -d "." -f1-4)" + KNL_HWE="$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr)|awk 'NR==1{print$3}'|cut -d "." -f1-4)" KNL_MENU="$(awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg|awk '!/recovery/&&/generic/{print$3,$4}'|grep $KNL_HWE)" if [ ! -z "$KNL_MENU" ];then echo -e "\nSeems you are using an AWS kernel \xE2\x9C\x96 <== IMPORTANT! \nYou might consider modify your grub (/etc/default/grub) to use the following:" && \ From e9cebd3b9e1284edd3d16df06fa83f777a0859d6 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 27 Apr 2021 08:33:46 -0500 Subject: [PATCH 17/19] Drop support for 16.04 --- quick_jibri_installer.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 85da930..13dd707 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -148,8 +148,7 @@ if ! [ $(id -u) = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi -if [ "$DIST" = "xenial" ] || \ - [ "$DIST" = "bionic" ] || \ +if [ "$DIST" = "bionic" ] || \ [ "$DIST" = "focal" ]; then echo "OS: $(lsb_release -sd)" echo "Good, this is a supported platform!" @@ -158,12 +157,20 @@ else echo "Sorry, this platform is not supported... exiting" exit fi -#Suggest 18.04 LTS release over 16.04 -if [ "$DIST" = "xenial" ]; then -echo " > $(lsb_release -sc), even when it's compatible and functional. +#Suggest 20.04 LTS release over 18.04 in April 2022 +TODAY=$(date +%s) +NEXT_LTS_DATE=$(date -d 2022-04-01 +%s) + +if [ "$DIST" = "bionic" ]; then + if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then + echo " > $(lsb_release -sc), even when it's compatible and functional. We suggest to use the next (LTS) release, for longer support and security reasons." -read -n 1 -s -r -p "Press any key to continue..."$'\n' + read -n 1 -s -r -p "Press any key to continue..."$'\n' + else + echo "Bionic is supported." + fi fi + #Check system resources echo "Verifying System Resources:" if [ "$(nproc --all)" -lt 4 ];then From 922dbed5e714130e2a0a0be9a186f5c21dcf8877 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 27 Apr 2021 08:36:00 -0500 Subject: [PATCH 18/19] Setup ssh for workaround --- add-jibri-node.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 2ed0dea..00966d7 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -437,7 +437,8 @@ sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N #Workaround for jibri to do cleaning. install -m 0600 -o jibri /home/$NJN_USER/.ssh/id_rsa /home/jibri/jbsync.pem -sudo -u jibri ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts +sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts" +sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts From 6949bdf43393863a4fbf99534436dc770e9d051d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 28 Apr 2021 08:57:23 -0500 Subject: [PATCH 19/19] Remove unused avatar query --- quick_jibri_installer.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 13dd707..7e54b0f 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1004,7 +1004,6 @@ else fi #Static avatar if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then - #wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png cp images/avatar2.png /usr/share/jitsi-meet/images/ sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" $WS_CONF sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" $WS_CONF