commit
4fcaa2a5ee
13
README.md
13
README.md
|
@ -2,23 +2,28 @@
|
|||
Bash installer for Jibri on *buntu LTS based systems
|
||||
|
||||
## Features
|
||||
* Enabled Local (audio) recording using flac
|
||||
* Enabled Session (video) Recording using Jibri
|
||||
* Enabled Jitsi Electron app detection server side.
|
||||
* Standalone SSL Certbot/LE implementation
|
||||
* Option to enable Local audio recording using flac.
|
||||
* Option to enable Secure Rooms
|
||||
* Option to enable Welcome Page
|
||||
* Option to setup UI language
|
||||
* (New) Jigasi Transcript - Speech to Text powered by Google API
|
||||
* Jigasi Transcript - Speech to Text powered by Google API
|
||||
* (New) JRA (Jibri Recordings Access) via Nextcloud
|
||||
* (New) Customized brandless mode
|
||||
* (New) Improved recurring updater
|
||||
|
||||
## Requirements
|
||||
* Valid domain with DNS already set (preferably).
|
||||
* Valid domain with DNS record.
|
||||
* Minimum recommended for video recording: 4 GB RAM / 4 Cores.
|
||||
* Dropbox developer App key & redirect url configured (if you choose to enable Dropbox upload).
|
||||
* Webcam
|
||||
### Jigasi Transcript
|
||||
* SIP account
|
||||
* Google Cloud Account with Billing setup.
|
||||
### Jibri Recodings Access via Nextcloud
|
||||
* Valid domain with DNS record for Nextcloud SSL.
|
||||
|
||||
## Custom changes
|
||||
* Start with video muted by default
|
||||
|
@ -28,4 +33,4 @@ Bash installer for Jibri on *buntu LTS based systems
|
|||
|
||||
Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
|
||||
|
||||
SwITNet Ltd © - 2019, https://switnet.net/
|
||||
SwITNet Ltd © - 2020, https://switnet.net/
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
[
|
||||
{
|
||||
"mount_id": 1,
|
||||
"mount_point": "\/Jitsi Record",
|
||||
"storage": "\\OC\\Files\\Storage\\Local",
|
||||
"authentication_type": "null::null",
|
||||
"configuration": {
|
||||
"datadir": "\/var\/jbrecord"
|
||||
},
|
||||
"options": {
|
||||
"encrypt": true,
|
||||
"previews": true,
|
||||
"enable_sharing": false,
|
||||
"filesystem_check_changes": 1,
|
||||
"encoding_compatibility": false,
|
||||
"readonly": false
|
||||
},
|
||||
"applicable_users": [],
|
||||
"applicable_groups": [
|
||||
"admin"
|
||||
]
|
||||
}
|
||||
]
|
|
@ -0,0 +1,24 @@
|
|||
--- Compiler.php 2020-03-11 08:52:46.000000000 -0600
|
||||
+++ Compiler-fixed.php 2020-04-04 06:56:43.175786008 -0600
|
||||
@@ -5211,10 +5211,10 @@
|
||||
return new Node\Number(strlen($stringContent), '');
|
||||
}
|
||||
|
||||
- protected static $libStrSlice = ['string', 'start-at', 'end-at'];
|
||||
+ protected static $libStrSlice = ['string', 'start-at', 'end-at:-1'];
|
||||
protected function libStrSlice($args)
|
||||
{
|
||||
- if (isset($args[2]) && $args[2][1] == 0) {
|
||||
+ if (isset($args[2]) && ! $args[2][1]) {
|
||||
return static::$nullString;
|
||||
}
|
||||
|
||||
@@ -5227,7 +5227,7 @@
|
||||
$start--;
|
||||
}
|
||||
|
||||
- $end = (int) $args[2][1];
|
||||
+ $end = isset($args[2]) ? (int) $args[2][1] : -1;
|
||||
$length = $end < 0 ? $end + 1 : ($end > 0 ? $end - $start : $end);
|
||||
|
||||
$string[2] = $length
|
Binary file not shown.
After Width: | Height: | Size: 16 KiB |
Binary file not shown.
After Width: | Height: | Size: 326 B |
Binary file not shown.
After Width: | Height: | Size: 169 B |
10
jigasi.sh
10
jigasi.sh
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
# Quick Jigasi Installer - *buntu 16.04 (LTS) based systems.
|
||||
# SwITNet Ltd © - 2019, https://switnet.net/
|
||||
# Quick Jigasi Installer - *buntu (LTS) based systems.
|
||||
# SwITNet Ltd © - 2020, https://switnet.net/
|
||||
# GPLv3 or later.
|
||||
|
||||
##################### Whistlist #######################
|
||||
|
@ -208,8 +208,10 @@ sed -i "/xmpp.acc.ANONYMOUS_AUTH/ s|# ||" $JIG_SIP_PROP
|
|||
|
||||
prosodyctl register transcript auth.$DOMAIN jigasi
|
||||
|
||||
systemctl restart prosody ji*
|
||||
|
||||
systemctl restart prosody \
|
||||
jicofo \
|
||||
jibri* \
|
||||
jitsi-videobridge*
|
||||
echo "
|
||||
To test, you need to enable subtitles beforehand then invite \
|
||||
\"jitsi_meet_transcribe\" to the meeting (no quotes).
|
||||
|
|
|
@ -1,19 +1,24 @@
|
|||
#!/bin/bash
|
||||
# Jitsi Meet upgrade and custom keeper for Debian/*buntu binaries.
|
||||
# 2019 - SwITNet Ltd
|
||||
# Jitsi Meet recurring upgrader and customization keeper
|
||||
# for Debian/*buntu binaries.
|
||||
# 2020 - SwITNet Ltd
|
||||
# GNU GPLv3 or later.
|
||||
|
||||
Blue='\e[0;34m'
|
||||
Purple='\e[0;35m'
|
||||
Green='\e[0;32m'
|
||||
Yellow='\e[0;33m'
|
||||
Color_Off='\e[0m'
|
||||
support="https://switnet.net/support"
|
||||
apt_repo="/etc/apt/sources.list.d"
|
||||
jibri_packages=$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages | sort -u | awk '{print $2}' | paste -s -d ' ')
|
||||
LocRec="on"
|
||||
LOC_REC="TBD"
|
||||
ENABLE_BLESSM="TBD"
|
||||
CHD_LST=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)
|
||||
CHDB=$(whereis chromedriver | awk '{print$2}')
|
||||
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
|
||||
INT_CONF=/usr/share/jitsi-meet/interface_config.js
|
||||
AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)"
|
||||
if [ -f $apt_repo/google-chrome.list ]; then
|
||||
google_package=$(grep Package /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages | sort -u | cut -d ' ' -f2 | paste -s -d ' ')
|
||||
else
|
||||
|
@ -102,12 +107,18 @@ else
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# Any customization, image, name or link change for any purpose should
|
||||
# be documented here so new updates won't remove those changes.
|
||||
# We divide them on UI changes and branding changes, feel free to adapt
|
||||
# to your needs.
|
||||
#
|
||||
# Please keep in mind that fees to support for customization changes
|
||||
# may apply.
|
||||
########################################################################
|
||||
# Keeping changes #
|
||||
# User interface changes #
|
||||
########################################################################
|
||||
printf "${Purple}========== Setting Static Avatar ==========${Color_Off}\n"
|
||||
avatar="$(grep -r avatar /etc/*/sites-*/ 2>/dev/null)"
|
||||
if [[ -z $avatar ]]; then
|
||||
if [[ -z $AVATAR ]]; then
|
||||
echo "Moving on..."
|
||||
else
|
||||
echo "Setting Static Avatar"
|
||||
|
@ -124,7 +135,7 @@ else
|
|||
fi
|
||||
|
||||
printf "${Purple}========== Re-enable Localrecording ==========${Color_Off}\n"
|
||||
if [ $LocRec = on ]; then
|
||||
if [ $LOC_REC = on ]; then
|
||||
echo "Setting LocalRecording..."
|
||||
sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF
|
||||
else
|
||||
|
@ -135,4 +146,12 @@ printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n
|
|||
sed -i "s|'videobackgroundblur', ||" $INT_CONF
|
||||
|
||||
restart_services
|
||||
|
||||
|
||||
########################################################################
|
||||
# Brandless mode #
|
||||
########################################################################
|
||||
if [ $ENABLE_BLESSM = on ]; then
|
||||
bash $PWD/jm-bm.sh
|
||||
fi
|
||||
printf "${Blue}Script completed \o/! ${Color_Off}\n"
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
#!/bin/bash
|
||||
# Jitsi Meet brandless mode
|
||||
# for Debian/*buntu binaries.
|
||||
# 2020 - SwITNet Ltd
|
||||
# GNU GPLv3 or later.
|
||||
|
||||
CSS_FILE="/usr/share/jitsi-meet/css/all.css"
|
||||
TITLE_FILE="/usr/share/jitsi-meet/title.html"
|
||||
INT_CONF="/usr/share/jitsi-meet/interface_config.js"
|
||||
#
|
||||
JM_IMG_PATH="/usr/share/jitsi-meet/images/"
|
||||
WTM2_PATH="$JM_IMG_PATH/watermark2.png"
|
||||
FICON_PATH="$JM_IMG_PATH/favicon2.ico"
|
||||
#
|
||||
APP_NAME="Conferences"
|
||||
PART_USER="Participant"
|
||||
echo '
|
||||
#--------------------------------------------------
|
||||
# Applying Brandless mode
|
||||
#--------------------------------------------------
|
||||
'
|
||||
#Watermark
|
||||
if [ ! -f $WTM2_PATH ]; then
|
||||
cp images/watermark2.png $WTM2_PATH
|
||||
else
|
||||
echo "watermark2 file exists, skipping copying..."
|
||||
fi
|
||||
#Favicon
|
||||
if [ ! -f $FICON_PATH ]; then
|
||||
cp images/favicon2.ico $FICON_PATH
|
||||
else
|
||||
echo "favicon2 file exists, skipping copying..."
|
||||
fi
|
||||
|
||||
#Custom / Remove icons
|
||||
sed -i "s|watermark.png|watermark2.png|g" $CSS_FILE
|
||||
sed -i "s|favicon.ico|favicon2.ico|g" $TITLE_FILE
|
||||
sed -i "s|jitsilogo.png|watermark2.png|g" $TITLE_FILE
|
||||
|
||||
#Disable logo and url
|
||||
sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" $CSS_FILE
|
||||
|
||||
#Customize room title
|
||||
sed -i "s|Jitsi Meet|$APP_NAME|g" $TITLE_FILE
|
||||
sed -i "s| powered by the Jitsi Videobridge||g" $TITLE_FILE
|
||||
sed -i "21,32 s|Jitsi Meet|$APP_NAME|g" $INT_CONF
|
||||
|
||||
#Custom UI changes
|
||||
echo "
|
||||
Please note that brandless mode will also overwrite support links.
|
||||
"
|
||||
sed -i "s|Fellow Jitster|$PART_USER|g" $INT_CONF
|
||||
sed -i "s|LIVE_STREAMING_HELP_LINK: .*|LIVE_STREAMING_HELP_LINK: '#',|g" $INT_CONF
|
||||
sed -i "s|SUPPORT_URL: .*|SUPPORT_URL: '#',|g" $INT_CONF
|
|
@ -0,0 +1,372 @@
|
|||
#!/bin/bash
|
||||
# JRA (Jibri Recordings Access) via Nextcloud
|
||||
# SwITNet Ltd © - 2020, https://switnet.net/
|
||||
# GPLv3 or later.
|
||||
if ! [ $(id -u) = 0 ]; then
|
||||
echo "You need to be root or have sudo privileges!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
clear
|
||||
echo '
|
||||
########################################################################
|
||||
Jibri Recordings Access via Nextcloud
|
||||
########################################################################
|
||||
by Software, IT & Networks Ltd
|
||||
'
|
||||
read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN
|
||||
read -p "Nextcloud user: " -r NC_USER
|
||||
read -p "Nextcloud user password: " -r NC_PASS
|
||||
|
||||
DISTRO_RELEASE=$(lsb_release -sc)
|
||||
PHPVER=7.4
|
||||
MDBVER=10.4
|
||||
PHP_FPM_DIR=/etc/php/$PHPVER/fpm
|
||||
PHP_INI=$PHP_FPM_DIR/php.ini
|
||||
NC_REPO="https://download.nextcloud.com/server/releases"
|
||||
NCVERSION=$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
|
||||
STABLEVERSION="nextcloud-$NCVERSION"
|
||||
NC_PATH="/var/www/nextcloud"
|
||||
NC_CONFIG="$NC_PATH/config/config.php"
|
||||
NC_DB_USER="nextcloud_user"
|
||||
NC_DB="nextcloud_db"
|
||||
NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
|
||||
DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)"
|
||||
|
||||
exit_ifinstalled() {
|
||||
if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
|
||||
echo " This instance already has $1 installed, exiting..."
|
||||
echo " Please report to:
|
||||
-> https://github.com/switnet-ltd/quick-jibri-installer/issues "
|
||||
exit
|
||||
fi
|
||||
}
|
||||
install_ifnot() {
|
||||
if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
|
||||
echo " $1 is installed, skipping..."
|
||||
else
|
||||
echo -e "\n---- Installing $1 ----"
|
||||
apt -yqq install $1
|
||||
fi
|
||||
}
|
||||
add_mariadb() {
|
||||
if [ "$(dpkg-query -W -f='${Status}' "mariadb-server" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
|
||||
echo "MariaDB already installed"
|
||||
else
|
||||
echo "# Adding MariaDB $MDBVER repository"
|
||||
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C74CD1D8
|
||||
echo "deb [arch=amd64] http://ftp.ddg.lth.se/mariadb/repo/$MDBVER/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/mariadb.list
|
||||
apt update -qq
|
||||
fi
|
||||
}
|
||||
add_php74() {
|
||||
if [ "$(dpkg-query -W -f='${Status}' "php$PHPVER-fpm" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
|
||||
echo "PHP $PHPVER already installed"
|
||||
else
|
||||
echo "# Adding PHP $PHPVER Repository"
|
||||
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C
|
||||
echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list
|
||||
apt update -qq
|
||||
fi
|
||||
}
|
||||
|
||||
exit_ifinstalled mariadb-server
|
||||
|
||||
## Install software requirements
|
||||
# MariaDB
|
||||
add_mariadb
|
||||
install_ifnot mariadb-server-$MDBVER
|
||||
|
||||
# PHP 7.4
|
||||
add_php74
|
||||
apt install -y \
|
||||
php$PHPVER-fpm \
|
||||
php$PHPVER-bz2 \
|
||||
php$PHPVER-curl \
|
||||
php$PHPVER-gd \
|
||||
php$PHPVER-gmp \
|
||||
php$PHPVER-intl \
|
||||
php$PHPVER-json \
|
||||
php$PHPVER-ldap \
|
||||
php$PHPVER-mbstring \
|
||||
php$PHPVER-mysql \
|
||||
php$PHPVER-soap \
|
||||
php$PHPVER-xml \
|
||||
php$PHPVER-xmlrpc \
|
||||
php$PHPVER-zip \
|
||||
php-imagick
|
||||
|
||||
#System related
|
||||
install_ifnot smbclient
|
||||
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|;clear_env = no|clear_env = no|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
|
||||
echo "
|
||||
Tunning PHP.ini...
|
||||
"
|
||||
# Change values in php.ini (increase max file size)
|
||||
# max_execution_time
|
||||
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
|
||||
# max_input_time
|
||||
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
|
||||
# memory_limit
|
||||
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
|
||||
# post_max
|
||||
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
|
||||
# upload_max
|
||||
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
|
||||
|
||||
phpenmod opcache
|
||||
{
|
||||
|
||||
echo "# OPcache settings for Nextcloud"
|
||||
echo "opcache.enable=1"
|
||||
echo "opcache.enable_cli=1"
|
||||
echo "opcache.interned_strings_buffer=8"
|
||||
echo "opcache.max_accelerated_files=10000"
|
||||
echo "opcache.memory_consumption=256"
|
||||
echo "opcache.save_comments=1"
|
||||
echo "opcache.revalidate_freq=1"
|
||||
echo "opcache.validate_timestamps=1"
|
||||
} >> "$PHP_INI"
|
||||
|
||||
systemctl restart php$PHPVER-fpm.service
|
||||
|
||||
#--------------------------------------------------
|
||||
# Create MySQL user
|
||||
#--------------------------------------------------
|
||||
|
||||
echo -e "\n---- Creating the MariaDB User ----"
|
||||
|
||||
mysql -u root <<DB
|
||||
CREATE DATABASE nextcloud_db;
|
||||
CREATE USER ${NC_DB_USER}@localhost IDENTIFIED BY '${NC_DB_PASSWD}';
|
||||
GRANT ALL PRIVILEGES ON ${NC_DB}.* TO '${NC_DB_USER}'@'localhost';
|
||||
FLUSH PRIVILEGES;
|
||||
DB
|
||||
echo "Done!
|
||||
"
|
||||
#Tune MariaDB
|
||||
#mysql_secure_installation
|
||||
|
||||
#nginx - configuration
|
||||
cat << NC_NGINX > /etc/nginx/sites-available/$NC_DOMAIN.conf
|
||||
upstream php-handler {
|
||||
#server 127.0.0.1:9000;
|
||||
server unix:/run/php/php${PHPVER}-fpm.sock;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $NC_DOMAIN;
|
||||
# enforce https
|
||||
return 301 https://\$server_name\$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 4444 ssl http2;
|
||||
listen [::]:4444 ssl http2;
|
||||
server_name $NC_DOMAIN;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$NC_DOMAIN/privkey.pem;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
# add_header Strict-Transport-Security "max-age=15552000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Path to the root of your installation
|
||||
root $NC_PATH/;
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 \$scheme://\$host/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 \$scheme://\$host/remote.php/dav;
|
||||
}
|
||||
location ~ /.well-known/acme-challenge {
|
||||
allow all;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 1024M;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Uncomment if your server is built with the ngx_pagespeed module
|
||||
# This module is currently not supported.
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php\$uri;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:\$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)\$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO \$fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
#Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^/(?:updater|ocs-provider)(?:\$|/) {
|
||||
try_files \$uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff|svg|gif)\$ {
|
||||
try_files \$uri /index.php\$uri\$is_args\$args;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)\$ {
|
||||
try_files \$uri /index.php\$uri\$is_args\$args;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
NC_NGINX
|
||||
systemctl stop nginx
|
||||
letsencrypt certonly --standalone --renew-by-default --agree-tos -d $NC_DOMAIN
|
||||
if [ -f /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem ];then
|
||||
ln -s /etc/nginx/sites-available/$NC_DOMAIN.conf /etc/nginx/sites-enabled/
|
||||
else
|
||||
echo "There are issues on getting the SSL certs..."
|
||||
read -n 1 -s -r -p "Press any key to continue"
|
||||
fi
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
echo "
|
||||
Latest version to be installed: $STABLEVERSION
|
||||
"
|
||||
curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/$STABLEVERSION.zip
|
||||
unzip -q /tmp/$STABLEVERSION.zip
|
||||
mv nextcloud $NC_PATH
|
||||
|
||||
chown -R www-data:www-data $NC_PATH
|
||||
chmod -R 755 $NC_PATH
|
||||
|
||||
if $(dpkg --compare-versions "$NCVERSION" "le" "18.0.3"); then
|
||||
echo "
|
||||
-> Patching #425 (scssphp/src/Compiler.php)..."
|
||||
sudo -u www-data patch -d "$NC_PATH/3rdparty/leafo/scssphp/src/" -p0 < $PWD/files/patch_425_3dty.patch
|
||||
fi
|
||||
|
||||
echo "
|
||||
Database installation...
|
||||
"
|
||||
sudo -u www-data php $NC_PATH/occ maintenance:install \
|
||||
--database=mysql \
|
||||
--database-name="$NC_DB" \
|
||||
--database-user="$NC_DB_USER" \
|
||||
--database-pass="$NC_DB_PASSWD" \
|
||||
--admin-user="$NC_USER" \
|
||||
--admin-pass="$NC_PASS"
|
||||
|
||||
echo "
|
||||
Prevent demo data on accounts and custom mods...
|
||||
"
|
||||
sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG
|
||||
sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG
|
||||
sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG
|
||||
sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG
|
||||
|
||||
echo "
|
||||
Addding & Setting up Files External App for Local storage...
|
||||
"
|
||||
sudo -u www-data php $NC_PATH/occ app:install files_external
|
||||
sudo -u www-data php $NC_PATH/occ app:enable files_external
|
||||
sudo -u www-data php $NC_PATH/occ files_external:import $PWD/files/jra-nc-app-ef.json
|
||||
|
||||
usermod -a -G jibri www-data
|
||||
chown -R jibri:www-data $DIR_RECORD
|
||||
chmod -R 770 $DIR_RECORD
|
||||
chmod -R g+s $DIR_RECORD
|
||||
|
||||
echo "
|
||||
Fixing possible missing tables...
|
||||
"
|
||||
echo "y"|sudo -u www-data php $NC_PATH/occ db:convert-filecache-bigint
|
||||
sudo -u www-data php $NC_PATH/occ db:add-missing-indices
|
||||
|
||||
echo "
|
||||
Adding trusted domain...
|
||||
"
|
||||
sudo -u www-data php $NC_PATH/occ config:system:set trusted_domains 0 --value=$NC_DOMAIN
|
||||
|
||||
echo "Quick Nextcloud installation complete!"
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
# Quick Jibri Installer - *buntu 16.04 (LTS) based systems.
|
||||
# SwITNet Ltd © - 2019, https://switnet.net/
|
||||
# Quick Jibri Installer - *buntu (LTS) based systems.
|
||||
# SwITNet Ltd © - 2020, https://switnet.net/
|
||||
# GPLv3 or later.
|
||||
{
|
||||
echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log
|
||||
|
@ -20,7 +20,7 @@ set -x
|
|||
fi
|
||||
|
||||
# SYSTEM SETUP
|
||||
JITSI_UNS_REPO=$(apt-cache policy | grep http | grep jitsi | grep unstable | awk '{print $3}' | head -n 1 | cut -d "/" -f 1)
|
||||
JITSI_STBL_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f 1)
|
||||
CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f 4)
|
||||
APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed")
|
||||
NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")
|
||||
|
@ -30,6 +30,9 @@ GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
|
|||
if [ $DIST = flidas ]; then
|
||||
DIST="xenial"
|
||||
fi
|
||||
if [ $DIST = etiona ]; then
|
||||
DIST="bionic"
|
||||
fi
|
||||
install_ifnot() {
|
||||
if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
|
||||
echo " $1 is installed, skipping..."
|
||||
|
@ -39,14 +42,15 @@ if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" =
|
|||
fi
|
||||
}
|
||||
check_serv() {
|
||||
if [ "$APACHE_2" -eq 1 ] || [ "$NGINX" -eq 1 ]; then
|
||||
if [ "$APACHE_2" -eq 1 ]; then
|
||||
echo "
|
||||
Webserver already installed!
|
||||
The recommended setup is using NGINX, exiting...
|
||||
"
|
||||
elif [ "$APACHE_2" -eq 1 ] && [ "$NGINX" -eq 0 ]; then
|
||||
exit
|
||||
elif [ "$NGINX" -eq 1 ]; then
|
||||
|
||||
echo "
|
||||
Apache webserver already installed!
|
||||
Webserver already installed!
|
||||
"
|
||||
|
||||
else
|
||||
|
@ -60,10 +64,18 @@ check_snd_driver() {
|
|||
modprobe snd-aloop
|
||||
echo "snd-aloop" >> /etc/modules
|
||||
if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then
|
||||
echo "Audio driver seems ok."
|
||||
echo "
|
||||
#--------------------------------------------------
|
||||
# Audio driver seems - OK.
|
||||
#--------------------------------------------------"
|
||||
else
|
||||
echo "Seems to be an issue with your audio driver, please fix this before continue."
|
||||
#exit
|
||||
echo "
|
||||
#--------------------------------------------------
|
||||
# Seems to be an issue with your audio driver,
|
||||
# please review your hw setup.
|
||||
#--------------------------------------------------"
|
||||
read -n 1 -s -r -p "Press any key to continue...
|
||||
"
|
||||
fi
|
||||
}
|
||||
update_certbot() {
|
||||
|
@ -72,8 +84,8 @@ update_certbot() {
|
|||
Cerbot repository already on the system!
|
||||
Checking for updates...
|
||||
"
|
||||
apt -qq update
|
||||
apt -yqq dist-upgrade
|
||||
apt -q2 update
|
||||
apt -yq2 dist-upgrade
|
||||
else
|
||||
echo "
|
||||
Adding cerbot (formerly letsencrypt) PPA repository for latest updates
|
||||
|
@ -91,20 +103,43 @@ echo '
|
|||
Welcome to Jitsi/Jibri Installer
|
||||
########################################################################
|
||||
by Software, IT & Networks Ltd
|
||||
|
||||
Featuring:
|
||||
- Jibri Recording and YouTube Streaming
|
||||
- Jibri Recordings Access via Nextcloud
|
||||
- Jigasi Transcription
|
||||
- Customized brandless mode
|
||||
- Recurring changes updater
|
||||
|
||||
See more at: https://github.com/switnet-ltd/quick-jibri-installer/
|
||||
'
|
||||
read -n 1 -s -r -p "Press any key to continue..."
|
||||
|
||||
#Check if user is root
|
||||
if ! [ $(id -u) = 0 ]; then
|
||||
echo "You need to be root or have sudo privileges!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ "$DIST" = "xenial" ] || [ "$DIST" = "bionic" ]; then
|
||||
echo "OS: $(lsb_release -sd)
|
||||
Good, this is a supported platform!"
|
||||
else
|
||||
echo "OS: $(lsb_release -sd)
|
||||
Sorry, this platform is not supported... exiting"
|
||||
exit
|
||||
fi
|
||||
#Suggest 18.04 LTS release over 16.04
|
||||
if [ "$DIST" = "xenial" ]; then
|
||||
echo "$(lsb_release -sc), even when it's compatible and functional.
|
||||
We suggest to use the next (LTS) release, for longer support and security reasons."
|
||||
read -n 1 -s -r -p "Press any key to continue..."
|
||||
fi
|
||||
# Jitsi-Meet Repo
|
||||
echo "Add Jitsi key"
|
||||
if [ "$JITSI_UNS_REPO" = "unstable" ]; then
|
||||
echo "Jitsi unstable repository already installed"
|
||||
if [ "$JITSI_STBL_REPO" = "stable" ]; then
|
||||
echo "Jitsi stable repository already installed"
|
||||
else
|
||||
echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list
|
||||
echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
|
||||
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
|
||||
fi
|
||||
|
||||
|
@ -112,16 +147,18 @@ fi
|
|||
echo "We'll start by installing system requirements this may take a while please be patient..."
|
||||
apt update -yq2
|
||||
apt dist-upgrade -yq2
|
||||
apt -yqq install \
|
||||
|
||||
apt -y install \
|
||||
bmon \
|
||||
curl \
|
||||
ffmpeg \
|
||||
git \
|
||||
htop \
|
||||
letsencrypt \
|
||||
linux-image-extra-virtual \
|
||||
linux-image-generic-hwe-$(lsb_release -r|awk '{print$2}') \
|
||||
unzip \
|
||||
wget
|
||||
|
||||
check_serv
|
||||
|
||||
echo "
|
||||
|
@ -129,7 +166,7 @@ echo "
|
|||
# Install Jitsi Framework
|
||||
#--------------------------------------------------
|
||||
"
|
||||
apt -yqq install \
|
||||
apt -y install \
|
||||
jitsi-meet \
|
||||
jibri \
|
||||
openjdk-8-jre-headless
|
||||
|
@ -147,7 +184,7 @@ if [ "$(dpkg-query -W -f='${Status}' nodejs 2>/dev/null | grep -c "ok")" == "1"
|
|||
echo "Nodejs is installed, skipping..."
|
||||
else
|
||||
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
|
||||
apt install -yqq nodejs
|
||||
apt install -yq2 nodejs
|
||||
echo "Installing nodejs esprima package..."
|
||||
npm install -g esprima
|
||||
fi
|
||||
|
@ -163,23 +200,25 @@ fi
|
|||
echo "snd-aloop" | tee -a /etc/modules
|
||||
check_snd_driver
|
||||
CHD_VER=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)
|
||||
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
|
||||
|
||||
echo "# Installing Google Chrome / ChromeDriver"
|
||||
if [ -f $GOOGL_REPO ]; then
|
||||
echo "Google repository already set."
|
||||
echo "Google repository already set."
|
||||
else
|
||||
echo "Installing Google Chrome Stable"
|
||||
echo "Installing Google Chrome Stable"
|
||||
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add -
|
||||
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO
|
||||
fi
|
||||
apt -qq update
|
||||
apt install -yqq google-chrome-stable
|
||||
apt install -yq2 google-chrome-stable
|
||||
rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list
|
||||
|
||||
if [ -f /usr/local/bin/chromedriver ]; then
|
||||
echo "Chromedriver already installed."
|
||||
else
|
||||
echo "Installing Chromedriver"
|
||||
wget https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip
|
||||
wget -q https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip
|
||||
unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/
|
||||
chown root:root /usr/local/bin/chromedriver
|
||||
chmod 0755 /usr/local/bin/chromedriver
|
||||
|
@ -192,23 +231,33 @@ Check Google Software Working...
|
|||
/usr/bin/google-chrome --version
|
||||
/usr/local/bin/chromedriver --version | awk '{print$1,$2}'
|
||||
|
||||
echo "
|
||||
Remove Chrome warning...
|
||||
"
|
||||
mkdir -p /etc/opt/chrome/policies/managed
|
||||
echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' >> $GCMP_JSON
|
||||
|
||||
echo '
|
||||
########################################################################
|
||||
Starting Jibri configuration
|
||||
Please Setup Your Instalation
|
||||
########################################################################
|
||||
'
|
||||
# MEET / JIBRI SETUP
|
||||
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
|
||||
JB_AUTH_PASS_FILE=/var/JB_AUTH_PASS.txt
|
||||
JB_REC_PASS_FILE=/var/JB_REC_PASS.txt
|
||||
WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf
|
||||
JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
|
||||
JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
|
||||
PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua
|
||||
PROSODY_SYS=/etc/prosody/prosody.cfg.lua
|
||||
JICOFO_SIP=/etc/jitsi/jicofo/sip-communicator.properties
|
||||
MEET_CONF=/etc/jitsi/meet/$DOMAIN-config.js
|
||||
CONF_JSON=/etc/jitsi/jibri/config.json
|
||||
DIR_RECORD=/tmp/recordings
|
||||
DIR_RECORD=/var/jbrecord
|
||||
REC_DIR=/home/jibri/finalize_recording.sh
|
||||
JB_NAME="Jibri Sessions"
|
||||
LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
|
||||
MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
|
||||
MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua"
|
||||
echo "## Setting up Jitsi Meet language ##
|
||||
You can define your language by using a two letter code (ISO 639-1);
|
||||
English -> en
|
||||
|
@ -219,52 +268,125 @@ You can define your language by using a two letter code (ISO 639-1);
|
|||
Jitsi Meet web interface will be set to use such language (if availabe).
|
||||
"
|
||||
read -p "Please set your language:"$'\n' -r LANG
|
||||
read -p "Jibri internal.auth.$DOMAIN password: "$'\n' -sr JB_AUTH_PASS
|
||||
read -p "Jibri recorder.$DOMAIN password: "$'\n' -sr JB_REC_PASS
|
||||
read -p "Set sysadmin email: "$'\n' -r SYSADMIN_EMAIL
|
||||
#Drop unsecure TLS
|
||||
while [[ $DROP_TLS1 != yes && $DROP_TLS1 != no ]]
|
||||
do
|
||||
read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1
|
||||
if [ $DROP_TLS1 = no ]; then
|
||||
echo "TLSv1.0/1.1 will remain."
|
||||
elif [ $DROP_TLS1 = yes ]; then
|
||||
echo "TLSv1.0/1.1 will be dropped"
|
||||
fi
|
||||
done
|
||||
#Dropbox
|
||||
while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]]
|
||||
do
|
||||
read -p "Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB
|
||||
read -p "> Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB
|
||||
if [ $ENABLE_DB = no ]; then
|
||||
echo "Dropbox won't be enable"
|
||||
elif [ $ENABLE_DB = yes ]; then
|
||||
read -p "Please set your Drobbox App key: "$'\n' -r DB_CID
|
||||
fi
|
||||
done
|
||||
#SSL LE
|
||||
while [[ $ENABLE_SSL != yes && $ENABLE_SSL != no ]]
|
||||
do
|
||||
read -p "Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL
|
||||
read -p "> Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL
|
||||
if [ $ENABLE_SSL = no ]; then
|
||||
echo "Please run letsencrypt.sh manually post-installation."
|
||||
elif [ $ENABLE_SSL = yes ]; then
|
||||
echo "SSL will be enabled."
|
||||
fi
|
||||
done
|
||||
#Brandless Mode
|
||||
while [[ $ENABLE_BLESSM != yes && $ENABLE_BLESSM != no ]]
|
||||
do
|
||||
read -p "> Do you want to install customized \"brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM
|
||||
if [ $ENABLE_BLESSM = no ]; then
|
||||
echo "Brandless mode won't be set."
|
||||
elif [ $ENABLE_BLESSM = yes ]; then
|
||||
echo "Brandless mode will be set."
|
||||
fi
|
||||
done
|
||||
#Jibri Records Access (JRA) via Nextcloud
|
||||
while [[ $ENABLE_NC_ACCESS != yes && $ENABLE_NC_ACCESS != no ]]
|
||||
do
|
||||
read -p "> Do you want to setup Jibri Records Access via Nextcloud: (yes or no)"$'\n' -r ENABLE_NC_ACCESS
|
||||
if [ $ENABLE_NC_ACCESS = no ]; then
|
||||
echo "JRA via Nextcloud won't be enabled."
|
||||
elif [ $ENABLE_NC_ACCESS = yes ]; then
|
||||
echo "JRA via Nextcloud will be enabled."
|
||||
fi
|
||||
done
|
||||
#Jigasi
|
||||
while [[ $ENABLE_TRANSCRIPT != yes && $ENABLE_TRANSCRIPT != no ]]
|
||||
do
|
||||
read -p "Do you want to setup Jigasi Transcription: (yes or no)"$'\n' -r ENABLE_TRANSCRIPT
|
||||
read -p "> Do you want to setup Jigasi Transcription: (yes or no)"$'\n' -r ENABLE_TRANSCRIPT
|
||||
if [ $ENABLE_TRANSCRIPT = no ]; then
|
||||
echo "Jigasi Transcription won't be enabled."
|
||||
elif [ $ENABLE_TRANSCRIPT = yes ]; then
|
||||
echo "Jigasi Transcription will be enabled."
|
||||
fi
|
||||
done
|
||||
|
||||
echo "$JB_AUTH_PASS" > $JB_AUTH_PASS_FILE
|
||||
chmod 600 $JB_AUTH_PASS_FILE
|
||||
echo "$JB_REC_PASS" > $JB_REC_PASS_FILE
|
||||
chmod 600 $JB_REC_PASS_FILE
|
||||
#Enable static avatar
|
||||
while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]]
|
||||
do
|
||||
read -p "> Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA
|
||||
if [ "$ENABLE_SA" = "no" ]; then
|
||||
echo "Static avatar won't be enabled"
|
||||
elif [ "$ENABLE_SA" = "yes" ]; then
|
||||
echo "Static avatar will be enabled"
|
||||
fi
|
||||
done
|
||||
#Enable local audio recording
|
||||
while [[ "$ENABLE_LAR" != "yes" && "$ENABLE_LAR" != "no" ]]
|
||||
do
|
||||
read -p "> Do you want to enable local audio recording option?: (yes or no)"$'\n' -r ENABLE_LAR
|
||||
if [ "$ENABLE_LAR" = "no" ]; then
|
||||
echo "Local audio recording option won't be enabled"
|
||||
elif [ "$ENABLE_LAR" = "yes" ]; then
|
||||
echo "Local audio recording option will be enabled"
|
||||
fi
|
||||
done
|
||||
#Secure room initial user
|
||||
while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]]
|
||||
do
|
||||
read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC
|
||||
if [ "$ENABLE_SC" = "no" ]; then
|
||||
echo "-- Secure rooms won't be enabled."
|
||||
elif [ "$ENABLE_SC" = "yes" ]; then
|
||||
echo "-- Secure rooms will being enabled."
|
||||
read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER
|
||||
read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS
|
||||
fi
|
||||
done
|
||||
#Welcome Page
|
||||
while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]]
|
||||
do
|
||||
read -p "> Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP
|
||||
if [ $ENABLE_WELCP = yes ]; then
|
||||
echo "Welcome page will be disabled."
|
||||
elif [ $ENABLE_WELCP = no ]; then
|
||||
echo "Welcome page will be enabled."
|
||||
fi
|
||||
done
|
||||
#Start configuration
|
||||
echo '
|
||||
########################################################################
|
||||
Start Jitsi Framework configuration
|
||||
########################################################################
|
||||
'
|
||||
JibriBrewery=JibriBrewery
|
||||
INT_CONF=/usr/share/jitsi-meet/interface_config.js
|
||||
INT_CONF="/usr/share/jitsi-meet/interface_config.js"
|
||||
WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com)
|
||||
|
||||
ssl_wa() {
|
||||
service $1 stop
|
||||
systemctl stop $1
|
||||
letsencrypt certonly --standalone --renew-by-default --agree-tos --email $5 -d $6
|
||||
sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" $4
|
||||
sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" $4
|
||||
service $1 restart
|
||||
systemctl restart $1
|
||||
#Add cron
|
||||
crontab -l | { cat; echo "@weekly certbot renew --${2} > $LE_RENEW_LOG 2>&1 || mail -s 'LE SSL Errors' $SYSADMIN_EMAIL < $LE_RENEW_LOG"; } | crontab -
|
||||
crontab -l
|
||||
|
@ -273,9 +395,9 @@ service $1 restart
|
|||
enable_letsencrypt() {
|
||||
if [ "$ENABLE_SSL" = "yes" ]; then
|
||||
echo '
|
||||
########################################################################
|
||||
Starting LetsEncrypt configuration
|
||||
########################################################################
|
||||
#--------------------------------------------------
|
||||
# Starting LetsEncrypt configuration
|
||||
#--------------------------------------------------
|
||||
'
|
||||
#Disabled 'til fixed upstream
|
||||
#bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
|
||||
|
@ -290,9 +412,9 @@ fi
|
|||
check_jibri() {
|
||||
if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
|
||||
then
|
||||
service jibri restart
|
||||
service jibri-icewm restart
|
||||
service jibri-xorg restart
|
||||
systemctl restart jibri
|
||||
systemctl restart jibri-icewm
|
||||
systemctl restart jibri-xorg
|
||||
else
|
||||
echo "Jibri service not installed"
|
||||
fi
|
||||
|
@ -300,9 +422,9 @@ fi
|
|||
|
||||
# Restarting services
|
||||
restart_services() {
|
||||
service jitsi-videobridge restart
|
||||
service jicofo restart
|
||||
service prosody restart
|
||||
systemctl restart jitsi-videobridge*
|
||||
systemctl restart jicofo
|
||||
systemctl restart prosody
|
||||
check_jibri
|
||||
}
|
||||
|
||||
|
@ -330,6 +452,27 @@ VirtualHost "recorder.$DOMAIN"
|
|||
|
||||
REC-JIBRI
|
||||
|
||||
#Fix Jibri conectivity issues
|
||||
sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS
|
||||
sed -i "/c2s_require_encryption = false/a \\
|
||||
\\
|
||||
consider_bosh_secure = true" $PROSODY_SYS
|
||||
|
||||
if [ ! -f $MOD_LIST_FILE ]; then
|
||||
echo "
|
||||
-> Adding external module to list prosody users...
|
||||
"
|
||||
curl -s $MOD_LISTU > $MOD_LIST_FILE
|
||||
|
||||
echo "Now you can check registered users with:
|
||||
prosodyctl mod_listusers
|
||||
"
|
||||
else
|
||||
echo "Prosody support for listing users seems to be enabled.
|
||||
check with: prosodyctl mod_listusers
|
||||
"
|
||||
fi
|
||||
|
||||
### Prosody users
|
||||
prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS
|
||||
prosodyctl register recorder recorder.$DOMAIN $JB_REC_PASS
|
||||
|
@ -361,11 +504,8 @@ sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF
|
|||
fi
|
||||
|
||||
#LocalRecording
|
||||
#No longer necessary thanks to: makeJsonParserHappy
|
||||
if [ $ENABLE_LAR = "yes" ]; then
|
||||
echo "# Enabling local recording (audio only)."
|
||||
#DI_STR=$(grep -n "deploymentInfo:" $MEET_CONF | cut -d ":" -f1)
|
||||
#DI_END=$((DI_STR + 6))
|
||||
#sed -i "$DI_STR,$DI_END{s|}|},|}" $MEET_CONF
|
||||
LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1)
|
||||
LR_END=$((LR_STR + 18))
|
||||
sed -i "$LR_STR,$LR_END{s|// localRecording: {|localRecording: {|}" $MEET_CONF
|
||||
|
@ -374,7 +514,8 @@ sed -i "$LR_STR,$LR_END{s|// format: 'flac'|format: 'flac'|}" $MEET_CONF
|
|||
sed -i "$LR_STR,$LR_END{s|// }|}|}" $MEET_CONF
|
||||
|
||||
sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF
|
||||
#EOLR
|
||||
sed -i "s|LOC_REC=.*|LOC_REC=\"on\"|" jitsi-updater.sh
|
||||
fi
|
||||
|
||||
#Setup main language
|
||||
if [ -z $LANG ] || [ "$LANG" = "en" ]; then
|
||||
|
@ -404,18 +545,25 @@ https://github.com/switnet-ltd/quick-jibri-installer/issues
|
|||
fi
|
||||
|
||||
# Recording directory
|
||||
mkdir $DIR_RECORD
|
||||
chown -R jibri:jibri $DIR_RECORD
|
||||
|
||||
cat << REC_DIR > $REC_DIR
|
||||
#!/bin/bash
|
||||
|
||||
RECORDINGS_DIR=$1
|
||||
RECORDINGS_DIR=$DIR_RECORD
|
||||
|
||||
echo "This is a dummy finalize script" > /tmp/finalize.out
|
||||
echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out
|
||||
echo "You should put any finalize logic (renaming, uploading to a service" >> /tmp/finalize.out
|
||||
echo "or storage provider, etc.) in this script" >> /tmp/finalize.out
|
||||
|
||||
chmod -R 770 \$RECORDINGS_DIR
|
||||
|
||||
exit 0
|
||||
REC_DIR
|
||||
chown jibri:jibri $REC_DIR
|
||||
chmod +x $REC_DIR
|
||||
|
||||
## JSON Config
|
||||
cp $CONF_JSON $CONF_JSON.orig
|
||||
|
@ -427,7 +575,7 @@ cat << CONF_JSON > $CONF_JSON
|
|||
{
|
||||
"name": "$JB_NAME",
|
||||
"xmpp_server_hosts": [
|
||||
"$WAN_IP"
|
||||
"$DOMAIN"
|
||||
],
|
||||
"xmpp_domain": "$DOMAIN",
|
||||
"control_login": {
|
||||
|
@ -446,7 +594,7 @@ cat << CONF_JSON > $CONF_JSON
|
|||
"password": "$JB_REC_PASS"
|
||||
},
|
||||
|
||||
"room_jid_domain_string_to_strip_from_start": "internal.auth",
|
||||
"room_jid_domain_string_to_strip_from_start": "conference.",
|
||||
"usage_timeout": "0"
|
||||
}
|
||||
]
|
||||
|
@ -454,74 +602,46 @@ cat << CONF_JSON > $CONF_JSON
|
|||
CONF_JSON
|
||||
|
||||
#Tune webserver for Jitsi App control
|
||||
if [ -f /etc/apache2/sites-available/$DOMAIN.conf ]; then
|
||||
WS_CONF=/etc/apache2/sites-available/$DOMAIN.conf
|
||||
sed -i '$ d' $WS_CONF
|
||||
cat << NG_APP >> $WS_CONF
|
||||
|
||||
Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js"
|
||||
Alias "/external_api.min.js" "/usr/share/jitsi-meet/libs/external_api.min.js"
|
||||
|
||||
</VirtualHost>
|
||||
NG_APP
|
||||
service apache2 reload
|
||||
elif [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then
|
||||
WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf
|
||||
WS_STR=$(grep -n "external_api.js" $WS_CONF | cut -d ":" -f1)
|
||||
WS_END=$((WS_STR + 2))
|
||||
sed -i "${WS_STR},${WS_END} s|^|#|" $WS_CONF
|
||||
sed -i '$ d' $WS_CONF
|
||||
cat << NG_APP >> $WS_CONF
|
||||
|
||||
location /external_api.min.js {
|
||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
|
||||
location /external_api.js {
|
||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
}
|
||||
NG_APP
|
||||
service nginx reload
|
||||
if [ -f $WS_CONF ]; then
|
||||
sed -i "/Anything that didn't match above/i \\\n" $WS_CONF
|
||||
sed -i "/Anything that didn't match above/i \ \ \ \ location = \/external_api.min.js {" $WS_CONF
|
||||
sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" $WS_CONF
|
||||
sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF
|
||||
sed -i "/Anything that didn't match above/i \\\n" $WS_CONF
|
||||
systemctl reload nginx
|
||||
else
|
||||
echo "No app configuration done to server file, please report to:
|
||||
-> https://github.com/switnet-ltd/quick-jibri-installer/issues"
|
||||
fi
|
||||
|
||||
#Enable static avatar
|
||||
while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]]
|
||||
do
|
||||
read -p "Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA
|
||||
if [ "$ENABLE_SA" = "no" ]; then
|
||||
echo "Static avatar won't be enable"
|
||||
elif [ "$ENABLE_SA" = "yes" ] && [ -f /etc/apache2/sites-available/$DOMAIN.conf ]; then
|
||||
echo "Static avatar are being enable"
|
||||
wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png
|
||||
WS_CONF=/etc/apache2/sites-available/$DOMAIN.conf
|
||||
sed -i "/Alias \"\/external_api.js\"/i \ \ AliasMatch \^\/avatar\/\(.\*\)\\\.png /usr/share/jitsi-meet/images/avatar2.png" $WS_CONF
|
||||
sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF
|
||||
sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF
|
||||
elif [ "$ENABLE_SA" = "yes" ] && [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then
|
||||
wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png
|
||||
WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf
|
||||
sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {\\
|
||||
\
|
||||
\ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;\\
|
||||
\
|
||||
\ \ \ \ }\\
|
||||
#Static avatar
|
||||
if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then
|
||||
#wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png
|
||||
cp images/avatar2.png /usr/share/jitsi-meet/images/
|
||||
sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" $WS_CONF
|
||||
sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" $WS_CONF
|
||||
sed -i "/location \/external_api.min.js/i \ \ \ \ }\\
|
||||
\ " $WS_CONF
|
||||
sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF
|
||||
sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF
|
||||
else
|
||||
echo "No app configuration done to server file, please report to:
|
||||
-> https://github.com/switnet-ltd/quick-jibri-installer/issues"
|
||||
fi
|
||||
done
|
||||
#nginx -tlsv1/1.1
|
||||
if [ $DROP_TLS1 = "yes" ] && [ $DIST = "bionic" ];then
|
||||
echo "Dropping TLSv1/1.1 in favor of v1.3"
|
||||
sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf
|
||||
#sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF
|
||||
elif [ $DROP_TLS1 = "yes" ] && [ ! $DIST = "bionic" ];then
|
||||
echo "Only dropping TLSv1/1.1"
|
||||
sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf
|
||||
#sed -i "s|TLSv1 TLSv1.1||" $WS_CONF
|
||||
else
|
||||
echo "No TLSv1/1.1 dropping was done. Please report to
|
||||
https://github.com/switnet-ltd/quick-jibri-installer/issues "
|
||||
fi
|
||||
|
||||
# Temporary disable "Blur my background" until is stable
|
||||
# Disable "Blur my background" until new notice
|
||||
sed -i "s|'videobackgroundblur', ||" $INT_CONF
|
||||
|
||||
#Enable secure rooms?
|
||||
#Setup secure rooms
|
||||
cat << P_SR >> $PROSODY_FILE
|
||||
VirtualHost "$DOMAIN"
|
||||
authentication = "internal_plain"
|
||||
|
@ -530,24 +650,15 @@ VirtualHost "guest.$DOMAIN"
|
|||
authentication = "anonymous"
|
||||
c2s_require_encryption = false
|
||||
P_SR
|
||||
while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]]
|
||||
do
|
||||
read -p "Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC
|
||||
if [ "$ENABLE_SC" = "no" ]; then
|
||||
echo "Secure rooms won't be enable"
|
||||
elif [ "$ENABLE_SC" = "yes" ]; then
|
||||
echo "Secure rooms are being enable"
|
||||
#Secure room initial user
|
||||
read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER
|
||||
read -p "Secure room moderator password: "$'\n' -sr SEC_ROOM_PASS
|
||||
if [ "$ENABLE_SC" = "yes" ]; then
|
||||
echo "Secure rooms are being enabled..."
|
||||
echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \
|
||||
or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered.
|
||||
If you have issues with the password refer to your sysadmin."
|
||||
sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP
|
||||
prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS
|
||||
fi
|
||||
done
|
||||
|
||||
#Start with video muted by default
|
||||
sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF
|
||||
|
||||
|
@ -555,18 +666,11 @@ sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF
|
|||
sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" $MEET_CONF
|
||||
|
||||
#Disable/enable welcome page
|
||||
while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]]
|
||||
do
|
||||
read -p "Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP
|
||||
if [ $ENABLE_WELCP = yes ]; then
|
||||
echo "Welcome page will be disabled."
|
||||
sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" $MEET_CONF
|
||||
elif [ $ENABLE_WELCP = no ]; then
|
||||
echo "Welcome page will be enabled."
|
||||
sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" $MEET_CONF
|
||||
fi
|
||||
done
|
||||
|
||||
#Set displayname as not required since jibri can't set it up.
|
||||
sed -i "s|// requireDisplayName: true,|requireDisplayName: false,|" $MEET_CONF
|
||||
|
||||
|
@ -579,21 +683,33 @@ restart_services
|
|||
enable_letsencrypt
|
||||
|
||||
#SSL workaround
|
||||
if [ "$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then
|
||||
ssl_wa apache2 apache $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN
|
||||
install_ifnot python3-certbot-apache
|
||||
elif [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then
|
||||
if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then
|
||||
ssl_wa nginx nginx $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN
|
||||
install_ifnot python3-certbot-nginx
|
||||
else
|
||||
echo "No webserver found please report."
|
||||
fi
|
||||
|
||||
#Brandless Mode
|
||||
if [ $ENABLE_BLESSM = yes ]; then
|
||||
echo "Custom brandless mode will be enabled."
|
||||
sed -i "s|ENABLE_BLESSM=.*|ENABLE_BLESSM=\"on\"|" jitsi-updater.sh
|
||||
bash $PWD/jm-bm.sh
|
||||
fi
|
||||
#JRA via Nextcloud
|
||||
if [ $ENABLE_NC_ACCESS = yes ]; then
|
||||
echo "Jigasi Transcription will be enabled."
|
||||
bash $PWD/jra_nextcloud.sh
|
||||
fi
|
||||
#Jigasi Transcript
|
||||
if [ $ENABLE_TRANSCRIPT = yes ]; then
|
||||
echo "Jigasi Transcription will be enabled."
|
||||
bash $PWD/jigasi.sh
|
||||
fi
|
||||
|
||||
#Prevent Jibri conecction issue
|
||||
sed -i "/127.0.0.1/a \\
|
||||
127.0.0.1 $DOMAIN" /etc/hosts
|
||||
|
||||
echo "
|
||||
########################################################################
|
||||
Installation complete!!
|
||||
|
|
Loading…
Reference in New Issue