Merge pull request #2 from switnet-ltd/stable-branch

Stable branch
This commit is contained in:
Luis Guzman 2020-04-11 14:22:26 -05:00 committed by GitHub
commit 4fcaa2a5ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 768 additions and 153 deletions

View File

@ -2,23 +2,28 @@
Bash installer for Jibri on *buntu LTS based systems Bash installer for Jibri on *buntu LTS based systems
## Features ## Features
* Enabled Local (audio) recording using flac
* Enabled Session (video) Recording using Jibri * Enabled Session (video) Recording using Jibri
* Enabled Jitsi Electron app detection server side. * Enabled Jitsi Electron app detection server side.
* Standalone SSL Certbot/LE implementation * Standalone SSL Certbot/LE implementation
* Option to enable Local audio recording using flac.
* Option to enable Secure Rooms * Option to enable Secure Rooms
* Option to enable Welcome Page * Option to enable Welcome Page
* Option to setup UI language * Option to setup UI language
* (New) Jigasi Transcript - Speech to Text powered by Google API * Jigasi Transcript - Speech to Text powered by Google API
* (New) JRA (Jibri Recordings Access) via Nextcloud
* (New) Customized brandless mode
* (New) Improved recurring updater
## Requirements ## Requirements
* Valid domain with DNS already set (preferably). * Valid domain with DNS record.
* Minimum recommended for video recording: 4 GB RAM / 4 Cores. * Minimum recommended for video recording: 4 GB RAM / 4 Cores.
* Dropbox developer App key & redirect url configured (if you choose to enable Dropbox upload). * Dropbox developer App key & redirect url configured (if you choose to enable Dropbox upload).
* Webcam * Webcam
### Jigasi Transcript ### Jigasi Transcript
* SIP account * SIP account
* Google Cloud Account with Billing setup. * Google Cloud Account with Billing setup.
### Jibri Recodings Access via Nextcloud
* Valid domain with DNS record for Nextcloud SSL.
## Custom changes ## Custom changes
* Start with video muted by default * Start with video muted by default
@ -28,4 +33,4 @@ Bash installer for Jibri on *buntu LTS based systems
Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
SwITNet Ltd © - 2019, https://switnet.net/ SwITNet Ltd © - 2020, https://switnet.net/

23
files/jra-nc-app-ef.json Normal file
View File

@ -0,0 +1,23 @@
[
{
"mount_id": 1,
"mount_point": "\/Jitsi Record",
"storage": "\\OC\\Files\\Storage\\Local",
"authentication_type": "null::null",
"configuration": {
"datadir": "\/var\/jbrecord"
},
"options": {
"encrypt": true,
"previews": true,
"enable_sharing": false,
"filesystem_check_changes": 1,
"encoding_compatibility": false,
"readonly": false
},
"applicable_users": [],
"applicable_groups": [
"admin"
]
}
]

View File

@ -0,0 +1,24 @@
--- Compiler.php 2020-03-11 08:52:46.000000000 -0600
+++ Compiler-fixed.php 2020-04-04 06:56:43.175786008 -0600
@@ -5211,10 +5211,10 @@
return new Node\Number(strlen($stringContent), '');
}
- protected static $libStrSlice = ['string', 'start-at', 'end-at'];
+ protected static $libStrSlice = ['string', 'start-at', 'end-at:-1'];
protected function libStrSlice($args)
{
- if (isset($args[2]) && $args[2][1] == 0) {
+ if (isset($args[2]) && ! $args[2][1]) {
return static::$nullString;
}
@@ -5227,7 +5227,7 @@
$start--;
}
- $end = (int) $args[2][1];
+ $end = isset($args[2]) ? (int) $args[2][1] : -1;
$length = $end < 0 ? $end + 1 : ($end > 0 ? $end - $start : $end);
$string[2] = $length

BIN
images/avatar2.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 16 KiB

BIN
images/favicon2.ico Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 326 B

BIN
images/watermark2.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 169 B

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Quick Jigasi Installer - *buntu 16.04 (LTS) based systems. # Quick Jigasi Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2019, https://switnet.net/ # SwITNet Ltd © - 2020, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
##################### Whistlist ####################### ##################### Whistlist #######################
@ -208,8 +208,10 @@ sed -i "/xmpp.acc.ANONYMOUS_AUTH/ s|# ||" $JIG_SIP_PROP
prosodyctl register transcript auth.$DOMAIN jigasi prosodyctl register transcript auth.$DOMAIN jigasi
systemctl restart prosody ji* systemctl restart prosody \
jicofo \
jibri* \
jitsi-videobridge*
echo " echo "
To test, you need to enable subtitles beforehand then invite \ To test, you need to enable subtitles beforehand then invite \
\"jitsi_meet_transcribe\" to the meeting (no quotes). \"jitsi_meet_transcribe\" to the meeting (no quotes).

View File

@ -1,19 +1,24 @@
#!/bin/bash #!/bin/bash
# Jitsi Meet upgrade and custom keeper for Debian/*buntu binaries. # Jitsi Meet recurring upgrader and customization keeper
# 2019 - SwITNet Ltd # for Debian/*buntu binaries.
# 2020 - SwITNet Ltd
# GNU GPLv3 or later. # GNU GPLv3 or later.
Blue='\e[0;34m' Blue='\e[0;34m'
Purple='\e[0;35m' Purple='\e[0;35m'
Green='\e[0;32m'
Yellow='\e[0;33m'
Color_Off='\e[0m' Color_Off='\e[0m'
support="https://switnet.net/support" support="https://switnet.net/support"
apt_repo="/etc/apt/sources.list.d" apt_repo="/etc/apt/sources.list.d"
jibri_packages=$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages | sort -u | awk '{print $2}' | paste -s -d ' ') jibri_packages=$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages | sort -u | awk '{print $2}' | paste -s -d ' ')
LocRec="on" LOC_REC="TBD"
ENABLE_BLESSM="TBD"
CHD_LST=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE) CHD_LST=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)
CHDB=$(whereis chromedriver | awk '{print$2}') CHDB=$(whereis chromedriver | awk '{print$2}')
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
INT_CONF=/usr/share/jitsi-meet/interface_config.js INT_CONF=/usr/share/jitsi-meet/interface_config.js
AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)"
if [ -f $apt_repo/google-chrome.list ]; then if [ -f $apt_repo/google-chrome.list ]; then
google_package=$(grep Package /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages | sort -u | cut -d ' ' -f2 | paste -s -d ' ') google_package=$(grep Package /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages | sort -u | cut -d ' ' -f2 | paste -s -d ' ')
else else
@ -102,12 +107,18 @@ else
exit 1 exit 1
fi fi
# Any customization, image, name or link change for any purpose should
# be documented here so new updates won't remove those changes.
# We divide them on UI changes and branding changes, feel free to adapt
# to your needs.
#
# Please keep in mind that fees to support for customization changes
# may apply.
######################################################################## ########################################################################
# Keeping changes # # User interface changes #
######################################################################## ########################################################################
printf "${Purple}========== Setting Static Avatar ==========${Color_Off}\n" printf "${Purple}========== Setting Static Avatar ==========${Color_Off}\n"
avatar="$(grep -r avatar /etc/*/sites-*/ 2>/dev/null)" if [[ -z $AVATAR ]]; then
if [[ -z $avatar ]]; then
echo "Moving on..." echo "Moving on..."
else else
echo "Setting Static Avatar" echo "Setting Static Avatar"
@ -124,7 +135,7 @@ else
fi fi
printf "${Purple}========== Re-enable Localrecording ==========${Color_Off}\n" printf "${Purple}========== Re-enable Localrecording ==========${Color_Off}\n"
if [ $LocRec = on ]; then if [ $LOC_REC = on ]; then
echo "Setting LocalRecording..." echo "Setting LocalRecording..."
sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF
else else
@ -135,4 +146,12 @@ printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n
sed -i "s|'videobackgroundblur', ||" $INT_CONF sed -i "s|'videobackgroundblur', ||" $INT_CONF
restart_services restart_services
########################################################################
# Brandless mode #
########################################################################
if [ $ENABLE_BLESSM = on ]; then
bash $PWD/jm-bm.sh
fi
printf "${Blue}Script completed \o/! ${Color_Off}\n" printf "${Blue}Script completed \o/! ${Color_Off}\n"

54
jm-bm.sh Normal file
View File

@ -0,0 +1,54 @@
#!/bin/bash
# Jitsi Meet brandless mode
# for Debian/*buntu binaries.
# 2020 - SwITNet Ltd
# GNU GPLv3 or later.
CSS_FILE="/usr/share/jitsi-meet/css/all.css"
TITLE_FILE="/usr/share/jitsi-meet/title.html"
INT_CONF="/usr/share/jitsi-meet/interface_config.js"
#
JM_IMG_PATH="/usr/share/jitsi-meet/images/"
WTM2_PATH="$JM_IMG_PATH/watermark2.png"
FICON_PATH="$JM_IMG_PATH/favicon2.ico"
#
APP_NAME="Conferences"
PART_USER="Participant"
echo '
#--------------------------------------------------
# Applying Brandless mode
#--------------------------------------------------
'
#Watermark
if [ ! -f $WTM2_PATH ]; then
cp images/watermark2.png $WTM2_PATH
else
echo "watermark2 file exists, skipping copying..."
fi
#Favicon
if [ ! -f $FICON_PATH ]; then
cp images/favicon2.ico $FICON_PATH
else
echo "favicon2 file exists, skipping copying..."
fi
#Custom / Remove icons
sed -i "s|watermark.png|watermark2.png|g" $CSS_FILE
sed -i "s|favicon.ico|favicon2.ico|g" $TITLE_FILE
sed -i "s|jitsilogo.png|watermark2.png|g" $TITLE_FILE
#Disable logo and url
sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" $CSS_FILE
#Customize room title
sed -i "s|Jitsi Meet|$APP_NAME|g" $TITLE_FILE
sed -i "s| powered by the Jitsi Videobridge||g" $TITLE_FILE
sed -i "21,32 s|Jitsi Meet|$APP_NAME|g" $INT_CONF
#Custom UI changes
echo "
Please note that brandless mode will also overwrite support links.
"
sed -i "s|Fellow Jitster|$PART_USER|g" $INT_CONF
sed -i "s|LIVE_STREAMING_HELP_LINK: .*|LIVE_STREAMING_HELP_LINK: '#',|g" $INT_CONF
sed -i "s|SUPPORT_URL: .*|SUPPORT_URL: '#',|g" $INT_CONF

372
jra_nextcloud.sh Normal file
View File

@ -0,0 +1,372 @@
#!/bin/bash
# JRA (Jibri Recordings Access) via Nextcloud
# SwITNet Ltd © - 2020, https://switnet.net/
# GPLv3 or later.
if ! [ $(id -u) = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
clear
echo '
########################################################################
Jibri Recordings Access via Nextcloud
########################################################################
by Software, IT & Networks Ltd
'
read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN
read -p "Nextcloud user: " -r NC_USER
read -p "Nextcloud user password: " -r NC_PASS
DISTRO_RELEASE=$(lsb_release -sc)
PHPVER=7.4
MDBVER=10.4
PHP_FPM_DIR=/etc/php/$PHPVER/fpm
PHP_INI=$PHP_FPM_DIR/php.ini
NC_REPO="https://download.nextcloud.com/server/releases"
NCVERSION=$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
STABLEVERSION="nextcloud-$NCVERSION"
NC_PATH="/var/www/nextcloud"
NC_CONFIG="$NC_PATH/config/config.php"
NC_DB_USER="nextcloud_user"
NC_DB="nextcloud_db"
NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)"
exit_ifinstalled() {
if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " This instance already has $1 installed, exiting..."
echo " Please report to:
-> https://github.com/switnet-ltd/quick-jibri-installer/issues "
exit
fi
}
install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " $1 is installed, skipping..."
else
echo -e "\n---- Installing $1 ----"
apt -yqq install $1
fi
}
add_mariadb() {
if [ "$(dpkg-query -W -f='${Status}' "mariadb-server" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo "MariaDB already installed"
else
echo "# Adding MariaDB $MDBVER repository"
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C74CD1D8
echo "deb [arch=amd64] http://ftp.ddg.lth.se/mariadb/repo/$MDBVER/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/mariadb.list
apt update -qq
fi
}
add_php74() {
if [ "$(dpkg-query -W -f='${Status}' "php$PHPVER-fpm" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo "PHP $PHPVER already installed"
else
echo "# Adding PHP $PHPVER Repository"
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C
echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list
apt update -qq
fi
}
exit_ifinstalled mariadb-server
## Install software requirements
# MariaDB
add_mariadb
install_ifnot mariadb-server-$MDBVER
# PHP 7.4
add_php74
apt install -y \
php$PHPVER-fpm \
php$PHPVER-bz2 \
php$PHPVER-curl \
php$PHPVER-gd \
php$PHPVER-gmp \
php$PHPVER-intl \
php$PHPVER-json \
php$PHPVER-ldap \
php$PHPVER-mbstring \
php$PHPVER-mysql \
php$PHPVER-soap \
php$PHPVER-xml \
php$PHPVER-xmlrpc \
php$PHPVER-zip \
php-imagick
#System related
install_ifnot smbclient
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" /etc/php/$PHPVER/fpm/pool.d/www.conf
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" /etc/php/$PHPVER/fpm/pool.d/www.conf
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
sed -i "s|;clear_env = no|clear_env = no|" /etc/php/$PHPVER/fpm/pool.d/www.conf
echo "
Tunning PHP.ini...
"
# Change values in php.ini (increase max file size)
# max_execution_time
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
# max_input_time
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
# memory_limit
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
# post_max
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
# upload_max
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
phpenmod opcache
{
echo "# OPcache settings for Nextcloud"
echo "opcache.enable=1"
echo "opcache.enable_cli=1"
echo "opcache.interned_strings_buffer=8"
echo "opcache.max_accelerated_files=10000"
echo "opcache.memory_consumption=256"
echo "opcache.save_comments=1"
echo "opcache.revalidate_freq=1"
echo "opcache.validate_timestamps=1"
} >> "$PHP_INI"
systemctl restart php$PHPVER-fpm.service
#--------------------------------------------------
# Create MySQL user
#--------------------------------------------------
echo -e "\n---- Creating the MariaDB User ----"
mysql -u root <<DB
CREATE DATABASE nextcloud_db;
CREATE USER ${NC_DB_USER}@localhost IDENTIFIED BY '${NC_DB_PASSWD}';
GRANT ALL PRIVILEGES ON ${NC_DB}.* TO '${NC_DB_USER}'@'localhost';
FLUSH PRIVILEGES;
DB
echo "Done!
"
#Tune MariaDB
#mysql_secure_installation
#nginx - configuration
cat << NC_NGINX > /etc/nginx/sites-available/$NC_DOMAIN.conf
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php${PHPVER}-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name $NC_DOMAIN;
# enforce https
return 301 https://\$server_name\$request_uri;
}
server {
listen 4444 ssl http2;
listen [::]:4444 ssl http2;
server_name $NC_DOMAIN;
ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$NC_DOMAIN/privkey.pem;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15552000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Path to the root of your installation
root $NC_PATH/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 \$scheme://\$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 \$scheme://\$host/remote.php/dav;
}
location ~ /.well-known/acme-challenge {
allow all;
}
# set max upload size
client_max_body_size 1024M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is built with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php\$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:\$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)\$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param PATH_INFO \$fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:\$|/) {
try_files \$uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)\$ {
try_files \$uri /index.php\$uri\$is_args\$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)\$ {
try_files \$uri /index.php\$uri\$is_args\$args;
# Optional: Don't log access to other assets
access_log off;
}
}
NC_NGINX
systemctl stop nginx
letsencrypt certonly --standalone --renew-by-default --agree-tos -d $NC_DOMAIN
if [ -f /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem ];then
ln -s /etc/nginx/sites-available/$NC_DOMAIN.conf /etc/nginx/sites-enabled/
else
echo "There are issues on getting the SSL certs..."
read -n 1 -s -r -p "Press any key to continue"
fi
nginx -t
systemctl restart nginx
echo "
Latest version to be installed: $STABLEVERSION
"
curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/$STABLEVERSION.zip
unzip -q /tmp/$STABLEVERSION.zip
mv nextcloud $NC_PATH
chown -R www-data:www-data $NC_PATH
chmod -R 755 $NC_PATH
if $(dpkg --compare-versions "$NCVERSION" "le" "18.0.3"); then
echo "
-> Patching #425 (scssphp/src/Compiler.php)..."
sudo -u www-data patch -d "$NC_PATH/3rdparty/leafo/scssphp/src/" -p0 < $PWD/files/patch_425_3dty.patch
fi
echo "
Database installation...
"
sudo -u www-data php $NC_PATH/occ maintenance:install \
--database=mysql \
--database-name="$NC_DB" \
--database-user="$NC_DB_USER" \
--database-pass="$NC_DB_PASSWD" \
--admin-user="$NC_USER" \
--admin-pass="$NC_PASS"
echo "
Prevent demo data on accounts and custom mods...
"
sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG
sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG
sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG
sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG
echo "
Addding & Setting up Files External App for Local storage...
"
sudo -u www-data php $NC_PATH/occ app:install files_external
sudo -u www-data php $NC_PATH/occ app:enable files_external
sudo -u www-data php $NC_PATH/occ files_external:import $PWD/files/jra-nc-app-ef.json
usermod -a -G jibri www-data
chown -R jibri:www-data $DIR_RECORD
chmod -R 770 $DIR_RECORD
chmod -R g+s $DIR_RECORD
echo "
Fixing possible missing tables...
"
echo "y"|sudo -u www-data php $NC_PATH/occ db:convert-filecache-bigint
sudo -u www-data php $NC_PATH/occ db:add-missing-indices
echo "
Adding trusted domain...
"
sudo -u www-data php $NC_PATH/occ config:system:set trusted_domains 0 --value=$NC_DOMAIN
echo "Quick Nextcloud installation complete!"

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Quick Jibri Installer - *buntu 16.04 (LTS) based systems. # Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2019, https://switnet.net/ # SwITNet Ltd © - 2020, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
{ {
echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log
@ -20,7 +20,7 @@ set -x
fi fi
# SYSTEM SETUP # SYSTEM SETUP
JITSI_UNS_REPO=$(apt-cache policy | grep http | grep jitsi | grep unstable | awk '{print $3}' | head -n 1 | cut -d "/" -f 1) JITSI_STBL_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f 1)
CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f 4) CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f 4)
APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed")
NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")
@ -30,6 +30,9 @@ GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
if [ $DIST = flidas ]; then if [ $DIST = flidas ]; then
DIST="xenial" DIST="xenial"
fi fi
if [ $DIST = etiona ]; then
DIST="bionic"
fi
install_ifnot() { install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " $1 is installed, skipping..." echo " $1 is installed, skipping..."
@ -39,14 +42,15 @@ if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" =
fi fi
} }
check_serv() { check_serv() {
if [ "$APACHE_2" -eq 1 ] || [ "$NGINX" -eq 1 ]; then if [ "$APACHE_2" -eq 1 ]; then
echo " echo "
Webserver already installed! The recommended setup is using NGINX, exiting...
" "
elif [ "$APACHE_2" -eq 1 ] && [ "$NGINX" -eq 0 ]; then exit
elif [ "$NGINX" -eq 1 ]; then
echo " echo "
Apache webserver already installed! Webserver already installed!
" "
else else
@ -60,10 +64,18 @@ check_snd_driver() {
modprobe snd-aloop modprobe snd-aloop
echo "snd-aloop" >> /etc/modules echo "snd-aloop" >> /etc/modules
if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then
echo "Audio driver seems ok." echo "
#--------------------------------------------------
# Audio driver seems - OK.
#--------------------------------------------------"
else else
echo "Seems to be an issue with your audio driver, please fix this before continue." echo "
#exit #--------------------------------------------------
# Seems to be an issue with your audio driver,
# please review your hw setup.
#--------------------------------------------------"
read -n 1 -s -r -p "Press any key to continue...
"
fi fi
} }
update_certbot() { update_certbot() {
@ -72,8 +84,8 @@ update_certbot() {
Cerbot repository already on the system! Cerbot repository already on the system!
Checking for updates... Checking for updates...
" "
apt -qq update apt -q2 update
apt -yqq dist-upgrade apt -yq2 dist-upgrade
else else
echo " echo "
Adding cerbot (formerly letsencrypt) PPA repository for latest updates Adding cerbot (formerly letsencrypt) PPA repository for latest updates
@ -91,20 +103,43 @@ echo '
Welcome to Jitsi/Jibri Installer Welcome to Jitsi/Jibri Installer
######################################################################## ########################################################################
by Software, IT & Networks Ltd by Software, IT & Networks Ltd
Featuring:
- Jibri Recording and YouTube Streaming
- Jibri Recordings Access via Nextcloud
- Jigasi Transcription
- Customized brandless mode
- Recurring changes updater
See more at: https://github.com/switnet-ltd/quick-jibri-installer/
' '
read -n 1 -s -r -p "Press any key to continue..."
#Check if user is root #Check if user is root
if ! [ $(id -u) = 0 ]; then if ! [ $(id -u) = 0 ]; then
echo "You need to be root or have sudo privileges!" echo "You need to be root or have sudo privileges!"
exit 0 exit 0
fi fi
if [ "$DIST" = "xenial" ] || [ "$DIST" = "bionic" ]; then
echo "OS: $(lsb_release -sd)
Good, this is a supported platform!"
else
echo "OS: $(lsb_release -sd)
Sorry, this platform is not supported... exiting"
exit
fi
#Suggest 18.04 LTS release over 16.04
if [ "$DIST" = "xenial" ]; then
echo "$(lsb_release -sc), even when it's compatible and functional.
We suggest to use the next (LTS) release, for longer support and security reasons."
read -n 1 -s -r -p "Press any key to continue..."
fi
# Jitsi-Meet Repo # Jitsi-Meet Repo
echo "Add Jitsi key" echo "Add Jitsi key"
if [ "$JITSI_UNS_REPO" = "unstable" ]; then if [ "$JITSI_STBL_REPO" = "stable" ]; then
echo "Jitsi unstable repository already installed" echo "Jitsi stable repository already installed"
else else
echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
fi fi
@ -112,16 +147,18 @@ fi
echo "We'll start by installing system requirements this may take a while please be patient..." echo "We'll start by installing system requirements this may take a while please be patient..."
apt update -yq2 apt update -yq2
apt dist-upgrade -yq2 apt dist-upgrade -yq2
apt -yqq install \
apt -y install \
bmon \ bmon \
curl \ curl \
ffmpeg \ ffmpeg \
git \ git \
htop \ htop \
letsencrypt \ letsencrypt \
linux-image-extra-virtual \ linux-image-generic-hwe-$(lsb_release -r|awk '{print$2}') \
unzip \ unzip \
wget wget
check_serv check_serv
echo " echo "
@ -129,7 +166,7 @@ echo "
# Install Jitsi Framework # Install Jitsi Framework
#-------------------------------------------------- #--------------------------------------------------
" "
apt -yqq install \ apt -y install \
jitsi-meet \ jitsi-meet \
jibri \ jibri \
openjdk-8-jre-headless openjdk-8-jre-headless
@ -147,7 +184,7 @@ if [ "$(dpkg-query -W -f='${Status}' nodejs 2>/dev/null | grep -c "ok")" == "1"
echo "Nodejs is installed, skipping..." echo "Nodejs is installed, skipping..."
else else
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
apt install -yqq nodejs apt install -yq2 nodejs
echo "Installing nodejs esprima package..." echo "Installing nodejs esprima package..."
npm install -g esprima npm install -g esprima
fi fi
@ -163,6 +200,8 @@ fi
echo "snd-aloop" | tee -a /etc/modules echo "snd-aloop" | tee -a /etc/modules
check_snd_driver check_snd_driver
CHD_VER=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE) CHD_VER=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
echo "# Installing Google Chrome / ChromeDriver" echo "# Installing Google Chrome / ChromeDriver"
if [ -f $GOOGL_REPO ]; then if [ -f $GOOGL_REPO ]; then
echo "Google repository already set." echo "Google repository already set."
@ -172,14 +211,14 @@ echo "Installing Google Chrome Stable"
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO
fi fi
apt -qq update apt -qq update
apt install -yqq google-chrome-stable apt install -yq2 google-chrome-stable
rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list
if [ -f /usr/local/bin/chromedriver ]; then if [ -f /usr/local/bin/chromedriver ]; then
echo "Chromedriver already installed." echo "Chromedriver already installed."
else else
echo "Installing Chromedriver" echo "Installing Chromedriver"
wget https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip wget -q https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip
unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/ unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/
chown root:root /usr/local/bin/chromedriver chown root:root /usr/local/bin/chromedriver
chmod 0755 /usr/local/bin/chromedriver chmod 0755 /usr/local/bin/chromedriver
@ -192,23 +231,33 @@ Check Google Software Working...
/usr/bin/google-chrome --version /usr/bin/google-chrome --version
/usr/local/bin/chromedriver --version | awk '{print$1,$2}' /usr/local/bin/chromedriver --version | awk '{print$1,$2}'
echo "
Remove Chrome warning...
"
mkdir -p /etc/opt/chrome/policies/managed
echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' >> $GCMP_JSON
echo ' echo '
######################################################################## ########################################################################
Starting Jibri configuration Please Setup Your Instalation
######################################################################## ########################################################################
' '
# MEET / JIBRI SETUP # MEET / JIBRI SETUP
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
JB_AUTH_PASS_FILE=/var/JB_AUTH_PASS.txt WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf
JB_REC_PASS_FILE=/var/JB_REC_PASS.txt JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua
PROSODY_SYS=/etc/prosody/prosody.cfg.lua
JICOFO_SIP=/etc/jitsi/jicofo/sip-communicator.properties JICOFO_SIP=/etc/jitsi/jicofo/sip-communicator.properties
MEET_CONF=/etc/jitsi/meet/$DOMAIN-config.js MEET_CONF=/etc/jitsi/meet/$DOMAIN-config.js
CONF_JSON=/etc/jitsi/jibri/config.json CONF_JSON=/etc/jitsi/jibri/config.json
DIR_RECORD=/tmp/recordings DIR_RECORD=/var/jbrecord
REC_DIR=/home/jibri/finalize_recording.sh REC_DIR=/home/jibri/finalize_recording.sh
JB_NAME="Jibri Sessions" JB_NAME="Jibri Sessions"
LE_RENEW_LOG="/var/log/letsencrypt/renew.log" LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua"
echo "## Setting up Jitsi Meet language ## echo "## Setting up Jitsi Meet language ##
You can define your language by using a two letter code (ISO 639-1); You can define your language by using a two letter code (ISO 639-1);
English -> en English -> en
@ -219,52 +268,125 @@ You can define your language by using a two letter code (ISO 639-1);
Jitsi Meet web interface will be set to use such language (if availabe). Jitsi Meet web interface will be set to use such language (if availabe).
" "
read -p "Please set your language:"$'\n' -r LANG read -p "Please set your language:"$'\n' -r LANG
read -p "Jibri internal.auth.$DOMAIN password: "$'\n' -sr JB_AUTH_PASS
read -p "Jibri recorder.$DOMAIN password: "$'\n' -sr JB_REC_PASS
read -p "Set sysadmin email: "$'\n' -r SYSADMIN_EMAIL read -p "Set sysadmin email: "$'\n' -r SYSADMIN_EMAIL
#Drop unsecure TLS
while [[ $DROP_TLS1 != yes && $DROP_TLS1 != no ]]
do
read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1
if [ $DROP_TLS1 = no ]; then
echo "TLSv1.0/1.1 will remain."
elif [ $DROP_TLS1 = yes ]; then
echo "TLSv1.0/1.1 will be dropped"
fi
done
#Dropbox
while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]] while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]]
do do
read -p "Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB read -p "> Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB
if [ $ENABLE_DB = no ]; then if [ $ENABLE_DB = no ]; then
echo "Dropbox won't be enable" echo "Dropbox won't be enable"
elif [ $ENABLE_DB = yes ]; then elif [ $ENABLE_DB = yes ]; then
read -p "Please set your Drobbox App key: "$'\n' -r DB_CID read -p "Please set your Drobbox App key: "$'\n' -r DB_CID
fi fi
done done
#SSL LE
while [[ $ENABLE_SSL != yes && $ENABLE_SSL != no ]] while [[ $ENABLE_SSL != yes && $ENABLE_SSL != no ]]
do do
read -p "Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL read -p "> Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL
if [ $ENABLE_SSL = no ]; then if [ $ENABLE_SSL = no ]; then
echo "Please run letsencrypt.sh manually post-installation." echo "Please run letsencrypt.sh manually post-installation."
elif [ $ENABLE_SSL = yes ]; then elif [ $ENABLE_SSL = yes ]; then
echo "SSL will be enabled." echo "SSL will be enabled."
fi fi
done done
#Brandless Mode
while [[ $ENABLE_BLESSM != yes && $ENABLE_BLESSM != no ]]
do
read -p "> Do you want to install customized \"brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM
if [ $ENABLE_BLESSM = no ]; then
echo "Brandless mode won't be set."
elif [ $ENABLE_BLESSM = yes ]; then
echo "Brandless mode will be set."
fi
done
#Jibri Records Access (JRA) via Nextcloud
while [[ $ENABLE_NC_ACCESS != yes && $ENABLE_NC_ACCESS != no ]]
do
read -p "> Do you want to setup Jibri Records Access via Nextcloud: (yes or no)"$'\n' -r ENABLE_NC_ACCESS
if [ $ENABLE_NC_ACCESS = no ]; then
echo "JRA via Nextcloud won't be enabled."
elif [ $ENABLE_NC_ACCESS = yes ]; then
echo "JRA via Nextcloud will be enabled."
fi
done
#Jigasi #Jigasi
while [[ $ENABLE_TRANSCRIPT != yes && $ENABLE_TRANSCRIPT != no ]] while [[ $ENABLE_TRANSCRIPT != yes && $ENABLE_TRANSCRIPT != no ]]
do do
read -p "Do you want to setup Jigasi Transcription: (yes or no)"$'\n' -r ENABLE_TRANSCRIPT read -p "> Do you want to setup Jigasi Transcription: (yes or no)"$'\n' -r ENABLE_TRANSCRIPT
if [ $ENABLE_TRANSCRIPT = no ]; then if [ $ENABLE_TRANSCRIPT = no ]; then
echo "Jigasi Transcription won't be enabled." echo "Jigasi Transcription won't be enabled."
elif [ $ENABLE_TRANSCRIPT = yes ]; then elif [ $ENABLE_TRANSCRIPT = yes ]; then
echo "Jigasi Transcription will be enabled." echo "Jigasi Transcription will be enabled."
fi fi
done done
#Enable static avatar
echo "$JB_AUTH_PASS" > $JB_AUTH_PASS_FILE while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]]
chmod 600 $JB_AUTH_PASS_FILE do
echo "$JB_REC_PASS" > $JB_REC_PASS_FILE read -p "> Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA
chmod 600 $JB_REC_PASS_FILE if [ "$ENABLE_SA" = "no" ]; then
echo "Static avatar won't be enabled"
elif [ "$ENABLE_SA" = "yes" ]; then
echo "Static avatar will be enabled"
fi
done
#Enable local audio recording
while [[ "$ENABLE_LAR" != "yes" && "$ENABLE_LAR" != "no" ]]
do
read -p "> Do you want to enable local audio recording option?: (yes or no)"$'\n' -r ENABLE_LAR
if [ "$ENABLE_LAR" = "no" ]; then
echo "Local audio recording option won't be enabled"
elif [ "$ENABLE_LAR" = "yes" ]; then
echo "Local audio recording option will be enabled"
fi
done
#Secure room initial user
while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]]
do
read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC
if [ "$ENABLE_SC" = "no" ]; then
echo "-- Secure rooms won't be enabled."
elif [ "$ENABLE_SC" = "yes" ]; then
echo "-- Secure rooms will being enabled."
read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER
read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS
fi
done
#Welcome Page
while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]]
do
read -p "> Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP
if [ $ENABLE_WELCP = yes ]; then
echo "Welcome page will be disabled."
elif [ $ENABLE_WELCP = no ]; then
echo "Welcome page will be enabled."
fi
done
#Start configuration
echo '
########################################################################
Start Jitsi Framework configuration
########################################################################
'
JibriBrewery=JibriBrewery JibriBrewery=JibriBrewery
INT_CONF=/usr/share/jitsi-meet/interface_config.js INT_CONF="/usr/share/jitsi-meet/interface_config.js"
WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com)
ssl_wa() { ssl_wa() {
service $1 stop systemctl stop $1
letsencrypt certonly --standalone --renew-by-default --agree-tos --email $5 -d $6 letsencrypt certonly --standalone --renew-by-default --agree-tos --email $5 -d $6
sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" $4 sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" $4
sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" $4 sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" $4
service $1 restart systemctl restart $1
#Add cron #Add cron
crontab -l | { cat; echo "@weekly certbot renew --${2} > $LE_RENEW_LOG 2>&1 || mail -s 'LE SSL Errors' $SYSADMIN_EMAIL < $LE_RENEW_LOG"; } | crontab - crontab -l | { cat; echo "@weekly certbot renew --${2} > $LE_RENEW_LOG 2>&1 || mail -s 'LE SSL Errors' $SYSADMIN_EMAIL < $LE_RENEW_LOG"; } | crontab -
crontab -l crontab -l
@ -273,9 +395,9 @@ service $1 restart
enable_letsencrypt() { enable_letsencrypt() {
if [ "$ENABLE_SSL" = "yes" ]; then if [ "$ENABLE_SSL" = "yes" ]; then
echo ' echo '
######################################################################## #--------------------------------------------------
Starting LetsEncrypt configuration # Starting LetsEncrypt configuration
######################################################################## #--------------------------------------------------
' '
#Disabled 'til fixed upstream #Disabled 'til fixed upstream
#bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh #bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
@ -290,9 +412,9 @@ fi
check_jibri() { check_jibri() {
if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ] if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
then then
service jibri restart systemctl restart jibri
service jibri-icewm restart systemctl restart jibri-icewm
service jibri-xorg restart systemctl restart jibri-xorg
else else
echo "Jibri service not installed" echo "Jibri service not installed"
fi fi
@ -300,9 +422,9 @@ fi
# Restarting services # Restarting services
restart_services() { restart_services() {
service jitsi-videobridge restart systemctl restart jitsi-videobridge*
service jicofo restart systemctl restart jicofo
service prosody restart systemctl restart prosody
check_jibri check_jibri
} }
@ -330,6 +452,27 @@ VirtualHost "recorder.$DOMAIN"
REC-JIBRI REC-JIBRI
#Fix Jibri conectivity issues
sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS
sed -i "/c2s_require_encryption = false/a \\
\\
consider_bosh_secure = true" $PROSODY_SYS
if [ ! -f $MOD_LIST_FILE ]; then
echo "
-> Adding external module to list prosody users...
"
curl -s $MOD_LISTU > $MOD_LIST_FILE
echo "Now you can check registered users with:
prosodyctl mod_listusers
"
else
echo "Prosody support for listing users seems to be enabled.
check with: prosodyctl mod_listusers
"
fi
### Prosody users ### Prosody users
prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS
prosodyctl register recorder recorder.$DOMAIN $JB_REC_PASS prosodyctl register recorder recorder.$DOMAIN $JB_REC_PASS
@ -361,11 +504,8 @@ sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF
fi fi
#LocalRecording #LocalRecording
#No longer necessary thanks to: makeJsonParserHappy if [ $ENABLE_LAR = "yes" ]; then
echo "# Enabling local recording (audio only)." echo "# Enabling local recording (audio only)."
#DI_STR=$(grep -n "deploymentInfo:" $MEET_CONF | cut -d ":" -f1)
#DI_END=$((DI_STR + 6))
#sed -i "$DI_STR,$DI_END{s|}|},|}" $MEET_CONF
LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1) LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1)
LR_END=$((LR_STR + 18)) LR_END=$((LR_STR + 18))
sed -i "$LR_STR,$LR_END{s|// localRecording: {|localRecording: {|}" $MEET_CONF sed -i "$LR_STR,$LR_END{s|// localRecording: {|localRecording: {|}" $MEET_CONF
@ -374,7 +514,8 @@ sed -i "$LR_STR,$LR_END{s|// format: 'flac'|format: 'flac'|}" $MEET_CONF
sed -i "$LR_STR,$LR_END{s|// }|}|}" $MEET_CONF sed -i "$LR_STR,$LR_END{s|// }|}|}" $MEET_CONF
sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF
#EOLR sed -i "s|LOC_REC=.*|LOC_REC=\"on\"|" jitsi-updater.sh
fi
#Setup main language #Setup main language
if [ -z $LANG ] || [ "$LANG" = "en" ]; then if [ -z $LANG ] || [ "$LANG" = "en" ]; then
@ -404,18 +545,25 @@ https://github.com/switnet-ltd/quick-jibri-installer/issues
fi fi
# Recording directory # Recording directory
mkdir $DIR_RECORD
chown -R jibri:jibri $DIR_RECORD
cat << REC_DIR > $REC_DIR cat << REC_DIR > $REC_DIR
#!/bin/bash #!/bin/bash
RECORDINGS_DIR=$1 RECORDINGS_DIR=$DIR_RECORD
echo "This is a dummy finalize script" > /tmp/finalize.out echo "This is a dummy finalize script" > /tmp/finalize.out
echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out
echo "You should put any finalize logic (renaming, uploading to a service" >> /tmp/finalize.out echo "You should put any finalize logic (renaming, uploading to a service" >> /tmp/finalize.out
echo "or storage provider, etc.) in this script" >> /tmp/finalize.out echo "or storage provider, etc.) in this script" >> /tmp/finalize.out
chmod -R 770 \$RECORDINGS_DIR
exit 0 exit 0
REC_DIR REC_DIR
chown jibri:jibri $REC_DIR
chmod +x $REC_DIR
## JSON Config ## JSON Config
cp $CONF_JSON $CONF_JSON.orig cp $CONF_JSON $CONF_JSON.orig
@ -427,7 +575,7 @@ cat << CONF_JSON > $CONF_JSON
{ {
"name": "$JB_NAME", "name": "$JB_NAME",
"xmpp_server_hosts": [ "xmpp_server_hosts": [
"$WAN_IP" "$DOMAIN"
], ],
"xmpp_domain": "$DOMAIN", "xmpp_domain": "$DOMAIN",
"control_login": { "control_login": {
@ -446,7 +594,7 @@ cat << CONF_JSON > $CONF_JSON
"password": "$JB_REC_PASS" "password": "$JB_REC_PASS"
}, },
"room_jid_domain_string_to_strip_from_start": "internal.auth", "room_jid_domain_string_to_strip_from_start": "conference.",
"usage_timeout": "0" "usage_timeout": "0"
} }
] ]
@ -454,74 +602,46 @@ cat << CONF_JSON > $CONF_JSON
CONF_JSON CONF_JSON
#Tune webserver for Jitsi App control #Tune webserver for Jitsi App control
if [ -f /etc/apache2/sites-available/$DOMAIN.conf ]; then if [ -f $WS_CONF ]; then
WS_CONF=/etc/apache2/sites-available/$DOMAIN.conf sed -i "/Anything that didn't match above/i \\\n" $WS_CONF
sed -i '$ d' $WS_CONF sed -i "/Anything that didn't match above/i \ \ \ \ location = \/external_api.min.js {" $WS_CONF
cat << NG_APP >> $WS_CONF sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" $WS_CONF
sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF
Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js" sed -i "/Anything that didn't match above/i \\\n" $WS_CONF
Alias "/external_api.min.js" "/usr/share/jitsi-meet/libs/external_api.min.js" systemctl reload nginx
</VirtualHost>
NG_APP
service apache2 reload
elif [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then
WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf
WS_STR=$(grep -n "external_api.js" $WS_CONF | cut -d ":" -f1)
WS_END=$((WS_STR + 2))
sed -i "${WS_STR},${WS_END} s|^|#|" $WS_CONF
sed -i '$ d' $WS_CONF
cat << NG_APP >> $WS_CONF
location /external_api.min.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
location /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
}
NG_APP
service nginx reload
else else
echo "No app configuration done to server file, please report to: echo "No app configuration done to server file, please report to:
-> https://github.com/switnet-ltd/quick-jibri-installer/issues" -> https://github.com/switnet-ltd/quick-jibri-installer/issues"
fi fi
#Static avatar
#Enable static avatar if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then
while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] #wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png
do cp images/avatar2.png /usr/share/jitsi-meet/images/
read -p "Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" $WS_CONF
if [ "$ENABLE_SA" = "no" ]; then sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" $WS_CONF
echo "Static avatar won't be enable" sed -i "/location \/external_api.min.js/i \ \ \ \ }\\
elif [ "$ENABLE_SA" = "yes" ] && [ -f /etc/apache2/sites-available/$DOMAIN.conf ]; then
echo "Static avatar are being enable"
wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png
WS_CONF=/etc/apache2/sites-available/$DOMAIN.conf
sed -i "/Alias \"\/external_api.js\"/i \ \ AliasMatch \^\/avatar\/\(.\*\)\\\.png /usr/share/jitsi-meet/images/avatar2.png" $WS_CONF
sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF
sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF
elif [ "$ENABLE_SA" = "yes" ] && [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then
wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png
WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf
sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {\\
\
\ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;\\
\
\ \ \ \ }\\
\ " $WS_CONF \ " $WS_CONF
sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF
sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF
else
echo "No app configuration done to server file, please report to:
-> https://github.com/switnet-ltd/quick-jibri-installer/issues"
fi fi
done #nginx -tlsv1/1.1
if [ $DROP_TLS1 = "yes" ] && [ $DIST = "bionic" ];then
echo "Dropping TLSv1/1.1 in favor of v1.3"
sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf
#sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF
elif [ $DROP_TLS1 = "yes" ] && [ ! $DIST = "bionic" ];then
echo "Only dropping TLSv1/1.1"
sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf
#sed -i "s|TLSv1 TLSv1.1||" $WS_CONF
else
echo "No TLSv1/1.1 dropping was done. Please report to
https://github.com/switnet-ltd/quick-jibri-installer/issues "
fi
# Temporary disable "Blur my background" until is stable # Disable "Blur my background" until new notice
sed -i "s|'videobackgroundblur', ||" $INT_CONF sed -i "s|'videobackgroundblur', ||" $INT_CONF
#Enable secure rooms? #Setup secure rooms
cat << P_SR >> $PROSODY_FILE cat << P_SR >> $PROSODY_FILE
VirtualHost "$DOMAIN" VirtualHost "$DOMAIN"
authentication = "internal_plain" authentication = "internal_plain"
@ -530,24 +650,15 @@ VirtualHost "guest.$DOMAIN"
authentication = "anonymous" authentication = "anonymous"
c2s_require_encryption = false c2s_require_encryption = false
P_SR P_SR
while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]]
do
read -p "Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC
if [ "$ENABLE_SC" = "no" ]; then
echo "Secure rooms won't be enable"
elif [ "$ENABLE_SC" = "yes" ]; then
echo "Secure rooms are being enable"
#Secure room initial user #Secure room initial user
read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER if [ "$ENABLE_SC" = "yes" ]; then
read -p "Secure room moderator password: "$'\n' -sr SEC_ROOM_PASS echo "Secure rooms are being enabled..."
echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \
or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered.
If you have issues with the password refer to your sysadmin." If you have issues with the password refer to your sysadmin."
sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP
prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS
fi fi
done
#Start with video muted by default #Start with video muted by default
sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF
@ -555,18 +666,11 @@ sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF
sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" $MEET_CONF sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" $MEET_CONF
#Disable/enable welcome page #Disable/enable welcome page
while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]]
do
read -p "Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP
if [ $ENABLE_WELCP = yes ]; then if [ $ENABLE_WELCP = yes ]; then
echo "Welcome page will be disabled."
sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" $MEET_CONF sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" $MEET_CONF
elif [ $ENABLE_WELCP = no ]; then elif [ $ENABLE_WELCP = no ]; then
echo "Welcome page will be enabled."
sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" $MEET_CONF sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" $MEET_CONF
fi fi
done
#Set displayname as not required since jibri can't set it up. #Set displayname as not required since jibri can't set it up.
sed -i "s|// requireDisplayName: true,|requireDisplayName: false,|" $MEET_CONF sed -i "s|// requireDisplayName: true,|requireDisplayName: false,|" $MEET_CONF
@ -579,21 +683,33 @@ restart_services
enable_letsencrypt enable_letsencrypt
#SSL workaround #SSL workaround
if [ "$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then
ssl_wa apache2 apache $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN
install_ifnot python3-certbot-apache
elif [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then
ssl_wa nginx nginx $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN ssl_wa nginx nginx $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN
install_ifnot python3-certbot-nginx install_ifnot python3-certbot-nginx
else else
echo "No webserver found please report." echo "No webserver found please report."
fi fi
#Brandless Mode
if [ $ENABLE_BLESSM = yes ]; then
echo "Custom brandless mode will be enabled."
sed -i "s|ENABLE_BLESSM=.*|ENABLE_BLESSM=\"on\"|" jitsi-updater.sh
bash $PWD/jm-bm.sh
fi
#JRA via Nextcloud
if [ $ENABLE_NC_ACCESS = yes ]; then
echo "Jigasi Transcription will be enabled."
bash $PWD/jra_nextcloud.sh
fi
#Jigasi Transcript
if [ $ENABLE_TRANSCRIPT = yes ]; then if [ $ENABLE_TRANSCRIPT = yes ]; then
echo "Jigasi Transcription will be enabled." echo "Jigasi Transcription will be enabled."
bash $PWD/jigasi.sh bash $PWD/jigasi.sh
fi fi
#Prevent Jibri conecction issue
sed -i "/127.0.0.1/a \\
127.0.0.1 $DOMAIN" /etc/hosts
echo " echo "
######################################################################## ########################################################################
Installation complete!! Installation complete!!