diff --git a/jitsi-updater.sh b/jitsi-updater.sh index 70dafbe..c887f69 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -26,6 +26,11 @@ ENABLE_BLESSM="TBD" CHD_LST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" CHDB="$(whereis chromedriver | awk '{print$2}')" DOMAIN="$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')" +NC_DOMAIN="TBD" +JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" +if [ -f $JITSI_MEET_PROXY ];then +PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) +fi INT_CONF="/usr/share/jitsi-meet/interface_config.js" jibri_packages="$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages |sort -u|awk '{print $2}'|sed 's|jigasi||'|paste -s -d ' ')" AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)" @@ -154,6 +159,22 @@ fi printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n" sed -i "s|'videobackgroundblur', ||" $INT_CONF + +if [ ! "$NC_DOMAIN" = "TBD" ]; +printf "${Purple}========== Enable $NC_DOMAIN for sync client ==========${Color_Off}\n" + if [ -z $PREAD_PROXY ]; then + echo " + Setting up Nextcloud domain on Jitsi Meet turn proxy +" + sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ }" $JITSI_MEET_PROXY + else + echo "$NC_DOMAIN seems to be on place, skipping..." + fi +fi + restart_services diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index cc9bd92..3587d63 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -171,7 +171,7 @@ echo "opcache.validate_timestamps=1" systemctl restart php$PHPVER-fpm.service #-------------------------------------------------- -# Create MySQL user +# Create DB user #-------------------------------------------------- echo -e "\n---- Creating the PgSQL DB & User ----" @@ -186,6 +186,7 @@ echo "Done! #nginx - configuration cat << NC_NGINX > $NC_NGINX_CONF +#nextcloud config upstream php-handler { #server 127.0.0.1:9000; server unix:/run/php/php${PHPVER}-fpm.sock; @@ -346,7 +347,7 @@ if [ "$ENABLE_HSTS" = "yes" ]; then sed -i "s|# add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF fi -if [ "$DISTRO_RELEASE" = "bionic" ] && [ -z $PREAD_PROXY ]; then +if [ ! "$DISTRO_RELEASE" = "xenial" ] && [ -z $PREAD_PROXY ]; then echo " Setting up Nextcloud domain on Jitsi Meet turn proxy " diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index d048700..9fda60c 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -21,8 +21,6 @@ fi # SYSTEM SETUP JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) -CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f4) -CERTBOT_REL_FILE="http://ppa.launchpad.net/certbcertbot/ubuntu/dists/$(lsb_release -sc)/Release" APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") DIST=$(lsb_release -sc) @@ -94,6 +92,17 @@ else wget -qO - https://prosody.im/files/prosody-debian-packages.key | apt-key add - fi } +dpkg-compare() { +dpkg --compare-versions $(dpkg-query -f='${Version}' --show $1) $2 $3 +} +wait_seconds() { +secs=$(($1)) +while [ $secs -gt 0 ]; do + echo -ne "$secs\033[0K\r" + sleep 1 + : $((secs--)) +done +} clear echo ' ######################################################################## @@ -161,7 +170,9 @@ else fi if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then echo "All requirements seems meet!" - echo "We hope you have a nice recording/streaming session" + echo " + - We hope you have a nice recording/streaming session + " else echo "CPU ($(nproc --all))/RAM ($((mem_available/1024)) MiB) does NOT meet minimum recommended requirements!" echo "Even when you can use the videconference sessions, we advice to increase the resoruces in order to user Jibri." @@ -177,9 +188,12 @@ else done fi #Prosody repository -#add_prosody_repo +add_prosody_repo + # Jitsi-Meet Repo -echo "Add Jitsi key" +echo " +Add Jitsi repo +" if [ "$JITSI_REPO" = "stable" ]; then echo "Jitsi stable repository already installed" else @@ -192,7 +206,7 @@ do read -p "> Do you plan to use Let's Encrypt SSL certs?: (yes or no)"$'\n' -r LE_SSL if [ $LE_SSL = yes ]; then echo "We'll defaul to Let's Encrypt SSL certs." -elif [ $LE_SSL = no ]; then +else echo "We'll let you choose later on for it." fi done @@ -305,7 +319,7 @@ echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON echo ' ######################################################################## - Please Setup Your Instalation + Please Setup Your Installation ######################################################################## ' # MEET / JIBRI SETUP @@ -325,6 +339,10 @@ LE_RENEW_LOG="/var/log/letsencrypt/renew.log" MOD_LISTU="https://prosody.im/files/mod_listusers.lua" MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" ENABLE_SA="yes" +CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f4) +CERTBOT_REL_FILE="http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/$(lsb_release -sc)/Release" +GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release" + #Sysadmin email while [[ -z $SYSADMIN_EMAIL ]] do @@ -352,14 +370,14 @@ fi done #SSL LE if [ "$LE_SSL" = "yes" ]; then - ENABLE_SSL=yes + ENABLE_SSL=yes else while [[ "$ENABLE_SSL" != "yes" && "$ENABLE_SSL" != "no" ]] do read -p "> Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL if [ "$ENABLE_SSL" = "no" ]; then echo "Please run letsencrypt.sh manually post-installation." - elif [ "$ENABLE_SSL" = "yes" ]; then + else echo "SSL will be enabled." fi done @@ -406,7 +424,7 @@ done #Enable static avatar while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] do -read -p "> Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA +read -p "> (Legacy) Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA if [ "$ENABLE_SA" = "no" ]; then echo "Static avatar won't be enabled" elif [ "$ENABLE_SA" = "yes" ]; then @@ -441,20 +459,39 @@ do read -p "> Do you want to setup Jibri Records Access via Nextcloud: (yes or no) ( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_NC_ACCESS if [ "$ENABLE_NC_ACCESS" = "no" ]; then - echo "JRA via Nextcloud won't be enabled." + echo "-- JRA via Nextcloud won't be enabled." elif [ "$ENABLE_NC_ACCESS" = "yes" ]; then - echo "JRA via Nextcloud will be enabled." + echo "-- JRA via Nextcloud will be enabled." fi done #Jigasi -while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] -do +if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then + echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd)," + echo "thus, Jigasi Transcript can't be enable." +elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then + while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] + do read -p "> Do you want to setup Jigasi Transcription: (yes or no) ( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_TRANSCRIPT -if [ "$ENABLE_TRANSCRIPT" = "no" ]; then - echo "Jigasi Transcription won't be enabled." -elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then - echo "Jigasi Transcription will be enabled." + if [ "$ENABLE_TRANSCRIPT" = "no" ]; then + echo "-- Jigasi Transcription won't be enabled." + elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then + echo "-- Jigasi Transcription will be enabled." + fi + done +else + echo "No valid option for Jigasi.Please report this to +https://github.com/switnet-ltd/quick-jibri-installer/issues " +fi +#Grafana +while [[ "$ENABLE_GRAFANA_DSH" != "yes" && "$ENABLE_GRAFANA_DSH" != "no" ]] +do +read -p "> Do you want to setup Grafana Dashboard: (yes or no) +( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_GRAFANA_DSH +if [ "$ENABLE_GRAFANA_DSH" = "no" ]; then + echo "-- Grafana Dashboard won't be enabled." +elif [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then + echo "-- Grafana Dashboard will be enabled." fi done #Grafana @@ -507,8 +544,7 @@ Checking for updates... " apt-get -q2 update apt-get -yq2 dist-upgrade -else - if [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "200" ]; then +elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "200" ]; then echo " Adding cerbot (formerly letsencrypt) PPA repository for latest updates " @@ -516,12 +552,10 @@ Adding cerbot (formerly letsencrypt) PPA repository for latest updates apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694 apt-get -q2 update apt-get -yq2 dist-upgrade - fi - if [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "404" ]; then +elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "404" ]; then echo " Certbot PPA is not available for $(lsb_release -sc) just yet, it won't be installed... " - fi fi else @@ -550,6 +584,7 @@ restart_services() { # Configure Jibri ## PROSODY +if dpkg-compare prosody lt 0.11.0 ; then cat << MUC-JIBRI >> $PROSODY_FILE -- internal muc component, meant to enable pools of jibri and jigasi clients @@ -561,7 +596,7 @@ Component "internal.auth.$DOMAIN" "muc" muc_room_cache_size = 1000 MUC-JIBRI - +fi cat << REC-JIBRI >> $PROSODY_FILE VirtualHost "recorder.$DOMAIN" @@ -571,12 +606,17 @@ VirtualHost "recorder.$DOMAIN" authentication = "internal_plain" REC-JIBRI +#Enable Jibri withelist +sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE #Fix Jibri conectivity issues +#if dpkg-compare prosody lt 0.11.0 ; then sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS sed -i "/c2s_require_encryption = false/a \\ \\ consider_bosh_secure = true" $PROSODY_SYS +#fi + if [ ! -z $L10N_PARTICIPANT ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh fi @@ -763,11 +803,11 @@ if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF fi #nginx -tlsv1/1.1 -if [ "$DROP_TLS1" = "yes" ] && [ "$DIST" = "bionic" ];then +if [ "$DROP_TLS1" = "yes" ] && [ ! "$DIST" = "xenial" ];then echo "Dropping TLSv1/1.1 in favor of v1.3" sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf #sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF -elif [ "$DROP_TLS1" = "yes" ] && [ ! "$DIST" = "bionic" ];then +elif [ "$DROP_TLS1" = "yes" ] && [ "$DIST" = "xenial" ];then echo "Only dropping TLSv1/1.1" sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf #sed -i "s|TLSv1 TLSv1.1||" $WS_CONF @@ -778,16 +818,41 @@ fi # Disable "Blur my background" until new notice sed -i "s|'videobackgroundblur', ||" $INT_CONF +#Setup prosody conf file================================== #Setup secure rooms -cat << P_SR >> $PROSODY_FILE -VirtualHost "$DOMAIN" - authentication = "internal_plain" +SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) +SRP_END=$((SRP_STR + 10)) +sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE + +if dpkg-compare prosody gt 0.11.0 ; then + cat << P_SR >> $PROSODY_FILE + +VirtualHost "guest.$DOMAIN" + authentication = "anonymous" + c2s_require_encryption = false + speakerstats_component = "speakerstats.$DOMAIN" + conference_duration_component = "conferenceduration.$DOMAIN" + lobby_muc = "lobby.$DOMAIN" + main_muc = "conference.$DOMAIN" + + modules_enabled = { + "speakerstats"; + "conference_duration"; + "muc_lobby_rooms"; + } + +P_SR + else + cat << P_SR >> $PROSODY_FILE VirtualHost "guest.$DOMAIN" authentication = "anonymous" c2s_require_encryption = false P_SR + +fi +#====================== #Secure room initial user if [ "$ENABLE_SC" = "yes" ]; then echo "Secure rooms are being enabled..." @@ -821,6 +886,15 @@ restart_services enable_letsencrypt +if dpkg-compare prosody gt 0.11.0 && [ "$ENABLE_SC" = "yes" ]; then +echo "Let's try wait 15s" +wait_seconds 15 +#Temporary fix? - https://community.jitsi.org/t/27752/112 +sed -i "s| lobby_muc = \"lobby.|-- lobby_muc = \"lobby.|" $PROSODY_FILE +sed -i "s| main_muc = \"conference.|-- main_muc = \"conference.|" $PROSODY_FILE +#EO_TF +fi + #SSL workaround if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then ssl_wa nginx nginx $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN @@ -836,7 +910,8 @@ if [ "$ENABLE_BLESSM" = "yes" ]; then fi #JRA via Nextcloud if [ "$ENABLE_NC_ACCESS" = "yes" ]; then - echo "Jigasi Transcription will be enabled." + echo "JRA via Nextcloud will be enabled." + sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh bash $PWD/jra_nextcloud.sh fi } > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) @@ -852,8 +927,12 @@ if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then bash $PWD/grafana.sh fi #Prevent Jibri conecction issue +if [ -z "$(grep -n $DOMAIN /etc/hosts)" ];then sed -i "/127.0.0.1/a \\ 127.0.0.1 $DOMAIN" /etc/hosts +else + echo "Local host already in place..." +fi echo " ######################################################################## @@ -865,11 +944,6 @@ apt-get -y autoremove apt-get autoclean echo "Rebooting in..." -secs=$((15)) -while [ $secs -gt 0 ]; do - echo -ne "$secs\033[0K\r" - sleep 1 - : $((secs--)) -done +wait_seconds 15 } > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) reboot