From b5236c5b04b599e402e39070605c5d8b43b1fb4e Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 30 Apr 2020 20:32:59 -0500 Subject: [PATCH 01/67] beging work on timer --- quick_jibri_installer.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 9335655..762d67b 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -338,7 +338,7 @@ done #Enable static avatar while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] do -read -p "> Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA +read -p "> (Legacy) Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA if [ "$ENABLE_SA" = "no" ]; then echo "Static avatar won't be enabled" elif [ "$ENABLE_SA" = "yes" ]; then @@ -667,12 +667,23 @@ fi sed -i "s|'videobackgroundblur', ||" $INT_CONF #Setup secure rooms +SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) +SRP_END=$((SRP_STR + 10)) +sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE + cat << P_SR >> $PROSODY_FILE -VirtualHost "$DOMAIN" - authentication = "internal_plain" VirtualHost "guest.$DOMAIN" authentication = "anonymous" + + speakerstats_component = "speakerstats.$DOMAIN" + conference_duration_component = "conferenceduration.$DOMAIN" + + modules_enabled = { + "muc_size"; + "speakerstats"; + "conference_duration"; + } c2s_require_encryption = false P_SR #Secure room initial user From 8e922adbea0fbd6968e756cb9821ea996ca3c277 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 30 Apr 2020 23:51:48 -0500 Subject: [PATCH 02/67] change repsoitory --- quick_jibri_installer.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 762d67b..60420c3 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -138,10 +138,10 @@ read -n 1 -s -r -p "Press any key to continue..."$'\n' fi # Jitsi-Meet Repo echo "Add Jitsi key" -if [ "$JITSI_STBL_REPO" = "stable" ]; then +if [ "$JITSI_STBL_REPO" = "unstable" ]; then echo "Jitsi stable repository already installed" else - echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list + echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - fi From a4b466adedaa9852d5f3b9e5d2900c3a0a9a3ac6 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 2 May 2020 19:21:53 -0500 Subject: [PATCH 03/67] Tune jitsi turn proxy for nextcloud --- quick_jibri_installer.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 60420c3..7a957fd 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -20,12 +20,13 @@ set -x fi # SYSTEM SETUP -JITSI_STBL_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f 1) -CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f 4) +JITSI_UNSTBL_REPO=$(apt-cache policy | grep http | grep jitsi | grep unstable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) +CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f4) APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") DIST=$(lsb_release -sc) GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" +PROSODY_REPO=$(apt-cache policy | grep http | grep prosody| awk '{print $3}' | head -n 1 | cut -d "/" -f2) if [ $DIST = flidas ]; then DIST="xenial" @@ -136,9 +137,17 @@ echo "$(lsb_release -sc), even when it's compatible and functional. We suggest to use the next (LTS) release, for longer support and security reasons." read -n 1 -s -r -p "Press any key to continue..."$'\n' fi +#Prosody repository +echo "Add Jitsi key" +if [ "$PROSODY_REPO" = "main" ]; then + echo "Prosody repository already installed" +else + echo "deb http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list + wget -qO - https://prosody.im/files/prosody-debian-packages.key | apt-key add - +fi # Jitsi-Meet Repo echo "Add Jitsi key" -if [ "$JITSI_STBL_REPO" = "unstable" ]; then +if [ "$JITSI_UNSTBL_REPO" = "unstable" ]; then echo "Jitsi stable repository already installed" else echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list From 176b82271d357d5b0f327acf1b3c117c3ad97466 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sun, 3 May 2020 07:59:25 -0500 Subject: [PATCH 04/67] prevent adding if not necessary --- jra_nextcloud.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 35917d8..59002a7 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -48,6 +48,10 @@ NC_DB="nextcloud_db" NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)" REDIS_CONF="/etc/redis/redis.conf" +JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" +if [ -f $JITSI_MEET_PROXY ];then +PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) +fi exit_ifinstalled() { if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " This instance already has $1 installed, exiting..." @@ -334,6 +338,15 @@ if [ "$ENABLE_HSTS" = "yes" ]; then sed -i "s|# add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF fi +if [ "$DISTRO_RELEASE" = "bionic" ] && [ -z $PREAD_PROXY ]; then +echo " + Setting up Nextcloud domain on Jitsi Meet turn proxy +" + sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ }" $JITSI_MEET_PROXY +fi echo " Latest version to be installed: $STABLEVERSION From 25a6b2e0afac43b91edad25cc5905da408e6ed6d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 5 May 2020 09:18:59 -0500 Subject: [PATCH 05/67] Fix comments --- quick_jibri_installer.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 7a957fd..9bc6f00 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -138,7 +138,7 @@ We suggest to use the next (LTS) release, for longer support and security reason read -n 1 -s -r -p "Press any key to continue..."$'\n' fi #Prosody repository -echo "Add Jitsi key" +echo "Add Prosody repo" if [ "$PROSODY_REPO" = "main" ]; then echo "Prosody repository already installed" else @@ -146,7 +146,7 @@ else wget -qO - https://prosody.im/files/prosody-debian-packages.key | apt-key add - fi # Jitsi-Meet Repo -echo "Add Jitsi key" +echo "Add Jitsi repo" if [ "$JITSI_UNSTBL_REPO" = "unstable" ]; then echo "Jitsi stable repository already installed" else @@ -251,7 +251,7 @@ echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON echo ' ######################################################################## - Please Setup Your Instalation + Please Setup Your Installation ######################################################################## ' # MEET / JIBRI SETUP From 2dd120e416a0e5e0957cd345998998af1ba23b1c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 8 May 2020 21:46:18 -0500 Subject: [PATCH 06/67] Set additional jibri node variables --- quick_jibri_installer.sh | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 9bc6f00..98fcec5 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -20,7 +20,7 @@ set -x fi # SYSTEM SETUP -JITSI_UNSTBL_REPO=$(apt-cache policy | grep http | grep jitsi | grep unstable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) +JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f4) APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") @@ -97,6 +97,10 @@ Adding cerbot (formerly letsencrypt) PPA repository for latest updates apt-get -yq2 dist-upgrade fi } +# sed limiters for add-jibri-node.sh variables +var_dlim() { + grep -n $1 add-jibri-node.sh|head -n1|cut -d ":" -f1 +} clear echo ' @@ -150,7 +154,7 @@ echo "Add Jitsi repo" if [ "$JITSI_UNSTBL_REPO" = "unstable" ]; then echo "Jitsi stable repository already installed" else - echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list + echo 'deb http://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - fi @@ -635,6 +639,17 @@ cat << CONF_JSON > $CONF_JSON } CONF_JSON +#Setting varibales for add-jibri-node.sh +sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jibri-node.sh +sed -i "s|MAIN_SRV_REPO=.*|MAIN_SRV_REPO=\"$JITSI_REPO\"|" add-jibri-node.sh +sed -i "s|MAIN_SRV_DOMAIN=.*|MAIN_SRV_DOMAIN=\"$DOMAIN\"|" add-jibri-node.sh +sed -i "s|JB_NAME=.*|JB_NAME=\"$JB_NAME\"|" add-jibri-node.sh +sed -i "s|JibriBrewery=.*|JibriBrewery=\"$JibriBrewery\"|" add-jibri-node.sh +sed -i "s|JB_AUTH_PASS=.*|JB_AUTH_PASS=\"$JB_AUTH_PASS\"|" add-jibri-node.sh +sed -i "s|JB_REC_PASS=.*|JB_REC_PASS=\"$JB_REC_PASS\"|" add-jibri-node.sh +sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh +echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')" + #Tune webserver for Jitsi App control if [ -f $WS_CONF ]; then sed -i "/Anything that didn't match above/i \\\n" $WS_CONF From d2bd5bd6a05cbe7583c93a67520d00ccb89b345d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sun, 10 May 2020 06:47:38 -0500 Subject: [PATCH 07/67] Small fixes --- jm-bm.sh | 2 +- quick_jibri_installer.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jm-bm.sh b/jm-bm.sh index 2813d38..affc743 100644 --- a/jm-bm.sh +++ b/jm-bm.sh @@ -9,7 +9,7 @@ TITLE_FILE="/usr/share/jitsi-meet/title.html" INT_CONF="/usr/share/jitsi-meet/interface_config.js" BUNDLE_JS="/usr/share/jitsi-meet/libs/app.bundle.min.js" # -JM_IMG_PATH="/usr/share/jitsi-meet/images/" +JM_IMG_PATH="/usr/share/jitsi-meet/images" WTM2_PATH="$JM_IMG_PATH/watermark2.png" FICON_PATH="$JM_IMG_PATH/favicon2.ico" # diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 98fcec5..69dc4c5 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -604,7 +604,7 @@ chown jibri:jibri $REC_DIR chmod +x $REC_DIR ## JSON Config -cp $CONF_JSON $CONF_JSON.orig +cp $CONF_JSON ${CONF_JSON}.orig cat << CONF_JSON > $CONF_JSON { "recording_directory":"$DIR_RECORD", From 6737dc417091b8b26a0c0c9db52475055852f95e Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sun, 10 May 2020 06:49:12 -0500 Subject: [PATCH 08/67] add Jibri Node Aggregator --- add-jibri-node.sh | 282 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 282 insertions(+) create mode 100644 add-jibri-node.sh diff --git a/add-jibri-node.sh b/add-jibri-node.sh new file mode 100644 index 0000000..18388b5 --- /dev/null +++ b/add-jibri-node.sh @@ -0,0 +1,282 @@ +#!/bin/bash +# Jibri Node Aggregator +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. + +### 0_LAST EDITION TIME STAMP ### +# LETS: AUTOMATED_EDITION_TIME +### 1_LAST EDITION ### + +#Make sure the file name is the required one +if [ ! "$(basename $0)" = "add-jibri-node.sh" ]; then + echo "For most cases naming won't matter, for this one it does." + echo "Please use the original name for this script: \`add-jibri-node.sh', and run again." + exit +fi + +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo ./add_jibri_node.sh [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + +#Check admin rights +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi + +### 0_VAR_DEF +MAIN_SRV_DIST=TBD +MAIN_SRV_REPO=TBD +MAIN_SRV_DOMAIN=TBD +JibriBrewery=TBD +JB_NAME=TBD +JB_AUTH_PASS=TBD +JB_REC_PASS=TBD +THIS_SRV_DIST=$(lsb_release -sc) +JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) +START=0 +LAST=TBD +CONF_JSON="/etc/jitsi/jibri/config.json" +DIR_RECORD="/var/jbrecord" +REC_DIR="/home/jibri/finalize_recording.sh" +CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" +GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" +GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" +### 1_VAR_DEF + +# sed limiters for add-jibri-node.sh variables +var_dlim() { + grep -n $1 add-jibri-node.sh|head -n1|cut -d ":" -f1 +} + +check_var() { + if [ -z "$2" ]; then + echo "$1 is not defined, please check. Exiting..." + exit + else + echo "$1 is set to: $2" + fi + } + +if [ -z "$LAST" ]; then + echo "There is an error on the LAST definition, please report." + exit +elif [ "$LAST" = "TBD" ]; then + ADDUP=$((START + 1)) +else + ADDUP=$((LAST + 1)) +fi + +#Check server and node OS +if [ ! "$THIS_SRV_DIST" = "$MAIN_SRV_DIST" ]; then + echo "Please use the same OS for the jibri setup on both servers." + echo "This server is based on: $THIS_SRV_DIST" + echo "The main server record claims is based on: $MAIN_SRV_DIST" + exit +fi + +echo " +#----------------------------------------------------------------------- +# Checking initial necessary variables... +#-----------------------------------------------------------------------" + +check_var MAIN_SRV_DIST "$MAIN_SRV_DIST" +check_var MAIN_SRV_REPO "$MAIN_SRV_REPO" +check_var MAIN_SRV_DOMAIN "$MAIN_SRV_DOMAIN" +check_var JibriBrewery "$JibriBrewery" +check_var JB_NAME "$JB_NAME" +check_var JB_AUTH_PASS "$JB_AUTH_PASS" +check_var JB_REC_PASS "$JB_REC_PASS" + +# Jitsi-Meet Repo +echo "Add Jitsi repo" +if [ -z "$JITSI_REPO" ]; then + echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list + wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - +elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then + echo "Main and node servers repository don't match, extiting.." + exit +elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then + echo "Main and node servers repository match, continuing..." +else + echo "Jitsi $JITSI_REPO repository already installed" +fi + +check_snd_driver() { +modprobe snd-aloop +echo "snd-aloop" >> /etc/modules +if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then + echo " +#----------------------------------------------------------------------- +# Audio driver seems - OK. +#-----------------------------------------------------------------------" +else + echo " +#----------------------------------------------------------------------- +# Your audio driver might not be able to load, once the installation +# is complete and server restarted, please run: \`lsmod | grep snd_aloop' +# to make sure it did. If not, any feedback for your setup is welcome. +#-----------------------------------------------------------------------" +read -n 1 -s -r -p "Press any key to continue..."$'\n' +fi +} + +# Requirements +echo "We'll start by installing system requirements this may take a while please be patient..." +apt-get update -q2 +apt-get dist-upgrade -yq2 + +apt-get -y install \ + bmon \ + curl \ + ffmpeg \ + git \ + htop \ + linux-image-generic-hwe-"$(lsb_release -r|awk '{print$2}')" \ + unzip \ + wget + +check_snd_driver + +echo " +#-------------------------------------------------- +# Install Jibri +#-------------------------------------------------- +" +apt-get -y install \ + jibri \ + openjdk-8-jre-headless + +echo "# Installing Google Chrome / ChromeDriver" +if [ -f $GOOGL_REPO ]; then + echo "Google repository already set." +else + echo "Installing Google Chrome Stable" + wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - + echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO +fi +apt-get -q2 update +apt-get install -y google-chrome-stable +rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list + +if [ -f /usr/local/bin/chromedriver ]; then + echo "Chromedriver already installed." +else + echo "Installing Chromedriver" + wget -q https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip + unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/ + chown root:root /usr/local/bin/chromedriver + chmod 0755 /usr/local/bin/chromedriver + rm -rf /tpm/chromedriver_linux64.zip +fi + +echo " +Check Google Software Working... +" +/usr/bin/google-chrome --version +/usr/local/bin/chromedriver --version | awk '{print$1,$2}' + +echo ' +######################################################################## + Start Jibri configuration +######################################################################## +' +echo " +Remove Chrome warning... +" +mkdir -p /etc/opt/chrome/policies/managed +echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON + +# Recording directory +if [ ! -d $DIR_RECORD ]; then +mkdir $DIR_RECORD +fi +chown -R jibri:jibri $DIR_RECORD + +cat << REC_DIR > $REC_DIR +#!/bin/bash + +RECORDINGS_DIR=$DIR_RECORD + +echo "This is a dummy finalize script" > /tmp/finalize.out +echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out +echo "You should put any finalize logic (renaming, uploading to a service" >> /tmp/finalize.out +echo "or storage provider, etc.) in this script" >> /tmp/finalize.out + +chmod -R 770 \$RECORDINGS_DIR + +exit 0 +REC_DIR +chown jibri:jibri $REC_DIR +chmod +x $REC_DIR + +## JSON Config +cp $CONF_JSON ${CONF_JSON}.orig + +cat << CONF_JSON > $CONF_JSON +{ + "recording_directory":"$DIR_RECORD", + "finalize_recording_script_path": "$REC_DIR", + "xmpp_environments": [ + { + "name": "$JB_NAME", + "xmpp_server_hosts": [ + "$MAIN_SRV_DOMAIN" + ], + "xmpp_domain": "$MAIN_SRV_DOMAIN", + "control_login": { + "domain": "auth.$MAIN_SRV_DOMAIN", + "username": "jibri", + "password": "$JB_AUTH_PASS" + }, + "control_muc": { + "domain": "internal.auth.$MAIN_SRV_DOMAIN", + "room_name": "$JibriBrewery", + "nickname": "Live-$ADDUP" + }, + "call_login": { + "domain": "recorder.$MAIN_SRV_DOMAIN", + "username": "recorder", + "password": "$JB_REC_PASS" + }, + + "room_jid_domain_string_to_strip_from_start": "conference.", + "usage_timeout": "0" + } + ] +} +CONF_JSON + +echo "Writting last node number..." +sed -i "$(var_dlim 0_VAR),$(var_dlim 1_VAR){s|LAST=.*|LAST=$ADDUP|}" add-jibri-node.sh +sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh +echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')" + +echo "Start Jibri at system boot" +systemctl enable jibri + +echo " +######################################################################## + Node addition complete!! + for customized support: http://switnet.net +######################################################################## +" + +echo "Rebooting in..." +secs=$((15)) +while [ $secs -gt 0 ]; do + echo -ne "$secs\033[0K\r" + sleep 1 + : $((secs--)) +done +reboot From 259c6eeb896bca649786d77596a6c35be3bc541a Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sun, 10 May 2020 07:41:39 -0500 Subject: [PATCH 09/67] Enable Jibri services --- add-jibri-node.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 18388b5..22ad407 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -262,8 +262,10 @@ sed -i "$(var_dlim 0_VAR),$(var_dlim 1_VAR){s|LAST=.*|LAST=$ADDUP|}" add-jibri-n sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')" -echo "Start Jibri at system boot" +#Enable jibri services systemctl enable jibri +systemctl enable jibri-xorg +systemctl enable jibri-icewm echo " ######################################################################## From c0a8dd481a19333790dd58b0ddac110b3cbe3ef0 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 20 May 2020 13:48:54 -0500 Subject: [PATCH 10/67] Enable jibri services --- add-jibri-node.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 18388b5..22ad407 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -262,8 +262,10 @@ sed -i "$(var_dlim 0_VAR),$(var_dlim 1_VAR){s|LAST=.*|LAST=$ADDUP|}" add-jibri-n sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')" -echo "Start Jibri at system boot" +#Enable jibri services systemctl enable jibri +systemctl enable jibri-xorg +systemctl enable jibri-icewm echo " ######################################################################## From 5cfbacbfd56966006b369fdd1444888032299e6b Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 20 May 2020 13:57:11 -0500 Subject: [PATCH 11/67] Dropbox no longer requirement for local recording Removing dropbox login for local recording, yay! --- README.md | 1 - quick_jibri_installer.sh | 20 ++++++++++---------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 3e5f8de..f4f62fa 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ Bash installer for Jibri on **\*buntu LTS** based systems using **nginx** as def * Valid domain with DNS record, **mandatory** for SSL certs via Let's Encrypt. * Ports open for ACME (SSL) interaction & validation. * Minimum recommended for video recording: 8 GB RAM / 2 Cores. -* Dropbox developer App key & redirect url configured (if you choose to enable Dropbox upload). * Webcam ## Features diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 69dc4c5..7428bf7 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -309,16 +309,16 @@ elif [ $ENABLE_SSL = yes ]; then echo "SSL will be enabled." fi done -#Dropbox -while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]] -do -read -p "> Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB -if [ $ENABLE_DB = no ]; then - echo "Dropbox won't be enable" -elif [ $ENABLE_DB = yes ]; then - read -p "Please set your Drobbox App key: "$'\n' -r DB_CID -fi -done +#Dropbox -- no longer requirement for localrecording +#while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]] +#do +#read -p "> Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB +#if [ $ENABLE_DB = no ]; then +# echo "Dropbox won't be enable" +#elif [ $ENABLE_DB = yes ]; then +# read -p "Please set your Drobbox App key: "$'\n' -r DB_CID +#fi +#done #Brandless Mode while [[ $ENABLE_BLESSM != yes && $ENABLE_BLESSM != no ]] do From 8fd6a7ee541b1c7e429f3dafc3d6765b4a31adf1 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 20 May 2020 14:30:40 -0500 Subject: [PATCH 12/67] Unbrand localrecording (no longer dropbox login used by default) --- images/gnome_record.png | Bin 0 -> 2075 bytes jm-bm.sh | 9 ++++++++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 images/gnome_record.png diff --git a/images/gnome_record.png b/images/gnome_record.png new file mode 100644 index 0000000000000000000000000000000000000000..bf00e5f3933522d9ed1441f31c04f211bc93c16c GIT binary patch literal 2075 zcmV+$2;}#PP)$kD0Im$G+J{P2K`7$#21sosB%-Qh!`Qnm75`gC??&&>RP=ljl? zvkNO)(TY~Iq80rQODyyKQb0Ox6M&4*E1(H@fE%~VqU8V(KsV6+2yFWb+|@0_Z3dLk zx)AjcGa*dRY5m4W@TaHYG%y#3zSf6di!y2G`#F4XP>9D<`FyT_XsD}u&6KE&z);dS1P_YH&+|i`WL^1KYCCF>i-RZ!rid-E+KxM>+iq*hCO@IneJ}< z$w?YhQ-rpSa$NvqI*pOdk}Q`oSFgsMon?G<)U8cV|KpWR=8@y8R{izt*|XDMCP3)` z+_v2?elxUpZ?-TvD4qA;$E#G3rb&9!CXxdK7?}*p_X+3b@Fpf`Oih8-bX|Wvna!J- znV3-HCr>&bf4k7ML=6z;qeYxiyd zbfbZ8G*Cf+_I*?k5YEhCpE`we<_riycE=6^Df#%#H{B1{u6^XpjvcSQ^wLX{S7XMw zO7oc?z)iza{(kfDaL$;W#U33cyLBrA_uo&~>ebL}qJ1A71QCGmqnk~1qX9s&RHAF` zT7s!5yh;Vrvgp0>#-tt_yFDzGj&B(msg910I{yg(0Sx?1h{Hp>cMql#2~j_Firk(( z6h=lssfAIGjVs@e&iVc#C;+ourdh4hICqXzu}G%3H<3Jb>Z|VX@L%q@XU3We!nJrt8 zU0paId_cZfG^})baPY0SzR}m$H`uAEjsb>-hDuwtJ~+62yXAiL5h9U@%-i-t)M|va z8me{N2BqqCLf0j9-FYA#hL~&DqQemHlTTQ)VMEqBapEV1LSX|P&d-hjcJ11g`L1nm z>$0rAlx5L4f1cF(_2@91H>YeniuhPN4mb|DF1Rkbt<^0E$3dDVGL<5zR!L>En5LPx zPMo;u<(FUXTQ-1vK3~}6I3vY1Yq}a2E&$PF4BN}Zw$b(ae9(4G45J+fJP+-85rpd! zIu3|vu!Cxqo?_7q-+udR<#PGDPP`>L>6FXm^4*QbH*>{eBKY*v=wTNxk}Q=FQX+&v z3W3%dp%egGDQHC)qMJ=b7@~s!noUFyKoEfM&%f}RGc#EI{fSHC70 z3^8v!hR{-CB$N1_N7Axpfyu4G6?d_d4)~|ohzI3UX=XDnVSoHcJ3SlE-o8@Wm!|J@4oxwL@tL|VqPpY))vN+ z~;6ta~8O;Yyd(CT`HA6+do(IN+5FPDCJN`kVwKjks{o%Un4wg)Fus4%2^z`(+!S-l3-+DJF zr3jTmX-yb^4wXVF1-TrbJC3SqJ^ua4$;W};3L(Nye097Vjc<7D>o2_U%;aaE`Cb@e z6bexmuIxLX4P(iuFX{)#Y!)XBnXFd5y)VA_3~;Pd^H&8B8>^J|?R)*^Lx-L^TdDXC zVD$FRZzI~JwMNHFX6y5kn;~*JY^C_yaq7;r3?J{H20tmH^_ChgG3x;G8nM!eCW=2m`tKQaw2YcP>BReN@nVH zD%Gm5QmM~xJ$(4-RU;#>0w+72xYrEO1~Nn#?j3#f(Qj3refEb^>r~0IlD(E?n27`_ z(*&*Yg8;wLV5VLVFWPpXr1Wlh@WJ2hdh*FXV;IMT5P$!o9D@ z8UWS-WgrK1#b5hC4LA=>0O!9*xvXeKD_YTtR`h?Te*z714-EyY5DWkS002ovPDHLk FV1i+a@?8J` literal 0 HcmV?d00001 diff --git a/jm-bm.sh b/jm-bm.sh index affc743..40987b7 100644 --- a/jm-bm.sh +++ b/jm-bm.sh @@ -12,6 +12,7 @@ BUNDLE_JS="/usr/share/jitsi-meet/libs/app.bundle.min.js" JM_IMG_PATH="/usr/share/jitsi-meet/images" WTM2_PATH="$JM_IMG_PATH/watermark2.png" FICON_PATH="$JM_IMG_PATH/favicon2.ico" +REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png" # APP_NAME="Conferences" MOVILE_APP_NAME="Jitsi Meet" @@ -36,13 +37,19 @@ if [ ! -f $FICON_PATH ]; then else echo "favicon2 file exists, skipping copying..." fi +#Local recording icon +if [ ! -f $REC_ICON_PATH ];then + cp images/gnome_record.png $REC_ICON_PATH +else + echo "recodring icon exists, skipping copying..." +fi #Custom / Remove icons sed -i "s|watermark.png|watermark2.png|g" $CSS_FILE sed -i "s|favicon.ico|favicon2.ico|g" $TITLE_FILE sed -i "s|jitsilogo.png|watermark2.png|g" $TITLE_FILE sed -i "s|logo-deep-linking.png|watermark2.png|g" $BUNDLE_JS - +sed -i "s|jitsiLogo_square.png|gnome_record.png|g" $BUNDLE_JS #Disable logo and url if [ -z $(grep -nr ".leftwatermark{display:none" $CSS_FILE) ]; then sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" $CSS_FILE From f67ba407ad35b4e427a9db6f3a146daaa0403a8f Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 3 Jun 2020 02:46:08 -0500 Subject: [PATCH 13/67] Prevent mandatory variables be empty --- jra_nextcloud.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 59002a7..b546a58 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -14,9 +14,27 @@ echo ' ######################################################################## by Software, IT & Networks Ltd ' +while [[ -z "$NC_DOMAIN" ]] +do read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN +if [ -z "$NC_DOMAIN" ]; then + echo "-- This field is mandatory." +fi +done +while [[ -z "$NC_USER" ]] +do read -p "Nextcloud user: " -r NC_USER +if [ -z "$NC_USER" ]; then + echo "-- This field is mandatory." +fi +done +while [[ -z "$NC_PASS" ]] +do read -p "Nextcloud user password: " -r NC_PASS +if [ -z "$NC_PASS" ]; then + echo "-- This field is mandatory." +fi +done #Enable HSTS while [[ "$ENABLE_HSTS" != "yes" && "$ENABLE_HSTS" != "no" ]] do From 7517f2f4a0f50da635a16b540289a38eb348eb46 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 3 Jun 2020 04:52:36 -0500 Subject: [PATCH 14/67] Test jigasi loggin out Also ignore log file --- .gitignore | 1 + quick_jibri_installer.sh | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index e69de29..299a0c5 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +qj-installer.log diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 7428bf7..8ccbeec 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -761,12 +761,13 @@ if [ $ENABLE_NC_ACCESS = yes ]; then echo "Jigasi Transcription will be enabled." bash $PWD/jra_nextcloud.sh fi +} > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) #Jigasi Transcript if [ $ENABLE_TRANSCRIPT = yes ]; then echo "Jigasi Transcription will be enabled." bash $PWD/jigasi.sh fi - +{ #Prevent Jibri conecction issue sed -i "/127.0.0.1/a \\ 127.0.0.1 $DOMAIN" /etc/hosts From ab9e30ca1c6c6ff86b641ab82de7a43c1b86bffb Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 3 Jun 2020 05:19:35 -0500 Subject: [PATCH 15/67] Dirty fix for jigasi transcriber --- jigasi.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/jigasi.sh b/jigasi.sh index ceb717e..d201cb2 100644 --- a/jigasi.sh +++ b/jigasi.sh @@ -208,6 +208,15 @@ sed -i "/xmpp.acc.ANONYMOUS_AUTH/ s|# ||" $JIG_SIP_PROP prosodyctl register transcript auth.$DOMAIN jigasi +#Temp fix Jigasi Transcript +if [ grep -x "sleep" /etc/init.d/jicofo ]; then + echo "Jicofo delay already present." + else + echo "Adding Jicofo delay..." + sed -i "/\/lib\/lsb\/init-functions/i sleep 20" /etc/init.d/jicofo + systemctl daemon-reload +fi + systemctl restart prosody \ jicofo \ jibri* \ From a095035271ad1f655561ca8561cad7e9245154a7 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 3 Jun 2020 06:13:06 -0500 Subject: [PATCH 16/67] Fix confitional grep option --- jigasi.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jigasi.sh b/jigasi.sh index d201cb2..e6d0c1d 100644 --- a/jigasi.sh +++ b/jigasi.sh @@ -209,7 +209,7 @@ sed -i "/xmpp.acc.ANONYMOUS_AUTH/ s|# ||" $JIG_SIP_PROP prosodyctl register transcript auth.$DOMAIN jigasi #Temp fix Jigasi Transcript -if [ grep -x "sleep" /etc/init.d/jicofo ]; then +if grep -q "sleep" /etc/init.d/jicofo; then echo "Jicofo delay already present." else echo "Adding Jicofo delay..." From 90c506c2fe268d3ec2d31aadda229f3a924d2e04 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 3 Jun 2020 06:22:16 -0500 Subject: [PATCH 17/67] Prevent word split --- quick_jibri_installer.sh | 54 ++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 8ccbeec..180eeb6 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -290,22 +290,22 @@ do read -p "Set sysadmin email (this is a mandatory field):"$'\n' -r SYSADMIN_EMAIL done #Drop unsecure TLS -while [[ $DROP_TLS1 != yes && $DROP_TLS1 != no ]] +while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]] do read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1 -if [ $DROP_TLS1 = no ]; then +if [ "$DROP_TLS1" = "no" ]; then echo "TLSv1.0/1.1 will remain." -elif [ $DROP_TLS1 = yes ]; then +elif [ "$DROP_TLS1" = "yes" ]; then echo "TLSv1.0/1.1 will be dropped" fi done #SSL LE -while [[ $ENABLE_SSL != yes && $ENABLE_SSL != no ]] +while [[ "$ENABLE_SSL" != "yes" && "$ENABLE_SSL" != "no" ]] do read -p "> Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL -if [ $ENABLE_SSL = no ]; then +if [ "$ENABLE_SSL" = "no" ]; then echo "Please run letsencrypt.sh manually post-installation." -elif [ $ENABLE_SSL = yes ]; then +elif [ "$ENABLE_SSL" = "yes" ]; then echo "SSL will be enabled." fi done @@ -320,12 +320,12 @@ done #fi #done #Brandless Mode -while [[ $ENABLE_BLESSM != yes && $ENABLE_BLESSM != no ]] +while [[ "$ENABLE_BLESSM" != "yes" && "$ENABLE_BLESSM" != "no" ]] do read -p "> Do you want to install customized \"brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM -if [ $ENABLE_BLESSM = no ]; then +if [ "$ENABLE_BLESSM" = "no" ]; then echo "Brandless mode won't be set." -elif [ $ENABLE_BLESSM = yes ]; then +elif [ "$ENABLE_BLESSM" = "yes" ]; then echo "Brandless mode will be set." fi done @@ -339,12 +339,12 @@ This must be a really small word to present one self. Some suggestions might be: yo (Spanish) | je (French) | ich (German)" read -p "Leave empty to use the default one (English): "$'\n' L10N_ME #Welcome Page -while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]] +while [[ "$ENABLE_WELCP" != "yes" && "$ENABLE_WELCP" != "no" ]] do read -p "> Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP -if [ $ENABLE_WELCP = yes ]; then +if [ "$ENABLE_WELCP" = "yes" ]; then echo "Welcome page will be disabled." -elif [ $ENABLE_WELCP = no ]; then +elif [ "$ENABLE_WELCP" = "no" ]; then echo "Welcome page will be enabled." fi done @@ -381,24 +381,24 @@ elif [ "$ENABLE_SC" = "yes" ]; then fi done #Jibri Records Access (JRA) via Nextcloud -while [[ $ENABLE_NC_ACCESS != yes && $ENABLE_NC_ACCESS != no ]] +while [[ "$ENABLE_NC_ACCESS" != "yes" && "$ENABLE_NC_ACCESS" != "no" ]] do read -p "> Do you want to setup Jibri Records Access via Nextcloud: (yes or no) ( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_NC_ACCESS -if [ $ENABLE_NC_ACCESS = no ]; then +if [ "$ENABLE_NC_ACCESS" = "no" ]; then echo "JRA via Nextcloud won't be enabled." -elif [ $ENABLE_NC_ACCESS = yes ]; then +elif [ "$ENABLE_NC_ACCESS" = "yes" ]; then echo "JRA via Nextcloud will be enabled." fi done #Jigasi -while [[ $ENABLE_TRANSCRIPT != yes && $ENABLE_TRANSCRIPT != no ]] +while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] do read -p "> Do you want to setup Jigasi Transcription: (yes or no) ( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_TRANSCRIPT -if [ $ENABLE_TRANSCRIPT = no ]; then +if [ "$ENABLE_TRANSCRIPT" = "no" ]; then echo "Jigasi Transcription won't be enabled." -elif [ $ENABLE_TRANSCRIPT = yes ]; then +elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then echo "Jigasi Transcription will be enabled." fi done @@ -531,7 +531,7 @@ sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\ hiddenDomain: \'recorder.$DOMAIN\',|" $MEET_CONF #Dropbox feature -if [ $ENABLE_DB = "yes" ]; then +if [ "$ENABLE_DB" = "yes" ]; then DB_STR=$(grep -n "dropbox:" $MEET_CONF | cut -d ":" -f1) DB_END=$((DB_STR + 10)) sed -i "$DB_STR,$DB_END{s|// dropbox: {|dropbox: {|}" $MEET_CONF @@ -540,7 +540,7 @@ sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF fi #LocalRecording -if [ $ENABLE_LAR = "yes" ]; then +if [ "$ENABLE_LAR" = "yes" ]; then echo "# Enabling local recording (audio only)." LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1) LR_END=$((LR_STR + 18)) @@ -674,11 +674,11 @@ if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF fi #nginx -tlsv1/1.1 -if [ $DROP_TLS1 = "yes" ] && [ $DIST = "bionic" ];then +if [ "$DROP_TLS1" = "yes" ] && [ "$DIST" = "bionic" ];then echo "Dropping TLSv1/1.1 in favor of v1.3" sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf #sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF -elif [ $DROP_TLS1 = "yes" ] && [ ! $DIST = "bionic" ];then +elif [ "$DROP_TLS1" = "yes" ] && [ ! "$DIST" = "bionic" ];then echo "Only dropping TLSv1/1.1" sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf #sed -i "s|TLSv1 TLSv1.1||" $WS_CONF @@ -727,9 +727,9 @@ sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" $MEET_CONF #Disable/enable welcome page -if [ $ENABLE_WELCP = yes ]; then +if [ "$ENABLE_WELCP" = "yes" ]; then sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" $MEET_CONF -elif [ $ENABLE_WELCP = no ]; then +elif [ "$ENABLE_WELCP" = "no" ]; then sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" $MEET_CONF fi #Set displayname as not required since jibri can't set it up. @@ -751,19 +751,19 @@ else echo "No webserver found please report." fi #Brandless Mode -if [ $ENABLE_BLESSM = yes ]; then +if [ "$ENABLE_BLESSM" = "yes" ]; then echo "Custom brandless mode will be enabled." sed -i "s|ENABLE_BLESSM=.*|ENABLE_BLESSM=\"on\"|" jitsi-updater.sh bash $PWD/jm-bm.sh fi #JRA via Nextcloud -if [ $ENABLE_NC_ACCESS = yes ]; then +if [ "$ENABLE_NC_ACCESS" = "yes" ]; then echo "Jigasi Transcription will be enabled." bash $PWD/jra_nextcloud.sh fi } > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) #Jigasi Transcript -if [ $ENABLE_TRANSCRIPT = yes ]; then +if [ "$ENABLE_TRANSCRIPT" = "yes" ]; then echo "Jigasi Transcription will be enabled." bash $PWD/jigasi.sh fi From c8aa58a7f8bde0f779b97393273b0c51ca00924b Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 17 Jun 2020 17:06:51 -0500 Subject: [PATCH 18/67] Small comment --- jra_nextcloud.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index b546a58..adbf6fc 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -197,6 +197,7 @@ echo "Done! #nginx - configuration cat << NC_NGINX > $NC_NGINX_CONF +#nextcloud config upstream php-handler { #server 127.0.0.1:9000; server unix:/run/php/php${PHPVER}-fpm.sock; From ca9e7e09c27b619024292d5e4b5fc0729e40a546 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 17 Jun 2020 17:07:41 -0500 Subject: [PATCH 19/67] Add virtual modules for hwe kernel --- quick_jibri_installer.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 180eeb6..4baaaf5 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -171,6 +171,7 @@ apt-get -y install \ htop \ letsencrypt \ linux-image-generic-hwe-$(lsb_release -r|awk '{print$2}') \ + linux-modules-extra-virtual-hwe-$(lsb_release -r|awk '{print$2}') \ unzip \ wget From 64a974a62f31237b190ff1da13319fb9ace75b93 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Mon, 29 Jun 2020 02:45:17 -0500 Subject: [PATCH 20/67] Add warning and choise to continue. --- quick_jibri_installer.sh | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 4baaaf5..7f8ce4a 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -141,6 +141,42 @@ echo "$(lsb_release -sc), even when it's compatible and functional. We suggest to use the next (LTS) release, for longer support and security reasons." read -n 1 -s -r -p "Press any key to continue..."$'\n' fi +#Check resources +echo "Verifying System Resources:" +if [ "$(nproc --all)" -lt 4 ];then + echo "Warning: The system do not meet the minimum requirements for Jibri to run." + echo "Warning: We recommend 4 cores/threads for Jibri!" + CPU_MIN="N" +else + echo "CPU Cores/Threads: OK ($(nproc --all))" + CPU_MIN="Y" +fi +### Test RAM size (8GB min) ### +mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') +if [ ${mem_available} -lt 7700000 ]; then + echo "Warning: The system do not meet the minimum requirements for Jibri to run." + echo "Warning: We recommend 8GB RAM for Jibri!" + MEM_MIN="N" +else + echo "Memory: OK ($((mem_available/1024)) MiB)" + MEM_MIN="Y" +fi +if [ $CPU_MIN="Y" ] && [ $MEM_MIN="Y" ];then + echo "All requirements seems meet!" + echo "We hope you have a nice recording/streaming session" +else + echo "Seems CPU/RAM requirements are NOT meet!" + echo "Even when you can use the videconference sessions, we advice to increase the resoruces in order to user Jibri." + while [[ "$CONTINUE_LOW_RES" != "yes" && "$CONTINUE_LOW_RES" != "no" ]] + do + read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_LOW_RES + if [ "$CONTINUE_LOW_RES" = "no" ]; then + echo "See you next time with more resources!..." + elif [ "$CONTINUE_LOW_RES" = "yes" ]; then + echo "Please keep in mind that trying to use Jibri with low resources might fail." + fi + done +fi #Prosody repository echo "Add Prosody repo" if [ "$PROSODY_REPO" = "main" ]; then From 21e094c0bb4f94db233777d20b931afa8d077eae Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Mon, 29 Jun 2020 14:26:03 -0500 Subject: [PATCH 21/67] Add exit option --- quick_jibri_installer.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 7f8ce4a..d9bb3ff 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -172,6 +172,7 @@ else read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_LOW_RES if [ "$CONTINUE_LOW_RES" = "no" ]; then echo "See you next time with more resources!..." + exit elif [ "$CONTINUE_LOW_RES" = "yes" ]; then echo "Please keep in mind that trying to use Jibri with low resources might fail." fi From 1d924e0f1fb3fa34fe204f5ae04287709230d317 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Tue, 30 Jun 2020 01:41:38 -0500 Subject: [PATCH 22/67] Update README.md (cherry picked from commit 8518515b9d2d56b86ba3c8878e15b341854a40b6) --- README.md | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 82e87bc..80f5bbb 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,15 @@ # Quick Jibri Installer Bash installer for Jibri on **\*buntu LTS** based systems using **nginx** as default webserver. +## Usage + +``` +git clone https://github.com/switnet-ltd/quick-jibri-installer +cd quick-jibri-installer +bash quick-jibri-installer.sh +``` +Please check more details on our wiki. + ## Requirements * Clean VM/VPS/Server using Ubuntu LTS * Valid domain with DNS record, **mandatory** for SSL certs via Let's Encrypt. @@ -8,6 +17,13 @@ Bash installer for Jibri on **\*buntu LTS** based systems using **nginx** as def * Minimum recommended for video recording: 8 GB RAM / 2 Cores. * Webcam +### Jigasi Transcript +* SIP account +* Google Cloud Account with Billing setup. +### Jibri Recodings Access via Nextcloud +* Valid domain with DNS record for Nextcloud SSL. + + ## Features * Enabled Session (video) Recording using Jibri * Enabled Jitsi Electron app detection server side. @@ -17,12 +33,6 @@ Bash installer for Jibri on **\*buntu LTS** based systems using **nginx** as def * (New) Customized brandless mode * (New) Improved recurring updater -### Jigasi Transcript -* SIP account -* Google Cloud Account with Billing setup. - -### Jibri Recodings Access via Nextcloud -* Valid domain with DNS record for Nextcloud SSL. ## Optional custom changes * Optional default language From 877b08825570fccc9212ab6dee46a54e03a6f3a0 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Tue, 30 Jun 2020 20:35:53 -0500 Subject: [PATCH 23/67] Move into postgresql as base DB Also delete tmp patch --- files/patch_425_3dty.patch | 24 ---------------------- jra_nextcloud.sh | 41 ++++++++++---------------------------- 2 files changed, 10 insertions(+), 55 deletions(-) delete mode 100644 files/patch_425_3dty.patch diff --git a/files/patch_425_3dty.patch b/files/patch_425_3dty.patch deleted file mode 100644 index e97492c..0000000 --- a/files/patch_425_3dty.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- Compiler.php 2020-03-11 08:52:46.000000000 -0600 -+++ Compiler-fixed.php 2020-04-04 06:56:43.175786008 -0600 -@@ -5211,10 +5211,10 @@ - return new Node\Number(strlen($stringContent), ''); - } - -- protected static $libStrSlice = ['string', 'start-at', 'end-at']; -+ protected static $libStrSlice = ['string', 'start-at', 'end-at:-1']; - protected function libStrSlice($args) - { -- if (isset($args[2]) && $args[2][1] == 0) { -+ if (isset($args[2]) && ! $args[2][1]) { - return static::$nullString; - } - -@@ -5227,7 +5227,7 @@ - $start--; - } - -- $end = (int) $args[2][1]; -+ $end = isset($args[2]) ? (int) $args[2][1] : -1; - $length = $end < 0 ? $end + 1 : ($end > 0 ? $end - $start : $end); - - $string[2] = $length diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index adbf6fc..c314594 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -50,7 +50,7 @@ done DISTRO_RELEASE="$(lsb_release -sc)" DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') PHPVER="7.4" -MDBVER="10.4" +PSGVER="$(apt-cache madison postgresql | head -n1 | awk '{print $3}' | cut -d "+" -f1)" PHP_FPM_DIR="/etc/php/$PHPVER/fpm" PHP_INI="$PHP_FPM_DIR/php.ini" PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf" @@ -86,16 +86,6 @@ if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" = apt-get -yq2 install $1 fi } -add_mariadb() { - if [ "$(dpkg-query -W -f='${Status}' "mariadb-server" 2>/dev/null | grep -c "ok installed")" == "1" ]; then - echo "MariaDB already installed" - else - echo "# Adding MariaDB $MDBVER repository" - apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C74CD1D8 - echo "deb [arch=amd64] http://ftp.ddg.lth.se/mariadb/repo/$MDBVER/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/mariadb.list - apt-get update -q2 - fi -} add_php74() { if [ "$(dpkg-query -W -f='${Status}' "php$PHPVER-fpm" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo "PHP $PHPVER already installed" @@ -107,15 +97,13 @@ add_php74() { fi } #Prevent root folder permission issues -cp $PWD/files/patch_425_3dty.patch /tmp cp $PWD/files/jra-nc-app-ef.json /tmp -exit_ifinstalled mariadb-server +exit_ifinstalled postgresql-$PSGVER ## Install software requirements -# MariaDB -add_mariadb -install_ifnot mariadb-server-$MDBVER +# PostgresSQL +install_ifnot postgresql-$PSGVER # PHP 7.4 add_php74 @@ -129,7 +117,7 @@ apt-get install -y \ php$PHPVER-json \ php$PHPVER-ldap \ php$PHPVER-mbstring \ - php$PHPVER-mysql \ + php$PHPVER-pgsql \ php$PHPVER-soap \ php$PHPVER-xml \ php$PHPVER-xmlrpc \ @@ -182,18 +170,15 @@ systemctl restart php$PHPVER-fpm.service # Create MySQL user #-------------------------------------------------- -echo -e "\n---- Creating the MariaDB User ----" +echo -e "\n---- Creating the PgSQL DB & User ----" -mysql -u root < $NC_NGINX_CONF @@ -377,17 +362,11 @@ mv nextcloud $NC_PATH chown -R www-data:www-data $NC_PATH chmod -R 755 $NC_PATH -if $(dpkg --compare-versions "$NCVERSION" "le" "18.0.3"); then -echo " --> Patching #425 (scssphp/src/Compiler.php)..." -sudo -u www-data patch -d "$NC_PATH/3rdparty/leafo/scssphp/src/" -p0 < /tmp/patch_425_3dty.patch -fi - echo " Database installation... " sudo -u www-data php $NC_PATH/occ maintenance:install \ ---database=mysql \ +--database=pgsql \ --database-name="$NC_DB" \ --database-user="$NC_DB_USER" \ --database-pass="$NC_DB_PASSWD" \ From 9d6de4c312eae7f368e614c6baf92be38da5e3fc Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Tue, 30 Jun 2020 20:54:37 -0500 Subject: [PATCH 24/67] Fix evaluation --- quick_jibri_installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 6acbbf1..c10d2f6 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -161,7 +161,7 @@ else echo "Memory: OK ($((mem_available/1024)) MiB)" MEM_MIN="Y" fi -if [ $CPU_MIN="Y" ] && [ $MEM_MIN="Y" ];then +if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then echo "All requirements seems meet!" echo "We hope you have a nice recording/streaming session" else From 556aa12f47bab90b1dc1dde052b38d812ee34728 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Tue, 30 Jun 2020 21:07:22 -0500 Subject: [PATCH 25/67] Improve system verification notice --- quick_jibri_installer.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index c10d2f6..dedeb56 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -144,8 +144,8 @@ fi #Check resources echo "Verifying System Resources:" if [ "$(nproc --all)" -lt 4 ];then - echo "Warning: The system do not meet the minimum requirements for Jibri to run." - echo "Warning: We recommend 4 cores/threads for Jibri!" + echo "Warning!: The system do not meet the minimum requirements for Jibri to run." + echo ">> We recommend 4 cores/threads for Jibri!" CPU_MIN="N" else echo "CPU Cores/Threads: OK ($(nproc --all))" @@ -154,8 +154,8 @@ fi ### Test RAM size (8GB min) ### mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') if [ ${mem_available} -lt 7700000 ]; then - echo "Warning: The system do not meet the minimum requirements for Jibri to run." - echo "Warning: We recommend 8GB RAM for Jibri!" + echo "Warning!: The system do not meet the minimum requirements for Jibri to run." + echo ">> We recommend 8GB RAM for Jibri!" MEM_MIN="N" else echo "Memory: OK ($((mem_available/1024)) MiB)" @@ -165,7 +165,7 @@ if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then echo "All requirements seems meet!" echo "We hope you have a nice recording/streaming session" else - echo "Seems CPU/RAM requirements are NOT meet!" + echo "CPU ($(nproc --all))/RAM ($((mem_available/1024)) MiB) does NOT meet minimum recommended requirements!" echo "Even when you can use the videconference sessions, we advice to increase the resoruces in order to user Jibri." while [[ "$CONTINUE_LOW_RES" != "yes" && "$CONTINUE_LOW_RES" != "no" ]] do From bb0855d6cbbd7cb2c0bd559df668abae1af8692e Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Tue, 30 Jun 2020 21:11:26 -0500 Subject: [PATCH 26/67] Improve system verification notice2 --- quick_jibri_installer.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index dedeb56..a83ae00 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -144,8 +144,10 @@ fi #Check resources echo "Verifying System Resources:" if [ "$(nproc --all)" -lt 4 ];then - echo "Warning!: The system do not meet the minimum requirements for Jibri to run." - echo ">> We recommend 4 cores/threads for Jibri!" + echo " +Warning!: The system do not meet the minimum requirements for Jibri to run. +>> We recommend 4 cores/threads for Jibri! +" CPU_MIN="N" else echo "CPU Cores/Threads: OK ($(nproc --all))" @@ -154,8 +156,10 @@ fi ### Test RAM size (8GB min) ### mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') if [ ${mem_available} -lt 7700000 ]; then - echo "Warning!: The system do not meet the minimum requirements for Jibri to run." - echo ">> We recommend 8GB RAM for Jibri!" + echo " +Warning!: The system do not meet the minimum requirements for Jibri to run. +>> We recommend 8GB RAM for Jibri! +" MEM_MIN="N" else echo "Memory: OK ($((mem_available/1024)) MiB)" From 1326e1767d4861984c7e2f4dd01916a277e8cc0d Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Tue, 30 Jun 2020 21:16:51 -0500 Subject: [PATCH 27/67] Define system asset --- quick_jibri_installer.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index a83ae00..5bb9b35 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -145,7 +145,7 @@ fi echo "Verifying System Resources:" if [ "$(nproc --all)" -lt 4 ];then echo " -Warning!: The system do not meet the minimum requirements for Jibri to run. +Warning!: The system do not meet the minimum CPU requirements for Jibri to run. >> We recommend 4 cores/threads for Jibri! " CPU_MIN="N" @@ -157,7 +157,7 @@ fi mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') if [ ${mem_available} -lt 7700000 ]; then echo " -Warning!: The system do not meet the minimum requirements for Jibri to run. +Warning!: The system do not meet the minimum RAM requirements for Jibri to run. >> We recommend 8GB RAM for Jibri! " MEM_MIN="N" From 6646665066cf0ee3c728b6f397fa98f5d8e89ee8 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Tue, 30 Jun 2020 21:41:31 -0500 Subject: [PATCH 28/67] Make add prosody repo a function Leave it out --- quick_jibri_installer.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 5bb9b35..1978850 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -101,7 +101,15 @@ fi var_dlim() { grep -n $1 add-jibri-node.sh|head -n1|cut -d ":" -f1 } - +add_prosody_repo() { +echo "Add Prosody repo" +if [ "$PROSODY_REPO" = "main" ]; then + echo "Prosody repository already installed" +else + echo "deb http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list + wget -qO - https://prosody.im/files/prosody-debian-packages.key | apt-key add - +fi +} clear echo ' ######################################################################## @@ -183,13 +191,7 @@ else done fi #Prosody repository -echo "Add Prosody repo" -if [ "$PROSODY_REPO" = "main" ]; then - echo "Prosody repository already installed" -else - echo "deb http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list - wget -qO - https://prosody.im/files/prosody-debian-packages.key | apt-key add - -fi +#add_prosody_repo # Jitsi-Meet Repo echo "Add Jitsi repo" if [ "$JITSI_REPO" = "unstable" ]; then From 9f6c929e45e96e79db439b98f42d39465b383a4a Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Wed, 1 Jul 2020 15:23:08 -0500 Subject: [PATCH 29/67] Fisrt draft on grafana --- grafana.sh | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 grafana.sh diff --git a/grafana.sh b/grafana.sh new file mode 100644 index 0000000..b7bb485 --- /dev/null +++ b/grafana.sh @@ -0,0 +1,113 @@ +#!/bin/bash +# Grafana Installer +# Based on: +# https://community.jitsi.org/t/how-to-to-setup-grafana-dashboards-to-monitor-jitsi-my-comprehensive-tutorial-for-the-beginner/ +# by Woodworker_Life +# Woodworker_Life © - 2020 +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. + +MAIN_TEL="/etc/telegraf/telegraf.conf" +TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" +PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" + +# +apt update && apt install -y gnupg2 curl wget +wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - +echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list +apt update && apt install influxdb -y +systemctl enable --now influxdb +systemctl status influxdb + +# +curl -s https://packages.grafana.com/gpg.key | sudo apt-key add - +add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" +apt update && apt install grafana -y +systemctl enable --now grafana-server +systemctl status grafana-server + +# +wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - +echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list +apt update && apt install telegraf -y +mv /etc/telegraf/telegraf.conf /etc/telegraf/telegraf.conf.original + +cat << TELEGRAF > $MAIN_TEL +[global_tags] + +############################################################################### +# GLOBAL # +############################################################################### + +[agent] + interval = "10s" + debug = false + hostname = "localhost" + round_interval = true + flush_interval = "10s" + flush_jitter = "0s" + collection_jitter = "0s" + metric_batch_size = 1000 + metric_buffer_limit = 10000 + quiet = false + logfile = "" + omit_hostname = false + +TELEGRAF + +cat << JITSI_TELEGRAF > $TEL_JIT +############################################################################### +# INPUTS # +############################################################################### + +[[inputs.http]] + name_override = "jitsi_stats" + urls = [ + "http://localhost:8080/colibri/stats" + ] + + data_format = "json" + +############################################################################### +# OUTPUTS # +############################################################################### + +[[outputs.influxdb]] + urls = ["http://localhost:8086"] + database = "jitsi" + timeout = "0s" + retention_policy = "" + +JITSI_TELEGRAF + +systemctl enable --now telegraf +systemctl status telegraf + + +sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"" /etc/jitsi/videobridge/config +sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties + +systemctl restart jitsi-videobridge2 + +# Create InfluxDB datasource +curl 'http://admin:admin@localhost:3000/api/datasources' -X \ +POST -H 'Content-Type: application/json;charset=UTF-8' \ +--data-binary \ +'{"name":"InfluxDB","type":"datasource","url":"http://localhost","access":"proxy","isDefault":true,"database":"jitsi"}' + +# Add Grafana Dashboard +### Please edit grafana_* variables to match your Grafana setup: +grafana_host="http://localhost:3000" +grafana_cred="admin:admin" +grafana_datasource="jitsi" +ds=(11969); +for d in "${ds[@]}"; do + echo -n "Processing $d: " + j=$(curl -s -k -u "$grafana_cred" $grafana_host/api/gnet/dashboards/$d | jq .json) + curl -s -k -u "$grafana_cred" -XPOST -H "Accept: application/json" \ + -H "Content-Type: application/json" \ + -d "{\"dashboard\":$j,\"overwrite\":true, \ + \"inputs\":[{\"name\":\"DS_INFLUXDB\",\"type\":\"datasource\", \ + \"pluginId\":\"influxdb\",\"value\":\"$grafana_datasource\"}]}" \ + $grafana_host/api/dashboards/import; echo "" +done From 022ecfeed7ad56855003cee57454e4112255ff0f Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Wed, 1 Jul 2020 16:53:42 -0500 Subject: [PATCH 30/67] Fix several small issues --- grafana.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/grafana.sh b/grafana.sh index b7bb485..d40a1dc 100644 --- a/grafana.sh +++ b/grafana.sh @@ -11,22 +11,24 @@ MAIN_TEL="/etc/telegraf/telegraf.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" -# -apt update && apt install -y gnupg2 curl wget +# Min requirements +apt update && apt install -y gnupg2 curl wget jq + +# InfluxDB Repo wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list apt update && apt install influxdb -y systemctl enable --now influxdb systemctl status influxdb -# +# Grafana Repo curl -s https://packages.grafana.com/gpg.key | sudo apt-key add - add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" apt update && apt install grafana -y systemctl enable --now grafana-server systemctl status grafana-server -# +# Telegraf Repo wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list apt update && apt install telegraf -y @@ -84,7 +86,7 @@ systemctl enable --now telegraf systemctl status telegraf -sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"" /etc/jitsi/videobridge/config +sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobridge/config sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties systemctl restart jitsi-videobridge2 @@ -93,7 +95,7 @@ systemctl restart jitsi-videobridge2 curl 'http://admin:admin@localhost:3000/api/datasources' -X \ POST -H 'Content-Type: application/json;charset=UTF-8' \ --data-binary \ -'{"name":"InfluxDB","type":"datasource","url":"http://localhost","access":"proxy","isDefault":true,"database":"jitsi"}' +'{"name":"InfluxDB","type":"influxdb","url":"http://localhost","access":"proxy","isDefault":true,"database":"jitsi"}' # Add Grafana Dashboard ### Please edit grafana_* variables to match your Grafana setup: From 4080043df08e78d8775ff496abc3428db517d7ae Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Wed, 1 Jul 2020 16:59:00 -0500 Subject: [PATCH 31/67] Add entry URL for Grafana --- grafana.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/grafana.sh b/grafana.sh index d40a1dc..984caf9 100644 --- a/grafana.sh +++ b/grafana.sh @@ -113,3 +113,5 @@ for d in "${ds[@]}"; do \"pluginId\":\"influxdb\",\"value\":\"$grafana_datasource\"}]}" \ $grafana_host/api/dashboards/import; echo "" done + +echo "Go check on http://$PUBLIC_IP:3000 to review configuration and dashboards." From ce0b04a7ecabea919ec1a36adf5df4bc209fba92 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Wed, 1 Jul 2020 17:58:37 -0500 Subject: [PATCH 32/67] Jet again more small fixes --- grafana.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grafana.sh b/grafana.sh index 984caf9..2c3b57d 100644 --- a/grafana.sh +++ b/grafana.sh @@ -95,13 +95,13 @@ systemctl restart jitsi-videobridge2 curl 'http://admin:admin@localhost:3000/api/datasources' -X \ POST -H 'Content-Type: application/json;charset=UTF-8' \ --data-binary \ -'{"name":"InfluxDB","type":"influxdb","url":"http://localhost","access":"proxy","isDefault":true,"database":"jitsi"}' +'{"name":"InfluxDB","type":"influxdb","url":"http://localhost:8086","access":"proxy","isDefault":true,"database":"jitsi"}' # Add Grafana Dashboard ### Please edit grafana_* variables to match your Grafana setup: grafana_host="http://localhost:3000" grafana_cred="admin:admin" -grafana_datasource="jitsi" +grafana_datasource="InfluxDB" ds=(11969); for d in "${ds[@]}"; do echo -n "Processing $d: " From 44364927d79f6c3bd37c876af081fba6c51603c1 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Thu, 2 Jul 2020 12:48:09 -0500 Subject: [PATCH 33/67] Testing securing admin passwd --- grafana.sh | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/grafana.sh b/grafana.sh index 2c3b57d..1b7356b 100644 --- a/grafana.sh +++ b/grafana.sh @@ -4,11 +4,14 @@ # https://community.jitsi.org/t/how-to-to-setup-grafana-dashboards-to-monitor-jitsi-my-comprehensive-tutorial-for-the-beginner/ # by Woodworker_Life # Woodworker_Life © - 2020 +# Jitsi Metrics - Grafana dashboard by mephisto +# https://grafana.com/grafana/dashboards/11969 # SwITNet Ltd © - 2020, https://switnet.net/ # GPLv3 or later. MAIN_TEL="/etc/telegraf/telegraf.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" +GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" # Min requirements @@ -85,22 +88,28 @@ JITSI_TELEGRAF systemctl enable --now telegraf systemctl status telegraf - +# Setup videobridge options sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobridge/config sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties - systemctl restart jitsi-videobridge2 +# Grafana Setup +# Reset Grafana admin password +curl -X PUT -H "Content-Type: application/json" -d '{ + "oldPassword": "admin", + "newPassword": "$GRAFANA_PASS", + "confirmNew": "$GRAFANA_PASS" +}' http://admin:admin@localhost:3000/api/user/password + # Create InfluxDB datasource -curl 'http://admin:admin@localhost:3000/api/datasources' -X \ +curl 'http://admin:$GRAFANA_PASS@localhost:3000/api/datasources' -X \ POST -H 'Content-Type: application/json;charset=UTF-8' \ --data-binary \ '{"name":"InfluxDB","type":"influxdb","url":"http://localhost:8086","access":"proxy","isDefault":true,"database":"jitsi"}' # Add Grafana Dashboard -### Please edit grafana_* variables to match your Grafana setup: grafana_host="http://localhost:3000" -grafana_cred="admin:admin" +grafana_cred="admin:$GRAFANA_PASS" grafana_datasource="InfluxDB" ds=(11969); for d in "${ds[@]}"; do @@ -114,4 +123,6 @@ for d in "${ds[@]}"; do $grafana_host/api/dashboards/import; echo "" done -echo "Go check on http://$PUBLIC_IP:3000 to review configuration and dashboards." +echo " +Go check on http://$PUBLIC_IP:3000 to review configuration and dashboards. +" From c766cb2b54e242fd0f5eb686b7871df12f0b7f81 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 04:21:23 -0500 Subject: [PATCH 34/67] Avoid single quotes on variable --- grafana.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana.sh b/grafana.sh index 1b7356b..f60a858 100644 --- a/grafana.sh +++ b/grafana.sh @@ -102,7 +102,7 @@ curl -X PUT -H "Content-Type: application/json" -d '{ }' http://admin:admin@localhost:3000/api/user/password # Create InfluxDB datasource -curl 'http://admin:$GRAFANA_PASS@localhost:3000/api/datasources' -X \ +curl "http://admin:$GRAFANA_PASS@localhost:3000/api/datasources" -X \ POST -H 'Content-Type: application/json;charset=UTF-8' \ --data-binary \ '{"name":"InfluxDB","type":"influxdb","url":"http://localhost:8086","access":"proxy","isDefault":true,"database":"jitsi"}' From f69dbbf2e5216b6bd3cb9773c070c843eaf1262c Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 04:24:08 -0500 Subject: [PATCH 35/67] Show grafana credentials to finish script. --- grafana.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/grafana.sh b/grafana.sh index f60a858..e20f901 100644 --- a/grafana.sh +++ b/grafana.sh @@ -125,4 +125,8 @@ done echo " Go check on http://$PUBLIC_IP:3000 to review configuration and dashboards. +User: admin +Password: $GRAFANA_PASS + +Please save it somewhere safe. " From fb00d603e663442d1176d7c2995b2ac08aa0e188 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 04:27:15 -0500 Subject: [PATCH 36/67] Add comments on installer --- grafana.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/grafana.sh b/grafana.sh index e20f901..02c9a32 100644 --- a/grafana.sh +++ b/grafana.sh @@ -17,26 +17,27 @@ PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" # Min requirements apt update && apt install -y gnupg2 curl wget jq -# InfluxDB Repo +echo "# Setup InfluxDB Packages" wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list apt update && apt install influxdb -y systemctl enable --now influxdb systemctl status influxdb -# Grafana Repo +echo "# Setup Grafana Packages" curl -s https://packages.grafana.com/gpg.key | sudo apt-key add - add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" apt update && apt install grafana -y systemctl enable --now grafana-server systemctl status grafana-server -# Telegraf Repo +echo "# Setup Telegraf Packages" wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list apt update && apt install telegraf -y mv /etc/telegraf/telegraf.conf /etc/telegraf/telegraf.conf.original +echo "# Setup Telegraf config files" cat << TELEGRAF > $MAIN_TEL [global_tags] @@ -88,12 +89,12 @@ JITSI_TELEGRAF systemctl enable --now telegraf systemctl status telegraf -# Setup videobridge options +echo "# Setup videobridge options" sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobridge/config sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties systemctl restart jitsi-videobridge2 -# Grafana Setup +echo "# Setup Grafana credentials." # Reset Grafana admin password curl -X PUT -H "Content-Type: application/json" -d '{ "oldPassword": "admin", @@ -101,13 +102,13 @@ curl -X PUT -H "Content-Type: application/json" -d '{ "confirmNew": "$GRAFANA_PASS" }' http://admin:admin@localhost:3000/api/user/password -# Create InfluxDB datasource +echo "# Create InfluxDB datasource" curl "http://admin:$GRAFANA_PASS@localhost:3000/api/datasources" -X \ POST -H 'Content-Type: application/json;charset=UTF-8' \ --data-binary \ '{"name":"InfluxDB","type":"influxdb","url":"http://localhost:8086","access":"proxy","isDefault":true,"database":"jitsi"}' -# Add Grafana Dashboard +echo "# Add Grafana Dashboard" grafana_host="http://localhost:3000" grafana_cred="admin:$GRAFANA_PASS" grafana_datasource="InfluxDB" From 40f78f14772c2afe28876fd2d3f64ca0511546f7 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 05:05:59 -0500 Subject: [PATCH 37/67] Yet again double quotes variable issue --- grafana.sh | 48 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 14 deletions(-) diff --git a/grafana.sh b/grafana.sh index 02c9a32..05bf1fb 100644 --- a/grafana.sh +++ b/grafana.sh @@ -17,27 +17,35 @@ PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" # Min requirements apt update && apt install -y gnupg2 curl wget jq -echo "# Setup InfluxDB Packages" +echo " +# Setup InfluxDB Packages +" wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list apt update && apt install influxdb -y systemctl enable --now influxdb systemctl status influxdb -echo "# Setup Grafana Packages" +echo " +# Setup Grafana Packages +" curl -s https://packages.grafana.com/gpg.key | sudo apt-key add - add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" apt update && apt install grafana -y systemctl enable --now grafana-server systemctl status grafana-server -echo "# Setup Telegraf Packages" +echo " +# Setup Telegraf Packages +" wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list apt update && apt install telegraf -y mv /etc/telegraf/telegraf.conf /etc/telegraf/telegraf.conf.original -echo "# Setup Telegraf config files" +echo " +# Setup Telegraf config files +" cat << TELEGRAF > $MAIN_TEL [global_tags] @@ -86,29 +94,41 @@ cat << JITSI_TELEGRAF > $TEL_JIT JITSI_TELEGRAF -systemctl enable --now telegraf +systemctl enable telegraf +systemctl restart telegraf systemctl status telegraf -echo "# Setup videobridge options" +echo " +# Setup videobridge options +" sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobridge/config sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties systemctl restart jitsi-videobridge2 -echo "# Setup Grafana credentials." +echo " +# Setup Grafana credentials. +" # Reset Grafana admin password -curl -X PUT -H "Content-Type: application/json" -d '{ - "oldPassword": "admin", - "newPassword": "$GRAFANA_PASS", - "confirmNew": "$GRAFANA_PASS" -}' http://admin:admin@localhost:3000/api/user/password +#grafana-cli admin reset-admin-password $GRAFANA_PASS +set -x +curl -X PUT -H "Content-Type: application/json" -d "{ + \"oldPassword\": \"admin\", + \"newPassword\": \"$GRAFANA_PASS\", + \"confirmNew\": \"$GRAFANA_PASS\" +}" http://admin:admin@localhost:3000/api/user/password +set +x -echo "# Create InfluxDB datasource" +echo " +# Create InfluxDB datasource +" curl "http://admin:$GRAFANA_PASS@localhost:3000/api/datasources" -X \ POST -H 'Content-Type: application/json;charset=UTF-8' \ --data-binary \ '{"name":"InfluxDB","type":"influxdb","url":"http://localhost:8086","access":"proxy","isDefault":true,"database":"jitsi"}' -echo "# Add Grafana Dashboard" +echo " +# Add Grafana Dashboard +" grafana_host="http://localhost:3000" grafana_cred="admin:$GRAFANA_PASS" grafana_datasource="InfluxDB" From c2e50eebeeb8a3b7468ec5cb92f32d0b55faddd8 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 07:15:34 -0500 Subject: [PATCH 38/67] Secure grafana under jitsi SSL domain --- grafana.sh | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/grafana.sh b/grafana.sh index 05bf1fb..963ee8a 100644 --- a/grafana.sh +++ b/grafana.sh @@ -11,6 +11,9 @@ MAIN_TEL="/etc/telegraf/telegraf.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" +GRAFANA_INI="/etc/grafana/grafana.ini" +DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') +WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf" GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" @@ -105,18 +108,36 @@ sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobr sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties systemctl restart jitsi-videobridge2 +echo " +# Setup Grafana nginx domain +" +sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI +sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI +sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI +sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI +sed -i "s|;enforce_domain =.*|enforce_domain = true|" $GRAFANA_INI +sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI +sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI +systemctl restart grafana-server + +if [ -f $WS_CONF ]; then + sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF + sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" $WS_CONF + sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF + systemctl reload nginx +else + echo "No app configuration done to server file, please report to: + -> https://github.com/switnet-ltd/quick-jibri-installer/issues" +fi + echo " # Setup Grafana credentials. " -# Reset Grafana admin password -#grafana-cli admin reset-admin-password $GRAFANA_PASS -set -x curl -X PUT -H "Content-Type: application/json" -d "{ \"oldPassword\": \"admin\", \"newPassword\": \"$GRAFANA_PASS\", \"confirmNew\": \"$GRAFANA_PASS\" }" http://admin:admin@localhost:3000/api/user/password -set +x echo " # Create InfluxDB datasource @@ -145,9 +166,13 @@ for d in "${ds[@]}"; do done echo " -Go check on http://$PUBLIC_IP:3000 to review configuration and dashboards. +Go check: + http://$DOMAIN/grafana/ +(emphasis on the trailing \"/\") to review configuration and dashboards. + User: admin Password: $GRAFANA_PASS Please save it somewhere safe. " +read -n 1 -s -r -p "Press any key to continue..."$'\n' From 3f244ef9780071845aba2f26e19c3a2993fa07a9 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 07:17:15 -0500 Subject: [PATCH 39/67] Remove unused variable --- grafana.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/grafana.sh b/grafana.sh index 963ee8a..d0badb4 100644 --- a/grafana.sh +++ b/grafana.sh @@ -15,7 +15,6 @@ GRAFANA_INI="/etc/grafana/grafana.ini" DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf" GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" -PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" # Min requirements apt update && apt install -y gnupg2 curl wget jq From 266d625dae415052cbc040b31972ae74d46c515f Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 07:23:24 -0500 Subject: [PATCH 40/67] Integrate Grafana Dashboard to Quick Jibri Installer --- quick_jibri_installer.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 1978850..d6a3abc 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -462,6 +462,17 @@ elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then echo "Jigasi Transcription will be enabled." fi done +#Grafana +while [[ "$ENABLE_GRAFANA_DSH" != "yes" && "$ENABLE_GRAFANA_DSH" != "no" ]] +do +read -p "> Do you want to setup Grafana Dashboard: (yes or no) +( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_GRAFANA_DSH +if [ "$ENABLE_GRAFANA_DSH" = "no" ]; then + echo "Grafana Dashboard won't be enabled." +elif [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then + echo "Grafana Dashboard will be enabled." +fi +done #Start configuration echo ' ######################################################################## @@ -828,6 +839,11 @@ if [ "$ENABLE_TRANSCRIPT" = "yes" ]; then bash $PWD/jigasi.sh fi { +#Grafana Dashboard +if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then + echo "Grafana Dashboard will be enabled." + bash $PWD/grafana.sh +fi #Prevent Jibri conecction issue sed -i "/127.0.0.1/a \\ 127.0.0.1 $DOMAIN" /etc/hosts From 41ab33c5fe2bf5c6a3d2988f48bc24b311ef143b Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 07:56:42 -0500 Subject: [PATCH 41/67] Tune protocol on URL --- grafana.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/grafana.sh b/grafana.sh index d0badb4..6ab9491 100644 --- a/grafana.sh +++ b/grafana.sh @@ -114,7 +114,7 @@ sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI -sed -i "s|;enforce_domain =.*|enforce_domain = true|" $GRAFANA_INI +sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI systemctl restart grafana-server @@ -123,7 +123,8 @@ if [ -f $WS_CONF ]; then sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" $WS_CONF sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF - systemctl reload nginx + sed -i "/Anything that didn't match above/i \\\n" $WS_CONF + systemctl restart nginx else echo "No app configuration done to server file, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues" @@ -136,12 +137,12 @@ curl -X PUT -H "Content-Type: application/json" -d "{ \"oldPassword\": \"admin\", \"newPassword\": \"$GRAFANA_PASS\", \"confirmNew\": \"$GRAFANA_PASS\" -}" http://admin:admin@localhost:3000/api/user/password +}" http://admin:admin@http://localhost:3000/api/user/password echo " # Create InfluxDB datasource " -curl "http://admin:$GRAFANA_PASS@localhost:3000/api/datasources" -X \ +curl "http://admin:$GRAFANA_PASS@http://localhost:3000/api/datasources" -X \ POST -H 'Content-Type: application/json;charset=UTF-8' \ --data-binary \ '{"name":"InfluxDB","type":"influxdb","url":"http://localhost:8086","access":"proxy","isDefault":true,"database":"jitsi"}' @@ -166,7 +167,9 @@ done echo " Go check: - http://$DOMAIN/grafana/ + +>> http://$DOMAIN/grafana/ + (emphasis on the trailing \"/\") to review configuration and dashboards. User: admin From a748bc8b7522bcb2cb0ef13300029baca012f984 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 08:53:15 -0500 Subject: [PATCH 42/67] Rearrange format --- grafana.sh | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/grafana.sh b/grafana.sh index 6ab9491..d9751f5 100644 --- a/grafana.sh +++ b/grafana.sh @@ -14,7 +14,7 @@ TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" GRAFANA_INI="/etc/grafana/grafana.ini" DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf" -GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" +GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*" < /dev/urandom | fold -w 14 | head -n1)" # Min requirements apt update && apt install -y gnupg2 curl wget jq @@ -25,7 +25,7 @@ echo " wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list apt update && apt install influxdb -y -systemctl enable --now influxdb +systemctl enable influxdb systemctl status influxdb echo " @@ -34,7 +34,7 @@ echo " curl -s https://packages.grafana.com/gpg.key | sudo apt-key add - add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" apt update && apt install grafana -y -systemctl enable --now grafana-server +systemctl enable grafana-server systemctl status grafana-server echo " @@ -137,15 +137,21 @@ curl -X PUT -H "Content-Type: application/json" -d "{ \"oldPassword\": \"admin\", \"newPassword\": \"$GRAFANA_PASS\", \"confirmNew\": \"$GRAFANA_PASS\" -}" http://admin:admin@http://localhost:3000/api/user/password +}" http://admin:admin@localhost:3000/api/user/password echo " # Create InfluxDB datasource " -curl "http://admin:$GRAFANA_PASS@http://localhost:3000/api/datasources" -X \ -POST -H 'Content-Type: application/json;charset=UTF-8' \ ---data-binary \ -'{"name":"InfluxDB","type":"influxdb","url":"http://localhost:8086","access":"proxy","isDefault":true,"database":"jitsi"}' +curl -X \ +POST -H 'Content-Type: application/json;charset=UTF-8' -d \ +'{ + "name":"InfluxDB", + "type":"influxdb", + "url":"http://localhost:8086", + "access":"proxy", + "isDefault":true, + "database":"jitsi" +}' http://admin:$GRAFANA_PASS@localhost:3000/api/datasources echo " # Add Grafana Dashboard From 457f75ecb195ccd69208b127064ee4d879d0db90 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 08:55:29 -0500 Subject: [PATCH 43/67] add debug mode --- grafana.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/grafana.sh b/grafana.sh index d9751f5..e281b67 100644 --- a/grafana.sh +++ b/grafana.sh @@ -9,6 +9,20 @@ # SwITNet Ltd © - 2020, https://switnet.net/ # GPLv3 or later. +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo ./grafana.sh [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + MAIN_TEL="/etc/telegraf/telegraf.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" GRAFANA_INI="/etc/grafana/grafana.ini" @@ -138,6 +152,7 @@ curl -X PUT -H "Content-Type: application/json" -d "{ \"newPassword\": \"$GRAFANA_PASS\", \"confirmNew\": \"$GRAFANA_PASS\" }" http://admin:admin@localhost:3000/api/user/password +read -n 1 -s -r -p "Press any key to continue..."$'\n' echo " # Create InfluxDB datasource @@ -152,6 +167,7 @@ POST -H 'Content-Type: application/json;charset=UTF-8' -d \ "isDefault":true, "database":"jitsi" }' http://admin:$GRAFANA_PASS@localhost:3000/api/datasources +read -n 1 -s -r -p "Press any key to continue..."$'\n' echo " # Add Grafana Dashboard @@ -170,6 +186,7 @@ for d in "${ds[@]}"; do \"pluginId\":\"influxdb\",\"value\":\"$grafana_datasource\"}]}" \ $grafana_host/api/dashboards/import; echo "" done +read -n 1 -s -r -p "Press any key to continue..."$'\n' echo " Go check: From 107d98b37f1bd0d96aeacd0a8016b87dfdd84704 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 09:14:07 -0500 Subject: [PATCH 44/67] Fix serve from sub_path Grafana option. Working! --- grafana.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/grafana.sh b/grafana.sh index e281b67..a52b098 100644 --- a/grafana.sh +++ b/grafana.sh @@ -151,8 +151,7 @@ curl -X PUT -H "Content-Type: application/json" -d "{ \"oldPassword\": \"admin\", \"newPassword\": \"$GRAFANA_PASS\", \"confirmNew\": \"$GRAFANA_PASS\" -}" http://admin:admin@localhost:3000/api/user/password -read -n 1 -s -r -p "Press any key to continue..."$'\n' +}" http://admin:admin@localhost:3000/grafana/api/user/password echo " # Create InfluxDB datasource @@ -166,13 +165,12 @@ POST -H 'Content-Type: application/json;charset=UTF-8' -d \ "access":"proxy", "isDefault":true, "database":"jitsi" -}' http://admin:$GRAFANA_PASS@localhost:3000/api/datasources -read -n 1 -s -r -p "Press any key to continue..."$'\n' +}' http://admin:$GRAFANA_PASS@localhost:3000/grafana/api/datasources echo " # Add Grafana Dashboard " -grafana_host="http://localhost:3000" +grafana_host="http://localhost:3000/grafana" grafana_cred="admin:$GRAFANA_PASS" grafana_datasource="InfluxDB" ds=(11969); @@ -186,7 +184,6 @@ for d in "${ds[@]}"; do \"pluginId\":\"influxdb\",\"value\":\"$grafana_datasource\"}]}" \ $grafana_host/api/dashboards/import; echo "" done -read -n 1 -s -r -p "Press any key to continue..."$'\n' echo " Go check: From 4141feec39e816e1c7282917bb0116170d3b3425 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 11:48:58 -0500 Subject: [PATCH 45/67] Set importance question --- quick_jibri_installer.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index d6a3abc..18b441a 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -331,6 +331,11 @@ LE_RENEW_LOG="/var/log/letsencrypt/renew.log" MOD_LISTU="https://prosody.im/files/mod_listusers.lua" MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" ENABLE_SA="yes" +#Sysadmin email +while [[ -z $SYSADMIN_EMAIL ]] +do +read -p "Set sysadmin email (this is a mandatory field):"$'\n' -r SYSADMIN_EMAIL +done #Language echo "## Setting up Jitsi Meet language ## You can define the language, for a complete list of the supported languages @@ -341,10 +346,6 @@ https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json Jitsi Meet web interface will be set to use such language. " read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r LANG -while [[ -z $SYSADMIN_EMAIL ]] -do -read -p "Set sysadmin email (this is a mandatory field):"$'\n' -r SYSADMIN_EMAIL -done #Drop unsecure TLS while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]] do From ae70c60700dd3afc80e693109f96051a52bef6dd Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 13:26:33 -0500 Subject: [PATCH 46/67] add systemclt function 4 services --- grafana.sh | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/grafana.sh b/grafana.sh index a52b098..316feac 100644 --- a/grafana.sh +++ b/grafana.sh @@ -23,6 +23,11 @@ if [ "$MODE" = "debug" ]; then set -x fi +run_service() { +systemclt enable $1 +systemctl restart $1 +systemctl status $1 +} MAIN_TEL="/etc/telegraf/telegraf.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" GRAFANA_INI="/etc/grafana/grafana.ini" @@ -39,8 +44,7 @@ echo " wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list apt update && apt install influxdb -y -systemctl enable influxdb -systemctl status influxdb +run_service influxdb echo " # Setup Grafana Packages @@ -48,8 +52,7 @@ echo " curl -s https://packages.grafana.com/gpg.key | sudo apt-key add - add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" apt update && apt install grafana -y -systemctl enable grafana-server -systemctl status grafana-server +run_service grafana-server echo " # Setup Telegraf Packages @@ -110,9 +113,7 @@ cat << JITSI_TELEGRAF > $TEL_JIT JITSI_TELEGRAF -systemctl enable telegraf -systemctl restart telegraf -systemctl status telegraf +run_service telegraf echo " # Setup videobridge options @@ -132,6 +133,7 @@ sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI systemctl restart grafana-server +systemctl status grafana-server if [ -f $WS_CONF ]; then sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF @@ -151,7 +153,7 @@ curl -X PUT -H "Content-Type: application/json" -d "{ \"oldPassword\": \"admin\", \"newPassword\": \"$GRAFANA_PASS\", \"confirmNew\": \"$GRAFANA_PASS\" -}" http://admin:admin@localhost:3000/grafana/api/user/password +}" http://admin:admin@localhost:3000/api/user/password echo " # Create InfluxDB datasource @@ -165,12 +167,12 @@ POST -H 'Content-Type: application/json;charset=UTF-8' -d \ "access":"proxy", "isDefault":true, "database":"jitsi" -}' http://admin:$GRAFANA_PASS@localhost:3000/grafana/api/datasources +}' http://admin:$GRAFANA_PASS@localhost:3000/api/datasources echo " # Add Grafana Dashboard " -grafana_host="http://localhost:3000/grafana" +grafana_host="http://localhost:3000" grafana_cred="admin:$GRAFANA_PASS" grafana_datasource="InfluxDB" ds=(11969); From 0ce43a7e509b690d975fc7b11a742b2955767c11 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 14:26:10 -0500 Subject: [PATCH 47/67] Clean format --- grafana.sh | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/grafana.sh b/grafana.sh index 316feac..52ef0e1 100644 --- a/grafana.sh +++ b/grafana.sh @@ -133,7 +133,6 @@ sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI systemctl restart grafana-server -systemctl status grafana-server if [ -f $WS_CONF ]; then sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF @@ -149,11 +148,12 @@ fi echo " # Setup Grafana credentials. " -curl -X PUT -H "Content-Type: application/json" -d "{ +curl -X PUT -H "Content-Type: application/json;charset=UTF-8" -d \ +"{ \"oldPassword\": \"admin\", \"newPassword\": \"$GRAFANA_PASS\", \"confirmNew\": \"$GRAFANA_PASS\" -}" http://admin:admin@localhost:3000/api/user/password +}" http://admin:admin@localhost:3000/api/user/password; echo "" echo " # Create InfluxDB datasource @@ -161,13 +161,13 @@ echo " curl -X \ POST -H 'Content-Type: application/json;charset=UTF-8' -d \ '{ - "name":"InfluxDB", - "type":"influxdb", - "url":"http://localhost:8086", - "access":"proxy", - "isDefault":true, - "database":"jitsi" -}' http://admin:$GRAFANA_PASS@localhost:3000/api/datasources + "name": "InfluxDB", + "type": "influxdb", + "url": "http://localhost:8086", + "access": "proxy", + "isDefault": true, + "database": "jitsi" +}' http://admin:$GRAFANA_PASS@localhost:3000/api/datasources; echo "" echo " # Add Grafana Dashboard @@ -181,10 +181,16 @@ for d in "${ds[@]}"; do j=$(curl -s -k -u "$grafana_cred" $grafana_host/api/gnet/dashboards/$d | jq .json) curl -s -k -u "$grafana_cred" -XPOST -H "Accept: application/json" \ -H "Content-Type: application/json" \ - -d "{\"dashboard\":$j,\"overwrite\":true, \ - \"inputs\":[{\"name\":\"DS_INFLUXDB\",\"type\":\"datasource\", \ - \"pluginId\":\"influxdb\",\"value\":\"$grafana_datasource\"}]}" \ - $grafana_host/api/dashboards/import; echo "" + -d "{ + \"dashboard\": $j, + \"overwrite\": true, + \"inputs\": [{ + \"name\": \"DS_INFLUXDB\", + \"type\": \"datasource\", + \"pluginId\": \"influxdb\", + \"value\": \"$grafana_datasource\" + }] + }" $grafana_host/api/dashboards/import; echo "" done echo " From c6db5009409aa33aa27aeaba7ac1a42cdd01001a Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 14:57:37 -0500 Subject: [PATCH 48/67] Improve and prevent password characters break curl sent data Set head notice --- grafana.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/grafana.sh b/grafana.sh index 52ef0e1..2e11a54 100644 --- a/grafana.sh +++ b/grafana.sh @@ -23,6 +23,18 @@ if [ "$MODE" = "debug" ]; then set -x fi +if ! [ $(id -u) = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi + +clear +echo ' +######################################################################## + Grafana Dashboard addon +######################################################################## + by Software, IT & Networks Ltd +' run_service() { systemclt enable $1 systemctl restart $1 @@ -33,7 +45,7 @@ TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" GRAFANA_INI="/etc/grafana/grafana.ini" DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf" -GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*" < /dev/urandom | fold -w 14 | head -n1)" +GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" # Min requirements apt update && apt install -y gnupg2 curl wget jq @@ -158,7 +170,7 @@ curl -X PUT -H "Content-Type: application/json;charset=UTF-8" -d \ echo " # Create InfluxDB datasource " -curl -X \ +curl -s -k -u "admin:$GRAFANA_PASS" -X \ POST -H 'Content-Type: application/json;charset=UTF-8' -d \ '{ "name": "InfluxDB", @@ -167,7 +179,7 @@ POST -H 'Content-Type: application/json;charset=UTF-8' -d \ "access": "proxy", "isDefault": true, "database": "jitsi" -}' http://admin:$GRAFANA_PASS@localhost:3000/api/datasources; echo "" +}' http://localhost:3000/api/datasources; echo "" echo " # Add Grafana Dashboard From c9606959ca0db7d012dda5b7cc430e381a0debd6 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 15:17:05 -0500 Subject: [PATCH 49/67] Add systemctl status to allow grafana be ready --- grafana.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/grafana.sh b/grafana.sh index 2e11a54..822784a 100644 --- a/grafana.sh +++ b/grafana.sh @@ -145,6 +145,7 @@ sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI systemctl restart grafana-server +systemctl status grafana-server if [ -f $WS_CONF ]; then sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF @@ -160,17 +161,18 @@ fi echo " # Setup Grafana credentials. " -curl -X PUT -H "Content-Type: application/json;charset=UTF-8" -d \ +curl -k -u "admin:admin" -X \ +PUT -H "Content-Type: application/json;charset=UTF-8" -d \ "{ \"oldPassword\": \"admin\", \"newPassword\": \"$GRAFANA_PASS\", \"confirmNew\": \"$GRAFANA_PASS\" -}" http://admin:admin@localhost:3000/api/user/password; echo "" +}" http://localhost:3000/api/user/password; echo "" echo " # Create InfluxDB datasource " -curl -s -k -u "admin:$GRAFANA_PASS" -X \ +curl -k -u "admin:$GRAFANA_PASS" -X \ POST -H 'Content-Type: application/json;charset=UTF-8' -d \ '{ "name": "InfluxDB", @@ -191,7 +193,7 @@ ds=(11969); for d in "${ds[@]}"; do echo -n "Processing $d: " j=$(curl -s -k -u "$grafana_cred" $grafana_host/api/gnet/dashboards/$d | jq .json) - curl -s -k -u "$grafana_cred" -XPOST -H "Accept: application/json" \ + curl -k -u "$grafana_cred" -XPOST -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d "{ \"dashboard\": $j, From 3dd48a73de595118527d04d9021ce1eebfea21bc Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Sat, 4 Jul 2020 15:32:11 -0500 Subject: [PATCH 50/67] Add delay to allow grafana to load. --- grafana.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/grafana.sh b/grafana.sh index 822784a..8e4c674 100644 --- a/grafana.sh +++ b/grafana.sh @@ -144,8 +144,15 @@ sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI + systemctl restart grafana-server -systemctl status grafana-server +echo "Waiting for Grafana to load..." +secs=$((10)) +while [ $secs -gt 0 ]; do + echo -ne "$secs\033[0K\r" + sleep 1 + : $((secs--)) +done if [ -f $WS_CONF ]; then sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF From 52fa235b7bd05ed620e2bfeb7e38bb92cc139193 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Mon, 6 Jul 2020 15:37:02 -0500 Subject: [PATCH 51/67] Prevent sing up Make curl silent (cherry picked from commit 35bc407c34bc5dd8760bc42a70bc7aec43bb2e73) --- grafana.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/grafana.sh b/grafana.sh index 8e4c674..c4f6f1e 100644 --- a/grafana.sh +++ b/grafana.sh @@ -144,6 +144,7 @@ sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI +sed -i "s|;allow_sign_up =.*|allow_sign_up = false|" $GRAFANA_INI systemctl restart grafana-server echo "Waiting for Grafana to load..." @@ -168,7 +169,7 @@ fi echo " # Setup Grafana credentials. " -curl -k -u "admin:admin" -X \ +curl -s -k -u "admin:admin" -X \ PUT -H "Content-Type: application/json;charset=UTF-8" -d \ "{ \"oldPassword\": \"admin\", @@ -179,7 +180,7 @@ PUT -H "Content-Type: application/json;charset=UTF-8" -d \ echo " # Create InfluxDB datasource " -curl -k -u "admin:$GRAFANA_PASS" -X \ +curl -s -k -u "admin:$GRAFANA_PASS" -X \ POST -H 'Content-Type: application/json;charset=UTF-8' -d \ '{ "name": "InfluxDB", @@ -200,7 +201,7 @@ ds=(11969); for d in "${ds[@]}"; do echo -n "Processing $d: " j=$(curl -s -k -u "$grafana_cred" $grafana_host/api/gnet/dashboards/$d | jq .json) - curl -k -u "$grafana_cred" -XPOST -H "Accept: application/json" \ + curl -s -k -u "$grafana_cred" -XPOST -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d "{ \"dashboard\": $j, From bc0274e75886df9de99fcd7d09eba304729fcd7f Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Mon, 6 Jul 2020 15:39:49 -0500 Subject: [PATCH 52/67] Set copyright holders and tune copyright notice (cherry picked from commit 7a2650874305b155ac6958cafbdc32f31a200359) --- grafana.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/grafana.sh b/grafana.sh index c4f6f1e..d6bde92 100644 --- a/grafana.sh +++ b/grafana.sh @@ -1,12 +1,15 @@ #!/bin/bash -# Grafana Installer +# Grafana Installer for Jitsi Meet +# # Based on: -# https://community.jitsi.org/t/how-to-to-setup-grafana-dashboards-to-monitor-jitsi-my-comprehensive-tutorial-for-the-beginner/ -# by Woodworker_Life -# Woodworker_Life © - 2020 -# Jitsi Metrics - Grafana dashboard by mephisto -# https://grafana.com/grafana/dashboards/11969 +# - https://community.jitsi.org/t/38696 +# by Igor Kerstges +# - https://grafana.com/grafana/dashboards/11969 +# by "mephisto" +# +# Igor Kerstges © - 2020 # SwITNet Ltd © - 2020, https://switnet.net/ +# # GPLv3 or later. while getopts m: option From cb31cbb708a55a3721c8fd9fb2ba3059ae841ccf Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Mon, 6 Jul 2020 17:12:55 -0500 Subject: [PATCH 53/67] Fix typo enable service --- grafana.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana.sh b/grafana.sh index d6bde92..78b9857 100644 --- a/grafana.sh +++ b/grafana.sh @@ -39,7 +39,7 @@ echo ' by Software, IT & Networks Ltd ' run_service() { -systemclt enable $1 +systemctl enable $1 systemctl restart $1 systemctl status $1 } From 735739832dbc1a9a1f8f3fdf5747cff909a0cdf3 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sun, 19 Jul 2020 22:50:54 -0500 Subject: [PATCH 54/67] Update README --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 80f5bbb..38c5d58 100644 --- a/README.md +++ b/README.md @@ -29,9 +29,10 @@ Please check more details on our wiki. * Enabled Jitsi Electron app detection server side. * Standalone SSL Certbot/LE implementation * Jigasi Transcript - Speech to Text powered by Google API -* (New) JRA (Jibri Recordings Access) via Nextcloud -* (New) Customized brandless mode -* (New) Improved recurring updater +* JRA (Jibri Recordings Access) via Nextcloud +* Customized brandless mode +* Improved recurring updater +* (New) Grafana Dashboard ## Optional custom changes From 471de215ef9fe3aa9f6fc45a14700e66b972567d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sun, 19 Jul 2020 22:57:12 -0500 Subject: [PATCH 55/67] Increase timeout on JRA nginx settings Useful when update servers might be overloaded. --- jra_nextcloud.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index c314594..66ee137 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -286,6 +286,7 @@ server { fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; + fastcgi_read_timeout 300; } location ~ ^/(?:updater|ocs-provider)(?:\$|/) { From d29dea7fef09529f01b7052b49df9cf4227d4ecf Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jul 2020 00:47:34 -0500 Subject: [PATCH 56/67] Start focal testing for support Add HWE and PPA Certbot check to install, avoid if not. --- quick_jibri_installer.sh | 69 +++++++++++++++++++++++++--------------- 1 file changed, 43 insertions(+), 26 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 18b441a..3b7b262 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -22,11 +22,13 @@ fi # SYSTEM SETUP JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f4) +CERTBOT_REL_FILE="http://ppa.launchpad.net/certbcertbot/ubuntu/dists/$(lsb_release -sc)/Release" APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") DIST=$(lsb_release -sc) GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" PROSODY_REPO=$(apt-cache policy | grep http | grep prosody| awk '{print $3}' | head -n 1 | cut -d "/" -f2) +HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe") if [ $DIST = flidas ]; then DIST="xenial" @@ -79,24 +81,6 @@ else read -n 1 -s -r -p "Press any key to continue..."$'\n' fi } -update_certbot() { - if [ "$CERTBOT_REPO" = "certbot" ]; then - echo " -Cerbot repository already on the system! -Checking for updates... -" - apt-get -q2 update - apt-get -yq2 dist-upgrade -else - echo " -Adding cerbot (formerly letsencrypt) PPA repository for latest updates -" - echo "deb http://ppa.launchpad.net/certbot/certbot/ubuntu $DIST main" > /etc/apt/sources.list.d/certbot.list - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694 - apt-get -q2 update - apt-get -yq2 dist-upgrade -fi -} # sed limiters for add-jibri-node.sh variables var_dlim() { grep -n $1 add-jibri-node.sh|head -n1|cut -d ":" -f1 @@ -135,12 +119,14 @@ if ! [ $(id -u) = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi -if [ "$DIST" = "xenial" ] || [ "$DIST" = "bionic" ]; then - echo "OS: $(lsb_release -sd) -Good, this is a supported platform!" +if [ "$DIST" = "xenial" ] || \ + [ "$DIST" = "bionic" ] || \ + [ "$DIST" = "focal" ]; then + echo "OS: $(lsb_release -sd)" + echo "Good, this is a supported platform!" else - echo "OS: $(lsb_release -sd) -Sorry, this platform is not supported... exiting" + echo "OS: $(lsb_release -sd)" + echo "Sorry, this platform is not supported... exiting" exit fi #Suggest 18.04 LTS release over 16.04 @@ -223,11 +209,19 @@ apt-get -y install \ git \ htop \ letsencrypt \ - linux-image-generic-hwe-$(lsb_release -r|awk '{print$2}') \ - linux-modules-extra-virtual-hwe-$(lsb_release -r|awk '{print$2}') \ unzip \ wget +echo "# Check and Install HWE kernel if possible..." +if [ "$HWE_VIR_MOD" == "1" ]; then + apt-get -y install \ + linux-image-generic-hwe-$(lsb_release -sr) \ + linux-modules-extra-virtual-hwe-$(lsb_release -sr) + else + apt-get -y install \ + linux-modules-extra-$(uname -r) +fi + check_serv echo " @@ -505,7 +499,30 @@ echo ' #Disabled 'til fixed upstream #bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh -update_certbot +echo "#Set and upgrade certbot PPA if posssible..." +if [ "$CERTBOT_REPO" = "certbot" ]; then + echo " +Cerbot repository already on the system! +Checking for updates... +" + apt-get -q2 update + apt-get -yq2 dist-upgrade +else + if [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "200" ]; then + echo " +Adding cerbot (formerly letsencrypt) PPA repository for latest updates +" + echo "deb http://ppa.launchpad.net/certbot/certbot/ubuntu $DIST main" > /etc/apt/sources.list.d/certbot.list + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694 + apt-get -q2 update + apt-get -yq2 dist-upgrade + fi + if [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "404" ]; then + echo " +Certbot PPA is not available for $(lsb_release -sc) just yet, it won't be installed... +" + fi +fi else echo "SSL setup will be skipped." From 2c46e87c6802a6a3b8d72990c509442468796f88 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jul 2020 03:03:54 -0500 Subject: [PATCH 57/67] Improve repo checks, add new packages, ... ...enable sharing of external folder, and add db checks --- jra_nextcloud.sh | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 66ee137..be28a48 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -49,6 +49,7 @@ fi done DISTRO_RELEASE="$(lsb_release -sc)" DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') +PHP_REPO=$(apt-cache policy | grep http | grep php | head -n 1 | awk '{print $2}' | cut -d "/" -f5) PHPVER="7.4" PSGVER="$(apt-cache madison postgresql | head -n1 | awk '{print $3}' | cut -d "+" -f1)" PHP_FPM_DIR="/etc/php/$PHPVER/fpm" @@ -87,10 +88,12 @@ if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" = fi } add_php74() { - if [ "$(dpkg-query -W -f='${Status}' "php$PHPVER-fpm" 2>/dev/null | grep -c "ok installed")" == "1" ]; then + if [ "$PHP_REPO" = "php" ]; then echo "PHP $PHPVER already installed" + apt-get -q2 update + apt-get -yq2 dist-upgrade else - echo "# Adding PHP $PHPVER Repository" + echo "# Adding Ondrej PHP $PHPVER PPA Repository" apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list apt-get update -q2 @@ -108,23 +111,24 @@ install_ifnot postgresql-$PSGVER # PHP 7.4 add_php74 apt-get install -y \ - php$PHPVER-fpm \ - php$PHPVER-bz2 \ - php$PHPVER-curl \ - php$PHPVER-gd \ - php$PHPVER-gmp \ - php$PHPVER-intl \ - php$PHPVER-json \ - php$PHPVER-ldap \ - php$PHPVER-mbstring \ - php$PHPVER-pgsql \ - php$PHPVER-soap \ - php$PHPVER-xml \ - php$PHPVER-xmlrpc \ - php$PHPVER-zip \ - php-imagick \ - php-redis \ - redis-server + php$PHPVER-fpm \ + php$PHPVER-bcmath \ + php$PHPVER-bz2 \ + php$PHPVER-curl \ + php$PHPVER-gd \ + php$PHPVER-gmp \ + php$PHPVER-intl \ + php$PHPVER-json \ + php$PHPVER-ldap \ + php$PHPVER-mbstring \ + php$PHPVER-pgsql \ + php$PHPVER-soap \ + php$PHPVER-xml \ + php$PHPVER-xmlrpc \ + php$PHPVER-zip \ + php-imagick \ + php-redis \ + redis-server #System related install_ifnot smbclient @@ -424,6 +428,7 @@ Fixing possible missing tables... " echo "y"|sudo -u www-data php $NC_PATH/occ db:convert-filecache-bigint sudo -u www-data php $NC_PATH/occ db:add-missing-indices +sudo -u www-data php $NC_PATH/occ db:add-missing-columns echo " Adding trusted domain... From 19ff6a7f4b59824fddef6bb95907ceb87b4aa4dd Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jul 2020 04:20:47 -0500 Subject: [PATCH 58/67] Enable sharing on external folder --- files/jra-nc-app-ef.json | 1 + jra_nextcloud.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/files/jra-nc-app-ef.json b/files/jra-nc-app-ef.json index 42b2a1e..4e6d95b 100644 --- a/files/jra-nc-app-ef.json +++ b/files/jra-nc-app-ef.json @@ -14,6 +14,7 @@ "filesystem_check_changes": 1, "encoding_compatibility": false, "readonly": false + "enable_sharing": true }, "applicable_users": [], "applicable_groups": [ diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index be28a48..36c46d6 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -359,6 +359,7 @@ fi echo " Latest version to be installed: $STABLEVERSION + (This might take sometime, please be patient...) " curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/$STABLEVERSION.zip unzip -q /tmp/$STABLEVERSION.zip From cd10656b71d50517c9ea5fff59e19f3e5b4fd8c8 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jul 2020 04:56:46 -0500 Subject: [PATCH 59/67] Fix typo --- quick_jibri_installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 3b7b262..94273ed 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -191,7 +191,7 @@ while [[ $LE_SSL != yes && $LE_SSL != no ]] do read -p "> Do you plan to use Let's Encrypt SSL certs?: (yes or no)"$'\n' -r LE_SSL if [ $LE_SSL = yes ]; then - echo "We'll defaul to Let's Encrypt SSL cers." + echo "We'll defaul to Let's Encrypt SSL certs." else echo "We'll let you choose later on for it." fi From 05d8a350f9057a10720e36d95a56ca6d163598e8 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jul 2020 12:30:59 -0500 Subject: [PATCH 60/67] Fix and improve repository detection --- quick_jibri_installer.sh | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 94273ed..5300624 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -21,8 +21,6 @@ fi # SYSTEM SETUP JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) -CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f4) -CERTBOT_REL_FILE="http://ppa.launchpad.net/certbcertbot/ubuntu/dists/$(lsb_release -sc)/Release" APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") DIST=$(lsb_release -sc) @@ -325,6 +323,9 @@ LE_RENEW_LOG="/var/log/letsencrypt/renew.log" MOD_LISTU="https://prosody.im/files/mod_listusers.lua" MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" ENABLE_SA="yes" +CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f4) +CERTBOT_REL_FILE="http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/$(lsb_release -sc)/Release" +GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release" #Sysadmin email while [[ -z $SYSADMIN_EMAIL ]] do @@ -447,6 +448,10 @@ elif [ "$ENABLE_NC_ACCESS" = "yes" ]; then fi done #Jigasi +if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then + echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd), +thus, Jigasi Transcript can't be enable." +elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] do read -p "> Do you want to setup Jigasi Transcription: (yes or no) @@ -457,6 +462,10 @@ elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then echo "Jigasi Transcription will be enabled." fi done +else + echo "No valid option for Jigasi.Please report this to +https://github.com/switnet-ltd/quick-jibri-installer/issues " +fi #Grafana while [[ "$ENABLE_GRAFANA_DSH" != "yes" && "$ENABLE_GRAFANA_DSH" != "no" ]] do @@ -507,8 +516,7 @@ Checking for updates... " apt-get -q2 update apt-get -yq2 dist-upgrade -else - if [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "200" ]; then +elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "200" ]; then echo " Adding cerbot (formerly letsencrypt) PPA repository for latest updates " @@ -516,12 +524,10 @@ Adding cerbot (formerly letsencrypt) PPA repository for latest updates apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694 apt-get -q2 update apt-get -yq2 dist-upgrade - fi - if [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "404" ]; then +elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "404" ]; then echo " Certbot PPA is not available for $(lsb_release -sc) just yet, it won't be installed... " - fi fi else @@ -847,7 +853,7 @@ if [ "$ENABLE_BLESSM" = "yes" ]; then fi #JRA via Nextcloud if [ "$ENABLE_NC_ACCESS" = "yes" ]; then - echo "Jigasi Transcription will be enabled." + echo "JRA via Nextcloud will be enabled." bash $PWD/jra_nextcloud.sh fi } > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) From f5f53fb57e0d31b9aeb853c30173a97e65b00619 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 20 Jul 2020 13:04:46 -0500 Subject: [PATCH 61/67] Small format improvement --- quick_jibri_installer.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 5300624..4ae9cab 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -449,19 +449,19 @@ fi done #Jigasi if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then - echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd), -thus, Jigasi Transcript can't be enable." + echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd)," + echo "thus, Jigasi Transcript can't be enable." elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then -while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] -do + while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] + do read -p "> Do you want to setup Jigasi Transcription: (yes or no) ( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_TRANSCRIPT -if [ "$ENABLE_TRANSCRIPT" = "no" ]; then - echo "Jigasi Transcription won't be enabled." -elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then - echo "Jigasi Transcription will be enabled." -fi -done + if [ "$ENABLE_TRANSCRIPT" = "no" ]; then + echo "Jigasi Transcription won't be enabled." + elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then + echo "Jigasi Transcription will be enabled." + fi + done else echo "No valid option for Jigasi.Please report this to https://github.com/switnet-ltd/quick-jibri-installer/issues " From dfb953c3377a0800e5b714c061aa63152726610d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 23 Jul 2020 02:23:12 -0500 Subject: [PATCH 62/67] Improve Prosody detection + Test Lobby + Test conference duration --- quick_jibri_installer.sh | 41 +++++++++++++++++++++++++++++++--------- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 4ae9cab..10dcf50 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -92,6 +92,9 @@ else wget -qO - https://prosody.im/files/prosody-debian-packages.key | apt-key add - fi } +dpkg-compare() { +dpkg --compare-versions $(dpkg-query -f='${Version}' --show $1) $2 $3 +} clear echo ' ######################################################################## @@ -175,7 +178,7 @@ else done fi #Prosody repository -#add_prosody_repo +add_prosody_repo # Jitsi-Meet Repo echo "Add Jitsi repo" if [ "$JITSI_REPO" = "unstable" ]; then @@ -556,6 +559,7 @@ restart_services() { # Configure Jibri ## PROSODY +if dpkg-compare prosody lt 0.11.0 ; then cat << MUC-JIBRI >> $PROSODY_FILE -- internal muc component, meant to enable pools of jibri and jigasi clients @@ -567,7 +571,7 @@ Component "internal.auth.$DOMAIN" "muc" muc_room_cache_size = 1000 MUC-JIBRI - +fi cat << REC-JIBRI >> $PROSODY_FILE VirtualHost "recorder.$DOMAIN" @@ -577,12 +581,17 @@ VirtualHost "recorder.$DOMAIN" authentication = "internal_plain" REC-JIBRI +#Enable Jibri withelist +sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_SYS #Fix Jibri conectivity issues +if dpkg-compare prosody lt 0.11.0 ; then sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS sed -i "/c2s_require_encryption = false/a \\ \\ consider_bosh_secure = true" $PROSODY_SYS +fi + if [ ! -z $L10N_PARTICIPANT ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh fi @@ -790,21 +799,35 @@ SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ": SRP_END=$((SRP_STR + 10)) sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE +if dpkg-compare prosody gt 0.11.0 ; then +#Temporary fix? - https://community.jitsi.org/t/27752/112 +sed -i "s| lobby_muc = \"lobby.|-- lobby_muc = \"lobby.|" $PROSODY_FILE +sed -i"s| main_muc = \"conference.|-- main_muc = \"conference.|" $PROSODY_FILE +#EO_TF cat << P_SR >> $PROSODY_FILE VirtualHost "guest.$DOMAIN" authentication = "anonymous" - + c2s_require_encryption = false speakerstats_component = "speakerstats.$DOMAIN" - conference_duration_component = "conferenceduration.$DOMAIN" + conference_duration_component = "conferenceduration.$DOMAIN" - modules_enabled = { - "muc_size"; - "speakerstats"; - "conference_duration"; - } + modules_enabled = { + "speakerstats"; + "conference_duration"; + "muc_lobby_rooms"; + } + lobby_muc = "lobby.qj.$DOMAIN" + main_muc = "conference.$DOMAIN" +P_SR + else +cat << P_SR >> $PROSODY_FILE + +VirtualHost "guest.$DOMAIN" + authentication = "anonymous" c2s_require_encryption = false P_SR +fi #Secure room initial user if [ "$ENABLE_SC" = "yes" ]; then echo "Secure rooms are being enabled..." From 41e11d3356444f55a0490dc8effbe17d38b1561d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 7 Aug 2020 16:39:46 -0500 Subject: [PATCH 63/67] Add fix for JRA sync clients --- jitsi-updater.sh | 21 +++++++++++++++++++++ jra_nextcloud.sh | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/jitsi-updater.sh b/jitsi-updater.sh index 70dafbe..c887f69 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -26,6 +26,11 @@ ENABLE_BLESSM="TBD" CHD_LST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" CHDB="$(whereis chromedriver | awk '{print$2}')" DOMAIN="$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')" +NC_DOMAIN="TBD" +JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" +if [ -f $JITSI_MEET_PROXY ];then +PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) +fi INT_CONF="/usr/share/jitsi-meet/interface_config.js" jibri_packages="$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages |sort -u|awk '{print $2}'|sed 's|jigasi||'|paste -s -d ' ')" AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)" @@ -154,6 +159,22 @@ fi printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n" sed -i "s|'videobackgroundblur', ||" $INT_CONF + +if [ ! "$NC_DOMAIN" = "TBD" ]; +printf "${Purple}========== Enable $NC_DOMAIN for sync client ==========${Color_Off}\n" + if [ -z $PREAD_PROXY ]; then + echo " + Setting up Nextcloud domain on Jitsi Meet turn proxy +" + sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ }" $JITSI_MEET_PROXY + else + echo "$NC_DOMAIN seems to be on place, skipping..." + fi +fi + restart_services diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 36c46d6..524d23d 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -347,7 +347,7 @@ if [ "$ENABLE_HSTS" = "yes" ]; then sed -i "s|# add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF fi -if [ "$DISTRO_RELEASE" = "bionic" ] && [ -z $PREAD_PROXY ]; then +if [ ! "$DISTRO_RELEASE" = "xenial" ] && [ -z $PREAD_PROXY ]; then echo " Setting up Nextcloud domain on Jitsi Meet turn proxy " From 5a2d0f78727e77d3779afc569a9da6c14c0e10b3 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 7 Aug 2020 17:32:16 -0500 Subject: [PATCH 64/67] Tune prosody --- quick_jibri_installer.sh | 56 +++++++++++++++++++++++++++------------- 1 file changed, 38 insertions(+), 18 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 10dcf50..207b7d8 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -95,6 +95,14 @@ fi dpkg-compare() { dpkg --compare-versions $(dpkg-query -f='${Version}' --show $1) $2 $3 } +wait_seconds() { +secs=$(($1)) +while [ $secs -gt 0 ]; do + echo -ne "$secs\033[0K\r" + sleep 1 + : $((secs--)) +done +} clear echo ' ######################################################################## @@ -162,7 +170,9 @@ else fi if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then echo "All requirements seems meet!" - echo "We hope you have a nice recording/streaming session" + echo " + - We hope you have a nice recording/streaming session + " else echo "CPU ($(nproc --all))/RAM ($((mem_available/1024)) MiB) does NOT meet minimum recommended requirements!" echo "Even when you can use the videconference sessions, we advice to increase the resoruces in order to user Jibri." @@ -180,9 +190,11 @@ fi #Prosody repository add_prosody_repo # Jitsi-Meet Repo -echo "Add Jitsi repo" +echo " +Add Jitsi repo +" if [ "$JITSI_REPO" = "unstable" ]; then - echo "Jitsi stable repository already installed" + echo "Jitsi unstable repository already installed" else echo 'deb http://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - @@ -582,15 +594,15 @@ VirtualHost "recorder.$DOMAIN" REC-JIBRI #Enable Jibri withelist -sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_SYS +sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE #Fix Jibri conectivity issues -if dpkg-compare prosody lt 0.11.0 ; then +#if dpkg-compare prosody lt 0.11.0 ; then sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS sed -i "/c2s_require_encryption = false/a \\ \\ consider_bosh_secure = true" $PROSODY_SYS -fi +#fi if [ ! -z $L10N_PARTICIPANT ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh @@ -793,6 +805,7 @@ fi # Disable "Blur my background" until new notice sed -i "s|'videobackgroundblur', ||" $INT_CONF +#Setup prosody conf file================================== #Setup secure rooms SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) @@ -800,11 +813,7 @@ SRP_END=$((SRP_STR + 10)) sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE if dpkg-compare prosody gt 0.11.0 ; then -#Temporary fix? - https://community.jitsi.org/t/27752/112 -sed -i "s| lobby_muc = \"lobby.|-- lobby_muc = \"lobby.|" $PROSODY_FILE -sed -i"s| main_muc = \"conference.|-- main_muc = \"conference.|" $PROSODY_FILE -#EO_TF -cat << P_SR >> $PROSODY_FILE + cat << P_SR >> $PROSODY_FILE VirtualHost "guest.$DOMAIN" authentication = "anonymous" @@ -821,13 +830,15 @@ VirtualHost "guest.$DOMAIN" main_muc = "conference.$DOMAIN" P_SR else -cat << P_SR >> $PROSODY_FILE + cat << P_SR >> $PROSODY_FILE VirtualHost "guest.$DOMAIN" authentication = "anonymous" c2s_require_encryption = false P_SR + fi +#====================== #Secure room initial user if [ "$ENABLE_SC" = "yes" ]; then echo "Secure rooms are being enabled..." @@ -861,6 +872,15 @@ restart_services enable_letsencrypt +if dpkg-compare prosody gt 0.11.0 && [ "S" = "" ]; then +echo "Let's try wait 15s" +wait_seconds 15 +#Temporary fix? - https://community.jitsi.org/t/27752/112 +sed -i "s| lobby_muc = \"lobby.|-- lobby_muc = \"lobby.|" $PROSODY_FILE +sed -i"s| main_muc = \"conference.|-- main_muc = \"conference.|" $PROSODY_FILE +#EO_TF +fi + #SSL workaround if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then ssl_wa nginx nginx $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN @@ -877,6 +897,7 @@ fi #JRA via Nextcloud if [ "$ENABLE_NC_ACCESS" = "yes" ]; then echo "JRA via Nextcloud will be enabled." + sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh bash $PWD/jra_nextcloud.sh fi } > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) @@ -892,8 +913,12 @@ if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then bash $PWD/grafana.sh fi #Prevent Jibri conecction issue +if [ -z "$(grep -n $DOMAIN /etc/hosts)" ];then sed -i "/127.0.0.1/a \\ 127.0.0.1 $DOMAIN" /etc/hosts +else + echo "Local host already in place..." +fi echo " ######################################################################## @@ -905,11 +930,6 @@ apt-get -y autoremove apt-get autoclean echo "Rebooting in..." -secs=$((15)) -while [ $secs -gt 0 ]; do - echo -ne "$secs\033[0K\r" - sleep 1 - : $((secs--)) -done +wait_seconds 15 } > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) reboot From 0f399fab18f07eb8ab598093105afdd82cba9f2f Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 7 Aug 2020 18:10:52 -0500 Subject: [PATCH 65/67] Tune tls unsecure dropping --- quick_jibri_installer.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 207b7d8..0c679fb 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -790,11 +790,11 @@ if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF fi #nginx -tlsv1/1.1 -if [ "$DROP_TLS1" = "yes" ] && [ "$DIST" = "bionic" ];then +if [ "$DROP_TLS1" = "yes" ] && [ ! "$DIST" = "xenial" ];then echo "Dropping TLSv1/1.1 in favor of v1.3" sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf #sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF -elif [ "$DROP_TLS1" = "yes" ] && [ ! "$DIST" = "bionic" ];then +elif [ "$DROP_TLS1" = "yes" ] && [ "$DIST" = "xenial" ];then echo "Only dropping TLSv1/1.1" sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf #sed -i "s|TLSv1 TLSv1.1||" $WS_CONF From e27efa57eaff43dbde817dd6ba348d8cbcd576de Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 8 Aug 2020 00:36:08 -0500 Subject: [PATCH 66/67] Continue work on lobby --- jra_nextcloud.sh | 2 +- quick_jibri_installer.sh | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 524d23d..3587d63 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -171,7 +171,7 @@ echo "opcache.validate_timestamps=1" systemctl restart php$PHPVER-fpm.service #-------------------------------------------------- -# Create MySQL user +# Create DB user #-------------------------------------------------- echo -e "\n---- Creating the PgSQL DB & User ----" diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 0c679fb..aae153c 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -820,14 +820,15 @@ VirtualHost "guest.$DOMAIN" c2s_require_encryption = false speakerstats_component = "speakerstats.$DOMAIN" conference_duration_component = "conferenceduration.$DOMAIN" - + lobby_muc = "lobby.$DOMAIN" + main_muc = "conference.$DOMAIN" + modules_enabled = { "speakerstats"; "conference_duration"; "muc_lobby_rooms"; } - lobby_muc = "lobby.qj.$DOMAIN" - main_muc = "conference.$DOMAIN" + P_SR else cat << P_SR >> $PROSODY_FILE @@ -872,7 +873,7 @@ restart_services enable_letsencrypt -if dpkg-compare prosody gt 0.11.0 && [ "S" = "" ]; then +if dpkg-compare prosody gt 0.11.0 && [ "$ENABLE_SC" = "yes" ]; then echo "Let's try wait 15s" wait_seconds 15 #Temporary fix? - https://community.jitsi.org/t/27752/112 From b6d93cc790c20ceae3439c0e7d778d48b8366e2c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 8 Aug 2020 01:13:10 -0500 Subject: [PATCH 67/67] Track stable repo for unstable branch --- quick_jibri_installer.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index aae153c..2c21d88 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -193,10 +193,10 @@ add_prosody_repo echo " Add Jitsi repo " -if [ "$JITSI_REPO" = "unstable" ]; then - echo "Jitsi unstable repository already installed" +if [ "$JITSI_REPO" = "stable" ]; then + echo "Jitsi stable repository already installed" else - echo 'deb http://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list + echo 'deb http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - fi #Default to LE SSL? @@ -457,9 +457,9 @@ do read -p "> Do you want to setup Jibri Records Access via Nextcloud: (yes or no) ( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_NC_ACCESS if [ "$ENABLE_NC_ACCESS" = "no" ]; then - echo "JRA via Nextcloud won't be enabled." + echo "-- JRA via Nextcloud won't be enabled." elif [ "$ENABLE_NC_ACCESS" = "yes" ]; then - echo "JRA via Nextcloud will be enabled." + echo "-- JRA via Nextcloud will be enabled." fi done #Jigasi @@ -472,9 +472,9 @@ elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; read -p "> Do you want to setup Jigasi Transcription: (yes or no) ( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_TRANSCRIPT if [ "$ENABLE_TRANSCRIPT" = "no" ]; then - echo "Jigasi Transcription won't be enabled." + echo "-- Jigasi Transcription won't be enabled." elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then - echo "Jigasi Transcription will be enabled." + echo "-- Jigasi Transcription will be enabled." fi done else @@ -487,9 +487,9 @@ do read -p "> Do you want to setup Grafana Dashboard: (yes or no) ( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_GRAFANA_DSH if [ "$ENABLE_GRAFANA_DSH" = "no" ]; then - echo "Grafana Dashboard won't be enabled." + echo "-- Grafana Dashboard won't be enabled." elif [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then - echo "Grafana Dashboard will be enabled." + echo "-- Grafana Dashboard will be enabled." fi done #Start configuration @@ -878,7 +878,7 @@ echo "Let's try wait 15s" wait_seconds 15 #Temporary fix? - https://community.jitsi.org/t/27752/112 sed -i "s| lobby_muc = \"lobby.|-- lobby_muc = \"lobby.|" $PROSODY_FILE -sed -i"s| main_muc = \"conference.|-- main_muc = \"conference.|" $PROSODY_FILE +sed -i "s| main_muc = \"conference.|-- main_muc = \"conference.|" $PROSODY_FILE #EO_TF fi