diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 6d72e56..6738bbd 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -8,7 +8,7 @@ ### 1_LAST EDITION ### #Make sure the file name is the required one -if [ ! "$(basename $0)" = "add-jibri-node.sh" ]; then +if [ ! "$(basename "$0")" = "add-jibri-node.sh" ]; then echo "For most cases naming won't matter, for this one it does." echo "Please use the original name for this script: \`add-jibri-node.sh', and run again." exit @@ -55,7 +55,7 @@ CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" -PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" +#PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}" NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" @@ -68,7 +68,7 @@ JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" # sed limiters for add-jibri-node.sh variables var_dlim() { - grep -n $1 add-jibri-node.sh|head -n1|cut -d ":" -f1 + grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1 } check_var() { @@ -89,19 +89,19 @@ echo " # Checking initial necessary variables... #-----------------------------------------------------------------------" -JMS_DATA=($MAIN_SRV_DIST \ - $MAIN_SRV_REPO \ - $MAIN_SRV_DOMAIN \ - $JibriBrewery \ - $JB_NAME \ - $JB_AUTH_PASS \ - $JB_REC_PASS \ - $MJS_USER \ - $MJS_USER_PASS \ - $JIBRI_RES_CONF \ - $JIBRI_RES_XORG_CONF) +JMS_DATA=("$MAIN_SRV_DIST" \ + "$MAIN_SRV_REPO" \ + "$MAIN_SRV_DOMAIN" \ + "$JibriBrewery" \ + "$JB_NAME" \ + "$JB_AUTH_PASS" \ + "$JB_REC_PASS" \ + "$MJS_USER" \ + "$MJS_USER_PASS" \ + "$JIBRI_RES_CONF" \ + "$JIBRI_RES_XORG_CONF") -JMS_EVAL=${JMS_DATA[0]} +JMS_EVAL="${JMS_DATA[0]}" for i in "${JMS_DATA[@]}"; do if [[ "$JMS_EVAL" != "$i" ]]; then ALL_TBD="no" @@ -152,7 +152,7 @@ else fi ### Test RAM size (8GB min) ### mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') -if [ ${mem_available} -lt 7700000 ]; then +if [ "${mem_available}" -lt 7700000 ]; then echo " Warning!: The system do not meet the minimum RAM requirements for Jibri to run. >> We recommend 8GB RAM for Jibri! @@ -190,7 +190,7 @@ sed -i "1i 127.0.0.1 jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts # Jitsi-Meet Repo echo "Add Jitsi repo" if [ -z "$JITSI_REPO" ]; then - echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list + echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then echo "Main and node servers repository don't match, extiting.." @@ -235,7 +235,7 @@ else # Your audio driver might not be able to load. # We'll check the state of this Jibri with our 'test-jibri-env.sh' tool. #-----------------------------------------------------------------------" -curl -s $TEST_JIBRI_ENV > /tmp/test-jibri-env.sh +curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh #Test tool if [ "$MODE" = "debug" ]; then bash /tmp/test-jibri-env.sh -m debug @@ -248,14 +248,14 @@ fi } echo "# Check and Install HWE kernel if possible..." -HWE_VIR_MOD=$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)") +HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")" if [ "$HWE_VIR_MOD" = "1" ]; then apt-get -y install \ - linux-image-generic-hwe-$(lsb_release -sr) + linux-image-generic-hwe-"$(lsb_release -sr)" else apt-get -y install \ linux-image-generic \ - linux-modules-extra-$(uname -r) + linux-modules-extra-"$(uname -r)" fi echo " @@ -273,7 +273,7 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then else echo "Installing Google Chrome Stable" wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - - echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO + echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" fi apt-get -q2 update apt-get install -y google-chrome-stable @@ -283,7 +283,7 @@ if [ -f /usr/local/bin/chromedriver ]; then echo "Chromedriver already installed." else echo "Installing Chromedriver" - wget -q https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip + wget -q https://chromedriver.storage.googleapis.com/"$CHD_VER"/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/ chown root:root /usr/local/bin/chromedriver chmod 0755 /usr/local/bin/chromedriver @@ -305,18 +305,18 @@ echo " Remove Chrome warning... " mkdir -p /etc/opt/chrome/policies/managed -echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON +echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON" # Recording directory -if [ ! -d $DIR_RECORD ]; then -mkdir $DIR_RECORD +if [ ! -d "$DIR_RECORD" ]; then +mkdir "$DIR_RECORD" fi -chown -R jibri:jibri $DIR_RECORD +chown -R jibri:jibri "$DIR_RECORD" -cat << REC_DIR > $REC_DIR +cat << REC_DIR > "$REC_DIR" #!/bin/bash -RECORDINGS_DIR=$DIR_RECORD +RECORDINGS_DIR="$DIR_RECORD" echo "This is a dummy finalize script" > /tmp/finalize.out echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out @@ -341,12 +341,12 @@ fi exit 0 REC_DIR -chown jibri:jibri $REC_DIR -chmod +x $REC_DIR +chown jibri:jibri "$REC_DIR" +chmod +x "$REC_DIR" ## New Jibri Config (2020) -mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file -cat << NEW_CONF > $JIBRI_CONF +mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file +cat << NEW_CONF > "$JIBRI_CONF" // New XMPP environment config. jibri { streaming { @@ -459,25 +459,25 @@ jibri { NEW_CONF #Jibri xorg resolution -sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" $JIBRI_XORG_CONF +sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" echo -e "\n---- Create random nodesync user ----" -useradd -m -g jibri $NJN_USER +useradd -m -g jibri "$NJN_USER" echo "$NJN_USER:$NJN_USER_PASS" | chpasswd echo -e "\n---- We'll connect to main server ----" read -n 1 -s -r -p "Press any key to continue..."$'\n' -sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +sudo su "$NJN_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" #Workaround for jibri to do cleaning. -install -m 0600 -o jibri /home/$NJN_USER/.ssh/id_rsa /home/jibri/jbsync.pem +install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_rsa /home/jibri/jbsync.pem sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts" sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" -ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts -ssh $MJS_USER@$MAIN_SRV_DOMAIN sh -c "'cat >> .ssh/authorized_keys'" < /home/$NJN_USER/.ssh/id_rsa.pub -sudo su $NJN_USER -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" +ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts +ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub +sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" echo -e "\n---- Setup Log system ----" cat << INOT_RSYNC > /etc/jitsi/jibri/remote-jbsync.sh @@ -486,21 +486,21 @@ cat << INOT_RSYNC > /etc/jitsi/jibri/remote-jbsync.sh # Log process exec 3>&1 4>&2 trap 'exec 2>&4 1>&3' 0 1 2 3 -exec 1>/var/log/$NJN_USER/remote_jnsync.log 2>&1 +exec 1>/var/log/"$NJN_USER"/remote_jnsync.log 2>&1 # Run sync while true; do - inotifywait -t 60 -r -e modify,attrib,close_write,move,delete $DIR_RECORD - sudo su $NJN_USER -c "rsync -Aax --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD" - find $DIR_RECORD -depth -type d -empty -not -path $DIR_RECORD -delete + inotifywait -t 60 -r -e modify,attrib,close_write,move,delete "$DIR_RECORD" + sudo su "$NJN_USER" -c "rsync -Aax --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD" + find "$DIR_RECORD" -depth -type d -empty -not -path "$DIR_RECORD" -delete done INOT_RSYNC -mkdir /var/log/$NJN_USER +mkdir /var/log/"$NJN_USER" -cat << LOG_ROT > /etc/logrotate.d/$NJN_USER -/var/log/$NJN_USER/*.log { +cat << LOG_ROT > /etc/logrotate.d/"$NJN_USER" +/var/log/"$NJN_USER"/*.log { monthly missingok rotate 12 @@ -561,7 +561,7 @@ echo " echo "Make sure to reboot, it's necessary before *any* usage. Rebooting in..." secs=$((15)) -while [ $secs -gt 0 ]; do +while [ "$secs" -gt 0 ]; do echo -ne "$secs\033[0K\r" sleep 1 : $((secs--)) diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index 34fdb46..d85a120 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -8,7 +8,7 @@ ### 1_LAST EDITION ### #Make sure the file name is the required one -if [ ! "$(basename $0)" = "add-jvb2-node.sh" ]; then +if [ ! "$(basename "$0")" = "add-jvb2-node.sh" ]; then echo "For most cases naming won't matter, for this one it does." echo "Please use the original name for this script: \`add-jvb2-node.sh', and run again." exit @@ -53,10 +53,10 @@ SHARD_DOMAIN=TBD SHARD_PASS=TBD MUC_JID=TBD -MJS_USER=TBD -MJS_USER_PASS=TBD -START=0 -LAST=TBD +#MJS_USER=TBD +#MJS_USER_PASS=TBD +#START=0 +#LAST=TBD THIS_SRV_DIST=$(lsb_release -sc) JITSI_REPO=$(apt-cache policy | awk '/jitsi/&&/stable/{print$3}' | awk -F / 'NR==1{print$1}') @@ -71,7 +71,7 @@ SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)" # sed limiters for add-jvb2-node.sh variables var_dlim() { - grep -n $1 add-jvb2-node.sh|head -n1|cut -d ":" -f1 + grep -n "$1" add-jvb2-node.sh|head -n1|cut -d ":" -f1 } check_var() { @@ -105,7 +105,7 @@ else fi ### Test RAM size (8GB min) ### mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') -if [ ${mem_available} -lt 7700000 ]; then +if [ "${mem_available}" -lt 7700000 ]; then echo " Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads. >> We recommend 8GB RAM or above for JVB2! @@ -141,7 +141,7 @@ echo " #-----------------------------------------------------------------------" check_var JVB_HOSTNNAME "$JVB_HOSTNAME" -if [ -z $JVB_HOST ]; then +if [ -z "$JVB_HOST" ]; then echo "JVB_HOST is empty, but it may be ok for it to be empty, skipping empty test." else check_var JVB_HOST "$JVB_HOST" @@ -166,7 +166,7 @@ sed -i "1i 127.0.0.1 jvb_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts # Jitsi-Meet Repo echo "Add Jitsi repo" if [ -z "$JITSI_REPO" ]; then - echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list + echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then echo "Main and node servers repository don't match, extiting.." @@ -193,14 +193,14 @@ apt-get -y install \ wget echo "# Check and Install HWE kernel if possible..." -HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe") +HWE_VIR_MOD="$(apt-cache madison linux-modules-extra-virtual-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c "extra-virtual-hwe")" if [ "$HWE_VIR_MOD" == "1" ]; then apt-get -y install \ - linux-image-generic-hwe-$(lsb_release -sr) \ - linux-modules-extra-virtual-hwe-$(lsb_release -sr) + linux-image-generic-hwe-"$(lsb_release -sr)" \ + linux-modules-extra-virtual-hwe-"$(lsb_release -sr)" else apt-get -y install \ - linux-modules-extra-$(uname -r) + linux-modules-extra-"$(uname -r)" fi echo " diff --git a/etherpad-docker.sh b/etherpad-docker.sh index c9568ff..cde6471 100644 --- a/etherpad-docker.sh +++ b/etherpad-docker.sh @@ -18,7 +18,7 @@ if [ "$MODE" = "debug" ]; then set -x fi -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -35,14 +35,14 @@ check_apt_policy() { apt-cache policy 2>/dev/null| awk "/$1/{print \$3}" | awk -F '/' 'NR==1{print$2}' } install_ifnot() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." else echo -e "\n---- Installing $1 ----" - apt-get -yq2 install $1 + apt-get -yq2 install "$1" fi } -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" PSGVER="$(apt-cache madison postgresql|awk -F'[ +]' 'NR==1{print $3}')" @@ -65,7 +65,7 @@ read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS # Install required packages install_ifnot docker-ce -install_ifnot postgresql-$PSGVER +install_ifnot postgresql-"$PSGVER" # Create DB echo -e "> Creating postgresql database for container...\n" @@ -100,37 +100,36 @@ fi # Tune webserver for Jitsi App control -if [ $(grep -c "etherpad" $WS_CONF) != 0 ]; then +if [ "$(grep -c etherpad "$WS_CONF")" != 0 ]; then echo "> Webserver seems configured, skipping..." -elif [ -f $WS_CONF ]; then +elif [ -f "$WS_CONF" ]; then echo "> Setting up webserver configuration file..." - sed -i "/# ensure all static content can always be found first/i \ \ \ \ #Etherpad block" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \^\~\ \/etherpad\/ {" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_buffering off;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \\\n" $WS_CONF + sed -i "/# ensure all static content can always be found first/i \ \ \ \ #Etherpad block" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF" else echo "> No etherpad config done to server file, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues" fi # Configure config.js -if [ $(grep -c "etherpad_base" $WS_CONF) != 0 ]; then +if [ "$(grep -c "etherpad_base" "$WS_CONF")" != 0 ]; then echo -e "> $MEET_CONF seems configured, skipping...\n" else echo -e "> Setting etherpad domain at $MEET_CONF...\n" - sed -i "/ openSharedDocumentOnJoin:/a\ \ \ \ etherpad_base: \'https://$DOMAIN/etherpad/p/\'," $MEET_CONF + sed -i "/ openSharedDocumentOnJoin:/a\ \ \ \ etherpad_base: \'https://$DOMAIN/etherpad/p/\'," "$MEET_CONF" fi echo "> Checking nginx configuration..." -nginx -t 2>/dev/null -if [ $? = 0 ]; then +if nginx -t 2>/dev/null ; then echo -e " -- Docker configuration seems fine, enabling it." - systemctl reload nginx +# systemctl reload nginx else echo "Please check your configuration, something may be wrong." echo "Will not try to enable etherpad nginx configuration, please report to: diff --git a/grafana.sh b/grafana.sh index 093b4db..b914e5e 100644 --- a/grafana.sh +++ b/grafana.sh @@ -26,7 +26,7 @@ if [ "$MODE" = "debug" ]; then set -x fi -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -39,14 +39,14 @@ echo ' by Software, IT & Networks Ltd ' run_service() { -systemctl enable $1 -systemctl restart $1 -systemctl status $1 +systemctl enable "$1" +systemctl restart "$1" +systemctl status "$1" } MAIN_TEL="/etc/telegraf/telegraf.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" GRAFANA_INI="/etc/grafana/grafana.ini" -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" @@ -162,11 +162,11 @@ while [ $secs -gt 0 ]; do : $((secs--)) done -if [ -f $WS_CONF ]; then - sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \\\n" $WS_CONF +if [ -f "$WS_CONF" ]; then + sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF" systemctl restart nginx else echo "No app configuration done to server file, please report to: @@ -206,8 +206,8 @@ grafana_cred="admin:$GRAFANA_PASS" grafana_datasource="InfluxDB" ds=(11969); for d in "${ds[@]}"; do - echo -n "Processing $d: " - j=$(curl -s -k -u "$grafana_cred" $grafana_host/api/gnet/dashboards/$d | jq .json) + echo "Processing $d: " + j="$(curl -s -k -u "$grafana_cred" "$grafana_host"/api/gnet/dashboards/"$d" | jq .json)" curl -s -k -u "$grafana_cred" -XPOST -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d "{ diff --git a/jitsi-updater.sh b/jitsi-updater.sh index 241ad31..ea115f4 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -9,8 +9,11 @@ Purple='\e[0;35m' Green='\e[0;32m' Yellow='\e[0;33m' Color_Off='\e[0m' +printwc() { + printf "%b$2%b" "$1" "${Color_Off}" +} #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -23,28 +26,28 @@ support="https://switnet.net/support" apt_repo="/etc/apt/sources.list.d" ENABLE_BLESSM="TBD" CHD_LTST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" -CHD_LTST_2D="$(echo $CHD_LTST|cut -d "." -f 1,2)" +CHD_LTST_2D="$(echo "$CHD_LTST"|cut -d "." -f 1,2)" CHDB="$(whereis chromedriver | awk '{print$2}')" -DOMAIN="$(ls /etc/prosody/conf.d|awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" NC_DOMAIN="TBD" JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" -if [ -f $JITSI_MEET_PROXY ];then -PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) +if [ -f "$JITSI_MEET_PROXY" ];then +PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1) fi INT_CONF="/usr/share/jitsi-meet/interface_config.js" INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js" jibri_packages="$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages |sort -u|awk '{print $2}'|sed 's|jigasi||')" AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)" -if [ -f $apt_repo/google-chrome.list ]; then +if [ -f "$apt_repo"/google-chrome.list ]; then google_package=$(grep Package /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages | sort -u | cut -d ' ' -f2) else echo "Seems no Google repo installed" fi -if [ -z $CHDB ]; then +if [ -z "$CHDB" ]; then echo "Seems no chromedriver installed" else CHD_VER_LOCAL="$($CHDB -v | awk '{print $2}')" - CHD_VER_2D="$(echo $CHD_VER_LOCAL|awk '{printf "%.1f\n", $NF}')" + CHD_VER_2D="$(echo "$CHD_VER_LOCAL"|awk '{printf "%.1f\n", $NF}')" fi # True if $1 is greater than $2 @@ -72,21 +75,21 @@ restart_services() { update_jitsi_repo() { apt-get update -o Dir::Etc::sourcelist="sources.list.d/jitsi-$1.list" \ -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" - apt-get install -qq --only-upgrade $jibri_packages + apt-get install -qq --only-upgrade "$jibri_packages" } update_google_repo() { - if [ -f $apt_repo/google-chrome.list ]; then + if [ -f "$apt_repo"/google-chrome.list ]; then apt-get update -o Dir::Etc::sourcelist="sources.list.d/google-chrome.list" \ -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" - apt-get install -qq --only-upgrade $google_package + apt-get install -qq --only-upgrade "$google_package" else echo "No Google repository found" fi } GOOGL_VER_2D="$(/usr/bin/google-chrome --version|awk '{printf "%.1f\n", $NF}')" upgrade_cd() { -if [ ! -z "$GOOGL_VER_2D" ]; then +if [ -n "$GOOGL_VER_2D" ]; then if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then echo "Upgrading Chromedriver to Google Chromes version" wget -q https://chromedriver.storage.googleapis.com/"$CHD_LTST"/chromedriver_linux64.zip \ @@ -95,33 +98,38 @@ if [ ! -z "$GOOGL_VER_2D" ]; then chown root:root "$CHDB" chmod 0755 "$CHDB" rm -rf /tpm/chromedriver_linux64.zip - printf "Current version: ${Green} "$($CHDB -v |awk '{print $2}'|awk '{printf "%.1f\n", $NF}')" ${Color_Off} (latest available)\n" + printf "Current version: " + printwc "$Green" "$($CHDB -v |awk '{print $2}'|awk '{printf "%.1f\n", $NF}')" + echo -e " (latest available)\n" elif [ "$GOOGL_VER_2D" = "$CHD_LTST_2D" ]; then echo "No need to upgrade Chromedriver" - printf "Current version: ${Green} $CHD_VER_2D ${Color_Off}\n" + printf "Current version: " + printwc "$Green" "$CHD_VER_2D\n" fi else - printf "${Yellow} -> No Google Chrome versión to match, leaving untouched.${Color_Off}\n" + printwc "${Yellow}" " -> No Google Chrome versión to match, leaving untouched.\n" fi } check_lst_cd() { -printf "${Purple}Checking for the latest Chromedriver${Color_Off}\n" -if [ -f $CHDB ]; then - printf "Current installed Chromedriver: ${Yellow} $CHD_VER_2D ${Color_Off}\n" - printf "Current installed Google Chrome: ${Green} $GOOGL_VER_2D ${Color_Off}\n" +printwc "${Purple}" "Checking for the latest Chromedriver\n" +if [ -f "$CHDB" ]; then + printf "Current installed Chromedriver: " + printwc "${Yellow}" "$CHD_VER_2D\n" + printf "Current installed Google Chrome: " + printwc "${Green}" "$GOOGL_VER_2D\n" upgrade_cd else - printf "${Yellow} -> Seems there is no Chromedriver installed${Color_Off}\n" + printwc "${Yellow}" " -> Seems there is no Chromedriver installed\n" fi } -printf "${Blue}Update & upgrade Jitsi and components${Color_Off}\n" -if [ -f $apt_repo/jitsi-unstable.list ]; then +printwc "${Blue}" "Update & upgrade Jitsi and components\n" +if [ -f "$apt_repo"/jitsi-unstable.list ]; then update_jitsi_repo unstable update_google_repo check_lst_cd -elif [ -f $apt_repo/jitsi-stable.list ]; then +elif [ -f "$apt_repo"/jitsi-stable.list ]; then update_jitsi_repo stable update_google_repo check_lst_cd @@ -144,35 +152,33 @@ if [ -f "$INT_CONF_ETC" ]; then echo "Static interface_config.js exists, skipping modification..." else echo "This setup doesn't have a static interface_config.js, checking changes..." - printf "${Purple}========== Setting Static Avatar ==========${Color_Off}\n" + printwc "${Purple}" "========== Setting Static Avatar ==========\n" if [[ -z "$AVATAR" ]]; then echo "Moving on..." else echo "Setting Static Avatar" - sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'http://$DOMAIN/avatar/\'|" $INT_CONF - sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF + sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'http://$DOMAIN/avatar/\'|" "$INT_CONF" + sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" "$INT_CONF" fi - printf "${Purple}========== Setting Support Link ==========${Color_Off}\n" - if [[ -z $support ]]; then + printwc "${Purple}" "========== Setting Support Link ==========\n" + if [[ -z "$support" ]]; then echo "Moving on..." else echo "Setting Support custom link" - sed -i "s|https://jitsi.org/live|$support|g" $INT_CONF + sed -i "s|https://jitsi.org/live|$support|g" "$INT_CONF" fi - printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n" - sed -i "s|'videobackgroundblur', ||" $INT_CONF + printwc "${Purple}" "========== Disable Blur my background ==========\n" + sed -i "s|'videobackgroundblur', ||" "$INT_CONF" fi if [ "$NC_DOMAIN" != "TBD" ]; then -printf "${Purple}========== Enable $NC_DOMAIN for sync client ==========${Color_Off}\n" +printwc "${Purple}" "========== Enable $NC_DOMAIN for sync client ==========\n" if [ -z "$PREAD_PROXY" ]; then - echo " - Setting up Nextcloud domain on Jitsi Meet turn proxy -" - sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ }" $JITSI_MEET_PROXY + printf "\n Setting up Nextcloud domain on Jitsi Meet turn proxy\n\n" + sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ }" "$JITSI_MEET_PROXY" else echo "$NC_DOMAIN seems to be on place, skipping..." fi @@ -183,6 +189,6 @@ restart_services # Brandless mode # ######################################################################## if [ "$ENABLE_BLESSM" = "on" ]; then - bash $PWD/jm-bm.sh + bash "$PWD"/jm-bm.sh fi -printf "${Blue}Script completed \o/! ${Color_Off}\n" +printwc "${Blue}" "Script completed \o/!\n" diff --git a/jm-bm.sh b/jm-bm.sh index 6a0d68c..156259a 100644 --- a/jm-bm.sh +++ b/jm-bm.sh @@ -4,7 +4,7 @@ # SwITNet Ltd © - 2021, https://switnet.net/ # GNU GPLv3 or later. -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" CSS_FILE="/usr/share/jitsi-meet/css/all.css" TITLE_FILE="/usr/share/jitsi-meet/title.html" INT_CONF="/usr/share/jitsi-meet/interface_config.js" @@ -21,7 +21,7 @@ MOVILE_APP_NAME="Jitsi Meet" PART_USER="Participant" LOCAL_USER="me" # -SEC_ROOM="TBD" +#SEC_ROOM="TBD" echo ' #-------------------------------------------------- # Applying Brandless mode @@ -43,7 +43,7 @@ fi if [ ! -f "$REC_ICON_PATH" ];then cp images/gnome_record.png "$REC_ICON_PATH" else - echo "recording icon exists, skipping copying..." + echo "recording icon exists, skipping copying..." fi #Custom / Remove icons @@ -53,8 +53,8 @@ sed -i "s|jitsilogo.png|watermark2.png|g" "$TITLE_FILE" sed -i "s|logo-deep-linking.png|watermark2.png|g" "$BUNDLE_JS" sed -i "s|jitsiLogo_square.png|gnome_record.png|g" "$BUNDLE_JS" #Disable logo and url -if [ -z "$(grep -nr ".leftwatermark{display:none" "$CSS_FILE")" ]; then -sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE" +if ! grep -nr ".leftwatermark{display:none" "$CSS_FILE" ; then + sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE" fi #Customize room title diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index a366440..b14f98d 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -16,12 +16,12 @@ if [ "$MODE" = "debug" ]; then set -x fi -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi exit_if_not_installed() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" != "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then echo " This instance doesn't have $1 installed, exiting..." echo " If you think this is an error, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues " @@ -38,14 +38,14 @@ echo -e '\n exit_if_not_installed jitsi-meet DISTRO_RELEASE="$(lsb_release -sc)" -DOMAIN="$(ls /etc/prosody/conf.d/ | awk -F'.cfg' '!/localhost/{print $1}' | awk '!NF || !seen[$0]++')" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')" PHPVER="7.4" PSGVER="$(apt-cache madison postgresql|awk -F'[ +]' 'NR==1{print $3}')" PHP_FPM_DIR="/etc/php/$PHPVER/fpm" PHP_INI="$PHP_FPM_DIR/php.ini" PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf" -NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/$DOMAIN.conf | awk '{print$2}')" +NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')" NC_REPO="https://download.nextcloud.com/server/releases" NCVERSION="$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)" STABLEVERSION="nextcloud-$NCVERSION" @@ -62,10 +62,11 @@ PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) fi PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" ISO3166_CODE=TBD +NL="$(echo -e '\n> ')" while [[ "$ANS_NCD" != "yes" ]] do - read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)"$'\n' -r NC_DOMAIN + read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN if [ -z "$NC_DOMAIN" ];then echo "-- This field is mandatory." elif [ "$NC_DOMAIN" = "$DOMAIN" ]; then @@ -79,13 +80,12 @@ do fi done #Simple DNS test -if [ "$PUBLIC_IP" = "$(dig -4 +short $NC_DOMAIN|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then - echo "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing... -" +if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then + echo -e "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...\n\n" else echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match." echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail." - read -p " > Do you want to continue?: (yes or no)"$'\n' -r DNS_CONTINUE + read -p " > Do you want to continue?: (yes or no)$NL" -r DNS_CONTINUE if [ "$DNS_CONTINUE" = "yes" ]; then echo " - We'll continue anyway..." else @@ -114,7 +114,7 @@ while [[ "$ENABLE_HSTS" != "yes" && "$ENABLE_HSTS" != "no" ]] do read -p "> Do you want to enable HSTS for this domain?: (yes or no) Be aware this option apply mid-term effects on the domain, choose \"no\" - in case you don't know what you are doing. More at https://hstspreload.org/"$'\n' -r ENABLE_HSTS + in case you don't know what you are doing. More at https://hstspreload.org/$NL" -r ENABLE_HSTS if [ "$ENABLE_HSTS" = "no" ]; then echo "-- HSTS won't be enabled." elif [ "$ENABLE_HSTS" = "yes" ]; then @@ -129,7 +129,7 @@ while [ ${#ISO3166_CODE} -gt 2 ]; do echo -e "Some examples might be: Germany > DE | Mexico > MX | Spain > ES | USA > US\n Do you want to set such code for your installation?" && \ -read -p "Leave empty if you don't want to set any: "$'\n' ISO3166_CODE +read -p "Leave empty if you don't want to set any: " -r ISO3166_CODE if [ ${#ISO3166_CODE} -gt 2 ]; then echo -e "\n-- This code is only 2 characters long, please check your input.\n" fi @@ -137,7 +137,7 @@ done echo -e "\n# Check for jitsi-meet/jibri\n" if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed")" == "1" ] || \ - [ -f /etc/prosody/conf.d/$DOMAIN.conf ]; then + [ -f /etc/prosody/conf.d/"$DOMAIN".conf ]; then echo "jitsi meet/jibri is installed, checking version:" apt-show-versions jibri else @@ -146,7 +146,7 @@ else fi exit_ifinstalled() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " This instance already has $1 installed, exiting..." echo " If you think this is an error, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues " @@ -154,11 +154,11 @@ if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" = fi } install_ifnot() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." else echo -e "\n---- Installing $1 ----" - apt-get -yq2 install $1 + apt-get -yq2 install "$1" fi } add_php74() { @@ -174,46 +174,46 @@ else fi } #Prevent root folder permission issues -cp $PWD/files/jra-nc-app-ef.json /tmp +cp "$PWD"/files/jra-nc-app-ef.json /tmp -exit_ifinstalled postgresql-$PSGVER +exit_ifinstalled postgresql-"$PSGVER" ## Install software requirements # PostgresSQL -install_ifnot postgresql-$PSGVER +install_ifnot postgresql-"$PSGVER" # PHP 7.4 add_php74 apt-get install -y \ imagemagick \ - php$PHPVER-fpm \ - php$PHPVER-bcmath \ - php$PHPVER-bz2 \ - php$PHPVER-curl \ - php$PHPVER-gd \ - php$PHPVER-gmp \ - php$PHPVER-imagick \ - php$PHPVER-intl \ - php$PHPVER-json \ - php$PHPVER-ldap \ - php$PHPVER-mbstring \ - php$PHPVER-pgsql \ - php$PHPVER-redis \ - php$PHPVER-soap \ - php$PHPVER-xml \ - php$PHPVER-xmlrpc \ - php$PHPVER-zip \ + php"$PHPVER"-fpm \ + php"$PHPVER"-bcmath \ + php"$PHPVER"-bz2 \ + php"$PHPVER"-curl \ + php"$PHPVER"-gd \ + php"$PHPVER"-gmp \ + php"$PHPVER"-imagick \ + php"$PHPVER"-intl \ + php"$PHPVER"-json \ + php"$PHPVER"-ldap \ + php"$PHPVER"-mbstring \ + php"$PHPVER"-pgsql \ + php"$PHPVER"-redis \ + php"$PHPVER"-soap \ + php"$PHPVER"-xml \ + php"$PHPVER"-xmlrpc \ + php"$PHPVER"-zip \ redis-server \ unzip #System related install_ifnot smbclient -sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" $PHP_CONF -sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" $PHP_CONF -sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" $PHP_CONF -sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" $PHP_CONF -sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" $PHP_CONF -sed -i "s|;clear_env = no|clear_env = no|" $PHP_CONF +sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF" +sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF" +sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF" +sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF" +sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF" +sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF" echo " Tunning PHP.ini... @@ -244,14 +244,14 @@ echo "opcache.revalidate_freq=1" echo "opcache.validate_timestamps=1" } >> "$PHP_INI" -systemctl restart php$PHPVER-fpm.service +systemctl restart php"$PHPVER"-fpm.service #-------------------------------------------------- # Create DB user #-------------------------------------------------- echo -e "\n---- Creating the PgSQL DB & User ----" -cd /tmp +cd /tmp || exit sudo -u postgres psql < $NC_NGINX_CONF +cat << NC_NGINX > "$NC_NGINX_CONF" #nextcloud config upstream php-handler { #server 127.0.0.1:9000; @@ -417,9 +417,9 @@ server { } NC_NGINX systemctl stop nginx -letsencrypt certonly --standalone --renew-by-default --agree-tos -d $NC_DOMAIN -if [ -f /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem ];then - ln -s $NC_NGINX_CONF /etc/nginx/sites-available/ +letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN" +if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then + ln -s "$NC_NGINX_CONF" /etc/nginx/sites-available/ else echo "There are issues on getting the SSL certs..." read -n 1 -s -r -p "Press any key to continue" @@ -428,34 +428,34 @@ nginx -t systemctl restart nginx if [ "$ENABLE_HSTS" = "yes" ]; then - sed -i "s|#add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF + sed -i "s|#add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" "$NC_NGINX_CONF" fi -if [ ! -z "$PREAD_PROXY" ]; then +if [ -n "$PREAD_PROXY" ]; then echo " Setting up Nextcloud domain on Jitsi Meet turn proxy " - sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" $JITSI_MEET_PROXY - sed -i "/server {/i \ \ }" $JITSI_MEET_PROXY + sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ \ \ \ \ $DOMAIN web;" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" "$JITSI_MEET_PROXY" + sed -i "/server {/i \ \ }" "$JITSI_MEET_PROXY" fi echo " Latest version to be installed: $STABLEVERSION (This might take sometime, please be patient...) " -curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/$STABLEVERSION.zip -unzip -q /tmp/$STABLEVERSION.zip -mv nextcloud $NC_PATH +curl -s "$NC_REPO"/"$STABLEVERSION".zip > /tmp/"$STABLEVERSION".zip +unzip -q /tmp/"$STABLEVERSION".zip +mv nextcloud "$NC_PATH" -chown -R www-data:www-data $NC_PATH -chmod -R 755 $NC_PATH +chown -R www-data:www-data "$NC_PATH" +chmod -R 755 "$NC_PATH" echo " Database installation... " -sudo -u www-data php $NC_PATH/occ maintenance:install \ +sudo -u www-data php "$NC_PATH"/occ maintenance:install \ --database=pgsql \ --database-name="$NC_DB" \ --database-user="$NC_DB_USER" \ @@ -466,10 +466,10 @@ sudo -u www-data php $NC_PATH/occ maintenance:install \ echo " Apply custom mods... " -sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG -sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG -sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG -sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG +sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," "$NC_CONFIG" +sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," "$NC_CONFIG" +sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," "$NC_CONFIG" +sed -i "s|http://localhost|http://$NC_DOMAIN|" "$NC_CONFIG" echo "Add crontab..." crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NC_PATH/cron.php"; } | crontab -u www-data - @@ -477,54 +477,54 @@ crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NC_PATH/cron.php"; echo " Add memcache support... " -sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" $REDIS_CONF -sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" $REDIS_CONF -sed -i "s|port 6379|port 0|" $REDIS_CONF +sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF" +sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" "$REDIS_CONF" +sed -i "s|port 6379|port 0|" "$REDIS_CONF" systemctl restart redis-server echo "--> Setting config.php..." -if [ ! -z "$ISO3166_CODE" ]; then - sed -i "/);/i \ \ 'default_phone_region' => '$ISO3166_CODE'," $NC_CONFIG +if [ -n "$ISO3166_CODE" ]; then + sed -i "/);/i \ \ 'default_phone_region' => '$ISO3166_CODE'," "$NC_CONFIG" fi -sed -i "/);/i \ \ 'filelocking.enabled' => 'true'," $NC_CONFIG -sed -i "/);/i \ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG -sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG -sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG -sed -i "/);/i \ \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG -sed -i "/);/i \ \ 'redis' =>" $NC_CONFIG -sed -i "/);/i \ \ \ \ array (" $NC_CONFIG -sed -i "/);/i \ \ \ \ \ 'host' => '/var/run/redis/redis.sock'," $NC_CONFIG -sed -i "/);/i \ \ \ \ \ 'port' => 0," $NC_CONFIG -sed -i "/);/i \ \ \ \ \ 'timeout' => 0," $NC_CONFIG -sed -i "/);/i \ \ )," $NC_CONFIG +sed -i "/);/i \ \ 'filelocking.enabled' => 'true'," "$NC_CONFIG" +sed -i "/);/i \ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG" +sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG" +sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG" +sed -i "/);/i \ \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG" +sed -i "/);/i \ \ 'redis' =>" "$NC_CONFIG" +sed -i "/);/i \ \ \ \ array (" "$NC_CONFIG" +sed -i "/);/i \ \ \ \ \ 'host' => '/var/run/redis/redis.sock'," "$NC_CONFIG" +sed -i "/);/i \ \ \ \ \ 'port' => 0," "$NC_CONFIG" +sed -i "/);/i \ \ \ \ \ 'timeout' => 0," "$NC_CONFIG" +sed -i "/);/i \ \ )," "$NC_CONFIG" echo "Done " echo " Addding & Setting up Files External App for Local storage... " -sudo -u www-data php $NC_PATH/occ app:install files_external -sudo -u www-data php $NC_PATH/occ app:enable files_external -sudo -u www-data php $NC_PATH/occ app:disable support -sudo -u www-data php $NC_PATH/occ files_external:import /tmp/jra-nc-app-ef.json +sudo -u www-data php "$NC_PATH"/occ app:install files_external +sudo -u www-data php "$NC_PATH"/occ app:enable files_external +sudo -u www-data php "$NC_PATH"/occ app:disable support +sudo -u www-data php "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json usermod -a -G jibri www-data -chmod -R 770 $DIR_RECORD -chmod -R g+s $DIR_RECORD +chmod -R 770 "$DIR_RECORD" +chmod -R g+s "$DIR_RECORD" echo " Fixing possible missing tables... " -echo "y"|sudo -u www-data php $NC_PATH/occ db:convert-filecache-bigint -sudo -u www-data php $NC_PATH/occ db:add-missing-indices -sudo -u www-data php $NC_PATH/occ db:add-missing-columns +echo "y"|sudo -u www-data php "$NC_PATH"/occ db:convert-filecache-bigint +sudo -u www-data php "$NC_PATH"/occ db:add-missing-indices +sudo -u www-data php "$NC_PATH"/occ db:add-missing-columns echo " Adding trusted domain... " -sudo -u www-data php $NC_PATH/occ config:system:set trusted_domains 0 --value=$NC_DOMAIN +sudo -u www-data php "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN" echo "Setting JRA domain on jitsi-updater.sh" -cd ~/quick-jibri-installer +cd ~/quick-jibri-installer || exit sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh echo "Quick Nextcloud installation complete!" diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index dd077f7..f4b4c48 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -26,12 +26,12 @@ NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") DIST=$(lsb_release -sc) GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') -PROSODY_REPO=$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}') +PROSODY_REPO="$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}')" PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" -CR=`echo $'\n> '` +NL="$(echo -e '\n> ')" exit_ifinstalled() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " This instance already has $1 installed, exiting... Please try again on a clean system. @@ -53,11 +53,11 @@ rename_distro etiona bionic rename_distro nabia focal install_ifnot() { -if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then +if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." else echo -e "\n---- Installing $1 ----" - apt-get -yq2 install $1 + apt-get -yq2 install "$1" fi } check_serv() { @@ -96,16 +96,16 @@ else #-----------------------------------------------------------------------" #Test tool if [ "$MODE" = "debug" ]; then - bash $PWD/tools/test-jibri-env.sh -m debug + bash "$PWD"/tools/test-jibri-env.sh -m debug else - bash $PWD/tools/test-jibri-env.sh + bash "$PWD"/tools/test-jibri-env.sh fi read -n 1 -s -r -p "Press any key to continue..."$'\n' fi } # sed limiters for add-jibri-node.sh variables var_dlim() { - grep -n $1 add-jibri-node.sh|head -n1|cut -d ":" -f1 + grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1 } add_prosody_repo() { echo "Add Prosody repo" @@ -117,7 +117,7 @@ else fi } dpkg-compare() { -dpkg --compare-versions $(dpkg-query -f='${Version}' --show $1) $2 $3 +dpkg --compare-versions "$(dpkg-query -f='${Version}' --show "$1")" "$2" "$3" } wait_seconds() { secs=$(($1)) @@ -148,7 +148,7 @@ Wiki and documentation: https://github.com/switnet-ltd/quick-jibri-installer/wik read -n 1 -s -r -p "Press any key to continue..."$'\n' #Check if user is root -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi @@ -188,8 +188,8 @@ else CPU_MIN="Y" fi ### Test RAM size (8GB min) ### -mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') -if [ ${mem_available} -lt 7700000 ]; then +mem_available="$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+')" +if [ "$mem_available" -lt 7700000 ]; then echo " Warning!: The system do not meet the minimum RAM requirements for Jibri to run. >> We recommend 8GB RAM for Jibri! @@ -209,7 +209,7 @@ else echo "Even when you can use the videoconferencing sessions, we advice to increase the resources in order to user Jibri." while [[ "$CONTINUE_LOW_RES" != "yes" && "$CONTINUE_LOW_RES" != "no" ]] do - read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_LOW_RES + read -p "> Do you want to continue?: (yes or no)$NL" -r CONTINUE_LOW_RES if [ "$CONTINUE_LOW_RES" = "no" ]; then echo "See you next time with more resources!..." exit @@ -240,7 +240,7 @@ So you can add a Jibri server on a instance with enough resources.\n" while [[ "$DISABLE_LOCAL_JIBRI" != "yes" && "$DISABLE_LOCAL_JIBRI" != "no" ]] do - read -p "> Do you want to disable local jibri service?: (yes or no)"$'\n' -r DISABLE_LOCAL_JIBRI + read -p "> Do you want to disable local jibri service?: (yes or no)$NL" -r DISABLE_LOCAL_JIBRI if [ "$DISABLE_LOCAL_JIBRI" = "no" ]; then echo -e "Please keep in mind that we might not support underpowered servers.\n" elif [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then @@ -254,10 +254,10 @@ echo "Checking system oriented purpose.... " apt-get -yq2 update SYSTEM_DE="$(apt-cache search "ubuntu-(desktop|mate-desktop)"|awk '{print$1}'|xargs|sed 's|$| trisquel triskel trisquel-mini|')" -SYSTEM_DE_ARRAY=( $SYSTEM_DE ) +SYSTEM_DE_ARRAY=( "$SYSTEM_DE" ) for de in "${SYSTEM_DE_ARRAY[@]}" do - if [ "$(dpkg-query -W -f='${Status}' $de 2>/dev/null | grep -c "ok installed")" == "1" ]; then + if [ "$(dpkg-query -W -f='${Status}' "$de" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo -e "\n > This instance has $de installed, exiting... \nPlease avoid using this installer on a desktop-user oriented GNU/Linux system. This is an unsupported use, as it will likely BREAK YOUR SYSTEM, so please don't." @@ -282,8 +282,8 @@ fi #Default to LE SSL? while [[ "$LE_SSL" != "yes" && "$LE_SSL" != "no" ]] do -read -p "> Do you plan to use Let's Encrypt SSL certs?: (yes or no)"$'\n' -r LE_SSL -if [ $LE_SSL = yes ]; then +read -p "> Do you plan to use Let's Encrypt SSL certs?: (yes or no)$NL" -r LE_SSL +if [ "$LE_SSL" = yes ]; then echo "We'll default to Let's Encrypt SSL certs." else echo "We'll let you choose later on for it. @@ -294,8 +294,8 @@ done if [ "$LE_SSL" = "yes" ]; then while [[ "$ANS_JD" != "yes" ]] do - read -p "> Please set your domain (or subdomain) here: (e.g.: jitsi.domain.com)"$'\n' -r JITSI_DOMAIN - read -p "> Did you mean?: $JITSI_DOMAIN (yes or no)"$'\n' -r ANS_JD + read -p "> Please set your domain (or subdomain) here: (e.g.: jitsi.domain.com)$NL" -r JITSI_DOMAIN + read -p "> Did you mean?: $JITSI_DOMAIN (yes or no)$NL" -r ANS_JD if [ "$ANS_JD" = "yes" ]; then echo "Alright, let's use $JITSI_DOMAIN." else @@ -303,13 +303,13 @@ if [ "$LE_SSL" = "yes" ]; then fi done #Simple DNS test - if [ "$PUBLIC_IP" = "$(dig -4 +short $JITSI_DOMAIN||awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then + if [ "$PUBLIC_IP" = "$(dig -4 +short "$JITSI_DOMAIN"||awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then echo "Server public IP & DNS record for $JITSI_DOMAIN seems to match, continuing... " else echo "Server public IP ($PUBLIC_IP) & DNS record for $JITSI_DOMAIN don't seem to match." echo " > Please check your dns records are applied and updated, otherwise components may fail." - read -p " > Do you want to continue?: (yes or no)"$'\n' -r DNS_CONTINUE + read -p " > Do you want to continue?: (yes or no)$NL" -r DNS_CONTINUE if [ "$DNS_CONTINUE" = "yes" ]; then echo " - We'll continue anyway..." else @@ -348,15 +348,15 @@ apt-get -y install \ fi echo "# Check and Install HWE kernel if possible..." -HWE_VIR_MOD=$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)") +HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")" if [ "$HWE_VIR_MOD" = "1" ]; then apt-get -y install \ - linux-image-generic-hwe-$(lsb_release -sr) \ - linux-tools-generic-hwe-$(lsb_release -sr) + linux-image-generic-hwe-"$(lsb_release -sr)" \ + linux-tools-generic-hwe-"$(lsb_release -sr)" else apt-get -y install \ linux-image-generic \ - linux-modules-extra-$(uname -r) + linux-modules-extra-"$(uname -r)" fi check_serv @@ -373,7 +373,7 @@ fi apt-get -y install \ jitsi-meet \ jibri \ - openjdk-8-jre-headless + openjdk-11-jre-headless # Fix RAND_load_file error #https://github.com/openssl/openssl/issues/7754#issuecomment-444063355 @@ -409,7 +409,7 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then else echo "Installing Google Chrome Stable" wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - - echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO + echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" fi apt-get -q2 update apt-get install -yq2 google-chrome-stable @@ -419,7 +419,7 @@ if [ -f /usr/local/bin/chromedriver ]; then echo "Chromedriver already installed." else echo "Installing Chromedriver" - wget -q https://chromedriver.storage.googleapis.com/$CHD_LTST/chromedriver_linux64.zip \ + wget -q https://chromedriver.storage.googleapis.com/"$CHD_LTST"/chromedriver_linux64.zip \ -O /tmp/chromedriver_linux64.zip unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/ chown root:root /usr/local/bin/chromedriver @@ -437,13 +437,13 @@ echo " Remove Chrome warning... " mkdir -p /etc/opt/chrome/policies/managed -echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON +echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON" ## JMS system tune up if [ "$MODE" = "debug" ]; then - bash $PWD/mode/jms-stu.sh -m debug + bash "$PWD"/mode/jms-stu.sh -m debug else - bash $PWD/mode/jms-stu.sh + bash "$PWD"/mode/jms-stu.sh fi echo ' @@ -452,7 +452,7 @@ echo ' ######################################################################## ' # MEET / JIBRI SETUP -DOMAIN="$(find /etc/prosody/conf.d/ -name *.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" +DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" @@ -463,7 +463,7 @@ MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" JVB2_CONF="/etc/jitsi/videobridge/config" JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties" -DIR_RECORD=/var/jbrecord +DIR_RECORD="/var/jbrecord" REC_DIR="/home/jibri/finalize_recording.sh" JB_NAME="Jibri Sessions" LE_RENEW_LOG="/var/log/letsencrypt/renew.log" @@ -480,10 +480,10 @@ FQDN_HOST="fqdn" JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" # Rename hostname for jitsi server -while [[ "$FQDN_HOST" != "yes" && "$FQDN_HOST" != "no" && ! -z "$FQDN_HOST" ]] +while [[ "$FQDN_HOST" != "yes" && "$FQDN_HOST" != "no" && -n "$FQDN_HOST" ]] do echo -e "> Set $DOMAIN as a fqdn hostname?: (yes or no)\n" && \ - read -p "Leave empty to default to your current one ($(hostname -f)): "$'\n' FQDN_HOST + read -p "Leave empty to default to your current one ($(hostname -f)):$NL" -r FQDN_HOST if [ "$FQDN_HOST" = "yes" ]; then echo "$DOMAIN will be used as fqdn hostname, changes will show on reboot." hostnamectl set-hostname "${DOMAIN}" @@ -497,7 +497,7 @@ done if [ "$LE_SSL" = "yes" ]; then while [[ -z $SYSADMIN_EMAIL ]] do - read -p "Set sysadmin email (this is a mandatory field):"$'\n' -r SYSADMIN_EMAIL + read -p "Set sysadmin email (this is a mandatory field):$NL" -r SYSADMIN_EMAIL done fi #Language @@ -508,21 +508,21 @@ See here: https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json Jitsi Meet web interface will be set to use such language." -read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r JB_LANG +read -p "Please set your language (Press enter to default to 'en'):$NL" -r JB_LANG echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n" #Participant echo -e "> Do you want to translate 'Participant' to your own language?" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT +read -p "Leave empty to use the default one (English):$NL" -r L10N_PARTICIPANT #Me echo -e "\n> Do you want to translate 'me' to your own language? This must be a really small word to present one self. Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_ME +read -p "Leave empty to use the default one (English):$NL" -r L10N_ME #Drop unsecure TLS while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]] do - read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1 + read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)$NL" -r DROP_TLS1 if [ "$DROP_TLS1" = "no" ]; then echo "TLSv1.0/1.1 will remain." elif [ "$DROP_TLS1" = "yes" ]; then @@ -542,7 +542,7 @@ done #Brandless Mode while [[ "$ENABLE_BLESSM" != "yes" && "$ENABLE_BLESSM" != "no" ]] do - read -p "> Do you want to install customized \"brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM + read -p "> Do you want to install customized \"brandless mode\"?: (yes or no)$NL" -r ENABLE_BLESSM if [ "$ENABLE_BLESSM" = "no" ]; then echo "Brandless mode won't be set." elif [ "$ENABLE_BLESSM" = "yes" ]; then @@ -552,7 +552,7 @@ done #Welcome Page while [[ "$ENABLE_WELCP" != "yes" && "$ENABLE_WELCP" != "no" ]] do - read -p "> Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP + read -p "> Do you want to disable the Welcome page: (yes or no)$NL" -r ENABLE_WELCP if [ "$ENABLE_WELCP" = "yes" ]; then echo "Welcome page will be disabled." elif [ "$ENABLE_WELCP" = "no" ]; then @@ -562,7 +562,7 @@ done #Close page while [[ "$ENABLE_CLOCP" != "yes" && "$ENABLE_CLOCP" != "no" ]] do - read -p "> Do you want to enable the close page on room exit: (yes or no)"$'\n' -r ENABLE_CLOCP + read -p "> Do you want to enable the close page on room exit: (yes or no)$NL" -r ENABLE_CLOCP if [ "$ENABLE_CLOCP" = "yes" ]; then echo "Close page will be enabled." elif [ "$ENABLE_CLOCP" = "no" ]; then @@ -572,7 +572,7 @@ done #Enable static avatar while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] do - read -p "> (Legacy) Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA + read -p "> (Legacy) Do you want to enable static avatar?: (yes or no)$NL" -r ENABLE_SA if [ "$ENABLE_SA" = "no" ]; then echo "Static avatar won't be enabled" elif [ "$ENABLE_SA" = "yes" ]; then @@ -644,7 +644,7 @@ fi while [[ "$ENABLE_NC_ACCESS" != "yes" && "$ENABLE_NC_ACCESS" != "no" ]] do read -p "> Do you want to setup Jibri Records Access via Nextcloud: (yes or no) -( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_NC_ACCESS +( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )$NL" -r ENABLE_NC_ACCESS if [ "$ENABLE_NC_ACCESS" = "no" ]; then echo -e "-- JRA via Nextcloud won't be enabled.\n" elif [ "$ENABLE_NC_ACCESS" = "yes" ]; then @@ -652,15 +652,15 @@ do fi done #Jigasi -if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then +if [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "404" ]; then echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd), thus, Jigasi Transcript can't be enable. " -elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then +elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "200" ]; then while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] do read -p "> Do you want to setup Jigasi Transcription: (yes or no) -( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_TRANSCRIPT +( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )$NL" -r ENABLE_TRANSCRIPT if [ "$ENABLE_TRANSCRIPT" = "no" ]; then echo -e "-- Jigasi Transcription won't be enabled.\n" elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then @@ -675,7 +675,7 @@ fi while [[ "$ENABLE_GRAFANA_DSH" != "yes" && "$ENABLE_GRAFANA_DSH" != "no" ]] do read -p "> Do you want to setup Grafana Dashboard: (yes or no) -( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )"$'\n' -r ENABLE_GRAFANA_DSH +( Please check requirements at: https://github.com/switnet-ltd/quick-jibri-installer )$NL" -r ENABLE_GRAFANA_DSH if [ "$ENABLE_GRAFANA_DSH" = "no" ]; then echo -e "-- Grafana Dashboard won't be enabled.\n" elif [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then @@ -685,7 +685,7 @@ done #Docker Etherpad while [[ "$ENABLE_DOCKERPAD" != "yes" && "$ENABLE_DOCKERPAD" != "no" ]] do -read -p "> Do you want to setup Docker Etherpad: (yes or no)"$'\n' -r ENABLE_DOCKERPAD +read -p "> Do you want to setup Docker Etherpad: (yes or no)$NL" -r ENABLE_DOCKERPAD if [ "$ENABLE_DOCKERPAD" = "no" ]; then echo -e "-- Docker Etherpad won't be enabled.\n" elif [ "$ENABLE_DOCKERPAD" = "yes" ]; then @@ -701,17 +701,16 @@ echo ' JibriBrewery=JibriBrewery INT_CONF="/usr/share/jitsi-meet/interface_config.js" INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js" -WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) ssl_wa() { if [ "$LE_SSL" = "yes" ]; then - systemctl stop $1 - letsencrypt certonly --standalone --renew-by-default --agree-tos --email $5 -d $6 - sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" $4 - sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" $4 - systemctl restart $1 + systemctl stop "$1" + letsencrypt certonly --standalone --renew-by-default --agree-tos --email "$5" -d "$6" + sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" "$4" + sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" "$4" + systemctl restart "$1" #Add cron - if [ $(crontab -l|sed 's|#.*$||g'|grep -c 'weekly certbot renew') = 0 ];then + if [ "$(crontab -l|sed 's|#.*$||g'|grep -c 'weekly certbot renew')" = 0 ];then crontab -l | { cat; echo "@weekly certbot renew --${2} > $LE_RENEW_LOG 2>&1"; } | crontab - else echo "Crontab seems to be already in place, skipping." @@ -735,13 +734,13 @@ if [ "$LE_SSL" = "yes" ]; then echo -e "\nCertbot repository already on the system!\nChecking for updates...\n" apt-get -q2 update apt-get -yq2 dist-upgrade - elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "200" ]; then + elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "200" ]; then echo -e "\nAdding cerbot (formerly letsencrypt) PPA repository for latest updates\n" echo "deb http://ppa.launchpad.net/certbot/certbot/ubuntu $DIST main" > /etc/apt/sources.list.d/certbot.list apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694 apt-get -q2 update apt-get -yq2 dist-upgrade - elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "404" ]; then + elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "404" ]; then echo -e "\nCertbot PPA is not available for $(lsb_release -sc) just yet, it won't be installed...\n" fi else @@ -773,9 +772,9 @@ sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communi # Configure Jibri if [ "$ENABLE_SC" = "yes" ]; then - if [ ! -f $MOD_LIST_FILE ]; then + if [ ! -f "$MOD_LIST_FILE" ]; then echo -e "\n-> Adding external module to list prosody users...\n" - curl -s $MOD_LISTU > $MOD_LIST_FILE + curl -s "$MOD_LISTU" > "$MOD_LIST_FILE" echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" else @@ -784,7 +783,7 @@ if [ "$ENABLE_SC" = "yes" ]; then fi #Enable jibri recording -cat << REC-JIBRI >> $PROSODY_FILE +cat << REC-JIBRI >> "$PROSODY_FILE" VirtualHost "recorder.$DOMAIN" modules_enabled = { @@ -795,71 +794,71 @@ VirtualHost "recorder.$DOMAIN" REC-JIBRI #Enable Jibri withelist -sed -i "s|-- muc_lobby_whitelist|muc_lobby_whitelist|" $PROSODY_FILE +sed -i "s|-- muc_lobby_whitelist|muc_lobby_whitelist|" "$PROSODY_FILE" #Fix Jibri conectivity issues -sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" "$PROSODY_SYS" sed -i "/c2s_require_encryption = false/a \\ \\ -consider_bosh_secure = true" $PROSODY_SYS +consider_bosh_secure = true" "$PROSODY_SYS" -if [ ! -z $L10N_PARTICIPANT ]; then +if [ -n "$L10N_PARTICIPANT" ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh fi -if [ ! -z $L10N_ME ]; then +if [ -n "$L10N_ME" ]; then sed -i "s|LOCAL_USER=.*|LOCAL_USER=\"$L10N_ME\"|" jm-bm.sh fi ### Prosody users -prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS -prosodyctl register recorder recorder.$DOMAIN $JB_REC_PASS +prosodyctl register jibri auth."$DOMAIN" "$JB_AUTH_PASS" +prosodyctl register recorder recorder."$DOMAIN" "$JB_REC_PASS" ## JICOFO # /etc/jitsi/jicofo/sip-communicator.properties -cat << BREWERY >> $JICOFO_SIP +cat << BREWERY >> "$JICOFO_SIP" #org.jitsi.jicofo.auth.URL=XMPP:$DOMAIN #org.jitsi.jicofo.auth.URL=EXT_JWT:$DOMAIN -org.jitsi.jicofo.jibri.BREWERY=$JibriBrewery@internal.auth.$DOMAIN +org.jitsi.jicofo.jibri.BREWERY="$JibriBrewery"@internal.auth."$DOMAIN" org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90 #org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true BREWERY # Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js -sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" $MEET_CONF -sed -i "s|// fileRecordingsEnabled: false,|fileRecordingsEnabled: true,| " $MEET_CONF +sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" "$MEET_CONF" +sed -i "s|// fileRecordingsEnabled: false,|fileRecordingsEnabled: true,| " "$MEET_CONF" sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\ \\ - hiddenDomain: \'recorder.$DOMAIN\',|" $MEET_CONF + hiddenDomain: \'recorder.$DOMAIN\',|" "$MEET_CONF" #Dropbox feature #if [ "$ENABLE_DB" = "yes" ]; then -#DB_STR=$(grep -n "dropbox:" $MEET_CONF | cut -d ":" -f1) +#DB_STR=$(grep -n "dropbox:" "$MEET_CONF" | cut -d ":" -f1) #DB_END=$((DB_STR + 10)) -#sed -i "$DB_STR,$DB_END{s|// dropbox: {|dropbox: {|}" $MEET_CONF -#sed -i "$DB_STR,$DB_END{s|// appKey: ''|appKey: \'$DB_CID\'|}" $MEET_CONF -#sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF +#sed -i "$DB_STR,$DB_END{s|// dropbox: {|dropbox: {|}" "$MEET_CONF" +#sed -i "$DB_STR,$DB_END{s|// appKey: ''|appKey: \'$DB_CID\'|}" "$MEET_CONF" +#sed -i "$DB_STR,$DB_END{s|// },|},|}" "$MEET_CONF" #fi #Setup main language -if [ -z $JB_LANG ] || [ "$JB_LANG" = "en" ]; then +if [ -z "$JB_LANG" ] || [ "$JB_LANG" = "en" ]; then echo "Leaving English (en) as default language..." - sed -i "s|// defaultLanguage: 'en',|defaultLanguage: 'en',|" $MEET_CONF + sed -i "s|// defaultLanguage: 'en',|defaultLanguage: 'en',|" "$MEET_CONF" else echo "Changing default language to: $JB_LANG" - sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$JB_LANG\',|" $MEET_CONF + sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$JB_LANG\',|" "$MEET_CONF" fi # Recording directory -if [ ! -d $DIR_RECORD ]; then - mkdir $DIR_RECORD +if [ ! -d "$DIR_RECORD" ]; then + mkdir "$DIR_RECORD" fi -chown -R jibri:jibri $DIR_RECORD +chown -R jibri:jibri "$DIR_RECORD" -cat << REC_DIR > $REC_DIR +cat << REC_DIR > "$REC_DIR" #!/bin/bash -RECORDINGS_DIR=$DIR_RECORD +RECORDINGS_DIR="$DIR_RECORD" echo "This is a dummy finalize script" > /tmp/finalize.out echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out @@ -875,12 +874,12 @@ mv \$LJF_PATH \$NJF_PATH exit 0 REC_DIR -chown jibri:jibri $REC_DIR -chmod +x $REC_DIR +chown jibri:jibri "$REC_DIR" +chmod +x "$REC_DIR" ## New Jibri Config (2020) -mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file -cat << NEW_CONF > $JIBRI_CONF +mv "$JIBRI_CONF" ${JIBRI_CONF}-dpkg-file +cat << NEW_CONF > "$JIBRI_CONF" // New XMPP environment config. jibri { streaming { @@ -927,8 +926,8 @@ jibri { default-call-empty-timeout = 30 seconds } recording { - recordings-directory = $DIR_RECORD - finalize-script = $REC_DIR + recordings-directory = "$DIR_RECORD" + finalize-script = "$REC_DIR" } api { xmpp { @@ -993,14 +992,14 @@ jibri { NEW_CONF #Jibri xorg resolution -sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" $JIBRI_XORG_CONF +sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" #Create receiver user -useradd -m -g jibri $MJS_USER +useradd -m -g jibri "$MJS_USER" echo "$MJS_USER:$MJS_USER_PASS" | chpasswd #Create ssh key and restrict connections -sudo su $MJS_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +sudo su "$MJS_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" #Allow password authentication sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config systemctl restart sshd @@ -1022,7 +1021,7 @@ echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LET #-- Setting variables for add-jvb2-node.sh g_conf_value() { - grep "$1" $JVB2_CONF|sed "s|$1||" + grep "$1" "$JVB2_CONF"|sed "s|$1||" } JVB_HOSTNAME=$(g_conf_value JVB_HOSTNAME=) JVB_HOST=$(g_conf_value JVB_HOST=) @@ -1032,7 +1031,7 @@ JVB_OPTS=$(g_conf_value JVB_OPTS=) JAVA_SYS_PROPS=$(g_conf_value JAVA_SYS_PROPS=) g_sip_value() { - grep "$1" $JVB2_SIP |cut -d "=" -f2 + grep "$1" "$JVB2_SIP" |cut -d "=" -f2 } DISABLE_AWS_HARVESTER=$(g_sip_value DISABLE_AWS_HARVESTER=) STUN_MAPPING_HARVESTER_ADDRESSES=$(g_sip_value STUN_MAPPING_HARVESTER_ADDRESSES=) @@ -1066,26 +1065,26 @@ sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh ##-- #Tune webserver for Jitsi App control -if [ -f $WS_CONF ]; then - sed -i "/# ensure all static content can always be found first/i \\\n" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ location = \/external_api.min.js {" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" $WS_CONF - sed -i "/# ensure all static content can always be found first/i \\\n" $WS_CONF +if [ -f "$WS_CONF" ]; then + sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ location = \/external_api.min.js {" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF" + sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF" systemctl reload nginx else echo "No app configuration done to server file, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues" fi #Static avatar -if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then +if [ "$ENABLE_SA" = "yes" ] && [ -f "$WS_CONF" ]; then cp images/avatar2.png /usr/share/jitsi-meet/images/ - sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" $WS_CONF - sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" $WS_CONF + sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" "$WS_CONF" + sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" "$WS_CONF" sed -i "/location \/external_api.min.js/i \ \ \ \ }\\ -\ " $WS_CONF - sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF - sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF +\ " "$WS_CONF" + sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" "$INT_CONF" + sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" "$INT_CONF" fi #nginx -tlsv1/1.1 if [ "$DROP_TLS1" = "yes" ];then @@ -1102,34 +1101,34 @@ fi ###Setup secure rooms if [ "$ENABLE_SC" = "yes" ]; then - SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | awk -F ':' 'NR==1{print$1}') + SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" "$PROSODY_FILE" | awk -F ':' 'NR==1{print$1}') SRP_END=$((SRP_STR + 10)) - sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_hashed\"|}" $PROSODY_FILE - sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF + sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_hashed\"|}" "$PROSODY_FILE" + sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" "$MEET_CONF" #Secure room initial user - read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER - read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS - prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS + read -p "Set username for secure room moderator:$NL" -r SEC_ROOM_USER + read -p "Secure room moderator password:$NL" -r SEC_ROOM_PASS + prosodyctl register "$SEC_ROOM_USER" "$DOMAIN" "$SEC_ROOM_PASS" echo -e "\nSecure rooms are being enabled..." echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." - sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP + sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" "$JICOFO_SIP" sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh fi ###JWT if [ "$ENABLE_JWT" = "yes" ]; then echo -e "\nJWT auth is being setup..." - bash $PWD/mode/jwt.sh + bash "$PWD"/mode/jwt.sh fi #Guest allow #Change back lobby - https://community.jitsi.org/t/64769/136 if [ "$ENABLE_SC" = "yes" ];then - cat << P_SR >> $PROSODY_FILE + cat << P_SR >> "$PROSODY_FILE" -- #Change back lobby - https://community.jitsi.org/t/64769/136 VirtualHost "guest.$DOMAIN" authentication = "anonymous" @@ -1147,51 +1146,51 @@ fi #====================== # Custom settings #Start with video muted by default -sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF +sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" "$MEET_CONF" #Start with audio muted but admin -sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" $MEET_CONF +sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" "$MEET_CONF" #Disable/enable welcome page if [ "$ENABLE_WELCP" = "yes" ]; then - sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" $MEET_CONF + sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" "$MEET_CONF" elif [ "$ENABLE_WELCP" = "no" ]; then - sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" $MEET_CONF + sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" "$MEET_CONF" fi #Enable close page if [ "$ENABLE_CLOCP" = "yes" ]; then - sed -i "s|.*enableClosePage:.*| enableClosePage: true,|" $MEET_CONF + sed -i "s|.*enableClosePage:.*| enableClosePage: true,|" "$MEET_CONF" elif [ "$ENABLE_CLOCP" = "no" ]; then - sed -i "s|.*enableClosePage:.*| enableClosePage: false,|" $MEET_CONF + sed -i "s|.*enableClosePage:.*| enableClosePage: false,|" "$MEET_CONF" fi #Add pre-join screen by default, since it improves YouTube autoplay capabilities #pre-join screen by itself don't require autorization by moderator, don't confuse with lobby which does. -sed -i "s|// prejoinPageEnabled:.*|prejoinPageEnabled: true,|" $MEET_CONF +sed -i "s|// prejoinPageEnabled:.*|prejoinPageEnabled: true,|" "$MEET_CONF" #Set HD resolution and widescreen format -sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 720," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 720," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 720," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 1280," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 1280," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," $MEET_CONF -sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" $MEET_CONF +sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 720," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 720," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 720," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 1280," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 1280," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," "$MEET_CONF" +sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" "$MEET_CONF" #Check config file echo -e "\n# Checking $MEET_CONF file for errors\n" -CHECKJS=$(esvalidate $MEET_CONF| cut -d ":" -f2) +CHECKJS=$(esvalidate "$MEET_CONF"| cut -d ":" -f2) if [[ -z "$CHECKJS" ]]; then echo -e "\n# The $MEET_CONF configuration seems correct. =)\n" else @@ -1214,7 +1213,7 @@ if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then systemctl disable jibri-xorg systemctl disable jibri-icewm # Manually apply permissions since finalize_recording.sh won't be triggered under this server options. - chmod -R 770 $DIR_RECORD + chmod -R 770 "$DIR_RECORD" fi enable_letsencrypt @@ -1225,7 +1224,7 @@ chmod -R 650 /etc/prosody/certs/ #SSL workaround if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then - ssl_wa nginx nginx $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN + ssl_wa nginx nginx "$DOMAIN" "$WS_CONF" "$SYSADMIN_EMAIL" "$DOMAIN" install_ifnot python3-certbot-nginx else echo "No webserver found please report." @@ -1234,19 +1233,19 @@ fi if [ "$ENABLE_BLESSM" = "yes" ]; then echo "Custom brandless mode will be enabled." sed -i "s|ENABLE_BLESSM=.*|ENABLE_BLESSM=\"on\"|" jitsi-updater.sh - bash $PWD/jm-bm.sh + bash "$PWD"/jm-bm.sh fi # Applying best practives for interface config.js echo -e "\n> Setting up custom interface_config.js according to best practices." cp "$INT_CONF" "$INT_CONF_ETC" #Tune webserver for interface_config.js -if [ -f $WS_CONF ]; then - sed -i "/external_api.js/i \\\n" $WS_CONF - sed -i "/external_api.js/i \ \ \ \ location = \/interface_config.js {" $WS_CONF - sed -i "/external_api.js/i \ \ \ \ \ \ \ \ alias \/etc\/jitsi\/meet\/$DOMAIN-interface_config.js;" $WS_CONF - sed -i "/external_api.js/i \ \ \ \ }" $WS_CONF - sed -i "/external_api.js/i \\\n" $WS_CONF +if [ -f "$WS_CONF" ]; then + sed -i "/external_api.js/i \\\n" "$WS_CONF" + sed -i "/external_api.js/i \ \ \ \ location = \/interface_config.js {" "$WS_CONF" + sed -i "/external_api.js/i \ \ \ \ \ \ \ \ alias \/etc\/jitsi\/meet\/$DOMAIN-interface_config.js;" "$WS_CONF" + sed -i "/external_api.js/i \ \ \ \ }" "$WS_CONF" + sed -i "/external_api.js/i \\\n" "$WS_CONF" systemctl reload nginx else echo "No interface_config.js configuration done to server file, please report to: @@ -1254,11 +1253,11 @@ else fi #JRA via Nextcloud if [ "$ENABLE_NC_ACCESS" = "yes" ]; then - echo -n "\nJRA via Nextcloud will be enabled." + echo -e "\nJRA via Nextcloud will be enabled." if [ "$MODE" = "debug" ]; then - bash $PWD/jra_nextcloud.sh -m debug + bash "$PWD"/jra_nextcloud.sh -m debug else - bash $PWD/jra_nextcloud.sh + bash "$PWD"/jra_nextcloud.sh fi fi } > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) @@ -1267,9 +1266,9 @@ if [ "$ENABLE_TRANSCRIPT" = "yes" ]; then echo -e "\nJigasi Transcription will be enabled." # ToDo: Analyze behavior on debug #if [ "$MODE" = "debug" ]; then - # bash $PWD/jigasi.sh -m debug + # bash "$PWD"/jigasi.sh -m debug #else - bash $PWD/jigasi.sh + bash "$PWD"/jigasi.sh #fi fi { @@ -1277,18 +1276,18 @@ fi if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then echo -e "\nGrafana Dashboard will be enabled." if [ "$MODE" = "debug" ]; then - bash $PWD/grafana.sh -m debug + bash "$PWD"/grafana.sh -m debug else - bash $PWD/grafana.sh + bash "$PWD"/grafana.sh fi fi #Docker Etherpad if [ "$ENABLE_DOCKERPAD" = "yes" ]; then echo -e "\nDocker Etherpad will be enabled." if [ "$MODE" = "debug" ]; then - bash $PWD/etherpad-docker.sh -m debug + bash "$PWD"/etherpad-docker.sh -m debug else - bash $PWD/etherpad-docker.sh + bash "$PWD"/etherpad-docker.sh fi fi #Prevent JMS conecction issue