From 4e18b9685634fdd6afa5adb77e618c22e6887f2f Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Wed, 28 Oct 2020 15:02:03 -0600 Subject: [PATCH 01/43] Confirm jicofo recognizing jibri online --- tools/jibri-conf-upgrade.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/jibri-conf-upgrade.sh b/tools/jibri-conf-upgrade.sh index f80cec9..c559782 100644 --- a/tools/jibri-conf-upgrade.sh +++ b/tools/jibri-conf-upgrade.sh @@ -200,3 +200,8 @@ read -n 1 -s -r -p "Press any key to continue..."$'\n' restart_services_jibri systemctl status jibri + +if [ -f /var/log/jitsi/jicofo.log ]; then +echo -e "Checking for jicofo recognizing \"Live\" jibri node..." +tail -n 10 | grep Live +fi From 471e391a2adf60e70f0080642f60f540d05bd1b2 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Wed, 28 Oct 2020 15:07:07 -0600 Subject: [PATCH 02/43] Add fail2ban tool --- tools/fail2ban_ssh.sh | 45 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 tools/fail2ban_ssh.sh diff --git a/tools/fail2ban_ssh.sh b/tools/fail2ban_ssh.sh new file mode 100644 index 0000000..d61fb71 --- /dev/null +++ b/tools/fail2ban_ssh.sh @@ -0,0 +1,45 @@ +#!/bin/bash +# Simple Fail2ban configuration +# 2020 - SwITNet Ltd +# GNU GPLv3 or later. + +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo ./fail2ban_ssh.sh [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + +#Check if user is root +if ! [ $(id -u) = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi + +apt-get -y install fail2ban + +if \ +[ -f /var/log/ssh_f2b.log ] && \ +[ $(grep -c 604800 /etc/fail2ban/jail.local) = "1" ] && \ +[ $(grep -c ssh_f2b.log /etc/fail2ban/jail.local) = "1"]; then + echo -e "\nFail2ban seems to be already configured.\n" +else + echo -e "\nConfiguring Fail2ban...\n" +cat << F2BAN >> /etc/fail2ban/jail.local +[sshd] +enabled = true +port = 22 +filter = sshd +logpath = /var/log/ssh_f2b.log +maxretry = 3 +bantime = 604800 +F2BAN +fi +systemctl restart fail2ban From a9064e9776f8db9394af35c931345004215f17c6 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Wed, 28 Oct 2020 15:08:05 -0600 Subject: [PATCH 03/43] Fix link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 111df8b..aa8d675 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ Feel free to use our (new) `test-jibri-env.sh` tool to find some details on your * Grafana Dashboard * Lobby Rooms - Secure Rooms * Conference Duration - Secure Rooms -* (New) Automatic Jibri nodes network sync ([see more](https://github.com/switnet-ltd/quick-jibri-installer/wiki/Jibri-Nodes)). +* (New) Automatic Jibri nodes network sync ([see more](https://github.com/switnet-ltd/quick-jibri-installer/wiki/Setup-and-Jibri-Nodes)). ## Tools (New) * (New) Jibri Environment Tester From e0f5f2100a473f6fe9341a52ca8ccec8f3115160 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Wed, 18 Nov 2020 00:40:12 -0600 Subject: [PATCH 04/43] Start prosody jwt config and fix --- quick_jibri_installer.sh | 57 ++++++++++++++++++++++++++++++++++------ 1 file changed, 49 insertions(+), 8 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 0152007..a9cf1d6 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -304,7 +304,7 @@ echo " if [ "$(dpkg-query -W -f='${Status}' nodejs 2>/dev/null | grep -c "ok")" == "1" ]; then echo "Nodejs is installed, skipping..." else - curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - + curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - apt-get install -yq2 nodejs echo "Installing nodejs esprima package..." npm install -g esprima @@ -385,8 +385,8 @@ MJS_USER="jbsync_$MJS_RAND_TAIL" MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" # Rename hostname for jitsi server -#hostnamectl set-hostname "jibri.${DOMAIN}" -#sed -i "1i ${PUBLIC_IP} jibri.${DOMAIN}" /etc/hosts +#hostnamectl set-hostname "jitsi.${DOMAIN}" +#sed -i "1i ${PUBLIC_IP} jitsi.${DOMAIN}" /etc/hosts #Sysadmin email while [[ -z $SYSADMIN_EMAIL ]] @@ -686,7 +686,6 @@ org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90 BREWERY # Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js -sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" $MEET_CONF sed -i "s|// fileRecordingsEnabled: false,|fileRecordingsEnabled: true,| " $MEET_CONF sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\ @@ -900,11 +899,53 @@ sed -i "s|'videobackgroundblur', ||" $INT_CONF #================== Setup prosody conf file ================= -#Setup secure rooms +#===Setup secure rooms ===# +if [ "$ENABLE_SC" = "yes" ]; then SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) SRP_END=$((SRP_STR + 10)) sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE +sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF +fi +if [ "$ENABLE_JWT" = "yes" ]; then + ## focal openssl + if [ "$(lsb_release -sc)" = "focal" ]; then + echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \ + sudo tee /etc/apt/sources.list.d/rvm.list + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F4E3FBBE + apt-get update + fi + +###JWT +apt-get -y install \ + lua5.2 \ + liblua5.2 \ + luarocks \ + libssl1.0-dev \ + python3-jwt + +luarocks install basexx +luarocks install luacrypto +luarocks install lua-cjson 2.1.0-1 + +echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections +echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections + +apt-get install -y jitsi-meet-tokens + +#Setting up +sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" /etc/prosody/prosody.cfg.lua +sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua +sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua + +#allow_empty_token = true + +#SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) +#SRP_END=$((SRP_STR + 10)) +sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF +fi + +#Guest allow if dpkg-compare prosody gt 0.11.0 ; then cat << P_SR >> $PROSODY_FILE @@ -927,9 +968,9 @@ P_SR else cat << P_SR >> $PROSODY_FILE -VirtualHost "guest.$DOMAIN" - authentication = "anonymous" - c2s_require_encryption = false +#VirtualHost "guest.$DOMAIN" +# authentication = "anonymous" +# c2s_require_encryption = false P_SR fi From db48de8f94de8bf67b7770284cd8f0ed886b7dc5 Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Wed, 18 Nov 2020 01:26:38 -0600 Subject: [PATCH 05/43] Fix condition and comments. --- quick_jibri_installer.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index a9cf1d6..05e079f 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -946,7 +946,7 @@ sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMA fi #Guest allow -if dpkg-compare prosody gt 0.11.0 ; then +if [ "$ENABLE_SC" = "yes" ] || [ "$ENABLE_JWT" = "yes" ];then cat << P_SR >> $PROSODY_FILE VirtualHost "guest.$DOMAIN" @@ -968,9 +968,9 @@ P_SR else cat << P_SR >> $PROSODY_FILE -#VirtualHost "guest.$DOMAIN" -# authentication = "anonymous" -# c2s_require_encryption = false +--VirtualHost "guest.$DOMAIN" +-- authentication = "anonymous" +-- c2s_require_encryption = false P_SR fi From 4668b418d22d72898f671f6246ec42471652cf2d Mon Sep 17 00:00:00 2001 From: Luis Guzman Date: Mon, 7 Dec 2020 11:28:28 -0600 Subject: [PATCH 06/43] Add jvb2 node testing --- add-jvb2-node.sh | 316 +++++++++++++++++++++++++++++++++++++++ quick_jibri_installer.sh | 66 ++++++-- 2 files changed, 368 insertions(+), 14 deletions(-) create mode 100644 add-jvb2-node.sh diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh new file mode 100644 index 0000000..3c4a3e3 --- /dev/null +++ b/add-jvb2-node.sh @@ -0,0 +1,316 @@ +#!/bin/bash +# JVB2 Node Aggregator +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. + +### 0_LAST EDITION TIME STAMP ### +# LETS: AUTOMATED_EDITION_TIME +### 1_LAST EDITION ### + +#Make sure the file name is the required one +if [ ! "$(basename $0)" = "add-jvb2-node.sh" ]; then + echo "For most cases naming won't matter, for this one it does." + echo "Please use the original name for this script: \`add-jvb2-node.sh', and run again." + exit +fi + +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo ./add-jvb2-node.sh [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + +#Check admin rights +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi + +### 0_VAR_DEF +MAIN_SRV_DIST=TBD +MAIN_SRV_REPO=TBD +MAIN_SRV_DOMAIN=TBD + +JVB_HOSTNAME=TBD +JVB_HOST=TBD +JVB_PORT=TBD +JVB_SECRET=TBD +JVB_OPTS=TBD +SYS_PROPS=TBD +AWS_HARVEST=TBD +STUN_MAPPING=TBD +ENABLE_STATISTICS=TBD +SHARD_HOSTNAME=TBD +SHARD_DOMAIN=TBD +SHARD_PASS=TBD +MUC_JID=TBD + +MJS_USER=TBD +MJS_USER_PASS=TBD +START=0 +LAST=TBD + +THIS_SRV_DIST=$(lsb_release -sc) +JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) +JVB2_CONF="/etc/jitsi/videobridge/config" +JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties" +#PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" +NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" +NJN_USER="jvbnode${ADDUP}_${NJN_RAND_TAIL}" +NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" +#GITHUB_RAW="https://raw.githubusercontent.com" +#GIT_REPO="switnet-ltd/quick-jibri-installer" +### 1_VAR_DEF + +# sed limiters for add-jvb2-node.sh variables +var_dlim() { + grep -n $1 add-jvb2-node.sh|head -n1|cut -d ":" -f1 +} + +check_var() { + if [ -z "$2" ]; then + echo -e "Check if variable $1 is set: \xE2\x9C\x96 \nExiting..." + exit + else + echo -e "Check if variable $1 is set: \xE2\x9C\x94" + fi +} + +if [ -z "$LAST" ]; then + echo "There is an error on the LAST definition, please report." + exit +elif [ "$LAST" = "TBD" ]; then + ADDUP=$((START + 1)) +else + ADDUP=$((LAST + 1)) +fi + +#Check server and node OS +if [ ! "$THIS_SRV_DIST" = "$MAIN_SRV_DIST" ]; then + echo "Please use the same OS for the JVB2 setup on both servers." + echo "This server is based on: $THIS_SRV_DIST" + echo "The main server record claims is based on: $MAIN_SRV_DIST" + exit +fi + +#Check system resources +echo "Verifying System Resources:" +if [ "$(nproc --all)" -lt 4 ];then + echo " +Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads. +>> We recommend 4 cores/threads for JVB2! +" + CPU_MIN="N" +else + echo "CPU Cores/Threads: OK ($(nproc --all))" + CPU_MIN="Y" +fi +### Test RAM size (8GB min) ### +mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') +if [ ${mem_available} -lt 7700000 ]; then + echo " +Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads. +>> We recommend 8GB RAM for JVB2! +" + MEM_MIN="N" +else + echo "Memory: OK ($((mem_available/1024)) MiB)" + MEM_MIN="Y" +fi +if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then + echo "All requirements seems meet!" + echo " + - We hope you have a nice recording/streaming session + " +else + echo "CPU ($(nproc --all))/RAM ($((mem_available/1024)) MiB) does NOT meet minimum recommended requirements!" + echo "We highly advice to increase the resources in order to install this JVB2 node." + while [[ "$CONTINUE_LOW_RES" != "yes" && "$CONTINUE_LOW_RES" != "no" ]] + do + read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_LOW_RES + if [ "$CONTINUE_LOW_RES" = "no" ]; then + echo "See you next time with more resources!..." + exit + elif [ "$CONTINUE_LOW_RES" = "yes" ]; then + echo "Please keep in mind that we might not support underpowered nodes." + fi + done +fi + +echo " +#----------------------------------------------------------------------- +# Checking initial necessary variables... +#-----------------------------------------------------------------------" + +check_var JVB_HOSTNNAME "$JVB_HOSTNAME" +check_var JVB_HOST "$JVB_HOST" +check_var JVB_PORT "$JVB_PORT" +check_var JVB_SECRET "$JVB_SECRET" +check_var JVB_OPTS "$JVB_OPTS" +check_var SYS_PROPS "$SYS_PROPS" +check_var AWS_HARVEST "$AWS_HARVEST" +check_var STUN_MAPPING "$STUN_MAPPING" +check_var ENABLE_STATISTICS "$ENABLE_STATISTICS" +check_var SHARD_HOSTNAME "$SHARD_HOSTNAME" +check_var SHARD_DOMAIN "$SHARD_DOMAIN" +check_var SHARD_PASS "$SHARD_PASS" +check_var MUC_JID "$MUC_JID" +check_var MAIN_SRV_DOMAIN "$MAIN_SRV_DOMAIN" + +# Rename hostname for each jvb2 node +hostnamectl set-hostname "jvb${ADDUP}.${MAIN_SRV_DOMAIN}" +sed -i "1i 127.0.0.1 jvb${ADDUP}.${MAIN_SRV_DOMAIN}" /etc/hosts + +# Jitsi-Meet Repo +echo "Add Jitsi repo" +if [ -z "$JITSI_REPO" ]; then + echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list + wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - +elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then + echo "Main and node servers repository don't match, extiting.." + exit +elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then + echo "Main and node servers repository match, continuing..." +else + echo "Jitsi $JITSI_REPO repository already installed" +fi + +# Requirements +echo "We'll start by installing system requirements this may take a while please be patient..." +apt-get update -q2 +apt-get dist-upgrade -yq2 + +apt-get -y install \ + apt-show-versions \ + bmon \ + curl \ + git \ + htop \ + ssh \ + unzip \ + wget + +echo "# Check and Install HWE kernel if possible..." +HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe") +if [ "$HWE_VIR_MOD" == "1" ]; then + apt-get -y install \ + linux-image-generic-hwe-$(lsb_release -sr) \ + linux-modules-extra-virtual-hwe-$(lsb_release -sr) + else + apt-get -y install \ + linux-modules-extra-$(uname -r) +fi + +echo " +#-------------------------------------------------- +# Install JVB2 +#-------------------------------------------------- +" +apt-get -y install \ + jitsi-videobridge2 \ + openjdk-8-jre-headless + +echo ' +######################################################################## + Start JVB2 configuration +######################################################################## +' + +mv $JVB2_CONF ${JVB2_CONF}-dpkg-file + +## JVB2 - CONFIG +cat << JVB2_CONF > $JVB2_CONF +# Jitsi Videobridge settings + +# sets the XMPP domain (default: none) +JVB_HOSTNAME=$JVB_HN + +# sets the hostname of the XMPP server (default: domain if set, localhost otherwise) +JVB_HOST=$JVB_HOST + +# sets the port of the XMPP server (default: 5275) +JVB_PORT=$JVB_PORT + +# sets the shared secret used to authenticate to the XMPP server +JVB_SECRET=$JVB_SECRET + +# extra options to pass to the JVB daemon +JVB_OPTS=$JVB_OPTS + +# adds java system props that are passed to jvb (default are for home and logging config file) +JAVA_SYS_PROPS=$SYS_PROPS + +JVB2_CONF + + +mv $JVB2_SIP $JVB2_SIP-dpkg-file +## JVB2 - SIP +cat << JVB2_SIP > $JVB2_SIP +org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=$AWS_HARVEST +org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=$STUN_MAPPING +org.jitsi.videobridge.ENABLE_STATISTICS=$ENABLE_STATISTICS +org.jitsi.videobridge.STATISTICS_TRANSPORT=muc +org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=$MAIN_SRV_DOMAIN +org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.$MAIN_SRV_DOMAIN +org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb +org.jitsi.videobridge.xmpp.user.shard.PASSWORD=$SHARD_PASS +org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.$MAIN_SRV_DOMAIN +org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=jvb2-$ADDUP +JVB2_SIP + +echo -e "\n---- Create random nodesync user ----" +useradd -m -g jvb $NJN_USER +echo "$NJN_USER:$NJN_USER_PASS" | chpasswd + +echo -e "\n---- We'll connect to main server ----" +read -n 1 -s -r -p "Press any key to continue..."$'\n' +sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +echo "Remote pass: $MJS_USER_PASS" +ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts +ssh $MJS_USER@$MAIN_SRV_DOMAIN sh -c "'cat >> .ssh/authorized_keys'" < /home/$NJN_USER/.ssh/id_rsa.pub +sudo su $NJN_USER -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" + +echo "Writting last node number..." +sed -i "$(var_dlim 0_VAR),$(var_dlim 1_VAR){s|LAST=.*|LAST=$ADDUP|}" add-jvb2-node.sh +sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jvb2-node.sh +echo "Last file edition at: $(grep "LETS:" add-jvb2-node.sh|head -n1|awk -F'LETS:' '{print$2}')" + +#Enable jvb2 services +systemctl enable jvb2 +systemctl restart jvb2 + +echo -e "\nSending updated add-jvb2-node.sh file to main server sync user...\n" +cp $PWD/add-jvb2-node.sh /tmp +sudo -u $NJN_USER scp /tmp/add-jvb2-node.sh $MJS_USER@$MAIN_SRV_DOMAIN:/home/$MJS_USER/ +rm $PWD/add-jvb2-node.sh /tmp/add-jvb2-node.sh + +echo " +######################################################################## + Node addition complete!! + + IMPORTANT: + The updated version of this file has been sent to the main server + at the sync user home directory, please use that one in order to + install new nodes. For security reason this version has been deleted + from this very node. + + For customized support: http://switnet.net +######################################################################## +" + +echo "Rebooting in..." +secs=$((15)) +while [ $secs -gt 0 ]; do + echo -ne "$secs\033[0K\r" + sleep 1 + : $((secs--)) +done +reboot diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 05e079f..03f522f 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -362,16 +362,18 @@ echo ' ' # MEET / JIBRI SETUP DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') -WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf +WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf" JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" -PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua -PROSODY_SYS=/etc/prosody/prosody.cfg.lua -JICOFO_SIP=/etc/jitsi/jicofo/sip-communicator.properties -MEET_CONF=/etc/jitsi/meet/$DOMAIN-config.js -JIBRI_CONF=/etc/jitsi/jibri/jibri.conf +PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua" +PROSODY_SYS="/etc/prosody/prosody.cfg.lua" +JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties" +MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" +JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" +JVB2_CONF="/etc/jitsi/videobridge/config" +JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties" DIR_RECORD=/var/jbrecord -REC_DIR=/home/jibri/finalize_recording.sh +REC_DIR="/home/jibri/finalize_recording.sh" JB_NAME="Jibri Sessions" LE_RENEW_LOG="/var/log/letsencrypt/renew.log" MOD_LISTU="https://prosody.im/files/mod_listusers.lua" @@ -621,6 +623,9 @@ restart_services() { check_jibri } +# Configure Jvb2 +sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communicator.properties + # Configure Jibri ## PROSODY if dpkg-compare prosody lt 0.11.0 ; then @@ -841,7 +846,6 @@ sudo su $MJS_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config systemctl restart sshd - #Setting varibales for add-jibri-node.sh sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jibri-node.sh sed -i "s|MAIN_SRV_REPO=.*|MAIN_SRV_REPO=\"$JITSI_REPO\"|" add-jibri-node.sh @@ -855,6 +859,45 @@ sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jibri-node.sh sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')" +#-- Setting variables for add-jvb2-node.sh +g_conf_value() { + grep "$1" $JVB2_CONF|sed "s|$1||" +} +JVB_HOSTNAME=$(g_sys_value JVB_HOSTNAME=) +JVB_HOST=$(g_sys_value JVB_HOST=) +JVB_PORT=$(g_sys_value JVB_PORT=) +JVB_SECRET=$(g_sys_value JVB_SECRET=) +JVB_OPTS=$(g_sys_value JVB_OPTS=) +JAVA_SYS_PROPS=$(g_sys_value JAVA_SYS_PROPS=) + +g_sip_value() { + grep "$1" $JVB2_SIP|sed "s|$1||" +} +DISABLE_AWS_HARVESTER=$(g_sip_value DISABLE_AWS_HARVESTER=) +STUN_MAPPING_HARVESTER_ADDRESSES=$(g_sip_value STUN_MAPPING_HARVESTER_ADDRESSES=) +ENABLE_STATISTICS=$(g_sip_value ENABLE_STATISTICS=) +SHARD_HOSTNAME=$(g_sip_value shard.HOSTNAME=) +SHARD_DOMAIN=$(g_sip_value shard.DOMAIN=) +SHARD_PASSWORD=$(g_sip_value shard.PASSWORD=) +MUC_JID=$(g_sip_value MUC_JIDS=) + +##-- Replacing on add-jvb2-node.sh +sed -i "s|JVB_HOSTNAME=.*|JVB_HOSTNAME=\'$JVB_HOSTNAME\'|" add-jvb2-node.sh +sed -i "s|JVB_HOST=.*|JVB_HOST=\'$JVB_HOST\'|" add-jvb2-node.sh +sed -i "s|JVB_PORT=.*|JVB_PORT=\'$JVB_PORT\'|" add-jvb2-node.sh +sed -i "s|JVB_SECRET=.*|JVB_SECRET=\'$JVB_SECRET\'|" add-jvb2-node.sh +sed -i "s|JVB_OPTS=.*|JVB_OPTS=\'$JVB_OPTS\'|" add-jvb2-node.sh +sed -i "s|SYS_PROPS=.*|SYS_PROPS=\'$JAVA_SYS_PROPS\'|" add-jvb2-node.sh +#- +sed -i "s|AWS_HARVEST=.*|AWS_HARVEST=\'$DISABLE_AWS_HARVESTER\'|" add-jvb2-node.sh +sed -i "s|STUN_MAPPING=.*|STUN_MAPPING=\'$STUN_MAPPING_HARVESTER_ADDRESSES\'|" add-jvb2-node.sh +sed -i "s|ENABLE_STATISTICS=.*|ENABLE_STATISTICS=\'$ENABLE_STATISTICS\'|" add-jvb2-node.sh +sed -i "s|SHARD_HOSTNAME=.*|SHARD_HOSTNAME=\'$SHARD_HOSTNAME\'|" add-jvb2-node.sh +sed -i "s|SHARD_DOMAIN=.*|SHARD_DOMAIN=\'$SHARD_DOMAIN\'|" add-jvb2-node.sh +sed -i "s|SHARD_PASS=.*|SHARD_PASS=\'$SHARD_PASSWORD\'|" add-jvb2-node.sh +sed -i "s|MUC_JID=.*|MUC_JID=\'$MUC_JID\'|" add-jvb2-node.sh +##-- + #Tune webserver for Jitsi App control if [ -f $WS_CONF ]; then sed -i "/Anything that didn't match above/i \\\n" $WS_CONF @@ -966,12 +1009,7 @@ VirtualHost "guest.$DOMAIN" P_SR else - cat << P_SR >> $PROSODY_FILE - ---VirtualHost "guest.$DOMAIN" --- authentication = "anonymous" --- c2s_require_encryption = false -P_SR + echo "No authentication method selected." fi #====================== From edba46c835664d9dc6577464caf14f240f2dd1c8 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 7 Dec 2020 14:47:07 -0600 Subject: [PATCH 07/43] Add some missing variables --- quick_jibri_installer.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 03f522f..09d604c 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -896,6 +896,12 @@ sed -i "s|SHARD_HOSTNAME=.*|SHARD_HOSTNAME=\'$SHARD_HOSTNAME\'|" add-jvb2-node.s sed -i "s|SHARD_DOMAIN=.*|SHARD_DOMAIN=\'$SHARD_DOMAIN\'|" add-jvb2-node.sh sed -i "s|SHARD_PASS=.*|SHARD_PASS=\'$SHARD_PASSWORD\'|" add-jvb2-node.sh sed -i "s|MUC_JID=.*|MUC_JID=\'$MUC_JID\'|" add-jvb2-node.sh + +sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jvb2-node.sh +sed -i "s|MAIN_SRV_REPO=.*|MAIN_SRV_REPO=\"$JITSI_REPO\"|" add-jvb2-node.sh +sed -i "s|MAIN_SRV_DOMAIN=.*|MAIN_SRV_DOMAIN=\"$DOMAIN\"|" add-jvb2-node.sh +sed -i "s|MJS_USER=.*|MJS_USER=\"$MJS_USER\"|" add-jvb2-node.sh +sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh ##-- #Tune webserver for Jitsi App control From 30e692d6ce2ed6c2720013733d0b1e3da6f34ae8 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 7 Dec 2020 16:58:20 -0600 Subject: [PATCH 08/43] Fix function name --- quick_jibri_installer.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 09d604c..c9c9932 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -863,12 +863,12 @@ echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LET g_conf_value() { grep "$1" $JVB2_CONF|sed "s|$1||" } -JVB_HOSTNAME=$(g_sys_value JVB_HOSTNAME=) -JVB_HOST=$(g_sys_value JVB_HOST=) -JVB_PORT=$(g_sys_value JVB_PORT=) -JVB_SECRET=$(g_sys_value JVB_SECRET=) -JVB_OPTS=$(g_sys_value JVB_OPTS=) -JAVA_SYS_PROPS=$(g_sys_value JAVA_SYS_PROPS=) +JVB_HOSTNAME=$(g_conf_value JVB_HOSTNAME=) +JVB_HOST=$(g_conf_value JVB_HOST=) +JVB_PORT=$(g_conf_value JVB_PORT=) +JVB_SECRET=$(g_conf_value JVB_SECRET=) +JVB_OPTS=$(g_conf_value JVB_OPTS=) +JAVA_SYS_PROPS=$(g_conf_value JAVA_SYS_PROPS=) g_sip_value() { grep "$1" $JVB2_SIP|sed "s|$1||" From 85e6237f98110ab571f58cf1bfe1b76d16caee02 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 02:14:47 -0600 Subject: [PATCH 09/43] Fix function and services --- add-jvb2-node.sh | 6 +++--- quick_jibri_installer.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index 3c4a3e3..cc91447 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -267,7 +267,7 @@ org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=jvb2-$ADDUP JVB2_SIP echo -e "\n---- Create random nodesync user ----" -useradd -m -g jvb $NJN_USER +useradd -m -g jitsi $NJN_USER echo "$NJN_USER:$NJN_USER_PASS" | chpasswd echo -e "\n---- We'll connect to main server ----" @@ -284,8 +284,8 @@ sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add echo "Last file edition at: $(grep "LETS:" add-jvb2-node.sh|head -n1|awk -F'LETS:' '{print$2}')" #Enable jvb2 services -systemctl enable jvb2 -systemctl restart jvb2 +systemctl enable jitsi-videobridge2.service +systemctl restart jitsi-videobridge2.service echo -e "\nSending updated add-jvb2-node.sh file to main server sync user...\n" cp $PWD/add-jvb2-node.sh /tmp diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index c9c9932..7903dee 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -871,7 +871,7 @@ JVB_OPTS=$(g_conf_value JVB_OPTS=) JAVA_SYS_PROPS=$(g_conf_value JAVA_SYS_PROPS=) g_sip_value() { - grep "$1" $JVB2_SIP|sed "s|$1||" + grep "$1" $JVB2_SIP |cut -d "=" -f2 } DISABLE_AWS_HARVESTER=$(g_sip_value DISABLE_AWS_HARVESTER=) STUN_MAPPING_HARVESTER_ADDRESSES=$(g_sip_value STUN_MAPPING_HARVESTER_ADDRESSES=) From 2049afab615e3eb023834d70ecbe08e87772a466 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 06:09:39 -0600 Subject: [PATCH 10/43] Remove single quotes --- quick_jibri_installer.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 7903dee..75c6591 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -882,20 +882,20 @@ SHARD_PASSWORD=$(g_sip_value shard.PASSWORD=) MUC_JID=$(g_sip_value MUC_JIDS=) ##-- Replacing on add-jvb2-node.sh -sed -i "s|JVB_HOSTNAME=.*|JVB_HOSTNAME=\'$JVB_HOSTNAME\'|" add-jvb2-node.sh -sed -i "s|JVB_HOST=.*|JVB_HOST=\'$JVB_HOST\'|" add-jvb2-node.sh -sed -i "s|JVB_PORT=.*|JVB_PORT=\'$JVB_PORT\'|" add-jvb2-node.sh -sed -i "s|JVB_SECRET=.*|JVB_SECRET=\'$JVB_SECRET\'|" add-jvb2-node.sh -sed -i "s|JVB_OPTS=.*|JVB_OPTS=\'$JVB_OPTS\'|" add-jvb2-node.sh -sed -i "s|SYS_PROPS=.*|SYS_PROPS=\'$JAVA_SYS_PROPS\'|" add-jvb2-node.sh +sed -i "s|JVB_HOSTNAME=.*|JVB_HOSTNAME=$JVB_HOSTNAME|" add-jvb2-node.sh +sed -i "s|JVB_HOST=.*|JVB_HOST=$JVB_HOST|" add-jvb2-node.sh +sed -i "s|JVB_PORT=.*|JVB_PORT=$JVB_PORT|" add-jvb2-node.sh +sed -i "s|JVB_SECRET=.*|JVB_SECRET=$JVB_SECRET|" add-jvb2-node.sh +sed -i "s|JVB_OPTS=.*|JVB_OPTS=$JVB_OPTS|" add-jvb2-node.sh +sed -i "s|SYS_PROPS=.*|SYS_PROPS=$JAVA_SYS_PROPS|" add-jvb2-node.sh #- -sed -i "s|AWS_HARVEST=.*|AWS_HARVEST=\'$DISABLE_AWS_HARVESTER\'|" add-jvb2-node.sh -sed -i "s|STUN_MAPPING=.*|STUN_MAPPING=\'$STUN_MAPPING_HARVESTER_ADDRESSES\'|" add-jvb2-node.sh -sed -i "s|ENABLE_STATISTICS=.*|ENABLE_STATISTICS=\'$ENABLE_STATISTICS\'|" add-jvb2-node.sh -sed -i "s|SHARD_HOSTNAME=.*|SHARD_HOSTNAME=\'$SHARD_HOSTNAME\'|" add-jvb2-node.sh -sed -i "s|SHARD_DOMAIN=.*|SHARD_DOMAIN=\'$SHARD_DOMAIN\'|" add-jvb2-node.sh -sed -i "s|SHARD_PASS=.*|SHARD_PASS=\'$SHARD_PASSWORD\'|" add-jvb2-node.sh -sed -i "s|MUC_JID=.*|MUC_JID=\'$MUC_JID\'|" add-jvb2-node.sh +sed -i "s|AWS_HARVEST=.*|AWS_HARVEST=$DISABLE_AWS_HARVESTER\'|" add-jvb2-node.sh +sed -i "s|STUN_MAPPING=.*|STUN_MAPPING=$STUN_MAPPING_HARVESTER_ADDRESSES|" add-jvb2-node.sh +sed -i "s|ENABLE_STATISTICS=.*|ENABLE_STATISTICS=$ENABLE_STATISTICS|" add-jvb2-node.sh +sed -i "s|SHARD_HOSTNAME=.*|SHARD_HOSTNAME=$SHARD_HOSTNAME|" add-jvb2-node.sh +sed -i "s|SHARD_DOMAIN=.*|SHARD_DOMAIN=$SHARD_DOMAIN|" add-jvb2-node.sh +sed -i "s|SHARD_PASS=.*|SHARD_PASS=$SHARD_PASSWORD|" add-jvb2-node.sh +sed -i "s|MUC_JID=.*|MUC_JID=$MUC_JID|" add-jvb2-node.sh sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jvb2-node.sh sed -i "s|MAIN_SRV_REPO=.*|MAIN_SRV_REPO=\"$JITSI_REPO\"|" add-jvb2-node.sh From 41aece4798a0cf89cb61e898550dae812c75e708 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 06:22:25 -0600 Subject: [PATCH 11/43] Set domain on debconf --- add-jvb2-node.sh | 2 ++ quick_jibri_installer.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index cc91447..118e295 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -214,6 +214,8 @@ echo " # Install JVB2 #-------------------------------------------------- " +echo "jitsi-videobridge/jvb-hostname string $MAIN_SRV_DOMAIN" + apt-get -y install \ jitsi-videobridge2 \ openjdk-8-jre-headless diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 75c6591..3c783ca 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -889,7 +889,7 @@ sed -i "s|JVB_SECRET=.*|JVB_SECRET=$JVB_SECRET|" add-jvb2-node.sh sed -i "s|JVB_OPTS=.*|JVB_OPTS=$JVB_OPTS|" add-jvb2-node.sh sed -i "s|SYS_PROPS=.*|SYS_PROPS=$JAVA_SYS_PROPS|" add-jvb2-node.sh #- -sed -i "s|AWS_HARVEST=.*|AWS_HARVEST=$DISABLE_AWS_HARVESTER\'|" add-jvb2-node.sh +sed -i "s|AWS_HARVEST=.*|AWS_HARVEST=$DISABLE_AWS_HARVESTER|" add-jvb2-node.sh sed -i "s|STUN_MAPPING=.*|STUN_MAPPING=$STUN_MAPPING_HARVESTER_ADDRESSES|" add-jvb2-node.sh sed -i "s|ENABLE_STATISTICS=.*|ENABLE_STATISTICS=$ENABLE_STATISTICS|" add-jvb2-node.sh sed -i "s|SHARD_HOSTNAME=.*|SHARD_HOSTNAME=$SHARD_HOSTNAME|" add-jvb2-node.sh From 2cae3146a6df35ccf65559c1b35e2115722ac4a1 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 06:49:14 -0600 Subject: [PATCH 12/43] Skipping JVB_HOST check Also fix debconf setting --- add-jvb2-node.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index 118e295..57f5030 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -151,7 +151,11 @@ echo " #-----------------------------------------------------------------------" check_var JVB_HOSTNNAME "$JVB_HOSTNAME" -check_var JVB_HOST "$JVB_HOST" +if [ -z $JVB_HOST ]; then + echo "JVB_HOST is empty, but it may be ok for it to be empty, skipping empty test." +else + check_var JVB_HOST "$JVB_HOST" +fi check_var JVB_PORT "$JVB_PORT" check_var JVB_SECRET "$JVB_SECRET" check_var JVB_OPTS "$JVB_OPTS" @@ -214,7 +218,7 @@ echo " # Install JVB2 #-------------------------------------------------- " -echo "jitsi-videobridge/jvb-hostname string $MAIN_SRV_DOMAIN" +echo "jitsi-videobridge/jvb-hostname string $MAIN_SRV_DOMAIN" | debconf-set-selections apt-get -y install \ jitsi-videobridge2 \ From 518a532b54e3a28d28eb35bd51138dbfee25b89e Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 07:08:05 -0600 Subject: [PATCH 13/43] Disable certificate verification --- add-jvb2-node.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index 57f5030..e59f02a 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -270,6 +270,8 @@ org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb org.jitsi.videobridge.xmpp.user.shard.PASSWORD=$SHARD_PASS org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.$MAIN_SRV_DOMAIN org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=jvb2-$ADDUP + +org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true JVB2_SIP echo -e "\n---- Create random nodesync user ----" From 4ae70e919776835d108b1f333dbb389385093c76 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 12:57:48 -0600 Subject: [PATCH 14/43] Test change into new config format --- add-jvb2-node.sh | 47 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 12 deletions(-) diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index e59f02a..143b629 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -61,6 +61,7 @@ LAST=TBD THIS_SRV_DIST=$(lsb_release -sc) JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) JVB2_CONF="/etc/jitsi/videobridge/config" +JVB2_NCONF="/etc/jitsi/videobridge/jvb.conf" JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties" #PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" @@ -260,20 +261,42 @@ JVB2_CONF mv $JVB2_SIP $JVB2_SIP-dpkg-file ## JVB2 - SIP cat << JVB2_SIP > $JVB2_SIP -org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=$AWS_HARVEST -org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=$STUN_MAPPING -org.jitsi.videobridge.ENABLE_STATISTICS=$ENABLE_STATISTICS -org.jitsi.videobridge.STATISTICS_TRANSPORT=muc -org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=$MAIN_SRV_DOMAIN -org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.$MAIN_SRV_DOMAIN -org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb -org.jitsi.videobridge.xmpp.user.shard.PASSWORD=$SHARD_PASS -org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.$MAIN_SRV_DOMAIN -org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=jvb2-$ADDUP - -org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true +# Legacy conf file, new format already at +# /etc/jitsi/videobridge/jvb.conf +# --add-jvb2-node.sh JVB2_SIP +echo -e "\n---- Setting new config format for jvb2 node. ----" +sed -i '$/}/d' $JVB2_NCONF +cat << JVB2 >> /etc/jitsi/videobridge/jvb.conf + stats { + # Enable broadcasting stats/presence in a MUC + enabled = true + transports = [ + { type = "muc" } + ] + } + + apis { + xmpp-client { + configs { + # Connect to the first XMPP server + xmpp-server-$ADDUP { + hostname="$MAIN_SRV_DOMAIN" + domain = "auth.$MAIN_SRV_DOMAIN" + username = "jvb" + password = "$SHARD_PASS" + muc_jids = "JvbBrewery@internal.auth.$MAIN_SRV_DOMAIN" + # The muc_nickname must be unique across all jitsi-videobridge instances + muc_nickname = "jvb2-$ADDUP" + disable_certificate_verification = true + } + } + } + } +} +JVB2 + echo -e "\n---- Create random nodesync user ----" useradd -m -g jitsi $NJN_USER echo "$NJN_USER:$NJN_USER_PASS" | chpasswd From c8f9ec0dc412536560c7f6601f51a20a2509466d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 13:53:24 -0600 Subject: [PATCH 15/43] Fix sed and debconf selection --- add-jvb2-node.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh index 143b629..e731605 100644 --- a/add-jvb2-node.sh +++ b/add-jvb2-node.sh @@ -219,7 +219,7 @@ echo " # Install JVB2 #-------------------------------------------------- " -echo "jitsi-videobridge/jvb-hostname string $MAIN_SRV_DOMAIN" | debconf-set-selections +echo "jitsi-videobridge jitsi-videobridge/jvb-hostname string $MAIN_SRV_DOMAIN" | debconf-set-selections apt-get -y install \ jitsi-videobridge2 \ @@ -267,8 +267,8 @@ cat << JVB2_SIP > $JVB2_SIP JVB2_SIP echo -e "\n---- Setting new config format for jvb2 node. ----" -sed -i '$/}/d' $JVB2_NCONF -cat << JVB2 >> /etc/jitsi/videobridge/jvb.conf +sed -i '${/\}/d;}' $JVB2_NCONF +cat << JVB2 >> $JVB2_NCONF stats { # Enable broadcasting stats/presence in a MUC enabled = true From 0e8065b03602ff8a6d3382b94005591e219c3e9a Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 16:06:15 -0600 Subject: [PATCH 16/43] Introducing JWT auth, disable unused config, drop prosody <11 checks --- quick_jibri_installer.sh | 124 ++++++++++++++++++++++----------------- 1 file changed, 69 insertions(+), 55 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 3c783ca..a8f58be 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -488,18 +488,43 @@ done # echo "Local audio recording option will be enabled" #fi #done + #Secure room initial user -while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]] +#while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]] +#do +#read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC +#if [ "$ENABLE_SC" = "no" ]; then +# echo "-- Secure rooms won't be enabled." +#elif [ "$ENABLE_SC" = "yes" ]; then +# echo "-- Secure rooms will be enabled." +# read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER +# read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS +#fi +#done + +PS3='Select the authentication method for your Jitsi Meet instance: ' +options=("Local" "JWT" "None") +select opt in "${options[@]}" do -read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC -if [ "$ENABLE_SC" = "no" ]; then - echo "-- Secure rooms won't be enabled." -elif [ "$ENABLE_SC" = "yes" ]; then - echo "-- Secure rooms will be enabled." - read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER - read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS -fi + case $opt in + "Local") + echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording." + ENABLE_SC="yes" + break + ;; + "JWT") + echo -e "\n > A external app manage the token usage/creation, like RocketChat does." + ENABLE_JWT="yes" + break + ;; + "None") + echo -e "\n > Everyone can access the room as moderators as there is no auth mechanism." + break + ;; + *) echo "Invalid option $REPLY, choose 1, 2 or 3";; + esac done + #Jibri Records Access (JRA) via Nextcloud while [[ "$ENABLE_NC_ACCESS" != "yes" && "$ENABLE_NC_ACCESS" != "no" ]] do @@ -627,20 +652,8 @@ restart_services() { sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communicator.properties # Configure Jibri +if [ "$ENABLE_SC" = "yes" ]; then ## PROSODY -if dpkg-compare prosody lt 0.11.0 ; then -cat << MUC-JIBRI >> $PROSODY_FILE - --- internal muc component, meant to enable pools of jibri and jigasi clients -Component "internal.auth.$DOMAIN" "muc" - modules_enabled = { - "ping"; - } - storage = "null" - muc_room_cache_size = 1000 - -MUC-JIBRI -fi cat << REC-JIBRI >> $PROSODY_FILE VirtualHost "recorder.$DOMAIN" @@ -650,16 +663,25 @@ VirtualHost "recorder.$DOMAIN" authentication = "internal_plain" REC-JIBRI + + if [ ! -f $MOD_LIST_FILE ]; then + echo -e "\n-> Adding external module to list prosody users...\n" + curl -s $MOD_LISTU > $MOD_LIST_FILE + + echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" + else + echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" + fi + +fi #Enable Jibri withelist sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE #Fix Jibri conectivity issues -#if dpkg-compare prosody lt 0.11.0 ; then sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS sed -i "/c2s_require_encryption = false/a \\ \\ consider_bosh_secure = true" $PROSODY_SYS -#fi if [ ! -z $L10N_PARTICIPANT ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh @@ -667,15 +689,7 @@ fi if [ ! -z $L10N_ME ]; then sed -i "s|LOCAL_USER=.*|LOCAL_USER=\"$L10N_ME\"|" jm-bm.sh fi -if [ ! -f $MOD_LIST_FILE ]; then -echo -e "\n-> Adding external module to list prosody users...\n" -curl -s $MOD_LISTU > $MOD_LIST_FILE -echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" -else -echo -e "Prosody support for listing users seems to be enabled. -check with: prosodyctl mod_listusers\n" -fi ### Prosody users prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS @@ -698,13 +712,13 @@ sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\ hiddenDomain: \'recorder.$DOMAIN\',|" $MEET_CONF #Dropbox feature -if [ "$ENABLE_DB" = "yes" ]; then -DB_STR=$(grep -n "dropbox:" $MEET_CONF | cut -d ":" -f1) -DB_END=$((DB_STR + 10)) -sed -i "$DB_STR,$DB_END{s|// dropbox: {|dropbox: {|}" $MEET_CONF -sed -i "$DB_STR,$DB_END{s|// appKey: ''|appKey: \'$DB_CID\'|}" $MEET_CONF -sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF -fi +#if [ "$ENABLE_DB" = "yes" ]; then +#DB_STR=$(grep -n "dropbox:" $MEET_CONF | cut -d ":" -f1) +#DB_END=$((DB_STR + 10)) +#sed -i "$DB_STR,$DB_END{s|// dropbox: {|dropbox: {|}" $MEET_CONF +#sed -i "$DB_STR,$DB_END{s|// appKey: ''|appKey: \'$DB_CID\'|}" $MEET_CONF +#sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF +#fi #LocalRecording if [ "$ENABLE_LAR" = "yes" ]; then @@ -948,16 +962,28 @@ sed -i "s|'videobackgroundblur', ||" $INT_CONF #================== Setup prosody conf file ================= -#===Setup secure rooms ===# +###Setup secure rooms if [ "$ENABLE_SC" = "yes" ]; then SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) SRP_END=$((SRP_STR + 10)) sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF + +echo -e "\nSecure rooms are being enabled..." +echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ +or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. +If you have issues with the password refer to your sysadmin." +sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP +#Secure room initial user +prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS +sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh fi +###JWT if [ "$ENABLE_JWT" = "yes" ]; then - ## focal openssl +echo -e "\nJWT auth are being setup..." + + ## Focal Openssl if [ "$(lsb_release -sc)" = "focal" ]; then echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \ sudo tee /etc/apt/sources.list.d/rvm.list @@ -965,7 +991,7 @@ if [ "$ENABLE_JWT" = "yes" ]; then apt-get update fi -###JWT + apt-get -y install \ lua5.2 \ liblua5.2 \ @@ -989,8 +1015,6 @@ sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" #allow_empty_token = true -#SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) -#SRP_END=$((SRP_STR + 10)) sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF fi @@ -1019,16 +1043,6 @@ P_SR fi #====================== -#Secure room initial user -if [ "$ENABLE_SC" = "yes" ]; then -echo -e "\nSecure rooms are being enabled..." -echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ -or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. -If you have issues with the password refer to your sysadmin." -sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP -prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS -sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh -fi #Start with video muted by default sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF @@ -1058,7 +1072,7 @@ fi enable_letsencrypt -if dpkg-compare prosody gt 0.11.0 && [ "$ENABLE_SC" = "yes" ]; then +if [ "$ENABLE_SC" = "yes" ] || [ "$ENABLE_JWT" = "yes" ];then echo "Waiting prosody restart to continue configuration, 15s..." wait_seconds 15 #Move mucs when using secure rooms - https://community.jitsi.org/t/27752/112 From a43fe104d0014acb254475f0fbb4180b48ddac00 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 17:57:26 -0600 Subject: [PATCH 17/43] Fix secure user definition --- quick_jibri_installer.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index a8f58be..9aed08a 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -501,7 +501,7 @@ done # read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS #fi #done - +echo -e "\n> Jitsi Meet Auth Method selection.\n" PS3='Select the authentication method for your Jitsi Meet instance: ' options=("Local" "JWT" "None") select opt in "${options[@]}" @@ -510,6 +510,8 @@ do "Local") echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording." ENABLE_SC="yes" + read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER + read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS break ;; "JWT") From 9d4c9a7226b9a89b70bd0ad3142c8869f7e559c8 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 19:30:39 -0600 Subject: [PATCH 18/43] Setup connect lines. --- quick_jibri_installer.sh | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 9aed08a..6232a1f 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -508,19 +508,19 @@ select opt in "${options[@]}" do case $opt in "Local") - echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording." + echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n" ENABLE_SC="yes" read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS break ;; "JWT") - echo -e "\n > A external app manage the token usage/creation, like RocketChat does." + echo -e "\n > A external app manage the token usage/creation, like RocketChat does.\n" ENABLE_JWT="yes" break ;; "None") - echo -e "\n > Everyone can access the room as moderators as there is no auth mechanism." + echo -e "\n > Everyone can access the room as moderators as there is no auth mechanism.\n" break ;; *) echo "Invalid option $REPLY, choose 1, 2 or 3";; @@ -1040,9 +1040,22 @@ VirtualHost "guest.$DOMAIN" } P_SR + +echo "Use the following for your App (e.g. Rocket.Chat):" +pyjwt3 --key="$SECRET_APP" \ + encode \ + group="Rocket.Chat" \ + aud="$APP_ID" \ + iss="$APP_ID" \ + sub="$DOMAIN" \ + room="*" \ + algorithm="HS256" + else echo "No authentication method selected." +read -n 1 -s -r -p "Press any key to continue..."$'\n' + fi #====================== #Start with video muted by default From f9a601d731bd1ebfdac7df5ba7524fcc8a9cb73d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 22:04:57 -0600 Subject: [PATCH 19/43] Move jwt as a external file --- mode/jwt.sh | 52 ++++++++++++++++++++++++++++++++++++ quick_jibri_installer.sh | 57 +++++----------------------------------- 2 files changed, 59 insertions(+), 50 deletions(-) create mode 100644 mode/jwt.sh diff --git a/mode/jwt.sh b/mode/jwt.sh new file mode 100644 index 0000000..e45ab50 --- /dev/null +++ b/mode/jwt.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# JWT Mode Setup +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. +DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') +MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" +APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)" +SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)" +echo $APP_ID && echo $SECRET_APP + +## Required openssl for Focal 20.04 +if [ "$(lsb_release -sc)" = "focal" ]; then +echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \ +sudo tee /etc/apt/sources.list.d/rvm.list +apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F4E3FBBE +apt-get update +fi + +apt-get -y install \ + lua5.2 \ + liblua5.2 \ + luarocks \ + libssl1.0-dev \ + python3-jwt + +luarocks install basexx +luarocks install luacrypto +luarocks install lua-cjson 2.1.0-1 + +echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections +echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections + +apt-get install -y jitsi-meet-tokens + +#Setting up +sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" /etc/prosody/prosody.cfg.lua +sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua +sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua + +#allow_empty_token = true + +sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF + +echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n" +pyjwt3 --key="$SECRET_APP" \ + encode \ + group="Rocket.Chat" \ + aud="$APP_ID" \ + iss="$APP_ID" \ + sub="$DOMAIN" \ + room="*" \ + algorithm="HS256" diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 6232a1f..b329f70 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -510,8 +510,6 @@ do "Local") echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n" ENABLE_SC="yes" - read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER - read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS break ;; "JWT") @@ -977,47 +975,22 @@ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP #Secure room initial user +read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER +read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh fi ###JWT if [ "$ENABLE_JWT" = "yes" ]; then -echo -e "\nJWT auth are being setup..." +echo -e "\nJWT auth is being setup..." - ## Focal Openssl - if [ "$(lsb_release -sc)" = "focal" ]; then - echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \ - sudo tee /etc/apt/sources.list.d/rvm.list - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F4E3FBBE - apt-get update - fi +bash $PWD/mode/jwt.sh + else + echo "No authentication method selected." -apt-get -y install \ - lua5.2 \ - liblua5.2 \ - luarocks \ - libssl1.0-dev \ - python3-jwt - -luarocks install basexx -luarocks install luacrypto -luarocks install lua-cjson 2.1.0-1 - -echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections -echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections - -apt-get install -y jitsi-meet-tokens - -#Setting up -sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" /etc/prosody/prosody.cfg.lua -sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua -sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua - -#allow_empty_token = true - -sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF +read -n 1 -s -r -p "Press any key to continue..."$'\n' fi #Guest allow @@ -1040,22 +1013,6 @@ VirtualHost "guest.$DOMAIN" } P_SR - -echo "Use the following for your App (e.g. Rocket.Chat):" -pyjwt3 --key="$SECRET_APP" \ - encode \ - group="Rocket.Chat" \ - aud="$APP_ID" \ - iss="$APP_ID" \ - sub="$DOMAIN" \ - room="*" \ - algorithm="HS256" - - else - echo "No authentication method selected." - -read -n 1 -s -r -p "Press any key to continue..."$'\n' - fi #====================== #Start with video muted by default From e1b46fa8460c4d7d050f15507c11c59c20ca9f90 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 12 Dec 2020 12:58:45 -0600 Subject: [PATCH 20/43] Testing jwt setup --- mode/jwt.sh | 18 +++++++++++++----- quick_jibri_installer.sh | 22 +++++++++++----------- 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/mode/jwt.sh b/mode/jwt.sh index e45ab50..002332a 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -4,9 +4,14 @@ # GPLv3 or later. DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" +JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties" +PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua" +PROSODY_SYS="/etc/prosody/prosody.cfg.lua" APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)" SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)" -echo $APP_ID && echo $SECRET_APP + +echo -e "\n$APP_ID" && \ +echo -e "$SECRET_APP\n" ## Required openssl for Focal 20.04 if [ "$(lsb_release -sc)" = "focal" ]; then @@ -33,12 +38,13 @@ echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-select apt-get install -y jitsi-meet-tokens #Setting up -sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" /etc/prosody/prosody.cfg.lua -sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua -sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua - +sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" $PROSODY_FILE +sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" $PROSODY_FILE #allow_empty_token = true +#Request auth +sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n" @@ -50,3 +56,5 @@ pyjwt3 --key="$SECRET_APP" \ sub="$DOMAIN" \ room="*" \ algorithm="HS256" + +read -n 1 -s -r -p "Press any key to continue..."$'\n' diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index b329f70..25a45f3 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -653,17 +653,6 @@ sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communi # Configure Jibri if [ "$ENABLE_SC" = "yes" ]; then -## PROSODY -cat << REC-JIBRI >> $PROSODY_FILE - -VirtualHost "recorder.$DOMAIN" - modules_enabled = { - "ping"; - } - authentication = "internal_plain" - -REC-JIBRI - if [ ! -f $MOD_LIST_FILE ]; then echo -e "\n-> Adding external module to list prosody users...\n" curl -s $MOD_LISTU > $MOD_LIST_FILE @@ -674,6 +663,17 @@ REC-JIBRI fi fi +#Enable jibri recording +cat << REC-JIBRI >> $PROSODY_FILE + +VirtualHost "recorder.$DOMAIN" + modules_enabled = { + "ping"; + } + authentication = "internal_plain" + +REC-JIBRI + #Enable Jibri withelist sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE From b42b435db8bfe285b47f17d94e54ccf7d5d84817 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 12 Dec 2020 13:38:54 -0600 Subject: [PATCH 21/43] Rearrange and move some prosody configs --- mode/jwt.sh | 2 +- quick_jibri_installer.sh | 84 ++++++++++++++++++++-------------------- 2 files changed, 44 insertions(+), 42 deletions(-) diff --git a/mode/jwt.sh b/mode/jwt.sh index 002332a..a2e99e1 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -57,4 +57,4 @@ pyjwt3 --key="$SECRET_APP" \ room="*" \ algorithm="HS256" -read -n 1 -s -r -p "Press any key to continue..."$'\n' +read -n 1 -s -r -p $'\n'"Press any key to continue..."$'\n' diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 25a45f3..18d9583 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -405,6 +405,17 @@ https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json Jitsi Meet web interface will be set to use such language. " read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r JB_LANG + +echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n" +##Participant +echo -e "> Do you want to translate 'Participant' to your own language?" && \ +read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT +##Me +echo -e "\n> Do you want to translate 'me' to your own language? +This must be a really small word to present one self. +Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \ +read -p "Leave empty to use the default one (English): "$'\n' L10N_ME + #Drop unsecure TLS while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]] do @@ -449,15 +460,6 @@ elif [ "$ENABLE_BLESSM" = "yes" ]; then echo "Brandless mode will be set." fi done -echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n" -#Participant -echo -e "> Do you want to translate 'Participant' to your own language?" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT -#Me -echo -e "\n> Do you want to translate 'me' to your own language? -This must be a really small word to present one self. -Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_ME #Welcome Page while [[ "$ENABLE_WELCP" != "yes" && "$ENABLE_WELCP" != "no" ]] do @@ -651,38 +653,6 @@ restart_services() { # Configure Jvb2 sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communicator.properties -# Configure Jibri -if [ "$ENABLE_SC" = "yes" ]; then - if [ ! -f $MOD_LIST_FILE ]; then - echo -e "\n-> Adding external module to list prosody users...\n" - curl -s $MOD_LISTU > $MOD_LIST_FILE - - echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" - else - echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" - fi - -fi -#Enable jibri recording -cat << REC-JIBRI >> $PROSODY_FILE - -VirtualHost "recorder.$DOMAIN" - modules_enabled = { - "ping"; - } - authentication = "internal_plain" - -REC-JIBRI - -#Enable Jibri withelist -sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE - -#Fix Jibri conectivity issues -sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS -sed -i "/c2s_require_encryption = false/a \\ -\\ -consider_bosh_secure = true" $PROSODY_SYS - if [ ! -z $L10N_PARTICIPANT ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh fi @@ -974,11 +944,22 @@ echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP + #Secure room initial user read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh + +#Add prodosy module + if [ ! -f $MOD_LIST_FILE ]; then + echo -e "\n-> Adding external module to list prosody users...\n" + curl -s $MOD_LISTU > $MOD_LIST_FILE + + echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" + else + echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" + fi fi ###JWT @@ -993,6 +974,27 @@ bash $PWD/mode/jwt.sh read -n 1 -s -r -p "Press any key to continue..."$'\n' fi +# Configure Jibri +#Enable jibri recording +cat << REC-JIBRI >> $PROSODY_FILE + +VirtualHost "recorder.$DOMAIN" + modules_enabled = { + "ping"; + } + authentication = "internal_plain" + +REC-JIBRI + +#Enable Jibri withelist +sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE + +#Fix Jibri conectivity issues +sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "/c2s_require_encryption = false/a \\ +\\ +consider_bosh_secure = true" $PROSODY_SYS + #Guest allow if [ "$ENABLE_SC" = "yes" ] || [ "$ENABLE_JWT" = "yes" ];then cat << P_SR >> $PROSODY_FILE From 9d04d2a0cb3633d125fafa8968ffe15a1c3b5040 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 12 Dec 2020 15:24:50 -0600 Subject: [PATCH 22/43] Hardcode RocketChat audience --- mode/jwt.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mode/jwt.sh b/mode/jwt.sh index a2e99e1..5943a8d 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -40,13 +40,14 @@ apt-get install -y jitsi-meet-tokens #Setting up sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" $PROSODY_SYS sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" $PROSODY_FILE -sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" $PROSODY_FILE +sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \"RocketChat\" }" $PROSODY_FILE #allow_empty_token = true #Request auth sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF + echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n" pyjwt3 --key="$SECRET_APP" \ encode \ From 1bde3b58b33ed8ea96a45fbcc088a25818e3ff56 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 12 Dec 2020 15:27:42 -0600 Subject: [PATCH 23/43] Fix order of app and secret --- mode/jwt.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/mode/jwt.sh b/mode/jwt.sh index 5943a8d..df93a78 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -10,9 +10,6 @@ PROSODY_SYS="/etc/prosody/prosody.cfg.lua" APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)" SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)" -echo -e "\n$APP_ID" && \ -echo -e "$SECRET_APP\n" - ## Required openssl for Focal 20.04 if [ "$(lsb_release -sc)" = "focal" ]; then echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \ @@ -49,6 +46,10 @@ sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMA echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n" +echo -e "\n$APP_ID" && \ +echo -e "$SECRET_APP\n" + +echo -e "You can test JWT authentication with the following token:\n" pyjwt3 --key="$SECRET_APP" \ encode \ group="Rocket.Chat" \ From 4acfdae09e67ba0e1560b7a52fb46d6792d74b84 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 12 Dec 2020 19:11:09 -0600 Subject: [PATCH 24/43] Revert "Rearrange and move some prosody configs" This reverts commit b42b435db8bfe285b47f17d94e54ccf7d5d84817. --- mode/jwt.sh | 2 +- quick_jibri_installer.sh | 84 ++++++++++++++++++++-------------------- 2 files changed, 42 insertions(+), 44 deletions(-) diff --git a/mode/jwt.sh b/mode/jwt.sh index df93a78..a6e62aa 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -59,4 +59,4 @@ pyjwt3 --key="$SECRET_APP" \ room="*" \ algorithm="HS256" -read -n 1 -s -r -p $'\n'"Press any key to continue..."$'\n' +read -n 1 -s -r -p "Press any key to continue..."$'\n' diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 18d9583..25a45f3 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -405,17 +405,6 @@ https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json Jitsi Meet web interface will be set to use such language. " read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r JB_LANG - -echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n" -##Participant -echo -e "> Do you want to translate 'Participant' to your own language?" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT -##Me -echo -e "\n> Do you want to translate 'me' to your own language? -This must be a really small word to present one self. -Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_ME - #Drop unsecure TLS while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]] do @@ -460,6 +449,15 @@ elif [ "$ENABLE_BLESSM" = "yes" ]; then echo "Brandless mode will be set." fi done +echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n" +#Participant +echo -e "> Do you want to translate 'Participant' to your own language?" && \ +read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT +#Me +echo -e "\n> Do you want to translate 'me' to your own language? +This must be a really small word to present one self. +Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \ +read -p "Leave empty to use the default one (English): "$'\n' L10N_ME #Welcome Page while [[ "$ENABLE_WELCP" != "yes" && "$ENABLE_WELCP" != "no" ]] do @@ -653,6 +651,38 @@ restart_services() { # Configure Jvb2 sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communicator.properties +# Configure Jibri +if [ "$ENABLE_SC" = "yes" ]; then + if [ ! -f $MOD_LIST_FILE ]; then + echo -e "\n-> Adding external module to list prosody users...\n" + curl -s $MOD_LISTU > $MOD_LIST_FILE + + echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" + else + echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" + fi + +fi +#Enable jibri recording +cat << REC-JIBRI >> $PROSODY_FILE + +VirtualHost "recorder.$DOMAIN" + modules_enabled = { + "ping"; + } + authentication = "internal_plain" + +REC-JIBRI + +#Enable Jibri withelist +sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE + +#Fix Jibri conectivity issues +sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "/c2s_require_encryption = false/a \\ +\\ +consider_bosh_secure = true" $PROSODY_SYS + if [ ! -z $L10N_PARTICIPANT ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh fi @@ -944,22 +974,11 @@ echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP - #Secure room initial user read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh - -#Add prodosy module - if [ ! -f $MOD_LIST_FILE ]; then - echo -e "\n-> Adding external module to list prosody users...\n" - curl -s $MOD_LISTU > $MOD_LIST_FILE - - echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" - else - echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" - fi fi ###JWT @@ -974,27 +993,6 @@ bash $PWD/mode/jwt.sh read -n 1 -s -r -p "Press any key to continue..."$'\n' fi -# Configure Jibri -#Enable jibri recording -cat << REC-JIBRI >> $PROSODY_FILE - -VirtualHost "recorder.$DOMAIN" - modules_enabled = { - "ping"; - } - authentication = "internal_plain" - -REC-JIBRI - -#Enable Jibri withelist -sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE - -#Fix Jibri conectivity issues -sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS -sed -i "/c2s_require_encryption = false/a \\ -\\ -consider_bosh_secure = true" $PROSODY_SYS - #Guest allow if [ "$ENABLE_SC" = "yes" ] || [ "$ENABLE_JWT" = "yes" ];then cat << P_SR >> $PROSODY_FILE From ee264e0e897740449684ef35ff635eed9d132912 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 12 Dec 2020 19:14:25 -0600 Subject: [PATCH 25/43] Arrange language setup --- quick_jibri_installer.sh | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 25a45f3..eb6547e 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -405,6 +405,16 @@ https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json Jitsi Meet web interface will be set to use such language. " read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r JB_LANG +echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n" +#Participant +echo -e "> Do you want to translate 'Participant' to your own language?" && \ +read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT +#Me +echo -e "\n> Do you want to translate 'me' to your own language? +This must be a really small word to present one self. +Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \ +read -p "Leave empty to use the default one (English): "$'\n' L10N_ME + #Drop unsecure TLS while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]] do @@ -449,15 +459,6 @@ elif [ "$ENABLE_BLESSM" = "yes" ]; then echo "Brandless mode will be set." fi done -echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n" -#Participant -echo -e "> Do you want to translate 'Participant' to your own language?" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT -#Me -echo -e "\n> Do you want to translate 'me' to your own language? -This must be a really small word to present one self. -Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \ -read -p "Leave empty to use the default one (English): "$'\n' L10N_ME #Welcome Page while [[ "$ENABLE_WELCP" != "yes" && "$ENABLE_WELCP" != "no" ]] do From 013ab4d654012084bdff0044e1db5e7958c63322 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 15 Dec 2020 07:54:48 -0600 Subject: [PATCH 26/43] Introduce Custom High Performance mode/conf --- mode/chp-mode.sh | 148 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 148 insertions(+) create mode 100644 mode/chp-mode.sh diff --git a/mode/chp-mode.sh b/mode/chp-mode.sh new file mode 100644 index 0000000..cfa24ed --- /dev/null +++ b/mode/chp-mode.sh @@ -0,0 +1,148 @@ +#!/bin/bash +# Custom High Performance Jitsi conf +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. + +#Check if user is root +if ! [ $(id -u) = 0 ]; then + echo "You need to be root or have privileges!" + exit 0 +fi + +wait_seconds() { +secs=$(($1)) +while [ $secs -gt 0 ]; do + echo -ne "$secs\033[0K\r" + sleep 1 + : $((secs--)) +done +} + +LTS_REL="$(lsb_release -d | awk '{print$4}')" +DOMAIN="$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')" +JVB_LOG_POP="/etc/jitsi/videobridge/logging.properties" +JVB_RC="/usr/share/jitsi-videobridge/lib/videobridge.rc" +JICOFO_LOG_POP="/etc/jitsi/videobridge/logging.properties" +MEET_LOG_CONF="/usr/share/jitsi-meet/logging_config.js" +MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" +MEET_CONF_HP="/etc/jitsi/meet/${DOMAIN}-chp-config.js" +INT_CONF_JS="/etc/jitsi/meet/meet.switnet.net-interface_config.js" +INT_CONF_JS_HP="/etc/jitsi/meet/meet.switnet.net-chp-interface_config.js" +FSTAB="/etc/fstab" + +if [ -z $LTS_REL ] || [ -z $DOMAIN ];then +echo "This system isn't suitable to configure." +exit + else +echo "This system seems suitable to configure..." +fi + +while [[ "$CONTINUE_HP" != "yes" && "$CONTINUE_HP" != "no" ]] + do + read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_HP + if [ "$CONTINUE_HP" = "no" ]; then + echo "See you next time!..." + exit + elif [ "$CONTINUE_HP" = "yes" ]; then + echo "Good, then let's get it done..." + fi +done + +#Tools to consider +##Profiling +#https://github.com/jvm-profiling-tools/async-profiler + +#SYSTEM +##Disable swap +swapoff -a +sed -ir '/\sswap\s/s/^#?/#/' $FSTAB + +##Kernel +#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/tuning_and_optimizing_red_hat_enterprise_linux_for_oracle_9i_and_10g_databases/sect-oracle_9i_and_10g_tuning_guide-adjusting_network_settings-changing_network_kernel_settings +sysctl -w net.core.rmem_default=262144 +sysctl -w net.core.wmem_default=262144 +sysctl -w net.core.rmem_max=262144 +sysctl -w net.core.wmem_max=262144 +echo 'net.core.rmem_default=262144' | tee -a /etc/sysctl.conf +echo 'net.core.wmem_default=262144' | tee -a /etc/sysctl.conf +echo 'net.core.rmem_max=262144' | tee -a /etc/sysctl.conf +echo 'net.core.wmem_max=262144' | tee -a /etc/sysctl.conf + +#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes +sysctl -w net.ipv4.tcp_timestamps=0 +echo 'net.ipv4.tcp_timestamps=0' | tee -a /etc/sysctl.conf + +#https://bugzilla.redhat.com/show_bug.cgi?id=1283676 +sysctl -w net.core.netdev_max_backlog = 100000 +echo 'net.core.netdev_max_backlog = 100000' | tee -a /etc/sysctl.conf + +##nginx +sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf + +#Missing docs +#sysctl -w net.ipv4.tcp_low_latency=1 + +#JVB2 +##Loose up logging +# https://community.jitsi.org/t/23641/13 +sed -i "/java.util.logging.FileHandler.level/s|ALL|WARNING|g" $JVB_LOG_POP +sed -i "s|^.level=INFO|.level=WARNING|" $JVB_LOG_POP +sed -i "/VIDEOBRIDGE_MAX_MEMORY=/i \ VIDEOBRIDGE_MAX_MEMORY=8192m" $JVB_RC + +#JICOFO +sed -i "/java.util.logging.FileHandler.level/s|ALL|OFF|g" $JICOFO_LOG_POP +sed -i "s|^.level=INFO|.level=WARNING|" $JICOFO_LOG_POP + +#MEET +sed -i "s|defaultLogLevel:.*|defaultLogLevel: 'error',|" $MEET_LOG_CONF +sed -i "/TraceablePeerConnection.js/s|info|error|" $MEET_LOG_CONF +sed -i "/CallStats.js/s|info|error|" $MEET_LOG_CONF +sed -i "/strophe.util.js/s|log|error|" $MEET_LOG_CONF + +#UX - Room settings and interface +cp $MEET_CONF $MEET_CONF_HP +sed -i "s|// disableAudioLevels:.*|disableAudioLevels: true,|" $MEET_CONF_HP +sed -i "s|enableNoAudioDetection:.*|enableNoAudioDetection: false,|" $MEET_CONF_HP +sed -i "s|enableNoisyMicDetection:.*|enableNoisyMicDetection: false,|" $MEET_CONF_HP +sed -i "s|startAudioMuted:.*|startAudioMuted: 5,|" $MEET_CONF_HP +sed -i "s|// startVideoMuted:.*|startVideoMuted: 5,|" $MEET_CONF_HP +sed -i "s|channelLastN:.*|channelLastN: 10,|" $MEET_CONF_HP +sed -i "s|// enableLayerSuspension:.*|enableLayerSuspension: true,|" $MEET_CONF_HP +sed -i "s|// resolution:.*|resolution: 480,|" $MEET_CONF_HP +sed -i "s|// apiLogLevels:.*|apiLogLevels: ['warn', 'error']," $MEET_CONF_HP + +sed -i "s|// constraints: {| constraints: {|" $MEET_CONF_HP +sed -i "s|// video: {| video: {|" $MEET_CONF_HP +sed -i "s|// height: {| height: {|" $MEET_CONF_HP +sed -i "s|// ideal:.*| ideal: 480,|" $MEET_CONF_HP +sed -i "s|// max:.*| max: 480,|" $MEET_CONF_HP +sed -i "s|// min:.*| min:240|" $MEET_CONF_HP +sed -i "s|// }| }|" $MEET_CONF_HP +sed -i "s|// }| }|" $MEET_CONF_HP +sed -i "s|// },| },|" $MEET_CONF_HP + +cp $INT_CONF_JS $INT_CONF_JS_HP +sed -i "s|CONNECTION_INDICATOR_DISABLED:.*|CONNECTION_INDICATOR_DISABLED: true," $INT_CONF_JS_HP +sed -i "s|DISABLE_DOMINANT_SPEAKER_INDICATOR:.*|DISABLE_DOMINANT_SPEAKER_INDICATOR: true,|" $INT_CONF_JS_HP +sed -i "s|DISABLE_FOCUS_INDICATOR:.*|DISABLE_FOCUS_INDICATOR: false,|" $INT_CONF_JS_HP +sed -i "s|DISABLE_JOIN_LEAVE_NOTIFICATIONS:.*|DISABLE_JOIN_LEAVE_NOTIFICATIONS: true,|" $INT_CONF_JS_HP +sed -i "s|DISABLE_VIDEO_BACKGROUND:.*|DISABLE_VIDEO_BACKGROUND: true,|" $INT_CONF_JS_HP +sed -i "s|OPTIMAL_BROWSERS: [.*|OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'electron' ],|" $INT_CONF_JS_HP +sed -i "s|UNSUPPORTED_BROWSERS: [|UNSUPPORTED_BROWSERS: [ 'nwjs', 'safari' ],|" $INT_CONF_JS_HP + +##Toolbars +sed "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" $INT_CONF_JS_HP + +sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ TOOLBAR_BUTTONS: \[" $INT_CONF_JS_HP +sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," $INT_CONF_JS_HP +sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," $INT_CONF_JS_HP +sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'etherpad', 'settings', 'raisehand'," $INT_CONF_JS_HP +sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," $INT_CONF_JS_HP +sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'security'" $INT_CONF_JS_HP +sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \]," $INT_CONF_JS_HP + +echo "Done!, yeah, that quick ;)" + +echo "Rebooting in..." +wait_seconds 15 +reboot From 43432756cdeb75b81991ff5263046c9885e2d2ec Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 15 Dec 2020 08:46:52 -0600 Subject: [PATCH 27/43] Introduce selenium grid via docker --- mode/grid/selenium-grid-docker.sh | 148 ++++++++++++++++++++++++++++++ 1 file changed, 148 insertions(+) create mode 100644 mode/grid/selenium-grid-docker.sh diff --git a/mode/grid/selenium-grid-docker.sh b/mode/grid/selenium-grid-docker.sh new file mode 100644 index 0000000..0494473 --- /dev/null +++ b/mode/grid/selenium-grid-docker.sh @@ -0,0 +1,148 @@ +#!/bin/bash +# Custom Selenium Grid-Node fro Jitsi Meet +# Pandian - https://community.jitsi.org/u/Pandian +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. + +#Check if user is root +if ! [ $(id -u) = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi + +WAN_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" +AV_SPACE="$(df -h .|grep -v File|awk '{print$4}'|sed -e 's|G||')" + +echo -e "\n-- Make sure you have at least 20GB of disk space\n" +if [ $(echo "$AV_SPACE > 19" | bc) -ne 0 ]; then + echo "> Seems we have enough disk space." +else + echo "> Please meet the minimum required disk space for this installer, exiting..." + exit +fi + + +apt-get update +apt-get dist-upgrade -y +apt-get install -y \ + gnupg \ + bmon \ + curl \ + wget \ + unzip \ + maven \ + openjdk-8-jdk + +curl -fsSL https://get.docker.com -o get-docker.sh +sh get-docker.sh + +curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +chmod +x /usr/local/bin/docker-compose +ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose + +cd /opt +git clone https://github.com/jitsi/jitsi-meet-torture +cd /opt/jitsi-meet-torture/resources +wget -c https://media.xiph.org/video/derf/y4m/FourPeople_1280x720_60.y4m +cp FourPeople_1280x720_60.y4m FourPeople_1280x720_30.y4m +cd /opt + +#150 "participants" available +## Tested up to 120 with AWS c5.24xlarge +cat << SELENIUM_GRID_DOCKER > selenium.yml +version: "3" +services: + selenium-hub: + image: selenium/hub:3.141.59-20200525 + container_name: selenium-hub + ports: + - "4444:4444" + restart: always + chrome: + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always + chrome2: + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always + chrome3: + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always + chrome4: + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always + chrome5: + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always +SELENIUM_GRID_DOCKER + +docker-compose -f /opt/selenium.yml up -d + +echo "Change the values acording to you testusing something like;" +echo "sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\ + --conferences=1 \\ + --participants=30 \\ + --senders=2 \\ + --audio-senders=1 \\ + --duration=120 \\ + --room-name-prefix=hamertesting \\ + --hub-url=http://localhost:4444/wd/hub \\ + --instance-url=https://YOUR.JITSI-MEET-INSTANCE.DOMAIN +" +echo -e "\n-- If using 'hamertesting' you can join the room +hamertesting0, hamertesting1, hamertestingN +acording to the 'N' number of conferences set to watch the test." + + +echo -e "\n-- You can check the grid status at: +http://$WAN_IP:4444/grid/console +" From edbc1c6dc9f143d598c0e853030b43acd5a7c454 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 15 Dec 2020 16:50:45 -0600 Subject: [PATCH 28/43] Fix indenting and change required disk space available to >9GB --- mode/grid/selenium-grid-docker.sh | 146 +++++++++++++++--------------- 1 file changed, 74 insertions(+), 72 deletions(-) diff --git a/mode/grid/selenium-grid-docker.sh b/mode/grid/selenium-grid-docker.sh index 0494473..1440079 100644 --- a/mode/grid/selenium-grid-docker.sh +++ b/mode/grid/selenium-grid-docker.sh @@ -13,16 +13,15 @@ fi WAN_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" AV_SPACE="$(df -h .|grep -v File|awk '{print$4}'|sed -e 's|G||')" -echo -e "\n-- Make sure you have at least 20GB of disk space\n" -if [ $(echo "$AV_SPACE > 19" | bc) -ne 0 ]; then +echo -e "\n-- Make sure you have at least 10GB of disk space" +if [ $(echo "$AV_SPACE > 9" | bc) -ne 0 ]; then echo "> Seems we have enough disk space." else echo "> Please meet the minimum required disk space for this installer, exiting..." exit fi - -apt-get update +apt-get update apt-get dist-upgrade -y apt-get install -y \ gnupg \ @@ -32,14 +31,15 @@ apt-get install -y \ unzip \ maven \ openjdk-8-jdk - +# Docker curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh - -curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +## Docker Compose +curl -sL "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose +# Jitsi Meet Torture cd /opt git clone https://github.com/jitsi/jitsi-meet-torture cd /opt/jitsi-meet-torture/resources @@ -57,77 +57,77 @@ services: container_name: selenium-hub ports: - "4444:4444" - restart: always + restart: always chrome: - image: selenium/node-chrome:3.141.59-20200525 - volumes: - - /dev/shm:/dev/shm - - ./resources:/usr/share/jitsi-meet-torture/resources - depends_on: - - selenium-hub - environment: - - HUB_HOST=selenium-hub - - HUB_PORT=4444 - - NODE_MAX_INSTANCES=30 - - NODE_MAX_SESSION=30 - restart: always + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always chrome2: - image: selenium/node-chrome:3.141.59-20200525 - volumes: - - /dev/shm:/dev/shm - - ./resources:/usr/share/jitsi-meet-torture/resources - depends_on: - - selenium-hub - environment: - - HUB_HOST=selenium-hub - - HUB_PORT=4444 - - NODE_MAX_INSTANCES=30 - - NODE_MAX_SESSION=30 - restart: always + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always chrome3: - image: selenium/node-chrome:3.141.59-20200525 - volumes: - - /dev/shm:/dev/shm - - ./resources:/usr/share/jitsi-meet-torture/resources - depends_on: - - selenium-hub - environment: - - HUB_HOST=selenium-hub - - HUB_PORT=4444 - - NODE_MAX_INSTANCES=30 - - NODE_MAX_SESSION=30 - restart: always + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always chrome4: - image: selenium/node-chrome:3.141.59-20200525 - volumes: - - /dev/shm:/dev/shm - - ./resources:/usr/share/jitsi-meet-torture/resources - depends_on: - - selenium-hub - environment: - - HUB_HOST=selenium-hub - - HUB_PORT=4444 - - NODE_MAX_INSTANCES=30 - - NODE_MAX_SESSION=30 - restart: always + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always chrome5: - image: selenium/node-chrome:3.141.59-20200525 - volumes: - - /dev/shm:/dev/shm - - ./resources:/usr/share/jitsi-meet-torture/resources - depends_on: - - selenium-hub - environment: - - HUB_HOST=selenium-hub - - HUB_PORT=4444 - - NODE_MAX_INSTANCES=30 - - NODE_MAX_SESSION=30 - restart: always + image: selenium/node-chrome:3.141.59-20200525 + volumes: + - /dev/shm:/dev/shm + - ./resources:/usr/share/jitsi-meet-torture/resources + depends_on: + - selenium-hub + environment: + - HUB_HOST=selenium-hub + - HUB_PORT=4444 + - NODE_MAX_INSTANCES=30 + - NODE_MAX_SESSION=30 + restart: always SELENIUM_GRID_DOCKER docker-compose -f /opt/selenium.yml up -d - -echo "Change the values acording to you testusing something like;" +echo -e "\n#=================== End of Seleniun Grid build ========================#\n" +echo -e "\nChange the values acording to you test requirements using something like;\n" echo "sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\ --conferences=1 \\ --participants=30 \\ @@ -138,10 +138,12 @@ echo "sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\ --hub-url=http://localhost:4444/wd/hub \\ --instance-url=https://YOUR.JITSI-MEET-INSTANCE.DOMAIN " -echo -e "\n-- If using 'hamertesting' you can join the room +echo -e "\n-- If using 'hamertesting' as prefix name you can join the room hamertesting0, hamertesting1, hamertestingN -acording to the 'N' number of conferences set to watch the test." +acording to the 'N' number of conferences you have set to watch the test. +*Beware* for 120 \"participants\" to join video-muted it was necessary at least a c5.24xlarge AWS instance. +So start low and monitor your server resources." echo -e "\n-- You can check the grid status at: http://$WAN_IP:4444/grid/console From ddfd588fadf9692eb1db26efd44f2aa69cc43ed3 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 15 Dec 2020 18:54:54 -0600 Subject: [PATCH 29/43] Better instructions --- mode/grid/selenium-grid-docker.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mode/grid/selenium-grid-docker.sh b/mode/grid/selenium-grid-docker.sh index 1440079..f9fee05 100644 --- a/mode/grid/selenium-grid-docker.sh +++ b/mode/grid/selenium-grid-docker.sh @@ -140,10 +140,10 @@ echo "sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\ " echo -e "\n-- If using 'hamertesting' as prefix name you can join the room hamertesting0, hamertesting1, hamertestingN -acording to the 'N' number of conferences you have set to watch the test. +according to the 'N' number of conferences you have set to watch the test. *Beware* for 120 \"participants\" to join video-muted it was necessary at least a c5.24xlarge AWS instance. -So start low and monitor your server resources." +So start low, monitor your server resources and go from there." echo -e "\n-- You can check the grid status at: http://$WAN_IP:4444/grid/console From 19765ce321f4265f2e7310ba23b1681454bef827 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 15 Dec 2020 18:57:15 -0600 Subject: [PATCH 30/43] Fixing permissions on specific use case and adding generic kernel --- add-jibri-node.sh | 1 + quick_jibri_installer.sh | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index d1d360a..a6bec43 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -226,6 +226,7 @@ if [ "$HWE_VIR_MOD" == "1" ]; then linux-modules-extra-virtual-hwe-$(lsb_release -sr) else apt-get -y install \ + linux-image-generic \ linux-modules-extra-$(uname -r) fi diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index eb6547e..0df04dc 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -274,6 +274,7 @@ if [ "$HWE_VIR_MOD" == "1" ]; then linux-modules-extra-virtual-hwe-$(lsb_release -sr) else apt-get -y install \ + linux-image-generic \ linux-modules-extra-$(uname -r) fi @@ -502,7 +503,9 @@ done # read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS #fi #done -echo -e "\n> Jitsi Meet Auth Method selection.\n" +echo " +> Jitsi Meet Auth Method selection. +" PS3='Select the authentication method for your Jitsi Meet instance: ' options=("Local" "JWT" "None") select opt in "${options[@]}" @@ -1041,6 +1044,8 @@ if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then systemctl disable jibri systemctl disable jibri-xorg systemctl disable jibri-icewm +#Manually apply permissions since finalize_recording.sh won't be triggered on this server. + sudo -u jibri bash /home/jibri/finalize_recording.sh fi enable_letsencrypt From e13da49943ff5d12d858be7de7d3eddae49463fe Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 15 Dec 2020 19:52:44 -0600 Subject: [PATCH 31/43] Improve google repo detection and fix read variable order --- quick_jibri_installer.sh | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 0df04dc..c7a1c59 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -25,6 +25,7 @@ APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok instal NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") DIST=$(lsb_release -sc) GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" +GOOGLE_ACTIVE_REPO=$(apt-cache policy | grep http | grep chrome| awk '{print $3}' | head -n 1 | cut -d "/" -f2) PROSODY_REPO=$(apt-cache policy | grep http | grep prosody| awk '{print $3}' | head -n 1 | cut -d "/" -f2) CR=`echo $'\n> '` @@ -322,7 +323,7 @@ CHD_VER=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE) GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" echo "# Installing Google Chrome / ChromeDriver" -if [ -f $GOOGL_REPO ]; then +if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then echo "Google repository already set." else echo "Installing Google Chrome Stable" @@ -973,28 +974,23 @@ SRP_END=$((SRP_STR + 10)) sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF +#Secure room initial user +read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER +read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS +prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS + echo -e "\nSecure rooms are being enabled..." echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP -#Secure room initial user -read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER -read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS -prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh fi ###JWT if [ "$ENABLE_JWT" = "yes" ]; then echo -e "\nJWT auth is being setup..." - bash $PWD/mode/jwt.sh - - else - echo "No authentication method selected." - -read -n 1 -s -r -p "Press any key to continue..."$'\n' fi #Guest allow From f225e7f4b1d3edb224710a2d8fea2893592e219e Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 15 Dec 2020 22:44:06 -0600 Subject: [PATCH 32/43] Fix url schema --- add-jibri-node.sh | 2 +- quick_jibri_installer.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index a6bec43..1cb25ea 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -405,7 +405,7 @@ INOT_RSYNC mkdir /var/log/$NJN_USER -cat << LOG_ROT >> /etc/logrotate.d/$NJN_USER +cat << LOG_ROT > /etc/logrotate.d/$NJN_USER /var/log/$NJN_USER/*.log { monthly missingok diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index c7a1c59..5547e20 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -704,6 +704,7 @@ prosodyctl register recorder recorder.$DOMAIN $JB_REC_PASS # /etc/jitsi/jicofo/sip-communicator.properties cat << BREWERY >> $JICOFO_SIP #org.jitsi.jicofo.auth.URL=XMPP:$DOMAIN +#org.jitsi.jicofo.auth.URL=EXT_JWT:$DOMAIN org.jitsi.jicofo.jibri.BREWERY=$JibriBrewery@internal.auth.$DOMAIN org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90 #org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true From 2e206649c9accbdd9be7583f6b12b94b160b3e34 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 15 Dec 2020 22:44:58 -0600 Subject: [PATCH 33/43] Fix url schema --- mode/jwt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mode/jwt.sh b/mode/jwt.sh index a6e62aa..b5fc9bc 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -41,7 +41,7 @@ sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \ #allow_empty_token = true #Request auth -sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP +sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" $JICOFO_SIP sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF From 62436daec5d6043ee9b16d8eba13a87de05d5353 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 16 Dec 2020 03:01:35 -0600 Subject: [PATCH 34/43] Improve chrome repo detection --- add-jibri-node.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 1cb25ea..70701c6 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -53,6 +53,7 @@ DIR_RECORD="/var/jbrecord" REC_DIR="/home/jibri/finalize_recording.sh" CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" +GOOGLE_ACTIVE_REPO=$(apt-cache policy | grep http | grep chrome| awk '{print $3}' | head -n 1 | cut -d "/" -f2) GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" @@ -240,7 +241,7 @@ apt-get -y install \ openjdk-8-jre-headless echo "# Installing Google Chrome / ChromeDriver" -if [ -f $GOOGL_REPO ]; then +if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then echo "Google repository already set." else echo "Installing Google Chrome Stable" From ccb5b543e3738b4dc2460ab3f016162c92edd339 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 16 Dec 2020 03:04:20 -0600 Subject: [PATCH 35/43] Fix guest virtualhost conf --- mode/jwt.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/mode/jwt.sh b/mode/jwt.sh index b5fc9bc..c027805 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -44,6 +44,18 @@ sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \ sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" $JICOFO_SIP sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF +#Setup guests and lobby +cat << P_SR >> $PROSODY_FILE + +VirtualHost "guest.$DOMAIN" + authentication = "token" + allow_empty_token = true + c2s_require_encryption = false + muc_lobby_whitelist = { "recorder.$DOMAIN", "auth.$DOMAIN" } + app_id="$APP_ID"; + app_secret="$SECRET_APP"; + +P_SR echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n" echo -e "\n$APP_ID" && \ @@ -59,4 +71,4 @@ pyjwt3 --key="$SECRET_APP" \ room="*" \ algorithm="HS256" -read -n 1 -s -r -p "Press any key to continue..."$'\n' +read -n 1 -s -r -p $'\n'"Press any key to continue..."$'\n' From 253f9e6695d5fbb77ea3ffacb2281a76c3f5b70e Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 16 Dec 2020 03:04:48 -0600 Subject: [PATCH 36/43] Yet again rearrange of blocks --- quick_jibri_installer.sh | 68 ++++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 5547e20..54065e3 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -544,7 +544,8 @@ done #Jigasi if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd), - thus, Jigasi Transcript can't be enable." +thus, Jigasi Transcript can't be enable. +" elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] do @@ -656,38 +657,6 @@ restart_services() { # Configure Jvb2 sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communicator.properties -# Configure Jibri -if [ "$ENABLE_SC" = "yes" ]; then - if [ ! -f $MOD_LIST_FILE ]; then - echo -e "\n-> Adding external module to list prosody users...\n" - curl -s $MOD_LISTU > $MOD_LIST_FILE - - echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" - else - echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" - fi - -fi -#Enable jibri recording -cat << REC-JIBRI >> $PROSODY_FILE - -VirtualHost "recorder.$DOMAIN" - modules_enabled = { - "ping"; - } - authentication = "internal_plain" - -REC-JIBRI - -#Enable Jibri withelist -sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE - -#Fix Jibri conectivity issues -sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS -sed -i "/c2s_require_encryption = false/a \\ -\\ -consider_bosh_secure = true" $PROSODY_SYS - if [ ! -z $L10N_PARTICIPANT ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh fi @@ -986,6 +955,16 @@ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh + +#Add prosody module + if [ ! -f $MOD_LIST_FILE ]; then + echo -e "\n-> Adding external module to list prosody users...\n" + curl -s $MOD_LISTU > $MOD_LIST_FILE + + echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" + else + echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" + fi fi ###JWT @@ -994,8 +973,28 @@ echo -e "\nJWT auth is being setup..." bash $PWD/mode/jwt.sh fi +if [ "$ENABLE_SC" = "yes" ];then +#Enable jibri recording +cat << REC-JIBRI >> $PROSODY_FILE + +VirtualHost "recorder.$DOMAIN" + modules_enabled = { + "ping"; + } + authentication = "internal_plain" + +REC-JIBRI + +#Enable Jibri withelist +sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE + +#Fix Jibri conectivity issues +sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "/c2s_require_encryption = false/a \\ +\\ +consider_bosh_secure = true" $PROSODY_SYS + #Guest allow -if [ "$ENABLE_SC" = "yes" ] || [ "$ENABLE_JWT" = "yes" ];then cat << P_SR >> $PROSODY_FILE VirtualHost "guest.$DOMAIN" @@ -1015,6 +1014,7 @@ VirtualHost "guest.$DOMAIN" P_SR fi + #====================== #Start with video muted by default sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF From e9181f5c3e96122fc44a8164ae870ce88a374c17 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 16 Dec 2020 08:52:35 -0600 Subject: [PATCH 37/43] Fix conference duration clock on jwt --- mode/jwt.sh | 17 +++++++++++++++++ quick_jibri_installer.sh | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/mode/jwt.sh b/mode/jwt.sh index c027805..ae13f25 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -44,6 +44,17 @@ sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \ sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" $JICOFO_SIP sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF +#Enable jibri recording +cat << REC-JIBRI >> $PROSODY_FILE + +VirtualHost "recorder.$DOMAIN" + modules_enabled = { + "ping"; + } + authentication = "internal_plain" + +REC-JIBRI + #Setup guests and lobby cat << P_SR >> $PROSODY_FILE @@ -52,9 +63,15 @@ VirtualHost "guest.$DOMAIN" allow_empty_token = true c2s_require_encryption = false muc_lobby_whitelist = { "recorder.$DOMAIN", "auth.$DOMAIN" } + speakerstats_component = "speakerstats.$DOMAIN" + conference_duration_component = "conferenceduration.$DOMAIN" app_id="$APP_ID"; app_secret="$SECRET_APP"; + modules_enabled = { + "speakerstats"; + "conference_duration"; + } P_SR echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n" diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 54065e3..c42e443 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1047,7 +1047,7 @@ fi enable_letsencrypt -if [ "$ENABLE_SC" = "yes" ] || [ "$ENABLE_JWT" = "yes" ];then +if [ "$ENABLE_SC" = "yes" ];then echo "Waiting prosody restart to continue configuration, 15s..." wait_seconds 15 #Move mucs when using secure rooms - https://community.jitsi.org/t/27752/112 From f6d1ca40c5e1f6ce9e2c2c368ec75c0e2d91d92e Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 16 Dec 2020 10:28:28 -0600 Subject: [PATCH 38/43] Fix path to include media --- mode/grid/selenium-grid-docker.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mode/grid/selenium-grid-docker.sh b/mode/grid/selenium-grid-docker.sh index f9fee05..24f7b14 100644 --- a/mode/grid/selenium-grid-docker.sh +++ b/mode/grid/selenium-grid-docker.sh @@ -42,10 +42,10 @@ ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose # Jitsi Meet Torture cd /opt git clone https://github.com/jitsi/jitsi-meet-torture -cd /opt/jitsi-meet-torture/resources +cd jitsi-meet-torture/resources wget -c https://media.xiph.org/video/derf/y4m/FourPeople_1280x720_60.y4m cp FourPeople_1280x720_60.y4m FourPeople_1280x720_30.y4m -cd /opt +cd .. #150 "participants" available ## Tested up to 120 with AWS c5.24xlarge @@ -125,10 +125,12 @@ services: restart: always SELENIUM_GRID_DOCKER -docker-compose -f /opt/selenium.yml up -d +docker-compose -f selenium.yml up -d + echo -e "\n#=================== End of Seleniun Grid build ========================#\n" echo -e "\nChange the values acording to you test requirements using something like;\n" -echo "sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\ +echo "cd /opt/jitsi-meet-torture +sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\ --conferences=1 \\ --participants=30 \\ --senders=2 \\ From b34f5c07f22b4729543412c71b7a4009145dc28d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 17 Dec 2020 06:47:10 -0600 Subject: [PATCH 39/43] Add fixes --- mode/chp-mode.sh | 32 ++++++++++++++++--------------- mode/grid/selenium-grid-docker.sh | 2 +- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/mode/chp-mode.sh b/mode/chp-mode.sh index cfa24ed..e5cf236 100644 --- a/mode/chp-mode.sh +++ b/mode/chp-mode.sh @@ -26,8 +26,9 @@ JICOFO_LOG_POP="/etc/jitsi/videobridge/logging.properties" MEET_LOG_CONF="/usr/share/jitsi-meet/logging_config.js" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" MEET_CONF_HP="/etc/jitsi/meet/${DOMAIN}-chp-config.js" -INT_CONF_JS="/etc/jitsi/meet/meet.switnet.net-interface_config.js" -INT_CONF_JS_HP="/etc/jitsi/meet/meet.switnet.net-chp-interface_config.js" +INT_CONF_JS="/etc/jitsi/meet/${DOMAIN}-interface_config.js" +INT_CONF_JS_HP="/etc/jitsi/meet/${DOMAIN}-chp-interface_config.js" +WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf" FSTAB="/etc/fstab" if [ -z $LTS_REL ] || [ -z $DOMAIN ];then @@ -106,32 +107,33 @@ sed -i "s|enableNoAudioDetection:.*|enableNoAudioDetection: false,|" $MEET_CONF_ sed -i "s|enableNoisyMicDetection:.*|enableNoisyMicDetection: false,|" $MEET_CONF_HP sed -i "s|startAudioMuted:.*|startAudioMuted: 5,|" $MEET_CONF_HP sed -i "s|// startVideoMuted:.*|startVideoMuted: 5,|" $MEET_CONF_HP +sed -i "s|startWithVideoMuted: true,|startWithVideoMuted: false,|" $MEET_CONF_HP sed -i "s|channelLastN:.*|channelLastN: 10,|" $MEET_CONF_HP sed -i "s|// enableLayerSuspension:.*|enableLayerSuspension: true,|" $MEET_CONF_HP sed -i "s|// resolution:.*|resolution: 480,|" $MEET_CONF_HP -sed -i "s|// apiLogLevels:.*|apiLogLevels: ['warn', 'error']," $MEET_CONF_HP +sed -i "s|// apiLogLevels:.*|apiLogLevels: \['warn', 'error'],|" $MEET_CONF_HP -sed -i "s|// constraints: {| constraints: {|" $MEET_CONF_HP -sed -i "s|// video: {| video: {|" $MEET_CONF_HP -sed -i "s|// height: {| height: {|" $MEET_CONF_HP -sed -i "s|// ideal:.*| ideal: 480,|" $MEET_CONF_HP -sed -i "s|// max:.*| max: 480,|" $MEET_CONF_HP -sed -i "s|// min:.*| min:240|" $MEET_CONF_HP -sed -i "s|// }| }|" $MEET_CONF_HP -sed -i "s|// }| }|" $MEET_CONF_HP -sed -i "s|// },| },|" $MEET_CONF_HP +sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// constraints: {| constraints: {|" $MEET_CONF_HP +sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// video: {| video: {|" $MEET_CONF_HP +sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// height: {| height: {|" $MEET_CONF_HP +sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// ideal:.*| ideal: 480,|" $MEET_CONF_HP +sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// max:.*| max: 480,|" $MEET_CONF_HP +sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// min:.*| min:240|" $MEET_CONF_HP +sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// }| }|" $MEET_CONF_HP +sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// }| }|" $MEET_CONF_HP +sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// },| },|" $MEET_CONF_HP cp $INT_CONF_JS $INT_CONF_JS_HP -sed -i "s|CONNECTION_INDICATOR_DISABLED:.*|CONNECTION_INDICATOR_DISABLED: true," $INT_CONF_JS_HP +sed -i "s|CONNECTION_INDICATOR_DISABLED:.*|CONNECTION_INDICATOR_DISABLED: true,|" $INT_CONF_JS_HP sed -i "s|DISABLE_DOMINANT_SPEAKER_INDICATOR:.*|DISABLE_DOMINANT_SPEAKER_INDICATOR: true,|" $INT_CONF_JS_HP sed -i "s|DISABLE_FOCUS_INDICATOR:.*|DISABLE_FOCUS_INDICATOR: false,|" $INT_CONF_JS_HP sed -i "s|DISABLE_JOIN_LEAVE_NOTIFICATIONS:.*|DISABLE_JOIN_LEAVE_NOTIFICATIONS: true,|" $INT_CONF_JS_HP sed -i "s|DISABLE_VIDEO_BACKGROUND:.*|DISABLE_VIDEO_BACKGROUND: true,|" $INT_CONF_JS_HP sed -i "s|OPTIMAL_BROWSERS: [.*|OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'electron' ],|" $INT_CONF_JS_HP -sed -i "s|UNSUPPORTED_BROWSERS: [|UNSUPPORTED_BROWSERS: [ 'nwjs', 'safari' ],|" $INT_CONF_JS_HP +sed -i "s|UNSUPPORTED_BROWSERS: .*|UNSUPPORTED_BROWSERS: \[ 'nwjs', 'safari' \],|" $INT_CONF_JS_HP ##Toolbars -sed "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" $INT_CONF_JS_HP +sed -i "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" $INT_CONF_JS_HP sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ TOOLBAR_BUTTONS: \[" $INT_CONF_JS_HP sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," $INT_CONF_JS_HP diff --git a/mode/grid/selenium-grid-docker.sh b/mode/grid/selenium-grid-docker.sh index 24f7b14..27361a7 100644 --- a/mode/grid/selenium-grid-docker.sh +++ b/mode/grid/selenium-grid-docker.sh @@ -13,7 +13,7 @@ fi WAN_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" AV_SPACE="$(df -h .|grep -v File|awk '{print$4}'|sed -e 's|G||')" -echo -e "\n-- Make sure you have at least 10GB of disk space" +echo -e "\n-- Make sure you have at least 10GB of disk space available.\n" if [ $(echo "$AV_SPACE > 9" | bc) -ne 0 ]; then echo "> Seems we have enough disk space." else From 4679f347cb437c634cc3527f54e6d53bf28b5469 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 17 Dec 2020 07:24:34 -0600 Subject: [PATCH 40/43] Revert "Yet again rearrange of blocks" This reverts commit 253f9e6695d5fbb77ea3ffacb2281a76c3f5b70e. --- quick_jibri_installer.sh | 68 ++++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index c42e443..4dad1c7 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -544,8 +544,7 @@ done #Jigasi if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd), -thus, Jigasi Transcript can't be enable. -" + thus, Jigasi Transcript can't be enable." elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] do @@ -657,6 +656,38 @@ restart_services() { # Configure Jvb2 sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communicator.properties +# Configure Jibri +if [ "$ENABLE_SC" = "yes" ]; then + if [ ! -f $MOD_LIST_FILE ]; then + echo -e "\n-> Adding external module to list prosody users...\n" + curl -s $MOD_LISTU > $MOD_LIST_FILE + + echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" + else + echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" + fi + +fi +#Enable jibri recording +cat << REC-JIBRI >> $PROSODY_FILE + +VirtualHost "recorder.$DOMAIN" + modules_enabled = { + "ping"; + } + authentication = "internal_plain" + +REC-JIBRI + +#Enable Jibri withelist +sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE + +#Fix Jibri conectivity issues +sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "/c2s_require_encryption = false/a \\ +\\ +consider_bosh_secure = true" $PROSODY_SYS + if [ ! -z $L10N_PARTICIPANT ]; then sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh fi @@ -955,16 +986,6 @@ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh - -#Add prosody module - if [ ! -f $MOD_LIST_FILE ]; then - echo -e "\n-> Adding external module to list prosody users...\n" - curl -s $MOD_LISTU > $MOD_LIST_FILE - - echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" - else - echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n" - fi fi ###JWT @@ -973,28 +994,8 @@ echo -e "\nJWT auth is being setup..." bash $PWD/mode/jwt.sh fi -if [ "$ENABLE_SC" = "yes" ];then -#Enable jibri recording -cat << REC-JIBRI >> $PROSODY_FILE - -VirtualHost "recorder.$DOMAIN" - modules_enabled = { - "ping"; - } - authentication = "internal_plain" - -REC-JIBRI - -#Enable Jibri withelist -sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE - -#Fix Jibri conectivity issues -sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS -sed -i "/c2s_require_encryption = false/a \\ -\\ -consider_bosh_secure = true" $PROSODY_SYS - #Guest allow +if [ "$ENABLE_SC" = "yes" ] || [ "$ENABLE_JWT" = "yes" ];then cat << P_SR >> $PROSODY_FILE VirtualHost "guest.$DOMAIN" @@ -1014,7 +1015,6 @@ VirtualHost "guest.$DOMAIN" P_SR fi - #====================== #Start with video muted by default sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF From 7458a71935c0458e84e31ef2e11da5cbb3ef5a06 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 17 Dec 2020 07:28:57 -0600 Subject: [PATCH 41/43] Revert teaks --- quick_jibri_installer.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 4dad1c7..0471943 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -544,7 +544,8 @@ done #Jigasi if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd), - thus, Jigasi Transcript can't be enable." + thus, Jigasi Transcript can't be enable. +" elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]] do @@ -995,7 +996,7 @@ bash $PWD/mode/jwt.sh fi #Guest allow -if [ "$ENABLE_SC" = "yes" ] || [ "$ENABLE_JWT" = "yes" ];then +if [ "$ENABLE_SC" = "yes" ];then cat << P_SR >> $PROSODY_FILE VirtualHost "guest.$DOMAIN" @@ -1015,6 +1016,7 @@ VirtualHost "guest.$DOMAIN" P_SR fi + #====================== #Start with video muted by default sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF From 084cb24a6a9ed8fd5fc8b858e511aac9b3fee5b6 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 17 Dec 2020 08:02:55 -0600 Subject: [PATCH 42/43] Test manual setup, package one breaks things? --- mode/jwt.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mode/jwt.sh b/mode/jwt.sh index ae13f25..d751ed8 100644 --- a/mode/jwt.sh +++ b/mode/jwt.sh @@ -9,6 +9,8 @@ PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua" PROSODY_SYS="/etc/prosody/prosody.cfg.lua" APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)" SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)" +SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1) +SRP_END=$((SRP_STR + 10)) ## Required openssl for Focal 20.04 if [ "$(lsb_release -sc)" = "focal" ]; then @@ -36,9 +38,13 @@ apt-get install -y jitsi-meet-tokens #Setting up sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" $PROSODY_SYS +#- +sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"token\"|}" $PROSODY_FILE +sed -i "s|--app_id=\"example_app_id\"|app_id=\"$APP_ID\"|" $PROSODY_FILE +sed -i "s|--app_secret=\"example_app_secret\"|app_secret=\"$SECRET_APP\"|" $PROSODY_FILE sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" $PROSODY_FILE sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \"RocketChat\" }" $PROSODY_FILE -#allow_empty_token = true +#allow_empty_token = false #Request auth sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" $JICOFO_SIP From 7b3fd540b009dc9ae9faab5aea804686bb9e6d18 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 17 Dec 2020 08:37:39 -0600 Subject: [PATCH 43/43] Add debug option and apply final fixes --- mode/chp-mode.sh | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/mode/chp-mode.sh b/mode/chp-mode.sh index e5cf236..104a68f 100644 --- a/mode/chp-mode.sh +++ b/mode/chp-mode.sh @@ -9,6 +9,20 @@ if ! [ $(id -u) = 0 ]; then exit 0 fi +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo ./chp-mode.sh [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + wait_seconds() { secs=$(($1)) while [ $secs -gt 0 ]; do @@ -74,8 +88,8 @@ sysctl -w net.ipv4.tcp_timestamps=0 echo 'net.ipv4.tcp_timestamps=0' | tee -a /etc/sysctl.conf #https://bugzilla.redhat.com/show_bug.cgi?id=1283676 -sysctl -w net.core.netdev_max_backlog = 100000 -echo 'net.core.netdev_max_backlog = 100000' | tee -a /etc/sysctl.conf +sysctl -w net.core.netdev_max_backlog=100000 +echo 'net.core.netdev_max_backlog=100000' | tee -a /etc/sysctl.conf ##nginx sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf @@ -129,7 +143,7 @@ sed -i "s|DISABLE_DOMINANT_SPEAKER_INDICATOR:.*|DISABLE_DOMINANT_SPEAKER_INDICAT sed -i "s|DISABLE_FOCUS_INDICATOR:.*|DISABLE_FOCUS_INDICATOR: false,|" $INT_CONF_JS_HP sed -i "s|DISABLE_JOIN_LEAVE_NOTIFICATIONS:.*|DISABLE_JOIN_LEAVE_NOTIFICATIONS: true,|" $INT_CONF_JS_HP sed -i "s|DISABLE_VIDEO_BACKGROUND:.*|DISABLE_VIDEO_BACKGROUND: true,|" $INT_CONF_JS_HP -sed -i "s|OPTIMAL_BROWSERS: [.*|OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'electron' ],|" $INT_CONF_JS_HP +sed -i "s|OPTIMAL_BROWSERS: \[.*|OPTIMAL_BROWSERS: \[ 'chrome', 'chromium', 'electron' \],|" $INT_CONF_JS_HP sed -i "s|UNSUPPORTED_BROWSERS: .*|UNSUPPORTED_BROWSERS: \[ 'nwjs', 'safari' \],|" $INT_CONF_JS_HP ##Toolbars @@ -143,6 +157,11 @@ sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'security'" $INT_CONF_JS_HP sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \]," $INT_CONF_JS_HP +sed -i "s|$MEET_CONF|$MEET_CONF_HP|g" $WS_CONF +sed -i "s|$INT_CONF_JS|$INT_CONF_JS_HP|" $WS_CONF +nginx -t +#systemctl restart nginx + echo "Done!, yeah, that quick ;)" echo "Rebooting in..."