Merge pull request #22 from switnet-ltd/unstable
Scaling up and performance features. - JWT auth - CHP mode - Add JVB2 - Docker SG etc.
This commit is contained in:
commit
b25cb90ae6
|
@ -60,7 +60,7 @@ Feel free to use our (new) `test-jibri-env.sh` tool to find some details on your
|
||||||
* Grafana Dashboard
|
* Grafana Dashboard
|
||||||
* Lobby Rooms - Secure Rooms
|
* Lobby Rooms - Secure Rooms
|
||||||
* Conference Duration - Secure Rooms
|
* Conference Duration - Secure Rooms
|
||||||
* (New) Automatic Jibri nodes network sync ([see more](https://github.com/switnet-ltd/quick-jibri-installer/wiki/Jibri-Nodes)).
|
* (New) Automatic Jibri nodes network sync ([see more](https://github.com/switnet-ltd/quick-jibri-installer/wiki/Setup-and-Jibri-Nodes)).
|
||||||
|
|
||||||
## Tools (New)
|
## Tools (New)
|
||||||
* (New) Jibri Environment Tester
|
* (New) Jibri Environment Tester
|
||||||
|
|
|
@ -53,6 +53,7 @@ DIR_RECORD="/var/jbrecord"
|
||||||
REC_DIR="/home/jibri/finalize_recording.sh"
|
REC_DIR="/home/jibri/finalize_recording.sh"
|
||||||
CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)"
|
CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)"
|
||||||
GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
|
GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
|
||||||
|
GOOGLE_ACTIVE_REPO=$(apt-cache policy | grep http | grep chrome| awk '{print $3}' | head -n 1 | cut -d "/" -f2)
|
||||||
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
|
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
|
||||||
PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
|
PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
|
||||||
NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
|
NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
|
||||||
|
@ -226,6 +227,7 @@ if [ "$HWE_VIR_MOD" == "1" ]; then
|
||||||
linux-modules-extra-virtual-hwe-$(lsb_release -sr)
|
linux-modules-extra-virtual-hwe-$(lsb_release -sr)
|
||||||
else
|
else
|
||||||
apt-get -y install \
|
apt-get -y install \
|
||||||
|
linux-image-generic \
|
||||||
linux-modules-extra-$(uname -r)
|
linux-modules-extra-$(uname -r)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -239,7 +241,7 @@ apt-get -y install \
|
||||||
openjdk-8-jre-headless
|
openjdk-8-jre-headless
|
||||||
|
|
||||||
echo "# Installing Google Chrome / ChromeDriver"
|
echo "# Installing Google Chrome / ChromeDriver"
|
||||||
if [ -f $GOOGL_REPO ]; then
|
if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then
|
||||||
echo "Google repository already set."
|
echo "Google repository already set."
|
||||||
else
|
else
|
||||||
echo "Installing Google Chrome Stable"
|
echo "Installing Google Chrome Stable"
|
||||||
|
@ -404,7 +406,7 @@ INOT_RSYNC
|
||||||
|
|
||||||
mkdir /var/log/$NJN_USER
|
mkdir /var/log/$NJN_USER
|
||||||
|
|
||||||
cat << LOG_ROT >> /etc/logrotate.d/$NJN_USER
|
cat << LOG_ROT > /etc/logrotate.d/$NJN_USER
|
||||||
/var/log/$NJN_USER/*.log {
|
/var/log/$NJN_USER/*.log {
|
||||||
monthly
|
monthly
|
||||||
missingok
|
missingok
|
||||||
|
|
|
@ -0,0 +1,347 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# JVB2 Node Aggregator
|
||||||
|
# SwITNet Ltd © - 2020, https://switnet.net/
|
||||||
|
# GPLv3 or later.
|
||||||
|
|
||||||
|
### 0_LAST EDITION TIME STAMP ###
|
||||||
|
# LETS: AUTOMATED_EDITION_TIME
|
||||||
|
### 1_LAST EDITION ###
|
||||||
|
|
||||||
|
#Make sure the file name is the required one
|
||||||
|
if [ ! "$(basename $0)" = "add-jvb2-node.sh" ]; then
|
||||||
|
echo "For most cases naming won't matter, for this one it does."
|
||||||
|
echo "Please use the original name for this script: \`add-jvb2-node.sh', and run again."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
while getopts m: option
|
||||||
|
do
|
||||||
|
case "${option}"
|
||||||
|
in
|
||||||
|
m) MODE=${OPTARG};;
|
||||||
|
\?) echo "Usage: sudo ./add-jvb2-node.sh [-m debug]" && exit;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
#DEBUG
|
||||||
|
if [ "$MODE" = "debug" ]; then
|
||||||
|
set -x
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Check admin rights
|
||||||
|
if ! [ "$(id -u)" = 0 ]; then
|
||||||
|
echo "You need to be root or have sudo privileges!"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
### 0_VAR_DEF
|
||||||
|
MAIN_SRV_DIST=TBD
|
||||||
|
MAIN_SRV_REPO=TBD
|
||||||
|
MAIN_SRV_DOMAIN=TBD
|
||||||
|
|
||||||
|
JVB_HOSTNAME=TBD
|
||||||
|
JVB_HOST=TBD
|
||||||
|
JVB_PORT=TBD
|
||||||
|
JVB_SECRET=TBD
|
||||||
|
JVB_OPTS=TBD
|
||||||
|
SYS_PROPS=TBD
|
||||||
|
AWS_HARVEST=TBD
|
||||||
|
STUN_MAPPING=TBD
|
||||||
|
ENABLE_STATISTICS=TBD
|
||||||
|
SHARD_HOSTNAME=TBD
|
||||||
|
SHARD_DOMAIN=TBD
|
||||||
|
SHARD_PASS=TBD
|
||||||
|
MUC_JID=TBD
|
||||||
|
|
||||||
|
MJS_USER=TBD
|
||||||
|
MJS_USER_PASS=TBD
|
||||||
|
START=0
|
||||||
|
LAST=TBD
|
||||||
|
|
||||||
|
THIS_SRV_DIST=$(lsb_release -sc)
|
||||||
|
JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1)
|
||||||
|
JVB2_CONF="/etc/jitsi/videobridge/config"
|
||||||
|
JVB2_NCONF="/etc/jitsi/videobridge/jvb.conf"
|
||||||
|
JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties"
|
||||||
|
#PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
|
||||||
|
NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
|
||||||
|
NJN_USER="jvbnode${ADDUP}_${NJN_RAND_TAIL}"
|
||||||
|
NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
|
||||||
|
#GITHUB_RAW="https://raw.githubusercontent.com"
|
||||||
|
#GIT_REPO="switnet-ltd/quick-jibri-installer"
|
||||||
|
### 1_VAR_DEF
|
||||||
|
|
||||||
|
# sed limiters for add-jvb2-node.sh variables
|
||||||
|
var_dlim() {
|
||||||
|
grep -n $1 add-jvb2-node.sh|head -n1|cut -d ":" -f1
|
||||||
|
}
|
||||||
|
|
||||||
|
check_var() {
|
||||||
|
if [ -z "$2" ]; then
|
||||||
|
echo -e "Check if variable $1 is set: \xE2\x9C\x96 \nExiting..."
|
||||||
|
exit
|
||||||
|
else
|
||||||
|
echo -e "Check if variable $1 is set: \xE2\x9C\x94"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ -z "$LAST" ]; then
|
||||||
|
echo "There is an error on the LAST definition, please report."
|
||||||
|
exit
|
||||||
|
elif [ "$LAST" = "TBD" ]; then
|
||||||
|
ADDUP=$((START + 1))
|
||||||
|
else
|
||||||
|
ADDUP=$((LAST + 1))
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Check server and node OS
|
||||||
|
if [ ! "$THIS_SRV_DIST" = "$MAIN_SRV_DIST" ]; then
|
||||||
|
echo "Please use the same OS for the JVB2 setup on both servers."
|
||||||
|
echo "This server is based on: $THIS_SRV_DIST"
|
||||||
|
echo "The main server record claims is based on: $MAIN_SRV_DIST"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Check system resources
|
||||||
|
echo "Verifying System Resources:"
|
||||||
|
if [ "$(nproc --all)" -lt 4 ];then
|
||||||
|
echo "
|
||||||
|
Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads.
|
||||||
|
>> We recommend 4 cores/threads for JVB2!
|
||||||
|
"
|
||||||
|
CPU_MIN="N"
|
||||||
|
else
|
||||||
|
echo "CPU Cores/Threads: OK ($(nproc --all))"
|
||||||
|
CPU_MIN="Y"
|
||||||
|
fi
|
||||||
|
### Test RAM size (8GB min) ###
|
||||||
|
mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+')
|
||||||
|
if [ ${mem_available} -lt 7700000 ]; then
|
||||||
|
echo "
|
||||||
|
Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads.
|
||||||
|
>> We recommend 8GB RAM for JVB2!
|
||||||
|
"
|
||||||
|
MEM_MIN="N"
|
||||||
|
else
|
||||||
|
echo "Memory: OK ($((mem_available/1024)) MiB)"
|
||||||
|
MEM_MIN="Y"
|
||||||
|
fi
|
||||||
|
if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then
|
||||||
|
echo "All requirements seems meet!"
|
||||||
|
echo "
|
||||||
|
- We hope you have a nice recording/streaming session
|
||||||
|
"
|
||||||
|
else
|
||||||
|
echo "CPU ($(nproc --all))/RAM ($((mem_available/1024)) MiB) does NOT meet minimum recommended requirements!"
|
||||||
|
echo "We highly advice to increase the resources in order to install this JVB2 node."
|
||||||
|
while [[ "$CONTINUE_LOW_RES" != "yes" && "$CONTINUE_LOW_RES" != "no" ]]
|
||||||
|
do
|
||||||
|
read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_LOW_RES
|
||||||
|
if [ "$CONTINUE_LOW_RES" = "no" ]; then
|
||||||
|
echo "See you next time with more resources!..."
|
||||||
|
exit
|
||||||
|
elif [ "$CONTINUE_LOW_RES" = "yes" ]; then
|
||||||
|
echo "Please keep in mind that we might not support underpowered nodes."
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "
|
||||||
|
#-----------------------------------------------------------------------
|
||||||
|
# Checking initial necessary variables...
|
||||||
|
#-----------------------------------------------------------------------"
|
||||||
|
|
||||||
|
check_var JVB_HOSTNNAME "$JVB_HOSTNAME"
|
||||||
|
if [ -z $JVB_HOST ]; then
|
||||||
|
echo "JVB_HOST is empty, but it may be ok for it to be empty, skipping empty test."
|
||||||
|
else
|
||||||
|
check_var JVB_HOST "$JVB_HOST"
|
||||||
|
fi
|
||||||
|
check_var JVB_PORT "$JVB_PORT"
|
||||||
|
check_var JVB_SECRET "$JVB_SECRET"
|
||||||
|
check_var JVB_OPTS "$JVB_OPTS"
|
||||||
|
check_var SYS_PROPS "$SYS_PROPS"
|
||||||
|
check_var AWS_HARVEST "$AWS_HARVEST"
|
||||||
|
check_var STUN_MAPPING "$STUN_MAPPING"
|
||||||
|
check_var ENABLE_STATISTICS "$ENABLE_STATISTICS"
|
||||||
|
check_var SHARD_HOSTNAME "$SHARD_HOSTNAME"
|
||||||
|
check_var SHARD_DOMAIN "$SHARD_DOMAIN"
|
||||||
|
check_var SHARD_PASS "$SHARD_PASS"
|
||||||
|
check_var MUC_JID "$MUC_JID"
|
||||||
|
check_var MAIN_SRV_DOMAIN "$MAIN_SRV_DOMAIN"
|
||||||
|
|
||||||
|
# Rename hostname for each jvb2 node
|
||||||
|
hostnamectl set-hostname "jvb${ADDUP}.${MAIN_SRV_DOMAIN}"
|
||||||
|
sed -i "1i 127.0.0.1 jvb${ADDUP}.${MAIN_SRV_DOMAIN}" /etc/hosts
|
||||||
|
|
||||||
|
# Jitsi-Meet Repo
|
||||||
|
echo "Add Jitsi repo"
|
||||||
|
if [ -z "$JITSI_REPO" ]; then
|
||||||
|
echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list
|
||||||
|
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
|
||||||
|
elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
|
||||||
|
echo "Main and node servers repository don't match, extiting.."
|
||||||
|
exit
|
||||||
|
elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
|
||||||
|
echo "Main and node servers repository match, continuing..."
|
||||||
|
else
|
||||||
|
echo "Jitsi $JITSI_REPO repository already installed"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Requirements
|
||||||
|
echo "We'll start by installing system requirements this may take a while please be patient..."
|
||||||
|
apt-get update -q2
|
||||||
|
apt-get dist-upgrade -yq2
|
||||||
|
|
||||||
|
apt-get -y install \
|
||||||
|
apt-show-versions \
|
||||||
|
bmon \
|
||||||
|
curl \
|
||||||
|
git \
|
||||||
|
htop \
|
||||||
|
ssh \
|
||||||
|
unzip \
|
||||||
|
wget
|
||||||
|
|
||||||
|
echo "# Check and Install HWE kernel if possible..."
|
||||||
|
HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe")
|
||||||
|
if [ "$HWE_VIR_MOD" == "1" ]; then
|
||||||
|
apt-get -y install \
|
||||||
|
linux-image-generic-hwe-$(lsb_release -sr) \
|
||||||
|
linux-modules-extra-virtual-hwe-$(lsb_release -sr)
|
||||||
|
else
|
||||||
|
apt-get -y install \
|
||||||
|
linux-modules-extra-$(uname -r)
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "
|
||||||
|
#--------------------------------------------------
|
||||||
|
# Install JVB2
|
||||||
|
#--------------------------------------------------
|
||||||
|
"
|
||||||
|
echo "jitsi-videobridge jitsi-videobridge/jvb-hostname string $MAIN_SRV_DOMAIN" | debconf-set-selections
|
||||||
|
|
||||||
|
apt-get -y install \
|
||||||
|
jitsi-videobridge2 \
|
||||||
|
openjdk-8-jre-headless
|
||||||
|
|
||||||
|
echo '
|
||||||
|
########################################################################
|
||||||
|
Start JVB2 configuration
|
||||||
|
########################################################################
|
||||||
|
'
|
||||||
|
|
||||||
|
mv $JVB2_CONF ${JVB2_CONF}-dpkg-file
|
||||||
|
|
||||||
|
## JVB2 - CONFIG
|
||||||
|
cat << JVB2_CONF > $JVB2_CONF
|
||||||
|
# Jitsi Videobridge settings
|
||||||
|
|
||||||
|
# sets the XMPP domain (default: none)
|
||||||
|
JVB_HOSTNAME=$JVB_HN
|
||||||
|
|
||||||
|
# sets the hostname of the XMPP server (default: domain if set, localhost otherwise)
|
||||||
|
JVB_HOST=$JVB_HOST
|
||||||
|
|
||||||
|
# sets the port of the XMPP server (default: 5275)
|
||||||
|
JVB_PORT=$JVB_PORT
|
||||||
|
|
||||||
|
# sets the shared secret used to authenticate to the XMPP server
|
||||||
|
JVB_SECRET=$JVB_SECRET
|
||||||
|
|
||||||
|
# extra options to pass to the JVB daemon
|
||||||
|
JVB_OPTS=$JVB_OPTS
|
||||||
|
|
||||||
|
# adds java system props that are passed to jvb (default are for home and logging config file)
|
||||||
|
JAVA_SYS_PROPS=$SYS_PROPS
|
||||||
|
|
||||||
|
JVB2_CONF
|
||||||
|
|
||||||
|
|
||||||
|
mv $JVB2_SIP $JVB2_SIP-dpkg-file
|
||||||
|
## JVB2 - SIP
|
||||||
|
cat << JVB2_SIP > $JVB2_SIP
|
||||||
|
# Legacy conf file, new format already at
|
||||||
|
# /etc/jitsi/videobridge/jvb.conf
|
||||||
|
# --add-jvb2-node.sh
|
||||||
|
JVB2_SIP
|
||||||
|
|
||||||
|
echo -e "\n---- Setting new config format for jvb2 node. ----"
|
||||||
|
sed -i '${/\}/d;}' $JVB2_NCONF
|
||||||
|
cat << JVB2 >> $JVB2_NCONF
|
||||||
|
stats {
|
||||||
|
# Enable broadcasting stats/presence in a MUC
|
||||||
|
enabled = true
|
||||||
|
transports = [
|
||||||
|
{ type = "muc" }
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
apis {
|
||||||
|
xmpp-client {
|
||||||
|
configs {
|
||||||
|
# Connect to the first XMPP server
|
||||||
|
xmpp-server-$ADDUP {
|
||||||
|
hostname="$MAIN_SRV_DOMAIN"
|
||||||
|
domain = "auth.$MAIN_SRV_DOMAIN"
|
||||||
|
username = "jvb"
|
||||||
|
password = "$SHARD_PASS"
|
||||||
|
muc_jids = "JvbBrewery@internal.auth.$MAIN_SRV_DOMAIN"
|
||||||
|
# The muc_nickname must be unique across all jitsi-videobridge instances
|
||||||
|
muc_nickname = "jvb2-$ADDUP"
|
||||||
|
disable_certificate_verification = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
JVB2
|
||||||
|
|
||||||
|
echo -e "\n---- Create random nodesync user ----"
|
||||||
|
useradd -m -g jitsi $NJN_USER
|
||||||
|
echo "$NJN_USER:$NJN_USER_PASS" | chpasswd
|
||||||
|
|
||||||
|
echo -e "\n---- We'll connect to main server ----"
|
||||||
|
read -n 1 -s -r -p "Press any key to continue..."$'\n'
|
||||||
|
sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''"
|
||||||
|
echo "Remote pass: $MJS_USER_PASS"
|
||||||
|
ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts
|
||||||
|
ssh $MJS_USER@$MAIN_SRV_DOMAIN sh -c "'cat >> .ssh/authorized_keys'" < /home/$NJN_USER/.ssh/id_rsa.pub
|
||||||
|
sudo su $NJN_USER -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts"
|
||||||
|
|
||||||
|
echo "Writting last node number..."
|
||||||
|
sed -i "$(var_dlim 0_VAR),$(var_dlim 1_VAR){s|LAST=.*|LAST=$ADDUP|}" add-jvb2-node.sh
|
||||||
|
sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jvb2-node.sh
|
||||||
|
echo "Last file edition at: $(grep "LETS:" add-jvb2-node.sh|head -n1|awk -F'LETS:' '{print$2}')"
|
||||||
|
|
||||||
|
#Enable jvb2 services
|
||||||
|
systemctl enable jitsi-videobridge2.service
|
||||||
|
systemctl restart jitsi-videobridge2.service
|
||||||
|
|
||||||
|
echo -e "\nSending updated add-jvb2-node.sh file to main server sync user...\n"
|
||||||
|
cp $PWD/add-jvb2-node.sh /tmp
|
||||||
|
sudo -u $NJN_USER scp /tmp/add-jvb2-node.sh $MJS_USER@$MAIN_SRV_DOMAIN:/home/$MJS_USER/
|
||||||
|
rm $PWD/add-jvb2-node.sh /tmp/add-jvb2-node.sh
|
||||||
|
|
||||||
|
echo "
|
||||||
|
########################################################################
|
||||||
|
Node addition complete!!
|
||||||
|
|
||||||
|
IMPORTANT:
|
||||||
|
The updated version of this file has been sent to the main server
|
||||||
|
at the sync user home directory, please use that one in order to
|
||||||
|
install new nodes. For security reason this version has been deleted
|
||||||
|
from this very node.
|
||||||
|
|
||||||
|
For customized support: http://switnet.net
|
||||||
|
########################################################################
|
||||||
|
"
|
||||||
|
|
||||||
|
echo "Rebooting in..."
|
||||||
|
secs=$((15))
|
||||||
|
while [ $secs -gt 0 ]; do
|
||||||
|
echo -ne "$secs\033[0K\r"
|
||||||
|
sleep 1
|
||||||
|
: $((secs--))
|
||||||
|
done
|
||||||
|
reboot
|
|
@ -0,0 +1,169 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Custom High Performance Jitsi conf
|
||||||
|
# SwITNet Ltd © - 2020, https://switnet.net/
|
||||||
|
# GPLv3 or later.
|
||||||
|
|
||||||
|
#Check if user is root
|
||||||
|
if ! [ $(id -u) = 0 ]; then
|
||||||
|
echo "You need to be root or have privileges!"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
while getopts m: option
|
||||||
|
do
|
||||||
|
case "${option}"
|
||||||
|
in
|
||||||
|
m) MODE=${OPTARG};;
|
||||||
|
\?) echo "Usage: sudo ./chp-mode.sh [-m debug]" && exit;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
#DEBUG
|
||||||
|
if [ "$MODE" = "debug" ]; then
|
||||||
|
set -x
|
||||||
|
fi
|
||||||
|
|
||||||
|
wait_seconds() {
|
||||||
|
secs=$(($1))
|
||||||
|
while [ $secs -gt 0 ]; do
|
||||||
|
echo -ne "$secs\033[0K\r"
|
||||||
|
sleep 1
|
||||||
|
: $((secs--))
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
LTS_REL="$(lsb_release -d | awk '{print$4}')"
|
||||||
|
DOMAIN="$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')"
|
||||||
|
JVB_LOG_POP="/etc/jitsi/videobridge/logging.properties"
|
||||||
|
JVB_RC="/usr/share/jitsi-videobridge/lib/videobridge.rc"
|
||||||
|
JICOFO_LOG_POP="/etc/jitsi/videobridge/logging.properties"
|
||||||
|
MEET_LOG_CONF="/usr/share/jitsi-meet/logging_config.js"
|
||||||
|
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
|
||||||
|
MEET_CONF_HP="/etc/jitsi/meet/${DOMAIN}-chp-config.js"
|
||||||
|
INT_CONF_JS="/etc/jitsi/meet/${DOMAIN}-interface_config.js"
|
||||||
|
INT_CONF_JS_HP="/etc/jitsi/meet/${DOMAIN}-chp-interface_config.js"
|
||||||
|
WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf"
|
||||||
|
FSTAB="/etc/fstab"
|
||||||
|
|
||||||
|
if [ -z $LTS_REL ] || [ -z $DOMAIN ];then
|
||||||
|
echo "This system isn't suitable to configure."
|
||||||
|
exit
|
||||||
|
else
|
||||||
|
echo "This system seems suitable to configure..."
|
||||||
|
fi
|
||||||
|
|
||||||
|
while [[ "$CONTINUE_HP" != "yes" && "$CONTINUE_HP" != "no" ]]
|
||||||
|
do
|
||||||
|
read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_HP
|
||||||
|
if [ "$CONTINUE_HP" = "no" ]; then
|
||||||
|
echo "See you next time!..."
|
||||||
|
exit
|
||||||
|
elif [ "$CONTINUE_HP" = "yes" ]; then
|
||||||
|
echo "Good, then let's get it done..."
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
#Tools to consider
|
||||||
|
##Profiling
|
||||||
|
#https://github.com/jvm-profiling-tools/async-profiler
|
||||||
|
|
||||||
|
#SYSTEM
|
||||||
|
##Disable swap
|
||||||
|
swapoff -a
|
||||||
|
sed -ir '/\sswap\s/s/^#?/#/' $FSTAB
|
||||||
|
|
||||||
|
##Kernel
|
||||||
|
#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/tuning_and_optimizing_red_hat_enterprise_linux_for_oracle_9i_and_10g_databases/sect-oracle_9i_and_10g_tuning_guide-adjusting_network_settings-changing_network_kernel_settings
|
||||||
|
sysctl -w net.core.rmem_default=262144
|
||||||
|
sysctl -w net.core.wmem_default=262144
|
||||||
|
sysctl -w net.core.rmem_max=262144
|
||||||
|
sysctl -w net.core.wmem_max=262144
|
||||||
|
echo 'net.core.rmem_default=262144' | tee -a /etc/sysctl.conf
|
||||||
|
echo 'net.core.wmem_default=262144' | tee -a /etc/sysctl.conf
|
||||||
|
echo 'net.core.rmem_max=262144' | tee -a /etc/sysctl.conf
|
||||||
|
echo 'net.core.wmem_max=262144' | tee -a /etc/sysctl.conf
|
||||||
|
|
||||||
|
#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes
|
||||||
|
sysctl -w net.ipv4.tcp_timestamps=0
|
||||||
|
echo 'net.ipv4.tcp_timestamps=0' | tee -a /etc/sysctl.conf
|
||||||
|
|
||||||
|
#https://bugzilla.redhat.com/show_bug.cgi?id=1283676
|
||||||
|
sysctl -w net.core.netdev_max_backlog=100000
|
||||||
|
echo 'net.core.netdev_max_backlog=100000' | tee -a /etc/sysctl.conf
|
||||||
|
|
||||||
|
##nginx
|
||||||
|
sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
#Missing docs
|
||||||
|
#sysctl -w net.ipv4.tcp_low_latency=1
|
||||||
|
|
||||||
|
#JVB2
|
||||||
|
##Loose up logging
|
||||||
|
# https://community.jitsi.org/t/23641/13
|
||||||
|
sed -i "/java.util.logging.FileHandler.level/s|ALL|WARNING|g" $JVB_LOG_POP
|
||||||
|
sed -i "s|^.level=INFO|.level=WARNING|" $JVB_LOG_POP
|
||||||
|
sed -i "/VIDEOBRIDGE_MAX_MEMORY=/i \ VIDEOBRIDGE_MAX_MEMORY=8192m" $JVB_RC
|
||||||
|
|
||||||
|
#JICOFO
|
||||||
|
sed -i "/java.util.logging.FileHandler.level/s|ALL|OFF|g" $JICOFO_LOG_POP
|
||||||
|
sed -i "s|^.level=INFO|.level=WARNING|" $JICOFO_LOG_POP
|
||||||
|
|
||||||
|
#MEET
|
||||||
|
sed -i "s|defaultLogLevel:.*|defaultLogLevel: 'error',|" $MEET_LOG_CONF
|
||||||
|
sed -i "/TraceablePeerConnection.js/s|info|error|" $MEET_LOG_CONF
|
||||||
|
sed -i "/CallStats.js/s|info|error|" $MEET_LOG_CONF
|
||||||
|
sed -i "/strophe.util.js/s|log|error|" $MEET_LOG_CONF
|
||||||
|
|
||||||
|
#UX - Room settings and interface
|
||||||
|
cp $MEET_CONF $MEET_CONF_HP
|
||||||
|
sed -i "s|// disableAudioLevels:.*|disableAudioLevels: true,|" $MEET_CONF_HP
|
||||||
|
sed -i "s|enableNoAudioDetection:.*|enableNoAudioDetection: false,|" $MEET_CONF_HP
|
||||||
|
sed -i "s|enableNoisyMicDetection:.*|enableNoisyMicDetection: false,|" $MEET_CONF_HP
|
||||||
|
sed -i "s|startAudioMuted:.*|startAudioMuted: 5,|" $MEET_CONF_HP
|
||||||
|
sed -i "s|// startVideoMuted:.*|startVideoMuted: 5,|" $MEET_CONF_HP
|
||||||
|
sed -i "s|startWithVideoMuted: true,|startWithVideoMuted: false,|" $MEET_CONF_HP
|
||||||
|
sed -i "s|channelLastN:.*|channelLastN: 10,|" $MEET_CONF_HP
|
||||||
|
sed -i "s|// enableLayerSuspension:.*|enableLayerSuspension: true,|" $MEET_CONF_HP
|
||||||
|
sed -i "s|// resolution:.*|resolution: 480,|" $MEET_CONF_HP
|
||||||
|
sed -i "s|// apiLogLevels:.*|apiLogLevels: \['warn', 'error'],|" $MEET_CONF_HP
|
||||||
|
|
||||||
|
sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// constraints: {| constraints: {|" $MEET_CONF_HP
|
||||||
|
sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// video: {| video: {|" $MEET_CONF_HP
|
||||||
|
sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// height: {| height: {|" $MEET_CONF_HP
|
||||||
|
sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// ideal:.*| ideal: 480,|" $MEET_CONF_HP
|
||||||
|
sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// max:.*| max: 480,|" $MEET_CONF_HP
|
||||||
|
sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// min:.*| min:240|" $MEET_CONF_HP
|
||||||
|
sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// }| }|" $MEET_CONF_HP
|
||||||
|
sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// }| }|" $MEET_CONF_HP
|
||||||
|
sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// },| },|" $MEET_CONF_HP
|
||||||
|
|
||||||
|
cp $INT_CONF_JS $INT_CONF_JS_HP
|
||||||
|
sed -i "s|CONNECTION_INDICATOR_DISABLED:.*|CONNECTION_INDICATOR_DISABLED: true,|" $INT_CONF_JS_HP
|
||||||
|
sed -i "s|DISABLE_DOMINANT_SPEAKER_INDICATOR:.*|DISABLE_DOMINANT_SPEAKER_INDICATOR: true,|" $INT_CONF_JS_HP
|
||||||
|
sed -i "s|DISABLE_FOCUS_INDICATOR:.*|DISABLE_FOCUS_INDICATOR: false,|" $INT_CONF_JS_HP
|
||||||
|
sed -i "s|DISABLE_JOIN_LEAVE_NOTIFICATIONS:.*|DISABLE_JOIN_LEAVE_NOTIFICATIONS: true,|" $INT_CONF_JS_HP
|
||||||
|
sed -i "s|DISABLE_VIDEO_BACKGROUND:.*|DISABLE_VIDEO_BACKGROUND: true,|" $INT_CONF_JS_HP
|
||||||
|
sed -i "s|OPTIMAL_BROWSERS: \[.*|OPTIMAL_BROWSERS: \[ 'chrome', 'chromium', 'electron' \],|" $INT_CONF_JS_HP
|
||||||
|
sed -i "s|UNSUPPORTED_BROWSERS: .*|UNSUPPORTED_BROWSERS: \[ 'nwjs', 'safari' \],|" $INT_CONF_JS_HP
|
||||||
|
|
||||||
|
##Toolbars
|
||||||
|
sed -i "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" $INT_CONF_JS_HP
|
||||||
|
|
||||||
|
sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ TOOLBAR_BUTTONS: \[" $INT_CONF_JS_HP
|
||||||
|
sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," $INT_CONF_JS_HP
|
||||||
|
sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," $INT_CONF_JS_HP
|
||||||
|
sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'etherpad', 'settings', 'raisehand'," $INT_CONF_JS_HP
|
||||||
|
sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," $INT_CONF_JS_HP
|
||||||
|
sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'security'" $INT_CONF_JS_HP
|
||||||
|
sed -i "/\/\/ TOOLBAR_BUTTONS/i \ \ \ \ \]," $INT_CONF_JS_HP
|
||||||
|
|
||||||
|
sed -i "s|$MEET_CONF|$MEET_CONF_HP|g" $WS_CONF
|
||||||
|
sed -i "s|$INT_CONF_JS|$INT_CONF_JS_HP|" $WS_CONF
|
||||||
|
nginx -t
|
||||||
|
#systemctl restart nginx
|
||||||
|
|
||||||
|
echo "Done!, yeah, that quick ;)"
|
||||||
|
|
||||||
|
echo "Rebooting in..."
|
||||||
|
wait_seconds 15
|
||||||
|
reboot
|
|
@ -0,0 +1,152 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Custom Selenium Grid-Node fro Jitsi Meet
|
||||||
|
# Pandian - https://community.jitsi.org/u/Pandian
|
||||||
|
# SwITNet Ltd © - 2020, https://switnet.net/
|
||||||
|
# GPLv3 or later.
|
||||||
|
|
||||||
|
#Check if user is root
|
||||||
|
if ! [ $(id -u) = 0 ]; then
|
||||||
|
echo "You need to be root or have sudo privileges!"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
WAN_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
|
||||||
|
AV_SPACE="$(df -h .|grep -v File|awk '{print$4}'|sed -e 's|G||')"
|
||||||
|
|
||||||
|
echo -e "\n-- Make sure you have at least 10GB of disk space available.\n"
|
||||||
|
if [ $(echo "$AV_SPACE > 9" | bc) -ne 0 ]; then
|
||||||
|
echo "> Seems we have enough disk space."
|
||||||
|
else
|
||||||
|
echo "> Please meet the minimum required disk space for this installer, exiting..."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
apt-get update
|
||||||
|
apt-get dist-upgrade -y
|
||||||
|
apt-get install -y \
|
||||||
|
gnupg \
|
||||||
|
bmon \
|
||||||
|
curl \
|
||||||
|
wget \
|
||||||
|
unzip \
|
||||||
|
maven \
|
||||||
|
openjdk-8-jdk
|
||||||
|
# Docker
|
||||||
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
||||||
|
sh get-docker.sh
|
||||||
|
## Docker Compose
|
||||||
|
curl -sL "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
||||||
|
chmod +x /usr/local/bin/docker-compose
|
||||||
|
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
|
||||||
|
|
||||||
|
# Jitsi Meet Torture
|
||||||
|
cd /opt
|
||||||
|
git clone https://github.com/jitsi/jitsi-meet-torture
|
||||||
|
cd jitsi-meet-torture/resources
|
||||||
|
wget -c https://media.xiph.org/video/derf/y4m/FourPeople_1280x720_60.y4m
|
||||||
|
cp FourPeople_1280x720_60.y4m FourPeople_1280x720_30.y4m
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
#150 "participants" available
|
||||||
|
## Tested up to 120 with AWS c5.24xlarge
|
||||||
|
cat << SELENIUM_GRID_DOCKER > selenium.yml
|
||||||
|
version: "3"
|
||||||
|
services:
|
||||||
|
selenium-hub:
|
||||||
|
image: selenium/hub:3.141.59-20200525
|
||||||
|
container_name: selenium-hub
|
||||||
|
ports:
|
||||||
|
- "4444:4444"
|
||||||
|
restart: always
|
||||||
|
chrome:
|
||||||
|
image: selenium/node-chrome:3.141.59-20200525
|
||||||
|
volumes:
|
||||||
|
- /dev/shm:/dev/shm
|
||||||
|
- ./resources:/usr/share/jitsi-meet-torture/resources
|
||||||
|
depends_on:
|
||||||
|
- selenium-hub
|
||||||
|
environment:
|
||||||
|
- HUB_HOST=selenium-hub
|
||||||
|
- HUB_PORT=4444
|
||||||
|
- NODE_MAX_INSTANCES=30
|
||||||
|
- NODE_MAX_SESSION=30
|
||||||
|
restart: always
|
||||||
|
chrome2:
|
||||||
|
image: selenium/node-chrome:3.141.59-20200525
|
||||||
|
volumes:
|
||||||
|
- /dev/shm:/dev/shm
|
||||||
|
- ./resources:/usr/share/jitsi-meet-torture/resources
|
||||||
|
depends_on:
|
||||||
|
- selenium-hub
|
||||||
|
environment:
|
||||||
|
- HUB_HOST=selenium-hub
|
||||||
|
- HUB_PORT=4444
|
||||||
|
- NODE_MAX_INSTANCES=30
|
||||||
|
- NODE_MAX_SESSION=30
|
||||||
|
restart: always
|
||||||
|
chrome3:
|
||||||
|
image: selenium/node-chrome:3.141.59-20200525
|
||||||
|
volumes:
|
||||||
|
- /dev/shm:/dev/shm
|
||||||
|
- ./resources:/usr/share/jitsi-meet-torture/resources
|
||||||
|
depends_on:
|
||||||
|
- selenium-hub
|
||||||
|
environment:
|
||||||
|
- HUB_HOST=selenium-hub
|
||||||
|
- HUB_PORT=4444
|
||||||
|
- NODE_MAX_INSTANCES=30
|
||||||
|
- NODE_MAX_SESSION=30
|
||||||
|
restart: always
|
||||||
|
chrome4:
|
||||||
|
image: selenium/node-chrome:3.141.59-20200525
|
||||||
|
volumes:
|
||||||
|
- /dev/shm:/dev/shm
|
||||||
|
- ./resources:/usr/share/jitsi-meet-torture/resources
|
||||||
|
depends_on:
|
||||||
|
- selenium-hub
|
||||||
|
environment:
|
||||||
|
- HUB_HOST=selenium-hub
|
||||||
|
- HUB_PORT=4444
|
||||||
|
- NODE_MAX_INSTANCES=30
|
||||||
|
- NODE_MAX_SESSION=30
|
||||||
|
restart: always
|
||||||
|
chrome5:
|
||||||
|
image: selenium/node-chrome:3.141.59-20200525
|
||||||
|
volumes:
|
||||||
|
- /dev/shm:/dev/shm
|
||||||
|
- ./resources:/usr/share/jitsi-meet-torture/resources
|
||||||
|
depends_on:
|
||||||
|
- selenium-hub
|
||||||
|
environment:
|
||||||
|
- HUB_HOST=selenium-hub
|
||||||
|
- HUB_PORT=4444
|
||||||
|
- NODE_MAX_INSTANCES=30
|
||||||
|
- NODE_MAX_SESSION=30
|
||||||
|
restart: always
|
||||||
|
SELENIUM_GRID_DOCKER
|
||||||
|
|
||||||
|
docker-compose -f selenium.yml up -d
|
||||||
|
|
||||||
|
echo -e "\n#=================== End of Seleniun Grid build ========================#\n"
|
||||||
|
echo -e "\nChange the values acording to you test requirements using something like;\n"
|
||||||
|
echo "cd /opt/jitsi-meet-torture
|
||||||
|
sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\
|
||||||
|
--conferences=1 \\
|
||||||
|
--participants=30 \\
|
||||||
|
--senders=2 \\
|
||||||
|
--audio-senders=1 \\
|
||||||
|
--duration=120 \\
|
||||||
|
--room-name-prefix=hamertesting \\
|
||||||
|
--hub-url=http://localhost:4444/wd/hub \\
|
||||||
|
--instance-url=https://YOUR.JITSI-MEET-INSTANCE.DOMAIN
|
||||||
|
"
|
||||||
|
echo -e "\n-- If using 'hamertesting' as prefix name you can join the room
|
||||||
|
hamertesting0, hamertesting1, hamertestingN
|
||||||
|
according to the 'N' number of conferences you have set to watch the test.
|
||||||
|
|
||||||
|
*Beware* for 120 \"participants\" to join video-muted it was necessary at least a c5.24xlarge AWS instance.
|
||||||
|
So start low, monitor your server resources and go from there."
|
||||||
|
|
||||||
|
echo -e "\n-- You can check the grid status at:
|
||||||
|
http://$WAN_IP:4444/grid/console
|
||||||
|
"
|
|
@ -0,0 +1,97 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# JWT Mode Setup
|
||||||
|
# SwITNet Ltd © - 2020, https://switnet.net/
|
||||||
|
# GPLv3 or later.
|
||||||
|
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
|
||||||
|
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
|
||||||
|
JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties"
|
||||||
|
PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua"
|
||||||
|
PROSODY_SYS="/etc/prosody/prosody.cfg.lua"
|
||||||
|
APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)"
|
||||||
|
SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)"
|
||||||
|
SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1)
|
||||||
|
SRP_END=$((SRP_STR + 10))
|
||||||
|
|
||||||
|
## Required openssl for Focal 20.04
|
||||||
|
if [ "$(lsb_release -sc)" = "focal" ]; then
|
||||||
|
echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \
|
||||||
|
sudo tee /etc/apt/sources.list.d/rvm.list
|
||||||
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F4E3FBBE
|
||||||
|
apt-get update
|
||||||
|
fi
|
||||||
|
|
||||||
|
apt-get -y install \
|
||||||
|
lua5.2 \
|
||||||
|
liblua5.2 \
|
||||||
|
luarocks \
|
||||||
|
libssl1.0-dev \
|
||||||
|
python3-jwt
|
||||||
|
|
||||||
|
luarocks install basexx
|
||||||
|
luarocks install luacrypto
|
||||||
|
luarocks install lua-cjson 2.1.0-1
|
||||||
|
|
||||||
|
echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections
|
||||||
|
echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections
|
||||||
|
|
||||||
|
apt-get install -y jitsi-meet-tokens
|
||||||
|
|
||||||
|
#Setting up
|
||||||
|
sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" $PROSODY_SYS
|
||||||
|
#-
|
||||||
|
sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"token\"|}" $PROSODY_FILE
|
||||||
|
sed -i "s|--app_id=\"example_app_id\"|app_id=\"$APP_ID\"|" $PROSODY_FILE
|
||||||
|
sed -i "s|--app_secret=\"example_app_secret\"|app_secret=\"$SECRET_APP\"|" $PROSODY_FILE
|
||||||
|
sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" $PROSODY_FILE
|
||||||
|
sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \"RocketChat\" }" $PROSODY_FILE
|
||||||
|
#allow_empty_token = false
|
||||||
|
|
||||||
|
#Request auth
|
||||||
|
sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" $JICOFO_SIP
|
||||||
|
sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF
|
||||||
|
|
||||||
|
#Enable jibri recording
|
||||||
|
cat << REC-JIBRI >> $PROSODY_FILE
|
||||||
|
|
||||||
|
VirtualHost "recorder.$DOMAIN"
|
||||||
|
modules_enabled = {
|
||||||
|
"ping";
|
||||||
|
}
|
||||||
|
authentication = "internal_plain"
|
||||||
|
|
||||||
|
REC-JIBRI
|
||||||
|
|
||||||
|
#Setup guests and lobby
|
||||||
|
cat << P_SR >> $PROSODY_FILE
|
||||||
|
|
||||||
|
VirtualHost "guest.$DOMAIN"
|
||||||
|
authentication = "token"
|
||||||
|
allow_empty_token = true
|
||||||
|
c2s_require_encryption = false
|
||||||
|
muc_lobby_whitelist = { "recorder.$DOMAIN", "auth.$DOMAIN" }
|
||||||
|
speakerstats_component = "speakerstats.$DOMAIN"
|
||||||
|
conference_duration_component = "conferenceduration.$DOMAIN"
|
||||||
|
app_id="$APP_ID";
|
||||||
|
app_secret="$SECRET_APP";
|
||||||
|
|
||||||
|
modules_enabled = {
|
||||||
|
"speakerstats";
|
||||||
|
"conference_duration";
|
||||||
|
}
|
||||||
|
P_SR
|
||||||
|
|
||||||
|
echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n"
|
||||||
|
echo -e "\n$APP_ID" && \
|
||||||
|
echo -e "$SECRET_APP\n"
|
||||||
|
|
||||||
|
echo -e "You can test JWT authentication with the following token:\n"
|
||||||
|
pyjwt3 --key="$SECRET_APP" \
|
||||||
|
encode \
|
||||||
|
group="Rocket.Chat" \
|
||||||
|
aud="$APP_ID" \
|
||||||
|
iss="$APP_ID" \
|
||||||
|
sub="$DOMAIN" \
|
||||||
|
room="*" \
|
||||||
|
algorithm="HS256"
|
||||||
|
|
||||||
|
read -n 1 -s -r -p $'\n'"Press any key to continue..."$'\n'
|
|
@ -25,6 +25,7 @@ APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok instal
|
||||||
NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")
|
NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")
|
||||||
DIST=$(lsb_release -sc)
|
DIST=$(lsb_release -sc)
|
||||||
GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
|
GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
|
||||||
|
GOOGLE_ACTIVE_REPO=$(apt-cache policy | grep http | grep chrome| awk '{print $3}' | head -n 1 | cut -d "/" -f2)
|
||||||
PROSODY_REPO=$(apt-cache policy | grep http | grep prosody| awk '{print $3}' | head -n 1 | cut -d "/" -f2)
|
PROSODY_REPO=$(apt-cache policy | grep http | grep prosody| awk '{print $3}' | head -n 1 | cut -d "/" -f2)
|
||||||
CR=`echo $'\n> '`
|
CR=`echo $'\n> '`
|
||||||
|
|
||||||
|
@ -274,6 +275,7 @@ if [ "$HWE_VIR_MOD" == "1" ]; then
|
||||||
linux-modules-extra-virtual-hwe-$(lsb_release -sr)
|
linux-modules-extra-virtual-hwe-$(lsb_release -sr)
|
||||||
else
|
else
|
||||||
apt-get -y install \
|
apt-get -y install \
|
||||||
|
linux-image-generic \
|
||||||
linux-modules-extra-$(uname -r)
|
linux-modules-extra-$(uname -r)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -304,7 +306,7 @@ echo "
|
||||||
if [ "$(dpkg-query -W -f='${Status}' nodejs 2>/dev/null | grep -c "ok")" == "1" ]; then
|
if [ "$(dpkg-query -W -f='${Status}' nodejs 2>/dev/null | grep -c "ok")" == "1" ]; then
|
||||||
echo "Nodejs is installed, skipping..."
|
echo "Nodejs is installed, skipping..."
|
||||||
else
|
else
|
||||||
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
|
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
|
||||||
apt-get install -yq2 nodejs
|
apt-get install -yq2 nodejs
|
||||||
echo "Installing nodejs esprima package..."
|
echo "Installing nodejs esprima package..."
|
||||||
npm install -g esprima
|
npm install -g esprima
|
||||||
|
@ -321,7 +323,7 @@ CHD_VER=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)
|
||||||
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
|
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
|
||||||
|
|
||||||
echo "# Installing Google Chrome / ChromeDriver"
|
echo "# Installing Google Chrome / ChromeDriver"
|
||||||
if [ -f $GOOGL_REPO ]; then
|
if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then
|
||||||
echo "Google repository already set."
|
echo "Google repository already set."
|
||||||
else
|
else
|
||||||
echo "Installing Google Chrome Stable"
|
echo "Installing Google Chrome Stable"
|
||||||
|
@ -362,16 +364,18 @@ echo '
|
||||||
'
|
'
|
||||||
# MEET / JIBRI SETUP
|
# MEET / JIBRI SETUP
|
||||||
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
|
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
|
||||||
WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf
|
WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf"
|
||||||
JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
|
JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
|
||||||
JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
|
JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
|
||||||
PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua
|
PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua"
|
||||||
PROSODY_SYS=/etc/prosody/prosody.cfg.lua
|
PROSODY_SYS="/etc/prosody/prosody.cfg.lua"
|
||||||
JICOFO_SIP=/etc/jitsi/jicofo/sip-communicator.properties
|
JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties"
|
||||||
MEET_CONF=/etc/jitsi/meet/$DOMAIN-config.js
|
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
|
||||||
JIBRI_CONF=/etc/jitsi/jibri/jibri.conf
|
JIBRI_CONF="/etc/jitsi/jibri/jibri.conf"
|
||||||
|
JVB2_CONF="/etc/jitsi/videobridge/config"
|
||||||
|
JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties"
|
||||||
DIR_RECORD=/var/jbrecord
|
DIR_RECORD=/var/jbrecord
|
||||||
REC_DIR=/home/jibri/finalize_recording.sh
|
REC_DIR="/home/jibri/finalize_recording.sh"
|
||||||
JB_NAME="Jibri Sessions"
|
JB_NAME="Jibri Sessions"
|
||||||
LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
|
LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
|
||||||
MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
|
MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
|
||||||
|
@ -385,8 +389,8 @@ MJS_USER="jbsync_$MJS_RAND_TAIL"
|
||||||
MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
|
MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
|
||||||
|
|
||||||
# Rename hostname for jitsi server
|
# Rename hostname for jitsi server
|
||||||
#hostnamectl set-hostname "jibri.${DOMAIN}"
|
#hostnamectl set-hostname "jitsi.${DOMAIN}"
|
||||||
#sed -i "1i ${PUBLIC_IP} jibri.${DOMAIN}" /etc/hosts
|
#sed -i "1i ${PUBLIC_IP} jitsi.${DOMAIN}" /etc/hosts
|
||||||
|
|
||||||
#Sysadmin email
|
#Sysadmin email
|
||||||
while [[ -z $SYSADMIN_EMAIL ]]
|
while [[ -z $SYSADMIN_EMAIL ]]
|
||||||
|
@ -403,6 +407,16 @@ https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json
|
||||||
Jitsi Meet web interface will be set to use such language.
|
Jitsi Meet web interface will be set to use such language.
|
||||||
"
|
"
|
||||||
read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r JB_LANG
|
read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r JB_LANG
|
||||||
|
echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n"
|
||||||
|
#Participant
|
||||||
|
echo -e "> Do you want to translate 'Participant' to your own language?" && \
|
||||||
|
read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT
|
||||||
|
#Me
|
||||||
|
echo -e "\n> Do you want to translate 'me' to your own language?
|
||||||
|
This must be a really small word to present one self.
|
||||||
|
Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \
|
||||||
|
read -p "Leave empty to use the default one (English): "$'\n' L10N_ME
|
||||||
|
|
||||||
#Drop unsecure TLS
|
#Drop unsecure TLS
|
||||||
while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]]
|
while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]]
|
||||||
do
|
do
|
||||||
|
@ -447,15 +461,6 @@ elif [ "$ENABLE_BLESSM" = "yes" ]; then
|
||||||
echo "Brandless mode will be set."
|
echo "Brandless mode will be set."
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
echo -e "\nWe'll take a minute to localize some UI excerpts if you need.\n"
|
|
||||||
#Participant
|
|
||||||
echo -e "> Do you want to translate 'Participant' to your own language?" && \
|
|
||||||
read -p "Leave empty to use the default one (English): "$'\n' L10N_PARTICIPANT
|
|
||||||
#Me
|
|
||||||
echo -e "\n> Do you want to translate 'me' to your own language?
|
|
||||||
This must be a really small word to present one self.
|
|
||||||
Some suggestions might be: yo (Spanish) | je (French) | ich (German)\n" && \
|
|
||||||
read -p "Leave empty to use the default one (English): "$'\n' L10N_ME
|
|
||||||
#Welcome Page
|
#Welcome Page
|
||||||
while [[ "$ENABLE_WELCP" != "yes" && "$ENABLE_WELCP" != "no" ]]
|
while [[ "$ENABLE_WELCP" != "yes" && "$ENABLE_WELCP" != "no" ]]
|
||||||
do
|
do
|
||||||
|
@ -486,18 +491,45 @@ done
|
||||||
# echo "Local audio recording option will be enabled"
|
# echo "Local audio recording option will be enabled"
|
||||||
#fi
|
#fi
|
||||||
#done
|
#done
|
||||||
|
|
||||||
#Secure room initial user
|
#Secure room initial user
|
||||||
while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]]
|
#while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]]
|
||||||
|
#do
|
||||||
|
#read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC
|
||||||
|
#if [ "$ENABLE_SC" = "no" ]; then
|
||||||
|
# echo "-- Secure rooms won't be enabled."
|
||||||
|
#elif [ "$ENABLE_SC" = "yes" ]; then
|
||||||
|
# echo "-- Secure rooms will be enabled."
|
||||||
|
# read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER
|
||||||
|
# read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS
|
||||||
|
#fi
|
||||||
|
#done
|
||||||
|
echo "
|
||||||
|
> Jitsi Meet Auth Method selection.
|
||||||
|
"
|
||||||
|
PS3='Select the authentication method for your Jitsi Meet instance: '
|
||||||
|
options=("Local" "JWT" "None")
|
||||||
|
select opt in "${options[@]}"
|
||||||
do
|
do
|
||||||
read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC
|
case $opt in
|
||||||
if [ "$ENABLE_SC" = "no" ]; then
|
"Local")
|
||||||
echo "-- Secure rooms won't be enabled."
|
echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n"
|
||||||
elif [ "$ENABLE_SC" = "yes" ]; then
|
ENABLE_SC="yes"
|
||||||
echo "-- Secure rooms will be enabled."
|
break
|
||||||
read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER
|
;;
|
||||||
read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS
|
"JWT")
|
||||||
fi
|
echo -e "\n > A external app manage the token usage/creation, like RocketChat does.\n"
|
||||||
|
ENABLE_JWT="yes"
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
"None")
|
||||||
|
echo -e "\n > Everyone can access the room as moderators as there is no auth mechanism.\n"
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
*) echo "Invalid option $REPLY, choose 1, 2 or 3";;
|
||||||
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
#Jibri Records Access (JRA) via Nextcloud
|
#Jibri Records Access (JRA) via Nextcloud
|
||||||
while [[ "$ENABLE_NC_ACCESS" != "yes" && "$ENABLE_NC_ACCESS" != "no" ]]
|
while [[ "$ENABLE_NC_ACCESS" != "yes" && "$ENABLE_NC_ACCESS" != "no" ]]
|
||||||
do
|
do
|
||||||
|
@ -512,7 +544,8 @@ done
|
||||||
#Jigasi
|
#Jigasi
|
||||||
if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then
|
if [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "404" ]; then
|
||||||
echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd),
|
echo "> Sorry Google SDK doesn't have support yet for $(lsb_release -sd),
|
||||||
thus, Jigasi Transcript can't be enable."
|
thus, Jigasi Transcript can't be enable.
|
||||||
|
"
|
||||||
elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then
|
elif [ "$(curl -s -o /dev/null -w "%{http_code}" $GC_SDK_REL_FILE )" == "200" ]; then
|
||||||
while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]]
|
while [[ "$ENABLE_TRANSCRIPT" != "yes" && "$ENABLE_TRANSCRIPT" != "no" ]]
|
||||||
do
|
do
|
||||||
|
@ -621,21 +654,22 @@ restart_services() {
|
||||||
check_jibri
|
check_jibri
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Configure Jvb2
|
||||||
|
sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communicator.properties
|
||||||
|
|
||||||
# Configure Jibri
|
# Configure Jibri
|
||||||
## PROSODY
|
if [ "$ENABLE_SC" = "yes" ]; then
|
||||||
if dpkg-compare prosody lt 0.11.0 ; then
|
if [ ! -f $MOD_LIST_FILE ]; then
|
||||||
cat << MUC-JIBRI >> $PROSODY_FILE
|
echo -e "\n-> Adding external module to list prosody users...\n"
|
||||||
|
curl -s $MOD_LISTU > $MOD_LIST_FILE
|
||||||
|
|
||||||
-- internal muc component, meant to enable pools of jibri and jigasi clients
|
echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n"
|
||||||
Component "internal.auth.$DOMAIN" "muc"
|
else
|
||||||
modules_enabled = {
|
echo -e "Prosody support for listing users seems to be enabled. \ncheck with: prosodyctl mod_listusers\n"
|
||||||
"ping";
|
|
||||||
}
|
|
||||||
storage = "null"
|
|
||||||
muc_room_cache_size = 1000
|
|
||||||
|
|
||||||
MUC-JIBRI
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
fi
|
||||||
|
#Enable jibri recording
|
||||||
cat << REC-JIBRI >> $PROSODY_FILE
|
cat << REC-JIBRI >> $PROSODY_FILE
|
||||||
|
|
||||||
VirtualHost "recorder.$DOMAIN"
|
VirtualHost "recorder.$DOMAIN"
|
||||||
|
@ -645,16 +679,15 @@ VirtualHost "recorder.$DOMAIN"
|
||||||
authentication = "internal_plain"
|
authentication = "internal_plain"
|
||||||
|
|
||||||
REC-JIBRI
|
REC-JIBRI
|
||||||
|
|
||||||
#Enable Jibri withelist
|
#Enable Jibri withelist
|
||||||
sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE
|
sed -i "s| -- muc_lobby_whitelist| muc_lobby_whitelist|" $PROSODY_FILE
|
||||||
|
|
||||||
#Fix Jibri conectivity issues
|
#Fix Jibri conectivity issues
|
||||||
#if dpkg-compare prosody lt 0.11.0 ; then
|
|
||||||
sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS
|
sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS
|
||||||
sed -i "/c2s_require_encryption = false/a \\
|
sed -i "/c2s_require_encryption = false/a \\
|
||||||
\\
|
\\
|
||||||
consider_bosh_secure = true" $PROSODY_SYS
|
consider_bosh_secure = true" $PROSODY_SYS
|
||||||
#fi
|
|
||||||
|
|
||||||
if [ ! -z $L10N_PARTICIPANT ]; then
|
if [ ! -z $L10N_PARTICIPANT ]; then
|
||||||
sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh
|
sed -i "s|PART_USER=.*|PART_USER=\"$L10N_PARTICIPANT\"|" jm-bm.sh
|
||||||
|
@ -662,15 +695,7 @@ fi
|
||||||
if [ ! -z $L10N_ME ]; then
|
if [ ! -z $L10N_ME ]; then
|
||||||
sed -i "s|LOCAL_USER=.*|LOCAL_USER=\"$L10N_ME\"|" jm-bm.sh
|
sed -i "s|LOCAL_USER=.*|LOCAL_USER=\"$L10N_ME\"|" jm-bm.sh
|
||||||
fi
|
fi
|
||||||
if [ ! -f $MOD_LIST_FILE ]; then
|
|
||||||
echo -e "\n-> Adding external module to list prosody users...\n"
|
|
||||||
curl -s $MOD_LISTU > $MOD_LIST_FILE
|
|
||||||
|
|
||||||
echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n"
|
|
||||||
else
|
|
||||||
echo -e "Prosody support for listing users seems to be enabled.
|
|
||||||
check with: prosodyctl mod_listusers\n"
|
|
||||||
fi
|
|
||||||
|
|
||||||
### Prosody users
|
### Prosody users
|
||||||
prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS
|
prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS
|
||||||
|
@ -680,13 +705,13 @@ prosodyctl register recorder recorder.$DOMAIN $JB_REC_PASS
|
||||||
# /etc/jitsi/jicofo/sip-communicator.properties
|
# /etc/jitsi/jicofo/sip-communicator.properties
|
||||||
cat << BREWERY >> $JICOFO_SIP
|
cat << BREWERY >> $JICOFO_SIP
|
||||||
#org.jitsi.jicofo.auth.URL=XMPP:$DOMAIN
|
#org.jitsi.jicofo.auth.URL=XMPP:$DOMAIN
|
||||||
|
#org.jitsi.jicofo.auth.URL=EXT_JWT:$DOMAIN
|
||||||
org.jitsi.jicofo.jibri.BREWERY=$JibriBrewery@internal.auth.$DOMAIN
|
org.jitsi.jicofo.jibri.BREWERY=$JibriBrewery@internal.auth.$DOMAIN
|
||||||
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
|
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
|
||||||
#org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true
|
#org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true
|
||||||
BREWERY
|
BREWERY
|
||||||
|
|
||||||
# Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js
|
# Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js
|
||||||
sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF
|
|
||||||
sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" $MEET_CONF
|
sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" $MEET_CONF
|
||||||
sed -i "s|// fileRecordingsEnabled: false,|fileRecordingsEnabled: true,| " $MEET_CONF
|
sed -i "s|// fileRecordingsEnabled: false,|fileRecordingsEnabled: true,| " $MEET_CONF
|
||||||
sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\
|
sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\
|
||||||
|
@ -694,13 +719,13 @@ sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\
|
||||||
hiddenDomain: \'recorder.$DOMAIN\',|" $MEET_CONF
|
hiddenDomain: \'recorder.$DOMAIN\',|" $MEET_CONF
|
||||||
|
|
||||||
#Dropbox feature
|
#Dropbox feature
|
||||||
if [ "$ENABLE_DB" = "yes" ]; then
|
#if [ "$ENABLE_DB" = "yes" ]; then
|
||||||
DB_STR=$(grep -n "dropbox:" $MEET_CONF | cut -d ":" -f1)
|
#DB_STR=$(grep -n "dropbox:" $MEET_CONF | cut -d ":" -f1)
|
||||||
DB_END=$((DB_STR + 10))
|
#DB_END=$((DB_STR + 10))
|
||||||
sed -i "$DB_STR,$DB_END{s|// dropbox: {|dropbox: {|}" $MEET_CONF
|
#sed -i "$DB_STR,$DB_END{s|// dropbox: {|dropbox: {|}" $MEET_CONF
|
||||||
sed -i "$DB_STR,$DB_END{s|// appKey: '<APP_KEY>'|appKey: \'$DB_CID\'|}" $MEET_CONF
|
#sed -i "$DB_STR,$DB_END{s|// appKey: '<APP_KEY>'|appKey: \'$DB_CID\'|}" $MEET_CONF
|
||||||
sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF
|
#sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF
|
||||||
fi
|
#fi
|
||||||
|
|
||||||
#LocalRecording
|
#LocalRecording
|
||||||
if [ "$ENABLE_LAR" = "yes" ]; then
|
if [ "$ENABLE_LAR" = "yes" ]; then
|
||||||
|
@ -842,7 +867,6 @@ sudo su $MJS_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N
|
||||||
sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config
|
sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config
|
||||||
systemctl restart sshd
|
systemctl restart sshd
|
||||||
|
|
||||||
|
|
||||||
#Setting varibales for add-jibri-node.sh
|
#Setting varibales for add-jibri-node.sh
|
||||||
sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jibri-node.sh
|
sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jibri-node.sh
|
||||||
sed -i "s|MAIN_SRV_REPO=.*|MAIN_SRV_REPO=\"$JITSI_REPO\"|" add-jibri-node.sh
|
sed -i "s|MAIN_SRV_REPO=.*|MAIN_SRV_REPO=\"$JITSI_REPO\"|" add-jibri-node.sh
|
||||||
|
@ -856,6 +880,51 @@ sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jibri-node.sh
|
||||||
sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh
|
sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh
|
||||||
echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')"
|
echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')"
|
||||||
|
|
||||||
|
#-- Setting variables for add-jvb2-node.sh
|
||||||
|
g_conf_value() {
|
||||||
|
grep "$1" $JVB2_CONF|sed "s|$1||"
|
||||||
|
}
|
||||||
|
JVB_HOSTNAME=$(g_conf_value JVB_HOSTNAME=)
|
||||||
|
JVB_HOST=$(g_conf_value JVB_HOST=)
|
||||||
|
JVB_PORT=$(g_conf_value JVB_PORT=)
|
||||||
|
JVB_SECRET=$(g_conf_value JVB_SECRET=)
|
||||||
|
JVB_OPTS=$(g_conf_value JVB_OPTS=)
|
||||||
|
JAVA_SYS_PROPS=$(g_conf_value JAVA_SYS_PROPS=)
|
||||||
|
|
||||||
|
g_sip_value() {
|
||||||
|
grep "$1" $JVB2_SIP |cut -d "=" -f2
|
||||||
|
}
|
||||||
|
DISABLE_AWS_HARVESTER=$(g_sip_value DISABLE_AWS_HARVESTER=)
|
||||||
|
STUN_MAPPING_HARVESTER_ADDRESSES=$(g_sip_value STUN_MAPPING_HARVESTER_ADDRESSES=)
|
||||||
|
ENABLE_STATISTICS=$(g_sip_value ENABLE_STATISTICS=)
|
||||||
|
SHARD_HOSTNAME=$(g_sip_value shard.HOSTNAME=)
|
||||||
|
SHARD_DOMAIN=$(g_sip_value shard.DOMAIN=)
|
||||||
|
SHARD_PASSWORD=$(g_sip_value shard.PASSWORD=)
|
||||||
|
MUC_JID=$(g_sip_value MUC_JIDS=)
|
||||||
|
|
||||||
|
##-- Replacing on add-jvb2-node.sh
|
||||||
|
sed -i "s|JVB_HOSTNAME=.*|JVB_HOSTNAME=$JVB_HOSTNAME|" add-jvb2-node.sh
|
||||||
|
sed -i "s|JVB_HOST=.*|JVB_HOST=$JVB_HOST|" add-jvb2-node.sh
|
||||||
|
sed -i "s|JVB_PORT=.*|JVB_PORT=$JVB_PORT|" add-jvb2-node.sh
|
||||||
|
sed -i "s|JVB_SECRET=.*|JVB_SECRET=$JVB_SECRET|" add-jvb2-node.sh
|
||||||
|
sed -i "s|JVB_OPTS=.*|JVB_OPTS=$JVB_OPTS|" add-jvb2-node.sh
|
||||||
|
sed -i "s|SYS_PROPS=.*|SYS_PROPS=$JAVA_SYS_PROPS|" add-jvb2-node.sh
|
||||||
|
#-
|
||||||
|
sed -i "s|AWS_HARVEST=.*|AWS_HARVEST=$DISABLE_AWS_HARVESTER|" add-jvb2-node.sh
|
||||||
|
sed -i "s|STUN_MAPPING=.*|STUN_MAPPING=$STUN_MAPPING_HARVESTER_ADDRESSES|" add-jvb2-node.sh
|
||||||
|
sed -i "s|ENABLE_STATISTICS=.*|ENABLE_STATISTICS=$ENABLE_STATISTICS|" add-jvb2-node.sh
|
||||||
|
sed -i "s|SHARD_HOSTNAME=.*|SHARD_HOSTNAME=$SHARD_HOSTNAME|" add-jvb2-node.sh
|
||||||
|
sed -i "s|SHARD_DOMAIN=.*|SHARD_DOMAIN=$SHARD_DOMAIN|" add-jvb2-node.sh
|
||||||
|
sed -i "s|SHARD_PASS=.*|SHARD_PASS=$SHARD_PASSWORD|" add-jvb2-node.sh
|
||||||
|
sed -i "s|MUC_JID=.*|MUC_JID=$MUC_JID|" add-jvb2-node.sh
|
||||||
|
|
||||||
|
sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jvb2-node.sh
|
||||||
|
sed -i "s|MAIN_SRV_REPO=.*|MAIN_SRV_REPO=\"$JITSI_REPO\"|" add-jvb2-node.sh
|
||||||
|
sed -i "s|MAIN_SRV_DOMAIN=.*|MAIN_SRV_DOMAIN=\"$DOMAIN\"|" add-jvb2-node.sh
|
||||||
|
sed -i "s|MJS_USER=.*|MJS_USER=\"$MJS_USER\"|" add-jvb2-node.sh
|
||||||
|
sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh
|
||||||
|
##--
|
||||||
|
|
||||||
#Tune webserver for Jitsi App control
|
#Tune webserver for Jitsi App control
|
||||||
if [ -f $WS_CONF ]; then
|
if [ -f $WS_CONF ]; then
|
||||||
sed -i "/Anything that didn't match above/i \\\n" $WS_CONF
|
sed -i "/Anything that didn't match above/i \\\n" $WS_CONF
|
||||||
|
@ -900,12 +969,34 @@ sed -i "s|'videobackgroundblur', ||" $INT_CONF
|
||||||
|
|
||||||
#================== Setup prosody conf file =================
|
#================== Setup prosody conf file =================
|
||||||
|
|
||||||
#Setup secure rooms
|
###Setup secure rooms
|
||||||
|
if [ "$ENABLE_SC" = "yes" ]; then
|
||||||
SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1)
|
SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1)
|
||||||
SRP_END=$((SRP_STR + 10))
|
SRP_END=$((SRP_STR + 10))
|
||||||
sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE
|
sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"internal_plain\"|}" $PROSODY_FILE
|
||||||
|
sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF
|
||||||
|
|
||||||
if dpkg-compare prosody gt 0.11.0 ; then
|
#Secure room initial user
|
||||||
|
read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER
|
||||||
|
read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS
|
||||||
|
prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS
|
||||||
|
|
||||||
|
echo -e "\nSecure rooms are being enabled..."
|
||||||
|
echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \
|
||||||
|
or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered.
|
||||||
|
If you have issues with the password refer to your sysadmin."
|
||||||
|
sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP
|
||||||
|
sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
###JWT
|
||||||
|
if [ "$ENABLE_JWT" = "yes" ]; then
|
||||||
|
echo -e "\nJWT auth is being setup..."
|
||||||
|
bash $PWD/mode/jwt.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Guest allow
|
||||||
|
if [ "$ENABLE_SC" = "yes" ];then
|
||||||
cat << P_SR >> $PROSODY_FILE
|
cat << P_SR >> $PROSODY_FILE
|
||||||
|
|
||||||
VirtualHost "guest.$DOMAIN"
|
VirtualHost "guest.$DOMAIN"
|
||||||
|
@ -924,26 +1015,9 @@ VirtualHost "guest.$DOMAIN"
|
||||||
}
|
}
|
||||||
|
|
||||||
P_SR
|
P_SR
|
||||||
else
|
|
||||||
cat << P_SR >> $PROSODY_FILE
|
|
||||||
|
|
||||||
VirtualHost "guest.$DOMAIN"
|
|
||||||
authentication = "anonymous"
|
|
||||||
c2s_require_encryption = false
|
|
||||||
P_SR
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#======================
|
#======================
|
||||||
#Secure room initial user
|
|
||||||
if [ "$ENABLE_SC" = "yes" ]; then
|
|
||||||
echo -e "\nSecure rooms are being enabled..."
|
|
||||||
echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \
|
|
||||||
or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered.
|
|
||||||
If you have issues with the password refer to your sysadmin."
|
|
||||||
sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP
|
|
||||||
prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS
|
|
||||||
sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh
|
|
||||||
fi
|
|
||||||
#Start with video muted by default
|
#Start with video muted by default
|
||||||
sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF
|
sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF
|
||||||
|
|
||||||
|
@ -969,11 +1043,13 @@ if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then
|
||||||
systemctl disable jibri
|
systemctl disable jibri
|
||||||
systemctl disable jibri-xorg
|
systemctl disable jibri-xorg
|
||||||
systemctl disable jibri-icewm
|
systemctl disable jibri-icewm
|
||||||
|
#Manually apply permissions since finalize_recording.sh won't be triggered on this server.
|
||||||
|
sudo -u jibri bash /home/jibri/finalize_recording.sh
|
||||||
fi
|
fi
|
||||||
|
|
||||||
enable_letsencrypt
|
enable_letsencrypt
|
||||||
|
|
||||||
if dpkg-compare prosody gt 0.11.0 && [ "$ENABLE_SC" = "yes" ]; then
|
if [ "$ENABLE_SC" = "yes" ];then
|
||||||
echo "Waiting prosody restart to continue configuration, 15s..."
|
echo "Waiting prosody restart to continue configuration, 15s..."
|
||||||
wait_seconds 15
|
wait_seconds 15
|
||||||
#Move mucs when using secure rooms - https://community.jitsi.org/t/27752/112
|
#Move mucs when using secure rooms - https://community.jitsi.org/t/27752/112
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Simple Fail2ban configuration
|
||||||
|
# 2020 - SwITNet Ltd
|
||||||
|
# GNU GPLv3 or later.
|
||||||
|
|
||||||
|
while getopts m: option
|
||||||
|
do
|
||||||
|
case "${option}"
|
||||||
|
in
|
||||||
|
m) MODE=${OPTARG};;
|
||||||
|
\?) echo "Usage: sudo ./fail2ban_ssh.sh [-m debug]" && exit;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
#DEBUG
|
||||||
|
if [ "$MODE" = "debug" ]; then
|
||||||
|
set -x
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Check if user is root
|
||||||
|
if ! [ $(id -u) = 0 ]; then
|
||||||
|
echo "You need to be root or have sudo privileges!"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
apt-get -y install fail2ban
|
||||||
|
|
||||||
|
if \
|
||||||
|
[ -f /var/log/ssh_f2b.log ] && \
|
||||||
|
[ $(grep -c 604800 /etc/fail2ban/jail.local) = "1" ] && \
|
||||||
|
[ $(grep -c ssh_f2b.log /etc/fail2ban/jail.local) = "1"]; then
|
||||||
|
echo -e "\nFail2ban seems to be already configured.\n"
|
||||||
|
else
|
||||||
|
echo -e "\nConfiguring Fail2ban...\n"
|
||||||
|
cat << F2BAN >> /etc/fail2ban/jail.local
|
||||||
|
[sshd]
|
||||||
|
enabled = true
|
||||||
|
port = 22
|
||||||
|
filter = sshd
|
||||||
|
logpath = /var/log/ssh_f2b.log
|
||||||
|
maxretry = 3
|
||||||
|
bantime = 604800
|
||||||
|
F2BAN
|
||||||
|
fi
|
||||||
|
systemctl restart fail2ban
|
|
@ -200,3 +200,8 @@ read -n 1 -s -r -p "Press any key to continue..."$'\n'
|
||||||
|
|
||||||
restart_services_jibri
|
restart_services_jibri
|
||||||
systemctl status jibri
|
systemctl status jibri
|
||||||
|
|
||||||
|
if [ -f /var/log/jitsi/jicofo.log ]; then
|
||||||
|
echo -e "Checking for jicofo recognizing \"Live\" jibri node..."
|
||||||
|
tail -n 10 | grep Live
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in New Issue