switnet
/
quick-jibri-installer
2
1
Fork 1
Code Issues 2 Pull Requests Packages Projects Releases 14 Wiki Activity

Compare commits

base: switnet:master
Branches Tags
switnet:master
Ark74:v7.4.1
Ark74:wip_qji_7.4
Ark74:qji_7.4
Ark74:upd_2024_year
Ark74:add_final_check_lst
Ark74:master
switnet:v8.0
switnet:v7.3.0
switnet:v7.1.0
switnet:v7.0.0
switnet:6.0.1.1
switnet:v5.0.0
switnet:v4.0.0
switnet:v3.0.1
switnet:v2.1.0
switnet:v2.0.2
switnet:v2.0.1
switnet:v2.0
switnet:v1.0.1
switnet:v1.0
Ark74:v7.3.0
Ark74:v7.1.0
Ark74:v7.0.0
Ark74:6.0.1.1
Ark74:v5.0.0
Ark74:v4.0.0
Ark74:v3.0.1
Ark74:v2.1.0
Ark74:v2.0.2
Ark74:v2.0.1
Ark74:v2.0
Ark74:v1.0.1
Ark74:v1.0
..
compare: Ark74:master
Branches Tags
Ark74:v7.4.1
Ark74:wip_qji_7.4
Ark74:qji_7.4
Ark74:upd_2024_year
Ark74:add_final_check_lst
Ark74:master
switnet:master
Ark74:v7.3.0
Ark74:v7.1.0
Ark74:v7.0.0
Ark74:6.0.1.1
Ark74:v5.0.0
Ark74:v4.0.0
Ark74:v3.0.1
Ark74:v2.1.0
Ark74:v2.0.2
Ark74:v2.0.1
Ark74:v2.0
Ark74:v1.0.1
Ark74:v1.0
switnet:v8.0
switnet:v7.3.0
switnet:v7.1.0
switnet:v7.0.0
switnet:6.0.1.1
switnet:v5.0.0
switnet:v4.0.0
switnet:v3.0.1
switnet:v2.1.0
switnet:v2.0.2
switnet:v2.0.1
switnet:v2.0
switnet:v1.0.1
switnet:v1.0

No commits in common. "master" and "master" have entirely different histories.
master ... master

29 changed files with 824 additions and 1239 deletions
Show Stats Expand all files Collapse all files

11
README.md
View File

@ -56,8 +56,9 @@ Check more details on our wiki.
### Jibri Recodings Access via Nextcloud ### Jibri Recodings Access via Nextcloud
* Valid domain with DNS record for Nextcloud SSL. * Valid domain with DNS record for Nextcloud SSL.
### Jigasi Transcript ### Jigasi Transcript (stalled)
* Enough disk space to run Vosk backend via docker container. * SIP account
* Google Cloud Account with Billing setup.
@ -78,7 +79,7 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
* Etherpad via docker install * Etherpad via docker install
* Authentication * Authentication
1. Local 1. Local
2. JWT ([#87](https://forge.switnet.net/switnet/quick-jibri-installer/issues/87)) 2. JWT
3. None 3. None
* Lobby Rooms * Lobby Rooms
* Conference Duration * Conference Duration
@ -89,7 +90,7 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
* Enabled Jitsi Electron app detection server side. * Enabled Jitsi Electron app detection server side.
* Standalone SSL Certbot/LE implementation * Standalone SSL Certbot/LE implementation
* Improved recurring updater * Improved recurring updater
* Jigasi Transcript - vía Vosk speech recognition toolkit. * Jigasi Transcript - Speech to Text powered by Google API (stalled)
## Tools ## Tools
* Jibri Environment Tester * Jibri Environment Tester
@ -118,4 +119,4 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
SwITNet Ltd © - 2025, https://switnet.net/ SwITNet Ltd © - 2023, https://switnet.net/

279
add-jibri-node.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Jibri Node Aggregator # Jibri Node Aggregator
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
### 0_LAST EDITION TIME STAMP ### ### 0_LAST EDITION TIME STAMP ###
@ -16,13 +16,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi fi
#Make sure the file name is the required one #Make sure the file name is the required one
@ -32,6 +28,12 @@ if [ ! "$(basename "$0")" = "add-jibri-node.sh" ]; then
exit exit
fi fi
#Check admin rights
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
### 0_VAR_DEF ### 0_VAR_DEF
MAIN_SRV_DIST=TBD MAIN_SRV_DIST=TBD
MAIN_SRV_REPO=TBD MAIN_SRV_REPO=TBD
@ -49,18 +51,17 @@ JITSI_REPO=$(apt-cache policy | awk '/jitsi/&&/stable/{print$3}' | awk -F / 'NR=
JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" JIBRI_CONF="/etc/jitsi/jibri/jibri.conf"
DIR_RECORD="/var/jbrecord" DIR_RECORD="/var/jbrecord"
REC_DIR="/home/jibri/finalize_recording.sh" REC_DIR="/home/jibri/finalize_recording.sh"
CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)"
GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}')
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
#PUBLIC_IP="$(wget -qO- https://api.ipify.org)" #PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key"
NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}" NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}"
NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
GIT_FORGE="https://forge.switnet.net" GITHUB_RAW="https://raw.githubusercontent.com"
GIT_REPO="switnet/quick-jibri-installer" GIT_REPO="switnet-ltd/quick-jibri-installer"
JIBRI_CONF_ONLINE="$GIT_FORGE/$GIT_REPO/raw/branch/master/files/jibri.conf" TEST_JIBRI_ENV="$GITHUB_RAW/$GIT_REPO/unstable/tools/test-jibri-env.sh"
TEST_JIBRI_ENV="$GIT_FORGE/$GIT_REPO/raw/branch/master/tools/test-jibri-env.sh"
SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)" SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)"
JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf"
### 1_VAR_DEF ### 1_VAR_DEF
@ -187,19 +188,18 @@ hostnamectl set-hostname "jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}"
sed -i "1i 127.0.0.1 jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts sed -i "1i 127.0.0.1 jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts
# Jitsi-Meet Repo # Jitsi-Meet Repo
printf "\nAdd Jitsi repo\n" echo "Add Jitsi repo"
if [ "$JITSI_REPO" = "stable" ]; then if [ -z "$JITSI_REPO" ]; then
printf " - Jitsi stable repository already installed\n\n" echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
echo "Main and node servers repository don't match, extiting.."
exit
elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
echo "Main and node servers repository match, continuing..."
else else
echo "deb [signed-by=$JITSI_GPG_KEY] http://download.jitsi.org stable/" \ echo "Jitsi $JITSI_REPO repository already installed"
> /etc/apt/sources.list.d/jitsi-stable.list
curl -s https://download.jitsi.org/jitsi-key.gpg.key \
> "$JITSI_GPG_KEY"
apt-get update -q2
JITSI_REPO="stable"
fi fi
sleep .1
# Requirements # Requirements
echo "We'll start by installing system requirements this may take a while please be patient..." echo "We'll start by installing system requirements this may take a while please be patient..."
@ -212,7 +212,7 @@ apt-get -y install \
curl \ curl \
ffmpeg \ ffmpeg \
git \ git \
btop \ htop \
inotify-tools \ inotify-tools \
jq \ jq \
rsync \ rsync \
@ -221,30 +221,32 @@ apt-get -y install \
wget wget
check_snd_driver() { check_snd_driver() {
printf "\n# Checking ALSA - Loopback module..." echo -e "\n# Checking ALSA - Loopback module..."
echo "snd-aloop" | tee -a /etc/modules echo "snd-aloop" | tee -a /etc/modules
modprobe snd-aloop modprobe snd-aloop
if [ "$(lsmod|awk '/snd_aloop/{print$1}'|awk 'NR==1')" = "snd_aloop" ]; then if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then
echo -e "\n#-----------------------------------------------------------------------" echo "
echo "# Audio driver seems - OK." #-----------------------------------------------------------------------
echo -e "#-----------------------------------------------------------------------\n" # Audio driver seems - OK.
else #-----------------------------------------------------------------------"
echo -e "\n#-----------------------------------------------------------------------" else
echo "# Your audio driver might not be able to load." echo "
echo "# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool." #-----------------------------------------------------------------------
echo -e "#-----------------------------------------------------------------------\n" # Your audio driver might not be able to load.
curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh # We'll check the state of this Jibri with our 'test-jibri-env.sh' tool.
#Test tool #-----------------------------------------------------------------------"
if [ "$MODE" = "debug" ]; then curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh
bash /tmp/test-jibri-env.sh -m debug #Test tool
else if [ "$MODE" = "debug" ]; then
bash /tmp/test-jibri-env.sh bash /tmp/test-jibri-env.sh -m debug
fi else
read -n 1 -s -r -p "Press any key to continue..."$'\n' bash /tmp/test-jibri-env.sh
fi fi
rm /tmp/test-jibri-env.sh
read -n 1 -s -r -p "Press any key to continue..."$'\n'
fi
} }
###FIXME: Trisquel support broken by lsb_release usage###
echo "# Check and Install HWE kernel if possible..." echo "# Check and Install HWE kernel if possible..."
HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")" HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")"
if [ "$HWE_VIR_MOD" = "1" ]; then if [ "$HWE_VIR_MOD" = "1" ]; then
@ -270,37 +272,27 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then
echo "Google repository already set." echo "Google repository already set."
else else
echo "Installing Google Chrome Stable" echo "Installing Google Chrome Stable"
curl -s https://dl.google.com/linux/linux_signing_key.pub | \ wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add -
gpg --dearmor | tee /etc/apt/trusted.gpg.d/google-chrome-key.gpg >/dev/null
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO"
fi fi
apt-get -q2 update apt-get -q2 update
apt-get install -yq2 google-chrome-stable apt-get install -y google-chrome-stable
rm -rf "$GOOGL_REPO" rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list
G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \
jq -r ".versions[].downloads.chromedriver | \
select(. != null) | .[].url" | grep linux64 | \
grep "$G_CHROME" | tail -1)
CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL")
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
if [ -f /usr/local/bin/chromedriver ]; then if [ -f /usr/local/bin/chromedriver ]; then
echo "Chromedriver already installed." echo "Chromedriver already installed."
else else
echo "Installing Chromedriver" echo "Installing Chromedriver"
wget -q "$CHD_LTST_DWNL" \ wget -q https://chromedriver.storage.googleapis.com/"$CHD_VER"/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip
-O /tmp/chromedriver_linux64.zip unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/
unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/
mv /usr/local/bin/chromedriver-linux64/chromedriver /usr/local/bin/chromedriver
chown root:root /usr/local/bin/chromedriver chown root:root /usr/local/bin/chromedriver
chmod 0755 /usr/local/bin/chromedriver chmod 0755 /usr/local/bin/chromedriver
rm -rf /tmp/chromedriver_linux64.zip rm -rf /tpm/chromedriver_linux64.zip
fi fi
printf "\nCheck Google Software Working...\n" echo "
Check Google Software Working...
"
/usr/bin/google-chrome --version /usr/bin/google-chrome --version
/usr/local/bin/chromedriver --version | awk '{print$1,$2}' /usr/local/bin/chromedriver --version | awk '{print$1,$2}'
@ -309,13 +301,15 @@ echo '
Start Jibri configuration Start Jibri configuration
######################################################################## ########################################################################
' '
printf "\nRemove Chrome warning...\n" echo "
Remove Chrome warning...
"
mkdir -p /etc/opt/chrome/policies/managed mkdir -p /etc/opt/chrome/policies/managed
echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON" echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON"
# Recording directory # Recording directory
if [ ! -d "$DIR_RECORD" ]; then if [ ! -d "$DIR_RECORD" ]; then
mkdir "$DIR_RECORD" mkdir "$DIR_RECORD"
fi fi
chown -R jibri:jibri "$DIR_RECORD" chown -R jibri:jibri "$DIR_RECORD"
@ -331,10 +325,19 @@ echo "or storage provider, etc.) in this script" >> /tmp/finalize.out
chmod -R 770 \$RECORDINGS_DIR chmod -R 770 \$RECORDINGS_DIR
LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -nr|sed 1d|awk '{print\$2}'| grep -v "meta\|_" | head -n1)" #Rename folder.
NJF_NAME="\$(find \$LJF_PATH |grep "mp4"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)" LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -n -r|awk '{print\$2}'| grep -v "meta\|-" | head -n1)"
NJF_NAME="\$(find \$LJF_PATH |grep -e "-"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)"
NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME" NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME"
mv \$LJF_PATH \$NJF_PATH
##Prevent empty recording directory failsafe
if [ "\$LJF_PATH" != "\$RECORDINGS_DIR" ]; then
mv \$LJF_PATH \$NJF_PATH
#Workaround for jibri to do cleaning.
ssh -i /home/jibri/jbsync.pem $MJS_USER@$MAIN_SRV_DOMAIN "rm -r \$LJF_PATH"
else
echo "No new folder recorded, not removing anything."
fi
exit 0 exit 0
REC_DIR REC_DIR
@ -343,15 +346,117 @@ chmod +x "$REC_DIR"
## New Jibri Config (2020) ## New Jibri Config (2020)
mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file
curl -s "$JIBRI_CONF_ONLINE" > "$JIBRI_CONF" cat << NEW_CONF > "$JIBRI_CONF"
sed -i "s|JIBRI_RES_CONF|$JIBRI_RES_CONF|g" "$JIBRI_CONF" // New XMPP environment config.
sed -i "s|DIR_RECORD|$DIR_RECORD|g" "$JIBRI_CONF" jibri {
sed -i "s|REC_DIR|$REC_DIR|g" "$JIBRI_CONF" streaming {
sed -i "s|JB_NAME|$JB_NAME|g" "$JIBRI_CONF" // A list of regex patterns for allowed RTMP URLs. The RTMP URL used
sed -i "s|DOMAIN|$MAIN_SRV_DOMAIN|g" "$JIBRI_CONF" // when starting a stream must match at least one of the patterns in
sed -i "s|JibriBrewery|$JibriBrewery|g" "$JIBRI_CONF" // this list.
sed -i "s|JB_AUTH_PASS|$JB_AUTH_PASS|g" "$JIBRI_CONF" rtmp-allow-list = [
sed -i "s|JB_REC_PASS|$JB_REC_PASS|g" "$JIBRI_CONF" // By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = "$JIBRI_RES_CONF"
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors",
"--disable-dev-shm-usage"
]
}
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording {
recordings-directory = $DIR_RECORD
finalize-script = $REC_DIR
}
api {
xmpp {
environments = [
{
// A user-friendly name for this environment
name = "$JB_NAME"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ "$MAIN_SRV_DOMAIN" ]
// The base XMPP domain
xmpp-domain = "$MAIN_SRV_DOMAIN"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.$MAIN_SRV_DOMAIN"
room-name = "$JibriBrewery"
nickname = "machine-id"
}
// The login information for the control MUC
control-login {
domain = "auth.$MAIN_SRV_DOMAIN"
username = "jibri"
password = "$JB_AUTH_PASS"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = "recorder.$MAIN_SRV_DOMAIN"
username = "recorder"
password = "$JB_REC_PASS"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 0 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
}
NEW_CONF
#Jibri xorg resolution #Jibri xorg resolution
sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF"
@ -362,20 +467,16 @@ echo "$NJN_USER:$NJN_USER_PASS" | chpasswd
echo -e "\n---- We'll connect to main server ----" echo -e "\n---- We'll connect to main server ----"
read -n 1 -s -r -p "Press any key to continue..."$'\n' read -n 1 -s -r -p "Press any key to continue..."$'\n'
sudo su "$NJN_USER" -c "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -o -a 200 -q -N ''" sudo su "$NJN_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''"
install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_ed25519 /home/jibri/jbsync.pem #Workaround for jibri to do cleaning.
install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_rsa /home/jibri/jbsync.pem
sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts" sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts"
sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts"
sudo su jibri -c "ssh-keyscan -t ed25519 $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts"
echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n"
ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts
ssh-keyscan -t ed25519 "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub
[ -f /home/"$NJN_USER"/.ssh/id_rsa.pub ] && \
ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub
[ -f /home/"$NJN_USER"/.ssh/id_ed25519.pub ] && \
ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_ed25519.pub
sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts"
echo -e "\n---- Setup Log system ----" echo -e "\n---- Setup Log system ----"
@ -390,7 +491,7 @@ exec 1>/var/log/"$NJN_USER"/remote_jnsync.log 2>&1
# Run sync # Run sync
while true; do while true; do
inotifywait -t 60 -r -e modify,attrib,close_write,move,delete "$DIR_RECORD" inotifywait -t 60 -r -e modify,attrib,close_write,move,delete "$DIR_RECORD"
sudo su "$NJN_USER" -c "rsync -Aax --chmod=Dg+rwx,Fg+rw --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD" sudo su "$NJN_USER" -c "rsync -Aax --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD"
find "$DIR_RECORD" -depth -type d -empty -not -path "$DIR_RECORD" -delete find "$DIR_RECORD" -depth -type d -empty -not -path "$DIR_RECORD" -delete
done done
INOT_RSYNC INOT_RSYNC

17
add-jvb2-node.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# JVB2 Node Aggregator # JVB2 Node Aggregator
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
### 0_LAST EDITION TIME STAMP ### ### 0_LAST EDITION TIME STAMP ###
@ -16,13 +16,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi fi
#Make sure the file name is the required one #Make sure the file name is the required one
@ -32,6 +28,13 @@ if [ ! "$(basename "$0")" = "add-jvb2-node.sh" ]; then
exit exit
fi fi
#Check admin rights
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
### 0_VAR_DEF ### 0_VAR_DEF
MAIN_SRV_DIST=TBD MAIN_SRV_DIST=TBD
MAIN_SRV_REPO=TBD MAIN_SRV_REPO=TBD

96
etherpad-docker.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Etherpad Installer for Jitsi Meet # Etherpad Installer for Jitsi Meet
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# #
# GPLv3 or later. # GPLv3 or later.
@ -13,8 +13,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi fi
if ! [ "$(id -u)" = 0 ]; then if ! [ "$(id -u)" = 0 ]; then
@ -29,11 +30,9 @@ echo '
######################################################################## ########################################################################
by Software, IT & Networks Ltd by Software, IT & Networks Ltd
' '
FORGE_REPO="https://forge.switnet.net/switnet/quick-jibri-installer"
check_apt_policy() { check_apt_policy() {
apt-cache policy 2>/dev/null| \ apt-cache policy 2>/dev/null| awk "/$1/{print \$3}" | awk -F '/' 'NR==1{print$2}'
awk "/$1/{print \$3}" | \
awk -F '/' 'NR==1{print$2}'
} }
install_ifnot() { install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
@ -43,16 +42,6 @@ if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")"
apt-get -yq2 install "$1" apt-get -yq2 install "$1"
fi fi
} }
# Test for matches
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to $FORGE_REPO"
exit
fi
}
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
@ -60,26 +49,23 @@ PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{pri
ETHERPAD_DB_USER="dockerpad" ETHERPAD_DB_USER="dockerpad"
ETHERPAD_DB_NAME="etherpad" ETHERPAD_DB_NAME="etherpad"
ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
WS_CONF_MATCH1="# ensure all static content can always be found first" DOCKER_CE_REPO="$(check_apt_policy docker)"
WS_MATCH2="upstream prosody {"
echo "Add Docker repo"
if [ "$DOCKER_CE_REPO" = "stable" ]; then
echo "Docker repository already installed"
else
echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker-ce.list
wget -qO - https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg >/dev/null
apt -q2 update
fi
read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS
install -m 600 /dev/null /var/opt/etherpad_details.txt
cat << EOF > /var/opt/etherpad_details.txt
ETHERPAD_ADMIN_PASS=$ETHERPAD_ADMIN_PASS
ETHERPAD_DB_USER=$ETHERPAD_DB_USER
ETHERPAD_DB_NAME=$ETHERPAD_DB_NAME
ETHERPAD_DB_PASS=$ETHERPAD_DB_PASS
EOF
# Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
test_match "$WS_MATCH2" "$WS_CONF"
# Install required packages # Install required packages
install_ifnot docker.io install_ifnot docker-ce
install_ifnot postgresql-"$PSGVER" install_ifnot postgresql-"$PSGVER"
# Create DB # Create DB
@ -88,15 +74,15 @@ sudo -u postgres psql <<DB
CREATE DATABASE ${ETHERPAD_DB_NAME}; CREATE DATABASE ${ETHERPAD_DB_NAME};
CREATE USER ${ETHERPAD_DB_USER} WITH ENCRYPTED PASSWORD '${ETHERPAD_DB_PASS}'; CREATE USER ${ETHERPAD_DB_USER} WITH ENCRYPTED PASSWORD '${ETHERPAD_DB_PASS}';
GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER}; GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER};
\c ${ETHERPAD_DB_NAME}
ALTER SCHEMA public OWNER TO ${ETHERPAD_DB_USER};
DB DB
echo " -- Your etherpad db password is: $ETHERPAD_DB_PASS"
echo -e " Please save it somewhere safe.\n"
# Check fot docker if not running then execute # Check fot docker if not running then execute
if [ ! "$(docker ps -q -f name=etherpad)" ]; then if [ ! "$(docker ps -q -f name=etherpad)" ]; then
if [ "$(docker ps -aq -f status=exited -f name=etherpad)" ]; then if [ "$(docker ps -aq -f status=exited -f name=etherpad)" ]; then
# cleanup # cleanup
docker rm -f etherpad docker rm etherpad
fi fi
# run your container # run your container
docker run -d --restart always \ docker run -d --restart always \
@ -110,7 +96,7 @@ if [ ! "$(docker ps -q -f name=etherpad)" ]; then
-e "DB_NAME=$ETHERPAD_DB_NAME" \ -e "DB_NAME=$ETHERPAD_DB_NAME" \
-e "DB_USER=$ETHERPAD_DB_USER" \ -e "DB_USER=$ETHERPAD_DB_USER" \
-e "DB_PASS=$ETHERPAD_DB_PASS" \ -e "DB_PASS=$ETHERPAD_DB_PASS" \
etherpad/etherpad -i -t etherpad/etherpad
fi fi
# Tune webserver for Jitsi App control # Tune webserver for Jitsi App control
@ -119,31 +105,17 @@ if [ "$(grep -c etherpad "$WS_CONF")" != 0 ]; then
echo "> Webserver seems configured, skipping..." echo "> Webserver seems configured, skipping..."
elif [ -f "$WS_CONF" ]; then elif [ -f "$WS_CONF" ]; then
echo "> Setting up webserver configuration file..." echo "> Setting up webserver configuration file..."
if ! grep -q 'map $http_upgrade $connection_upgrade' "$WS_CONF"; then sed -i "/# ensure all static content can always be found first/i \ \ \ \ #Etherpad block" "$WS_CONF"
echo " > Setting mapping upgrade connection." sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF"
sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections or Etherpad" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF"
sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF"
else sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF"
echo " > Upgrade connection mapping already setup."
fi
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ #Etherpad block" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_redirect off;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \\\n" "$WS_CONF"
else else
echo "> No etherpad config done to server file, please report to:" echo "> No etherpad config done to server file, please report to:
echo " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi fi
# Configure config.js # Configure config.js
@ -151,7 +123,7 @@ if [ "$(grep -c "etherpad_base" "$WS_CONF")" != 0 ]; then
echo -e "> $MEET_CONF seems configured, skipping...\n" echo -e "> $MEET_CONF seems configured, skipping...\n"
else else
echo -e "> Setting etherpad domain at $MEET_CONF...\n" echo -e "> Setting etherpad domain at $MEET_CONF...\n"
sed -i "s|// etherpad_base: .*|etherpad_base: \'https://$DOMAIN/etherpad/p/\',|" "$MEET_CONF" sed -i "/ openSharedDocumentOnJoin:/a\ \ \ \ etherpad_base: \'https://$DOMAIN/etherpad/p/\'," "$MEET_CONF"
fi fi
echo "> Checking nginx configuration..." echo "> Checking nginx configuration..."
@ -161,6 +133,6 @@ if nginx -t 2>/dev/null ; then
# systemctl reload nginx # systemctl reload nginx
else else
echo "Please check your configuration, something may be wrong." echo "Please check your configuration, something may be wrong."
echo "Will not try to enable etherpad nginx configuration, please report to:" echo "Will not try to enable etherpad nginx configuration, please report to:
echo " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi fi

38
excalidraw-backend.sh
View File

@ -4,27 +4,9 @@
# Based on: # Based on:
# - https://community.jitsi.org/t/118883 # - https://community.jitsi.org/t/118883
# #
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option
do
case "${option}"
in
m) MODE=${OPTARG};;
\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
esac
done
if [ "$MODE" = "debug" ]; then
set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
# Reset # Reset
Color_Off='\e[0m' # Text Reset Color_Off='\e[0m' # Text Reset
# Regular Colors # Regular Colors
@ -70,6 +52,24 @@ else
fi fi
} }
while getopts m: option
do
case "${option}"
in
m) MODE=${OPTARG};;
\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
esac
done
#DEBUG
if [ "$MODE" = "debug" ]; then
set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
clear clear
echo -e '\n echo -e '\n
######################################################################## ########################################################################

109
files/jibri.conf
View File

@ -1,109 +0,0 @@
// XMPP environment config.
jibri {
streaming {
// A list of regex patterns for allowed RTMP URLs. The RTMP URL used
// when starting a stream must match at least one of the patterns in
// this list.
rtmp-allow-list = [
// By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = JIBRI_RES_CONF
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors",
"--disable-dev-shm-usage"
]
}
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording {
recordings-directory = "DIR_RECORD"
finalize-script = "REC_DIR"
}
api {
xmpp {
environments = [
{
// A user-friendly name for this environment
name = "JB_NAME"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ "DOMAIN" ]
// The base XMPP domain
xmpp-domain = "DOMAIN"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.DOMAIN"
room-name = "JibriBrewery"
nickname = "Live"
}
// The login information for the control MUC
control-login {
domain = "auth.DOMAIN"
username = "jibri"
password = "JB_AUTH_PASS"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = "recorder.DOMAIN"
username = "recorder"
password = "JB_REC_PASS"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 0 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
}

177
files/nextcloud.conf
View File

@ -1,177 +0,0 @@
# Nextcloud 28 nginx - configuration
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php_PHPVER-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
listen [::]:80;
server_name _NC_DOMAIN;
# enforce https
return 301 https://\$server_name\$request_uri;
}
server {
listen _NC_NGINX_SSL_PORT ssl http2;
listen [::]:_NC_NGINX_SSL_PORT ssl http2;
server_name _NC_DOMAIN;
# Path to the root of your installation
root _NC_PATH/;
ssl_certificate /etc/letsencrypt/live/_NC_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/_NC_DOMAIN/privkey.pem;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

74
grafana.sh
View File

@ -8,7 +8,7 @@
# by "mephisto" # by "mephisto"
# #
# Igor Kerstges © - 2021 # Igor Kerstges © - 2021
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# #
# GPLv3 or later. # GPLv3 or later.
@ -21,8 +21,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi fi
if ! [ "$(id -u)" = 0 ]; then if ! [ "$(id -u)" = 0 ]; then
@ -42,22 +43,11 @@ systemctl enable "$1"
systemctl restart "$1" systemctl restart "$1"
systemctl status "$1" systemctl status "$1"
} }
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
MAIN_TEL="/etc/telegraf/telegraf.conf" MAIN_TEL="/etc/telegraf/telegraf.conf"
TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf"
GRAFANA_INI="/etc/grafana/grafana.ini" GRAFANA_INI="/etc/grafana/grafana.ini"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
WS_MATCH1="# ensure all static content can always be found first"
WS_MATCH2="upstream prosody {"
GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
# Min requirements # Min requirements
@ -67,17 +57,11 @@ apt-get install -y gnupg2 \
wget \ wget \
jq jq
# Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
echo " echo "
# Setup InfluxDB Packages # Setup InfluxDB Packages
" "
curl -s https://repos.influxdata.com/influxdata-archive.key > \ curl -s https://repos.influxdata.com/influxdata-archive.key > /etc/apt/trusted.gpg.d/influxdata-archive.key
/etc/apt/trusted.gpg.d/influxdata-archive.key echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | \
sudo tee /etc/apt/sources.list.d/influxdb.list
apt-get update && apt-get install influxdb -y apt-get update && apt-get install influxdb -y
run_service influxdb run_service influxdb
@ -86,8 +70,7 @@ echo "
" "
curl -s https://apt.grafana.com/gpg-full.key | \ curl -s https://apt.grafana.com/gpg-full.key | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg >/dev/null gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg >/dev/null
echo "deb https://packages.grafana.com/oss/deb stable main" | \ add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
sudo tee /etc/apt/sources.list.d/grafana_com_oss_deb.list
apt-get update && apt-get install grafana -y apt-get update && apt-get install grafana -y
run_service grafana-server run_service grafana-server
@ -155,13 +138,11 @@ echo '
# extra options to pass to the JVB daemon # extra options to pass to the JVB daemon
JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config
sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties
# Enable videobridge REST API
hocon -f /etc/jitsi/videobridge/jvb.conf set videobridge.apis.rest.enabled true
systemctl restart jitsi-videobridge2 systemctl restart jitsi-videobridge2
echo -e "\n# Setup Grafana nginx domain\n" echo -e "\n# Setup Grafana nginx domain\n"
sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI
sed -i "s|;http_addr =.*|http_addr = 127.0.0.1|" $GRAFANA_INI sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI
sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI
sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI
sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI
@ -179,35 +160,10 @@ while [ $secs -gt 0 ]; do
done done
if [ -f "$WS_CONF" ]; then if [ -f "$WS_CONF" ]; then
echo "> Setting up webserver configuration file..." sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana." "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location ~ ^/(grafana/|grafana/login) {" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana Live WebSocket connections." "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location /grafana/api/live/ {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
if ! grep -q 'map $http_upgrade $connection_upgrade' "$WS_CONF"; then
echo " > Setting mapping upgrade connection."
sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections or Etherpad" "$WS_CONF"
sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF"
else
echo " > Upgrade connection mapping already setup."
fi
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH2/i upstream grafana {" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ server localhost:3000;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF"
systemctl restart nginx systemctl restart nginx
else else
echo "No app configuration done to server file, please report to: echo "No app configuration done to server file, please report to:
@ -223,7 +179,7 @@ PUT -H "Content-Type: application/json;charset=UTF-8" -d \
\"oldPassword\": \"admin\", \"oldPassword\": \"admin\",
\"newPassword\": \"$GRAFANA_PASS\", \"newPassword\": \"$GRAFANA_PASS\",
\"confirmNew\": \"$GRAFANA_PASS\" \"confirmNew\": \"$GRAFANA_PASS\"
}" http://127.0.0.1:3000/api/user/password; echo "" }" http://localhost:3000/api/user/password; echo ""
echo " echo "
# Create InfluxDB datasource # Create InfluxDB datasource
@ -233,16 +189,16 @@ POST -H 'Content-Type: application/json;charset=UTF-8' -d \
'{ '{
"name": "InfluxDB", "name": "InfluxDB",
"type": "influxdb", "type": "influxdb",
"url": "http://127.0.0.1:8086", "url": "http://localhost:8086",
"access": "proxy", "access": "proxy",
"isDefault": true, "isDefault": true,
"database": "jitsi" "database": "jitsi"
}' http://127.0.0.1:3000/api/datasources; echo "" }' http://localhost:3000/api/datasources; echo ""
echo " echo "
# Add Grafana Dashboard # Add Grafana Dashboard
" "
grafana_host="http://127.0.0.1:3000" grafana_host="http://localhost:3000"
grafana_cred="admin:$GRAFANA_PASS" grafana_cred="admin:$GRAFANA_PASS"
grafana_datasource="InfluxDB" grafana_datasource="InfluxDB"
ds=(11969); ds=(11969);

1
images/watermark2.svg
View File

@ -1 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" width="1" height="1"/>
Side by Side

Before

Width:  |  Height:  |  Size: 100 B

141
jigasi-vosk-backend.sh
View File

@ -1,141 +0,0 @@
#!/bin/bash
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
while getopts m: option
do
case "${option}"
in
m) MODE=${OPTARG};;
\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
esac
done
if [ "$MODE" = "debug" ]; then
set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
exit_if_not_installed() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then
echo " This instance doesn't have $1 installed, exiting..."
echo " If you think this is an error, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues "
exit
fi
}
clear
echo ''
echo '########################################################################'
echo ' Jigasi Transcript addon'
echo '########################################################################'
echo ' by Software, IT & Networks Ltd'
echo ''
exit_if_not_installed jitsi-meet
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
JIG_TRANSC_PASWD="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 16 | head -n1)"
JIG_SIP_PROP="/etc/jitsi/jigasi/sip-communicator.properties"
export DOMAIN
export JIG_TRANSC_PASWD
apt-get -q2 update
# Disable SIP account prompt by default
echo "jigasi jigasi/sip-account string ''" | debconf-set-selections
echo "jigasi jigasi/sip-password password ''" | debconf-set-selections
echo "Installing Jigasi, SIP configuration disabled by default."
apt-get -y install gettext-base jigasi docker.io
echo "Please select a language for the VOSK transcription model:"
echo "1) Chinese"
echo "2) English"
echo "3) French"
echo "4) German"
echo "5) Hindi"
echo "6) Japanese"
echo "7) Russian"
echo "8) Spanish"
read -p "Enter the number corresponding to your language choice: " -r lang_choice
case $lang_choice in
1)
echo "You selected Chinese."
VOSK_DOCKER_MODEL="alphacep/kaldi-cn"
;;
2)
echo "You selected English."
VOSK_DOCKER_MODEL="alphacep/kaldi-en"
;;
3)
echo "You selected French."
VOSK_DOCKER_MODEL="alphacep/kaldi-fr"
;;
4)
echo "You selected German."
VOSK_DOCKER_MODEL="alphacep/kaldi-de"
;;
5)
echo "You selected Hindi."
VOSK_DOCKER_MODEL="alphacep/kaldi-hi"
;;
6)
echo "You selected Japanese."
VOSK_DOCKER_MODEL="alphacep/kaldi-ja"
;;
7)
echo "You selected Russian."
VOSK_DOCKER_MODEL="alphacep/kaldi-ru"
;;
8)
echo "You selected Spanish."
VOSK_DOCKER_MODEL="alphacep/kaldi-es"
;;
*)
echo "Invalid selection. Please choose a number between 1 and 8."
;;
esac
# Running selected VOSK docker model.
docker run -d --restart always -p 2700:2700 ${VOSK_DOCKER_MODEL}:latest
echo "Setting up Jigasi transcript with current platform..."
# Jitsi Meet
echo "> Patching Jitsi Meet's config.js for Transcription support."
echo " Read more at patches/jigasi/001-jigasi-meet-config.patch file"
envsubst < patches/jigasi/001-jigasi-meet-config.patch | \
patch --no-backup-if-mismatch -d / -p1
# Jigasi
echo "> Patching jigasi's sip-communicator.properties configuration."
echo " Read more at patches/jigasi/002-jigasi-sip-properties.patch file"
cp "$JIG_SIP_PROP" ${JIG_SIP_PROP}-dpkg-file
envsubst < patches/jigasi/002-jigasi-sip-properties.patch | \
patch --no-backup-if-mismatch -d / -p1
# Create transcribe user on hidden domain.
prosodyctl register transcriber recorder."$DOMAIN" "$JIG_TRANSC_PASWD"
# Restart services.
systemctl restart prosody \
jicofo \
jigasi \
jibri* \
jitsi-videobridge2
echo ""
echo "Full transcript files are available at:"
echo "--> /var/lib/jigasi/transcripts/"
echo ""
echo "Happy transcripting!"
echo ""

28
jitsi-updater.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Jitsi Meet recurring upgrader and customization keeper # Jitsi Meet recurring upgrader and customization keeper
# for Debian/*buntu binaries. # for Debian/*buntu binaries.
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option
@ -13,13 +13,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi fi
Blue='\e[0;34m' Blue='\e[0;34m'
@ -31,7 +27,11 @@ Color_Off='\e[0m'
printwc() { printwc() {
printf "%b$2%b" "$1" "${Color_Off}" printf "%b$2%b" "$1" "${Color_Off}"
} }
#Check if user is root
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
if [ ! -f jm-bm.sh ]; then if [ ! -f jm-bm.sh ]; then
echo "Please check that you are running the jitsi updater while being on the project folder" echo "Please check that you are running the jitsi updater while being on the project folder"
echo "other wise the updater might have errors or be incomplete. Exiting..." echo "other wise the updater might have errors or be incomplete. Exiting..."
@ -42,9 +42,7 @@ apt_repo="/etc/apt/sources.list.d"
ENABLE_BLESSM="TBD" ENABLE_BLESSM="TBD"
G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3) G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing" CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \ CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | grep linux64 | grep "$G_CHROME" | tail -1)
jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | \
grep linux64 | grep "$G_CHROME" | tail -1)
CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL") CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL")
CHD_LTST_2D="$(cut -d "." -f 1,2 <<< "$CHD_LTST")" CHD_LTST_2D="$(cut -d "." -f 1,2 <<< "$CHD_LTST")"
CHDB="$(whereis chromedriver | awk '{print$2}')" CHDB="$(whereis chromedriver | awk '{print$2}')"
@ -125,7 +123,6 @@ update_nodejs_repo() {
-o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"
apt-get install -q2 --only-upgrade <<< printf "${nodejs_package[@]}" apt-get install -q2 --only-upgrade <<< printf "${nodejs_package[@]}"
} }
check_latest_gc() {
printwc "${Purple}" "Checking for Google Chrome\n" printwc "${Purple}" "Checking for Google Chrome\n"
if [ -f /usr/bin/google-chrome ]; then if [ -f /usr/bin/google-chrome ]; then
GOOGL_VER_2D="$(/usr/bin/google-chrome --version|awk '{printf "%.1f\n", $NF}')" GOOGL_VER_2D="$(/usr/bin/google-chrome --version|awk '{printf "%.1f\n", $NF}')"
@ -133,11 +130,8 @@ else
printwc "${Yellow}" " -> Seems there is no Google Chrome installed\n" printwc "${Yellow}" " -> Seems there is no Google Chrome installed\n"
IS_GLG_CHRM="no" IS_GLG_CHRM="no"
fi fi
}
check_latest_gc
upgrade_cd() { upgrade_cd() {
if [ -n "$GOOGL_VER_2D" ]; then if [ -n "$GOOGL_VER_2D" ]; then
check_latest_gc
if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then
echo "Upgrading Chromedriver to Google Chromes version" echo "Upgrading Chromedriver to Google Chromes version"
wget -q "$CHD_LTST_DWNL" \ wget -q "$CHD_LTST_DWNL" \
@ -265,10 +259,6 @@ printwc "${Purple}" "========== Enable $NC_DOMAIN for sync client ==========\n"
echo "$NC_DOMAIN seems to be on place, skipping..." echo "$NC_DOMAIN seems to be on place, skipping..."
fi fi
fi fi
# Final check & upgrade call.
check_lst_cd
if [ "$JIBRI_NODE" = "yes" ]; then if [ "$JIBRI_NODE" = "yes" ]; then
restart_jibri restart_jibri
else else

46
jm-bm.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Jitsi Meet brandless mode # Jitsi Meet brandless mode
# for Debian/*buntu binaries. # for Debian/*buntu binaries.
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option
@ -13,13 +13,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi fi
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
@ -31,7 +27,6 @@ BUNDLE_JS="/usr/share/jitsi-meet/libs/app.bundle.min.js"
# #
JM_IMG_PATH="/usr/share/jitsi-meet/images" JM_IMG_PATH="/usr/share/jitsi-meet/images"
WTM2_PATH="$JM_IMG_PATH/watermark2.png" WTM2_PATH="$JM_IMG_PATH/watermark2.png"
WTM2_SVG_PATH="$JM_IMG_PATH/watermark2.svg"
FICON_PATH="$JM_IMG_PATH/favicon2.ico" FICON_PATH="$JM_IMG_PATH/favicon2.ico"
REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png" REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png"
# #
@ -41,30 +36,29 @@ PART_USER="Participant"
LOCAL_USER="me" LOCAL_USER="me"
# #
#SEC_ROOM="TBD" #SEC_ROOM="TBD"
copy_if_not_there() {
if [ ! -f "$1" ]; then
cp images/"$(echo $1|xargs basename)" "$1"
else
echo "$(echo $1|xargs basename) file exists, skipping copying..."
fi
}
echo ' echo '
#-------------------------------------------------- #--------------------------------------------------
# Applying Brandless mode # Applying Brandless mode
#-------------------------------------------------- #--------------------------------------------------
' '
#Watermark #Watermark
copy_if_not_there "$WTM2_PATH" if [ ! -f "$WTM2_PATH" ]; then
cp images/watermark2.png "$WTM2_PATH"
#Watermark svg else
copy_if_not_there "$WTM2_SVG_PATH" echo "watermark2 file exists, skipping copying..."
fi
#Favicon #Favicon
copy_if_not_there "$FICON_PATH" if [ ! -f "$FICON_PATH" ]; then
cp images/favicon2.ico "$FICON_PATH"
else
echo "favicon2 file exists, skipping copying..."
fi
#Local recording icon #Local recording icon
copy_if_not_there "$REC_ICON_PATH" if [ ! -f "$REC_ICON_PATH" ];then
cp images/gnome_record.png "$REC_ICON_PATH"
else
echo "recording icon exists, skipping copying..."
fi
#Custom / Remove icons #Custom / Remove icons
sed -i "s|watermark.png|watermark2.png|g" "$CSS_FILE" sed -i "s|watermark.png|watermark2.png|g" "$CSS_FILE"
@ -76,10 +70,6 @@ sed -i "s|icon-cloud.png|gnome_record.png|g" "$BUNDLE_JS"
if ! grep -q ".leftwatermark{display:none" "$CSS_FILE" ; then if ! grep -q ".leftwatermark{display:none" "$CSS_FILE" ; then
sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE" sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE"
fi fi
#Replace App logo
sed -i "s|// defaultLogoUrl: .*| defaultLogoUrl: 'images/watermark2.svg',|" "$MEET_CONF"
#Overwrite favicon svg
cp images/watermark2.svg $JM_IMG_PATH/favicon.svg
#Customize room title #Customize room title
sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE" sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE"

322
jra_nextcloud.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# JRA (Jibri Recordings Access) via Nextcloud # JRA (Jibri Recordings Access) via Nextcloud
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option
@ -12,15 +12,15 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi fi
if ! [ "$(id -u)" = 0 ]; then if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!" echo "You need to be root or have sudo privileges!"
exit 0 exit 0
fi fi
exit_if_not_installed() { exit_if_not_installed() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then
echo " This instance doesn't have $1 installed, exiting..." echo " This instance doesn't have $1 installed, exiting..."
@ -42,9 +42,14 @@ apt-get update -q2
# Manually add prerequisites. # Manually add prerequisites.
apt-get install -y curl letsencrypt nginx apt-get install -y curl letsencrypt nginx
MIN_PHP="8.2" DISTRO_RELEASE="$(lsb_release -sc)"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHPVER="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')" PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')" NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')"
[ -z "$NC_NGINX_SSL_PORT" ] && NC_NGINX_SSL_PORT="443" [ -z "$NC_NGINX_SSL_PORT" ] && NC_NGINX_SSL_PORT="443"
NC_REPO="https://download.nextcloud.com/server/releases" NC_REPO="https://download.nextcloud.com/server/releases"
@ -59,11 +64,31 @@ DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording
REDIS_CONF="/etc/redis/redis.conf" REDIS_CONF="/etc/redis/redis.conf"
JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
[ -f "$JITSI_MEET_PROXY" ] && PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1) [ -f "$JITSI_MEET_PROXY" ] && PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1)
PUBLIC_IP="$(wget -qO- https://api.ipify.org)" PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
ISO3166_CODE=TBD ISO3166_CODE=TBD
NL="$(printf '\n ')" NL="$(printf '\n ')"
TMP_GPG_REPO="$(mktemp -d)"
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison "$i" 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages
packages=""
}
exit_ifinstalled() { exit_ifinstalled() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " This instance already has $1 installed, exiting..." echo " This instance already has $1 installed, exiting..."
@ -80,6 +105,18 @@ else
apt-get -yq2 install "$1" apt-get -yq2 install "$1"
fi fi
} }
add_php() {
if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed"
apt-get -q2 update
apt-get -yq2 dist-upgrade
else
echo "# Adding Ondrej PHP $PHPVER PPA Repository"
add_gpg_keyring E5267A6C
echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2
fi
}
while [[ "$ANS_NCD" != "yes" ]] while [[ "$ANS_NCD" != "yes" ]]
do do
read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN
@ -95,11 +132,9 @@ do
echo " - Please try again." echo " - Please try again."
fi fi
done done
sleep .1
#Simple DNS test #Simple DNS test
if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then
echo -e "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...\n\n" echo -e "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...\n\n"
sleep .1
else else
echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match." echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match."
echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail." echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail."
@ -111,7 +146,7 @@ else
exit exit
fi fi
fi fi
sleep .1
NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf" NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf"
while [ -z "$NC_USER" ] while [ -z "$NC_USER" ]
do do
@ -120,7 +155,6 @@ do
echo " - This field is mandatory." echo " - This field is mandatory."
fi fi
done done
sleep .1
while [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 8 ] while [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 8 ]
do do
read -p "Nextcloud user password: " -r NC_PASS read -p "Nextcloud user password: " -r NC_PASS
@ -128,21 +162,19 @@ do
echo -e " - This field is mandatory. \nPlease make sure it's at least 8 characters.\n" echo -e " - This field is mandatory. \nPlease make sure it's at least 8 characters.\n"
fi fi
done done
sleep .1
#Enable HSTS #Enable HSTS
while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ] while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ]
do do
read -p "> Do you want to enable HSTS for this domain? (yes or no) [default: no]: read -p "> Do you want to enable HSTS for this domain?: (yes or no)
Be aware this option apply mid-term effects on the domain, choose \"no\" or leave empty Be aware this option apply mid-term effects on the domain, choose \"no\"
in case you don't know what you are doing. More at https://hstspreload.org/$NL" -r ENABLE_HSTS in case you don't know what you are doing. More at https://hstspreload.org/$NL" -r ENABLE_HSTS
ENABLE_HSTS=${ENABLE_HSTS:-no}
if [ "$ENABLE_HSTS" = "no" ]; then if [ "$ENABLE_HSTS" = "no" ]; then
echo " - HSTS won't be enabled." echo " - HSTS won't be enabled."
elif [ "$ENABLE_HSTS" = "yes" ]; then elif [ "$ENABLE_HSTS" = "yes" ]; then
echo " - HSTS will be enabled." echo " - HSTS will be enabled."
fi fi
done done
sleep .1
echo -e "#Default country phone code\n echo -e "#Default country phone code\n
> Starting at Nextcloud 21.x it's required to set a default country phone ISO 3166-1 alpha-2 code.\n > Starting at Nextcloud 21.x it's required to set a default country phone ISO 3166-1 alpha-2 code.\n
>>> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements <<<\n" >>> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements <<<\n"
@ -164,7 +196,7 @@ if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed")
echo "jitsi meet/jibri is installed, checking version:" echo "jitsi meet/jibri is installed, checking version:"
apt-show-versions jibri apt-show-versions jibri
else else
echo "Wait!, jitsi-meet/jibri is not installed on this system via apt, exiting..." echo "Wait!, jitsi-meet/jibri is not installed on this system using apt, exiting..."
exit exit
fi fi
@ -177,42 +209,241 @@ exit_ifinstalled postgresql-"$PSGVER"
# PostgresSQL # PostgresSQL
install_ifnot postgresql-"$PSGVER" install_ifnot postgresql-"$PSGVER"
# PHP 7.4 / 8.1
add_php
install_aval_package " \
imagemagick \
php$PHPVER-fpm \
php$PHPVER-bcmath \
php$PHPVER-bz2 \
php$PHPVER-curl \
php$PHPVER-gd \
php$PHPVER-gmp \
php$PHPVER-imagick \
php$PHPVER-intl \
php$PHPVER-json \
php$PHPVER-ldap \
php$PHPVER-mbstring \
php$PHPVER-pgsql \
php$PHPVER-redis \
php$PHPVER-soap \
php$PHPVER-xml \
php$PHPVER-xmlrpc \
php$PHPVER-zip \
redis-server \
unzip \
"
#-------------------------------------------------- #System related
# Prepare PHP install_ifnot smbclient
#-------------------------------------------------- sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF"
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF"
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF"
sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF"
if [ "$MODE" = "debug" ]; then echo "
bash -x "$PWD"/tools/prepare_php.sh "$MIN_PHP" Tunning PHP.ini...
else "
bash "$PWD"/tools/prepare_php.sh "$MIN_PHP" # Change values in php.ini (increase max file size)
fi # max_execution_time
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
# max_input_time
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
# memory_limit
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
# post_max
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
# upload_max
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
phpenmod opcache
{
echo "# OPcache settings for Nextcloud"
echo "opcache.enable=1"
echo "opcache.enable_cli=1"
echo "opcache.interned_strings_buffer=8"
echo "opcache.max_accelerated_files=10000"
echo "opcache.memory_consumption=256"
echo "opcache.save_comments=1"
echo "opcache.revalidate_freq=1"
echo "opcache.validate_timestamps=1"
} >> "$PHP_INI"
systemctl restart php"$PHPVER"-fpm.service
#-------------------------------------------------- #--------------------------------------------------
# Create DB user # Create DB user
#-------------------------------------------------- #--------------------------------------------------
echo -e "\n---- Creating the PgSQL DB & User ----" echo -e "\n---- Creating the PgSQL DB & User ----"
cd /tmp || return
sudo -u postgres psql <<DB sudo -u postgres psql <<DB
CREATE DATABASE nextcloud_db; CREATE DATABASE nextcloud_db;
CREATE USER ${NC_DB_USER} WITH ENCRYPTED PASSWORD '${NC_DB_PASSWD}'; CREATE USER ${NC_DB_USER} WITH ENCRYPTED PASSWORD '${NC_DB_PASSWD}';
GRANT ALL PRIVILEGES ON DATABASE ${NC_DB} TO ${NC_DB_USER}; GRANT ALL PRIVILEGES ON DATABASE ${NC_DB} TO ${NC_DB_USER};
\c nextcloud_db
ALTER SCHEMA public OWNER TO ${NC_DB_USER};
DB DB
echo "Done!
"
echo -e "\nDone!\n" #nginx - configuration
cat << NC_NGINX > "$NC_NGINX_CONF"
#nextcloud config
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php${PHPVER}-fpm.sock;
}
# Add .mjs as a file extension for javascript server {
sed -i "/application\/javascript/s|js.*;|js mjs;|" /etc/nginx/mime.types listen 80;
listen [::]:80;
server_name $NC_DOMAIN;
# enforce https
return 301 https://\$server_name\$request_uri;
}
# nginx conf setup. server {
cp files/nextcloud.conf "$NC_NGINX_CONF" listen $NC_NGINX_SSL_PORT ssl http2;
sed -i "s|_PHPVER|$MIN_PHP|g" "$NC_NGINX_CONF" listen [::]:$NC_NGINX_SSL_PORT ssl http2;
sed -i "s|_NC_DOMAIN|$NC_DOMAIN|g" "$NC_NGINX_CONF" server_name $NC_DOMAIN;
sed -i "s|_NC_NGINX_SSL_PORT|$NC_NGINX_SSL_PORT|g" "$NC_NGINX_CONF"
sed -i "s|_NC_PATH|$NC_PATH|g" "$NC_NGINX_CONF"
ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$NC_DOMAIN/privkey.pem;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the \`ngx_pagespeed\` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud \`.htaccess\`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# set max upload size
client_max_body_size 1024M;
fastcgi_buffers 64 4K;
# Path to the root of your installation
root $NC_PATH/;
# Specify how to handle directories -- specifying \`/index.php\$request_uri\`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# \`/updater\`, \`/ocm-provider\`, \`/ocs-provider\`), and thus
# \`try_files \$uri \$uri/ /index.php\$request_uri\`
# always provides the desired behaviour.
index index.php index.html /index.php\$request_uri;
# Rule borrowed from \`.htaccess\` to handle Microsoft DAV clients
location = / {
if ( \$http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/\$is_args\$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for \`/.well-known\` so that clients can still
# access it despite the existence of the regex rule
# \`location ~ /(\.|autotest|...)\` which would otherwise handle requests
# for \`/.well-known\`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in \`.htaccess\` that concern \`/.well-known\`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files \$uri \$uri/ =404; }
location /.well-known/pki-validation { try_files \$uri \$uri/ =404; }
# Let Nextcloud's API for \`/.well-known\` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php\$request_uri;
}
# Rules borrowed from \`.htaccess\` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:\$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends \`/index.php\`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:\$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
set \$path_info \$fastcgi_path_info;
try_files \$fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param PATH_INFO \$path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)\$ {
try_files \$uri /index.php\$request_uri;
expires 6M; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?\$ {
try_files \$uri /index.php\$request_uri;
expires 7d; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from \`.htaccess\`
location /remote {
return 301 /remote.php\$request_uri;
}
location / {
try_files \$uri \$uri/ /index.php\$request_uri;
}
}
NC_NGINX
systemctl stop nginx systemctl stop nginx
letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN" letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN"
if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then
@ -248,7 +479,7 @@ chown -R www-data:www-data "$NC_PATH"
chmod -R 755 "$NC_PATH" chmod -R 755 "$NC_PATH"
echo -e "\nDatabase installation...\n" echo -e "\nDatabase installation...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ maintenance:install \ sudo -u www-data php "$NC_PATH"/occ maintenance:install \
--database=pgsql \ --database=pgsql \
--database-name="$NC_DB" \ --database-name="$NC_DB" \
--database-user="$NC_DB_USER" \ --database-user="$NC_DB_USER" \
@ -263,7 +494,7 @@ sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," "$NC_C
sed -i "s|http://localhost|https://$NC_DOMAIN|" "$NC_CONFIG" sed -i "s|http://localhost|https://$NC_DOMAIN|" "$NC_CONFIG"
echo -e "\nAdd crontab...\n" echo -e "\nAdd crontab...\n"
crontab -u www-data -l | { cat; echo "*/5 * * * * php$MIN_PHP -f $NC_PATH/cron.php"; } | crontab -u www-data - crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NC_PATH/cron.php"; } | crontab -u www-data -
echo -e "\nAdd memcache support...\n" echo -e "\nAdd memcache support...\n"
sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF" sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF"
@ -289,24 +520,25 @@ sed -i "/);/i \ \ )," "$NC_CONFIG"
echo -e "Done\n" echo -e "Done\n"
echo -e "\nAddding & Setting up Files External App for Local storage...\n" echo -e "\nAddding & Setting up Files External App for Local storage...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:install files_external sudo -u www-data php "$NC_PATH"/occ app:install files_external
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:enable files_external sudo -u www-data php "$NC_PATH"/occ app:enable files_external
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:disable support sudo -u www-data php "$NC_PATH"/occ app:disable support
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json sudo -u www-data php "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json
usermod -a -G jibri www-data usermod -a -G jibri www-data
chmod -R 770 "$DIR_RECORD" chmod -R 770 "$DIR_RECORD"
chmod -R g+s "$DIR_RECORD" chmod -R g+s "$DIR_RECORD"
echo -e "\nFixing possible missing tables...\n\n" echo -e "\nFixing possible missing tables...\n\n"
echo "y"|sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:convert-filecache-bigint echo "y"|sudo -u www-data php "$NC_PATH"/occ db:convert-filecache-bigint
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-indices sudo -u www-data php "$NC_PATH"/occ db:add-missing-indices
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-columns sudo -u www-data php "$NC_PATH"/occ db:add-missing-columns
echo -e "\nAdding trusted domain...\n" echo -e "\nAdding trusted domain...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN" sudo -u www-data php "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN"
echo -e "\nSetting JRA domain on jitsi-updater.sh\n" echo -e "\nSetting JRA domain on jitsi-updater.sh\n"
cd ~/quick-jibri-installer || return
sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh
echo -e "\nQuick Nextcloud installation complete!\n" echo -e "\nQuick Nextcloud installation complete!\n"

2
mode/chp-mode.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Custom High Performance Jitsi conf # Custom High Performance Jitsi conf
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
mode/grid/selenium-grid-docker.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Custom Selenium Grid-Node fro Jitsi Meet # Custom Selenium Grid-Node fro Jitsi Meet
# Pandian © - https://community.jitsi.org/u/Pandian # Pandian © - https://community.jitsi.org/u/Pandian
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
mode/jms-stu.sh
View File

@ -2,7 +2,7 @@
# System-tune-up to remove system software restrictions on a huge load of connections. # System-tune-up to remove system software restrictions on a huge load of connections.
# Be aware that hardware/infrastructure resources are the most common limiters. # Be aware that hardware/infrastructure resources are the most common limiters.
# #
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
mode/jwt.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# JWT Mode Setup # JWT Mode Setup
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

40
patches/jigasi/001-jigasi-meet-config.patch
View File

@ -1,40 +0,0 @@
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
Enable transcription on jitsi meet config.js file.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index f412891..f704157 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -426,9 +426,9 @@ var config = {
// autoCaptionOnRecord: false,
// Transcription options.
- // transcription: {
+ transcription: {
// // Whether the feature should be enabled or not.
- // enabled: false,
+ enabled: true,
// // Translation languages.
// // Available languages can be found in
@@ -443,7 +443,7 @@ var config = {
// // detected based on the environment, e.g. if the app is opened in a chrome instance which
// // is using french as its default language then transcriptions for that participant will be in french.
// // Defaults to true.
- // useAppLanguage: true,
+ useAppLanguage: true,
// // Transcriber language. This settings will only work if "useAppLanguage"
// // is explicitly set to false.
@@ -484,7 +484,7 @@ var config = {
// // Enables automatic request of subtitles when transcriber is present in the meeting, uses the default
// // language that is set
// autoCaptionOnTranscribe: false,
- // },
+ },
// Misc

80
patches/jigasi/002-jigasi-sip-properties.patch
View File

@ -1,80 +0,0 @@
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
Modify sip-communicator.properties to run Jigasi along with VOSK Models.
diff --git a/etc/jitsi/jigasi/sip-communicator.properties b/etc/jitsi/jigasi/sip-communicator.properties
index 7a8d0f3..ae5369a 100644
--- a/etc/jitsi/jigasi/sip-communicator.properties
+++ b/etc/jitsi/jigasi/sip-communicator.properties
@@ -165,12 +165,12 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# If you want jigasi to perform authenticated login instead of anonymous login
# to the XMPP server, you can set the following properties.
-# org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
-# org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
-# org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
+org.jitsi.jigasi.xmpp.acc.USER_ID=transcriber@recorder.${DOMAIN}
+org.jitsi.jigasi.xmpp.acc.PASS=${JIG_TRANSC_PASWD}
+org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
# To fix SSL/TLS required by client but not supported by server
-#org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
+org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
# Can be used in combination with jitsi-meet module mod_auth_jitsi-shared-secret
# To have jigasi use a random username on every call
@@ -187,7 +187,7 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# Activate this property if you are using self-signed certificates or other
# type of non-trusted certicates. In this mode your service trust in the
# remote certificates always.
-# net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
+net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
# Enable this property to be able to shutdown gracefully jigasi using
# a rest command
@@ -196,31 +196,31 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# Options regarding Transcription. Read the README for a detailed description
# about each property
-#org.jitsi.jigasi.ENABLE_TRANSCRIPTION=false
-#org.jitsi.jigasi.ENABLE_SIP=true
+org.jitsi.jigasi.ENABLE_TRANSCRIPTION=true
+org.jitsi.jigasi.ENABLE_SIP=false
# whether to use the more expensive, but better performing
# "video" model when doing transcription
# org.jitsi.jigasi.transcription.USE_VIDEO_MODEL = false
# delivering final transcript
-# org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
-# org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
-# org.jitsi.jigasi.transcription.jetty.port=-1
-# org.jitsi.jigasi.transcription.ADVERTISE_URL=false
+org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
+org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
+org.jitsi.jigasi.transcription.jetty.port=-1
+org.jitsi.jigasi.transcription.ADVERTISE_URL=false
# save formats
-# org.jitsi.jigasi.transcription.SAVE_JSON=false
-# org.jitsi.jigasi.transcription.SAVE_TXT=true
+org.jitsi.jigasi.transcription.SAVE_JSON=false
+org.jitsi.jigasi.transcription.SAVE_TXT=true
# send formats
-# org.jitsi.jigasi.transcription.SEND_JSON=true
-# org.jitsi.jigasi.transcription.SEND_TXT=false
+org.jitsi.jigasi.transcription.SEND_JSON=true
+org.jitsi.jigasi.transcription.SEND_TXT=false
# Vosk server
-# org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
+org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
# org.jitsi.jigasi.transcription.vosk.websocket_url={"en": "ws://localhost:2700", "fr": "ws://localhost:2710"}
-# org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
+org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
# Whisper live transcription server
# org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.WhisperTranscriptionService

66
patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch
View File

@ -1,66 +0,0 @@
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
Patch jitsi-meet config.js to enable recording and livestreaming by default.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index dcb860b..8f64c7c 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -343,12 +343,12 @@ var config = {
// // showPrejoinWarning: true,
// },
- // recordingService: {
+ recordingService: {
// // When integrations like dropbox are enabled only that will be shown,
// // by enabling fileRecordingsServiceEnabled, we show both the integrations
// // and the generic recording service (its configuration and storage type
// // depends on jibri configuration)
- // enabled: false,
+ enabled: true,
// // Whether to show the possibility to share file recording with other people
// // (e.g. meeting participants), based on the actual implementation
@@ -357,7 +357,7 @@ var config = {
// // Hide the warning that says we only store the recording for 24 hours.
// hideStorageWarning: false,
- // },
+ },
// DEPRECATED. Use recordingService.enabled instead.
// fileRecordingsServiceEnabled: false,
@@ -368,7 +368,7 @@ var config = {
// Local recording configuration.
// localRecording: {
// // Whether to disable local recording or not.
- // disable: false,
+ // disable: true,
// // Whether to notify all participants when a participant is recording locally.
// notifyAllParticipants: false,
@@ -378,9 +378,9 @@ var config = {
// },
// Customize the Live Streaming dialog. Can be modified for a non-YouTube provider.
- // liveStreaming: {
+ liveStreaming: {
// // Whether to enable live streaming or not.
- // enabled: false,
+ enabled: true,
// // Terms link
// termsLink: 'https://www.youtube.com/t/terms',
// // Data privacy link
@@ -388,8 +388,8 @@ var config = {
// // RegExp string that validates the stream key input field
// validatorRegExpString: '^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}',
// // Documentation reference for the live streaming feature.
- // helpLink: 'https://jitsi.org/live'
- // },
+ helpLink: 'https://forge.switnet.net/switnet/quick-jibri-installer'
+ },
// DEPRECATED. Use liveStreaming.enabled instead.
// liveStreamingEnabled: false,

31
patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch
View File

@ -1,31 +0,0 @@
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
Patch jitsi-meet config.js to enable/disable welcome page.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index dcb860b..2094287 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -664,13 +664,13 @@ var config = {
// enableWelcomePage: true,
// Configs for welcome page.
- // welcomePage: {
- // // Whether to disable welcome page. In case it's disabled a random room
- // // will be joined when no room is specified.
- // disabled: false,
- // // If set, landing page will redirect to this URL.
- // customUrl: ''
- // },
+ welcomePage: {
+ // Whether to disable welcome page. In case it's disabled a random room
+ // will be joined when no room is specified.
+ disabled: ${ENABLE_WELCP_BOL},
+ // If set, landing page will redirect to this URL.
+ customUrl: ''
+ },
// Configs for the lobby screen.
// lobby: {

347
quick_jibri_installer.sh
View File

@ -1,21 +1,21 @@
#!/bin/bash #!/bin/bash
# Quick Jibri Installer - *buntu (LTS) based systems. # Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
{ {
echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log
while getopts m: option while getopts m: option
do do
case "${option}" case "${option}"
in in
m) MODE=${OPTARG};; m) MODE=${OPTARG};;
\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;; \?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
export MODE=debug
set -x set -x
fi fi
@ -38,7 +38,7 @@ DIST=$(lsb_release -sc)
GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}')
PROSODY_REPO="$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}')" PROSODY_REPO="$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}')"
PUBLIC_IP="$(wget -qO- https://api.ipify.org)" PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)"
NL="$(printf '\n ')" NL="$(printf '\n ')"
NODEJS_VER="18" NODEJS_VER="18"
JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key" JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key"
@ -52,13 +52,13 @@ printwc() {
printf "%b$2%b" "$1" "${Color_Off}" printf "%b$2%b" "$1" "${Color_Off}"
} }
exit_ifinstalled() { exit_ifinstalled() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo -e "\nThis instance already has $1 installed, exiting..." echo -e "\nThis instance already has $1 installed, exiting..."
echo -e "Please try again on a clean system." echo -e "Please try again on a clean system."
echo -e " If you think this is an error, please report to:" echo -e " If you think this is an error, please report to:"
echo -e " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" echo -e " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
exit exit
fi fi
} }
exit_ifinstalled jitsi-meet exit_ifinstalled jitsi-meet
@ -68,9 +68,8 @@ rename_distro() {
fi fi
} }
#Trisquel distro upstream referencing. #Trisquel distro upstream referencing.
rename_distro nabia focal rename_distro nabia focal
rename_distro aramo jammy rename_distro aramo jammy
rename_distro ecne noble
install_ifnot() { install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
@ -117,6 +116,12 @@ check_snd_driver() {
var_dlim() { var_dlim() {
grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1 grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1
} }
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com \$1
apt-key export \$1 | gpg --dearmour | tee /tmp/\$1.gpg >/dev/null
apt-key del \$1
mv /tmp/\$1.gpg /etc/apt/trusted.gpg.d/
}
add_prosody_repo() { add_prosody_repo() {
echo "Add Prosody repo" echo "Add Prosody repo"
if [ "$PROSODY_REPO" = "main" ]; then if [ "$PROSODY_REPO" = "main" ]; then
@ -126,7 +131,6 @@ add_prosody_repo() {
> /etc/apt/sources.list.d/prosody.list > /etc/apt/sources.list.d/prosody.list
curl -s https://prosody.im/files/prosody-debian-packages.key \ curl -s https://prosody.im/files/prosody-debian-packages.key \
> "$PROSODY_GPG_KEY" > "$PROSODY_GPG_KEY"
apt-get update -q2
fi fi
} }
dpkg-compare() { dpkg-compare() {
@ -184,8 +188,7 @@ fi
printf "\nOS: %s" "$(lsb_release -sd)" printf "\nOS: %s" "$(lsb_release -sd)"
if [ "$DIST" = "focal" ] || \ if [ "$DIST" = "focal" ] || \
[ "$DIST" = "jammy" ] || \ [ "$DIST" = "jammy" ]; then
[ "$DIST" = "noble" ]; then
printf "\nGood, this is a supported platform!" printf "\nGood, this is a supported platform!"
else else
printf "\nSorry, this platform is not supported... exiting" printf "\nSorry, this platform is not supported... exiting"
@ -314,7 +317,6 @@ else
> /etc/apt/sources.list.d/jitsi-stable.list > /etc/apt/sources.list.d/jitsi-stable.list
curl -s https://download.jitsi.org/jitsi-key.gpg.key \ curl -s https://download.jitsi.org/jitsi-key.gpg.key \
> "$JITSI_GPG_KEY" > "$JITSI_GPG_KEY"
apt-get update -q2
JITSI_REPO="stable" JITSI_REPO="stable"
fi fi
sleep .1 sleep .1
@ -382,7 +384,7 @@ apt-get -y install \
curl \ curl \
ffmpeg \ ffmpeg \
git \ git \
btop \ htop \
jq \ jq \
net-tools \ net-tools \
rsync \ rsync \
@ -400,7 +402,6 @@ apt-get -y install \
fi fi
fi fi
###FIXME: Trisquel support broken by lsb_release usage###
echo "# Check and Install HWE kernel if possible..." echo "# Check and Install HWE kernel if possible..."
HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" \ HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" \
2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")" 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")"
@ -416,9 +417,11 @@ fi
check_serv check_serv
echo "
#-------------------------------------------------- #--------------------------------------------------
print_title "Install Jitsi Framework" # Install Jitsi Framework
#-------------------------------------------------- #--------------------------------------------------
"
if [ "$LE_SSL" = "yes" ]; then if [ "$LE_SSL" = "yes" ]; then
echo "set jitsi-meet/cert-choice select $CERT_CHOICE_DEBCONF" \ echo "set jitsi-meet/cert-choice select $CERT_CHOICE_DEBCONF" \
| debconf-set-selections | debconf-set-selections
@ -449,7 +452,7 @@ else
| gpg --dearmor -o "$NODEJS_GPG_KEY" | gpg --dearmor -o "$NODEJS_GPG_KEY"
echo "deb [signed-by=$NODEJS_GPG_KEY] https://deb.nodesource.com/node_$NODEJS_VER.x nodistro main" | \ echo "deb [signed-by=$NODEJS_GPG_KEY] https://deb.nodesource.com/node_$NODEJS_VER.x nodistro main" | \
tee /etc/apt/sources.list.d/nodesource.list tee /etc/apt/sources.list.d/nodesource.list
apt-get update -q2 apt-get update -yq2
apt-get install -yq2 nodejs apt-get install -yq2 nodejs
echo "Installing nodejs esprima package..." echo "Installing nodejs esprima package..."
@ -463,9 +466,7 @@ elif [ "$(npm list -g esprima 2>/dev/null | grep -c "esprima")" == "1" ]; then
echo "Good. Esprima package is already installed" echo "Good. Esprima package is already installed"
fi fi
#-------------------------------------------------- echo "# Installing Google Chrome / ChromeDriver"
print_title "Installing Google Chrome / ChromeDriver"
#--------------------------------------------------
if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then
echo "Google repository already set." echo "Google repository already set."
else else
@ -480,10 +481,7 @@ rm -rf "$GOOGL_REPO"
G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3) G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing" CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \ CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | grep linux64 | grep "$G_CHROME" | tail -1)
jq -r ".versions[].downloads.chromedriver | \
select(. != null) | .[].url" | grep linux64 | \
grep "$G_CHROME" | tail -1)
CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL") CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL")
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
@ -538,20 +536,19 @@ JB_NAME="Jibri Sessions"
LE_RENEW_LOG="/var/log/letsencrypt/renew.log" LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
MOD_LISTU="https://prosody.im/files/mod_listusers.lua" MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua"
ENABLE_SA="yes"
MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
MJS_USER="jbsync_$MJS_RAND_TAIL" MJS_USER="jbsync_$MJS_RAND_TAIL"
MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
FQDN_HOST="fqdn" FQDN_HOST="fqdn"
JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf"
WS_MATCH1="# ensure all static content can always be found first" WS_MATCH1="# ensure all static content can always be found first"
WS_MATCH2="external_api.js"
MEET_MATCH1="disable simulcast support." MEET_MATCH1="disable simulcast support."
export DOMAIN #GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release"
# Make sure we can rely on the match strings. # Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n" printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF" test_match "$WS_MATCH1" "$WS_CONF"
test_match "$WS_MATCH2" "$WS_CONF"
test_match "$MEET_MATCH1" "$MEET_CONF" test_match "$MEET_MATCH1" "$MEET_CONF"
# Rename hostname for jitsi server # Rename hostname for jitsi server
@ -568,6 +565,18 @@ do
fi fi
done done
sleep .1 sleep .1
#Language
echo "## Setting up Jitsi Meet language ##
You can define the language, for a complete list of the supported languages
See here:
https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json"
printf "Jitsi Meet web interface will be set to use such language.\n\n"
sleep .1
read -p "Please set your language (Press enter to default to 'en'):$NL" -r JB_LANG
sleep .1
printf "\nWe'll take a minute to localize some UI excerpts if you need.\n\n"
sleep .1
#Participant #Participant
printf "> Do you want to translate 'Participant' to your own language?\n" printf "> Do you want to translate 'Participant' to your own language?\n"
sleep .1 sleep .1
@ -581,17 +590,15 @@ sleep .1
read -p "Leave empty to use the default one (English):$NL" -r L10N_ME read -p "Leave empty to use the default one (English):$NL" -r L10N_ME
#Drop unsecure TLS #Drop unsecure TLS
if grep -qE 'TLSv1(\.1)?' /etc/nginx/nginx.conf; then while [ "$DROP_TLS1" != "yes" ] && [ "$DROP_TLS1" != "no" ]
while [ "$DROP_TLS1" != "yes" ] && [ "$DROP_TLS1" != "no" ] do
do read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)$NL" -r DROP_TLS1
read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)$NL" -r DROP_TLS1 if [ "$DROP_TLS1" = "no" ]; then
if [ "$DROP_TLS1" = "no" ]; then printf " - TLSv1.0/1.1 will remain.\n\n"
printf " - TLSv1.0/1.1 will remain.\n\n" elif [ "$DROP_TLS1" = "yes" ]; then
elif [ "$DROP_TLS1" = "yes" ]; then printf " - TLSv1.0/1.1 will be dropped\n\n"
printf " - TLSv1.0/1.1 will be dropped\n\n" fi
fi done
done
fi
sleep .1 sleep .1
#Brandless Mode #Brandless Mode
while [ "$ENABLE_BLESSM" != "yes" ] && [ "$ENABLE_BLESSM" != "no" ] while [ "$ENABLE_BLESSM" != "yes" ] && [ "$ENABLE_BLESSM" != "no" ]
@ -702,16 +709,24 @@ do
done done
sleep .1 sleep .1
##Jigasi ##Jigasi
while [ "$ENABLE_TRANSCRIPT" != "yes" ] && [ "$ENABLE_TRANSCRIPT" != "no" ] #if [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "404" ]; then
do #printf "> Sorry Google SDK doesn't have support yet for %s,
read -p "> Do you want to setup Jigasi Transcription: (yes or no) #thus, Jigasi Transcript can't be enable.\n\n" "$(lsb_release -sd)"
#elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "200" ]; then
#while [ "$ENABLE_TRANSCRIPT" != "yes" ] && [ "$ENABLE_TRANSCRIPT" != "no" ]
#do
#read -p "> Do you want to setup Jigasi Transcription: (yes or no)
#( Please check requirements at: https://forge.switnet.net/switnet/quick-jibri-installer )$NL" -r ENABLE_TRANSCRIPT #( Please check requirements at: https://forge.switnet.net/switnet/quick-jibri-installer )$NL" -r ENABLE_TRANSCRIPT
if [ "$ENABLE_TRANSCRIPT" = "no" ]; then #if [ "$ENABLE_TRANSCRIPT" = "no" ]; then
printf " - Jigasi Transcription won't be enabled.\n\n" #printf " - Jigasi Transcription won't be enabled.\n\n"
elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then #elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then
printf " - Jigasi Transcription will be enabled.\n\n" #printf " - Jigasi Transcription will be enabled.\n\n"
fi #fi
done #done
#else
#echo "No valid option for Jigasi. Please report this to
#https://forge.switnet.net/switnet/quick-jibri-installer/issues"
#fi
sleep .1 sleep .1
#Grafana #Grafana
while [ "$ENABLE_GRAFANA_DSH" != "yes" ] && [ "$ENABLE_GRAFANA_DSH" != "no" ] while [ "$ENABLE_GRAFANA_DSH" != "yes" ] && [ "$ENABLE_GRAFANA_DSH" != "no" ]
@ -796,9 +811,7 @@ restart_services() {
# Configure Jvb2 # Configure Jvb2
sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" "$JVB2_SIP" sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" "$JVB2_SIP"
#-------------------------------------------------- # Configure Jibri
print_title "Configure Jibri"
#--------------------------------------------------
if [ "$ENABLE_SC" = "yes" ]; then if [ "$ENABLE_SC" = "yes" ]; then
if [ ! -f "$MOD_LIST_FILE" ]; then if [ ! -f "$MOD_LIST_FILE" ]; then
printf "\n-> Adding external module to list prosody users...\n" printf "\n-> Adding external module to list prosody users...\n"
@ -857,17 +870,23 @@ BREWERY
# Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js # Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js
sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" "$MEET_CONF" sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" "$MEET_CONF"
#New recording implementation.
sed -i "s|// recordingService:|recordingService:|" "$MEET_CONF"
sed -i "/recordingService/,/hideStorageWarning/s|// enabled: false,| enabled: true,|" "$MEET_CONF"
sed -i "/hideStorageWarning: false/,/Local recording configuration/s|// },|},|" "$MEET_CONF"
sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\
\\
hiddenDomain: \'recorder.$DOMAIN\',|" "$MEET_CONF"
#Enable recording & livestreaming by default. #Setup main language
echo -e "\n> Patching config.js to enable recording and livestreaming by default..." if [ -z "$JB_LANG" ] || [ "$JB_LANG" = "en" ]; then
echo -e " Read more about patches at the patches folder.\n" echo "Leaving English (en) as default language..."
envsubst < \ sed -i "s|// defaultLanguage: 'en',|defaultLanguage: 'en',|" "$MEET_CONF"
patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch | \ else
patch --no-backup-if-mismatch -d / -p1 echo "Changing default language to: $JB_LANG"
sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$JB_LANG\',|" "$MEET_CONF"
fi
#Prepare hidden domain for jibri/jigasi silent users.
sed -i "/fileRecordingsServiceEnabled: false,/a \\
hiddenDomain: \'recorder.$DOMAIN\'," "$MEET_CONF"
# Recording directory # Recording directory
if [ ! -d "$DIR_RECORD" ]; then if [ ! -d "$DIR_RECORD" ]; then
mkdir "$DIR_RECORD" mkdir "$DIR_RECORD"
@ -886,8 +905,8 @@ echo "or storage provider, etc.) in this script" >> /tmp/finalize.out
chmod -R 770 \$RECORDINGS_DIR chmod -R 770 \$RECORDINGS_DIR
LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -nr|sed 1d|awk '{print\$2}'| grep -v "meta\|_" | head -n1)" LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -n -r|awk '{print\$2}'| grep -v "meta\|-" | head -n1)"
NJF_NAME="\$(find \$LJF_PATH |grep "mp4"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)" NJF_NAME="\$(find \$LJF_PATH |grep -e "-"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)"
NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME" NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME"
mv \$LJF_PATH \$NJF_PATH mv \$LJF_PATH \$NJF_PATH
@ -898,15 +917,117 @@ chmod +x "$REC_DIR"
## New Jibri Config (2020) ## New Jibri Config (2020)
mv "$JIBRI_CONF" ${JIBRI_CONF}-dpkg-file mv "$JIBRI_CONF" ${JIBRI_CONF}-dpkg-file
cp files/jibri.conf "$JIBRI_CONF" cat << NEW_CONF > "$JIBRI_CONF"
sed -i "s|JIBRI_RES_CONF|$JIBRI_RES_CONF|g" "$JIBRI_CONF" // New XMPP environment config.
sed -i "s|DIR_RECORD|$DIR_RECORD|g" "$JIBRI_CONF" jibri {
sed -i "s|REC_DIR|$REC_DIR|g" "$JIBRI_CONF" streaming {
sed -i "s|JB_NAME|$JB_NAME|g" "$JIBRI_CONF" // A list of regex patterns for allowed RTMP URLs. The RTMP URL used
sed -i "s|DOMAIN|$DOMAIN|g" "$JIBRI_CONF" // when starting a stream must match at least one of the patterns in
sed -i "s|JibriBrewery|$JibriBrewery|g" "$JIBRI_CONF" // this list.
sed -i "s|JB_AUTH_PASS|$JB_AUTH_PASS|g" "$JIBRI_CONF" rtmp-allow-list = [
sed -i "s|JB_REC_PASS|$JB_REC_PASS|g" "$JIBRI_CONF" // By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = $JIBRI_RES_CONF
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors",
"--disable-dev-shm-usage"
]
}
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording {
recordings-directory = "$DIR_RECORD"
finalize-script = "$REC_DIR"
}
api {
xmpp {
environments = [
{
// A user-friendly name for this environment
name = "$JB_NAME"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ "$DOMAIN" ]
// The base XMPP domain
xmpp-domain = "$DOMAIN"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.$DOMAIN"
room-name = "$JibriBrewery"
nickname = "Live"
}
// The login information for the control MUC
control-login {
domain = "auth.$DOMAIN"
username = "jibri"
password = "$JB_AUTH_PASS"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = "recorder.$DOMAIN"
username = "recorder"
password = "$JB_REC_PASS"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 0 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
}
NEW_CONF
#Jibri xorg resolution #Jibri xorg resolution
sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF"
@ -916,11 +1037,10 @@ useradd -m -g jibri "$MJS_USER"
echo "$MJS_USER:$MJS_USER_PASS" | chpasswd echo "$MJS_USER:$MJS_USER_PASS" | chpasswd
#Create ssh key and restrict connections #Create ssh key and restrict connections
sudo su "$MJS_USER" -c "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -o -a 200 -q -N ''" sudo su "$MJS_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''"
#Allow password authentication #Allow password authentication
sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config
systemctl daemon-reload systemctl restart sshd
systemctl restart ssh.service ssh.socket
#Setting varibales for add-jibri-node.sh #Setting varibales for add-jibri-node.sh
sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jibri-node.sh sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jibri-node.sh
@ -982,6 +1102,28 @@ sed -i "s|MJS_USER=.*|MJS_USER=\"$MJS_USER\"|" add-jvb2-node.sh
sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh
##-- ##--
#Tune webserver for Jitsi App control
if [ -f "$WS_CONF" ]; then
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location = \/external_api.min.js {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
systemctl reload nginx
else
echo "No app configuration done to server file, please report to:"
echo " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi
#Static avatar
if [ "$ENABLE_SA" = "yes" ] && [ -f "$WS_CONF" ]; then
cp images/avatar2.png /usr/share/jitsi-meet/images/
sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" "$WS_CONF"
sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" "$WS_CONF"
sed -i "/location \/external_api.min.js/i \ \ \ \ }\\
\ " "$WS_CONF"
sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" "$INT_CONF"
sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" "$INT_CONF"
fi
#nginx -tlsv1/1.1 #nginx -tlsv1/1.1
if [ "$DROP_TLS1" = "yes" ];then if [ "$DROP_TLS1" = "yes" ];then
printf "\nDropping TLSv1/1.1\n\n" printf "\nDropping TLSv1/1.1\n\n"
@ -992,13 +1134,8 @@ else
echo -n "No condition meet, please report to:" echo -n "No condition meet, please report to:"
echo "https://forge.switnet.net/switnet/quick-jibri-installer/issues" echo "https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi fi
# Remove possible duplication of wasm definition.
grep -q wasm /etc/nginx/mime.types && sed -i '/types {/,/}/ {/wasm/d}' "$WS_CONF"
sleep .1 sleep .1
#-------------------------------------------------- #================== Setup prosody conf file =================
print_title "Setup prosody conf file"
#--------------------------------------------------
###Setup secure rooms ###Setup secure rooms
if [ "$ENABLE_SC" = "yes" ]; then if [ "$ENABLE_SC" = "yes" ]; then
@ -1048,31 +1185,26 @@ VirtualHost "guest.$DOMAIN"
P_SR P_SR
fi fi
#-------------------------------------------------- #======================
print_title "Custom settings" # Custom settings
#--------------------------------------------------
#Start with video muted by default #Start with video muted by default
sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" "$MEET_CONF" sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" "$MEET_CONF"
#Start with audio muted but admin #Start with audio muted but admin
sed -i "s|// startAudioMuted: 10,|startAudioMuted: 2,|" "$MEET_CONF" sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" "$MEET_CONF"
#Disable/enable welcome page #Disable/enable welcome page
[ "$ENABLE_WELCP" = "yes" ] && ENABLE_WELCP_BOL=true if [ "$ENABLE_WELCP" = "yes" ]; then
[ "$ENABLE_WELCP" = "no" ] && ENABLE_WELCP_BOL=false sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" "$MEET_CONF"
export ENABLE_WELCP_BOL elif [ "$ENABLE_WELCP" = "no" ]; then
echo "> Patching config.js to modify welcome page behavior..." sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" "$MEET_CONF"
echo " Read more about patches at the patches folder." fi
envsubst < \
patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch | \
patch --no-backup-if-mismatch -d / -p1
#Enable close page #Enable close page
[ "$ENABLE_CLOCP" = "yes" ] && \ if [ "$ENABLE_CLOCP" = "yes" ]; then
sed -i "s|// enableClosePage:.*|enableClosePage: true,|" "$MEET_CONF" sed -i "s|.*enableClosePage:.*| enableClosePage: true,|" "$MEET_CONF"
[ "$ENABLE_CLOCP" = "no" ] && \ elif [ "$ENABLE_CLOCP" = "no" ]; then
sed -i "s|// enableClosePage:.*|enableClosePage: false,|" "$MEET_CONF" sed -i "s|.*enableClosePage:.*| enableClosePage: false,|" "$MEET_CONF"
fi
#Add pre-join screen by default, since it improves YouTube autoplay capabilities #Add pre-join screen by default, since it improves YouTube autoplay capabilities
#pre-join screen by itself don't require autorization by moderator, don't confuse with lobby which does. #pre-join screen by itself don't require autorization by moderator, don't confuse with lobby which does.
@ -1174,16 +1306,7 @@ if [ "$ENABLE_NC_ACCESS" = "yes" ]; then
fi fi
fi fi
sleep .1 sleep .1
#Jigasi w/VOSK backend.
if [ "$ENABLE_TRANSCRIPT" = "yes" ]; then
printf "\nJigasi with VOSK backend will be enabled."
if [ "$MODE" = "debug" ]; then
bash "$PWD"/jigasi-vosk-backend.sh -m debug
else
bash "$PWD"/jigasi-vosk-backend.sh
fi
fi
sleep .1
#Grafana Dashboard #Grafana Dashboard
if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then
printf "\nGrafana Dashboard will be enabled." printf "\nGrafana Dashboard will be enabled."

2
tools/aws-grub-setup.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Automated AWS generic kernel setup for jibri. # Automated AWS generic kernel setup for jibri.
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
tools/fail2ban_ssh.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Fail2ban configuration # Simple Fail2ban configuration
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option

4
tools/jibri-conf-upgrade.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Jibri conf updater # Simple Jibri conf updater
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option
@ -31,7 +31,7 @@ if ! [ "$(id -u)" = 0 ]; then
fi fi
echo "Checking for updates...." echo "Checking for updates...."
apt-get -q2 update apt -q2 update
apt install -y \ apt install -y \
apt-show-versions \ apt-show-versions \
jq jq

2
tools/jibri-resolution-enhancer.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Jibri resolution enhancer # Simple Jibri resolution enhancer
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option

138
tools/prepare_php.sh
View File

@ -1,138 +0,0 @@
#!/bin/bash
# Automated PHP environment build for Nextcloud.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
PHPVER=$1
STABLE_PHP="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
DISTRO_RELEASE="$(lsb_release -sc)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHP_REPO_URL="http://ppa.launchpad.net/ondrej/php/ubuntu"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
TMP_GPG_REPO="$(mktemp -d)"
if [ $# -ne 1 ]; then
echo "Usage: $0 8.2"
exit 1
fi
install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " $1 is installed, skipping..."
else
printf "\n---- Installing %s ----" "$1"
apt-get -yq2 install "$1"
fi
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison "$i" 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages #< don't quote.
packages=""
}
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
add_php_repo() {
if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed"
apt-get -q2 update
apt-get -yq2 dist-upgrade
else
echo "# Adding Ondrej PHP $PHPVER PPA Repository"
add_gpg_keyring E5267A6C
echo "deb [arch=amd64] $PHP_REPO_URL $DISTRO_RELEASE main" | \
tee /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2
fi
}
add_php_repo
install_aval_package " \
imagemagick \
php$PHPVER-fpm \
php$PHPVER-bcmath \
php$PHPVER-bz2 \
php$PHPVER-cli \
php$PHPVER-cgi \
php$PHPVER-curl \
php$PHPVER-gd \
php$PHPVER-gmp \
php$PHPVER-imagick \
php$PHPVER-intl \
php$PHPVER-json \
php$PHPVER-ldap \
php$PHPVER-mbstring \
php$PHPVER-pgsql \
php$PHPVER-redis \
php$PHPVER-soap \
php$PHPVER-xml \
php$PHPVER-xmlrpc \
php$PHPVER-zip \
redis-server \
unzip \
"
#System related
install_ifnot smbclient
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF"
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF"
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF"
sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF"
echo "
Tunning PHP.ini...
"
# Change values in php.ini (increase max file size)
# max_execution_time
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
# max_input_time
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
# memory_limit
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
# post_max
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
# upload_max
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
phpenmod opcache
{
echo "# OPcache settings for Nextcloud"
echo "opcache.enable=1"
echo "opcache.enable_cli=1"
echo "opcache.interned_strings_buffer=8"
echo "opcache.max_accelerated_files=10000"
echo "opcache.memory_consumption=256"
echo "opcache.save_comments=1"
echo "opcache.revalidate_freq=1"
echo "opcache.validate_timestamps=1"
} >> "$PHP_INI"
update-alternatives --set php /usr/bin/php"$STABLE_PHP"
update-alternatives --set php-fpm.sock /run/php/php"$STABLE_PHP"-fpm.sock
update-alternatives --set php-cgi /usr/bin/php-cgi"$STABLE_PHP"
update-alternatives --set php-cgi-bin /usr/lib/cgi-bin/php"$STABLE_PHP"
update-alternatives --set phar /usr/bin/phar"$STABLE_PHP"
update-alternatives --set phar.phar /usr/bin/phar.phar"$STABLE_PHP"
systemctl restart php"$PHPVER"-fpm.service

2
tools/start-over.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
#Start over #Start over
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
tools/test-jibri-env.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Jibri Env tester # Simple Jibri Env tester
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option