switnet
/
quick-jibri-installer
2
1
Fork 1
Code Issues 2 Pull Requests Packages Projects Releases 13 Wiki Activity

Compare commits

base: switnet:master
Branches Tags
switnet:master
switnet:v7.3.0
switnet:v7.1.0
switnet:v7.0.0
switnet:6.0.1.1
switnet:v5.0.0
switnet:v4.0.0
switnet:v3.0.1
switnet:v2.1.0
switnet:v2.0.2
switnet:v2.0.1
switnet:v2.0
switnet:v1.0.1
switnet:v1.0
..
compare: switnet:v7.3.0
Branches Tags
switnet:master
switnet:v7.3.0
switnet:v7.1.0
switnet:v7.0.0
switnet:6.0.1.1
switnet:v5.0.0
switnet:v4.0.0
switnet:v3.0.1
switnet:v2.1.0
switnet:v2.0.2
switnet:v2.0.1
switnet:v2.0
switnet:v1.0.1
switnet:v1.0

No commits in common. "master" and "v7.3.0" have entirely different histories.
master ... v7.3.0

29 changed files with 676 additions and 1199 deletions
Show Stats Expand all files Collapse all files

11
README.md
View File

@ -56,8 +56,9 @@ Check more details on our wiki.
### Jibri Recodings Access via Nextcloud
* Valid domain with DNS record for Nextcloud SSL.
### Jigasi Transcript
* Enough disk space to run Vosk backend via docker container.
### Jigasi Transcript (stalled)
* SIP account
* Google Cloud Account with Billing setup.
@ -78,7 +79,7 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
* Etherpad via docker install
* Authentication
1. Local
2. JWT ([#87](https://forge.switnet.net/switnet/quick-jibri-installer/issues/87))
2. JWT
3. None
* Lobby Rooms
* Conference Duration
@ -89,7 +90,7 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
* Enabled Jitsi Electron app detection server side.
* Standalone SSL Certbot/LE implementation
* Improved recurring updater
* Jigasi Transcript - vía Vosk speech recognition toolkit.
* Jigasi Transcript - Speech to Text powered by Google API (stalled)
## Tools
* Jibri Environment Tester
@ -118,4 +119,4 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
SwITNet Ltd © - 2024, https://switnet.net/
SwITNet Ltd © - 2023, https://switnet.net/

2
add-jibri-node.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Jibri Node Aggregator
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
### 0_LAST EDITION TIME STAMP ###

2
add-jvb2-node.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# JVB2 Node Aggregator
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
### 0_LAST EDITION TIME STAMP ###

43
etherpad-docker.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Etherpad Installer for Jitsi Meet
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
#
# GPLv3 or later.
@ -30,7 +30,7 @@ echo '
########################################################################
by Software, IT & Networks Ltd
'
FORGE_REPO="https://forge.switnet.net/switnet/quick-jibri-installer"
check_apt_policy() {
apt-cache policy 2>/dev/null| awk "/$1/{print \$3}" | awk -F '/' 'NR==1{print$2}'
}
@ -42,16 +42,6 @@ if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")"
apt-get -yq2 install "$1"
fi
}
# Test for matches
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to $FORGE_REPO"
exit
fi
}
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
@ -60,14 +50,12 @@ ETHERPAD_DB_USER="dockerpad"
ETHERPAD_DB_NAME="etherpad"
ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
DOCKER_CE_REPO="$(check_apt_policy docker)"
WS_CONF_MATCH1="# ensure all static content can always be found first"
echo "Add Docker repo"
if [ "$DOCKER_CE_REPO" = "stable" ]; then
echo "Docker repository already installed"
else
echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > \
/etc/apt/sources.list.d/docker-ce.list
echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker-ce.list
wget -qO - https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg >/dev/null
apt -q2 update
@ -75,9 +63,6 @@ fi
read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS
# Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
# Install required packages
install_ifnot docker-ce
@ -120,18 +105,14 @@ if [ "$(grep -c etherpad "$WS_CONF")" != 0 ]; then
echo "> Webserver seems configured, skipping..."
elif [ -f "$WS_CONF" ]; then
echo "> Setting up webserver configuration file..."
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ #Etherpad block" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_redirect off;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \\\n" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ #Etherpad block" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF"
else
echo "> No etherpad config done to server file, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
@ -142,7 +123,7 @@ if [ "$(grep -c "etherpad_base" "$WS_CONF")" != 0 ]; then
echo -e "> $MEET_CONF seems configured, skipping...\n"
else
echo -e "> Setting etherpad domain at $MEET_CONF...\n"
sed -i "s|// etherpad_base: .*|etherpad_base: \'https://$DOMAIN/etherpad/p/\',|" "$MEET_CONF"
sed -i "/ openSharedDocumentOnJoin:/a\ \ \ \ etherpad_base: \'https://$DOMAIN/etherpad/p/\'," "$MEET_CONF"
fi
echo "> Checking nginx configuration..."

49
excalidraw-backend.sh
View File

@ -4,7 +4,7 @@
# Based on:
# - https://community.jitsi.org/t/118883
#
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
# Reset
@ -26,31 +26,6 @@ printwc "${Blue}" "\n#--------------------------------------------------"
printwc "${Blue}" "\n# $1"
printwc "${Blue}" "\n#--------------------------------------------------\n"
}
restart_jibri() {
if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
then
systemctl restart jibri
systemctl restart jibri-icewm
systemctl restart jibri-xorg
else
echo "Jibri service not installed"
fi
}
restart_services() {
systemctl restart jitsi-videobridge2
systemctl restart jicofo
restart_jibri
systemctl restart prosody
}
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
while getopts m: option
do
@ -86,12 +61,23 @@ WS_MATCH1='# ensure all static content can always be found first'
PROS_MATCH1='"av_moderation";'
PROS_MATCH2='breakout_rooms_muc = "breakout.'
PROS_MATCH3='VirtualHost "recorder.'
CONFIG_MATCH1='List of undocumented settings used in jitsi-meet'
CONFIG_MATCH1='Settings for the GIPHY integration'
EXCALIDRAW_HOME="/opt/excalidraw"
EXCAL_MATCH1="prometheus.metrics(io"
EXCAL_NEW_PORT="9091"
EXCAL_PORT_FILE="$EXCALIDRAW_HOME/backend/src/index.ts"
# Test for matches
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
# Make sure we can rely on the match strings.
printf "Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
@ -114,14 +100,14 @@ sudo -u excalidraw cp .env.development .env.production
# Use documented port to get some sort of standarization.
if sed -n "/$EXCAL_MATCH1/,/});/p" "$EXCAL_PORT_FILE" |grep -q port: ; then
echo -e "> Update predefined port for metrics to $EXCAL_NEW_PORT\n"
echo "> Update predefined port for metrics to $EXCAL_NEW_PORT\n"
sed -i "/$EXCAL_MATCH1/,/});/s|port:.*,|port: $EXCAL_NEW_PORT,|" "$EXCAL_PORT_FILE"
else
echo -e "> Define new port from default to $EXCAL_NEW_PORT\n"
echo "> Define new port from default to $EXCAL_NEW_PORT\n"
sed -i "/$EXCAL_MATCH1/a \ \ \ \ port: $EXCAL_NEW_PORT," "$EXCAL_PORT_FILE"
fi
printf "Installing npm backend.\n"
printf "\nInstalling npm backend.\n"
sudo -u excalidraw npm install
sudo -u excalidraw npm run build
@ -156,7 +142,7 @@ else
sed -i "/$PROS_MATCH3/i \\\n" "$PROSODY_FILE"
fi
printf "\n# Checking for whitebord setup at %s.\n" "$(basename "$MEET_CONF")"
printf "\n# Checking for whitebord setup at $(basename "$MEET_CONF").\n"
if [ -z "$(sed -n '/whiteboard: {/,/},/p' "$MEET_CONF")" ]; then
echo "> No present configuration on current config.js file"
sed -i "/$CONFIG_MATCH1/i \\\n" "$MEET_CONF"
@ -205,4 +191,3 @@ systemctl enable excalidraw.service
systemctl start excalidraw.service
printwc "${Green}" "\nExcalidraw setup complete!\n"
restart_services

109
files/jibri.conf
View File

@ -1,109 +0,0 @@
// XMPP environment config.
jibri {
streaming {
// A list of regex patterns for allowed RTMP URLs. The RTMP URL used
// when starting a stream must match at least one of the patterns in
// this list.
rtmp-allow-list = [
// By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = JIBRI_RES_CONF
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors",
"--disable-dev-shm-usage"
]
}
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording {
recordings-directory = "DIR_RECORD"
finalize-script = "REC_DIR"
}
api {
xmpp {
environments = [
{
// A user-friendly name for this environment
name = "JB_NAME"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ "DOMAIN" ]
// The base XMPP domain
xmpp-domain = "DOMAIN"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.DOMAIN"
room-name = "JibriBrewery"
nickname = "Live"
}
// The login information for the control MUC
control-login {
domain = "auth.DOMAIN"
username = "jibri"
password = "JB_AUTH_PASS"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = "recorder.DOMAIN"
username = "recorder"
password = "JB_REC_PASS"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 0 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
}

177
files/nextcloud.conf
View File

@ -1,177 +0,0 @@
# Nextcloud 28 nginx - configuration
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php_PHPVER-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
listen [::]:80;
server_name _NC_DOMAIN;
# enforce https
return 301 https://\$server_name\$request_uri;
}
server {
listen _NC_NGINX_SSL_PORT ssl http2;
listen [::]:_NC_NGINX_SSL_PORT ssl http2;
server_name _NC_DOMAIN;
# Path to the root of your installation
root _NC_PATH/;
ssl_certificate /etc/letsencrypt/live/_NC_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/_NC_DOMAIN/privkey.pem;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

66
grafana.sh
View File

@ -8,7 +8,7 @@
# by "mephisto"
#
# Igor Kerstges © - 2021
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
#
# GPLv3 or later.
@ -43,22 +43,11 @@ systemctl enable "$1"
systemctl restart "$1"
systemctl status "$1"
}
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
MAIN_TEL="/etc/telegraf/telegraf.conf"
TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf"
GRAFANA_INI="/etc/grafana/grafana.ini"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
WS_MATCH1="# ensure all static content can always be found first"
WS_MATCH2="upstream prosody {"
GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
# Min requirements
@ -68,17 +57,11 @@ apt-get install -y gnupg2 \
wget \
jq
# Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
echo "
# Setup InfluxDB Packages
"
curl -s https://repos.influxdata.com/influxdata-archive.key > \
/etc/apt/trusted.gpg.d/influxdata-archive.key
echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | \
sudo tee /etc/apt/sources.list.d/influxdb.list
curl -s https://repos.influxdata.com/influxdata-archive.key > /etc/apt/trusted.gpg.d/influxdata-archive.key
echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
apt-get update && apt-get install influxdb -y
run_service influxdb
@ -87,8 +70,7 @@ echo "
"
curl -s https://apt.grafana.com/gpg-full.key | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg >/dev/null
echo "deb https://packages.grafana.com/oss/deb stable main" | \
sudo tee /etc/apt/sources.list.d/grafana_com_oss_deb.list
add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
apt-get update && apt-get install grafana -y
run_service grafana-server
@ -156,13 +138,11 @@ echo '
# extra options to pass to the JVB daemon
JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config
sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties
# Enable videobridge REST API
hocon -f /etc/jitsi/videobridge/jvb.conf set videobridge.apis.rest.enabled true
systemctl restart jitsi-videobridge2
echo -e "\n# Setup Grafana nginx domain\n"
sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI
sed -i "s|;http_addr =.*|http_addr = 127.0.0.1|" $GRAFANA_INI
sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI
sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI
sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI
sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI
@ -180,30 +160,10 @@ while [ $secs -gt 0 ]; do
done
if [ -f "$WS_CONF" ]; then
sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana." "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location ~ ^/(grafana/|grafana/login) {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana Live WebSocket connections." "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location /grafana/api/live/ {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections." "$WS_CONF"
sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH2/i upstream grafana {" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ server localhost:3000;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF"
sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF"
systemctl restart nginx
else
echo "No app configuration done to server file, please report to:
@ -219,7 +179,7 @@ PUT -H "Content-Type: application/json;charset=UTF-8" -d \
\"oldPassword\": \"admin\",
\"newPassword\": \"$GRAFANA_PASS\",
\"confirmNew\": \"$GRAFANA_PASS\"
}" http://127.0.0.1:3000/api/user/password; echo ""
}" http://localhost:3000/api/user/password; echo ""
echo "
# Create InfluxDB datasource
@ -229,16 +189,16 @@ POST -H 'Content-Type: application/json;charset=UTF-8' -d \
'{
"name": "InfluxDB",
"type": "influxdb",
"url": "http://127.0.0.1:8086",
"url": "http://localhost:8086",
"access": "proxy",
"isDefault": true,
"database": "jitsi"
}' http://127.0.0.1:3000/api/datasources; echo ""
}' http://localhost:3000/api/datasources; echo ""
echo "
# Add Grafana Dashboard
"
grafana_host="http://127.0.0.1:3000"
grafana_host="http://localhost:3000"
grafana_cred="admin:$GRAFANA_PASS"
grafana_datasource="InfluxDB"
ds=(11969);

1
images/watermark2.svg
View File

@ -1 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" width="1" height="1"/>
Side by Side

Before

Width:  |  Height:  |  Size: 100 B

128
jigasi-vosk-backend.sh
View File

@ -1,128 +0,0 @@
#!/bin/bash
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
#Check if user is root
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
exit_if_not_installed() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then
echo " This instance doesn't have $1 installed, exiting..."
echo " If you think this is an error, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues "
exit
fi
}
clear
echo ''
echo '########################################################################'
echo ' Jigasi Transcript addon'
echo '########################################################################'
echo ' by Software, IT & Networks Ltd'
echo ''
exit_if_not_installed jitsi-meet
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
JIG_TRANSC_PASWD="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 16 | head -n1)"
JIG_SIP_PROP="/etc/jitsi/jigasi/sip-communicator.properties"
export DOMAIN
export JIG_TRANSC_PASWD
apt-get -q2 update
# Disable SIP account prompt by default
echo "jigasi jigasi/sip-account string ''" | debconf-set-selections
echo "jigasi jigasi/sip-password password ''" | debconf-set-selections
echo "Installing Jigasi, SIP configuration disabled by default."
apt-get -y install gettext-base jigasi docker.io
echo "Please select a language for the VOSK transcription model:"
echo "1) Chinese"
echo "2) English"
echo "3) French"
echo "4) German"
echo "5) Hindi"
echo "6) Japanese"
echo "7) Russian"
echo "8) Spanish"
read -p "Enter the number corresponding to your language choice: " -r lang_choice
case $lang_choice in
1)
echo "You selected Chinese."
VOSK_DOCKER_MODEL="alphacep/kaldi-cn"
;;
2)
echo "You selected English."
VOSK_DOCKER_MODEL="alphacep/kaldi-en"
;;
3)
echo "You selected French."
VOSK_DOCKER_MODEL="alphacep/kaldi-fr"
;;
4)
echo "You selected German."
VOSK_DOCKER_MODEL="alphacep/kaldi-de"
;;
5)
echo "You selected Hindi."
VOSK_DOCKER_MODEL="alphacep/kaldi-hi"
;;
6)
echo "You selected Japanese."
VOSK_DOCKER_MODEL="alphacep/kaldi-ja"
;;
7)
echo "You selected Russian."
VOSK_DOCKER_MODEL="alphacep/kaldi-ru"
;;
8)
echo "You selected Spanish."
VOSK_DOCKER_MODEL="alphacep/kaldi-es"
;;
*)
echo "Invalid selection. Please choose a number between 1 and 8."
;;
esac
# Running selected VOSK docker model.
docker run -d --restart always -p 2700:2700 ${VOSK_DOCKER_MODEL}:latest
echo "Setting up Jigasi transcript with current platform..."
# Jitsi Meet
echo "> Patching Jitsi Meet's config.js for Transcription support."
echo " Read more at patches/jigasi/001-jigasi-meet-config.patch file"
envsubst < patches/jigasi/001-jigasi-meet-config.patch | \
patch --no-backup-if-mismatch -d / -p1
# Jigasi
echo "> Patching jigasi's sip-communicator.properties configuration."
echo " Read more at patches/jigasi/002-jigasi-sip-properties.patch file"
cp "$JIG_SIP_PROP" ${JIG_SIP_PROP}-dpkg-file
envsubst < patches/jigasi/002-jigasi-sip-properties.patch | \
patch --no-backup-if-mismatch -d / -p1
# Create transcribe user on hidden domain.
prosodyctl register transcriber recorder."$DOMAIN" "$JIG_TRANSC_PASWD"
# Restart services.
systemctl restart prosody \
jicofo \
jigasi \
jibri* \
jitsi-videobridge2
echo ""
echo "Full transcript files are available at:"
echo "--> /var/lib/jigasi/transcripts/"
echo ""
echo "Happy transcripting!"
echo ""

14
jitsi-updater.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
# Jitsi Meet recurring upgrader and customization keeper
# for Debian/*buntu binaries.
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later.
while getopts m: option
@ -42,9 +42,7 @@ apt_repo="/etc/apt/sources.list.d"
ENABLE_BLESSM="TBD"
G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \
jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | \
grep linux64 | grep "$G_CHROME" | tail -1)
CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | grep linux64 | grep "$G_CHROME" | tail -1)
CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL")
CHD_LTST_2D="$(cut -d "." -f 1,2 <<< "$CHD_LTST")"
CHDB="$(whereis chromedriver | awk '{print$2}')"
@ -125,7 +123,6 @@ update_nodejs_repo() {
-o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"
apt-get install -q2 --only-upgrade <<< printf "${nodejs_package[@]}"
}
check_latest_gc() {
printwc "${Purple}" "Checking for Google Chrome\n"
if [ -f /usr/bin/google-chrome ]; then
GOOGL_VER_2D="$(/usr/bin/google-chrome --version|awk '{printf "%.1f\n", $NF}')"
@ -133,11 +130,8 @@ else
printwc "${Yellow}" " -> Seems there is no Google Chrome installed\n"
IS_GLG_CHRM="no"
fi
}
check_latest_gc
upgrade_cd() {
if [ -n "$GOOGL_VER_2D" ]; then
check_latest_gc
if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then
echo "Upgrading Chromedriver to Google Chromes version"
wget -q "$CHD_LTST_DWNL" \
@ -265,10 +259,6 @@ printwc "${Purple}" "========== Enable $NC_DOMAIN for sync client ==========\n"
echo "$NC_DOMAIN seems to be on place, skipping..."
fi
fi
# Final check & upgrade call.
check_lst_cd
if [ "$JIBRI_NODE" = "yes" ]; then
restart_jibri
else

38
jm-bm.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
# Jitsi Meet brandless mode
# for Debian/*buntu binaries.
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later.
while getopts m: option
@ -27,7 +27,6 @@ BUNDLE_JS="/usr/share/jitsi-meet/libs/app.bundle.min.js"
#
JM_IMG_PATH="/usr/share/jitsi-meet/images"
WTM2_PATH="$JM_IMG_PATH/watermark2.png"
WTM2_SVG_PATH="$JM_IMG_PATH/watermark2.svg"
FICON_PATH="$JM_IMG_PATH/favicon2.ico"
REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png"
#
@ -37,30 +36,29 @@ PART_USER="Participant"
LOCAL_USER="me"
#
#SEC_ROOM="TBD"
copy_if_not_there() {
if [ ! -f "$1" ]; then
cp images/"$(echo $1|xargs basename)" "$1"
else
echo "$(echo $1|xargs basename) file exists, skipping copying..."
fi
}
echo '
#--------------------------------------------------
# Applying Brandless mode
#--------------------------------------------------
'
#Watermark
copy_if_not_there "$WTM2_PATH"
#Watermark svg
copy_if_not_there "$WTM2_SVG_PATH"
if [ ! -f "$WTM2_PATH" ]; then
cp images/watermark2.png "$WTM2_PATH"
else
echo "watermark2 file exists, skipping copying..."
fi
#Favicon
copy_if_not_there "$FICON_PATH"
if [ ! -f "$FICON_PATH" ]; then
cp images/favicon2.ico "$FICON_PATH"
else
echo "favicon2 file exists, skipping copying..."
fi
#Local recording icon
copy_if_not_there "$REC_ICON_PATH"
if [ ! -f "$REC_ICON_PATH" ];then
cp images/gnome_record.png "$REC_ICON_PATH"
else
echo "recording icon exists, skipping copying..."
fi
#Custom / Remove icons
sed -i "s|watermark.png|watermark2.png|g" "$CSS_FILE"
@ -72,10 +70,6 @@ sed -i "s|icon-cloud.png|gnome_record.png|g" "$BUNDLE_JS"
if ! grep -q ".leftwatermark{display:none" "$CSS_FILE" ; then
sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE"
fi
#Replace App logo
sed -i "s|// defaultLogoUrl: .*| defaultLogoUrl: 'images/watermark2.svg',|" "$MEET_CONF"
#Overwrite favicon svg
cp images/watermark2.svg $JM_IMG_PATH/favicon.svg
#Customize room title
sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE"

312
jra_nextcloud.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# JRA (Jibri Recordings Access) via Nextcloud
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
while getopts m: option
@ -14,7 +14,7 @@ done
#DEBUG
if [ "$MODE" = "debug" ]; then
set -x
set -x
fi
if ! [ "$(id -u)" = 0 ]; then
@ -42,9 +42,14 @@ apt-get update -q2
# Manually add prerequisites.
apt-get install -y curl letsencrypt nginx
MIN_PHP="8.2"
DISTRO_RELEASE="$(lsb_release -sc)"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHPVER="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')"
[ -z "$NC_NGINX_SSL_PORT" ] && NC_NGINX_SSL_PORT="443"
NC_REPO="https://download.nextcloud.com/server/releases"
@ -59,11 +64,31 @@ DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording
REDIS_CONF="/etc/redis/redis.conf"
JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
[ -f "$JITSI_MEET_PROXY" ] && PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1)
PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)"
PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
ISO3166_CODE=TBD
NL="$(printf '\n ')"
TMP_GPG_REPO="$(mktemp -d)"
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison "$i" 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages
packages=""
}
exit_ifinstalled() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " This instance already has $1 installed, exiting..."
@ -80,6 +105,18 @@ else
apt-get -yq2 install "$1"
fi
}
add_php() {
if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed"
apt-get -q2 update
apt-get -yq2 dist-upgrade
else
echo "# Adding Ondrej PHP $PHPVER PPA Repository"
add_gpg_keyring E5267A6C
echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2
fi
}
while [[ "$ANS_NCD" != "yes" ]]
do
read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN
@ -95,11 +132,9 @@ do
echo " - Please try again."
fi
done
sleep .1
#Simple DNS test
if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then
echo -e "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...\n\n"
sleep .1
else
echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match."
echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail."
@ -111,7 +146,7 @@ else
exit
fi
fi
sleep .1
NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf"
while [ -z "$NC_USER" ]
do
@ -120,7 +155,6 @@ do
echo " - This field is mandatory."
fi
done
sleep .1
while [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 8 ]
do
read -p "Nextcloud user password: " -r NC_PASS
@ -128,7 +162,6 @@ do
echo -e " - This field is mandatory. \nPlease make sure it's at least 8 characters.\n"
fi
done
sleep .1
#Enable HSTS
while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ]
do
@ -141,7 +174,7 @@ do
echo " - HSTS will be enabled."
fi
done
sleep .1
echo -e "#Default country phone code\n
> Starting at Nextcloud 21.x it's required to set a default country phone ISO 3166-1 alpha-2 code.\n
>>> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements <<<\n"
@ -176,39 +209,241 @@ exit_ifinstalled postgresql-"$PSGVER"
# PostgresSQL
install_ifnot postgresql-"$PSGVER"
# PHP 7.4 / 8.1
add_php
install_aval_package " \
imagemagick \
php$PHPVER-fpm \
php$PHPVER-bcmath \
php$PHPVER-bz2 \
php$PHPVER-curl \
php$PHPVER-gd \
php$PHPVER-gmp \
php$PHPVER-imagick \
php$PHPVER-intl \
php$PHPVER-json \
php$PHPVER-ldap \
php$PHPVER-mbstring \
php$PHPVER-pgsql \
php$PHPVER-redis \
php$PHPVER-soap \
php$PHPVER-xml \
php$PHPVER-xmlrpc \
php$PHPVER-zip \
redis-server \
unzip \
"
#--------------------------------------------------
# Prepare PHP
#--------------------------------------------------
#System related
install_ifnot smbclient
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF"
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF"
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF"
sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF"
if [ "$MODE" = "debug" ]; then
bash -x "$PWD"/tools/prepare_php.sh "$MIN_PHP"
else
bash "$PWD"/tools/prepare_php.sh "$MIN_PHP"
fi
echo "
Tunning PHP.ini...
"
# Change values in php.ini (increase max file size)
# max_execution_time
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
# max_input_time
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
# memory_limit
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
# post_max
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
# upload_max
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
phpenmod opcache
{
echo "# OPcache settings for Nextcloud"
echo "opcache.enable=1"
echo "opcache.enable_cli=1"
echo "opcache.interned_strings_buffer=8"
echo "opcache.max_accelerated_files=10000"
echo "opcache.memory_consumption=256"
echo "opcache.save_comments=1"
echo "opcache.revalidate_freq=1"
echo "opcache.validate_timestamps=1"
} >> "$PHP_INI"
systemctl restart php"$PHPVER"-fpm.service
#--------------------------------------------------
# Create DB user
#--------------------------------------------------
echo -e "\n---- Creating the PgSQL DB & User ----"
cd /tmp || return
sudo -u postgres psql <<DB
CREATE DATABASE nextcloud_db;
CREATE USER ${NC_DB_USER} WITH ENCRYPTED PASSWORD '${NC_DB_PASSWD}';
GRANT ALL PRIVILEGES ON DATABASE ${NC_DB} TO ${NC_DB_USER};
DB
echo -e "\nDone!\n"
echo "Done!
"
# Add .mjs as a file extension for javascript
sed -i "/application\/javascript/s|js.*;|js mjs;|" /etc/nginx/mime.types
#nginx - configuration
cat << NC_NGINX > "$NC_NGINX_CONF"
#nextcloud config
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php${PHPVER}-fpm.sock;
}
# nginx conf setup.
cp files/nextcloud.conf "$NC_NGINX_CONF"
sed -i "s|_PHPVER|$MIN_PHP|g" "$NC_NGINX_CONF"
sed -i "s|_NC_DOMAIN|$NC_DOMAIN|g" "$NC_NGINX_CONF"
sed -i "s|_NC_NGINX_SSL_PORT|$NC_NGINX_SSL_PORT|g" "$NC_NGINX_CONF"
sed -i "s|_NC_PATH|$NC_PATH|g" "$NC_NGINX_CONF"
server {
listen 80;
listen [::]:80;
server_name $NC_DOMAIN;
# enforce https
return 301 https://\$server_name\$request_uri;
}
server {
listen $NC_NGINX_SSL_PORT ssl http2;
listen [::]:$NC_NGINX_SSL_PORT ssl http2;
server_name $NC_DOMAIN;
ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$NC_DOMAIN/privkey.pem;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the \`ngx_pagespeed\` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud \`.htaccess\`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# set max upload size
client_max_body_size 1024M;
fastcgi_buffers 64 4K;
# Path to the root of your installation
root $NC_PATH/;
# Specify how to handle directories -- specifying \`/index.php\$request_uri\`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# \`/updater\`, \`/ocm-provider\`, \`/ocs-provider\`), and thus
# \`try_files \$uri \$uri/ /index.php\$request_uri\`
# always provides the desired behaviour.
index index.php index.html /index.php\$request_uri;
# Rule borrowed from \`.htaccess\` to handle Microsoft DAV clients
location = / {
if ( \$http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/\$is_args\$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for \`/.well-known\` so that clients can still
# access it despite the existence of the regex rule
# \`location ~ /(\.|autotest|...)\` which would otherwise handle requests
# for \`/.well-known\`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in \`.htaccess\` that concern \`/.well-known\`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files \$uri \$uri/ =404; }
location /.well-known/pki-validation { try_files \$uri \$uri/ =404; }
# Let Nextcloud's API for \`/.well-known\` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php\$request_uri;
}
# Rules borrowed from \`.htaccess\` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:\$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends \`/index.php\`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:\$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
set \$path_info \$fastcgi_path_info;
try_files \$fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param PATH_INFO \$path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)\$ {
try_files \$uri /index.php\$request_uri;
expires 6M; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?\$ {
try_files \$uri /index.php\$request_uri;
expires 7d; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from \`.htaccess\`
location /remote {
return 301 /remote.php\$request_uri;
}
location / {
try_files \$uri \$uri/ /index.php\$request_uri;
}
}
NC_NGINX
systemctl stop nginx
letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN"
if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then
@ -244,7 +479,7 @@ chown -R www-data:www-data "$NC_PATH"
chmod -R 755 "$NC_PATH"
echo -e "\nDatabase installation...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ maintenance:install \
sudo -u www-data php "$NC_PATH"/occ maintenance:install \
--database=pgsql \
--database-name="$NC_DB" \
--database-user="$NC_DB_USER" \
@ -259,7 +494,7 @@ sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," "$NC_C
sed -i "s|http://localhost|https://$NC_DOMAIN|" "$NC_CONFIG"
echo -e "\nAdd crontab...\n"
crontab -u www-data -l | { cat; echo "*/5 * * * * php$MIN_PHP -f $NC_PATH/cron.php"; } | crontab -u www-data -
crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NC_PATH/cron.php"; } | crontab -u www-data -
echo -e "\nAdd memcache support...\n"
sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF"
@ -285,24 +520,25 @@ sed -i "/);/i \ \ )," "$NC_CONFIG"
echo -e "Done\n"
echo -e "\nAddding & Setting up Files External App for Local storage...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:install files_external
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:enable files_external
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:disable support
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json
sudo -u www-data php "$NC_PATH"/occ app:install files_external
sudo -u www-data php "$NC_PATH"/occ app:enable files_external
sudo -u www-data php "$NC_PATH"/occ app:disable support
sudo -u www-data php "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json
usermod -a -G jibri www-data
chmod -R 770 "$DIR_RECORD"
chmod -R g+s "$DIR_RECORD"
echo -e "\nFixing possible missing tables...\n\n"
echo "y"|sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:convert-filecache-bigint
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-indices
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-columns
echo "y"|sudo -u www-data php "$NC_PATH"/occ db:convert-filecache-bigint
sudo -u www-data php "$NC_PATH"/occ db:add-missing-indices
sudo -u www-data php "$NC_PATH"/occ db:add-missing-columns
echo -e "\nAdding trusted domain...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN"
sudo -u www-data php "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN"
echo -e "\nSetting JRA domain on jitsi-updater.sh\n"
cd ~/quick-jibri-installer || return
sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh
echo -e "\nQuick Nextcloud installation complete!\n"

2
mode/chp-mode.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Custom High Performance Jitsi conf
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
while getopts m: option

2
mode/grid/selenium-grid-docker.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
# Custom Selenium Grid-Node fro Jitsi Meet
# Pandian © - https://community.jitsi.org/u/Pandian
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
while getopts m: option

2
mode/jms-stu.sh
View File

@ -2,7 +2,7 @@
# System-tune-up to remove system software restrictions on a huge load of connections.
# Be aware that hardware/infrastructure resources are the most common limiters.
#
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
while getopts m: option

2
mode/jwt.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# JWT Mode Setup
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
while getopts m: option

40
patches/jigasi/001-jigasi-meet-config.patch
View File

@ -1,40 +0,0 @@
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
Enable transcription on jitsi meet config.js file.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index f412891..f704157 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -426,9 +426,9 @@ var config = {
// autoCaptionOnRecord: false,
// Transcription options.
- // transcription: {
+ transcription: {
// // Whether the feature should be enabled or not.
- // enabled: false,
+ enabled: true,
// // Translation languages.
// // Available languages can be found in
@@ -443,7 +443,7 @@ var config = {
// // detected based on the environment, e.g. if the app is opened in a chrome instance which
// // is using french as its default language then transcriptions for that participant will be in french.
// // Defaults to true.
- // useAppLanguage: true,
+ useAppLanguage: true,
// // Transcriber language. This settings will only work if "useAppLanguage"
// // is explicitly set to false.
@@ -453,7 +453,7 @@ var config = {
// // Enables automatic turning on transcribing when recording is started
// autoTranscribeOnRecord: false,
- // },
+ },
// Misc

80
patches/jigasi/002-jigasi-sip-properties.patch
View File

@ -1,80 +0,0 @@
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
Modify sip-communicator.properties to run Jigasi along with VOSK Models.
diff --git a/etc/jitsi/jigasi/sip-communicator.properties b/etc/jitsi/jigasi/sip-communicator.properties
index 7a8d0f3..ae5369a 100644
--- a/etc/jitsi/jigasi/sip-communicator.properties
+++ b/etc/jitsi/jigasi/sip-communicator.properties
@@ -165,12 +165,12 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# If you want jigasi to perform authenticated login instead of anonymous login
# to the XMPP server, you can set the following properties.
-# org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
-# org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
-# org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
+org.jitsi.jigasi.xmpp.acc.USER_ID=transcriber@recorder.${DOMAIN}
+org.jitsi.jigasi.xmpp.acc.PASS=${JIG_TRANSC_PASWD}
+org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
# To fix SSL/TLS required by client but not supported by server
-#org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
+org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
# Can be used in combination with jitsi-meet module mod_auth_jitsi-shared-secret
# To have jigasi use a random username on every call
@@ -187,7 +187,7 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# Activate this property if you are using self-signed certificates or other
# type of non-trusted certicates. In this mode your service trust in the
# remote certificates always.
-# net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
+net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
# Enable this property to be able to shutdown gracefully jigasi using
# a rest command
@@ -196,31 +196,31 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# Options regarding Transcription. Read the README for a detailed description
# about each property
-#org.jitsi.jigasi.ENABLE_TRANSCRIPTION=false
-#org.jitsi.jigasi.ENABLE_SIP=true
+org.jitsi.jigasi.ENABLE_TRANSCRIPTION=true
+org.jitsi.jigasi.ENABLE_SIP=false
# whether to use the more expensive, but better performing
# "video" model when doing transcription
# org.jitsi.jigasi.transcription.USE_VIDEO_MODEL = false
# delivering final transcript
-# org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
-# org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
-# org.jitsi.jigasi.transcription.jetty.port=-1
-# org.jitsi.jigasi.transcription.ADVERTISE_URL=false
+org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
+org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
+org.jitsi.jigasi.transcription.jetty.port=-1
+org.jitsi.jigasi.transcription.ADVERTISE_URL=false
# save formats
-# org.jitsi.jigasi.transcription.SAVE_JSON=false
-# org.jitsi.jigasi.transcription.SAVE_TXT=true
+org.jitsi.jigasi.transcription.SAVE_JSON=false
+org.jitsi.jigasi.transcription.SAVE_TXT=true
# send formats
-# org.jitsi.jigasi.transcription.SEND_JSON=true
-# org.jitsi.jigasi.transcription.SEND_TXT=false
+org.jitsi.jigasi.transcription.SEND_JSON=true
+org.jitsi.jigasi.transcription.SEND_TXT=false
# Vosk server
-# org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
+org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
# org.jitsi.jigasi.transcription.vosk.websocket_url={"en": "ws://localhost:2700", "fr": "ws://localhost:2710"}
-# org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
+org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
# Whisper live transcription server
# org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.WhisperTranscriptionService

66
patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch
View File

@ -1,66 +0,0 @@
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
Patch jitsi-meet config.js to enable recording and livestreaming by default.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index dcb860b..8f64c7c 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -343,12 +343,12 @@ var config = {
// // showPrejoinWarning: true,
// },
- // recordingService: {
+ recordingService: {
// // When integrations like dropbox are enabled only that will be shown,
// // by enabling fileRecordingsServiceEnabled, we show both the integrations
// // and the generic recording service (its configuration and storage type
// // depends on jibri configuration)
- // enabled: false,
+ enabled: true,
// // Whether to show the possibility to share file recording with other people
// // (e.g. meeting participants), based on the actual implementation
@@ -357,7 +357,7 @@ var config = {
// // Hide the warning that says we only store the recording for 24 hours.
// hideStorageWarning: false,
- // },
+ },
// DEPRECATED. Use recordingService.enabled instead.
// fileRecordingsServiceEnabled: false,
@@ -368,7 +368,7 @@ var config = {
// Local recording configuration.
// localRecording: {
// // Whether to disable local recording or not.
- // disable: false,
+ // disable: true,
// // Whether to notify all participants when a participant is recording locally.
// notifyAllParticipants: false,
@@ -378,9 +378,9 @@ var config = {
// },
// Customize the Live Streaming dialog. Can be modified for a non-YouTube provider.
- // liveStreaming: {
+ liveStreaming: {
// // Whether to enable live streaming or not.
- // enabled: false,
+ enabled: true,
// // Terms link
// termsLink: 'https://www.youtube.com/t/terms',
// // Data privacy link
@@ -388,8 +388,8 @@ var config = {
// // RegExp string that validates the stream key input field
// validatorRegExpString: '^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}',
// // Documentation reference for the live streaming feature.
- // helpLink: 'https://jitsi.org/live'
- // },
+ helpLink: 'https://forge.switnet.net/switnet/quick-jibri-installer'
+ },
// DEPRECATED. Use liveStreaming.enabled instead.
// liveStreamingEnabled: false,

31
patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch
View File

@ -1,31 +0,0 @@
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
Patch jitsi-meet config.js to enable/disable welcome page.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index dcb860b..2094287 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -664,13 +664,13 @@ var config = {
// enableWelcomePage: true,
// Configs for welcome page.
- // welcomePage: {
- // // Whether to disable welcome page. In case it's disabled a random room
- // // will be joined when no room is specified.
- // disabled: false,
- // // If set, landing page will redirect to this URL.
- // customUrl: ''
- // },
+ welcomePage: {
+ // Whether to disable welcome page. In case it's disabled a random room
+ // will be joined when no room is specified.
+ disabled: ${ENABLE_WELCP_BOL},
+ // If set, landing page will redirect to this URL.
+ customUrl: ''
+ },
// Configs for the lobby screen.
// lobby: {

548
quick_jibri_installer.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
{
echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log
@ -38,126 +38,118 @@ DIST=$(lsb_release -sc)
GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}')
PROSODY_REPO="$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}')"
PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)"
PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
NL="$(printf '\n ')"
NODEJS_VER="18"
JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key"
PROSODY_GPG_KEY="/etc/apt/trusted.gpg.d/prosody-debian-packages.key"
NODEJS_GPG_KEY="/etc/apt/keyrings/nodesource.gpg"
TODAY=$(date +%s)
NEXT_LTS_DATE=$(date -d 2024-04-01 +%s)
CERT_CHOICE_DEBCONF="Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
printwc() {
printf "%b$2%b" "$1" "${Color_Off}"
}
exit_ifinstalled() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo -e "\nThis instance already has $1 installed, exiting..."
echo -e "Please try again on a clean system."
echo -e " If you think this is an error, please report to:"
echo -e " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
exit
fi
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo "
This instance already has $1 installed, exiting...
Please try again on a clean system.
If you think this is an error, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
exit
fi
}
exit_ifinstalled jitsi-meet
rename_distro() {
if [ "$DIST" = "$1" ]; then
DIST="$2"
fi
if [ "$DIST" = "$1" ]; then
DIST="$2"
fi
}
#Trisquel distro upstream referencing.
rename_distro nabia focal
rename_distro aramo jammy
install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " $1 is installed, skipping..."
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " $1 is installed, skipping..."
else
printf "\n---- Installing %s ----" "$1"
apt-get -yq2 install "$1"
fi
fi
}
check_serv() {
if [ "$APACHE_2" -eq 1 ]; then
echo -e "\nThe recommended setup is using NGINX, exiting...\n"
exit
elif [ "$NGINX" -eq 1 ]; then
printf "\nWebserver already installed!\n"
else
printf "\nInstalling nginx webserver!\n"
install_ifnot nginx
fi
if [ "$APACHE_2" -eq 1 ]; then
echo "
The recommended setup is using NGINX, exiting...
"
exit
elif [ "$NGINX" -eq 1 ]; then
printf "\nWebserver already installed!\n"
else
printf "\nInstalling nginx webserver!\n"
install_ifnot nginx
fi
}
check_snd_driver() {
printf "\n# Checking ALSA - Loopback module..."
echo "snd-aloop" | tee -a /etc/modules
modprobe snd-aloop
if [ "$(lsmod|awk '/snd_aloop/{print$1}'|awk 'NR==1')" = "snd_aloop" ]; then
echo -e "\n#-----------------------------------------------------------------------"
echo "# Audio driver seems - OK."
echo -e "#-----------------------------------------------------------------------\n"
else
echo -e "\n#-----------------------------------------------------------------------"
echo "# Your audio driver might not be able to load."
echo "# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool."
echo -e "#-----------------------------------------------------------------------\n"
#Test tool
if [ "$MODE" = "debug" ]; then
bash "$PWD"/tools/test-jibri-env.sh -m debug
else
bash "$PWD"/tools/test-jibri-env.sh
fi
read -n 1 -s -r -p "Press any key to continue..."$'\n'
fi
printf "\n# Checking ALSA - Loopback module..."
echo "snd-aloop" | tee -a /etc/modules
modprobe snd-aloop
if [ "$(lsmod|awk '/snd_aloop/{print$1}'|awk 'NR==1')" = "snd_aloop" ]; then
echo "
#-----------------------------------------------------------------------
# Audio driver seems - OK.
#-----------------------------------------------------------------------"
else
echo "
#-----------------------------------------------------------------------
# Your audio driver might not be able to load.
# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool.
#-----------------------------------------------------------------------"
#Test tool
if [ "$MODE" = "debug" ]; then
bash "$PWD"/tools/test-jibri-env.sh -m debug
else
bash "$PWD"/tools/test-jibri-env.sh
fi
read -n 1 -s -r -p "Press any key to continue..."$'\n'
fi
}
# sed limiters for add-jibri-node.sh variables
var_dlim() {
grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1
}
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com \$1
apt-key export \$1 | gpg --dearmour | tee /tmp/\$1.gpg >/dev/null
apt-key del \$1
mv /tmp/\$1.gpg /etc/apt/trusted.gpg.d/
}
add_prosody_repo() {
echo "Add Prosody repo"
if [ "$PROSODY_REPO" = "main" ]; then
echo "Prosody repository already installed"
else
echo "deb [signed-by=$PROSODY_GPG_KEY] http://packages.prosody.im/debian $DIST main" \
> /etc/apt/sources.list.d/prosody.list
curl -s https://prosody.im/files/prosody-debian-packages.key \
> "$PROSODY_GPG_KEY"
apt-get update -q2
fi
echo "Add Prosody repo"
if [ "$PROSODY_REPO" = "main" ]; then
echo "Prosody repository already installed"
else
echo "deb [signed-by=/etc/apt/trusted.gpg.d/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list
curl -s https://prosody.im/files/prosody-debian-packages.key > /etc/apt/trusted.gpg.d/prosody-debian-packages.key
fi
}
dpkg-compare() {
dpkg --compare-versions "$(dpkg-query -f='${Version}' --show "$1")" "$2" "$3"
dpkg --compare-versions "$(dpkg-query -f='${Version}' --show "$1")" "$2" "$3"
}
wait_seconds() {
secs=$(($1))
while [ $secs -gt 0 ]; do
echo -ne "$secs\033[0K\r"
sleep 1
: $((secs--))
done
secs=$(($1))
while [ $secs -gt 0 ]; do
echo -ne "$secs\033[0K\r"
sleep 1
: $((secs--))
done
}
print_title() {
printwc "${Blue}" "\n#--------------------------------------------------"
printwc "${Blue}" "\n# $1"
printwc "${Blue}" "\n#--------------------------------------------------\n"
printwc "${Blue}" "\n#--------------------------------------------------"
printwc "${Blue}" "\n# $1"
printwc "${Blue}" "\n#--------------------------------------------------\n"
}
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
clear
printwc "${Green}" '
@ -178,7 +170,7 @@ Featuring:
Learn more about these at,
Main repository: https://forge.switnet.net/switnet/quick-jibri-installer
Wiki and documentation: https://forge.switnet.net/switnet/quick-jibri-installer/wiki\n\n'
sleep .1
read -n 1 -s -r -p "Press any key to continue..."$'\n'
#Check if user is root
@ -196,11 +188,13 @@ else
exit
fi
#Suggest 22.04 LTS release over 20.04 in April 2024
TODAY=$(date +%s)
NEXT_LTS_DATE=$(date -d 2024-04-01 +%s)
if [ "$DIST" = "focal" ]; then
if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then
echo " > $(lsb_release -sc), even when it's compatible and functional."
echo -n " We suggest to use the next (LTS) release, for longer"
echo " support and security reasons."
echo " > $(lsb_release -sc), even when it's compatible and functional.
We suggest to use the next (LTS) release, for longer support and security reasons."
read -n 1 -s -r -p "Press any key to continue..."$'\n'
else
echo "Focal is supported."
@ -210,8 +204,7 @@ fi
#Check system resources
printf "\n\nVerifying System Resources:"
if [ "$(nproc --all)" -lt 4 ];then
printf "\nWarning!: The system do not meet the minimum CPU"
printf " requirements for Jibri to run."
printf "\nWarning!: The system do not meet the minimum CPU requirements for Jibri to run."
printf "\n>> We recommend 4 cores/threads for Jibri!\n"
CPU_MIN="N"
else
@ -222,8 +215,7 @@ sleep .1
### Test RAM size (8GB min) ###
mem_available="$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+')"
if [ "$mem_available" -lt 7700000 ]; then
printf "\nWarning!: The system do not meet the minimum RAM"
printf " requirements for Jibri to run."
printf "\nWarning!: The system do not meet the minimum RAM requirements for Jibri to run."
printf "\n>> We recommend 8GB RAM for Jibri!\n\n"
MEM_MIN="N"
else
@ -235,10 +227,8 @@ if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then
echo "All requirements seems meet!"
printf "\n - We hope you have a nice recording/streaming session\n"
else
printf "CPU (%s)/RAM (%s MiB)" "$(nproc --all)" "$((mem_available/1024))"
printf " does NOT meet minimum recommended requirements!"
printf "\nEven when you can use the videoconferencing sessions, we"
printf " advice to increase the resources in order to user Jibri.\n\n"
printf "CPU (%s)/RAM (%s MiB) does NOT meet minimum recommended requirements!" "$(nproc --all)" "$((mem_available/1024))"
printf "\nEven when you can use the videoconferencing sessions, we advice to increase the resources in order to user Jibri.\n\n"
sleep .1
while [ "$CONTINUE_LOW_RES" != "yes" ] && [ "$CONTINUE_LOW_RES" != "no" ]
do
@ -248,8 +238,7 @@ sleep .1
exit
elif [ "$CONTINUE_LOW_RES" = "yes" ]; then
printf "\n - We highly recommend to increase the server resources."
printf "\n - Otherwise, please think about adding dedicated"
printf " jibri nodes instead.\n\n"
printf "\n - Otherwise, please think about adding dedicated jibri nodes instead.\n\n"
fi
done
fi
@ -277,32 +266,27 @@ sleep .1
do
read -p "> Do you want to disable local jibri service?: (yes or no)$NL" -r DISABLE_LOCAL_JIBRI
if [ "$DISABLE_LOCAL_JIBRI" = "no" ]; then
printf " - Please keep in mind that we might not support"
printf " underpowered servers.\n"
printf " - Please keep in mind that we might not support underpowered servers.\n"
elif [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then
printf " - You can add dedicated jibri nodes later, see more"
printf " at the wiki.\n"
printf " - You can add dedicated jibri nodes later, see more at the wiki.\n"
fi
done
fi
sleep .1
#Check system oriented porpuse
apt-get -q2 update
apt-get -yq2 update
SYSTEM_DE="$(apt-cache search "ubuntu-(desktop|mate-desktop)"|awk '{print$1}'|xargs|sed 's|$| trisquel triskel trisquel-mini|')"
SYSTEM_DE_ARRAY=( "$SYSTEM_DE" )
printf "\nChecking for common desktop system oriented purpose....\n"
for de in "${SYSTEM_DE_ARRAY[@]}"
do
if [ "$(dpkg-query -W -f='${Status}' "$de" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
printf "\n > This instance has %s installed, exiting...\n" "$de"
printf "\nPlease avoid using this installer on a desktop-user"
printf " oriented GNU/Linux system.\n"
printf "This is an unsupported use, as it will likely BREAK YOUR"
printf " SYSTEM, so please don't.\n"
printf "\n > This instance has %s installed, exiting...
\nPlease avoid using this installer on a desktop-user oriented GNU/Linux system.
This is an unsupported use, as it will likely BREAK YOUR SYSTEM, so please don't." "$de"
exit
else
printf " > No standard desktop environment for user oriented"
printf " porpuse detected, good!, continuing...\n\n"
printf " > No standard desktop environment for user oriented porpuse detected, good!, continuing...\n\n"
fi
done
sleep .1
@ -314,11 +298,8 @@ printf "\nAdd Jitsi repo\n"
if [ "$JITSI_REPO" = "stable" ]; then
printf " - Jitsi stable repository already installed\n\n"
else
echo "deb [signed-by=$JITSI_GPG_KEY] http://download.jitsi.org stable/" \
> /etc/apt/sources.list.d/jitsi-stable.list
curl -s https://download.jitsi.org/jitsi-key.gpg.key \
> "$JITSI_GPG_KEY"
apt-get update -q2
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/jitsi-key.gpg.key] http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
curl -s https://download.jitsi.org/jitsi-key.gpg.key > /etc/apt/trusted.gpg.d/jitsi-key.gpg.key
JITSI_REPO="stable"
fi
sleep .1
@ -330,8 +311,7 @@ if [ "$LE_SSL" = yes ]; then
printf " - We'll setup Let's Encrypt SSL certs.\n\n"
else
printf " - We'll let you choose later on for it."
printf " Please be aware that a valid SSL cert is required for"
printf " some features to work properly.\n\n"
printf " Please be aware that a valid SSL cert is required for some features to work properly.\n\n"
fi
done
sleep .1
@ -358,26 +338,23 @@ sleep .1
sleep .1
#Simple DNS test
if [ "$PUBLIC_IP" = "$(dig -4 +short "$JITSI_DOMAIN"||awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then
printf "\nServer public IP & DNS record for"
printf " %s seems to match, continuing..." "$JITSI_DOMAIN"
printf "\nServer public IP & DNS record for %s seems to match, continuing..." "$JITSI_DOMAIN"
else
echo -n "Server public IP ($PUBLIC_IP) & DNS record for $JITSI_DOMAIN"
echo " don't seem to match."
echo -n " > Please check your dns records are applied and updated,"
echo " otherwise components may fail."
read -p " > Do you want to continue?: (yes or no)$NL" -r DNS_CONTINUE
echo "Server public IP ($PUBLIC_IP) & DNS record for $JITSI_DOMAIN don't seem to match."
echo " > Please check your dns records are applied and updated, otherwise components may fail."
read -p " > Do you want to continue?: (yes or no)$NL" -r DNS_CONTINUE
if [ "$DNS_CONTINUE" = "yes" ]; then
echo " - We'll continue anyway..."
echo " - We'll continue anyway..."
else
echo " - Exiting for now..."
exit
echo " - Exiting for now..."
exit
fi
fi
fi
sleep .1
# Requirements
printf "\nWe'll start by installing system requirements this may take"
printf " a while please be patient...\n"
printf "\nWe'll start by installing system requirements this may take a while please be patient...\n"
apt-get update -q2
apt-get dist-upgrade -yq2
apt-get -y install \
@ -398,15 +375,14 @@ if [ "$LE_SSL" = "yes" ]; then
apt-get -y install \
certbot
if [ "$(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo "# Disable pre-installed ufw, more on firewall see:"
echo " > https://forge.switnet.net/switnet/quick-jibri-installer/wiki/Firewall"
echo "# Disable pre-installed ufw, more on firewall see:
> https://forge.switnet.net/switnet/quick-jibri-installer/wiki/Firewall"
ufw disable
fi
fi
echo "# Check and Install HWE kernel if possible..."
HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" \
2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")"
HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")"
if [ "$HWE_VIR_MOD" = "1" ]; then
apt-get -y install \
linux-image-generic-hwe-"$(lsb_release -sr)" \
@ -425,15 +401,11 @@ echo "
#--------------------------------------------------
"
if [ "$LE_SSL" = "yes" ]; then
echo "set jitsi-meet/cert-choice select $CERT_CHOICE_DEBCONF" \
| debconf-set-selections
echo "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string $JITSI_DOMAIN" \
| debconf-set-selections
echo "jitsi-meet-web-config jitsi-meet/email string $SYSADMIN_EMAIL" \
| debconf-set-selections
echo "set jitsi-meet/cert-choice select Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)" | debconf-set-selections
echo "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string $JITSI_DOMAIN" | debconf-set-selections
echo "jitsi-meet-web-config jitsi-meet/email string $SYSADMIN_EMAIL" | debconf-set-selections
fi
echo "jitsi-meet-web-config jitsi-meet/jaas-choice boolean false" \
| debconf-set-selections
echo "jitsi-meet-web-config jitsi-meet/jaas-choice boolean false" | debconf-set-selections
apt-get -y install \
jitsi-meet \
jibri \
@ -450,11 +422,10 @@ if [ "$(dpkg-query -W -f='${Status}' nodejs 2>/dev/null | grep -c "ok")" == "1"
echo "Nodejs is installed, skipping..."
else
mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \
| gpg --dearmor -o "$NODEJS_GPG_KEY"
echo "deb [signed-by=$NODEJS_GPG_KEY] https://deb.nodesource.com/node_$NODEJS_VER.x nodistro main" | \
tee /etc/apt/sources.list.d/nodesource.list
apt-get update -q2
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODEJS_VER.x nodistro main" | \
tee /etc/apt/sources.list.d/nodesource.list
apt-get update -yq2
apt-get install -yq2 nodejs
echo "Installing nodejs esprima package..."
@ -479,7 +450,7 @@ else
fi
apt-get -q2 update
apt-get install -yq2 google-chrome-stable
rm -rf "$GOOGL_REPO"
rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list
G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
@ -538,20 +509,19 @@ JB_NAME="Jibri Sessions"
LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua"
ENABLE_SA="yes"
MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
MJS_USER="jbsync_$MJS_RAND_TAIL"
MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
FQDN_HOST="fqdn"
JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf"
WS_MATCH1="# ensure all static content can always be found first"
WS_MATCH2="external_api.js"
MEET_MATCH1="disable simulcast support."
export DOMAIN
#GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release"
# Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
test_match "$WS_MATCH2" "$WS_CONF"
test_match "$MEET_MATCH1" "$MEET_CONF"
# Rename hostname for jitsi server
@ -568,6 +538,18 @@ do
fi
done
sleep .1
#Language
echo "## Setting up Jitsi Meet language ##
You can define the language, for a complete list of the supported languages
See here:
https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json"
printf "Jitsi Meet web interface will be set to use such language.\n\n"
sleep .1
read -p "Please set your language (Press enter to default to 'en'):$NL" -r JB_LANG
sleep .1
printf "\nWe'll take a minute to localize some UI excerpts if you need.\n\n"
sleep .1
#Participant
printf "> Do you want to translate 'Participant' to your own language?\n"
sleep .1
@ -632,20 +614,17 @@ select opt in "${options[@]}"
do
case $opt in
"Local")
printf "\n > Users are created manually using prosodyctl,"
printf " only moderators can open a room or launch recording.\n"
printf "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n"
ENABLE_SC="yes"
break
;;
"JWT")
printf "\n > A external app manage the token usage/creation,"
printf " like RocketChat does.\n"
printf "\n > A external app manage the token usage/creation, like RocketChat does.\n"
ENABLE_JWT="yes"
break
;;
"None")
printf "\n > Everyone can access the room as moderators as"
printf " there is no auth mechanism.\n"
printf "\n > Everyone can access the room as moderators as there is no auth mechanism.\n"
break
;;
*) echo "Invalid option $REPLY, choose 1, 2 or 3";;
@ -653,22 +632,19 @@ do
done
sleep .1
# Set jibris default resolution
printf "\n> What jibri resolution should be the default for this and all"
printf " the following jibri nodes?\n"
printf "\n> What jibri resolution should be the default for this and all the following jibri nodes?\n"
PS3='The more resolution the more resources jibri will require to record properly: '
jib_res=("HD 720" "FHD 1080")
select res in "${jib_res[@]}"
do
case $res in
"HD 720")
printf "\n > HD (1280x720) is good enough for most cases,"
printf " and requires a moderate high hw requirements.\n\n"
printf "\n > HD (1280x720) is good enough for most cases, and requires a moderate high hw requirements.\n\n"
JIBRI_RES="720"
break
;;
"FHD 1080")
printf "\n > Full HD (1920x1080) is the best resolution"
printf " available, it also requires high hw requirements.\n\n"
printf "\n > Full HD (1920x1080) is the best resolution available, it also requires high hw requirements.\n\n"
JIBRI_RES="1080"
break
;;
@ -700,16 +676,24 @@ do
done
sleep .1
##Jigasi
while [ "$ENABLE_TRANSCRIPT" != "yes" ] && [ "$ENABLE_TRANSCRIPT" != "no" ]
do
read -p "> Do you want to setup Jigasi Transcription: (yes or no)
#if [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "404" ]; then
#printf "> Sorry Google SDK doesn't have support yet for %s,
#thus, Jigasi Transcript can't be enable.\n\n" "$(lsb_release -sd)"
#elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "200" ]; then
#while [ "$ENABLE_TRANSCRIPT" != "yes" ] && [ "$ENABLE_TRANSCRIPT" != "no" ]
#do
#read -p "> Do you want to setup Jigasi Transcription: (yes or no)
#( Please check requirements at: https://forge.switnet.net/switnet/quick-jibri-installer )$NL" -r ENABLE_TRANSCRIPT
if [ "$ENABLE_TRANSCRIPT" = "no" ]; then
printf " - Jigasi Transcription won't be enabled.\n\n"
elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then
printf " - Jigasi Transcription will be enabled.\n\n"
fi
done
#if [ "$ENABLE_TRANSCRIPT" = "no" ]; then
#printf " - Jigasi Transcription won't be enabled.\n\n"
#elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then
#printf " - Jigasi Transcription will be enabled.\n\n"
#fi
#done
#else
#echo "No valid option for Jigasi. Please report this to
#https://forge.switnet.net/switnet/quick-jibri-installer/issues"
#fi
sleep .1
#Grafana
while [ "$ENABLE_GRAFANA_DSH" != "yes" ] && [ "$ENABLE_GRAFANA_DSH" != "no" ]
@ -853,17 +837,23 @@ BREWERY
# Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js
sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" "$MEET_CONF"
#New recording implementation.
sed -i "s|// recordingService:|recordingService:|" "$MEET_CONF"
sed -i "/recordingService/,/hideStorageWarning/s|// enabled: false,| enabled: true,|" "$MEET_CONF"
sed -i "/hideStorageWarning: false/,/Local recording configuration/s|// },|},|" "$MEET_CONF"
sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\
\\
hiddenDomain: \'recorder.$DOMAIN\',|" "$MEET_CONF"
#Enable recording & livestreaming by default.
echo "> Patching config.js to enable recording and livestreaming by default..."
echo " Read more about patches at the patches folder."
envsubst < \
patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch | \
patch --no-backup-if-mismatch -d / -p1
#Setup main language
if [ -z "$JB_LANG" ] || [ "$JB_LANG" = "en" ]; then
echo "Leaving English (en) as default language..."
sed -i "s|// defaultLanguage: 'en',|defaultLanguage: 'en',|" "$MEET_CONF"
else
echo "Changing default language to: $JB_LANG"
sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$JB_LANG\',|" "$MEET_CONF"
fi
#Prepare hidden domain for jibri/jigasi silent users.
sed -i "/fileRecordingsServiceEnabled: false,/a \\
hiddenDomain: \'recorder.$DOMAIN\'," "$MEET_CONF"
# Recording directory
if [ ! -d "$DIR_RECORD" ]; then
mkdir "$DIR_RECORD"
@ -882,8 +872,8 @@ echo "or storage provider, etc.) in this script" >> /tmp/finalize.out
chmod -R 770 \$RECORDINGS_DIR
LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -nr|sed 1d|awk '{print\$2}'| grep -v "meta\|_" | head -n1)"
NJF_NAME="\$(find \$LJF_PATH |grep "mp4"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)"
LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -n -r|awk '{print\$2}'| grep -v "meta\|-" | head -n1)"
NJF_NAME="\$(find \$LJF_PATH |grep -e "-"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)"
NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME"
mv \$LJF_PATH \$NJF_PATH
@ -894,15 +884,117 @@ chmod +x "$REC_DIR"
## New Jibri Config (2020)
mv "$JIBRI_CONF" ${JIBRI_CONF}-dpkg-file
cp files/jibri.conf "$JIBRI_CONF"
sed -i "s|JIBRI_RES_CONF|$JIBRI_RES_CONF|g" "$JIBRI_CONF"
sed -i "s|DIR_RECORD|$DIR_RECORD|g" "$JIBRI_CONF"
sed -i "s|REC_DIR|$REC_DIR|g" "$JIBRI_CONF"
sed -i "s|JB_NAME|$JB_NAME|g" "$JIBRI_CONF"
sed -i "s|DOMAIN|$DOMAIN|g" "$JIBRI_CONF"
sed -i "s|JibriBrewery|$JibriBrewery|g" "$JIBRI_CONF"
sed -i "s|JB_AUTH_PASS|$JB_AUTH_PASS|g" "$JIBRI_CONF"
sed -i "s|JB_REC_PASS|$JB_REC_PASS|g" "$JIBRI_CONF"
cat << NEW_CONF > "$JIBRI_CONF"
// New XMPP environment config.
jibri {
streaming {
// A list of regex patterns for allowed RTMP URLs. The RTMP URL used
// when starting a stream must match at least one of the patterns in
// this list.
rtmp-allow-list = [
// By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = $JIBRI_RES_CONF
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors",
"--disable-dev-shm-usage"
]
}
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording {
recordings-directory = "$DIR_RECORD"
finalize-script = "$REC_DIR"
}
api {
xmpp {
environments = [
{
// A user-friendly name for this environment
name = "$JB_NAME"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ "$DOMAIN" ]
// The base XMPP domain
xmpp-domain = "$DOMAIN"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.$DOMAIN"
room-name = "$JibriBrewery"
nickname = "Live"
}
// The login information for the control MUC
control-login {
domain = "auth.$DOMAIN"
username = "jibri"
password = "$JB_AUTH_PASS"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = "recorder.$DOMAIN"
username = "recorder"
password = "$JB_REC_PASS"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 0 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
}
NEW_CONF
#Jibri xorg resolution
sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF"
@ -977,6 +1069,28 @@ sed -i "s|MJS_USER=.*|MJS_USER=\"$MJS_USER\"|" add-jvb2-node.sh
sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh
##--
#Tune webserver for Jitsi App control
if [ -f "$WS_CONF" ]; then
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location = \/external_api.min.js {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
systemctl reload nginx
else
echo "No app configuration done to server file, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi
#Static avatar
if [ "$ENABLE_SA" = "yes" ] && [ -f "$WS_CONF" ]; then
cp images/avatar2.png /usr/share/jitsi-meet/images/
sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" "$WS_CONF"
sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" "$WS_CONF"
sed -i "/location \/external_api.min.js/i \ \ \ \ }\\
\ " "$WS_CONF"
sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" "$INT_CONF"
sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" "$INT_CONF"
fi
#nginx -tlsv1/1.1
if [ "$DROP_TLS1" = "yes" ];then
printf "\nDropping TLSv1/1.1\n\n"
@ -984,8 +1098,8 @@ if [ "$DROP_TLS1" = "yes" ];then
elif [ "$DROP_TLS1" = "no" ];then
printf "\nNo TLSv1/1.1 dropping was done.\n\n"
else
echo -n "No condition meet, please report to:"
echo "https://forge.switnet.net/switnet/quick-jibri-installer/issues"
echo "No condition meet, please report to
https://forge.switnet.net/switnet/quick-jibri-installer/issues "
fi
sleep .1
#================== Setup prosody conf file =================
@ -1003,9 +1117,9 @@ if [ "$ENABLE_SC" = "yes" ]; then
prosodyctl register "$SEC_ROOM_USER" "$DOMAIN" "$SEC_ROOM_PASS"
sleep .1
printf "\nSecure rooms are being enabled...\n"
echo -n "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' "
echo "or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered."
echo "If you have issues with the password refer to your sysadmin."
echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \
or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered.
If you have issues with the password refer to your sysadmin."
sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" "$JICOFO_SIP"
sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh
fi
@ -1044,23 +1158,20 @@ fi
sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" "$MEET_CONF"
#Start with audio muted but admin
sed -i "s|// startAudioMuted: 10,|startAudioMuted: 2,|" "$MEET_CONF"
sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" "$MEET_CONF"
#Disable/enable welcome page
[ "$ENABLE_WELCP" = "yes" ] && ENABLE_WELCP_BOL=true
[ "$ENABLE_WELCP" = "no" ] && ENABLE_WELCP_BOL=false
export ENABLE_WELCP_BOL
echo "> Patching config.js to modify welcompage behavior..."
echo " Read more about patches at the patches folder."
envsubst < \
patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch | \
patch --no-backup-if-mismatch -d / -p1
if [ "$ENABLE_WELCP" = "yes" ]; then
sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" "$MEET_CONF"
elif [ "$ENABLE_WELCP" = "no" ]; then
sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" "$MEET_CONF"
fi
#Enable close page
[ "$ENABLE_CLOCP" = "yes" ] && \
sed -i "s|// enableClosePage:.*|enableClosePage: true,|" "$MEET_CONF"
[ "$ENABLE_CLOCP" = "no" ] && \
sed -i "s|// enableClosePage:.*|enableClosePage: false,|" "$MEET_CONF"
if [ "$ENABLE_CLOCP" = "yes" ]; then
sed -i "s|.*enableClosePage:.*| enableClosePage: true,|" "$MEET_CONF"
elif [ "$ENABLE_CLOCP" = "no" ]; then
sed -i "s|.*enableClosePage:.*| enableClosePage: false,|" "$MEET_CONF"
fi
#Add pre-join screen by default, since it improves YouTube autoplay capabilities
#pre-join screen by itself don't require autorization by moderator, don't confuse with lobby which does.
@ -1108,8 +1219,7 @@ if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then
systemctl disable jibri
systemctl disable jibri-xorg
systemctl disable jibri-icewm
# Manually apply permissions since finalize_recording.sh won't be
# triggered under this server options.
# Manually apply permissions since finalize_recording.sh won't be triggered under this server options.
chmod -R 770 "$DIR_RECORD"
fi
@ -1148,9 +1258,8 @@ if [ -f "$WS_CONF" ]; then
sed -i "/external_api.js/i \\\n" "$WS_CONF"
systemctl reload nginx
else
printf "No interface_config.js configuration done to server file,"
printf " please report to:"
printf " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
echo "No interface_config.js configuration done to server file, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi
#JRA via Nextcloud
if [ "$ENABLE_NC_ACCESS" = "yes" ]; then
@ -1162,16 +1271,7 @@ if [ "$ENABLE_NC_ACCESS" = "yes" ]; then
fi
fi
sleep .1
#Jigasi w/VOSK backend.
if [ "$ENABLE_TRANSCRIPT" = "yes" ]; then
printf "\nJigasi with VOSK backend will be enabled."
if [ "$MODE" = "debug" ]; then
bash "$PWD"/jigasi-vosk-backend.sh -m debug
else
bash "$PWD"/jigasi-vosk-backend.sh
fi
fi
sleep .1
#Grafana Dashboard
if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then
printf "\nGrafana Dashboard will be enabled."

2
tools/aws-grub-setup.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Automated AWS generic kernel setup for jibri.
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
while getopts m: option

2
tools/fail2ban_ssh.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Simple Fail2ban configuration
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later.
while getopts m: option

2
tools/jibri-conf-upgrade.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Simple Jibri conf updater
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later.
while getopts m: option

2
tools/jibri-resolution-enhancer.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Simple Jibri resolution enhancer
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later.
while getopts m: option

138
tools/prepare_php.sh
View File

@ -1,138 +0,0 @@
#!/bin/bash
# Automated PHP environment build for Nextcloud.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
PHPVER=$1
STABLE_PHP="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
DISTRO_RELEASE="$(lsb_release -sc)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHP_REPO_URL="http://ppa.launchpad.net/ondrej/php/ubuntu"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
TMP_GPG_REPO="$(mktemp -d)"
if [ $# -ne 1 ]; then
echo "Usage: $0 8.2"
exit 1
fi
install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " $1 is installed, skipping..."
else
printf "\n---- Installing %s ----" "$1"
apt-get -yq2 install "$1"
fi
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison "$i" 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages #< don't quote.
packages=""
}
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
add_php_repo() {
if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed"
apt-get -q2 update
apt-get -yq2 dist-upgrade
else
echo "# Adding Ondrej PHP $PHPVER PPA Repository"
add_gpg_keyring E5267A6C
echo "deb [arch=amd64] $PHP_REPO_URL $DISTRO_RELEASE main" | \
tee /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2
fi
}
add_php_repo
install_aval_package " \
imagemagick \
php$PHPVER-fpm \
php$PHPVER-bcmath \
php$PHPVER-bz2 \
php$PHPVER-cli \
php$PHPVER-cgi \
php$PHPVER-curl \
php$PHPVER-gd \
php$PHPVER-gmp \
php$PHPVER-imagick \
php$PHPVER-intl \
php$PHPVER-json \
php$PHPVER-ldap \
php$PHPVER-mbstring \
php$PHPVER-pgsql \
php$PHPVER-redis \
php$PHPVER-soap \
php$PHPVER-xml \
php$PHPVER-xmlrpc \
php$PHPVER-zip \
redis-server \
unzip \
"
#System related
install_ifnot smbclient
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF"
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF"
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF"
sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF"
echo "
Tunning PHP.ini...
"
# Change values in php.ini (increase max file size)
# max_execution_time
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
# max_input_time
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
# memory_limit
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
# post_max
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
# upload_max
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
phpenmod opcache
{
echo "# OPcache settings for Nextcloud"
echo "opcache.enable=1"
echo "opcache.enable_cli=1"
echo "opcache.interned_strings_buffer=8"
echo "opcache.max_accelerated_files=10000"
echo "opcache.memory_consumption=256"
echo "opcache.save_comments=1"
echo "opcache.revalidate_freq=1"
echo "opcache.validate_timestamps=1"
} >> "$PHP_INI"
update-alternatives --set php /usr/bin/php"$STABLE_PHP"
update-alternatives --set php-fpm.sock /run/php/php"$STABLE_PHP"-fpm.sock
update-alternatives --set php-cgi /usr/bin/php-cgi"$STABLE_PHP"
update-alternatives --set php-cgi-bin /usr/lib/cgi-bin/php"$STABLE_PHP"
update-alternatives --set phar /usr/bin/phar"$STABLE_PHP"
update-alternatives --set phar.phar /usr/bin/phar.phar"$STABLE_PHP"
systemctl restart php"$PHPVER"-fpm.service

2
tools/start-over.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#Start over
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later.
while getopts m: option

2
tools/test-jibri-env.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Simple Jibri Env tester
# SwITNet Ltd © - 2024, https://switnet.net/
# SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later.
while getopts m: option