switnet
/
quick-jibri-installer
2
1
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases 14 Wiki Activity

Compare commits

base: switnet:master
Branches Tags
switnet:master
switnet:v8.0
switnet:v7.3.0
switnet:v7.1.0
switnet:v7.0.0
switnet:6.0.1.1
switnet:v5.0.0
switnet:v4.0.0
switnet:v3.0.1
switnet:v2.1.0
switnet:v2.0.2
switnet:v2.0.1
switnet:v2.0
switnet:v1.0.1
switnet:v1.0
..
compare: switnet:v7.3.0
Branches Tags
switnet:master
switnet:v8.0
switnet:v7.3.0
switnet:v7.1.0
switnet:v7.0.0
switnet:6.0.1.1
switnet:v5.0.0
switnet:v4.0.0
switnet:v3.0.1
switnet:v2.1.0
switnet:v2.0.2
switnet:v2.0.1
switnet:v2.0
switnet:v1.0.1
switnet:v1.0

No commits in common. "master" and "v7.3.0" have entirely different histories.
master ... v7.3.0

32 changed files with 1047 additions and 1753 deletions
Show Stats Expand all files Collapse all files

11
README.md
View File

@ -56,8 +56,9 @@ Check more details on our wiki.
### Jibri Recodings Access via Nextcloud ### Jibri Recodings Access via Nextcloud
* Valid domain with DNS record for Nextcloud SSL. * Valid domain with DNS record for Nextcloud SSL.
### Jigasi Transcript ### Jigasi Transcript (stalled)
* Enough disk space to run Vosk backend via docker container. * SIP account
* Google Cloud Account with Billing setup.
@ -78,7 +79,7 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
* Etherpad via docker install * Etherpad via docker install
* Authentication * Authentication
1. Local 1. Local
2. JWT ([#87](https://forge.switnet.net/switnet/quick-jibri-installer/issues/87)) 2. JWT
3. None 3. None
* Lobby Rooms * Lobby Rooms
* Conference Duration * Conference Duration
@ -89,7 +90,7 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
* Enabled Jitsi Electron app detection server side. * Enabled Jitsi Electron app detection server side.
* Standalone SSL Certbot/LE implementation * Standalone SSL Certbot/LE implementation
* Improved recurring updater * Improved recurring updater
* Jigasi Transcript - vía Vosk speech recognition toolkit. * Jigasi Transcript - Speech to Text powered by Google API (stalled)
## Tools ## Tools
* Jibri Environment Tester * Jibri Environment Tester
@ -118,4 +119,4 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
SwITNet Ltd © - 2025, https://switnet.net/ SwITNet Ltd © - 2023, https://switnet.net/

269
add-jibri-node.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Jibri Node Aggregator # Jibri Node Aggregator
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
### 0_LAST EDITION TIME STAMP ### ### 0_LAST EDITION TIME STAMP ###
@ -16,13 +16,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi fi
#Make sure the file name is the required one #Make sure the file name is the required one
@ -32,6 +28,12 @@ if [ ! "$(basename "$0")" = "add-jibri-node.sh" ]; then
exit exit
fi fi
#Check admin rights
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
### 0_VAR_DEF ### 0_VAR_DEF
MAIN_SRV_DIST=TBD MAIN_SRV_DIST=TBD
MAIN_SRV_REPO=TBD MAIN_SRV_REPO=TBD
@ -49,18 +51,17 @@ JITSI_REPO=$(apt-cache policy | awk '/jitsi/&&/stable/{print$3}' | awk -F / 'NR=
JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" JIBRI_CONF="/etc/jitsi/jibri/jibri.conf"
DIR_RECORD="/var/jbrecord" DIR_RECORD="/var/jbrecord"
REC_DIR="/home/jibri/finalize_recording.sh" REC_DIR="/home/jibri/finalize_recording.sh"
CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)"
GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}')
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
#PUBLIC_IP="$(wget -qO- https://api.ipify.org)" #PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key"
NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}" NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}"
NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
GIT_FORGE="https://forge.switnet.net" GITHUB_RAW="https://raw.githubusercontent.com"
GIT_REPO="switnet/quick-jibri-installer" GIT_REPO="switnet-ltd/quick-jibri-installer"
JIBRI_CONF_ONLINE="$GIT_FORGE/$GIT_REPO/raw/branch/master/files/jibri.conf" TEST_JIBRI_ENV="$GITHUB_RAW/$GIT_REPO/unstable/tools/test-jibri-env.sh"
TEST_JIBRI_ENV="$GIT_FORGE/$GIT_REPO/raw/branch/master/tools/test-jibri-env.sh"
SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)" SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)"
JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf"
### 1_VAR_DEF ### 1_VAR_DEF
@ -187,19 +188,18 @@ hostnamectl set-hostname "jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}"
sed -i "1i 127.0.0.1 jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts sed -i "1i 127.0.0.1 jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts
# Jitsi-Meet Repo # Jitsi-Meet Repo
printf "\nAdd Jitsi repo\n" echo "Add Jitsi repo"
if [ "$JITSI_REPO" = "stable" ]; then if [ -z "$JITSI_REPO" ]; then
printf " - Jitsi stable repository already installed\n\n" echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
echo "Main and node servers repository don't match, extiting.."
exit
elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
echo "Main and node servers repository match, continuing..."
else else
echo "deb [signed-by=$JITSI_GPG_KEY] http://download.jitsi.org stable/" \ echo "Jitsi $JITSI_REPO repository already installed"
> /etc/apt/sources.list.d/jitsi-stable.list
curl -s https://download.jitsi.org/jitsi-key.gpg.key \
> "$JITSI_GPG_KEY"
apt-get update -q2
JITSI_REPO="stable"
fi fi
sleep .1
# Requirements # Requirements
echo "We'll start by installing system requirements this may take a while please be patient..." echo "We'll start by installing system requirements this may take a while please be patient..."
@ -212,7 +212,7 @@ apt-get -y install \
curl \ curl \
ffmpeg \ ffmpeg \
git \ git \
btop \ htop \
inotify-tools \ inotify-tools \
jq \ jq \
rsync \ rsync \
@ -221,30 +221,32 @@ apt-get -y install \
wget wget
check_snd_driver() { check_snd_driver() {
printf "\n# Checking ALSA - Loopback module..." echo -e "\n# Checking ALSA - Loopback module..."
echo "snd-aloop" | tee -a /etc/modules echo "snd-aloop" | tee -a /etc/modules
modprobe snd-aloop modprobe snd-aloop
if [ "$(lsmod|awk '/snd_aloop/{print$1}'|awk 'NR==1')" = "snd_aloop" ]; then if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then
echo -e "\n#-----------------------------------------------------------------------" echo "
echo "# Audio driver seems - OK." #-----------------------------------------------------------------------
echo -e "#-----------------------------------------------------------------------\n" # Audio driver seems - OK.
else #-----------------------------------------------------------------------"
echo -e "\n#-----------------------------------------------------------------------" else
echo "# Your audio driver might not be able to load." echo "
echo "# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool." #-----------------------------------------------------------------------
echo -e "#-----------------------------------------------------------------------\n" # Your audio driver might not be able to load.
curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh # We'll check the state of this Jibri with our 'test-jibri-env.sh' tool.
#Test tool #-----------------------------------------------------------------------"
curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh
#Test tool
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
bash /tmp/test-jibri-env.sh -m debug bash /tmp/test-jibri-env.sh -m debug
else else
bash /tmp/test-jibri-env.sh bash /tmp/test-jibri-env.sh
fi fi
read -n 1 -s -r -p "Press any key to continue..."$'\n' rm /tmp/test-jibri-env.sh
fi read -n 1 -s -r -p "Press any key to continue..."$'\n'
fi
} }
###FIXME: Trisquel support broken by lsb_release usage###
echo "# Check and Install HWE kernel if possible..." echo "# Check and Install HWE kernel if possible..."
HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")" HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")"
if [ "$HWE_VIR_MOD" = "1" ]; then if [ "$HWE_VIR_MOD" = "1" ]; then
@ -270,37 +272,27 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then
echo "Google repository already set." echo "Google repository already set."
else else
echo "Installing Google Chrome Stable" echo "Installing Google Chrome Stable"
curl -s https://dl.google.com/linux/linux_signing_key.pub | \ wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add -
gpg --dearmor | tee /etc/apt/trusted.gpg.d/google-chrome-key.gpg >/dev/null
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO"
fi fi
apt-get -q2 update apt-get -q2 update
apt-get install -yq2 google-chrome-stable apt-get install -y google-chrome-stable
rm -rf "$GOOGL_REPO" rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list
G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \
jq -r ".versions[].downloads.chromedriver | \
select(. != null) | .[].url" | grep linux64 | \
grep "$G_CHROME" | tail -1)
CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL")
GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
if [ -f /usr/local/bin/chromedriver ]; then if [ -f /usr/local/bin/chromedriver ]; then
echo "Chromedriver already installed." echo "Chromedriver already installed."
else else
echo "Installing Chromedriver" echo "Installing Chromedriver"
wget -q "$CHD_LTST_DWNL" \ wget -q https://chromedriver.storage.googleapis.com/"$CHD_VER"/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip
-O /tmp/chromedriver_linux64.zip unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/
unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/
mv /usr/local/bin/chromedriver-linux64/chromedriver /usr/local/bin/chromedriver
chown root:root /usr/local/bin/chromedriver chown root:root /usr/local/bin/chromedriver
chmod 0755 /usr/local/bin/chromedriver chmod 0755 /usr/local/bin/chromedriver
rm -rf /tmp/chromedriver_linux64.zip rm -rf /tpm/chromedriver_linux64.zip
fi fi
printf "\nCheck Google Software Working...\n" echo "
Check Google Software Working...
"
/usr/bin/google-chrome --version /usr/bin/google-chrome --version
/usr/local/bin/chromedriver --version | awk '{print$1,$2}' /usr/local/bin/chromedriver --version | awk '{print$1,$2}'
@ -309,13 +301,15 @@ echo '
Start Jibri configuration Start Jibri configuration
######################################################################## ########################################################################
' '
printf "\nRemove Chrome warning...\n" echo "
Remove Chrome warning...
"
mkdir -p /etc/opt/chrome/policies/managed mkdir -p /etc/opt/chrome/policies/managed
echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON" echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON"
# Recording directory # Recording directory
if [ ! -d "$DIR_RECORD" ]; then if [ ! -d "$DIR_RECORD" ]; then
mkdir "$DIR_RECORD" mkdir "$DIR_RECORD"
fi fi
chown -R jibri:jibri "$DIR_RECORD" chown -R jibri:jibri "$DIR_RECORD"
@ -331,10 +325,19 @@ echo "or storage provider, etc.) in this script" >> /tmp/finalize.out
chmod -R 770 \$RECORDINGS_DIR chmod -R 770 \$RECORDINGS_DIR
LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -nr|sed 1d|awk '{print\$2}'| grep -v "meta\|_" | head -n1)" #Rename folder.
NJF_NAME="\$(find \$LJF_PATH |grep "mp4"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)" LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -n -r|awk '{print\$2}'| grep -v "meta\|-" | head -n1)"
NJF_NAME="\$(find \$LJF_PATH |grep -e "-"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)"
NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME" NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME"
mv \$LJF_PATH \$NJF_PATH
##Prevent empty recording directory failsafe
if [ "\$LJF_PATH" != "\$RECORDINGS_DIR" ]; then
mv \$LJF_PATH \$NJF_PATH
#Workaround for jibri to do cleaning.
ssh -i /home/jibri/jbsync.pem $MJS_USER@$MAIN_SRV_DOMAIN "rm -r \$LJF_PATH"
else
echo "No new folder recorded, not removing anything."
fi
exit 0 exit 0
REC_DIR REC_DIR
@ -343,15 +346,117 @@ chmod +x "$REC_DIR"
## New Jibri Config (2020) ## New Jibri Config (2020)
mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file
curl -s "$JIBRI_CONF_ONLINE" > "$JIBRI_CONF" cat << NEW_CONF > "$JIBRI_CONF"
sed -i "s|JIBRI_RES_CONF|$JIBRI_RES_CONF|g" "$JIBRI_CONF" // New XMPP environment config.
sed -i "s|DIR_RECORD|$DIR_RECORD|g" "$JIBRI_CONF" jibri {
sed -i "s|REC_DIR|$REC_DIR|g" "$JIBRI_CONF" streaming {
sed -i "s|JB_NAME|$JB_NAME|g" "$JIBRI_CONF" // A list of regex patterns for allowed RTMP URLs. The RTMP URL used
sed -i "s|DOMAIN|$MAIN_SRV_DOMAIN|g" "$JIBRI_CONF" // when starting a stream must match at least one of the patterns in
sed -i "s|JibriBrewery|$JibriBrewery|g" "$JIBRI_CONF" // this list.
sed -i "s|JB_AUTH_PASS|$JB_AUTH_PASS|g" "$JIBRI_CONF" rtmp-allow-list = [
sed -i "s|JB_REC_PASS|$JB_REC_PASS|g" "$JIBRI_CONF" // By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = "$JIBRI_RES_CONF"
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors",
"--disable-dev-shm-usage"
]
}
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording {
recordings-directory = $DIR_RECORD
finalize-script = $REC_DIR
}
api {
xmpp {
environments = [
{
// A user-friendly name for this environment
name = "$JB_NAME"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ "$MAIN_SRV_DOMAIN" ]
// The base XMPP domain
xmpp-domain = "$MAIN_SRV_DOMAIN"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.$MAIN_SRV_DOMAIN"
room-name = "$JibriBrewery"
nickname = "machine-id"
}
// The login information for the control MUC
control-login {
domain = "auth.$MAIN_SRV_DOMAIN"
username = "jibri"
password = "$JB_AUTH_PASS"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = "recorder.$MAIN_SRV_DOMAIN"
username = "recorder"
password = "$JB_REC_PASS"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 0 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
}
NEW_CONF
#Jibri xorg resolution #Jibri xorg resolution
sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF"
@ -362,20 +467,16 @@ echo "$NJN_USER:$NJN_USER_PASS" | chpasswd
echo -e "\n---- We'll connect to main server ----" echo -e "\n---- We'll connect to main server ----"
read -n 1 -s -r -p "Press any key to continue..."$'\n' read -n 1 -s -r -p "Press any key to continue..."$'\n'
sudo su "$NJN_USER" -c "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -o -a 200 -q -N ''" sudo su "$NJN_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''"
install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_ed25519 /home/jibri/jbsync.pem #Workaround for jibri to do cleaning.
install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_rsa /home/jibri/jbsync.pem
sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts" sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts"
sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts"
sudo su jibri -c "ssh-keyscan -t ed25519 $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts"
echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n"
ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts
ssh-keyscan -t ed25519 "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub
[ -f /home/"$NJN_USER"/.ssh/id_rsa.pub ] && \
ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub
[ -f /home/"$NJN_USER"/.ssh/id_ed25519.pub ] && \
ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_ed25519.pub
sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts"
echo -e "\n---- Setup Log system ----" echo -e "\n---- Setup Log system ----"
@ -390,7 +491,7 @@ exec 1>/var/log/"$NJN_USER"/remote_jnsync.log 2>&1
# Run sync # Run sync
while true; do while true; do
inotifywait -t 60 -r -e modify,attrib,close_write,move,delete "$DIR_RECORD" inotifywait -t 60 -r -e modify,attrib,close_write,move,delete "$DIR_RECORD"
sudo su "$NJN_USER" -c "rsync -Aax --chmod=Dg+rwx,Fg+rw --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD" sudo su "$NJN_USER" -c "rsync -Aax --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD"
find "$DIR_RECORD" -depth -type d -empty -not -path "$DIR_RECORD" -delete find "$DIR_RECORD" -depth -type d -empty -not -path "$DIR_RECORD" -delete
done done
INOT_RSYNC INOT_RSYNC

17
add-jvb2-node.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# JVB2 Node Aggregator # JVB2 Node Aggregator
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
### 0_LAST EDITION TIME STAMP ### ### 0_LAST EDITION TIME STAMP ###
@ -16,13 +16,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi fi
#Make sure the file name is the required one #Make sure the file name is the required one
@ -32,6 +28,13 @@ if [ ! "$(basename "$0")" = "add-jvb2-node.sh" ]; then
exit exit
fi fi
#Check admin rights
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
### 0_VAR_DEF ### 0_VAR_DEF
MAIN_SRV_DIST=TBD MAIN_SRV_DIST=TBD
MAIN_SRV_REPO=TBD MAIN_SRV_REPO=TBD

96
etherpad-docker.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Etherpad Installer for Jitsi Meet # Etherpad Installer for Jitsi Meet
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# #
# GPLv3 or later. # GPLv3 or later.
@ -13,8 +13,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi fi
if ! [ "$(id -u)" = 0 ]; then if ! [ "$(id -u)" = 0 ]; then
@ -29,11 +30,9 @@ echo '
######################################################################## ########################################################################
by Software, IT & Networks Ltd by Software, IT & Networks Ltd
' '
FORGE_REPO="https://forge.switnet.net/switnet/quick-jibri-installer"
check_apt_policy() { check_apt_policy() {
apt-cache policy 2>/dev/null| \ apt-cache policy 2>/dev/null| awk "/$1/{print \$3}" | awk -F '/' 'NR==1{print$2}'
awk "/$1/{print \$3}" | \
awk -F '/' 'NR==1{print$2}'
} }
install_ifnot() { install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
@ -43,16 +42,6 @@ if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")"
apt-get -yq2 install "$1" apt-get -yq2 install "$1"
fi fi
} }
# Test for matches
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to $FORGE_REPO"
exit
fi
}
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
@ -60,26 +49,23 @@ PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{pri
ETHERPAD_DB_USER="dockerpad" ETHERPAD_DB_USER="dockerpad"
ETHERPAD_DB_NAME="etherpad" ETHERPAD_DB_NAME="etherpad"
ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
WS_CONF_MATCH1="# ensure all static content can always be found first" DOCKER_CE_REPO="$(check_apt_policy docker)"
WS_MATCH2="upstream prosody {"
echo "Add Docker repo"
if [ "$DOCKER_CE_REPO" = "stable" ]; then
echo "Docker repository already installed"
else
echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker-ce.list
wget -qO - https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg >/dev/null
apt -q2 update
fi
read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS
install -m 600 /dev/null /var/opt/etherpad_details.txt
cat << EOF > /var/opt/etherpad_details.txt
ETHERPAD_ADMIN_PASS=$ETHERPAD_ADMIN_PASS
ETHERPAD_DB_USER=$ETHERPAD_DB_USER
ETHERPAD_DB_NAME=$ETHERPAD_DB_NAME
ETHERPAD_DB_PASS=$ETHERPAD_DB_PASS
EOF
# Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
test_match "$WS_MATCH2" "$WS_CONF"
# Install required packages # Install required packages
install_ifnot docker.io install_ifnot docker-ce
install_ifnot postgresql-"$PSGVER" install_ifnot postgresql-"$PSGVER"
# Create DB # Create DB
@ -88,15 +74,15 @@ sudo -u postgres psql <<DB
CREATE DATABASE ${ETHERPAD_DB_NAME}; CREATE DATABASE ${ETHERPAD_DB_NAME};
CREATE USER ${ETHERPAD_DB_USER} WITH ENCRYPTED PASSWORD '${ETHERPAD_DB_PASS}'; CREATE USER ${ETHERPAD_DB_USER} WITH ENCRYPTED PASSWORD '${ETHERPAD_DB_PASS}';
GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER}; GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER};
\c ${ETHERPAD_DB_NAME}
ALTER SCHEMA public OWNER TO ${ETHERPAD_DB_USER};
DB DB
echo " -- Your etherpad db password is: $ETHERPAD_DB_PASS"
echo -e " Please save it somewhere safe.\n"
# Check fot docker if not running then execute # Check fot docker if not running then execute
if [ ! "$(docker ps -q -f name=etherpad)" ]; then if [ ! "$(docker ps -q -f name=etherpad)" ]; then
if [ "$(docker ps -aq -f status=exited -f name=etherpad)" ]; then if [ "$(docker ps -aq -f status=exited -f name=etherpad)" ]; then
# cleanup # cleanup
docker rm -f etherpad docker rm etherpad
fi fi
# run your container # run your container
docker run -d --restart always \ docker run -d --restart always \
@ -110,7 +96,7 @@ if [ ! "$(docker ps -q -f name=etherpad)" ]; then
-e "DB_NAME=$ETHERPAD_DB_NAME" \ -e "DB_NAME=$ETHERPAD_DB_NAME" \
-e "DB_USER=$ETHERPAD_DB_USER" \ -e "DB_USER=$ETHERPAD_DB_USER" \
-e "DB_PASS=$ETHERPAD_DB_PASS" \ -e "DB_PASS=$ETHERPAD_DB_PASS" \
etherpad/etherpad -i -t etherpad/etherpad
fi fi
# Tune webserver for Jitsi App control # Tune webserver for Jitsi App control
@ -119,31 +105,17 @@ if [ "$(grep -c etherpad "$WS_CONF")" != 0 ]; then
echo "> Webserver seems configured, skipping..." echo "> Webserver seems configured, skipping..."
elif [ -f "$WS_CONF" ]; then elif [ -f "$WS_CONF" ]; then
echo "> Setting up webserver configuration file..." echo "> Setting up webserver configuration file..."
if ! grep -q 'map $http_upgrade $connection_upgrade' "$WS_CONF"; then sed -i "/# ensure all static content can always be found first/i \ \ \ \ #Etherpad block" "$WS_CONF"
echo " > Setting mapping upgrade connection." sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF"
sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections or Etherpad" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF"
sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF"
else sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF"
echo " > Upgrade connection mapping already setup."
fi
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ #Etherpad block" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_redirect off;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \\\n" "$WS_CONF"
else else
echo "> No etherpad config done to server file, please report to:" echo "> No etherpad config done to server file, please report to:
echo " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi fi
# Configure config.js # Configure config.js
@ -151,7 +123,7 @@ if [ "$(grep -c "etherpad_base" "$WS_CONF")" != 0 ]; then
echo -e "> $MEET_CONF seems configured, skipping...\n" echo -e "> $MEET_CONF seems configured, skipping...\n"
else else
echo -e "> Setting etherpad domain at $MEET_CONF...\n" echo -e "> Setting etherpad domain at $MEET_CONF...\n"
sed -i "s|// etherpad_base: .*|etherpad_base: \'https://$DOMAIN/etherpad/p/\',|" "$MEET_CONF" sed -i "/ openSharedDocumentOnJoin:/a\ \ \ \ etherpad_base: \'https://$DOMAIN/etherpad/p/\'," "$MEET_CONF"
fi fi
echo "> Checking nginx configuration..." echo "> Checking nginx configuration..."
@ -161,6 +133,6 @@ if nginx -t 2>/dev/null ; then
# systemctl reload nginx # systemctl reload nginx
else else
echo "Please check your configuration, something may be wrong." echo "Please check your configuration, something may be wrong."
echo "Will not try to enable etherpad nginx configuration, please report to:" echo "Will not try to enable etherpad nginx configuration, please report to:
echo " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi fi

85
excalidraw-backend.sh
View File

@ -4,27 +4,9 @@
# Based on: # Based on:
# - https://community.jitsi.org/t/118883 # - https://community.jitsi.org/t/118883
# #
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option
do
case "${option}"
in
m) MODE=${OPTARG};;
\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
esac
done
if [ "$MODE" = "debug" ]; then
set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
# Reset # Reset
Color_Off='\e[0m' # Text Reset Color_Off='\e[0m' # Text Reset
# Regular Colors # Regular Colors
@ -44,32 +26,25 @@ printwc "${Blue}" "\n#--------------------------------------------------"
printwc "${Blue}" "\n# $1" printwc "${Blue}" "\n# $1"
printwc "${Blue}" "\n#--------------------------------------------------\n" printwc "${Blue}" "\n#--------------------------------------------------\n"
} }
restart_jibri() {
if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
then
systemctl restart jibri
systemctl restart jibri-icewm
systemctl restart jibri-xorg
else
echo "Jibri service not installed"
fi
}
restart_services() {
systemctl restart jitsi-videobridge2
systemctl restart jicofo
restart_jibri
systemctl restart prosody
}
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
while getopts m: option
do
case "${option}"
in
m) MODE=${OPTARG};;
\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
esac
done
#DEBUG
if [ "$MODE" = "debug" ]; then
set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
clear clear
echo -e '\n echo -e '\n
######################################################################## ########################################################################
@ -86,12 +61,23 @@ WS_MATCH1='# ensure all static content can always be found first'
PROS_MATCH1='"av_moderation";' PROS_MATCH1='"av_moderation";'
PROS_MATCH2='breakout_rooms_muc = "breakout.' PROS_MATCH2='breakout_rooms_muc = "breakout.'
PROS_MATCH3='VirtualHost "recorder.' PROS_MATCH3='VirtualHost "recorder.'
CONFIG_MATCH1='List of undocumented settings used in jitsi-meet' CONFIG_MATCH1='Settings for the GIPHY integration'
EXCALIDRAW_HOME="/opt/excalidraw" EXCALIDRAW_HOME="/opt/excalidraw"
EXCAL_MATCH1="prometheus.metrics(io" EXCAL_MATCH1="prometheus.metrics(io"
EXCAL_NEW_PORT="9091" EXCAL_NEW_PORT="9091"
EXCAL_PORT_FILE="$EXCALIDRAW_HOME/backend/src/index.ts" EXCAL_PORT_FILE="$EXCALIDRAW_HOME/backend/src/index.ts"
# Test for matches
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
# Make sure we can rely on the match strings. # Make sure we can rely on the match strings.
printf "Testing match strings on config files.\n" printf "Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF" test_match "$WS_MATCH1" "$WS_CONF"
@ -114,14 +100,14 @@ sudo -u excalidraw cp .env.development .env.production
# Use documented port to get some sort of standarization. # Use documented port to get some sort of standarization.
if sed -n "/$EXCAL_MATCH1/,/});/p" "$EXCAL_PORT_FILE" |grep -q port: ; then if sed -n "/$EXCAL_MATCH1/,/});/p" "$EXCAL_PORT_FILE" |grep -q port: ; then
echo -e "> Update predefined port for metrics to $EXCAL_NEW_PORT\n" echo "> Update predefined port for metrics to $EXCAL_NEW_PORT\n"
sed -i "/$EXCAL_MATCH1/,/});/s|port:.*,|port: $EXCAL_NEW_PORT,|" "$EXCAL_PORT_FILE" sed -i "/$EXCAL_MATCH1/,/});/s|port:.*,|port: $EXCAL_NEW_PORT,|" "$EXCAL_PORT_FILE"
else else
echo -e "> Define new port from default to $EXCAL_NEW_PORT\n" echo "> Define new port from default to $EXCAL_NEW_PORT\n"
sed -i "/$EXCAL_MATCH1/a \ \ \ \ port: $EXCAL_NEW_PORT," "$EXCAL_PORT_FILE" sed -i "/$EXCAL_MATCH1/a \ \ \ \ port: $EXCAL_NEW_PORT," "$EXCAL_PORT_FILE"
fi fi
printf "Installing npm backend.\n" printf "\nInstalling npm backend.\n"
sudo -u excalidraw npm install sudo -u excalidraw npm install
sudo -u excalidraw npm run build sudo -u excalidraw npm run build
@ -156,7 +142,7 @@ else
sed -i "/$PROS_MATCH3/i \\\n" "$PROSODY_FILE" sed -i "/$PROS_MATCH3/i \\\n" "$PROSODY_FILE"
fi fi
printf "\n# Checking for whitebord setup at %s.\n" "$(basename "$MEET_CONF")" printf "\n# Checking for whitebord setup at $(basename "$MEET_CONF").\n"
if [ -z "$(sed -n '/whiteboard: {/,/},/p' "$MEET_CONF")" ]; then if [ -z "$(sed -n '/whiteboard: {/,/},/p' "$MEET_CONF")" ]; then
echo "> No present configuration on current config.js file" echo "> No present configuration on current config.js file"
sed -i "/$CONFIG_MATCH1/i \\\n" "$MEET_CONF" sed -i "/$CONFIG_MATCH1/i \\\n" "$MEET_CONF"
@ -205,4 +191,3 @@ systemctl enable excalidraw.service
systemctl start excalidraw.service systemctl start excalidraw.service
printwc "${Green}" "\nExcalidraw setup complete!\n" printwc "${Green}" "\nExcalidraw setup complete!\n"
restart_services

109
files/jibri.conf
View File

@ -1,109 +0,0 @@
// XMPP environment config.
jibri {
streaming {
// A list of regex patterns for allowed RTMP URLs. The RTMP URL used
// when starting a stream must match at least one of the patterns in
// this list.
rtmp-allow-list = [
// By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = JIBRI_RES_CONF
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors",
"--disable-dev-shm-usage"
]
}
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording {
recordings-directory = "DIR_RECORD"
finalize-script = "REC_DIR"
}
api {
xmpp {
environments = [
{
// A user-friendly name for this environment
name = "JB_NAME"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ "DOMAIN" ]
// The base XMPP domain
xmpp-domain = "DOMAIN"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.DOMAIN"
room-name = "JibriBrewery"
nickname = "Live"
}
// The login information for the control MUC
control-login {
domain = "auth.DOMAIN"
username = "jibri"
password = "JB_AUTH_PASS"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = "recorder.DOMAIN"
username = "recorder"
password = "JB_REC_PASS"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 0 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
}

24
files/mod_token_moderator_owner.lua
View File

@ -1,24 +0,0 @@
-- Promotes to owner (real moderator) if the JWT has context.user.moderator = true
local util = module:require "util"
local is_admin = util.is_admin
local is_healthcheck_room = util.is_healthcheck_room
-- When a participant enters the room:
module:hook('muc-occupant-joined', function (event)
local room, occupant, session = event.room, event.occupant, event.origin
-- Ignores focus/healthcheck/etc.
if is_healthcheck_room(room.jid) or is_admin(occupant.bare_jid) then
return
end
-- Requires moderator token and claim (accepts boolean or string "true")
local user = session and session.jitsi_meet_context_user
local has_token = session and session.auth_token
local wants_mod = user and (user.moderator == true or user.moderator == "true")
if has_token and wants_mod then
-- Assign owner affiliation -> Jicofo will see you as moderator
room:set_affiliation(true, occupant.bare_jid, 'owner')
end
end, 1)

177
files/nextcloud.conf
View File

@ -1,177 +0,0 @@
# Nextcloud 28 nginx - configuration
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php_PHPVER-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
listen [::]:80;
server_name _NC_DOMAIN;
# enforce https
return 301 https://\$server_name\$request_uri;
}
server {
listen _NC_NGINX_SSL_PORT ssl http2;
listen [::]:_NC_NGINX_SSL_PORT ssl http2;
server_name _NC_DOMAIN;
# Path to the root of your installation
root _NC_PATH/;
ssl_certificate /etc/letsencrypt/live/_NC_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/_NC_DOMAIN/privkey.pem;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

74
grafana.sh
View File

@ -8,7 +8,7 @@
# by "mephisto" # by "mephisto"
# #
# Igor Kerstges © - 2021 # Igor Kerstges © - 2021
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# #
# GPLv3 or later. # GPLv3 or later.
@ -21,8 +21,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi fi
if ! [ "$(id -u)" = 0 ]; then if ! [ "$(id -u)" = 0 ]; then
@ -42,22 +43,11 @@ systemctl enable "$1"
systemctl restart "$1" systemctl restart "$1"
systemctl status "$1" systemctl status "$1"
} }
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
MAIN_TEL="/etc/telegraf/telegraf.conf" MAIN_TEL="/etc/telegraf/telegraf.conf"
TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf"
GRAFANA_INI="/etc/grafana/grafana.ini" GRAFANA_INI="/etc/grafana/grafana.ini"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
WS_MATCH1="# ensure all static content can always be found first"
WS_MATCH2="upstream prosody {"
GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
# Min requirements # Min requirements
@ -67,17 +57,11 @@ apt-get install -y gnupg2 \
wget \ wget \
jq jq
# Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
echo " echo "
# Setup InfluxDB Packages # Setup InfluxDB Packages
" "
curl -s https://repos.influxdata.com/influxdata-archive.key > \ curl -s https://repos.influxdata.com/influxdata-archive.key > /etc/apt/trusted.gpg.d/influxdata-archive.key
/etc/apt/trusted.gpg.d/influxdata-archive.key echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | \
sudo tee /etc/apt/sources.list.d/influxdb.list
apt-get update && apt-get install influxdb -y apt-get update && apt-get install influxdb -y
run_service influxdb run_service influxdb
@ -86,8 +70,7 @@ echo "
" "
curl -s https://apt.grafana.com/gpg-full.key | \ curl -s https://apt.grafana.com/gpg-full.key | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg >/dev/null gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg >/dev/null
echo "deb https://packages.grafana.com/oss/deb stable main" | \ add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
sudo tee /etc/apt/sources.list.d/grafana_com_oss_deb.list
apt-get update && apt-get install grafana -y apt-get update && apt-get install grafana -y
run_service grafana-server run_service grafana-server
@ -155,13 +138,11 @@ echo '
# extra options to pass to the JVB daemon # extra options to pass to the JVB daemon
JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config
sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties
# Enable videobridge REST API
hocon -f /etc/jitsi/videobridge/jvb.conf set videobridge.apis.rest.enabled true
systemctl restart jitsi-videobridge2 systemctl restart jitsi-videobridge2
echo -e "\n# Setup Grafana nginx domain\n" echo -e "\n# Setup Grafana nginx domain\n"
sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI
sed -i "s|;http_addr =.*|http_addr = 127.0.0.1|" $GRAFANA_INI sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI
sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI
sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI
sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI
@ -179,35 +160,10 @@ while [ $secs -gt 0 ]; do
done done
if [ -f "$WS_CONF" ]; then if [ -f "$WS_CONF" ]; then
echo "> Setting up webserver configuration file..." sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana." "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location ~ ^/(grafana/|grafana/login) {" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana Live WebSocket connections." "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location /grafana/api/live/ {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
if ! grep -q 'map $http_upgrade $connection_upgrade' "$WS_CONF"; then
echo " > Setting mapping upgrade connection."
sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections or Etherpad" "$WS_CONF"
sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF"
else
echo " > Upgrade connection mapping already setup."
fi
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH2/i upstream grafana {" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ server localhost:3000;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF"
systemctl restart nginx systemctl restart nginx
else else
echo "No app configuration done to server file, please report to: echo "No app configuration done to server file, please report to:
@ -223,7 +179,7 @@ PUT -H "Content-Type: application/json;charset=UTF-8" -d \
\"oldPassword\": \"admin\", \"oldPassword\": \"admin\",
\"newPassword\": \"$GRAFANA_PASS\", \"newPassword\": \"$GRAFANA_PASS\",
\"confirmNew\": \"$GRAFANA_PASS\" \"confirmNew\": \"$GRAFANA_PASS\"
}" http://127.0.0.1:3000/api/user/password; echo "" }" http://localhost:3000/api/user/password; echo ""
echo " echo "
# Create InfluxDB datasource # Create InfluxDB datasource
@ -233,16 +189,16 @@ POST -H 'Content-Type: application/json;charset=UTF-8' -d \
'{ '{
"name": "InfluxDB", "name": "InfluxDB",
"type": "influxdb", "type": "influxdb",
"url": "http://127.0.0.1:8086", "url": "http://localhost:8086",
"access": "proxy", "access": "proxy",
"isDefault": true, "isDefault": true,
"database": "jitsi" "database": "jitsi"
}' http://127.0.0.1:3000/api/datasources; echo "" }' http://localhost:3000/api/datasources; echo ""
echo " echo "
# Add Grafana Dashboard # Add Grafana Dashboard
" "
grafana_host="http://127.0.0.1:3000" grafana_host="http://localhost:3000"
grafana_cred="admin:$GRAFANA_PASS" grafana_cred="admin:$GRAFANA_PASS"
grafana_datasource="InfluxDB" grafana_datasource="InfluxDB"
ds=(11969); ds=(11969);

1
images/watermark2.svg
View File

@ -1 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" width="1" height="1"/>
Side by Side

Before

Width:  |  Height:  |  Size: 100 B

141
jigasi-vosk-backend.sh
View File

@ -1,141 +0,0 @@
#!/bin/bash
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
while getopts m: option
do
case "${option}"
in
m) MODE=${OPTARG};;
\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
esac
done
if [ "$MODE" = "debug" ]; then
set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
exit_if_not_installed() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then
echo " This instance doesn't have $1 installed, exiting..."
echo " If you think this is an error, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues "
exit
fi
}
clear
echo ''
echo '########################################################################'
echo ' Jigasi Transcript addon'
echo '########################################################################'
echo ' by Software, IT & Networks Ltd'
echo ''
exit_if_not_installed jitsi-meet
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
JIG_TRANSC_PASWD="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 16 | head -n1)"
JIG_SIP_PROP="/etc/jitsi/jigasi/sip-communicator.properties"
export DOMAIN
export JIG_TRANSC_PASWD
apt-get -q2 update
# Disable SIP account prompt by default
echo "jigasi jigasi/sip-account string ''" | debconf-set-selections
echo "jigasi jigasi/sip-password password ''" | debconf-set-selections
echo "Installing Jigasi, SIP configuration disabled by default."
apt-get -y install gettext-base jigasi docker.io
echo "Please select a language for the VOSK transcription model:"
echo "1) Chinese"
echo "2) English"
echo "3) French"
echo "4) German"
echo "5) Hindi"
echo "6) Japanese"
echo "7) Russian"
echo "8) Spanish"
read -p "Enter the number corresponding to your language choice: " -r lang_choice
case $lang_choice in
1)
echo "You selected Chinese."
VOSK_DOCKER_MODEL="alphacep/kaldi-cn"
;;
2)
echo "You selected English."
VOSK_DOCKER_MODEL="alphacep/kaldi-en"
;;
3)
echo "You selected French."
VOSK_DOCKER_MODEL="alphacep/kaldi-fr"
;;
4)
echo "You selected German."
VOSK_DOCKER_MODEL="alphacep/kaldi-de"
;;
5)
echo "You selected Hindi."
VOSK_DOCKER_MODEL="alphacep/kaldi-hi"
;;
6)
echo "You selected Japanese."
VOSK_DOCKER_MODEL="alphacep/kaldi-ja"
;;
7)
echo "You selected Russian."
VOSK_DOCKER_MODEL="alphacep/kaldi-ru"
;;
8)
echo "You selected Spanish."
VOSK_DOCKER_MODEL="alphacep/kaldi-es"
;;
*)
echo "Invalid selection. Please choose a number between 1 and 8."
;;
esac
# Running selected VOSK docker model.
docker run -d --restart always -p 2700:2700 ${VOSK_DOCKER_MODEL}:latest
echo "Setting up Jigasi transcript with current platform..."
# Jitsi Meet
echo "> Patching Jitsi Meet's config.js for Transcription support."
echo " Read more at patches/jigasi/001-jigasi-meet-config.patch file"
envsubst < patches/jigasi/001-jigasi-meet-config.patch | \
patch --no-backup-if-mismatch -d / -p1
# Jigasi
echo "> Patching jigasi's sip-communicator.properties configuration."
echo " Read more at patches/jigasi/002-jigasi-sip-properties.patch file"
cp "$JIG_SIP_PROP" ${JIG_SIP_PROP}-dpkg-file
envsubst < patches/jigasi/002-jigasi-sip-properties.patch | \
patch --no-backup-if-mismatch -d / -p1
# Create transcribe user on hidden domain.
prosodyctl register transcriber recorder."$DOMAIN" "$JIG_TRANSC_PASWD"
# Restart services.
systemctl restart prosody \
jicofo \
jigasi \
jibri* \
jitsi-videobridge2
echo ""
echo "Full transcript files are available at:"
echo "--> /var/lib/jigasi/transcripts/"
echo ""
echo "Happy transcripting!"
echo ""

47
jitsi-updater.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Jitsi Meet recurring upgrader and customization keeper # Jitsi Meet recurring upgrader and customization keeper
# for Debian/*buntu binaries. # for Debian/*buntu binaries.
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option
@ -13,13 +13,9 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi fi
Blue='\e[0;34m' Blue='\e[0;34m'
@ -31,7 +27,11 @@ Color_Off='\e[0m'
printwc() { printwc() {
printf "%b$2%b" "$1" "${Color_Off}" printf "%b$2%b" "$1" "${Color_Off}"
} }
#Check if user is root
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
if [ ! -f jm-bm.sh ]; then if [ ! -f jm-bm.sh ]; then
echo "Please check that you are running the jitsi updater while being on the project folder" echo "Please check that you are running the jitsi updater while being on the project folder"
echo "other wise the updater might have errors or be incomplete. Exiting..." echo "other wise the updater might have errors or be incomplete. Exiting..."
@ -42,9 +42,7 @@ apt_repo="/etc/apt/sources.list.d"
ENABLE_BLESSM="TBD" ENABLE_BLESSM="TBD"
G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3) G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing" CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \ CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | grep linux64 | grep "$G_CHROME" | tail -1)
jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | \
grep linux64 | grep "$G_CHROME" | tail -1)
CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL") CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL")
CHD_LTST_2D="$(cut -d "." -f 1,2 <<< "$CHD_LTST")" CHD_LTST_2D="$(cut -d "." -f 1,2 <<< "$CHD_LTST")"
CHDB="$(whereis chromedriver | awk '{print$2}')" CHDB="$(whereis chromedriver | awk '{print$2}')"
@ -62,7 +60,8 @@ fi
INT_CONF="/usr/share/jitsi-meet/interface_config.js" INT_CONF="/usr/share/jitsi-meet/interface_config.js"
INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js" INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js"
read -r -a jibri_packages < <(grep ^Package /var/lib/apt/lists/download.jitsi.org_*_Packages | \ read -r -a jibri_packages < <(grep ^Package /var/lib/apt/lists/download.jitsi.org_*_Packages | \
sort -u | awk '{print $2}' | xargs) sort -u | awk '{print $2}' | sed '/jigasi/d' | \
xargs)
AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)" AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)"
if [ -f "$apt_repo"/google-chrome.list ]; then if [ -f "$apt_repo"/google-chrome.list ]; then
read -r -a google_package < <(grep ^Package /var/lib/apt/lists/dl.google.com_*_Packages | \ read -r -a google_package < <(grep ^Package /var/lib/apt/lists/dl.google.com_*_Packages | \
@ -77,7 +76,7 @@ else
echo "Seems no nodejs repo installed" echo "Seems no nodejs repo installed"
fi fi
# True if $1 is greater than $2 # True if $1 is greater than $2
version_gt() { dpkg --compare-versions "$1" gt "$2"; } version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
restart_jibri() { restart_jibri() {
if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ] if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
@ -116,7 +115,7 @@ update_google_repo() {
echo "Seems no chromedriver installed" echo "Seems no chromedriver installed"
else else
CHD_VER_LOCAL="$($CHDB -v | awk '{print $2}')" CHD_VER_LOCAL="$($CHDB -v | awk '{print $2}')"
CHD_VER_2D="$(cut -d. -f1,2 <<< "$CHD_VER_LOCAL")" CHD_VER_2D="$(awk '{printf "%.1f\n", $NF}' <<< "$CHD_VER_LOCAL")"
fi fi
} }
update_nodejs_repo() { update_nodejs_repo() {
@ -124,29 +123,17 @@ update_nodejs_repo() {
-o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"
apt-get install -q2 --only-upgrade <<< printf "${nodejs_package[@]}" apt-get install -q2 --only-upgrade <<< printf "${nodejs_package[@]}"
} }
check_latest_gc() {
printwc "${Purple}" "Checking for Google Chrome\n" printwc "${Purple}" "Checking for Google Chrome\n"
if [ -f /usr/bin/google-chrome ]; then if [ -f /usr/bin/google-chrome ]; then
GOOGL_VER_2D="$(/usr/bin/google-chrome --product-version 2>/dev/null | cut -d. -f1,2)" GOOGL_VER_2D="$(/usr/bin/google-chrome --version|awk '{printf "%.1f\n", $NF}')"
else else
printwc "${Yellow}" " -> Seems there is no Google Chrome installed\n" printwc "${Yellow}" " -> Seems there is no Google Chrome installed\n"
IS_GLG_CHRM="no" IS_GLG_CHRM="no"
fi fi
}
check_latest_gc
upgrade_cd() { upgrade_cd() {
if [ -n "$GOOGL_VER_2D" ]; then if [ -n "$GOOGL_VER_2D" ]; then
check_latest_gc
if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then
echo "Upgrading Chromedriver to Google Chromes version" echo "Upgrading Chromedriver to Google Chromes version"
if [ -x /usr/bin/google-chrome ]; then
G_CHROME="$(/usr/bin/google-chrome --product-version 2>/dev/null | cut -d. -f1-3)"
fi
CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \
jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | \
grep linux64 | grep "$G_CHROME" | tail -1)
CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL")
CHD_LTST_2D="$(cut -d. -f1,2 <<< "$CHD_LTST")"
wget -q "$CHD_LTST_DWNL" \ wget -q "$CHD_LTST_DWNL" \
-O /tmp/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip
unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/ unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/
@ -155,7 +142,7 @@ if [ -n "$GOOGL_VER_2D" ]; then
chmod 0755 "$CHDB" chmod 0755 "$CHDB"
rm -rf /tpm/chromedriver_linux64.zip rm -rf /tpm/chromedriver_linux64.zip
printf "Current version: " printf "Current version: "
printwc "$Green" "$($CHDB -v | awk '{print $2}' | cut -d. -f1,2)" printwc "$Green" "$($CHDB -v |awk '{print $2}'|awk '{printf "%.1f\n", $NF}')"
echo -e " (latest available)\n" echo -e " (latest available)\n"
elif [ "$GOOGL_VER_2D" = "$CHD_LTST_2D" ]; then elif [ "$GOOGL_VER_2D" = "$CHD_LTST_2D" ]; then
echo "No need to upgrade Chromedriver" echo "No need to upgrade Chromedriver"
@ -272,10 +259,6 @@ printwc "${Purple}" "========== Enable $NC_DOMAIN for sync client ==========\n"
echo "$NC_DOMAIN seems to be on place, skipping..." echo "$NC_DOMAIN seems to be on place, skipping..."
fi fi
fi fi
# Final check & upgrade call.
check_lst_cd
if [ "$JIBRI_NODE" = "yes" ]; then if [ "$JIBRI_NODE" = "yes" ]; then
restart_jibri restart_jibri
else else

51
jm-bm.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Jitsi Meet brandless mode # Jitsi Meet brandless mode
# for Debian/*buntu binaries. # for Debian/*buntu binaries.
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option
@ -13,17 +13,12 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi fi
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
CSS_FILE="/usr/share/jitsi-meet/css/all.css" CSS_FILE="/usr/share/jitsi-meet/css/all.css"
TITLE_FILE="/usr/share/jitsi-meet/title.html" TITLE_FILE="/usr/share/jitsi-meet/title.html"
INT_CONF="/usr/share/jitsi-meet/interface_config.js" INT_CONF="/usr/share/jitsi-meet/interface_config.js"
@ -32,7 +27,6 @@ BUNDLE_JS="/usr/share/jitsi-meet/libs/app.bundle.min.js"
# #
JM_IMG_PATH="/usr/share/jitsi-meet/images" JM_IMG_PATH="/usr/share/jitsi-meet/images"
WTM2_PATH="$JM_IMG_PATH/watermark2.png" WTM2_PATH="$JM_IMG_PATH/watermark2.png"
WTM2_SVG_PATH="$JM_IMG_PATH/watermark2.svg"
FICON_PATH="$JM_IMG_PATH/favicon2.ico" FICON_PATH="$JM_IMG_PATH/favicon2.ico"
REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png" REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png"
# #
@ -42,30 +36,29 @@ PART_USER="Participant"
LOCAL_USER="me" LOCAL_USER="me"
# #
#SEC_ROOM="TBD" #SEC_ROOM="TBD"
copy_if_not_there() {
if [ ! -f "$1" ]; then
cp images/"$(echo $1|xargs basename)" "$1"
else
echo "$(echo $1|xargs basename) file exists, skipping copying..."
fi
}
echo ' echo '
#-------------------------------------------------- #--------------------------------------------------
# Applying Brandless mode # Applying Brandless mode
#-------------------------------------------------- #--------------------------------------------------
' '
#Watermark #Watermark
copy_if_not_there "$WTM2_PATH" if [ ! -f "$WTM2_PATH" ]; then
cp images/watermark2.png "$WTM2_PATH"
#Watermark svg else
copy_if_not_there "$WTM2_SVG_PATH" echo "watermark2 file exists, skipping copying..."
fi
#Favicon #Favicon
copy_if_not_there "$FICON_PATH" if [ ! -f "$FICON_PATH" ]; then
cp images/favicon2.ico "$FICON_PATH"
else
echo "favicon2 file exists, skipping copying..."
fi
#Local recording icon #Local recording icon
copy_if_not_there "$REC_ICON_PATH" if [ ! -f "$REC_ICON_PATH" ];then
cp images/gnome_record.png "$REC_ICON_PATH"
else
echo "recording icon exists, skipping copying..."
fi
#Custom / Remove icons #Custom / Remove icons
sed -i "s|watermark.png|watermark2.png|g" "$CSS_FILE" sed -i "s|watermark.png|watermark2.png|g" "$CSS_FILE"
@ -77,10 +70,6 @@ sed -i "s|icon-cloud.png|gnome_record.png|g" "$BUNDLE_JS"
if ! grep -q ".leftwatermark{display:none" "$CSS_FILE" ; then if ! grep -q ".leftwatermark{display:none" "$CSS_FILE" ; then
sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE" sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE"
fi fi
#Replace App logo
sed -i "s|// defaultLogoUrl: .*| defaultLogoUrl: 'images/watermark2.svg',|" "$MEET_CONF"
#Overwrite favicon svg
cp images/watermark2.svg $JM_IMG_PATH/favicon.svg
#Customize room title #Customize room title
sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE" sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE"
@ -88,10 +77,10 @@ sed -i "s| powered by the Jitsi Videobridge||g" "$TITLE_FILE"
sed -i "/appNotInstalled/ s|{{app}}|$MOVILE_APP_NAME|g" /usr/share/jitsi-meet/lang/* sed -i "/appNotInstalled/ s|{{app}}|$MOVILE_APP_NAME|g" /usr/share/jitsi-meet/lang/*
#Custom UI changes #Custom UI changes
if [ -f "$INT_CONF" ] && [ -f "$INT_CONF_ETC" ]; then if [ -f "$INT_CONF_ETC" ]; then
echo "Static interface_config.js exists, skipping modification..." echo "Static interface_config.js exists, skipping modification..."
else else
echo "This setup doesn't have a static interface_config.js, seting it up and applying changes..." echo "This setup doesn't have a static interface_config.js, checking changes..."
echo -e "\nPlease note that brandless mode will also overwrite support links.\n" echo -e "\nPlease note that brandless mode will also overwrite support links.\n"
sed -i "21,32 s|Jitsi Meet|$APP_NAME|g" "$INT_CONF" sed -i "21,32 s|Jitsi Meet|$APP_NAME|g" "$INT_CONF"
sed -i "s|\([[:space:]]\)APP_NAME:.*| APP_NAME: \'$APP_NAME\',|" "$INT_CONF" sed -i "s|\([[:space:]]\)APP_NAME:.*| APP_NAME: \'$APP_NAME\',|" "$INT_CONF"

322
jra_nextcloud.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# JRA (Jibri Recordings Access) via Nextcloud # JRA (Jibri Recordings Access) via Nextcloud
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option
@ -12,15 +12,15 @@ do
esac esac
done done
#DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi fi
if ! [ "$(id -u)" = 0 ]; then if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!" echo "You need to be root or have sudo privileges!"
exit 0 exit 0
fi fi
exit_if_not_installed() { exit_if_not_installed() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then
echo " This instance doesn't have $1 installed, exiting..." echo " This instance doesn't have $1 installed, exiting..."
@ -42,9 +42,14 @@ apt-get update -q2
# Manually add prerequisites. # Manually add prerequisites.
apt-get install -y curl letsencrypt nginx apt-get install -y curl letsencrypt nginx
MIN_PHP="8.3" DISTRO_RELEASE="$(lsb_release -sc)"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHPVER="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')" PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')" NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')"
[ -z "$NC_NGINX_SSL_PORT" ] && NC_NGINX_SSL_PORT="443" [ -z "$NC_NGINX_SSL_PORT" ] && NC_NGINX_SSL_PORT="443"
NC_REPO="https://download.nextcloud.com/server/releases" NC_REPO="https://download.nextcloud.com/server/releases"
@ -59,11 +64,31 @@ DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording
REDIS_CONF="/etc/redis/redis.conf" REDIS_CONF="/etc/redis/redis.conf"
JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
[ -f "$JITSI_MEET_PROXY" ] && PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1) [ -f "$JITSI_MEET_PROXY" ] && PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1)
PUBLIC_IP="$(wget -qO- https://api.ipify.org)" PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
ISO3166_CODE=TBD ISO3166_CODE=TBD
NL="$(printf '\n ')" NL="$(printf '\n ')"
TMP_GPG_REPO="$(mktemp -d)"
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison "$i" 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages
packages=""
}
exit_ifinstalled() { exit_ifinstalled() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " This instance already has $1 installed, exiting..." echo " This instance already has $1 installed, exiting..."
@ -80,6 +105,18 @@ else
apt-get -yq2 install "$1" apt-get -yq2 install "$1"
fi fi
} }
add_php() {
if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed"
apt-get -q2 update
apt-get -yq2 dist-upgrade
else
echo "# Adding Ondrej PHP $PHPVER PPA Repository"
add_gpg_keyring E5267A6C
echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2
fi
}
while [[ "$ANS_NCD" != "yes" ]] while [[ "$ANS_NCD" != "yes" ]]
do do
read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN
@ -95,11 +132,9 @@ do
echo " - Please try again." echo " - Please try again."
fi fi
done done
sleep .1
#Simple DNS test #Simple DNS test
if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then
echo -e "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...\n\n" echo -e "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...\n\n"
sleep .1
else else
echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match." echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match."
echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail." echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail."
@ -111,7 +146,7 @@ else
exit exit
fi fi
fi fi
sleep .1
NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf" NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf"
while [ -z "$NC_USER" ] while [ -z "$NC_USER" ]
do do
@ -120,7 +155,6 @@ do
echo " - This field is mandatory." echo " - This field is mandatory."
fi fi
done done
sleep .1
while [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 8 ] while [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 8 ]
do do
read -p "Nextcloud user password: " -r NC_PASS read -p "Nextcloud user password: " -r NC_PASS
@ -128,21 +162,19 @@ do
echo -e " - This field is mandatory. \nPlease make sure it's at least 8 characters.\n" echo -e " - This field is mandatory. \nPlease make sure it's at least 8 characters.\n"
fi fi
done done
sleep .1
#Enable HSTS #Enable HSTS
while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ] while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ]
do do
read -p "> Do you want to enable HSTS for this domain? (yes or no) [default: no]: read -p "> Do you want to enable HSTS for this domain?: (yes or no)
Be aware this option apply mid-term effects on the domain, choose \"no\" or leave empty Be aware this option apply mid-term effects on the domain, choose \"no\"
in case you don't know what you are doing. More at https://hstspreload.org/$NL" -r ENABLE_HSTS in case you don't know what you are doing. More at https://hstspreload.org/$NL" -r ENABLE_HSTS
ENABLE_HSTS=${ENABLE_HSTS:-no}
if [ "$ENABLE_HSTS" = "no" ]; then if [ "$ENABLE_HSTS" = "no" ]; then
echo " - HSTS won't be enabled." echo " - HSTS won't be enabled."
elif [ "$ENABLE_HSTS" = "yes" ]; then elif [ "$ENABLE_HSTS" = "yes" ]; then
echo " - HSTS will be enabled." echo " - HSTS will be enabled."
fi fi
done done
sleep .1
echo -e "#Default country phone code\n echo -e "#Default country phone code\n
> Starting at Nextcloud 21.x it's required to set a default country phone ISO 3166-1 alpha-2 code.\n > Starting at Nextcloud 21.x it's required to set a default country phone ISO 3166-1 alpha-2 code.\n
>>> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements <<<\n" >>> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements <<<\n"
@ -164,7 +196,7 @@ if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed")
echo "jitsi meet/jibri is installed, checking version:" echo "jitsi meet/jibri is installed, checking version:"
apt-show-versions jibri apt-show-versions jibri
else else
echo "Wait!, jitsi-meet/jibri is not installed on this system via apt, exiting..." echo "Wait!, jitsi-meet/jibri is not installed on this system using apt, exiting..."
exit exit
fi fi
@ -177,42 +209,241 @@ exit_ifinstalled postgresql-"$PSGVER"
# PostgresSQL # PostgresSQL
install_ifnot postgresql-"$PSGVER" install_ifnot postgresql-"$PSGVER"
# PHP 7.4 / 8.1
add_php
install_aval_package " \
imagemagick \
php$PHPVER-fpm \
php$PHPVER-bcmath \
php$PHPVER-bz2 \
php$PHPVER-curl \
php$PHPVER-gd \
php$PHPVER-gmp \
php$PHPVER-imagick \
php$PHPVER-intl \
php$PHPVER-json \
php$PHPVER-ldap \
php$PHPVER-mbstring \
php$PHPVER-pgsql \
php$PHPVER-redis \
php$PHPVER-soap \
php$PHPVER-xml \
php$PHPVER-xmlrpc \
php$PHPVER-zip \
redis-server \
unzip \
"
#-------------------------------------------------- #System related
# Prepare PHP install_ifnot smbclient
#-------------------------------------------------- sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF"
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF"
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF"
sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF"
if [ "$MODE" = "debug" ]; then echo "
bash -x "$PWD"/tools/prepare_php.sh "$MIN_PHP" Tunning PHP.ini...
else "
bash "$PWD"/tools/prepare_php.sh "$MIN_PHP" # Change values in php.ini (increase max file size)
fi # max_execution_time
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
# max_input_time
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
# memory_limit
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
# post_max
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
# upload_max
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
phpenmod opcache
{
echo "# OPcache settings for Nextcloud"
echo "opcache.enable=1"
echo "opcache.enable_cli=1"
echo "opcache.interned_strings_buffer=8"
echo "opcache.max_accelerated_files=10000"
echo "opcache.memory_consumption=256"
echo "opcache.save_comments=1"
echo "opcache.revalidate_freq=1"
echo "opcache.validate_timestamps=1"
} >> "$PHP_INI"
systemctl restart php"$PHPVER"-fpm.service
#-------------------------------------------------- #--------------------------------------------------
# Create DB user # Create DB user
#-------------------------------------------------- #--------------------------------------------------
echo -e "\n---- Creating the PgSQL DB & User ----" echo -e "\n---- Creating the PgSQL DB & User ----"
cd /tmp || return
sudo -u postgres psql <<DB sudo -u postgres psql <<DB
CREATE DATABASE nextcloud_db; CREATE DATABASE nextcloud_db;
CREATE USER ${NC_DB_USER} WITH ENCRYPTED PASSWORD '${NC_DB_PASSWD}'; CREATE USER ${NC_DB_USER} WITH ENCRYPTED PASSWORD '${NC_DB_PASSWD}';
GRANT ALL PRIVILEGES ON DATABASE ${NC_DB} TO ${NC_DB_USER}; GRANT ALL PRIVILEGES ON DATABASE ${NC_DB} TO ${NC_DB_USER};
\c nextcloud_db
ALTER SCHEMA public OWNER TO ${NC_DB_USER};
DB DB
echo "Done!
"
echo -e "\nDone!\n" #nginx - configuration
cat << NC_NGINX > "$NC_NGINX_CONF"
#nextcloud config
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php${PHPVER}-fpm.sock;
}
# Add .mjs as a file extension for javascript server {
sed -i "/application\/javascript/s|js.*;|js mjs;|" /etc/nginx/mime.types listen 80;
listen [::]:80;
server_name $NC_DOMAIN;
# enforce https
return 301 https://\$server_name\$request_uri;
}
# nginx conf setup. server {
cp files/nextcloud.conf "$NC_NGINX_CONF" listen $NC_NGINX_SSL_PORT ssl http2;
sed -i "s|_PHPVER|$MIN_PHP|g" "$NC_NGINX_CONF" listen [::]:$NC_NGINX_SSL_PORT ssl http2;
sed -i "s|_NC_DOMAIN|$NC_DOMAIN|g" "$NC_NGINX_CONF" server_name $NC_DOMAIN;
sed -i "s|_NC_NGINX_SSL_PORT|$NC_NGINX_SSL_PORT|g" "$NC_NGINX_CONF"
sed -i "s|_NC_PATH|$NC_PATH|g" "$NC_NGINX_CONF"
ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$NC_DOMAIN/privkey.pem;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the \`ngx_pagespeed\` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud \`.htaccess\`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# set max upload size
client_max_body_size 1024M;
fastcgi_buffers 64 4K;
# Path to the root of your installation
root $NC_PATH/;
# Specify how to handle directories -- specifying \`/index.php\$request_uri\`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# \`/updater\`, \`/ocm-provider\`, \`/ocs-provider\`), and thus
# \`try_files \$uri \$uri/ /index.php\$request_uri\`
# always provides the desired behaviour.
index index.php index.html /index.php\$request_uri;
# Rule borrowed from \`.htaccess\` to handle Microsoft DAV clients
location = / {
if ( \$http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/\$is_args\$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for \`/.well-known\` so that clients can still
# access it despite the existence of the regex rule
# \`location ~ /(\.|autotest|...)\` which would otherwise handle requests
# for \`/.well-known\`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in \`.htaccess\` that concern \`/.well-known\`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files \$uri \$uri/ =404; }
location /.well-known/pki-validation { try_files \$uri \$uri/ =404; }
# Let Nextcloud's API for \`/.well-known\` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php\$request_uri;
}
# Rules borrowed from \`.htaccess\` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:\$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends \`/index.php\`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:\$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
set \$path_info \$fastcgi_path_info;
try_files \$fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param PATH_INFO \$path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)\$ {
try_files \$uri /index.php\$request_uri;
expires 6M; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?\$ {
try_files \$uri /index.php\$request_uri;
expires 7d; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from \`.htaccess\`
location /remote {
return 301 /remote.php\$request_uri;
}
location / {
try_files \$uri \$uri/ /index.php\$request_uri;
}
}
NC_NGINX
systemctl stop nginx systemctl stop nginx
letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN" letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN"
if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then
@ -248,7 +479,7 @@ chown -R www-data:www-data "$NC_PATH"
chmod -R 755 "$NC_PATH" chmod -R 755 "$NC_PATH"
echo -e "\nDatabase installation...\n" echo -e "\nDatabase installation...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ maintenance:install \ sudo -u www-data php "$NC_PATH"/occ maintenance:install \
--database=pgsql \ --database=pgsql \
--database-name="$NC_DB" \ --database-name="$NC_DB" \
--database-user="$NC_DB_USER" \ --database-user="$NC_DB_USER" \
@ -263,7 +494,7 @@ sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," "$NC_C
sed -i "s|http://localhost|https://$NC_DOMAIN|" "$NC_CONFIG" sed -i "s|http://localhost|https://$NC_DOMAIN|" "$NC_CONFIG"
echo -e "\nAdd crontab...\n" echo -e "\nAdd crontab...\n"
crontab -u www-data -l | { cat; echo "*/5 * * * * php$MIN_PHP -f $NC_PATH/cron.php"; } | crontab -u www-data - crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NC_PATH/cron.php"; } | crontab -u www-data -
echo -e "\nAdd memcache support...\n" echo -e "\nAdd memcache support...\n"
sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF" sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF"
@ -289,24 +520,25 @@ sed -i "/);/i \ \ )," "$NC_CONFIG"
echo -e "Done\n" echo -e "Done\n"
echo -e "\nAddding & Setting up Files External App for Local storage...\n" echo -e "\nAddding & Setting up Files External App for Local storage...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:install files_external sudo -u www-data php "$NC_PATH"/occ app:install files_external
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:enable files_external sudo -u www-data php "$NC_PATH"/occ app:enable files_external
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:disable support sudo -u www-data php "$NC_PATH"/occ app:disable support
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json sudo -u www-data php "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json
usermod -a -G jibri www-data usermod -a -G jibri www-data
chmod -R 770 "$DIR_RECORD" chmod -R 770 "$DIR_RECORD"
chmod -R g+s "$DIR_RECORD" chmod -R g+s "$DIR_RECORD"
echo -e "\nFixing possible missing tables...\n\n" echo -e "\nFixing possible missing tables...\n\n"
echo "y"|sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:convert-filecache-bigint echo "y"|sudo -u www-data php "$NC_PATH"/occ db:convert-filecache-bigint
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-indices sudo -u www-data php "$NC_PATH"/occ db:add-missing-indices
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-columns sudo -u www-data php "$NC_PATH"/occ db:add-missing-columns
echo -e "\nAdding trusted domain...\n" echo -e "\nAdding trusted domain...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN" sudo -u www-data php "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN"
echo -e "\nSetting JRA domain on jitsi-updater.sh\n" echo -e "\nSetting JRA domain on jitsi-updater.sh\n"
cd ~/quick-jibri-installer || return
sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh
echo -e "\nQuick Nextcloud installation complete!\n" echo -e "\nQuick Nextcloud installation complete!\n"

2
mode/chp-mode.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Custom High Performance Jitsi conf # Custom High Performance Jitsi conf
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
mode/grid/selenium-grid-docker.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Custom Selenium Grid-Node fro Jitsi Meet # Custom Selenium Grid-Node fro Jitsi Meet
# Pandian © - https://community.jitsi.org/u/Pandian # Pandian © - https://community.jitsi.org/u/Pandian
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
mode/jms-stu.sh
View File

@ -2,7 +2,7 @@
# System-tune-up to remove system software restrictions on a huge load of connections. # System-tune-up to remove system software restrictions on a huge load of connections.
# Be aware that hardware/infrastructure resources are the most common limiters. # Be aware that hardware/infrastructure resources are the most common limiters.
# #
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

114
mode/jwt.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# JWT Mode Setup # JWT Mode Setup
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option
@ -14,102 +14,83 @@ done
#DEBUG #DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi fi
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties" JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties"
JICOFO_CONF="/etc/jitsi/jicofo/jicofo.conf"
PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua" PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua"
PROSODY_SYS="/etc/prosody/prosody.cfg.lua" PROSODY_SYS="/etc/prosody/prosody.cfg.lua"
APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)" APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)"
SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)" SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)"
ROOM="Two-Hour-Test-Room"
SRP_STR="$(grep -n "VirtualHost \"$DOMAIN\"" "$PROSODY_FILE" | head -n1 | cut -d ":" -f1)" SRP_STR="$(grep -n "VirtualHost \"$DOMAIN\"" "$PROSODY_FILE" | head -n1 | cut -d ":" -f1)"
SRP_END="$((SRP_STR + 10))" SRP_END="$((SRP_STR + 10))"
# Prosody 0.12{,.*} only ## Required openssl for Focal 20.04
if command -v prosodyctl >/dev/null 2>&1; then if [ "$(lsb_release -sc)" = "focal" ]; then
PROSODY_VER="$(prosodyctl about 2>/dev/null | sed -n 's/^Prosody //p' | awk '{print $1}')" echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \
case "$PROSODY_VER" in sudo tee /etc/apt/sources.list.d/rvm.list
0.12) : ;; # 22.04 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F4E3FBBE
0.12.*) : ;; # 24.04 apt-get update
*) echo "Prosody $PROSODY_VER NO supported for JWT mode (required 0.12.x)"
exit 1 ;;
esac
fi fi
# Custom 5.4 lua workaround for prosody 0.12 apt-get -y install \
echo "Warning: Ubuntu 22.04/24.04 don't ship the required lua inspect module 5.4," lua5.2 \
echo " so, we work arround it, be careful on further upgrades or changes." liblua5.2 \
install -d -m 755 /usr/share/lua/5.4 luarocks \
ln -sf /usr/share/lua/5.3/inspect.lua /usr/share/lua/5.4/inspect.lua libssl1.0-dev \
systemctl restart prosody jicofo jitsi-videobridge2 python3-jwt
sleep .1 luarocks install basexx
luarocks install luacrypto
# Install dependencies luarocks install lua-cjson 2.1.0-1
apt-get -y install python3-jwt
echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections
echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections
apt-get install -y jitsi-meet-tokens apt-get install -y jitsi-meet-tokens
# Setting up prosody #Setting up
sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" "$PROSODY_SYS" sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" "$PROSODY_SYS"
#- #-
sed -i "$SRP_STR,$SRP_END{s|authentication = \"jitsi-anonymous\"|authentication = \"token\"|}" "$PROSODY_FILE" sed -i "$SRP_STR,$SRP_END{s|authentication = \"jitsi-anonymous\"|authentication = \"token\"|}" "$PROSODY_FILE"
sed -i "s|--app_id=\"example_app_id\"|app_id=\"$APP_ID\"|" "$PROSODY_FILE" sed -i "s|--app_id=\"example_app_id\"|app_id=\"$APP_ID\"|" "$PROSODY_FILE"
sed -i "s|--app_secret=\"example_app_secret\"|app_secret=\"$SECRET_APP\"|" "$PROSODY_FILE" sed -i "s|--app_secret=\"example_app_secret\"|app_secret=\"$SECRET_APP\"|" "$PROSODY_FILE"
sed -i "/app_secret/a \\\\" "$PROSODY_FILE" sed -i "/app_secret/a \\\\" "$PROSODY_FILE"
## Only token owners can create, open the room and become moderators, sed -i "/app_secret/a \ \ \ \ allow_empty_token = false" "$PROSODY_FILE"
## but require jibri: `allow_empty_token = true`
## other participants are redirected authentication to guest.
sed -i "/app_secret/a \ \ \ \ allow_empty_token = true" "$PROSODY_FILE"
sed -i "/app_secret/a \\\\" "$PROSODY_FILE" sed -i "/app_secret/a \\\\" "$PROSODY_FILE"
sed -i "/app_secret/a \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" "$PROSODY_FILE" sed -i "/app_secret/a \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" "$PROSODY_FILE"
sed -i "/app_secret/a \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" "$PROSODY_FILE" sed -i "/app_secret/a \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \"RocketChat\" }" "$PROSODY_FILE"
sed -i "/app_secret/a \\\\" "$PROSODY_FILE" sed -i "/app_secret/a \\\\" "$PROSODY_FILE"
sed -i "s|--allow_empty_token =.*|allow_empty_token = true|" "$PROSODY_FILE" sed -i "s|--allow_empty_token =.*|allow_empty_token = false|" "$PROSODY_FILE"
sed -i 's|--"token_verification"|"token_verification"|' "$PROSODY_FILE" sed -i 's|--"token_verification"|"token_verification"|' "$PROSODY_FILE"
sed -i "/muc_lobby_rooms/a \ \ \ \ \ \ \ \ \"persistent_lobby\";" "$PROSODY_FILE"
sed -i "/token_verification/a \ \ \ \ \ \ \ \ \"muc_wait_for_host\";" "$PROSODY_FILE"
# Set JWT and Guest settings #Request auth
## Harden JWT auth, preventing "free" moderator by racing into room, sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" "$JICOFO_SIP"
## only participants with token with moderator:true.
# Custom 'token_moderator_owner' module for passing JWT claim
cp files/mod_token_moderator_owner.lua /usr/share/jitsi-meet/prosody-plugins/
sed -i '/"muc_password_whitelist"/a \ \ \ \ \ \ \ \ \"token_moderator_owner";' "$PROSODY_FILE"
envsubst < \
patches/prosody/001-enable_wait_for_host_disable_auto_owners.patch | \
patch --no-backup-if-mismatch -d / -p1
hocon set jicofo.conference.enable-auto-owner false -f "$JICOFO_CONF"
## config.js
sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" "$MEET_CONF" sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" "$MEET_CONF"
awk '
BEGIN{done=0} #Enable jibri recording
/^[[:space:]]*var[[:space:]]+config[[:space:]]*=[[:space:]]*{\s*$/ && !done{ cat << REC-JIBRI >> "$PROSODY_FILE"
print
print " enableFeaturesBasedOnToken: true," VirtualHost "recorder.$DOMAIN"
print " enableUserRolesBasedOnToken: true," modules_enabled = {
done=1 "ping";
next
} }
{print} authentication = "internal_hashed"
' "$MEET_CONF" > "${MEET_CONF}.new" && mv "${MEET_CONF}.new" "$MEET_CONF"
# Setup guests and lobby REC-JIBRI
#Setup guests and lobby
cat << P_SR >> "$PROSODY_FILE" cat << P_SR >> "$PROSODY_FILE"
-- #Change back lobby - https://community.jitsi.org/t/64769/136
-- jwt setup -QJI
VirtualHost "guest.$DOMAIN" VirtualHost "guest.$DOMAIN"
authentication = "anonymous" authentication = "token"
allow_empty_token = true
c2s_require_encryption = false c2s_require_encryption = false
speakerstats_component = "speakerstats.$DOMAIN" speakerstats_component = "speakerstats.$DOMAIN"
app_id="$APP_ID";
app_secret="$SECRET_APP";
modules_enabled = { modules_enabled = {
"speakerstats"; "speakerstats";
@ -121,13 +102,14 @@ echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n"
echo -e "\nAPP_ID: $APP_ID" && \ echo -e "\nAPP_ID: $APP_ID" && \
echo -e "SECRET_APP: $SECRET_APP\n" echo -e "SECRET_APP: $SECRET_APP\n"
echo -e "You can test JWT authentication with the following token for the next 2 hours:\n" echo -e "You can test JWT authentication with the following token:\n"
python3 tools/jwt/jitsi_token_maker_features.py \ pyjwt3 --key="$SECRET_APP" \
--app-id "$APP_ID" --secret "$SECRET_APP" \ encode \
--domain "$DOMAIN" --room "$ROOM" \ group="Rocket.Chat" \
--user-name "Moderator Token Test User" \ aud="$APP_ID" \
--moderator --features-all \ iss="$APP_ID" \
--minutes 120 --nbf-offset 300 --include-iat \ sub="$DOMAIN" \
--url "https://$DOMAIN/" room="*" \
algorithm="HS256"
read -n 1 -s -r -p $'\n'"Press any key to continue..."$'\n' read -n 1 -s -r -p $'\n'"Press any key to continue..."$'\n'

40
patches/jigasi/001-jigasi-meet-config.patch
View File

@ -1,40 +0,0 @@
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
Enable transcription on jitsi meet config.js file.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index f412891..f704157 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -426,9 +426,9 @@ var config = {
// autoCaptionOnRecord: false,
// Transcription options.
- // transcription: {
+ transcription: {
// // Whether the feature should be enabled or not.
- // enabled: false,
+ enabled: true,
// // Translation languages.
// // Available languages can be found in
@@ -443,7 +443,7 @@ var config = {
// // detected based on the environment, e.g. if the app is opened in a chrome instance which
// // is using french as its default language then transcriptions for that participant will be in french.
// // Defaults to true.
- // useAppLanguage: true,
+ useAppLanguage: true,
// // Transcriber language. This settings will only work if "useAppLanguage"
// // is explicitly set to false.
@@ -484,7 +484,7 @@ var config = {
// // Enables automatic request of subtitles when transcriber is present in the meeting, uses the default
// // language that is set
// autoCaptionOnTranscribe: false,
- // },
+ },
// Misc

80
patches/jigasi/002-jigasi-sip-properties.patch
View File

@ -1,80 +0,0 @@
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
Modify sip-communicator.properties to run Jigasi along with VOSK Models.
diff --git a/etc/jitsi/jigasi/sip-communicator.properties b/etc/jitsi/jigasi/sip-communicator.properties
index 7a8d0f3..ae5369a 100644
--- a/etc/jitsi/jigasi/sip-communicator.properties
+++ b/etc/jitsi/jigasi/sip-communicator.properties
@@ -165,12 +165,12 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# If you want jigasi to perform authenticated login instead of anonymous login
# to the XMPP server, you can set the following properties.
-# org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
-# org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
-# org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
+org.jitsi.jigasi.xmpp.acc.USER_ID=transcriber@recorder.${DOMAIN}
+org.jitsi.jigasi.xmpp.acc.PASS=${JIG_TRANSC_PASWD}
+org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
# To fix SSL/TLS required by client but not supported by server
-#org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
+org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
# Can be used in combination with jitsi-meet module mod_auth_jitsi-shared-secret
# To have jigasi use a random username on every call
@@ -187,7 +187,7 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# Activate this property if you are using self-signed certificates or other
# type of non-trusted certicates. In this mode your service trust in the
# remote certificates always.
-# net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
+net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
# Enable this property to be able to shutdown gracefully jigasi using
# a rest command
@@ -196,31 +196,31 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# Options regarding Transcription. Read the README for a detailed description
# about each property
-#org.jitsi.jigasi.ENABLE_TRANSCRIPTION=false
-#org.jitsi.jigasi.ENABLE_SIP=true
+org.jitsi.jigasi.ENABLE_TRANSCRIPTION=true
+org.jitsi.jigasi.ENABLE_SIP=false
# whether to use the more expensive, but better performing
# "video" model when doing transcription
# org.jitsi.jigasi.transcription.USE_VIDEO_MODEL = false
# delivering final transcript
-# org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
-# org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
-# org.jitsi.jigasi.transcription.jetty.port=-1
-# org.jitsi.jigasi.transcription.ADVERTISE_URL=false
+org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
+org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
+org.jitsi.jigasi.transcription.jetty.port=-1
+org.jitsi.jigasi.transcription.ADVERTISE_URL=false
# save formats
-# org.jitsi.jigasi.transcription.SAVE_JSON=false
-# org.jitsi.jigasi.transcription.SAVE_TXT=true
+org.jitsi.jigasi.transcription.SAVE_JSON=false
+org.jitsi.jigasi.transcription.SAVE_TXT=true
# send formats
-# org.jitsi.jigasi.transcription.SEND_JSON=true
-# org.jitsi.jigasi.transcription.SEND_TXT=false
+org.jitsi.jigasi.transcription.SEND_JSON=true
+org.jitsi.jigasi.transcription.SEND_TXT=false
# Vosk server
-# org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
+org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
# org.jitsi.jigasi.transcription.vosk.websocket_url={"en": "ws://localhost:2700", "fr": "ws://localhost:2710"}
-# org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
+org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
# Whisper live transcription server
# org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.WhisperTranscriptionService

66
patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch
View File

@ -1,66 +0,0 @@
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
Patch jitsi-meet config.js to enable recording and livestreaming by default.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index dcb860b..8f64c7c 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -343,12 +343,12 @@ var config = {
// // showPrejoinWarning: true,
// },
- // recordingService: {
+ recordingService: {
// // When integrations like dropbox are enabled only that will be shown,
// // by enabling fileRecordingsServiceEnabled, we show both the integrations
// // and the generic recording service (its configuration and storage type
// // depends on jibri configuration)
- // enabled: false,
+ enabled: true,
// // Whether to show the possibility to share file recording with other people
// // (e.g. meeting participants), based on the actual implementation
@@ -357,7 +357,7 @@ var config = {
// // Hide the warning that says we only store the recording for 24 hours.
// hideStorageWarning: false,
- // },
+ },
// DEPRECATED. Use recordingService.enabled instead.
// fileRecordingsServiceEnabled: false,
@@ -368,7 +368,7 @@ var config = {
// Local recording configuration.
// localRecording: {
// // Whether to disable local recording or not.
- // disable: false,
+ // disable: true,
// // Whether to notify all participants when a participant is recording locally.
// notifyAllParticipants: false,
@@ -378,9 +378,9 @@ var config = {
// },
// Customize the Live Streaming dialog. Can be modified for a non-YouTube provider.
- // liveStreaming: {
+ liveStreaming: {
// // Whether to enable live streaming or not.
- // enabled: false,
+ enabled: true,
// // Terms link
// termsLink: 'https://www.youtube.com/t/terms',
// // Data privacy link
@@ -388,8 +388,8 @@ var config = {
// // RegExp string that validates the stream key input field
// validatorRegExpString: '^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}',
// // Documentation reference for the live streaming feature.
- // helpLink: 'https://jitsi.org/live'
- // },
+ helpLink: 'https://forge.switnet.net/switnet/quick-jibri-installer'
+ },
// DEPRECATED. Use liveStreaming.enabled instead.
// liveStreamingEnabled: false,

31
patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch
View File

@ -1,31 +0,0 @@
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
Patch jitsi-meet config.js to enable/disable welcome page.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index dcb860b..2094287 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -664,13 +664,13 @@ var config = {
// enableWelcomePage: true,
// Configs for welcome page.
- // welcomePage: {
- // // Whether to disable welcome page. In case it's disabled a random room
- // // will be joined when no room is specified.
- // disabled: false,
- // // If set, landing page will redirect to this URL.
- // customUrl: ''
- // },
+ welcomePage: {
+ // Whether to disable welcome page. In case it's disabled a random room
+ // will be joined when no room is specified.
+ disabled: ${ENABLE_WELCP_BOL},
+ // If set, landing page will redirect to this URL.
+ customUrl: ''
+ },
// Configs for the lobby screen.
// lobby: {

18
patches/prosody/001-enable_wait_for_host_disable_auto_owners.patch
View File

@ -1,18 +0,0 @@
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
Patch prosody (0.12) $DOMAIN.cfg.lua to enable wait_for_host_disable_auto_owners.
diff --git a/etc/prosody/conf.d/${DOMAIN}.cfg.lua b/etc/prosody/conf.d/${DOMAIN}.cfg.lua
index f2b647e..031a064 100644
--- a/etc/prosody/conf.d/${DOMAIN}.cfg.lua
+++ b/etc/prosody/conf.d/${DOMAIN}.cfg.lua
@@ -103,6 +103,7 @@ Component "conference.${DOMAIN}" "muc"
}
muc_room_locking = false
muc_room_default_public_jids = true
+ wait_for_host_disable_auto_owners = true
Component "breakout.${DOMAIN}" "muc"
restrict_room_creation = true

626
quick_jibri_installer.sh
View File

File diff suppressed because it is too large Load Diff

2
tools/aws-grub-setup.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Automated AWS generic kernel setup for jibri. # Automated AWS generic kernel setup for jibri.
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
tools/fail2ban_ssh.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Fail2ban configuration # Simple Fail2ban configuration
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option

4
tools/jibri-conf-upgrade.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Jibri conf updater # Simple Jibri conf updater
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option
@ -31,7 +31,7 @@ if ! [ "$(id -u)" = 0 ]; then
fi fi
echo "Checking for updates...." echo "Checking for updates...."
apt-get -q2 update apt -q2 update
apt install -y \ apt install -y \
apt-show-versions \ apt-show-versions \
jq jq

2
tools/jibri-resolution-enhancer.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Jibri resolution enhancer # Simple Jibri resolution enhancer
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option

158
tools/jwt/jitsi_token_maker_features.py
View File

@ -1,158 +0,0 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
JWT generator for selfhosted Jitsi (also compatible with JAAS if desired)
- HS256 (HMAC) signing using only Python standard library (no external deps).
- Flags to omit exp/nbf (test tokens), include iat, and read secret from file/STDIN.
- Flags to populate context.features: recording, livestreaming, transcription, sip-in/out.
- Robust URL construction (escapes the room name).
"""
import argparse, base64, hashlib, hmac, json, time, sys
from urllib.parse import quote
def b64url(data: bytes) -> str:
return base64.urlsafe_b64encode(data).rstrip(b"=").decode("ascii")
def sign_hs256(secret: str, signing_input: str) -> str:
sig = hmac.new(secret.encode("utf-8"), signing_input.encode("ascii"), hashlib.sha256).digest()
return b64url(sig)
def main():
p = argparse.ArgumentParser(description="JWT generator for Jitsi (HS256)")
# Identity / target
p.add_argument("--app-id", required=True, help="app_id configured in Prosody/JAAS")
p.add_argument("--secret", required=False, help="app_secret (HMAC/HS256)")
p.add_argument("--secret-file", help="Read secret from file or '-' for STDIN")
p.add_argument("--domain", help="Jitsi domain (e.g. meet.example.com) used as 'sub' in self-hosted")
p.add_argument("--room", default="*", help="Target room (or '*' for all)")
# Time
p.add_argument("--minutes", type=int, default=60, help="Validity (minutes). Ignored if --no-exp")
p.add_argument("--no-exp", action="store_true", help="Do not include 'exp' (tests only)")
p.add_argument("--nbf-offset", type=int, default=10, help="Backdating seconds for 'nbf' (default: 10)")
p.add_argument("--no-nbf", action="store_true", help="Do not include 'nbf' (tests only)")
p.add_argument("--include-iat", action="store_true", help="Include 'iat'=now")
# User
p.add_argument("--user-name", default=None, help="User display name")
p.add_argument("--user-email", default=None, help="User email")
p.add_argument("--user-id", default=None, help="User unique ID")
p.add_argument("--avatar", default=None, help="Avatar URL")
p.add_argument("--moderator", action="store_true", help="Grant moderator role via token")
p.add_argument("--moderator-as-string", action="store_true",
help="Use 'moderator': 'true'/'false' (string) instead of boolean")
# Features (self-hosted with enableFeaturesBasedOnToken)
p.add_argument("--feature-recording", action="store_true", help="Enable 'recording' in context.features")
p.add_argument("--feature-livestreaming", action="store_true", help="Enable 'livestreaming' in context.features")
p.add_argument("--feature-transcription", action="store_true", help="Enable 'transcription' in context.features")
p.add_argument("--feature-sip-in", action="store_true", help="Enable 'sip-inbound-call' in context.features")
p.add_argument("--feature-sip-out", action="store_true", help="Enable 'sip-outbound-call' in context.features")
p.add_argument("--features-all", action="store_true", help="Enable all the features above")
# Overrides / modes
p.add_argument("--aud", default=None, help="Override 'aud' (default: app_id in self-hosted)")
p.add_argument("--iss", default=None, help="Override 'iss' (default: app_id in self-hosted)")
p.add_argument("--jaas", action="store_true",
help="JAAS mode: aud='jitsi', iss='chat', sub=app_id (ignores --domain for 'sub')")
# Output
p.add_argument("--url", default=None,
help="If provided (e.g. 'https://meet.example.com/'), prints full join URL with ?jwt=")
p.add_argument("--print-json", action="store_true", help="Print payload JSON to STDERR (debug)")
args = p.parse_args()
# Secret: --secret-file takes precedence
secret = args.secret
if args.secret_file:
if args.secret_file == "-":
secret = sys.stdin.read().strip()
else:
with open(args.secret_file, "r", encoding="utf-8") as fh:
secret = fh.read().strip()
if not secret:
p.error("You must provide --secret or --secret-file (or --secret-file - for STDIN).")
now = int(time.time())
exp = None if args.no_exp else (now + args.minutes * 60)
nbf = None if args.no_nbf else (now - max(args.nbf_offset, 0))
# Header
header = {"typ": "JWT", "alg": "HS256"}
# Base claims by mode
if args.jaas:
aud = "jitsi"
iss = "chat"
sub = args.app_id
else:
if not args.domain:
p.error("--domain is required in self-hosted mode (without --jaas).")
aud = args.aud or args.app_id
iss = args.iss or args.app_id
sub = args.domain
# User / contexto
user = {}
if args.user_id: user["id"] = args.user_id
if args.user_name: user["name"] = args.user_name
if args.user_email: user["email"] = args.user_email
if args.avatar: user["avatar"] = args.avatar
if args.moderator:
if args.moderator_as_string:
user["moderator"] = "true"
else:
user["moderator"] = True
# Features
features = {}
if args.features_all:
features = {
"recording": True,
"livestreaming": True,
"transcription": True,
"sip-inbound-call": True,
"sip-outbound-call": True
}
else:
if args.feature_recording: features["recording"] = True
if args.feature_livestreaming: features["livestreaming"] = True
if args.feature_transcription: features["transcription"] = True
if args.feature_sip_in: features["sip-inbound-call"] = True
if args.feature_sip_out: features["sip-outbound-call"] = True
context = {}
if user: context["user"] = user
if features: context["features"] = features
payload = {
"aud": aud,
"iss": iss,
"sub": sub,
"room": args.room,
}
if context:
payload["context"] = context
if exp is not None:
payload["exp"] = exp
if nbf is not None:
payload["nbf"] = nbf
if args.include_iat:
payload["iat"] = now
# Build JWT manually
signing_input = f"{b64url(json.dumps(header, separators=(',', ':'), ensure_ascii=False).encode())}." \
f"{b64url(json.dumps(payload, separators=(',', ':'), ensure_ascii=False).encode())}"
signature = sign_hs256(secret, signing_input)
token = f"{signing_input}.{signature}"
if args.print_json:
print(json.dumps(payload, indent=2, ensure_ascii=False), file=sys.stderr)
if args.url:
base = args.url if args.url.endswith("/") else args.url + "/"
room_path = "" if args.room == "*" else quote(args.room, safe="")
join_url = base + room_path
sep = "&" if "?" in join_url else "?"
print(f"{join_url}{sep}jwt={token}")
else:
print(token)
if __name__ == "__main__":
main()

139
tools/prepare_php.sh
View File

@ -1,139 +0,0 @@
#!/bin/bash
# Automated PHP environment build for Nextcloud.
# SwITNet Ltd © - 2025, https://switnet.net/
# GPLv3 or later.
PHPVER=$1
STABLE_PHP="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
DISTRO_RELEASE="$(lsb_release -sc)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHP_REPO_URL="http://ppa.launchpad.net/ondrej/php/ubuntu"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
TMP_GPG_REPO="$(mktemp -d)"
if [ $# -ne 1 ]; then
echo "Usage: $0 8.2"
exit 1
fi
install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " $1 is installed, skipping..."
else
printf "\n---- Installing %s ----" "$1"
apt-get -yq2 install "$1"
fi
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison "$i" 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages #< don't quote.
packages=""
}
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
add_php_repo() {
if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed"
apt-get -q2 update
apt-get -yq2 dist-upgrade
else
echo "# Adding Ondrej PHP $PHPVER PPA Repository"
add_gpg_keyring E5267A6C
echo "deb [arch=amd64] $PHP_REPO_URL $DISTRO_RELEASE main" | \
tee /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2
fi
}
add_php_repo
install_aval_package " \
imagemagick \
php$PHPVER-fpm \
php$PHPVER-bcmath \
php$PHPVER-bz2 \
php$PHPVER-cli \
php$PHPVER-cgi \
php$PHPVER-curl \
php$PHPVER-gd \
php$PHPVER-gmp \
php$PHPVER-imagick \
php$PHPVER-intl \
php$PHPVER-json \
php$PHPVER-ldap \
php$PHPVER-mbstring \
php$PHPVER-pgsql \
php$PHPVER-redis \
php$PHPVER-soap \
php$PHPVER-xml \
php$PHPVER-xmlrpc \
php$PHPVER-zip \
redis-server \
unzip \
"
#System related
install_ifnot smbclient
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF"
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF"
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF"
sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF"
echo "
Tunning PHP.ini...
"
# Change values in php.ini (increase max file size)
# max_execution_time
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
# max_input_time
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
# memory_limit
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
# post_max
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
# upload_max
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
phpenmod opcache
{
echo "# OPcache settings for Nextcloud"
echo "opcache.enable=1"
echo "opcache.enable_cli=1"
echo "opcache.interned_strings_buffer=8"
echo "opcache.max_accelerated_files=10000"
echo "opcache.memory_consumption=256"
echo "opcache.save_comments=1"
echo "opcache.revalidate_freq=1"
echo "opcache.validate_timestamps=1"
} >> "$PHP_INI"
echo "# Stick to default system php version to avoid breaking any other system application"
update-alternatives --set php /usr/bin/php"$STABLE_PHP"
update-alternatives --set php-fpm.sock /run/php/php"$STABLE_PHP"-fpm.sock
update-alternatives --set php-cgi /usr/bin/php-cgi"$STABLE_PHP"
update-alternatives --set php-cgi-bin /usr/lib/cgi-bin/php"$STABLE_PHP"
update-alternatives --set phar /usr/bin/phar"$STABLE_PHP"
update-alternatives --set phar.phar /usr/bin/phar.phar"$STABLE_PHP"
systemctl restart php"$PHPVER"-fpm.service

2
tools/start-over.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
#Start over #Start over
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
tools/test-jibri-env.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Jibri Env tester # Simple Jibri Env tester
# SwITNet Ltd © - 2025, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option