switnet
/
quick-jibri-installer
2
1
Fork 1
Code Issues 2 Pull Requests Packages Projects Releases 13 Wiki Activity

Compare commits

base: switnet:master
Branches Tags
switnet:master
switnet:v7.3.0
switnet:v7.1.0
switnet:v7.0.0
switnet:6.0.1.1
switnet:v5.0.0
switnet:v4.0.0
switnet:v3.0.1
switnet:v2.1.0
switnet:v2.0.2
switnet:v2.0.1
switnet:v2.0
switnet:v1.0.1
switnet:v1.0
..
compare: switnet:v7.3.0
Branches Tags
switnet:master
switnet:v7.3.0
switnet:v7.1.0
switnet:v7.0.0
switnet:6.0.1.1
switnet:v5.0.0
switnet:v4.0.0
switnet:v3.0.1
switnet:v2.1.0
switnet:v2.0.2
switnet:v2.0.1
switnet:v2.0
switnet:v1.0.1
switnet:v1.0

No commits in common. "master" and "v7.3.0" have entirely different histories.
master ... v7.3.0

29 changed files with 676 additions and 1199 deletions
Show Stats Expand all files Collapse all files

11
README.md
View File

@ -56,8 +56,9 @@ Check more details on our wiki.
### Jibri Recodings Access via Nextcloud ### Jibri Recodings Access via Nextcloud
* Valid domain with DNS record for Nextcloud SSL. * Valid domain with DNS record for Nextcloud SSL.
### Jigasi Transcript ### Jigasi Transcript (stalled)
* Enough disk space to run Vosk backend via docker container. * SIP account
* Google Cloud Account with Billing setup.
@ -78,7 +79,7 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
* Etherpad via docker install * Etherpad via docker install
* Authentication * Authentication
1. Local 1. Local
2. JWT ([#87](https://forge.switnet.net/switnet/quick-jibri-installer/issues/87)) 2. JWT
3. None 3. None
* Lobby Rooms * Lobby Rooms
* Conference Duration * Conference Duration
@ -89,7 +90,7 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
* Enabled Jitsi Electron app detection server side. * Enabled Jitsi Electron app detection server side.
* Standalone SSL Certbot/LE implementation * Standalone SSL Certbot/LE implementation
* Improved recurring updater * Improved recurring updater
* Jigasi Transcript - vía Vosk speech recognition toolkit. * Jigasi Transcript - Speech to Text powered by Google API (stalled)
## Tools ## Tools
* Jibri Environment Tester * Jibri Environment Tester
@ -118,4 +119,4 @@ Feel free to use our `test-jibri-env.sh` tool to find some details on your curre
Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
SwITNet Ltd © - 2024, https://switnet.net/ SwITNet Ltd © - 2023, https://switnet.net/

2
add-jibri-node.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Jibri Node Aggregator # Jibri Node Aggregator
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
### 0_LAST EDITION TIME STAMP ### ### 0_LAST EDITION TIME STAMP ###

2
add-jvb2-node.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# JVB2 Node Aggregator # JVB2 Node Aggregator
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
### 0_LAST EDITION TIME STAMP ### ### 0_LAST EDITION TIME STAMP ###

43
etherpad-docker.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Etherpad Installer for Jitsi Meet # Etherpad Installer for Jitsi Meet
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# #
# GPLv3 or later. # GPLv3 or later.
@ -30,7 +30,7 @@ echo '
######################################################################## ########################################################################
by Software, IT & Networks Ltd by Software, IT & Networks Ltd
' '
FORGE_REPO="https://forge.switnet.net/switnet/quick-jibri-installer"
check_apt_policy() { check_apt_policy() {
apt-cache policy 2>/dev/null| awk "/$1/{print \$3}" | awk -F '/' 'NR==1{print$2}' apt-cache policy 2>/dev/null| awk "/$1/{print \$3}" | awk -F '/' 'NR==1{print$2}'
} }
@ -42,16 +42,6 @@ if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")"
apt-get -yq2 install "$1" apt-get -yq2 install "$1"
fi fi
} }
# Test for matches
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to $FORGE_REPO"
exit
fi
}
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
@ -60,14 +50,12 @@ ETHERPAD_DB_USER="dockerpad"
ETHERPAD_DB_NAME="etherpad" ETHERPAD_DB_NAME="etherpad"
ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
DOCKER_CE_REPO="$(check_apt_policy docker)" DOCKER_CE_REPO="$(check_apt_policy docker)"
WS_CONF_MATCH1="# ensure all static content can always be found first"
echo "Add Docker repo" echo "Add Docker repo"
if [ "$DOCKER_CE_REPO" = "stable" ]; then if [ "$DOCKER_CE_REPO" = "stable" ]; then
echo "Docker repository already installed" echo "Docker repository already installed"
else else
echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > \ echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker-ce.list
/etc/apt/sources.list.d/docker-ce.list
wget -qO - https://download.docker.com/linux/ubuntu/gpg | \ wget -qO - https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg >/dev/null gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg >/dev/null
apt -q2 update apt -q2 update
@ -75,9 +63,6 @@ fi
read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS
# Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
# Install required packages # Install required packages
install_ifnot docker-ce install_ifnot docker-ce
@ -120,18 +105,14 @@ if [ "$(grep -c etherpad "$WS_CONF")" != 0 ]; then
echo "> Webserver seems configured, skipping..." echo "> Webserver seems configured, skipping..."
elif [ -f "$WS_CONF" ]; then elif [ -f "$WS_CONF" ]; then
echo "> Setting up webserver configuration file..." echo "> Setting up webserver configuration file..."
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ #Etherpad block" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ #Etherpad block" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_redirect off;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_CONF_MATCH1/i \\\n" "$WS_CONF"
else else
echo "> No etherpad config done to server file, please report to: echo "> No etherpad config done to server file, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues" -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
@ -142,7 +123,7 @@ if [ "$(grep -c "etherpad_base" "$WS_CONF")" != 0 ]; then
echo -e "> $MEET_CONF seems configured, skipping...\n" echo -e "> $MEET_CONF seems configured, skipping...\n"
else else
echo -e "> Setting etherpad domain at $MEET_CONF...\n" echo -e "> Setting etherpad domain at $MEET_CONF...\n"
sed -i "s|// etherpad_base: .*|etherpad_base: \'https://$DOMAIN/etherpad/p/\',|" "$MEET_CONF" sed -i "/ openSharedDocumentOnJoin:/a\ \ \ \ etherpad_base: \'https://$DOMAIN/etherpad/p/\'," "$MEET_CONF"
fi fi
echo "> Checking nginx configuration..." echo "> Checking nginx configuration..."

49
excalidraw-backend.sh
View File

@ -4,7 +4,7 @@
# Based on: # Based on:
# - https://community.jitsi.org/t/118883 # - https://community.jitsi.org/t/118883
# #
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
# Reset # Reset
@ -26,31 +26,6 @@ printwc "${Blue}" "\n#--------------------------------------------------"
printwc "${Blue}" "\n# $1" printwc "${Blue}" "\n# $1"
printwc "${Blue}" "\n#--------------------------------------------------\n" printwc "${Blue}" "\n#--------------------------------------------------\n"
} }
restart_jibri() {
if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
then
systemctl restart jibri
systemctl restart jibri-icewm
systemctl restart jibri-xorg
else
echo "Jibri service not installed"
fi
}
restart_services() {
systemctl restart jitsi-videobridge2
systemctl restart jicofo
restart_jibri
systemctl restart prosody
}
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
while getopts m: option while getopts m: option
do do
@ -86,12 +61,23 @@ WS_MATCH1='# ensure all static content can always be found first'
PROS_MATCH1='"av_moderation";' PROS_MATCH1='"av_moderation";'
PROS_MATCH2='breakout_rooms_muc = "breakout.' PROS_MATCH2='breakout_rooms_muc = "breakout.'
PROS_MATCH3='VirtualHost "recorder.' PROS_MATCH3='VirtualHost "recorder.'
CONFIG_MATCH1='List of undocumented settings used in jitsi-meet' CONFIG_MATCH1='Settings for the GIPHY integration'
EXCALIDRAW_HOME="/opt/excalidraw" EXCALIDRAW_HOME="/opt/excalidraw"
EXCAL_MATCH1="prometheus.metrics(io" EXCAL_MATCH1="prometheus.metrics(io"
EXCAL_NEW_PORT="9091" EXCAL_NEW_PORT="9091"
EXCAL_PORT_FILE="$EXCALIDRAW_HOME/backend/src/index.ts" EXCAL_PORT_FILE="$EXCALIDRAW_HOME/backend/src/index.ts"
# Test for matches
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
# Make sure we can rely on the match strings. # Make sure we can rely on the match strings.
printf "Testing match strings on config files.\n" printf "Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF" test_match "$WS_MATCH1" "$WS_CONF"
@ -114,14 +100,14 @@ sudo -u excalidraw cp .env.development .env.production
# Use documented port to get some sort of standarization. # Use documented port to get some sort of standarization.
if sed -n "/$EXCAL_MATCH1/,/});/p" "$EXCAL_PORT_FILE" |grep -q port: ; then if sed -n "/$EXCAL_MATCH1/,/});/p" "$EXCAL_PORT_FILE" |grep -q port: ; then
echo -e "> Update predefined port for metrics to $EXCAL_NEW_PORT\n" echo "> Update predefined port for metrics to $EXCAL_NEW_PORT\n"
sed -i "/$EXCAL_MATCH1/,/});/s|port:.*,|port: $EXCAL_NEW_PORT,|" "$EXCAL_PORT_FILE" sed -i "/$EXCAL_MATCH1/,/});/s|port:.*,|port: $EXCAL_NEW_PORT,|" "$EXCAL_PORT_FILE"
else else
echo -e "> Define new port from default to $EXCAL_NEW_PORT\n" echo "> Define new port from default to $EXCAL_NEW_PORT\n"
sed -i "/$EXCAL_MATCH1/a \ \ \ \ port: $EXCAL_NEW_PORT," "$EXCAL_PORT_FILE" sed -i "/$EXCAL_MATCH1/a \ \ \ \ port: $EXCAL_NEW_PORT," "$EXCAL_PORT_FILE"
fi fi
printf "Installing npm backend.\n" printf "\nInstalling npm backend.\n"
sudo -u excalidraw npm install sudo -u excalidraw npm install
sudo -u excalidraw npm run build sudo -u excalidraw npm run build
@ -156,7 +142,7 @@ else
sed -i "/$PROS_MATCH3/i \\\n" "$PROSODY_FILE" sed -i "/$PROS_MATCH3/i \\\n" "$PROSODY_FILE"
fi fi
printf "\n# Checking for whitebord setup at %s.\n" "$(basename "$MEET_CONF")" printf "\n# Checking for whitebord setup at $(basename "$MEET_CONF").\n"
if [ -z "$(sed -n '/whiteboard: {/,/},/p' "$MEET_CONF")" ]; then if [ -z "$(sed -n '/whiteboard: {/,/},/p' "$MEET_CONF")" ]; then
echo "> No present configuration on current config.js file" echo "> No present configuration on current config.js file"
sed -i "/$CONFIG_MATCH1/i \\\n" "$MEET_CONF" sed -i "/$CONFIG_MATCH1/i \\\n" "$MEET_CONF"
@ -205,4 +191,3 @@ systemctl enable excalidraw.service
systemctl start excalidraw.service systemctl start excalidraw.service
printwc "${Green}" "\nExcalidraw setup complete!\n" printwc "${Green}" "\nExcalidraw setup complete!\n"
restart_services

109
files/jibri.conf
View File

@ -1,109 +0,0 @@
// XMPP environment config.
jibri {
streaming {
// A list of regex patterns for allowed RTMP URLs. The RTMP URL used
// when starting a stream must match at least one of the patterns in
// this list.
rtmp-allow-list = [
// By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = JIBRI_RES_CONF
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors",
"--disable-dev-shm-usage"
]
}
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording {
recordings-directory = "DIR_RECORD"
finalize-script = "REC_DIR"
}
api {
xmpp {
environments = [
{
// A user-friendly name for this environment
name = "JB_NAME"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ "DOMAIN" ]
// The base XMPP domain
xmpp-domain = "DOMAIN"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.DOMAIN"
room-name = "JibriBrewery"
nickname = "Live"
}
// The login information for the control MUC
control-login {
domain = "auth.DOMAIN"
username = "jibri"
password = "JB_AUTH_PASS"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = "recorder.DOMAIN"
username = "recorder"
password = "JB_REC_PASS"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 0 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
}

177
files/nextcloud.conf
View File

@ -1,177 +0,0 @@
# Nextcloud 28 nginx - configuration
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php_PHPVER-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
listen [::]:80;
server_name _NC_DOMAIN;
# enforce https
return 301 https://\$server_name\$request_uri;
}
server {
listen _NC_NGINX_SSL_PORT ssl http2;
listen [::]:_NC_NGINX_SSL_PORT ssl http2;
server_name _NC_DOMAIN;
# Path to the root of your installation
root _NC_PATH/;
ssl_certificate /etc/letsencrypt/live/_NC_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/_NC_DOMAIN/privkey.pem;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

66
grafana.sh
View File

@ -8,7 +8,7 @@
# by "mephisto" # by "mephisto"
# #
# Igor Kerstges © - 2021 # Igor Kerstges © - 2021
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# #
# GPLv3 or later. # GPLv3 or later.
@ -43,22 +43,11 @@ systemctl enable "$1"
systemctl restart "$1" systemctl restart "$1"
systemctl status "$1" systemctl status "$1"
} }
test_match() {
if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..."
else
echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit
fi
}
MAIN_TEL="/etc/telegraf/telegraf.conf" MAIN_TEL="/etc/telegraf/telegraf.conf"
TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf"
GRAFANA_INI="/etc/grafana/grafana.ini" GRAFANA_INI="/etc/grafana/grafana.ini"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
WS_MATCH1="# ensure all static content can always be found first"
WS_MATCH2="upstream prosody {"
GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
# Min requirements # Min requirements
@ -68,17 +57,11 @@ apt-get install -y gnupg2 \
wget \ wget \
jq jq
# Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF"
echo " echo "
# Setup InfluxDB Packages # Setup InfluxDB Packages
" "
curl -s https://repos.influxdata.com/influxdata-archive.key > \ curl -s https://repos.influxdata.com/influxdata-archive.key > /etc/apt/trusted.gpg.d/influxdata-archive.key
/etc/apt/trusted.gpg.d/influxdata-archive.key echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | \
sudo tee /etc/apt/sources.list.d/influxdb.list
apt-get update && apt-get install influxdb -y apt-get update && apt-get install influxdb -y
run_service influxdb run_service influxdb
@ -87,8 +70,7 @@ echo "
" "
curl -s https://apt.grafana.com/gpg-full.key | \ curl -s https://apt.grafana.com/gpg-full.key | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg >/dev/null gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg >/dev/null
echo "deb https://packages.grafana.com/oss/deb stable main" | \ add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
sudo tee /etc/apt/sources.list.d/grafana_com_oss_deb.list
apt-get update && apt-get install grafana -y apt-get update && apt-get install grafana -y
run_service grafana-server run_service grafana-server
@ -156,13 +138,11 @@ echo '
# extra options to pass to the JVB daemon # extra options to pass to the JVB daemon
JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config
sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties
# Enable videobridge REST API
hocon -f /etc/jitsi/videobridge/jvb.conf set videobridge.apis.rest.enabled true
systemctl restart jitsi-videobridge2 systemctl restart jitsi-videobridge2
echo -e "\n# Setup Grafana nginx domain\n" echo -e "\n# Setup Grafana nginx domain\n"
sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI
sed -i "s|;http_addr =.*|http_addr = 127.0.0.1|" $GRAFANA_INI sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI
sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI
sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI
sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI
@ -180,30 +160,10 @@ while [ $secs -gt 0 ]; do
done done
if [ -f "$WS_CONF" ]; then if [ -f "$WS_CONF" ]; then
sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana." "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location ~ ^/(grafana/|grafana/login) {" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF" sed -i "/# ensure all static content can always be found first/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana Live WebSocket connections." "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location /grafana/api/live/ {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections." "$WS_CONF"
sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH2/i upstream grafana {" "$WS_CONF"
sed -i "/$WS_MATCH2/i \ \ server localhost:3000;" "$WS_CONF"
sed -i "/$WS_MATCH2/i }" "$WS_CONF"
systemctl restart nginx systemctl restart nginx
else else
echo "No app configuration done to server file, please report to: echo "No app configuration done to server file, please report to:
@ -219,7 +179,7 @@ PUT -H "Content-Type: application/json;charset=UTF-8" -d \
\"oldPassword\": \"admin\", \"oldPassword\": \"admin\",
\"newPassword\": \"$GRAFANA_PASS\", \"newPassword\": \"$GRAFANA_PASS\",
\"confirmNew\": \"$GRAFANA_PASS\" \"confirmNew\": \"$GRAFANA_PASS\"
}" http://127.0.0.1:3000/api/user/password; echo "" }" http://localhost:3000/api/user/password; echo ""
echo " echo "
# Create InfluxDB datasource # Create InfluxDB datasource
@ -229,16 +189,16 @@ POST -H 'Content-Type: application/json;charset=UTF-8' -d \
'{ '{
"name": "InfluxDB", "name": "InfluxDB",
"type": "influxdb", "type": "influxdb",
"url": "http://127.0.0.1:8086", "url": "http://localhost:8086",
"access": "proxy", "access": "proxy",
"isDefault": true, "isDefault": true,
"database": "jitsi" "database": "jitsi"
}' http://127.0.0.1:3000/api/datasources; echo "" }' http://localhost:3000/api/datasources; echo ""
echo " echo "
# Add Grafana Dashboard # Add Grafana Dashboard
" "
grafana_host="http://127.0.0.1:3000" grafana_host="http://localhost:3000"
grafana_cred="admin:$GRAFANA_PASS" grafana_cred="admin:$GRAFANA_PASS"
grafana_datasource="InfluxDB" grafana_datasource="InfluxDB"
ds=(11969); ds=(11969);

1
images/watermark2.svg
View File

@ -1 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" width="1" height="1"/>
Side by Side

Before

Width:  |  Height:  |  Size: 100 B

128
jigasi-vosk-backend.sh
View File

@ -1,128 +0,0 @@
#!/bin/bash
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
#Check if user is root
if ! [ "$(id -u)" = 0 ]; then
echo "You need to be root or have sudo privileges!"
exit 0
fi
exit_if_not_installed() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then
echo " This instance doesn't have $1 installed, exiting..."
echo " If you think this is an error, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues "
exit
fi
}
clear
echo ''
echo '########################################################################'
echo ' Jigasi Transcript addon'
echo '########################################################################'
echo ' by Software, IT & Networks Ltd'
echo ''
exit_if_not_installed jitsi-meet
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
JIG_TRANSC_PASWD="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 16 | head -n1)"
JIG_SIP_PROP="/etc/jitsi/jigasi/sip-communicator.properties"
export DOMAIN
export JIG_TRANSC_PASWD
apt-get -q2 update
# Disable SIP account prompt by default
echo "jigasi jigasi/sip-account string ''" | debconf-set-selections
echo "jigasi jigasi/sip-password password ''" | debconf-set-selections
echo "Installing Jigasi, SIP configuration disabled by default."
apt-get -y install gettext-base jigasi docker.io
echo "Please select a language for the VOSK transcription model:"
echo "1) Chinese"
echo "2) English"
echo "3) French"
echo "4) German"
echo "5) Hindi"
echo "6) Japanese"
echo "7) Russian"
echo "8) Spanish"
read -p "Enter the number corresponding to your language choice: " -r lang_choice
case $lang_choice in
1)
echo "You selected Chinese."
VOSK_DOCKER_MODEL="alphacep/kaldi-cn"
;;
2)
echo "You selected English."
VOSK_DOCKER_MODEL="alphacep/kaldi-en"
;;
3)
echo "You selected French."
VOSK_DOCKER_MODEL="alphacep/kaldi-fr"
;;
4)
echo "You selected German."
VOSK_DOCKER_MODEL="alphacep/kaldi-de"
;;
5)
echo "You selected Hindi."
VOSK_DOCKER_MODEL="alphacep/kaldi-hi"
;;
6)
echo "You selected Japanese."
VOSK_DOCKER_MODEL="alphacep/kaldi-ja"
;;
7)
echo "You selected Russian."
VOSK_DOCKER_MODEL="alphacep/kaldi-ru"
;;
8)
echo "You selected Spanish."
VOSK_DOCKER_MODEL="alphacep/kaldi-es"
;;
*)
echo "Invalid selection. Please choose a number between 1 and 8."
;;
esac
# Running selected VOSK docker model.
docker run -d --restart always -p 2700:2700 ${VOSK_DOCKER_MODEL}:latest
echo "Setting up Jigasi transcript with current platform..."
# Jitsi Meet
echo "> Patching Jitsi Meet's config.js for Transcription support."
echo " Read more at patches/jigasi/001-jigasi-meet-config.patch file"
envsubst < patches/jigasi/001-jigasi-meet-config.patch | \
patch --no-backup-if-mismatch -d / -p1
# Jigasi
echo "> Patching jigasi's sip-communicator.properties configuration."
echo " Read more at patches/jigasi/002-jigasi-sip-properties.patch file"
cp "$JIG_SIP_PROP" ${JIG_SIP_PROP}-dpkg-file
envsubst < patches/jigasi/002-jigasi-sip-properties.patch | \
patch --no-backup-if-mismatch -d / -p1
# Create transcribe user on hidden domain.
prosodyctl register transcriber recorder."$DOMAIN" "$JIG_TRANSC_PASWD"
# Restart services.
systemctl restart prosody \
jicofo \
jigasi \
jibri* \
jitsi-videobridge2
echo ""
echo "Full transcript files are available at:"
echo "--> /var/lib/jigasi/transcripts/"
echo ""
echo "Happy transcripting!"
echo ""

14
jitsi-updater.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Jitsi Meet recurring upgrader and customization keeper # Jitsi Meet recurring upgrader and customization keeper
# for Debian/*buntu binaries. # for Debian/*buntu binaries.
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option
@ -42,9 +42,7 @@ apt_repo="/etc/apt/sources.list.d"
ENABLE_BLESSM="TBD" ENABLE_BLESSM="TBD"
G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3) G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing" CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \ CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | grep linux64 | grep "$G_CHROME" | tail -1)
jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | \
grep linux64 | grep "$G_CHROME" | tail -1)
CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL") CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL")
CHD_LTST_2D="$(cut -d "." -f 1,2 <<< "$CHD_LTST")" CHD_LTST_2D="$(cut -d "." -f 1,2 <<< "$CHD_LTST")"
CHDB="$(whereis chromedriver | awk '{print$2}')" CHDB="$(whereis chromedriver | awk '{print$2}')"
@ -125,7 +123,6 @@ update_nodejs_repo() {
-o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"
apt-get install -q2 --only-upgrade <<< printf "${nodejs_package[@]}" apt-get install -q2 --only-upgrade <<< printf "${nodejs_package[@]}"
} }
check_latest_gc() {
printwc "${Purple}" "Checking for Google Chrome\n" printwc "${Purple}" "Checking for Google Chrome\n"
if [ -f /usr/bin/google-chrome ]; then if [ -f /usr/bin/google-chrome ]; then
GOOGL_VER_2D="$(/usr/bin/google-chrome --version|awk '{printf "%.1f\n", $NF}')" GOOGL_VER_2D="$(/usr/bin/google-chrome --version|awk '{printf "%.1f\n", $NF}')"
@ -133,11 +130,8 @@ else
printwc "${Yellow}" " -> Seems there is no Google Chrome installed\n" printwc "${Yellow}" " -> Seems there is no Google Chrome installed\n"
IS_GLG_CHRM="no" IS_GLG_CHRM="no"
fi fi
}
check_latest_gc
upgrade_cd() { upgrade_cd() {
if [ -n "$GOOGL_VER_2D" ]; then if [ -n "$GOOGL_VER_2D" ]; then
check_latest_gc
if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then
echo "Upgrading Chromedriver to Google Chromes version" echo "Upgrading Chromedriver to Google Chromes version"
wget -q "$CHD_LTST_DWNL" \ wget -q "$CHD_LTST_DWNL" \
@ -265,10 +259,6 @@ printwc "${Purple}" "========== Enable $NC_DOMAIN for sync client ==========\n"
echo "$NC_DOMAIN seems to be on place, skipping..." echo "$NC_DOMAIN seems to be on place, skipping..."
fi fi
fi fi
# Final check & upgrade call.
check_lst_cd
if [ "$JIBRI_NODE" = "yes" ]; then if [ "$JIBRI_NODE" = "yes" ]; then
restart_jibri restart_jibri
else else

38
jm-bm.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Jitsi Meet brandless mode # Jitsi Meet brandless mode
# for Debian/*buntu binaries. # for Debian/*buntu binaries.
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option
@ -27,7 +27,6 @@ BUNDLE_JS="/usr/share/jitsi-meet/libs/app.bundle.min.js"
# #
JM_IMG_PATH="/usr/share/jitsi-meet/images" JM_IMG_PATH="/usr/share/jitsi-meet/images"
WTM2_PATH="$JM_IMG_PATH/watermark2.png" WTM2_PATH="$JM_IMG_PATH/watermark2.png"
WTM2_SVG_PATH="$JM_IMG_PATH/watermark2.svg"
FICON_PATH="$JM_IMG_PATH/favicon2.ico" FICON_PATH="$JM_IMG_PATH/favicon2.ico"
REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png" REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png"
# #
@ -37,30 +36,29 @@ PART_USER="Participant"
LOCAL_USER="me" LOCAL_USER="me"
# #
#SEC_ROOM="TBD" #SEC_ROOM="TBD"
copy_if_not_there() {
if [ ! -f "$1" ]; then
cp images/"$(echo $1|xargs basename)" "$1"
else
echo "$(echo $1|xargs basename) file exists, skipping copying..."
fi
}
echo ' echo '
#-------------------------------------------------- #--------------------------------------------------
# Applying Brandless mode # Applying Brandless mode
#-------------------------------------------------- #--------------------------------------------------
' '
#Watermark #Watermark
copy_if_not_there "$WTM2_PATH" if [ ! -f "$WTM2_PATH" ]; then
cp images/watermark2.png "$WTM2_PATH"
#Watermark svg else
copy_if_not_there "$WTM2_SVG_PATH" echo "watermark2 file exists, skipping copying..."
fi
#Favicon #Favicon
copy_if_not_there "$FICON_PATH" if [ ! -f "$FICON_PATH" ]; then
cp images/favicon2.ico "$FICON_PATH"
else
echo "favicon2 file exists, skipping copying..."
fi
#Local recording icon #Local recording icon
copy_if_not_there "$REC_ICON_PATH" if [ ! -f "$REC_ICON_PATH" ];then
cp images/gnome_record.png "$REC_ICON_PATH"
else
echo "recording icon exists, skipping copying..."
fi
#Custom / Remove icons #Custom / Remove icons
sed -i "s|watermark.png|watermark2.png|g" "$CSS_FILE" sed -i "s|watermark.png|watermark2.png|g" "$CSS_FILE"
@ -72,10 +70,6 @@ sed -i "s|icon-cloud.png|gnome_record.png|g" "$BUNDLE_JS"
if ! grep -q ".leftwatermark{display:none" "$CSS_FILE" ; then if ! grep -q ".leftwatermark{display:none" "$CSS_FILE" ; then
sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE" sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE"
fi fi
#Replace App logo
sed -i "s|// defaultLogoUrl: .*| defaultLogoUrl: 'images/watermark2.svg',|" "$MEET_CONF"
#Overwrite favicon svg
cp images/watermark2.svg $JM_IMG_PATH/favicon.svg
#Customize room title #Customize room title
sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE" sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE"

312
jra_nextcloud.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# JRA (Jibri Recordings Access) via Nextcloud # JRA (Jibri Recordings Access) via Nextcloud
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option
@ -14,7 +14,7 @@ done
#DEBUG #DEBUG
if [ "$MODE" = "debug" ]; then if [ "$MODE" = "debug" ]; then
set -x set -x
fi fi
if ! [ "$(id -u)" = 0 ]; then if ! [ "$(id -u)" = 0 ]; then
@ -42,9 +42,14 @@ apt-get update -q2
# Manually add prerequisites. # Manually add prerequisites.
apt-get install -y curl letsencrypt nginx apt-get install -y curl letsencrypt nginx
MIN_PHP="8.2" DISTRO_RELEASE="$(lsb_release -sc)"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHPVER="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')" PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')" NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')"
[ -z "$NC_NGINX_SSL_PORT" ] && NC_NGINX_SSL_PORT="443" [ -z "$NC_NGINX_SSL_PORT" ] && NC_NGINX_SSL_PORT="443"
NC_REPO="https://download.nextcloud.com/server/releases" NC_REPO="https://download.nextcloud.com/server/releases"
@ -59,11 +64,31 @@ DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording
REDIS_CONF="/etc/redis/redis.conf" REDIS_CONF="/etc/redis/redis.conf"
JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
[ -f "$JITSI_MEET_PROXY" ] && PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1) [ -f "$JITSI_MEET_PROXY" ] && PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1)
PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)" PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
ISO3166_CODE=TBD ISO3166_CODE=TBD
NL="$(printf '\n ')" NL="$(printf '\n ')"
TMP_GPG_REPO="$(mktemp -d)"
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison "$i" 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages
packages=""
}
exit_ifinstalled() { exit_ifinstalled() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " This instance already has $1 installed, exiting..." echo " This instance already has $1 installed, exiting..."
@ -80,6 +105,18 @@ else
apt-get -yq2 install "$1" apt-get -yq2 install "$1"
fi fi
} }
add_php() {
if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed"
apt-get -q2 update
apt-get -yq2 dist-upgrade
else
echo "# Adding Ondrej PHP $PHPVER PPA Repository"
add_gpg_keyring E5267A6C
echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2
fi
}
while [[ "$ANS_NCD" != "yes" ]] while [[ "$ANS_NCD" != "yes" ]]
do do
read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN
@ -95,11 +132,9 @@ do
echo " - Please try again." echo " - Please try again."
fi fi
done done
sleep .1
#Simple DNS test #Simple DNS test
if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then
echo -e "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...\n\n" echo -e "Server public IP & DNS record for $NC_DOMAIN seems to match, continuing...\n\n"
sleep .1
else else
echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match." echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match."
echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail." echo " > Please check your dns records are applied and updated, otherwise Nextcloud may fail."
@ -111,7 +146,7 @@ else
exit exit
fi fi
fi fi
sleep .1
NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf" NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf"
while [ -z "$NC_USER" ] while [ -z "$NC_USER" ]
do do
@ -120,7 +155,6 @@ do
echo " - This field is mandatory." echo " - This field is mandatory."
fi fi
done done
sleep .1
while [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 8 ] while [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 8 ]
do do
read -p "Nextcloud user password: " -r NC_PASS read -p "Nextcloud user password: " -r NC_PASS
@ -128,7 +162,6 @@ do
echo -e " - This field is mandatory. \nPlease make sure it's at least 8 characters.\n" echo -e " - This field is mandatory. \nPlease make sure it's at least 8 characters.\n"
fi fi
done done
sleep .1
#Enable HSTS #Enable HSTS
while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ] while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ]
do do
@ -141,7 +174,7 @@ do
echo " - HSTS will be enabled." echo " - HSTS will be enabled."
fi fi
done done
sleep .1
echo -e "#Default country phone code\n echo -e "#Default country phone code\n
> Starting at Nextcloud 21.x it's required to set a default country phone ISO 3166-1 alpha-2 code.\n > Starting at Nextcloud 21.x it's required to set a default country phone ISO 3166-1 alpha-2 code.\n
>>> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements <<<\n" >>> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements <<<\n"
@ -176,39 +209,241 @@ exit_ifinstalled postgresql-"$PSGVER"
# PostgresSQL # PostgresSQL
install_ifnot postgresql-"$PSGVER" install_ifnot postgresql-"$PSGVER"
# PHP 7.4 / 8.1
add_php
install_aval_package " \
imagemagick \
php$PHPVER-fpm \
php$PHPVER-bcmath \
php$PHPVER-bz2 \
php$PHPVER-curl \
php$PHPVER-gd \
php$PHPVER-gmp \
php$PHPVER-imagick \
php$PHPVER-intl \
php$PHPVER-json \
php$PHPVER-ldap \
php$PHPVER-mbstring \
php$PHPVER-pgsql \
php$PHPVER-redis \
php$PHPVER-soap \
php$PHPVER-xml \
php$PHPVER-xmlrpc \
php$PHPVER-zip \
redis-server \
unzip \
"
#-------------------------------------------------- #System related
# Prepare PHP install_ifnot smbclient
#-------------------------------------------------- sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF"
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF"
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF"
sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF"
if [ "$MODE" = "debug" ]; then echo "
bash -x "$PWD"/tools/prepare_php.sh "$MIN_PHP" Tunning PHP.ini...
else "
bash "$PWD"/tools/prepare_php.sh "$MIN_PHP" # Change values in php.ini (increase max file size)
fi # max_execution_time
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
# max_input_time
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
# memory_limit
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
# post_max
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
# upload_max
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
phpenmod opcache
{
echo "# OPcache settings for Nextcloud"
echo "opcache.enable=1"
echo "opcache.enable_cli=1"
echo "opcache.interned_strings_buffer=8"
echo "opcache.max_accelerated_files=10000"
echo "opcache.memory_consumption=256"
echo "opcache.save_comments=1"
echo "opcache.revalidate_freq=1"
echo "opcache.validate_timestamps=1"
} >> "$PHP_INI"
systemctl restart php"$PHPVER"-fpm.service
#-------------------------------------------------- #--------------------------------------------------
# Create DB user # Create DB user
#-------------------------------------------------- #--------------------------------------------------
echo -e "\n---- Creating the PgSQL DB & User ----" echo -e "\n---- Creating the PgSQL DB & User ----"
cd /tmp || return
sudo -u postgres psql <<DB sudo -u postgres psql <<DB
CREATE DATABASE nextcloud_db; CREATE DATABASE nextcloud_db;
CREATE USER ${NC_DB_USER} WITH ENCRYPTED PASSWORD '${NC_DB_PASSWD}'; CREATE USER ${NC_DB_USER} WITH ENCRYPTED PASSWORD '${NC_DB_PASSWD}';
GRANT ALL PRIVILEGES ON DATABASE ${NC_DB} TO ${NC_DB_USER}; GRANT ALL PRIVILEGES ON DATABASE ${NC_DB} TO ${NC_DB_USER};
DB DB
echo -e "\nDone!\n" echo "Done!
"
# Add .mjs as a file extension for javascript #nginx - configuration
sed -i "/application\/javascript/s|js.*;|js mjs;|" /etc/nginx/mime.types cat << NC_NGINX > "$NC_NGINX_CONF"
#nextcloud config
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php${PHPVER}-fpm.sock;
}
# nginx conf setup. server {
cp files/nextcloud.conf "$NC_NGINX_CONF" listen 80;
sed -i "s|_PHPVER|$MIN_PHP|g" "$NC_NGINX_CONF" listen [::]:80;
sed -i "s|_NC_DOMAIN|$NC_DOMAIN|g" "$NC_NGINX_CONF" server_name $NC_DOMAIN;
sed -i "s|_NC_NGINX_SSL_PORT|$NC_NGINX_SSL_PORT|g" "$NC_NGINX_CONF" # enforce https
sed -i "s|_NC_PATH|$NC_PATH|g" "$NC_NGINX_CONF" return 301 https://\$server_name\$request_uri;
}
server {
listen $NC_NGINX_SSL_PORT ssl http2;
listen [::]:$NC_NGINX_SSL_PORT ssl http2;
server_name $NC_DOMAIN;
ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$NC_DOMAIN/privkey.pem;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the \`ngx_pagespeed\` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud \`.htaccess\`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# set max upload size
client_max_body_size 1024M;
fastcgi_buffers 64 4K;
# Path to the root of your installation
root $NC_PATH/;
# Specify how to handle directories -- specifying \`/index.php\$request_uri\`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# \`/updater\`, \`/ocm-provider\`, \`/ocs-provider\`), and thus
# \`try_files \$uri \$uri/ /index.php\$request_uri\`
# always provides the desired behaviour.
index index.php index.html /index.php\$request_uri;
# Rule borrowed from \`.htaccess\` to handle Microsoft DAV clients
location = / {
if ( \$http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/\$is_args\$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for \`/.well-known\` so that clients can still
# access it despite the existence of the regex rule
# \`location ~ /(\.|autotest|...)\` which would otherwise handle requests
# for \`/.well-known\`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in \`.htaccess\` that concern \`/.well-known\`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files \$uri \$uri/ =404; }
location /.well-known/pki-validation { try_files \$uri \$uri/ =404; }
# Let Nextcloud's API for \`/.well-known\` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php\$request_uri;
}
# Rules borrowed from \`.htaccess\` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:\$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends \`/index.php\`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:\$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
set \$path_info \$fastcgi_path_info;
try_files \$fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param PATH_INFO \$path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)\$ {
try_files \$uri /index.php\$request_uri;
expires 6M; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?\$ {
try_files \$uri /index.php\$request_uri;
expires 7d; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from \`.htaccess\`
location /remote {
return 301 /remote.php\$request_uri;
}
location / {
try_files \$uri \$uri/ /index.php\$request_uri;
}
}
NC_NGINX
systemctl stop nginx systemctl stop nginx
letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN" letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN"
if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then
@ -244,7 +479,7 @@ chown -R www-data:www-data "$NC_PATH"
chmod -R 755 "$NC_PATH" chmod -R 755 "$NC_PATH"
echo -e "\nDatabase installation...\n" echo -e "\nDatabase installation...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ maintenance:install \ sudo -u www-data php "$NC_PATH"/occ maintenance:install \
--database=pgsql \ --database=pgsql \
--database-name="$NC_DB" \ --database-name="$NC_DB" \
--database-user="$NC_DB_USER" \ --database-user="$NC_DB_USER" \
@ -259,7 +494,7 @@ sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," "$NC_C
sed -i "s|http://localhost|https://$NC_DOMAIN|" "$NC_CONFIG" sed -i "s|http://localhost|https://$NC_DOMAIN|" "$NC_CONFIG"
echo -e "\nAdd crontab...\n" echo -e "\nAdd crontab...\n"
crontab -u www-data -l | { cat; echo "*/5 * * * * php$MIN_PHP -f $NC_PATH/cron.php"; } | crontab -u www-data - crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NC_PATH/cron.php"; } | crontab -u www-data -
echo -e "\nAdd memcache support...\n" echo -e "\nAdd memcache support...\n"
sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF" sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF"
@ -285,24 +520,25 @@ sed -i "/);/i \ \ )," "$NC_CONFIG"
echo -e "Done\n" echo -e "Done\n"
echo -e "\nAddding & Setting up Files External App for Local storage...\n" echo -e "\nAddding & Setting up Files External App for Local storage...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:install files_external sudo -u www-data php "$NC_PATH"/occ app:install files_external
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:enable files_external sudo -u www-data php "$NC_PATH"/occ app:enable files_external
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:disable support sudo -u www-data php "$NC_PATH"/occ app:disable support
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json sudo -u www-data php "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json
usermod -a -G jibri www-data usermod -a -G jibri www-data
chmod -R 770 "$DIR_RECORD" chmod -R 770 "$DIR_RECORD"
chmod -R g+s "$DIR_RECORD" chmod -R g+s "$DIR_RECORD"
echo -e "\nFixing possible missing tables...\n\n" echo -e "\nFixing possible missing tables...\n\n"
echo "y"|sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:convert-filecache-bigint echo "y"|sudo -u www-data php "$NC_PATH"/occ db:convert-filecache-bigint
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-indices sudo -u www-data php "$NC_PATH"/occ db:add-missing-indices
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-columns sudo -u www-data php "$NC_PATH"/occ db:add-missing-columns
echo -e "\nAdding trusted domain...\n" echo -e "\nAdding trusted domain...\n"
sudo -u www-data php$MIN_PHP "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN" sudo -u www-data php "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN"
echo -e "\nSetting JRA domain on jitsi-updater.sh\n" echo -e "\nSetting JRA domain on jitsi-updater.sh\n"
cd ~/quick-jibri-installer || return
sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh
echo -e "\nQuick Nextcloud installation complete!\n" echo -e "\nQuick Nextcloud installation complete!\n"

2
mode/chp-mode.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Custom High Performance Jitsi conf # Custom High Performance Jitsi conf
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
mode/grid/selenium-grid-docker.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Custom Selenium Grid-Node fro Jitsi Meet # Custom Selenium Grid-Node fro Jitsi Meet
# Pandian © - https://community.jitsi.org/u/Pandian # Pandian © - https://community.jitsi.org/u/Pandian
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
mode/jms-stu.sh
View File

@ -2,7 +2,7 @@
# System-tune-up to remove system software restrictions on a huge load of connections. # System-tune-up to remove system software restrictions on a huge load of connections.
# Be aware that hardware/infrastructure resources are the most common limiters. # Be aware that hardware/infrastructure resources are the most common limiters.
# #
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
mode/jwt.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# JWT Mode Setup # JWT Mode Setup
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

40
patches/jigasi/001-jigasi-meet-config.patch
View File

@ -1,40 +0,0 @@
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
Enable transcription on jitsi meet config.js file.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index f412891..f704157 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -426,9 +426,9 @@ var config = {
// autoCaptionOnRecord: false,
// Transcription options.
- // transcription: {
+ transcription: {
// // Whether the feature should be enabled or not.
- // enabled: false,
+ enabled: true,
// // Translation languages.
// // Available languages can be found in
@@ -443,7 +443,7 @@ var config = {
// // detected based on the environment, e.g. if the app is opened in a chrome instance which
// // is using french as its default language then transcriptions for that participant will be in french.
// // Defaults to true.
- // useAppLanguage: true,
+ useAppLanguage: true,
// // Transcriber language. This settings will only work if "useAppLanguage"
// // is explicitly set to false.
@@ -453,7 +453,7 @@ var config = {
// // Enables automatic turning on transcribing when recording is started
// autoTranscribeOnRecord: false,
- // },
+ },
// Misc

80
patches/jigasi/002-jigasi-sip-properties.patch
View File

@ -1,80 +0,0 @@
# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
Modify sip-communicator.properties to run Jigasi along with VOSK Models.
diff --git a/etc/jitsi/jigasi/sip-communicator.properties b/etc/jitsi/jigasi/sip-communicator.properties
index 7a8d0f3..ae5369a 100644
--- a/etc/jitsi/jigasi/sip-communicator.properties
+++ b/etc/jitsi/jigasi/sip-communicator.properties
@@ -165,12 +165,12 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# If you want jigasi to perform authenticated login instead of anonymous login
# to the XMPP server, you can set the following properties.
-# org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
-# org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
-# org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
+org.jitsi.jigasi.xmpp.acc.USER_ID=transcriber@recorder.${DOMAIN}
+org.jitsi.jigasi.xmpp.acc.PASS=${JIG_TRANSC_PASWD}
+org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
# To fix SSL/TLS required by client but not supported by server
-#org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
+org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
# Can be used in combination with jitsi-meet module mod_auth_jitsi-shared-secret
# To have jigasi use a random username on every call
@@ -187,7 +187,7 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# Activate this property if you are using self-signed certificates or other
# type of non-trusted certicates. In this mode your service trust in the
# remote certificates always.
-# net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
+net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
# Enable this property to be able to shutdown gracefully jigasi using
# a rest command
@@ -196,31 +196,31 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
# Options regarding Transcription. Read the README for a detailed description
# about each property
-#org.jitsi.jigasi.ENABLE_TRANSCRIPTION=false
-#org.jitsi.jigasi.ENABLE_SIP=true
+org.jitsi.jigasi.ENABLE_TRANSCRIPTION=true
+org.jitsi.jigasi.ENABLE_SIP=false
# whether to use the more expensive, but better performing
# "video" model when doing transcription
# org.jitsi.jigasi.transcription.USE_VIDEO_MODEL = false
# delivering final transcript
-# org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
-# org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
-# org.jitsi.jigasi.transcription.jetty.port=-1
-# org.jitsi.jigasi.transcription.ADVERTISE_URL=false
+org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
+org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
+org.jitsi.jigasi.transcription.jetty.port=-1
+org.jitsi.jigasi.transcription.ADVERTISE_URL=false
# save formats
-# org.jitsi.jigasi.transcription.SAVE_JSON=false
-# org.jitsi.jigasi.transcription.SAVE_TXT=true
+org.jitsi.jigasi.transcription.SAVE_JSON=false
+org.jitsi.jigasi.transcription.SAVE_TXT=true
# send formats
-# org.jitsi.jigasi.transcription.SEND_JSON=true
-# org.jitsi.jigasi.transcription.SEND_TXT=false
+org.jitsi.jigasi.transcription.SEND_JSON=true
+org.jitsi.jigasi.transcription.SEND_TXT=false
# Vosk server
-# org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
+org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
# org.jitsi.jigasi.transcription.vosk.websocket_url={"en": "ws://localhost:2700", "fr": "ws://localhost:2710"}
-# org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
+org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
# Whisper live transcription server
# org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.WhisperTranscriptionService

66
patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch
View File

@ -1,66 +0,0 @@
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
Patch jitsi-meet config.js to enable recording and livestreaming by default.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index dcb860b..8f64c7c 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -343,12 +343,12 @@ var config = {
// // showPrejoinWarning: true,
// },
- // recordingService: {
+ recordingService: {
// // When integrations like dropbox are enabled only that will be shown,
// // by enabling fileRecordingsServiceEnabled, we show both the integrations
// // and the generic recording service (its configuration and storage type
// // depends on jibri configuration)
- // enabled: false,
+ enabled: true,
// // Whether to show the possibility to share file recording with other people
// // (e.g. meeting participants), based on the actual implementation
@@ -357,7 +357,7 @@ var config = {
// // Hide the warning that says we only store the recording for 24 hours.
// hideStorageWarning: false,
- // },
+ },
// DEPRECATED. Use recordingService.enabled instead.
// fileRecordingsServiceEnabled: false,
@@ -368,7 +368,7 @@ var config = {
// Local recording configuration.
// localRecording: {
// // Whether to disable local recording or not.
- // disable: false,
+ // disable: true,
// // Whether to notify all participants when a participant is recording locally.
// notifyAllParticipants: false,
@@ -378,9 +378,9 @@ var config = {
// },
// Customize the Live Streaming dialog. Can be modified for a non-YouTube provider.
- // liveStreaming: {
+ liveStreaming: {
// // Whether to enable live streaming or not.
- // enabled: false,
+ enabled: true,
// // Terms link
// termsLink: 'https://www.youtube.com/t/terms',
// // Data privacy link
@@ -388,8 +388,8 @@ var config = {
// // RegExp string that validates the stream key input field
// validatorRegExpString: '^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}',
// // Documentation reference for the live streaming feature.
- // helpLink: 'https://jitsi.org/live'
- // },
+ helpLink: 'https://forge.switnet.net/switnet/quick-jibri-installer'
+ },
// DEPRECATED. Use liveStreaming.enabled instead.
// liveStreamingEnabled: false,

31
patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch
View File

@ -1,31 +0,0 @@
# Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
Patch jitsi-meet config.js to enable/disable welcome page.
diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
index dcb860b..2094287 100644
--- a/etc/jitsi/meet/${DOMAIN}-config.js
+++ b/etc/jitsi/meet/${DOMAIN}-config.js
@@ -664,13 +664,13 @@ var config = {
// enableWelcomePage: true,
// Configs for welcome page.
- // welcomePage: {
- // // Whether to disable welcome page. In case it's disabled a random room
- // // will be joined when no room is specified.
- // disabled: false,
- // // If set, landing page will redirect to this URL.
- // customUrl: ''
- // },
+ welcomePage: {
+ // Whether to disable welcome page. In case it's disabled a random room
+ // will be joined when no room is specified.
+ disabled: ${ENABLE_WELCP_BOL},
+ // If set, landing page will redirect to this URL.
+ customUrl: ''
+ },
// Configs for the lobby screen.
// lobby: {

548
quick_jibri_installer.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Quick Jibri Installer - *buntu (LTS) based systems. # Quick Jibri Installer - *buntu (LTS) based systems.
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
{ {
echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log
@ -38,126 +38,118 @@ DIST=$(lsb_release -sc)
GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}')
PROSODY_REPO="$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}')" PROSODY_REPO="$(apt-cache policy | awk '/prosody/{print$3}' | awk -F "/" 'NR==1{print$2}')"
PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)" PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
NL="$(printf '\n ')" NL="$(printf '\n ')"
NODEJS_VER="18" NODEJS_VER="18"
JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key"
PROSODY_GPG_KEY="/etc/apt/trusted.gpg.d/prosody-debian-packages.key"
NODEJS_GPG_KEY="/etc/apt/keyrings/nodesource.gpg"
TODAY=$(date +%s)
NEXT_LTS_DATE=$(date -d 2024-04-01 +%s)
CERT_CHOICE_DEBCONF="Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
printwc() { printwc() {
printf "%b$2%b" "$1" "${Color_Off}" printf "%b$2%b" "$1" "${Color_Off}"
} }
exit_ifinstalled() { exit_ifinstalled() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo -e "\nThis instance already has $1 installed, exiting..." echo "
echo -e "Please try again on a clean system." This instance already has $1 installed, exiting...
echo -e " If you think this is an error, please report to:" Please try again on a clean system.
echo -e " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues" If you think this is an error, please report to:
exit -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi exit
fi
} }
exit_ifinstalled jitsi-meet exit_ifinstalled jitsi-meet
rename_distro() { rename_distro() {
if [ "$DIST" = "$1" ]; then if [ "$DIST" = "$1" ]; then
DIST="$2" DIST="$2"
fi fi
} }
#Trisquel distro upstream referencing. #Trisquel distro upstream referencing.
rename_distro nabia focal rename_distro nabia focal
rename_distro aramo jammy rename_distro aramo jammy
install_ifnot() { install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " $1 is installed, skipping..." echo " $1 is installed, skipping..."
else else
printf "\n---- Installing %s ----" "$1" printf "\n---- Installing %s ----" "$1"
apt-get -yq2 install "$1" apt-get -yq2 install "$1"
fi fi
} }
check_serv() { check_serv() {
if [ "$APACHE_2" -eq 1 ]; then if [ "$APACHE_2" -eq 1 ]; then
echo -e "\nThe recommended setup is using NGINX, exiting...\n" echo "
exit The recommended setup is using NGINX, exiting...
elif [ "$NGINX" -eq 1 ]; then "
printf "\nWebserver already installed!\n" exit
else elif [ "$NGINX" -eq 1 ]; then
printf "\nInstalling nginx webserver!\n"
install_ifnot nginx printf "\nWebserver already installed!\n"
fi
else
printf "\nInstalling nginx webserver!\n"
install_ifnot nginx
fi
} }
check_snd_driver() { check_snd_driver() {
printf "\n# Checking ALSA - Loopback module..." printf "\n# Checking ALSA - Loopback module..."
echo "snd-aloop" | tee -a /etc/modules echo "snd-aloop" | tee -a /etc/modules
modprobe snd-aloop modprobe snd-aloop
if [ "$(lsmod|awk '/snd_aloop/{print$1}'|awk 'NR==1')" = "snd_aloop" ]; then if [ "$(lsmod|awk '/snd_aloop/{print$1}'|awk 'NR==1')" = "snd_aloop" ]; then
echo -e "\n#-----------------------------------------------------------------------" echo "
echo "# Audio driver seems - OK." #-----------------------------------------------------------------------
echo -e "#-----------------------------------------------------------------------\n" # Audio driver seems - OK.
else #-----------------------------------------------------------------------"
echo -e "\n#-----------------------------------------------------------------------" else
echo "# Your audio driver might not be able to load." echo "
echo "# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool." #-----------------------------------------------------------------------
echo -e "#-----------------------------------------------------------------------\n" # Your audio driver might not be able to load.
#Test tool # We'll check the state of this Jibri with our 'test-jibri-env.sh' tool.
if [ "$MODE" = "debug" ]; then #-----------------------------------------------------------------------"
bash "$PWD"/tools/test-jibri-env.sh -m debug #Test tool
else if [ "$MODE" = "debug" ]; then
bash "$PWD"/tools/test-jibri-env.sh bash "$PWD"/tools/test-jibri-env.sh -m debug
fi else
read -n 1 -s -r -p "Press any key to continue..."$'\n' bash "$PWD"/tools/test-jibri-env.sh
fi fi
read -n 1 -s -r -p "Press any key to continue..."$'\n'
fi
} }
# sed limiters for add-jibri-node.sh variables # sed limiters for add-jibri-node.sh variables
var_dlim() { var_dlim() {
grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1 grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1
} }
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com \$1
apt-key export \$1 | gpg --dearmour | tee /tmp/\$1.gpg >/dev/null
apt-key del \$1
mv /tmp/\$1.gpg /etc/apt/trusted.gpg.d/
}
add_prosody_repo() { add_prosody_repo() {
echo "Add Prosody repo" echo "Add Prosody repo"
if [ "$PROSODY_REPO" = "main" ]; then if [ "$PROSODY_REPO" = "main" ]; then
echo "Prosody repository already installed" echo "Prosody repository already installed"
else else
echo "deb [signed-by=$PROSODY_GPG_KEY] http://packages.prosody.im/debian $DIST main" \ echo "deb [signed-by=/etc/apt/trusted.gpg.d/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list
> /etc/apt/sources.list.d/prosody.list curl -s https://prosody.im/files/prosody-debian-packages.key > /etc/apt/trusted.gpg.d/prosody-debian-packages.key
curl -s https://prosody.im/files/prosody-debian-packages.key \ fi
> "$PROSODY_GPG_KEY"
apt-get update -q2
fi
} }
dpkg-compare() { dpkg-compare() {
dpkg --compare-versions "$(dpkg-query -f='${Version}' --show "$1")" "$2" "$3" dpkg --compare-versions "$(dpkg-query -f='${Version}' --show "$1")" "$2" "$3"
} }
wait_seconds() { wait_seconds() {
secs=$(($1)) secs=$(($1))
while [ $secs -gt 0 ]; do while [ $secs -gt 0 ]; do
echo -ne "$secs\033[0K\r" echo -ne "$secs\033[0K\r"
sleep 1 sleep 1
: $((secs--)) : $((secs--))
done done
} }
print_title() { print_title() {
printwc "${Blue}" "\n#--------------------------------------------------" printwc "${Blue}" "\n#--------------------------------------------------"
printwc "${Blue}" "\n# $1" printwc "${Blue}" "\n# $1"
printwc "${Blue}" "\n#--------------------------------------------------\n" printwc "${Blue}" "\n#--------------------------------------------------\n"
} }
test_match() { test_match() {
if grep -q "$1" "$2" ; then if grep -q "$1" "$2" ; then
echo "$(basename "$2") - OK..." echo "$(basename "$2") - OK..."
else else
echo "$(basename "$2"), FAIL..." echo "$(basename "$2"), FAIL..."
echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer" echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
exit exit
fi fi
} }
clear clear
printwc "${Green}" ' printwc "${Green}" '
@ -178,7 +170,7 @@ Featuring:
Learn more about these at, Learn more about these at,
Main repository: https://forge.switnet.net/switnet/quick-jibri-installer Main repository: https://forge.switnet.net/switnet/quick-jibri-installer
Wiki and documentation: https://forge.switnet.net/switnet/quick-jibri-installer/wiki\n\n' Wiki and documentation: https://forge.switnet.net/switnet/quick-jibri-installer/wiki\n\n'
sleep .1
read -n 1 -s -r -p "Press any key to continue..."$'\n' read -n 1 -s -r -p "Press any key to continue..."$'\n'
#Check if user is root #Check if user is root
@ -196,11 +188,13 @@ else
exit exit
fi fi
#Suggest 22.04 LTS release over 20.04 in April 2024 #Suggest 22.04 LTS release over 20.04 in April 2024
TODAY=$(date +%s)
NEXT_LTS_DATE=$(date -d 2024-04-01 +%s)
if [ "$DIST" = "focal" ]; then if [ "$DIST" = "focal" ]; then
if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then
echo " > $(lsb_release -sc), even when it's compatible and functional." echo " > $(lsb_release -sc), even when it's compatible and functional.
echo -n " We suggest to use the next (LTS) release, for longer" We suggest to use the next (LTS) release, for longer support and security reasons."
echo " support and security reasons."
read -n 1 -s -r -p "Press any key to continue..."$'\n' read -n 1 -s -r -p "Press any key to continue..."$'\n'
else else
echo "Focal is supported." echo "Focal is supported."
@ -210,8 +204,7 @@ fi
#Check system resources #Check system resources
printf "\n\nVerifying System Resources:" printf "\n\nVerifying System Resources:"
if [ "$(nproc --all)" -lt 4 ];then if [ "$(nproc --all)" -lt 4 ];then
printf "\nWarning!: The system do not meet the minimum CPU" printf "\nWarning!: The system do not meet the minimum CPU requirements for Jibri to run."
printf " requirements for Jibri to run."
printf "\n>> We recommend 4 cores/threads for Jibri!\n" printf "\n>> We recommend 4 cores/threads for Jibri!\n"
CPU_MIN="N" CPU_MIN="N"
else else
@ -222,8 +215,7 @@ sleep .1
### Test RAM size (8GB min) ### ### Test RAM size (8GB min) ###
mem_available="$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+')" mem_available="$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+')"
if [ "$mem_available" -lt 7700000 ]; then if [ "$mem_available" -lt 7700000 ]; then
printf "\nWarning!: The system do not meet the minimum RAM" printf "\nWarning!: The system do not meet the minimum RAM requirements for Jibri to run."
printf " requirements for Jibri to run."
printf "\n>> We recommend 8GB RAM for Jibri!\n\n" printf "\n>> We recommend 8GB RAM for Jibri!\n\n"
MEM_MIN="N" MEM_MIN="N"
else else
@ -235,10 +227,8 @@ if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then
echo "All requirements seems meet!" echo "All requirements seems meet!"
printf "\n - We hope you have a nice recording/streaming session\n" printf "\n - We hope you have a nice recording/streaming session\n"
else else
printf "CPU (%s)/RAM (%s MiB)" "$(nproc --all)" "$((mem_available/1024))" printf "CPU (%s)/RAM (%s MiB) does NOT meet minimum recommended requirements!" "$(nproc --all)" "$((mem_available/1024))"
printf " does NOT meet minimum recommended requirements!" printf "\nEven when you can use the videoconferencing sessions, we advice to increase the resources in order to user Jibri.\n\n"
printf "\nEven when you can use the videoconferencing sessions, we"
printf " advice to increase the resources in order to user Jibri.\n\n"
sleep .1 sleep .1
while [ "$CONTINUE_LOW_RES" != "yes" ] && [ "$CONTINUE_LOW_RES" != "no" ] while [ "$CONTINUE_LOW_RES" != "yes" ] && [ "$CONTINUE_LOW_RES" != "no" ]
do do
@ -248,8 +238,7 @@ sleep .1
exit exit
elif [ "$CONTINUE_LOW_RES" = "yes" ]; then elif [ "$CONTINUE_LOW_RES" = "yes" ]; then
printf "\n - We highly recommend to increase the server resources." printf "\n - We highly recommend to increase the server resources."
printf "\n - Otherwise, please think about adding dedicated" printf "\n - Otherwise, please think about adding dedicated jibri nodes instead.\n\n"
printf " jibri nodes instead.\n\n"
fi fi
done done
fi fi
@ -277,32 +266,27 @@ sleep .1
do do
read -p "> Do you want to disable local jibri service?: (yes or no)$NL" -r DISABLE_LOCAL_JIBRI read -p "> Do you want to disable local jibri service?: (yes or no)$NL" -r DISABLE_LOCAL_JIBRI
if [ "$DISABLE_LOCAL_JIBRI" = "no" ]; then if [ "$DISABLE_LOCAL_JIBRI" = "no" ]; then
printf " - Please keep in mind that we might not support" printf " - Please keep in mind that we might not support underpowered servers.\n"
printf " underpowered servers.\n"
elif [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then elif [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then
printf " - You can add dedicated jibri nodes later, see more" printf " - You can add dedicated jibri nodes later, see more at the wiki.\n"
printf " at the wiki.\n"
fi fi
done done
fi fi
sleep .1 sleep .1
#Check system oriented porpuse #Check system oriented porpuse
apt-get -q2 update apt-get -yq2 update
SYSTEM_DE="$(apt-cache search "ubuntu-(desktop|mate-desktop)"|awk '{print$1}'|xargs|sed 's|$| trisquel triskel trisquel-mini|')" SYSTEM_DE="$(apt-cache search "ubuntu-(desktop|mate-desktop)"|awk '{print$1}'|xargs|sed 's|$| trisquel triskel trisquel-mini|')"
SYSTEM_DE_ARRAY=( "$SYSTEM_DE" ) SYSTEM_DE_ARRAY=( "$SYSTEM_DE" )
printf "\nChecking for common desktop system oriented purpose....\n" printf "\nChecking for common desktop system oriented purpose....\n"
for de in "${SYSTEM_DE_ARRAY[@]}" for de in "${SYSTEM_DE_ARRAY[@]}"
do do
if [ "$(dpkg-query -W -f='${Status}' "$de" 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' "$de" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
printf "\n > This instance has %s installed, exiting...\n" "$de" printf "\n > This instance has %s installed, exiting...
printf "\nPlease avoid using this installer on a desktop-user" \nPlease avoid using this installer on a desktop-user oriented GNU/Linux system.
printf " oriented GNU/Linux system.\n" This is an unsupported use, as it will likely BREAK YOUR SYSTEM, so please don't." "$de"
printf "This is an unsupported use, as it will likely BREAK YOUR"
printf " SYSTEM, so please don't.\n"
exit exit
else else
printf " > No standard desktop environment for user oriented" printf " > No standard desktop environment for user oriented porpuse detected, good!, continuing...\n\n"
printf " porpuse detected, good!, continuing...\n\n"
fi fi
done done
sleep .1 sleep .1
@ -314,11 +298,8 @@ printf "\nAdd Jitsi repo\n"
if [ "$JITSI_REPO" = "stable" ]; then if [ "$JITSI_REPO" = "stable" ]; then
printf " - Jitsi stable repository already installed\n\n" printf " - Jitsi stable repository already installed\n\n"
else else
echo "deb [signed-by=$JITSI_GPG_KEY] http://download.jitsi.org stable/" \ echo 'deb [signed-by=/etc/apt/trusted.gpg.d/jitsi-key.gpg.key] http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
> /etc/apt/sources.list.d/jitsi-stable.list curl -s https://download.jitsi.org/jitsi-key.gpg.key > /etc/apt/trusted.gpg.d/jitsi-key.gpg.key
curl -s https://download.jitsi.org/jitsi-key.gpg.key \
> "$JITSI_GPG_KEY"
apt-get update -q2
JITSI_REPO="stable" JITSI_REPO="stable"
fi fi
sleep .1 sleep .1
@ -330,8 +311,7 @@ if [ "$LE_SSL" = yes ]; then
printf " - We'll setup Let's Encrypt SSL certs.\n\n" printf " - We'll setup Let's Encrypt SSL certs.\n\n"
else else
printf " - We'll let you choose later on for it." printf " - We'll let you choose later on for it."
printf " Please be aware that a valid SSL cert is required for" printf " Please be aware that a valid SSL cert is required for some features to work properly.\n\n"
printf " some features to work properly.\n\n"
fi fi
done done
sleep .1 sleep .1
@ -358,26 +338,23 @@ sleep .1
sleep .1 sleep .1
#Simple DNS test #Simple DNS test
if [ "$PUBLIC_IP" = "$(dig -4 +short "$JITSI_DOMAIN"||awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then if [ "$PUBLIC_IP" = "$(dig -4 +short "$JITSI_DOMAIN"||awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then
printf "\nServer public IP & DNS record for" printf "\nServer public IP & DNS record for %s seems to match, continuing..." "$JITSI_DOMAIN"
printf " %s seems to match, continuing..." "$JITSI_DOMAIN"
else else
echo -n "Server public IP ($PUBLIC_IP) & DNS record for $JITSI_DOMAIN" echo "Server public IP ($PUBLIC_IP) & DNS record for $JITSI_DOMAIN don't seem to match."
echo " don't seem to match." echo " > Please check your dns records are applied and updated, otherwise components may fail."
echo -n " > Please check your dns records are applied and updated," read -p " > Do you want to continue?: (yes or no)$NL" -r DNS_CONTINUE
echo " otherwise components may fail."
read -p " > Do you want to continue?: (yes or no)$NL" -r DNS_CONTINUE
if [ "$DNS_CONTINUE" = "yes" ]; then if [ "$DNS_CONTINUE" = "yes" ]; then
echo " - We'll continue anyway..." echo " - We'll continue anyway..."
else else
echo " - Exiting for now..." echo " - Exiting for now..."
exit exit
fi fi
fi fi
fi fi
sleep .1 sleep .1
# Requirements # Requirements
printf "\nWe'll start by installing system requirements this may take" printf "\nWe'll start by installing system requirements this may take a while please be patient...\n"
printf " a while please be patient...\n" apt-get update -q2
apt-get dist-upgrade -yq2 apt-get dist-upgrade -yq2
apt-get -y install \ apt-get -y install \
@ -398,15 +375,14 @@ if [ "$LE_SSL" = "yes" ]; then
apt-get -y install \ apt-get -y install \
certbot certbot
if [ "$(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo "# Disable pre-installed ufw, more on firewall see:" echo "# Disable pre-installed ufw, more on firewall see:
echo " > https://forge.switnet.net/switnet/quick-jibri-installer/wiki/Firewall" > https://forge.switnet.net/switnet/quick-jibri-installer/wiki/Firewall"
ufw disable ufw disable
fi fi
fi fi
echo "# Check and Install HWE kernel if possible..." echo "# Check and Install HWE kernel if possible..."
HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" \ HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")"
2>/dev/null|head -n1|grep -c "hwe-$(lsb_release -sr)")"
if [ "$HWE_VIR_MOD" = "1" ]; then if [ "$HWE_VIR_MOD" = "1" ]; then
apt-get -y install \ apt-get -y install \
linux-image-generic-hwe-"$(lsb_release -sr)" \ linux-image-generic-hwe-"$(lsb_release -sr)" \
@ -425,15 +401,11 @@ echo "
#-------------------------------------------------- #--------------------------------------------------
" "
if [ "$LE_SSL" = "yes" ]; then if [ "$LE_SSL" = "yes" ]; then
echo "set jitsi-meet/cert-choice select $CERT_CHOICE_DEBCONF" \ echo "set jitsi-meet/cert-choice select Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)" | debconf-set-selections
| debconf-set-selections echo "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string $JITSI_DOMAIN" | debconf-set-selections
echo "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string $JITSI_DOMAIN" \ echo "jitsi-meet-web-config jitsi-meet/email string $SYSADMIN_EMAIL" | debconf-set-selections
| debconf-set-selections
echo "jitsi-meet-web-config jitsi-meet/email string $SYSADMIN_EMAIL" \
| debconf-set-selections
fi fi
echo "jitsi-meet-web-config jitsi-meet/jaas-choice boolean false" \ echo "jitsi-meet-web-config jitsi-meet/jaas-choice boolean false" | debconf-set-selections
| debconf-set-selections
apt-get -y install \ apt-get -y install \
jitsi-meet \ jitsi-meet \
jibri \ jibri \
@ -450,11 +422,10 @@ if [ "$(dpkg-query -W -f='${Status}' nodejs 2>/dev/null | grep -c "ok")" == "1"
echo "Nodejs is installed, skipping..." echo "Nodejs is installed, skipping..."
else else
mkdir -p /etc/apt/keyrings mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
| gpg --dearmor -o "$NODEJS_GPG_KEY" echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODEJS_VER.x nodistro main" | \
echo "deb [signed-by=$NODEJS_GPG_KEY] https://deb.nodesource.com/node_$NODEJS_VER.x nodistro main" | \ tee /etc/apt/sources.list.d/nodesource.list
tee /etc/apt/sources.list.d/nodesource.list apt-get update -yq2
apt-get update -q2
apt-get install -yq2 nodejs apt-get install -yq2 nodejs
echo "Installing nodejs esprima package..." echo "Installing nodejs esprima package..."
@ -479,7 +450,7 @@ else
fi fi
apt-get -q2 update apt-get -q2 update
apt-get install -yq2 google-chrome-stable apt-get install -yq2 google-chrome-stable
rm -rf "$GOOGL_REPO" rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list
G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3) G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing" CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
@ -538,20 +509,19 @@ JB_NAME="Jibri Sessions"
LE_RENEW_LOG="/var/log/letsencrypt/renew.log" LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
MOD_LISTU="https://prosody.im/files/mod_listusers.lua" MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua"
ENABLE_SA="yes"
MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
MJS_USER="jbsync_$MJS_RAND_TAIL" MJS_USER="jbsync_$MJS_RAND_TAIL"
MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
FQDN_HOST="fqdn" FQDN_HOST="fqdn"
JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf"
WS_MATCH1="# ensure all static content can always be found first" WS_MATCH1="# ensure all static content can always be found first"
WS_MATCH2="external_api.js"
MEET_MATCH1="disable simulcast support." MEET_MATCH1="disable simulcast support."
export DOMAIN #GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release"
# Make sure we can rely on the match strings. # Make sure we can rely on the match strings.
printf "> Testing match strings on config files.\n" printf "> Testing match strings on config files.\n"
test_match "$WS_MATCH1" "$WS_CONF" test_match "$WS_MATCH1" "$WS_CONF"
test_match "$WS_MATCH2" "$WS_CONF"
test_match "$MEET_MATCH1" "$MEET_CONF" test_match "$MEET_MATCH1" "$MEET_CONF"
# Rename hostname for jitsi server # Rename hostname for jitsi server
@ -568,6 +538,18 @@ do
fi fi
done done
sleep .1 sleep .1
#Language
echo "## Setting up Jitsi Meet language ##
You can define the language, for a complete list of the supported languages
See here:
https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json"
printf "Jitsi Meet web interface will be set to use such language.\n\n"
sleep .1
read -p "Please set your language (Press enter to default to 'en'):$NL" -r JB_LANG
sleep .1
printf "\nWe'll take a minute to localize some UI excerpts if you need.\n\n"
sleep .1
#Participant #Participant
printf "> Do you want to translate 'Participant' to your own language?\n" printf "> Do you want to translate 'Participant' to your own language?\n"
sleep .1 sleep .1
@ -632,20 +614,17 @@ select opt in "${options[@]}"
do do
case $opt in case $opt in
"Local") "Local")
printf "\n > Users are created manually using prosodyctl," printf "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n"
printf " only moderators can open a room or launch recording.\n"
ENABLE_SC="yes" ENABLE_SC="yes"
break break
;; ;;
"JWT") "JWT")
printf "\n > A external app manage the token usage/creation," printf "\n > A external app manage the token usage/creation, like RocketChat does.\n"
printf " like RocketChat does.\n"
ENABLE_JWT="yes" ENABLE_JWT="yes"
break break
;; ;;
"None") "None")
printf "\n > Everyone can access the room as moderators as" printf "\n > Everyone can access the room as moderators as there is no auth mechanism.\n"
printf " there is no auth mechanism.\n"
break break
;; ;;
*) echo "Invalid option $REPLY, choose 1, 2 or 3";; *) echo "Invalid option $REPLY, choose 1, 2 or 3";;
@ -653,22 +632,19 @@ do
done done
sleep .1 sleep .1
# Set jibris default resolution # Set jibris default resolution
printf "\n> What jibri resolution should be the default for this and all" printf "\n> What jibri resolution should be the default for this and all the following jibri nodes?\n"
printf " the following jibri nodes?\n"
PS3='The more resolution the more resources jibri will require to record properly: ' PS3='The more resolution the more resources jibri will require to record properly: '
jib_res=("HD 720" "FHD 1080") jib_res=("HD 720" "FHD 1080")
select res in "${jib_res[@]}" select res in "${jib_res[@]}"
do do
case $res in case $res in
"HD 720") "HD 720")
printf "\n > HD (1280x720) is good enough for most cases," printf "\n > HD (1280x720) is good enough for most cases, and requires a moderate high hw requirements.\n\n"
printf " and requires a moderate high hw requirements.\n\n"
JIBRI_RES="720" JIBRI_RES="720"
break break
;; ;;
"FHD 1080") "FHD 1080")
printf "\n > Full HD (1920x1080) is the best resolution" printf "\n > Full HD (1920x1080) is the best resolution available, it also requires high hw requirements.\n\n"
printf " available, it also requires high hw requirements.\n\n"
JIBRI_RES="1080" JIBRI_RES="1080"
break break
;; ;;
@ -700,16 +676,24 @@ do
done done
sleep .1 sleep .1
##Jigasi ##Jigasi
while [ "$ENABLE_TRANSCRIPT" != "yes" ] && [ "$ENABLE_TRANSCRIPT" != "no" ] #if [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "404" ]; then
do #printf "> Sorry Google SDK doesn't have support yet for %s,
read -p "> Do you want to setup Jigasi Transcription: (yes or no) #thus, Jigasi Transcript can't be enable.\n\n" "$(lsb_release -sd)"
#elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$GC_SDK_REL_FILE" )" == "200" ]; then
#while [ "$ENABLE_TRANSCRIPT" != "yes" ] && [ "$ENABLE_TRANSCRIPT" != "no" ]
#do
#read -p "> Do you want to setup Jigasi Transcription: (yes or no)
#( Please check requirements at: https://forge.switnet.net/switnet/quick-jibri-installer )$NL" -r ENABLE_TRANSCRIPT #( Please check requirements at: https://forge.switnet.net/switnet/quick-jibri-installer )$NL" -r ENABLE_TRANSCRIPT
if [ "$ENABLE_TRANSCRIPT" = "no" ]; then #if [ "$ENABLE_TRANSCRIPT" = "no" ]; then
printf " - Jigasi Transcription won't be enabled.\n\n" #printf " - Jigasi Transcription won't be enabled.\n\n"
elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then #elif [ "$ENABLE_TRANSCRIPT" = "yes" ]; then
printf " - Jigasi Transcription will be enabled.\n\n" #printf " - Jigasi Transcription will be enabled.\n\n"
fi #fi
done #done
#else
#echo "No valid option for Jigasi. Please report this to
#https://forge.switnet.net/switnet/quick-jibri-installer/issues"
#fi
sleep .1 sleep .1
#Grafana #Grafana
while [ "$ENABLE_GRAFANA_DSH" != "yes" ] && [ "$ENABLE_GRAFANA_DSH" != "no" ] while [ "$ENABLE_GRAFANA_DSH" != "yes" ] && [ "$ENABLE_GRAFANA_DSH" != "no" ]
@ -853,17 +837,23 @@ BREWERY
# Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js # Jibri tweaks for /etc/jitsi/meet/$DOMAIN-config.js
sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" "$MEET_CONF" sed -i "s|conference.$DOMAIN|internal.auth.$DOMAIN|" "$MEET_CONF"
#New recording implementation.
sed -i "s|// recordingService:|recordingService:|" "$MEET_CONF"
sed -i "/recordingService/,/hideStorageWarning/s|// enabled: false,| enabled: true,|" "$MEET_CONF"
sed -i "/hideStorageWarning: false/,/Local recording configuration/s|// },|},|" "$MEET_CONF"
sed -i "s|// liveStreamingEnabled: false,|liveStreamingEnabled: true,\\
\\
hiddenDomain: \'recorder.$DOMAIN\',|" "$MEET_CONF"
#Enable recording & livestreaming by default. #Setup main language
echo "> Patching config.js to enable recording and livestreaming by default..." if [ -z "$JB_LANG" ] || [ "$JB_LANG" = "en" ]; then
echo " Read more about patches at the patches folder." echo "Leaving English (en) as default language..."
envsubst < \ sed -i "s|// defaultLanguage: 'en',|defaultLanguage: 'en',|" "$MEET_CONF"
patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch | \ else
patch --no-backup-if-mismatch -d / -p1 echo "Changing default language to: $JB_LANG"
sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$JB_LANG\',|" "$MEET_CONF"
fi
#Prepare hidden domain for jibri/jigasi silent users.
sed -i "/fileRecordingsServiceEnabled: false,/a \\
hiddenDomain: \'recorder.$DOMAIN\'," "$MEET_CONF"
# Recording directory # Recording directory
if [ ! -d "$DIR_RECORD" ]; then if [ ! -d "$DIR_RECORD" ]; then
mkdir "$DIR_RECORD" mkdir "$DIR_RECORD"
@ -882,8 +872,8 @@ echo "or storage provider, etc.) in this script" >> /tmp/finalize.out
chmod -R 770 \$RECORDINGS_DIR chmod -R 770 \$RECORDINGS_DIR
LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -nr|sed 1d|awk '{print\$2}'| grep -v "meta\|_" | head -n1)" LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -n -r|awk '{print\$2}'| grep -v "meta\|-" | head -n1)"
NJF_NAME="\$(find \$LJF_PATH |grep "mp4"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)" NJF_NAME="\$(find \$LJF_PATH |grep -e "-"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)"
NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME" NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME"
mv \$LJF_PATH \$NJF_PATH mv \$LJF_PATH \$NJF_PATH
@ -894,15 +884,117 @@ chmod +x "$REC_DIR"
## New Jibri Config (2020) ## New Jibri Config (2020)
mv "$JIBRI_CONF" ${JIBRI_CONF}-dpkg-file mv "$JIBRI_CONF" ${JIBRI_CONF}-dpkg-file
cp files/jibri.conf "$JIBRI_CONF" cat << NEW_CONF > "$JIBRI_CONF"
sed -i "s|JIBRI_RES_CONF|$JIBRI_RES_CONF|g" "$JIBRI_CONF" // New XMPP environment config.
sed -i "s|DIR_RECORD|$DIR_RECORD|g" "$JIBRI_CONF" jibri {
sed -i "s|REC_DIR|$REC_DIR|g" "$JIBRI_CONF" streaming {
sed -i "s|JB_NAME|$JB_NAME|g" "$JIBRI_CONF" // A list of regex patterns for allowed RTMP URLs. The RTMP URL used
sed -i "s|DOMAIN|$DOMAIN|g" "$JIBRI_CONF" // when starting a stream must match at least one of the patterns in
sed -i "s|JibriBrewery|$JibriBrewery|g" "$JIBRI_CONF" // this list.
sed -i "s|JB_AUTH_PASS|$JB_AUTH_PASS|g" "$JIBRI_CONF" rtmp-allow-list = [
sed -i "s|JB_REC_PASS|$JB_REC_PASS|g" "$JIBRI_CONF" // By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = $JIBRI_RES_CONF
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors",
"--disable-dev-shm-usage"
]
}
stats {
enable-stats-d = true
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
recording {
recordings-directory = "$DIR_RECORD"
finalize-script = "$REC_DIR"
}
api {
xmpp {
environments = [
{
// A user-friendly name for this environment
name = "$JB_NAME"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ "$DOMAIN" ]
// The base XMPP domain
xmpp-domain = "$DOMAIN"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.$DOMAIN"
room-name = "$JibriBrewery"
nickname = "Live"
}
// The login information for the control MUC
control-login {
domain = "auth.$DOMAIN"
username = "jibri"
password = "$JB_AUTH_PASS"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = "recorder.$DOMAIN"
username = "recorder"
password = "$JB_REC_PASS"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 0 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
}
NEW_CONF
#Jibri xorg resolution #Jibri xorg resolution
sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF"
@ -977,6 +1069,28 @@ sed -i "s|MJS_USER=.*|MJS_USER=\"$MJS_USER\"|" add-jvb2-node.sh
sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jvb2-node.sh
##-- ##--
#Tune webserver for Jitsi App control
if [ -f "$WS_CONF" ]; then
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ location = \/external_api.min.js {" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" "$WS_CONF"
sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
systemctl reload nginx
else
echo "No app configuration done to server file, please report to:
-> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi
#Static avatar
if [ "$ENABLE_SA" = "yes" ] && [ -f "$WS_CONF" ]; then
cp images/avatar2.png /usr/share/jitsi-meet/images/
sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" "$WS_CONF"
sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" "$WS_CONF"
sed -i "/location \/external_api.min.js/i \ \ \ \ }\\
\ " "$WS_CONF"
sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" "$INT_CONF"
sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" "$INT_CONF"
fi
#nginx -tlsv1/1.1 #nginx -tlsv1/1.1
if [ "$DROP_TLS1" = "yes" ];then if [ "$DROP_TLS1" = "yes" ];then
printf "\nDropping TLSv1/1.1\n\n" printf "\nDropping TLSv1/1.1\n\n"
@ -984,8 +1098,8 @@ if [ "$DROP_TLS1" = "yes" ];then
elif [ "$DROP_TLS1" = "no" ];then elif [ "$DROP_TLS1" = "no" ];then
printf "\nNo TLSv1/1.1 dropping was done.\n\n" printf "\nNo TLSv1/1.1 dropping was done.\n\n"
else else
echo -n "No condition meet, please report to:" echo "No condition meet, please report to
echo "https://forge.switnet.net/switnet/quick-jibri-installer/issues" https://forge.switnet.net/switnet/quick-jibri-installer/issues "
fi fi
sleep .1 sleep .1
#================== Setup prosody conf file ================= #================== Setup prosody conf file =================
@ -1003,9 +1117,9 @@ if [ "$ENABLE_SC" = "yes" ]; then
prosodyctl register "$SEC_ROOM_USER" "$DOMAIN" "$SEC_ROOM_PASS" prosodyctl register "$SEC_ROOM_USER" "$DOMAIN" "$SEC_ROOM_PASS"
sleep .1 sleep .1
printf "\nSecure rooms are being enabled...\n" printf "\nSecure rooms are being enabled...\n"
echo -n "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' " echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \
echo "or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered." or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered.
echo "If you have issues with the password refer to your sysadmin." If you have issues with the password refer to your sysadmin."
sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" "$JICOFO_SIP" sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" "$JICOFO_SIP"
sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh
fi fi
@ -1044,23 +1158,20 @@ fi
sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" "$MEET_CONF" sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" "$MEET_CONF"
#Start with audio muted but admin #Start with audio muted but admin
sed -i "s|// startAudioMuted: 10,|startAudioMuted: 2,|" "$MEET_CONF" sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" "$MEET_CONF"
#Disable/enable welcome page #Disable/enable welcome page
[ "$ENABLE_WELCP" = "yes" ] && ENABLE_WELCP_BOL=true if [ "$ENABLE_WELCP" = "yes" ]; then
[ "$ENABLE_WELCP" = "no" ] && ENABLE_WELCP_BOL=false sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" "$MEET_CONF"
export ENABLE_WELCP_BOL elif [ "$ENABLE_WELCP" = "no" ]; then
echo "> Patching config.js to modify welcompage behavior..." sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" "$MEET_CONF"
echo " Read more about patches at the patches folder." fi
envsubst < \
patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch | \
patch --no-backup-if-mismatch -d / -p1
#Enable close page #Enable close page
[ "$ENABLE_CLOCP" = "yes" ] && \ if [ "$ENABLE_CLOCP" = "yes" ]; then
sed -i "s|// enableClosePage:.*|enableClosePage: true,|" "$MEET_CONF" sed -i "s|.*enableClosePage:.*| enableClosePage: true,|" "$MEET_CONF"
[ "$ENABLE_CLOCP" = "no" ] && \ elif [ "$ENABLE_CLOCP" = "no" ]; then
sed -i "s|// enableClosePage:.*|enableClosePage: false,|" "$MEET_CONF" sed -i "s|.*enableClosePage:.*| enableClosePage: false,|" "$MEET_CONF"
fi
#Add pre-join screen by default, since it improves YouTube autoplay capabilities #Add pre-join screen by default, since it improves YouTube autoplay capabilities
#pre-join screen by itself don't require autorization by moderator, don't confuse with lobby which does. #pre-join screen by itself don't require autorization by moderator, don't confuse with lobby which does.
@ -1108,8 +1219,7 @@ if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then
systemctl disable jibri systemctl disable jibri
systemctl disable jibri-xorg systemctl disable jibri-xorg
systemctl disable jibri-icewm systemctl disable jibri-icewm
# Manually apply permissions since finalize_recording.sh won't be # Manually apply permissions since finalize_recording.sh won't be triggered under this server options.
# triggered under this server options.
chmod -R 770 "$DIR_RECORD" chmod -R 770 "$DIR_RECORD"
fi fi
@ -1148,9 +1258,8 @@ if [ -f "$WS_CONF" ]; then
sed -i "/external_api.js/i \\\n" "$WS_CONF" sed -i "/external_api.js/i \\\n" "$WS_CONF"
systemctl reload nginx systemctl reload nginx
else else
printf "No interface_config.js configuration done to server file," echo "No interface_config.js configuration done to server file, please report to:
printf " please report to:" -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
printf " -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
fi fi
#JRA via Nextcloud #JRA via Nextcloud
if [ "$ENABLE_NC_ACCESS" = "yes" ]; then if [ "$ENABLE_NC_ACCESS" = "yes" ]; then
@ -1162,16 +1271,7 @@ if [ "$ENABLE_NC_ACCESS" = "yes" ]; then
fi fi
fi fi
sleep .1 sleep .1
#Jigasi w/VOSK backend.
if [ "$ENABLE_TRANSCRIPT" = "yes" ]; then
printf "\nJigasi with VOSK backend will be enabled."
if [ "$MODE" = "debug" ]; then
bash "$PWD"/jigasi-vosk-backend.sh -m debug
else
bash "$PWD"/jigasi-vosk-backend.sh
fi
fi
sleep .1
#Grafana Dashboard #Grafana Dashboard
if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then
printf "\nGrafana Dashboard will be enabled." printf "\nGrafana Dashboard will be enabled."

2
tools/aws-grub-setup.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Automated AWS generic kernel setup for jibri. # Automated AWS generic kernel setup for jibri.
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
tools/fail2ban_ssh.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Fail2ban configuration # Simple Fail2ban configuration
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option

2
tools/jibri-conf-upgrade.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Jibri conf updater # Simple Jibri conf updater
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option

2
tools/jibri-resolution-enhancer.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Jibri resolution enhancer # Simple Jibri resolution enhancer
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option

138
tools/prepare_php.sh
View File

@ -1,138 +0,0 @@
#!/bin/bash
# Automated PHP environment build for Nextcloud.
# SwITNet Ltd © - 2024, https://switnet.net/
# GPLv3 or later.
PHPVER=$1
STABLE_PHP="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
DISTRO_RELEASE="$(lsb_release -sc)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHP_REPO_URL="http://ppa.launchpad.net/ondrej/php/ubuntu"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
TMP_GPG_REPO="$(mktemp -d)"
if [ $# -ne 1 ]; then
echo "Usage: $0 8.2"
exit 1
fi
install_ifnot() {
if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo " $1 is installed, skipping..."
else
printf "\n---- Installing %s ----" "$1"
apt-get -yq2 install "$1"
fi
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison "$i" 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages #< don't quote.
packages=""
}
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
add_php_repo() {
if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed"
apt-get -q2 update
apt-get -yq2 dist-upgrade
else
echo "# Adding Ondrej PHP $PHPVER PPA Repository"
add_gpg_keyring E5267A6C
echo "deb [arch=amd64] $PHP_REPO_URL $DISTRO_RELEASE main" | \
tee /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2
fi
}
add_php_repo
install_aval_package " \
imagemagick \
php$PHPVER-fpm \
php$PHPVER-bcmath \
php$PHPVER-bz2 \
php$PHPVER-cli \
php$PHPVER-cgi \
php$PHPVER-curl \
php$PHPVER-gd \
php$PHPVER-gmp \
php$PHPVER-imagick \
php$PHPVER-intl \
php$PHPVER-json \
php$PHPVER-ldap \
php$PHPVER-mbstring \
php$PHPVER-pgsql \
php$PHPVER-redis \
php$PHPVER-soap \
php$PHPVER-xml \
php$PHPVER-xmlrpc \
php$PHPVER-zip \
redis-server \
unzip \
"
#System related
install_ifnot smbclient
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF"
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF"
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF"
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF"
sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF"
echo "
Tunning PHP.ini...
"
# Change values in php.ini (increase max file size)
# max_execution_time
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
# max_input_time
sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
# memory_limit
sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
# post_max
sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
# upload_max
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
phpenmod opcache
{
echo "# OPcache settings for Nextcloud"
echo "opcache.enable=1"
echo "opcache.enable_cli=1"
echo "opcache.interned_strings_buffer=8"
echo "opcache.max_accelerated_files=10000"
echo "opcache.memory_consumption=256"
echo "opcache.save_comments=1"
echo "opcache.revalidate_freq=1"
echo "opcache.validate_timestamps=1"
} >> "$PHP_INI"
update-alternatives --set php /usr/bin/php"$STABLE_PHP"
update-alternatives --set php-fpm.sock /run/php/php"$STABLE_PHP"-fpm.sock
update-alternatives --set php-cgi /usr/bin/php-cgi"$STABLE_PHP"
update-alternatives --set php-cgi-bin /usr/lib/cgi-bin/php"$STABLE_PHP"
update-alternatives --set phar /usr/bin/phar"$STABLE_PHP"
update-alternatives --set phar.phar /usr/bin/phar.phar"$STABLE_PHP"
systemctl restart php"$PHPVER"-fpm.service

2
tools/start-over.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
#Start over #Start over
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GPLv3 or later. # GPLv3 or later.
while getopts m: option while getopts m: option

2
tools/test-jibri-env.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Simple Jibri Env tester # Simple Jibri Env tester
# SwITNet Ltd © - 2024, https://switnet.net/ # SwITNet Ltd © - 2023, https://switnet.net/
# GNU GPLv3 or later. # GNU GPLv3 or later.
while getopts m: option while getopts m: option