Merge pull request 'README.md: update Jigasi mention now using Vosk.' (#117) from Ark74/quick-jibri-installer:upd_readme_jigasi into master

Reviewed-on: #117

README.md

@@ -1,22 +1,29 @@
 # Quick Jibri Installer
-Bash installer for Jibri on **Ubuntu LTS** based systems using **nginx** as default webserver.
+Bash installer for Jitsi Meet standalone along with Jibri on supported **Ubuntu LTS** based systems using **nginx** as default webserver.
 
 ## Usage
-As for our current latest release, as we have integrated more and more features, we highly recommend to use a purpose specific-newly spawn server to host the jitsi-meet framework, making sure you stick to the requirements and recommendations as much as possible, in order to avoid issues.
+As for our current latest release, as we have integrated more and more features, we highly recommend to use a **purpose specific-newly spawn server** to host the jitsi-meet framework, making sure you stick to the requirements and recommendations as much as possible, in order to avoid issues.
+
+**WARNING:** Please, avoid using this installer on your everyday GNU/Linux system, as this is an unsupported use and it will likely BREAK YOUR SYSTEM, so please don't.
 
 
 ### Main Server
 Login into your clean server, clone git repository and run the installer,
 
 ```
-git clone https://github.com/switnet-ltd/quick-jibri-installer
+git clone https://forge.switnet.net/switnet/quick-jibri-installer
 cd quick-jibri-installer
 sudo bash quick_jibri_installer.sh
 ```
+![QJI - Setup](https://raw.githubusercontent.com/wiki/switnet-ltd/quick-jibri-installer/images/qji-diagram-setup.png)
+
+If your server meet the necessary resources, then at the end on the installer you should have a working Jitsi Meet Server along with a Jibri server ready to record.
+
+Additional jibris need to be set on separate servers, only necesary on simultaneous recordings for that please use add-jibri-node.sh.
 
 ### Add Jibri node
 
-Copy the modified `add-jibri-node.sh` file from your early cloned installation directory once it's completed to the new server meant to be a jibri node using your preferred method, then run it
+Copy the modified `add-jibri-node.sh` file from your early cloned installation directory once the installation is completed, to the new server meant to be a jibri node using your preferred method, then run it
 
 **WARNING:** This file contains sensitive information from your setup, please handle with care.
 
@@ -24,21 +31,35 @@ Copy the modified `add-jibri-node.sh` file from your early cloned installation d
 bash add-jibri-node.sh
 ```
 
+Please remember that on newer versions, jibri will record on FHD (1920x1080) so please make sure your server have enough CPU power in orther to handle the encoding load.
+
+### Add JVB2 node
+
+Copy the modified `add-jvb2-node.sh` file from your early cloned installation directory once the installation is completed, to the new server meant to be a jibri node using your preferred method, then run it
+
+**WARNING:** This file contains sensitive information from your setup, please handle with care.
+
+```
+bash add-jvb2-node.sh
+```
+
 Check more details on our wiki.
 
 ## Requirements
-* Clean VM/VPS/Server using Ubuntu LTS
-* Valid domain with DNS record, **mandatory** for SSL certs via Let's Encrypt.
-* Ports open for ACME (SSL) interaction & validation.
-* Highly recommended: 8 GB RAM / 4 Cores.
-* Webcam
-
-### Jigasi Transcript
-* SIP account
-* Google Cloud Account with Billing setup.
+1. Clean VM/VPS/Server using a supported Ubuntu LTS
+2. Valid domain with DNS record, **mandatory** for SSL certs via Let's Encrypt.
+3. open ports for JMS interaction, [see wiki](https://forge.switnet.net/switnet/quick-jibri-installer/wiki/Firewall).
+4. Starting at 8 GB RAM / 4 Cores @ ~3.0GHz
+    *  Adding resources as your audience or features you require, so your experience don't suffer from the lack of resources.
+5. Webcam
 
 ### Jibri Recodings Access via Nextcloud
 * Valid domain with DNS record for Nextcloud SSL.
+ 
+### Jigasi Transcript
+* Enough disk space to run Vosk backend via docker container.
+
+
 
 ## Kernel warning
 For AWS users or any cloud service provider that might use their own kernel on their products (servers/vm/vps), might cause Jibri failure to start due not allowing `snd_aloop` module.
@@ -48,43 +69,53 @@ Make sure that you update your grub to boot the right one.
 Feel free to use our `test-jibri-env.sh` tool to find some details on your current setup.
 
 ## Features
-* Enabled Session Recording using Jibri
+* Enabled Session Recording via Jibri
+  * Rename Jibri folder with name room + date.
+  * Jibri node network.
+    * Automatic Jibri nodes network sync ([see more](https://forge.switnet.net/switnet/quick-jibri-installer/wiki/Setup-and-Jibri-Nodes)).
+* JRA (Jibri Recordings Access) via Nextcloud
+* Grafana Dashboard
+* Etherpad via docker install
+* Authentication
+  1. Local
+  2. JWT ([#87](https://forge.switnet.net/switnet/quick-jibri-installer/issues/87))
+  3. None
+* Lobby Rooms
+* Conference Duration
+* Customized brandless mode
+  * Setting up custom interface_config.js (to be deprecated by upstream)
+* JVB2 nodes network.
+
 * Enabled Jitsi Electron app detection server side.
 * Standalone SSL Certbot/LE implementation
-* Jigasi Transcript - Speech to Text powered by Google API
-* JRA (Jibri Recordings Access) via Nextcloud
 * Improved recurring updater
-* Customized brandless mode
-  * Setting up custom interface_config.js
-* Grafana Dashboard
-* Lobby Rooms - Secure Rooms
-* Conference Duration - Secure Rooms
-* Automatic Jibri nodes network sync ([see more](https://github.com/switnet-ltd/quick-jibri-installer/wiki/Setup-and-Jibri-Nodes)).
-* (New) JVB2 nodes network.
-* (New) JWT auth.
+* Jigasi Transcript - vía Vosk speech recognition toolkit.
 
-## Tools (New)
+## Tools
 * Jibri Environment Tester
  * Jibri Conf Upgrader (late 2020).
-* (New) Selenium Grid via Docker
+* Selenium Grid via Docker
+* Start over, installation cleansing tool.
 
 ## Optional custom changes
 * Optional default language
 * Option to enable Secure Rooms
-* Option to enable Welcome Page
+* Option to enable Welcome page
+* Option to enable Close page
+* Option to set domain as hostname on JMS
 
 ### Modes
-* (New) Custom High Performance config
+* Custom High Performance config
 
 ## Custom changes
 * Start with video muted by default
 * Start with audio muted but moderator
-* Set displayname as not required since jibri can't set it up.
-* Disabled BETA Blur my background
+* Set pre-join screen by default.
+
 
 ## Documentation
-* Please check our [wiki](https://github.com/switnet-ltd/quick-jibri-installer/wiki) for further documentation.
+* Please check our [wiki](https://forge.switnet.net/switnet/quick-jibri-installer/wiki) for further documentation.
 
 Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
 
-SwITNet Ltd © - 2020, https://switnet.net/
+SwITNet Ltd © - 2024, https://switnet.net/

add-jibri-node.sh

@@ -1,25 +1,18 @@
 #!/bin/bash
 # Jibri Node Aggregator
-# SwITNet Ltd © - 2020, https://switnet.net/
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GPLv3 or later.
 
 ### 0_LAST EDITION TIME STAMP ###
 # LETS: AUTOMATED_EDITION_TIME
 ### 1_LAST EDITION ###
 
-#Make sure the file name is the required one
-if [ ! "$(basename $0)" = "add-jibri-node.sh" ]; then
-	echo "For most cases naming won't matter, for this one it does."
-	echo "Please use the original name for this script: \`add-jibri-node.sh', and run again."
-	exit
-fi
-
 while getopts m: option
 do
 	case "${option}"
 	in
 		m) MODE=${OPTARG};;
-		\?) echo "Usage: sudo ./add_jibri_node.sh [-m debug]" && exit;;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
 	esac
 done
 
@@ -28,6 +21,13 @@ if [ "$MODE" = "debug" ]; then
 set -x
 fi
 
+#Make sure the file name is the required one
+if [ ! "$(basename "$0")" = "add-jibri-node.sh" ]; then
+    echo "For most cases naming won't matter, for this one it does."
+    echo "Please use the original name for this script: \`add-jibri-node.sh', and run again."
+    exit
+fi
+
 #Check admin rights
 if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
@@ -44,55 +44,98 @@ JB_AUTH_PASS=TBD
 JB_REC_PASS=TBD
 MJS_USER=TBD
 MJS_USER_PASS=TBD
+JIBRI_RES_CONF=TBD
+JIBRI_RES_XORG_CONF=TBD
 THIS_SRV_DIST=$(lsb_release -sc)
-JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1)
-START=0
-LAST=TBD
+JITSI_REPO=$(apt-cache policy | awk '/jitsi/&&/stable/{print$3}' | awk -F / 'NR==1{print$1}')
 JIBRI_CONF="/etc/jitsi/jibri/jibri.conf"
 DIR_RECORD="/var/jbrecord"
 REC_DIR="/home/jibri/finalize_recording.sh"
 CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)"
 GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list"
-GOOGLE_ACTIVE_REPO=$(apt-cache policy | grep http | grep chrome| awk '{print $3}' | head -n 1 | cut -d "/" -f2)
+GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}')
 GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json"
-PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
+#PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
 NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
 NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}"
 NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
 GITHUB_RAW="https://raw.githubusercontent.com"
 GIT_REPO="switnet-ltd/quick-jibri-installer"
 TEST_JIBRI_ENV="$GITHUB_RAW/$GIT_REPO/unstable/tools/test-jibri-env.sh"
+SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)"
+JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf"
 ### 1_VAR_DEF
 
 # sed limiters for add-jibri-node.sh variables
 var_dlim() {
-	grep -n $1 add-jibri-node.sh|head -n1|cut -d ":" -f1
+    grep -n "$1" add-jibri-node.sh|head -n1|cut -d ":" -f1
 }
 
 check_var() {
-	if [ -z "$2" ]; then
-		echo -e "Check if variable $1 is set: \xE2\x9C\x96 \nExiting..."
-		exit
-	else
-		echo -e "Check if variable $1 is set: \xE2\x9C\x94"
-	fi
+    if [ "$2" = "TBD" ]; then
+        echo -e "Check if variable $1 is set: \xE2\x9C\x96"
+        exit
+    else
+        echo -e "Check if variable $1 is set: \xE2\x9C\x94"
+    fi
 }
 
-if [ -z "$LAST" ]; then
-	echo "There is an error on the LAST definition, please report."
-	exit
-elif [ "$LAST" = "TBD" ]; then
-	ADDUP=$((START + 1))
+#Change in favor of machine-id identifier
+crontab -l | { cat; echo "@reboot sed -i \"/[[:space:]]control-muc/,/[[:space:]]control-login/{s|nickname = .*|nickname = \\\"$(cat /etc/machine-id)\\\"|}\" /etc/jitsi/jibri/jibri.conf"; } | crontab -
+crontab -l
+
+echo "
+#-----------------------------------------------------------------------
+# Checking initial necessary variables...
+#-----------------------------------------------------------------------"
+
+JMS_DATA=("$MAIN_SRV_DIST" \
+          "$MAIN_SRV_REPO" \
+          "$MAIN_SRV_DOMAIN" \
+          "$JibriBrewery" \
+          "$JB_NAME" \
+          "$JB_AUTH_PASS" \
+          "$JB_REC_PASS" \
+          "$MJS_USER" \
+          "$MJS_USER_PASS" \
+          "$JIBRI_RES_CONF" \
+          "$JIBRI_RES_XORG_CONF")
+
+JMS_EVAL="${JMS_DATA[0]}"
+for i in "${JMS_DATA[@]}"; do
+    if [[ "$JMS_EVAL" != "$i" ]]; then
+        ALL_TBD="no"
+        break
+    fi
+done
+if [ "$ALL_TBD" = "no" ];then
+ echo -e "Good, seems this is not a vanilla copy of add-jibri-node.sh,
+let's check variables ...\n"
 else
-	ADDUP=$((LAST + 1))
+ echo -e "You seem to be using a vanilla copy of the add-jibri-node.sh.
+  > Please use the content (or apply the changes) of add-jibri-node.sh from
+    the main Jitsi server installation folder, as it contains necessary data.\n"
+        exit
 fi
 
+check_var MAIN_SRV_DIST "$MAIN_SRV_DIST"
+check_var MAIN_SRV_REPO "$MAIN_SRV_REPO"
+check_var MAIN_SRV_DOMAIN "$MAIN_SRV_DOMAIN"
+check_var JibriBrewery "$JibriBrewery"
+check_var JB_NAME "$JB_NAME"
+check_var JB_AUTH_PASS "$JB_AUTH_PASS"
+check_var JB_REC_PASS "$JB_REC_PASS"
+check_var MJS_USER "$MJS_USER"
+check_var MJS_USER_PASS "$MJS_USER_PASS"
+check_var JIBRI_RES_CONF "$JIBRI_RES_CONF"
+check_var JIBRI_RES_XORG_CONF "$JIBRI_RES_XORG_CONF"
+
 #Check server and node OS
 if [ ! "$THIS_SRV_DIST" = "$MAIN_SRV_DIST" ]; then
-	echo "Please use the same OS for the jibri setup on both servers."
-	echo "This server is based on: $THIS_SRV_DIST"
-	echo "The main server record claims is based on: $MAIN_SRV_DIST"
-	exit
+    echo "Please use the same OS for the jibri setup on both servers."
+    echo "This server is based on: $THIS_SRV_DIST"
+    echo "The main server record claims is based on: $MAIN_SRV_DIST"
+    exit
 fi
 
 #Check system resources
@@ -109,7 +152,7 @@ else
 fi
 ### Test RAM size (8GB min) ###
 mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+')
-if [ ${mem_available} -lt 7700000 ]; then
+if [ "${mem_available}" -lt 7700000 ]; then
   echo "
 Warning!: The system do not meet the minimum RAM requirements for Jibri to run.
 >> We recommend 8GB RAM for Jibri!
@@ -132,45 +175,30 @@ else
     do
     read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_LOW_RES
     if [ "$CONTINUE_LOW_RES" = "no" ]; then
-            echo "See you next time with more resources!..."
-            exit
+        echo "See you next time with more resources!..."
+        exit
     elif [ "$CONTINUE_LOW_RES" = "yes" ]; then
-            echo "Please keep in mind that we might not support underpowered nodes."
+        echo "Please keep in mind that we might not support underpowered nodes."
     fi
     done
 fi
 
-echo "
-#-----------------------------------------------------------------------
-# Checking initial necessary variables...
-#-----------------------------------------------------------------------"
-
-check_var MAIN_SRV_DIST "$MAIN_SRV_DIST"
-check_var MAIN_SRV_REPO "$MAIN_SRV_REPO"
-check_var MAIN_SRV_DOMAIN "$MAIN_SRV_DOMAIN"
-check_var JibriBrewery "$JibriBrewery"
-check_var JB_NAME "$JB_NAME"
-check_var JB_AUTH_PASS "$JB_AUTH_PASS"
-check_var JB_REC_PASS "$JB_REC_PASS"
-check_var MJS_USER "$MJS_USER"
-check_var MJS_USER_PASS "$MJS_USER_PASS"
-
 # Rename hostname for each jibri node
-hostnamectl set-hostname "jbnode${ADDUP}.${MAIN_SRV_DOMAIN}"
-sed -i "1i 127.0.0.1 jbnode${ADDUP}.${MAIN_SRV_DOMAIN}" /etc/hosts
+hostnamectl set-hostname "jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}"
+sed -i "1i 127.0.0.1 jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts
 
 # Jitsi-Meet Repo
 echo "Add Jitsi repo"
 if [ -z "$JITSI_REPO" ]; then
-	echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list
-	wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
+    echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list
+    wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
 elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
-	echo "Main and node servers repository don't match, extiting.."
-	exit
+    echo "Main and node servers repository don't match, extiting.."
+    exit
 elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
-	echo "Main and node servers repository match, continuing..."
+    echo "Main and node servers repository match, continuing..."
 else
-	echo "Jitsi $JITSI_REPO repository already installed"
+    echo "Jitsi $JITSI_REPO repository already installed"
 fi
 
 # Requirements
@@ -179,35 +207,35 @@ apt-get update -q2
 apt-get dist-upgrade -yq2
 
 apt-get -y install \
-                apt-show-versions \
-                bmon \
-                curl \
-                ffmpeg \
-                git \
-                htop \
-                inotify-tools \
-                jq \
-                rsync \
-                ssh \
-                unzip \
-                wget
+                    apt-show-versions \
+                    bmon \
+                    curl \
+                    ffmpeg \
+                    git \
+                    htop \
+                    inotify-tools \
+                    jq \
+                    rsync \
+                    ssh \
+                    unzip \
+                    wget
 
 check_snd_driver() {
 echo -e "\n# Checking ALSA - Loopback module..."
 echo "snd-aloop" | tee -a /etc/modules
 modprobe snd-aloop
 if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then
-	echo "
+    echo "
 #-----------------------------------------------------------------------
 # Audio driver seems - OK.
 #-----------------------------------------------------------------------"
 else
-	echo "
+    echo "
 #-----------------------------------------------------------------------
 # Your audio driver might not be able to load.
 # We'll check the state of this Jibri with our 'test-jibri-env.sh' tool.
 #-----------------------------------------------------------------------"
-curl -s $TEST_JIBRI_ENV > /tmp/test-jibri-env.sh
+curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh
 #Test tool
   if [ "$MODE" = "debug" ]; then
     bash /tmp/test-jibri-env.sh -m debug
@@ -220,15 +248,14 @@ fi
 }
 
 echo "# Check and Install HWE kernel if possible..."
-HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe")
-if [ "$HWE_VIR_MOD" == "1" ]; then
+HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")"
+if [ "$HWE_VIR_MOD" = "1" ]; then
     apt-get -y install \
-    linux-image-generic-hwe-$(lsb_release -sr) \
-    linux-modules-extra-virtual-hwe-$(lsb_release -sr)
-    else
+    linux-image-generic-hwe-"$(lsb_release -sr)"
+else
     apt-get -y install \
     linux-image-generic \
-    linux-modules-extra-$(uname -r)
+    linux-modules-extra-"$(uname -r)"
 fi
 
 echo "
@@ -238,29 +265,29 @@ echo "
 "
 apt-get -y install \
                 jibri \
-                openjdk-8-jre-headless
+                openjdk-11-jre-headless
 
 echo "# Installing Google Chrome / ChromeDriver"
 if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then
-	echo "Google repository already set."
+    echo "Google repository already set."
 else
-	echo "Installing Google Chrome Stable"
-	wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add -
-	echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO
+    echo "Installing Google Chrome Stable"
+    wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add -
+    echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO"
 fi
 apt-get -q2 update
 apt-get install -y google-chrome-stable
 rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list
 
 if [ -f /usr/local/bin/chromedriver ]; then
-	echo "Chromedriver already installed."
+    echo "Chromedriver already installed."
 else
-	echo "Installing Chromedriver"
-	wget -q https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip
-	unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/
-	chown root:root /usr/local/bin/chromedriver
-	chmod 0755 /usr/local/bin/chromedriver
-	rm -rf /tpm/chromedriver_linux64.zip
+    echo "Installing Chromedriver"
+    wget -q https://chromedriver.storage.googleapis.com/"$CHD_VER"/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip
+    unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/
+    chown root:root /usr/local/bin/chromedriver
+    chmod 0755 /usr/local/bin/chromedriver
+    rm -rf /tpm/chromedriver_linux64.zip
 fi
 
 echo "
@@ -278,18 +305,18 @@ echo "
 Remove Chrome warning...
 "
 mkdir -p /etc/opt/chrome/policies/managed
-echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > $GCMP_JSON
+echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON"
 
 # Recording directory
-if [ ! -d $DIR_RECORD ]; then
-mkdir $DIR_RECORD
+if [ ! -d "$DIR_RECORD" ]; then
+mkdir "$DIR_RECORD"
 fi
-chown -R jibri:jibri $DIR_RECORD
+chown -R jibri:jibri "$DIR_RECORD"
 
-cat << REC_DIR > $REC_DIR
+cat << REC_DIR > "$REC_DIR"
 #!/bin/bash
 
-RECORDINGS_DIR=$DIR_RECORD
+RECORDINGS_DIR="$DIR_RECORD"
 
 echo "This is a dummy finalize script" > /tmp/finalize.out
 echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out
@@ -298,16 +325,73 @@ echo "or storage provider, etc.) in this script" >> /tmp/finalize.out
 
 chmod -R 770 \$RECORDINGS_DIR
 
+#Rename folder.
+LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -n -r|awk '{print\$2}'| grep -v "meta\|-" | head -n1)"
+NJF_NAME="\$(find \$LJF_PATH |grep -e "-"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)"
+NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME"
+
+##Prevent empty recording directory failsafe
+if [ "\$LJF_PATH" != "\$RECORDINGS_DIR" ]; then
+  mv \$LJF_PATH \$NJF_PATH
+  #Workaround for jibri to do cleaning.
+  ssh -i /home/jibri/jbsync.pem $MJS_USER@$MAIN_SRV_DOMAIN "rm -r \$LJF_PATH"
+else
+  echo "No new folder recorded, not removing anything."
+fi
+
 exit 0
 REC_DIR
-chown jibri:jibri $REC_DIR
-chmod +x $REC_DIR
+chown jibri:jibri "$REC_DIR"
+chmod +x "$REC_DIR"
 
 ## New Jibri Config (2020)
-mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file
-cat << NEW_CONF > $JIBRI_CONF
+mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file
+cat << NEW_CONF > "$JIBRI_CONF"
 // New XMPP environment config.
 jibri {
+    streaming {
+        // A list of regex patterns for allowed RTMP URLs.  The RTMP URL used
+        // when starting a stream must match at least one of the patterns in
+        // this list.
+        rtmp-allow-list = [
+          // By default, all services are allowed
+          ".*"
+        ]
+    }
+    ffmpeg {
+        resolution = "$JIBRI_RES_CONF"
+    }
+    chrome {
+        // The flags which will be passed to chromium when launching
+        flags = [
+          "--use-fake-ui-for-media-stream",
+          "--start-maximized",
+          "--kiosk",
+          "--enabled",
+          "--disable-infobars",
+          "--autoplay-policy=no-user-gesture-required",
+          "--ignore-certificate-errors",
+          "--disable-dev-shm-usage"
+        ]
+    }
+    stats {
+        enable-stats-d = true
+    }
+    call-status-checks {
+        // If all clients have their audio and video muted and if Jibri does not
+        // detect any data stream (audio or video) comming in, it will stop
+        // recording after NO_MEDIA_TIMEOUT expires.
+        no-media-timeout = 30 seconds
+
+        // If all clients have their audio and video muted, Jibri consideres this
+        // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
+        all-muted-timeout = 10 minutes
+
+        // When detecting if a call is empty, Jibri takes into consideration for how
+        // long the call has been empty already. If it has been empty for more than
+        // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
+        default-call-empty-timeout = 30 seconds
+    }
     recording {
          recordings-directory = $DIR_RECORD
          finalize-script = $REC_DIR
@@ -316,57 +400,57 @@ jibri {
         xmpp {
             environments = [
                 {
-				// A user-friendly name for this environment
-				name = "$JB_NAME"
+                // A user-friendly name for this environment
+                name = "$JB_NAME"
 
-				// A list of XMPP server hosts to which we'll connect
-				xmpp-server-hosts = [ "$MAIN_SRV_DOMAIN" ]
+                // A list of XMPP server hosts to which we'll connect
+                xmpp-server-hosts = [ "$MAIN_SRV_DOMAIN" ]
 
-				// The base XMPP domain
-				xmpp-domain = "$MAIN_SRV_DOMAIN"
+                // The base XMPP domain
+                xmpp-domain = "$MAIN_SRV_DOMAIN"
 
-				// The MUC we'll join to announce our presence for
-				// recording and streaming services
-				control-muc {
-					domain = "internal.auth.$MAIN_SRV_DOMAIN"
-					room-name = "$JibriBrewery"
-					nickname = "Live-$ADDUP"
-				}
+                // The MUC we'll join to announce our presence for
+                // recording and streaming services
+                control-muc {
+                    domain = "internal.auth.$MAIN_SRV_DOMAIN"
+                    room-name = "$JibriBrewery"
+                    nickname = "machine-id"
+                }
 
-				// The login information for the control MUC
-				control-login {
-					domain = "auth.$MAIN_SRV_DOMAIN"
-					username = "jibri"
-					password = "$JB_AUTH_PASS"
-				}
+                // The login information for the control MUC
+                control-login {
+                    domain = "auth.$MAIN_SRV_DOMAIN"
+                    username = "jibri"
+                    password = "$JB_AUTH_PASS"
+                }
 
-				// An (optional) MUC configuration where we'll
-				// join to announce SIP gateway services
-			//	sip-control-muc {
-			//		domain = "domain"
-			//		room-name = "room-name"
-			//		nickname = "nickname"
-			//	}
+                // An (optional) MUC configuration where we'll
+                // join to announce SIP gateway services
+            //    sip-control-muc {
+            //        domain = "domain"
+            //        room-name = "room-name"
+            //        nickname = "nickname"
+            //    }
 
-				// The login information the selenium web client will use
-				call-login {
-					domain = "recorder.$MAIN_SRV_DOMAIN"
-					username = "recorder"
-					password = "$JB_REC_PASS"
-				}
+                // The login information the selenium web client will use
+                call-login {
+                    domain = "recorder.$MAIN_SRV_DOMAIN"
+                    username = "recorder"
+                    password = "$JB_REC_PASS"
+                }
 
-				// The value we'll strip from the room JID domain to derive
-				// the call URL
-				strip-from-room-domain = "conference."
+                // The value we'll strip from the room JID domain to derive
+                // the call URL
+                strip-from-room-domain = "conference."
 
-				// How long Jibri sessions will be allowed to last before
-				// they are stopped.  A value of 0 allows them to go on
-				// indefinitely
-				usage-timeout = 0 hour
+                // How long Jibri sessions will be allowed to last before
+                // they are stopped.  A value of 0 allows them to go on
+                // indefinitely
+                usage-timeout = 0 hour
 
-				// Whether or not we'll automatically trust any cert on
-				// this XMPP domain
-				trust-all-xmpp-certs = true
+                // Whether or not we'll automatically trust any cert on
+                // this XMPP domain
+                trust-all-xmpp-certs = true
                 }
             ]
         }
@@ -374,17 +458,26 @@ jibri {
 }
 NEW_CONF
 
+#Jibri xorg resolution
+sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF"
+
 echo -e "\n---- Create random nodesync user ----"
-useradd -m -g jibri $NJN_USER
+useradd -m -g jibri "$NJN_USER"
 echo "$NJN_USER:$NJN_USER_PASS" | chpasswd
 
 echo -e "\n---- We'll connect to main server ----"
 read -n 1 -s -r -p "Press any key to continue..."$'\n'
-sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''"
-echo "Remote pass: $MJS_USER_PASS"
-ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts
-ssh $MJS_USER@$MAIN_SRV_DOMAIN sh -c "'cat >> .ssh/authorized_keys'" < /home/$NJN_USER/.ssh/id_rsa.pub
-sudo su $NJN_USER -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts"
+sudo su "$NJN_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''"
+
+#Workaround for jibri to do cleaning.
+install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_rsa /home/jibri/jbsync.pem
+sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts"
+sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts"
+
+echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n"
+ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts
+ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub
+sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts"
 
 echo -e "\n---- Setup Log system ----"
 cat << INOT_RSYNC > /etc/jitsi/jibri/remote-jbsync.sh
@@ -393,21 +486,21 @@ cat << INOT_RSYNC > /etc/jitsi/jibri/remote-jbsync.sh
 # Log process
 exec 3>&1 4>&2
 trap 'exec 2>&4 1>&3' 0 1 2 3
-exec 1>/var/log/$NJN_USER/remote_jnsync.log 2>&1
+exec 1>/var/log/"$NJN_USER"/remote_jnsync.log 2>&1
 
 # Run sync
 while true; do
-  inotifywait  -t 60 -r -e modify,attrib,close_write,move,delete $DIR_RECORD
-  sudo su $NJN_USER -c "rsync -Aax  --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD"
-  find $DIR_RECORD -depth -type d -empty -not -path $DIR_RECORD -delete
+  inotifywait  -t 60 -r -e modify,attrib,close_write,move,delete "$DIR_RECORD"
+  sudo su "$NJN_USER" -c "rsync -Aax  --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD"
+  find "$DIR_RECORD" -depth -type d -empty -not -path "$DIR_RECORD" -delete
 done
 INOT_RSYNC
 
 
-mkdir /var/log/$NJN_USER
+mkdir /var/log/"$NJN_USER"
 
-cat << LOG_ROT > /etc/logrotate.d/$NJN_USER
-/var/log/$NJN_USER/*.log {
+cat << LOG_ROT > /etc/logrotate.d/"$NJN_USER"
+/var/log/"$NJN_USER"/*.log {
     monthly
     missingok
     rotate 12
@@ -450,11 +543,6 @@ systemctl daemon-reload
 systemctl enable remote_jnsync.service
 systemctl start remote_jnsync.service
 
-echo "Writting last node number..."
-sed -i "$(var_dlim 0_VAR),$(var_dlim 1_VAR){s|LAST=.*|LAST=$ADDUP|}" add-jibri-node.sh
-sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh
-echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')"
-
 #Enable jibri services
 systemctl enable jibri
 systemctl enable jibri-xorg
@@ -462,28 +550,18 @@ systemctl enable jibri-icewm
 
 check_snd_driver
 
-echo -e "\nSending updated add-jibri-node.sh file to main server sync user...\n"
-cp $PWD/add-jibri-node.sh /tmp
-sudo -u $NJN_USER scp /tmp/add-jibri-node.sh $MJS_USER@$MAIN_SRV_DOMAIN:/home/$MJS_USER/
-rm $PWD/add-jibri-node.sh /tmp/add-jibri-node.sh
-
 echo "
 ########################################################################
                         Node addition complete!!
 
-                               IMPORTANT:
-   The updated version of this file has been sent to the main server
-    at the sync user home directory, please use that one in order to
-  install new nodes. For security reason this version has been deleted
-                          from this very node.
-
                For customized support: http://switnet.net
 ########################################################################
 "
 
-echo "Rebooting in..."
+echo "Make sure to reboot, it's necessary before *any* usage.
+Rebooting in..."
 secs=$((15))
-while [ $secs -gt 0 ]; do
+while [ "$secs" -gt 0 ]; do
    echo -ne "$secs\033[0K\r"
    sleep 1
    : $((secs--))

add-jvb2-node.sh

@@ -1,25 +1,18 @@
 #!/bin/bash
 # JVB2 Node Aggregator
-# SwITNet Ltd © - 2020, https://switnet.net/
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GPLv3 or later.
 
 ### 0_LAST EDITION TIME STAMP ###
 # LETS: AUTOMATED_EDITION_TIME
 ### 1_LAST EDITION ###
 
-#Make sure the file name is the required one
-if [ ! "$(basename $0)" = "add-jvb2-node.sh" ]; then
-	echo "For most cases naming won't matter, for this one it does."
-	echo "Please use the original name for this script: \`add-jvb2-node.sh', and run again."
-	exit
-fi
-
 while getopts m: option
 do
 	case "${option}"
 	in
 		m) MODE=${OPTARG};;
-		\?) echo "Usage: sudo ./add-jvb2-node.sh [-m debug]" && exit;;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
 	esac
 done
 
@@ -28,6 +21,14 @@ if [ "$MODE" = "debug" ]; then
 set -x
 fi
 
+#Make sure the file name is the required one
+if [ ! "$(basename "$0")" = "add-jvb2-node.sh" ]; then
+    echo "For most cases naming won't matter, for this one it does."
+    echo "Please use the original name for this script: \`add-jvb2-node.sh', and run again."
+    exit
+fi
+
+
 #Check admin rights
 if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
@@ -53,53 +54,42 @@ SHARD_DOMAIN=TBD
 SHARD_PASS=TBD
 MUC_JID=TBD
 
-MJS_USER=TBD
-MJS_USER_PASS=TBD
-START=0
-LAST=TBD
+#MJS_USER=TBD
+#MJS_USER_PASS=TBD
+#START=0
+#LAST=TBD
 
 THIS_SRV_DIST=$(lsb_release -sc)
-JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1)
+JITSI_REPO=$(apt-cache policy | awk '/jitsi/&&/stable/{print$3}' | awk -F / 'NR==1{print$1}')
 JVB2_CONF="/etc/jitsi/videobridge/config"
 JVB2_NCONF="/etc/jitsi/videobridge/jvb.conf"
 JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties"
+SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)"
 #PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
-NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
-NJN_USER="jvbnode${ADDUP}_${NJN_RAND_TAIL}"
-NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)"
 #GITHUB_RAW="https://raw.githubusercontent.com"
 #GIT_REPO="switnet-ltd/quick-jibri-installer"
 ### 1_VAR_DEF
 
 # sed limiters for add-jvb2-node.sh variables
 var_dlim() {
-	grep -n $1 add-jvb2-node.sh|head -n1|cut -d ":" -f1
+    grep -n "$1" add-jvb2-node.sh|head -n1|cut -d ":" -f1
 }
 
 check_var() {
-	if [ -z "$2" ]; then
-		echo -e "Check if variable $1 is set: \xE2\x9C\x96 \nExiting..."
-		exit
-	else
-		echo -e "Check if variable $1 is set: \xE2\x9C\x94"
-	fi
+    if [ -z "$2" ]; then
+        echo -e "Check if variable $1 is set: \xE2\x9C\x96 \nExiting..."
+        exit
+    else
+        echo -e "Check if variable $1 is set: \xE2\x9C\x94"
+    fi
 }
 
-if [ -z "$LAST" ]; then
-	echo "There is an error on the LAST definition, please report."
-	exit
-elif [ "$LAST" = "TBD" ]; then
-	ADDUP=$((START + 1))
-else
-	ADDUP=$((LAST + 1))
-fi
-
 #Check server and node OS
 if [ ! "$THIS_SRV_DIST" = "$MAIN_SRV_DIST" ]; then
-	echo "Please use the same OS for the JVB2 setup on both servers."
-	echo "This server is based on: $THIS_SRV_DIST"
-	echo "The main server record claims is based on: $MAIN_SRV_DIST"
-	exit
+    echo "Please use the same OS for the JVB2 setup on both servers."
+    echo "This server is based on: $THIS_SRV_DIST"
+    echo "The main server record claims is based on: $MAIN_SRV_DIST"
+    exit
 fi
 
 #Check system resources
@@ -107,7 +97,7 @@ echo "Verifying System Resources:"
 if [ "$(nproc --all)" -lt 4 ];then
   echo "
 Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads.
->> We recommend 4 cores/threads for JVB2!
+>> We recommend 4 cores/threads or above for JVB2!
 "
   CPU_MIN="N"
 else
@@ -116,10 +106,10 @@ else
 fi
 ### Test RAM size (8GB min) ###
 mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+')
-if [ ${mem_available} -lt 7700000 ]; then
+if [ "${mem_available}" -lt 7700000 ]; then
   echo "
 Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads.
->> We recommend 8GB RAM for JVB2!
+>> We recommend 8GB RAM or above for JVB2!
 "
   MEM_MIN="N"
 else
@@ -152,7 +142,7 @@ echo "
 #-----------------------------------------------------------------------"
 
 check_var JVB_HOSTNNAME "$JVB_HOSTNAME"
-if [ -z $JVB_HOST ]; then
+if [ -z "$JVB_HOST" ]; then
   echo "JVB_HOST is empty, but it may be ok for it to be empty, skipping empty test."
 else
   check_var JVB_HOST "$JVB_HOST"
@@ -171,21 +161,21 @@ check_var MUC_JID "$MUC_JID"
 check_var MAIN_SRV_DOMAIN "$MAIN_SRV_DOMAIN"
 
 # Rename hostname for each jvb2 node
-hostnamectl set-hostname "jvb${ADDUP}.${MAIN_SRV_DOMAIN}"
-sed -i "1i 127.0.0.1 jvb${ADDUP}.${MAIN_SRV_DOMAIN}" /etc/hosts
+hostnamectl set-hostname "jvb_${SHORT_ID}.${MAIN_SRV_DOMAIN}"
+sed -i "1i 127.0.0.1 jvb_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts
 
 # Jitsi-Meet Repo
 echo "Add Jitsi repo"
 if [ -z "$JITSI_REPO" ]; then
-	echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list
-	wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
+    echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list
+    wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
 elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
-	echo "Main and node servers repository don't match, extiting.."
-	exit
+    echo "Main and node servers repository don't match, extiting.."
+    exit
 elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then
-	echo "Main and node servers repository match, continuing..."
+    echo "Main and node servers repository match, continuing..."
 else
-	echo "Jitsi $JITSI_REPO repository already installed"
+    echo "Jitsi $JITSI_REPO repository already installed"
 fi
 
 # Requirements
@@ -194,24 +184,24 @@ apt-get update -q2
 apt-get dist-upgrade -yq2
 
 apt-get -y install \
-                apt-show-versions \
-                bmon \
-                curl \
-                git \
-                htop \
-                ssh \
-                unzip \
-                wget
+                    apt-show-versions \
+                    bmon \
+                    curl \
+                    git \
+                    htop \
+                    ssh \
+                    unzip \
+                    wget
 
 echo "# Check and Install HWE kernel if possible..."
-HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe")
+HWE_VIR_MOD="$(apt-cache madison linux-modules-extra-virtual-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c "extra-virtual-hwe")"
 if [ "$HWE_VIR_MOD" == "1" ]; then
     apt-get -y install \
-    linux-image-generic-hwe-$(lsb_release -sr) \
-    linux-modules-extra-virtual-hwe-$(lsb_release -sr)
+    linux-image-generic-hwe-"$(lsb_release -sr)" \
+    linux-modules-extra-virtual-hwe-"$(lsb_release -sr)"
     else
     apt-get -y install \
-    linux-modules-extra-$(uname -r)
+    linux-modules-extra-"$(uname -r)"
 fi
 
 echo "
@@ -222,8 +212,8 @@ echo "
 echo "jitsi-videobridge jitsi-videobridge/jvb-hostname string $MAIN_SRV_DOMAIN" | debconf-set-selections
 
 apt-get -y install \
-                jitsi-videobridge2 \
-                openjdk-8-jre-headless
+                    jitsi-videobridge2 \
+                    openjdk-8-jre-headless
 
 echo '
 ########################################################################
@@ -297,42 +287,14 @@ cat << JVB2 >> $JVB2_NCONF
 }
 JVB2
 
-echo -e "\n---- Create random nodesync user ----"
-useradd -m -g jitsi $NJN_USER
-echo "$NJN_USER:$NJN_USER_PASS" | chpasswd
-
-echo -e "\n---- We'll connect to main server ----"
-read -n 1 -s -r -p "Press any key to continue..."$'\n'
-sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''"
-echo "Remote pass: $MJS_USER_PASS"
-ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts
-ssh $MJS_USER@$MAIN_SRV_DOMAIN sh -c "'cat >> .ssh/authorized_keys'" < /home/$NJN_USER/.ssh/id_rsa.pub
-sudo su $NJN_USER -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts"
-
-echo "Writting last node number..."
-sed -i "$(var_dlim 0_VAR),$(var_dlim 1_VAR){s|LAST=.*|LAST=$ADDUP|}" add-jvb2-node.sh
-sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jvb2-node.sh
-echo "Last file edition at: $(grep "LETS:" add-jvb2-node.sh|head -n1|awk -F'LETS:' '{print$2}')"
-
 #Enable jvb2 services
 systemctl enable jitsi-videobridge2.service
 systemctl restart jitsi-videobridge2.service
 
-echo -e "\nSending updated add-jvb2-node.sh file to main server sync user...\n"
-cp $PWD/add-jvb2-node.sh /tmp
-sudo -u $NJN_USER scp /tmp/add-jvb2-node.sh $MJS_USER@$MAIN_SRV_DOMAIN:/home/$MJS_USER/
-rm $PWD/add-jvb2-node.sh /tmp/add-jvb2-node.sh
-
 echo "
 ########################################################################
                         Node addition complete!!
 
-                               IMPORTANT:
-   The updated version of this file has been sent to the main server
-    at the sync user home directory, please use that one in order to
-  install new nodes. For security reason this version has been deleted
-                          from this very node.
-
                For customized support: http://switnet.net
 ########################################################################
 "

changelog

@@ -0,0 +1,136 @@
+quick-jibri-installer (7.3.0)
+
+    * excalibur: add installer for whiteboard feature.
+    * quick_jibri_installer.sh: add excalidraw whiteboard backend
+      disable jigasi selector
+      add sed check test
+      update features list
+    * misc: update repository address to new home.
+    * misc: update year to late 2023.
+    
+-- Software, IT & Networks <info@switnet.net>  Sat, 11 Nov 2023 21:18:29 -0600
+
+quick-jibri-installer (7.2.1)
+
+    * changelog: update previous version.
+    * quick_jibri_installer.sh: fix deprecated nodejs repo setup,
+      add printwc function
+
+-- Software, IT & Networks <info@switnet.net>  Sun, 22 Oct 2023 17:00:30 -0600
+
+quick-jibri-installer (7.2.0)
+
+    * changelog: update previous version.
+    * quick_jibri_installer.sh: rearrange chromedriver variables.
+    * quick_jibri_installer.sh: fix empty varible usage.
+    * quick_jibri_installer.sh: update nodejs to a stable release.
+    * quick_jibri_installer.sh,jitsi-updater.sh: update chromedriver 115+ version download.
+    * jra_nextcloud.sh: organize functions, add apt checks, higher password lenght and small fixes.
+    * jitsi-updater.sh: fix check chrome driver version.
+
+-- Software, IT & Networks <info@switnet.net>  Wed Aug 23 00:51:24 2023 -0600
+
+quick-jibri-installer (7.1.0)
+
+* changelog: add changelog
+* quick_jibri_installer.sh: increase support to 22.04
+fix key aggregation and remove deprecated letsencrypt ppa
+* etherpad-docker.sh: fix key aggregation and variable collection.
+* grafana.sh: fix gpg key aggregation
+* jm-bm.sh: tweak sed
+* jra_nextcloud.sh: fix key aggregation and variable collection.
+* jra_nextcloud.sh: fix add gpg key function and add install available version package
+* jra_nextcloud.sh: small fix for install_aval_package function
+
+-- Software, IT & Networks <info@switnet.net>  Wed Feb 22 05:56:20 2023 -0600
+
+quick-jibri-installer (7.0.8)
+
+    * jitsi-updater.sh: add checks for openjdk and nodejs supported versions
+    * add-jibri-node.sh: set openjdk-jre-headless default version to 11
+    * changelog: add changelog
+
+-- Software, IT & Networks <info@switnet.net>  Tue Nov 15 02:56:26 2022 -0600
+
+quick-jibri-installer (7.0.7)
+
+    * quick_jibri_installer.sh: fix jaas & acme integration    
+
+-- Software, IT & Networks <info@switnet.net>  Sun Oct 23 23:52:23 2022 -0500
+
+quick-jibri-installer (7.0.6)
+
+    * jitsi-updater.sh: fix jitsi repo package update filtering.
+
+-- Software, IT & Networks <info@switnet.net>  Fri Sep 30 04:04:31 2022 -0500
+
+quick-jibri-installer (7.0.5)
+
+    * quick_jibri_installer.sh: use new setup to enable local recording feature.
+
+-- Software, IT & Networks <info@switnet.net>  Fri Aug 19 07:23:41 2022 -0500
+
+quick-jibri-installer (7.0.4)
+
+    * quick_jibri_installer.sh,jwt.sh: update anonymous string on prosody setup.
+      -fix small format issues.
+
+-- Software, IT & Networks <info@switnet.net>  Fri Aug 19 06:47:21 2022 -0500
+
+quick-jibri-installer (7.0.3)
+
+    * jitsi-updater: fix condition to set turn config.
+    * quick-jibri-installer: fix typo on path.
+
+-- Software, IT & Networks <info@switnet.net>  Thu Jun 30 09:57:12 2022 -0500
+
+quick-jibri-installer (7.0.2)
+
+    * Detect jibri node by jitsi-updater.
+
+-- Software, IT & Networks <info@switnet.net>  Fri Jun 17 16:36:15 2022 -0500
+
+quick-jibri-installer (7.0.1)
+
+    * Fix debug mode on triggered scripts.
+    * Fix grep condition.
+
+-- Software, IT & Networks <info@switnet.net>  Mon May 23 23:17:39 2022 -0500
+
+quick-jibri-installer (7.0)
+
+    * Major rework, comply with shellcheck
+    
+    ## Add
+    * Add experimental tool for AWS grub setup.
+    
+    ## Fix
+    * Fix grafana configuration
+    * Actually apply changes to nginx conf instead of symlink.
+    * Actually require to run with admin rights.
+    * Improve comments.
+    * Rename and fix set_once function.
+    * Fix jibri domain.
+    
+    ## Improve
+    * Comply mode section with shellcheck recommendations.
+    * Comply tools section with shellcheck recommendations.
+    * Comply main scripts with shellcheck recommendations.
+    * Improve shell quality
+    * Change JDK version to 11
+    * Make warning visible.
+    * Change email position, and small fixes
+    * Several indenting changes
+    * Set warning instead of "note".
+    * Yet again more fixes on echo and printf
+    * Standarize jra_nextcloud
+    * Add comment on debconf state
+    * Update SwITNet copyright and standarize debug option for scripts.
+    
+    ## Remove
+    * Rename deprecated scripts folder
+    * Remove old
+    * Remove unused code
+    * Finally remove jigasi deprecated script.
+
+-- Software, IT & Networks <info@switnet.net>  Fri May 20 20:07:02 2022 -0500

deprecated/jigasi.sh

@@ -9,7 +9,7 @@
 #######################################################
 
 #Check if user is root
-if ! [ $(id -u) = 0 ]; then
+if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
    exit 0
 fi
@@ -22,30 +22,30 @@ echo '
                     by Software, IT & Networks Ltd
 '
 
-JIGASI_CONFIG=/etc/jitsi/jigasi/config
-GC_API_JSON=/opt/gc-sdk/GCTranscriptAPI.json
-DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
-MEET_CONF=/etc/jitsi/meet/${DOMAIN}-config.js
-JIG_SIP_CONF=/etc/jitsi/jigasi/config
-JIG_SIP_PROP=/etc/jitsi/jigasi/sip-communicator.properties
-JIC_SIP_PROP=/etc/jitsi/jicofo/sip-communicator.properties
+JIGASI_CONFIG="/etc/jitsi/jigasi/config"
+GC_API_JSON="/opt/gc-sdk/GCTranscriptAPI.json"
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
+MEET_CONF="/etc/jitsi/meet/${DOMAIN}-config.js"
+JIG_SIP_CONF="/etc/jitsi/jigasi/config"
+JIG_SIP_PROP="/etc/jitsi/jigasi/sip-communicator.properties"
+JIC_SIP_PROP="/etc/jitsi/jicofo/sip-communicator.properties"
 JIG_TRANSC_PASWD="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 8 | head -n1)"
 JIG_TRANSC_PASWD_B64="$(echo -n "$JIG_TRANSC_PASWD" | base64)"
-DIST=$(lsb_release -sc)
-CHECK_GC_REPO=$(apt-cache policy | grep http | grep cloud-sdk | head -n1 | awk '{print $3}' | awk -F '/' '{print $1}')
+DIST="$(lsb_release -sc)"
+CHECK_GC_REPO="$(apt-cache policy | grep http | grep cloud-sdk | head -n1 | awk '{print $3}' | awk -F '/' '{print $1}')"
 
 install_gc_repo() {
-	if [ "$CHECK_GC_REPO" = "cloud-sdk-$DIST" ]; then
-	echo "
+if [ "$CHECK_GC_REPO" = "cloud-sdk-$DIST" ]; then
+    echo "
 Google Cloud SDK repository already on the system!
 "
 else
-	echo "
+    echo "
 Adding Google Cloud SDK repository for latest updates
 "
-	export CLOUD_SDK_REPO="cloud-sdk-$DIST"
-	echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
-	curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+    export CLOUD_SDK_REPO="cloud-sdk-$DIST"
+    echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
+    curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
 
 fi
 }
@@ -56,17 +56,17 @@ apt-get -y install google-cloud-sdk google-cloud-sdk-app-engine-java
 echo "Please select one of the current options:
 [1] I want to configure a new project, service account, billing and JSON credentials.
 [2] I already have one project configured and already have a JSON key file from Google"
-while [[ $SETUP_TYPE != 1 && $SETUP_TYPE != 2 ]]
+while [[ "$SETUP_TYPE" != "1" && "$SETUP_TYPE" != "2" ]]
 do
-read -p "What option suits your setup?: (1 or 2)"$'\n' -r SETUP_TYPE
-if [ $SETUP_TYPE = 1 ]; then
-	echo "We'll setup a GC Projects from scratch"
-elif [ $SETUP_TYPE = 2 ]; then
-	echo "We'll setup only the proect and JSON key."
-fi
+    read -p "What option suits your setup?: (1 or 2)"$'\n' -r SETUP_TYPE
+    if [ "$SETUP_TYPE" = "1" ]; then
+      echo "We'll setup a GC Projects from scratch"
+    elif [ "$SETUP_TYPE" = "2" ]; then
+      echo "We'll setup only the project and JSON key."
+    fi
 done
 
-if [ $SETUP_TYPE = 1 ]; then
+if [ "$SETUP_TYPE" = 1 ]; then
 ### Start of new project configuration - Google SDK
 #Setup option 1 - Google Cloud SDK
 echo "Once logged on Google Cloud SDK, please create a new project (last option)."
@@ -79,15 +79,15 @@ gcloud auth application-default login
 # Start Google Cloud Configuration - Application Service
 GC_MEMBER=transcript
 echo "Checking if project exist..."
-PROJECT_GC_ID=$(gcloud projects list | grep $GC_PROJECT_NAME | awk '{print$3}')
-while [ -z $PROJECT_GC_ID ]
+PROJECT_GC_ID="$(gcloud projects list | grep "$GC_PROJECT_NAME" | awk '{print$3}')"
+while [ -z "$PROJECT_GC_ID" ]
 do
 read -p "Enter the project name you just created for Jigasi Speech-to-Text"$'\n' -r GC_PROJECT_NAME
-if [ -z PROJECT_GC_ID ]; then
-	echo "Please check your project name,
-	There is no project listed with the provided name: $GC_PROJECT_NAME"
-	PROJECT_GC_ID=$(gcloud projects list | grep $GC_PROJECT_NAME | awk '{print$3}')
-fi
+if [ -z "$PROJECT_GC_ID" ]; then
+    echo "Please check your project name,"
+    echo "There is no project listed with the provided name: $GC_PROJECT_NAME"
+        PROJECT_GC_ID="$(gcloud projects list | grep "$GC_PROJECT_NAME" | awk '{print$3}')"
+    fi
 done
 echo "Your $GC_PROJECT_NAME ID's project is: $PROJECT_GC_ID"
 
@@ -101,19 +101,19 @@ while [[ $? -eq 1 ]]
 do
 CHECK_BILLING="$(gcloud services enable speech.googleapis.com 2>/dev/null)"
 if [[ $? -eq 1 ]]; then
-        echo "Seems you haven't enabled billing for this project: $GC_PROJECT_NAME
-    For that go to: https://console.developers.google.com/project/$PROJECT_GC_ID/settings
+        echo "Seems you haven't enabled billing for this project: $GC_PROJECT_NAME"
+        echo "  For that go to: https://console.developers.google.com/project/$PROJECT_GC_ID/settings
     "
-        read -p "Press Enter to continue"
+        read -rp "Press Enter to continue"
         CHECK_BILLING="$(gcloud services enable speech.googleapis.com 2>/dev/null)"
 fi
 done
 echo "Billing account seems setup, continuing..."
 
-gcloud iam service-accounts create $GC_MEMBER
+gcloud iam service-accounts create "$GC_MEMBER"
 
-gcloud projects add-iam-policy-binding  $GC_PROJECT_NAME \
-    --member serviceAccount:$GC_MEMBER@$GC_PROJECT_NAME.iam.gserviceaccount.com \
+gcloud projects add-iam-policy-binding  "$GC_PROJECT_NAME" \
+    --member serviceAccount:"$GC_MEMBER"@"$GC_PROJECT_NAME".iam.gserviceaccount.com \
     --role  roles/editor
 
 echo "Setup credentials:"
@@ -122,7 +122,7 @@ https://console.developers.google.com/apis/credentials?folder=&organizationId=&p
 ### End of new project configuration - Google SDK
 fi
 
-if [ $SETUP_TYPE = 2 ]; then
+if [ "$SETUP_TYPE" = "2" ]; then
 #Setup option 1 - Google Cloud SDK
 echo "Once logged on Google Cloud SDK, please select the project that owns to the JSON key."
 gcloud init
@@ -133,7 +133,7 @@ fi
 echo "Setting up JSON key file..."
 sleep 2
 mkdir /opt/gc-sdk/
-cat << KEY_JSON > $GC_API_JSON
+cat << KEY_JSON > "$GC_API_JSON"
 #
 # Paste below this comment your GC JSON key for the service account:
 # $GC_MEMBER@$GC_PROJECT_NAME.iam.gserviceaccount.com
@@ -143,11 +143,11 @@ cat << KEY_JSON > $GC_API_JSON
 # These comment lines will be deleted afterwards.
 #
 KEY_JSON
-chmod 644 $GC_API_JSON
-nano $GC_API_JSON
-sed -i '/^#/d' $GC_API_JSON
+chmod 644 "$GC_API_JSON"
+nano "$GC_API_JSON"
+sed -i '/^#/d' "$GC_API_JSON"
 
-CHECK_JSON_KEY="$(cat $GC_API_JSON | python -m json.tool 2>/dev/null)"
+CHECK_JSON_KEY="$(cat "$GC_API_JSON" | python -m json.tool 2>/dev/null)"
 while [[ $? -eq 1 ]]
 do
 CHECK_JSON_KEY="$(cat $GC_API_JSON | python -m json.tool 2>/dev/null)"
@@ -169,7 +169,7 @@ echo "Installing Jigasi, your SIP credentials will be asked. (mandatory)"
 apt-get -y install jigasi
 #apt-mark hold jigasi
 
-cat  << JIGASI_CONF >> $JIGASI_CONFIG
+cat  << JIGASI_CONF >> "$JIGASI_CONFIG"
 
 GOOGLE_APPLICATION_CREDENTIALS=$GC_API_JSON
 
@@ -179,24 +179,24 @@ echo "Your Google Cloud credentials are at $GC_API_JSON"
 
 echo "Setting up Jigasi transcript with current platform..."
 #Connect callcontrol
-sed -i "s|// call_control:|call_control:|" $MEET_CONF
-sed -i "s|// transcribingEnabled|transcribingEnabled|" $MEET_CONF
-sed -i "/transcribingEnabled/ s|false|true|" $MEET_CONF
+sed -i "s|// call_control:|call_control:|" "$MEET_CONF"
+sed -i "s|// transcribingEnabled|transcribingEnabled|" "$MEET_CONF"
+sed -i "/transcribingEnabled/ s|false|true|" "$MEET_CONF"
 
 #siptest2siptest@domain.con
 #changed from conference to internal.auth from jibri
-sed -i "s|siptest|siptest@internal.auth.$DOMAIN|" $JIG_SIP_PROP
+sed -i "s|siptest|siptest@internal.auth.$DOMAIN|" "$JIG_SIP_PROP"
 
 #Disable component in favor of MUC
-if [ $(grep -c nocomponent $JIG_SIP_CONF) != 0 ]; then
+if [ "$(grep -c nocomponent "$JIG_SIP_CONF")" != 0 ]; then
     echo "Jigasi component is already disabled."
 else
     echo "Disabling jigasi component in favor of MUC"
-    sed -i "s|JIGASI_OPTS=.*|JIGASI_OPTS=\"--nocomponent=true\"|" $JIG_SIP_CONF
+    sed -i "s|JIGASI_OPTS=.*|JIGASI_OPTS=\"--nocomponent=true\"|" "$JIG_SIP_CONF"
 fi
 
 #Setup XMPP
-cat << ACC1_XMPP >> $JIG_SIP_PROP
+cat << ACC1_XMPP >> "$JIG_SIP_PROP"
 
 # XMPP account used for control
 net.java.sip.communicator.impl.protocol.jabber.acc1=acc1
@@ -265,37 +265,37 @@ org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
 ACC1_XMPP
 
 #Enable transcription config
-sed -i "/ENABLE_TRANSCRIPTION/ s|#||" $JIG_SIP_PROP
-sed -i "/ENABLE_TRANSCRIPTION/ s|false|true|" $JIG_SIP_PROP
-sed -i "/ENABLE_SIP/ s|#||" $JIG_SIP_PROP
-sed -i "/ENABLE_SIP/ s|true|false|" $JIG_SIP_PROP
+sed -i "/ENABLE_TRANSCRIPTION/ s|#||" "$JIG_SIP_PROP"
+sed -i "/ENABLE_TRANSCRIPTION/ s|false|true|" "$JIG_SIP_PROP"
+sed -i "/ENABLE_SIP/ s|#||" "$JIG_SIP_PROP"
+sed -i "/ENABLE_SIP/ s|true|false|" "$JIG_SIP_PROP"
 
 #Transcript format
-sed -i "/SAVE_JSON/ s|# ||" $JIG_SIP_PROP
-sed -i "/SEND_JSON/ s|# ||" $JIG_SIP_PROP
-sed -i "/SAVE_TXT/ s|# ||" $JIG_SIP_PROP
-sed -i "/SEND_TXT/ s|# ||" $JIG_SIP_PROP
+sed -i "/SAVE_JSON/ s|# ||" "$JIG_SIP_PROP"
+sed -i "/SEND_JSON/ s|# ||" "$JIG_SIP_PROP"
+sed -i "/SAVE_TXT/ s|# ||" "$JIG_SIP_PROP"
+sed -i "/SEND_TXT/ s|# ||" "$JIG_SIP_PROP"
 #sed -i "/SEND_TXT/ s|false|true|" $JIG_SIP_PROP
 
 #Allow to connect other than same server only.
 sed -i \
 "/xmpp.acc.SERVER_ADDRESS/ s|org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=.*|org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=$DOMAIN|" \
-$JIG_SIP_PROP
+"$JIG_SIP_PROP"
 
 #Remember to study how to use LE or what's needed #ToDo
-sed -i "/ALWAYS_TRUST_MODE_ENABLED/ s|# ||" $JIG_SIP_PROP
+sed -i "/ALWAYS_TRUST_MODE_ENABLED/ s|# ||" "$JIG_SIP_PROP"
 
-prosodyctl register jigasi auth.$DOMAIN $JIG_TRANSC_PASWD
+prosodyctl register jigasi auth."$DOMAIN" "$JIG_TRANSC_PASWD"
 
 #Set Brewery
-cat << JIG_JIC >> $JIC_SIP_PROP
+cat << JIG_JIC >> "$JIC_SIP_PROP"
 org.jitsi.jicofo.jigasi.BREWERY=JigasiBreweryRoom@internal.auth.$DOMAIN
 JIG_JIC
 
-systemctl restart 	prosody \
-                    jicofo \
-                    jibri* \
-                    jitsi-videobridge2
+systemctl restart prosody \
+                  jicofo \
+                  jibri* \
+                  jitsi-videobridge2
 
 echo "
 Full transcript files are available at:

etherpad-docker.sh

@@ -0,0 +1,157 @@
+#!/bin/bash
+# Etherpad Installer for Jitsi Meet
+# SwITNet Ltd © - 2024, https://switnet.net/
+#
+# GPLv3 or later.
+
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
+if ! [ "$(id -u)" = 0 ]; then
+   echo "You need to be root or have sudo privileges!"
+   exit 0
+fi
+
+clear
+echo '
+########################################################################
+                         Etherpad Docker addon
+########################################################################
+                    by Software, IT & Networks Ltd
+'
+FORGE_REPO="https://forge.switnet.net/switnet/quick-jibri-installer"
+check_apt_policy() {
+apt-cache policy 2>/dev/null| awk "/$1/{print \$3}" | awk -F '/' 'NR==1{print$2}'
+}
+install_ifnot() {
+if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
+    echo " $1 is installed, skipping..."
+    else
+        echo -e "\n---- Installing $1 ----"
+        apt-get -yq2 install "$1"
+fi
+}
+# Test for matches
+test_match() {
+if grep -q "$1" "$2" ; then
+    echo "$(basename "$2") - OK..."
+else
+    echo "$(basename "$2"), FAIL..."
+    echo "Please report this to $FORGE_REPO"
+    exit
+fi
+}
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
+MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
+WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
+PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
+ETHERPAD_DB_USER="dockerpad"
+ETHERPAD_DB_NAME="etherpad"
+ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
+DOCKER_CE_REPO="$(check_apt_policy docker)"
+WS_CONF_MATCH1="# ensure all static content can always be found first"
+
+echo "Add Docker repo"
+if [ "$DOCKER_CE_REPO" = "stable" ]; then
+    echo "Docker repository already installed"
+else
+    echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > \
+        /etc/apt/sources.list.d/docker-ce.list
+    wget -qO - https://download.docker.com/linux/ubuntu/gpg | \
+    gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg  >/dev/null
+    apt -q2 update
+fi
+
+read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS
+
+# Make sure we can rely on the match strings.
+printf "> Testing match strings on config files.\n"
+test_match "$WS_MATCH1" "$WS_CONF"
+
+# Install required packages
+install_ifnot docker-ce
+install_ifnot postgresql-"$PSGVER"
+
+# Create DB
+echo -e "> Creating postgresql database for container...\n"
+sudo -u postgres psql <<DB
+CREATE DATABASE ${ETHERPAD_DB_NAME};
+CREATE USER ${ETHERPAD_DB_USER} WITH ENCRYPTED PASSWORD '${ETHERPAD_DB_PASS}';
+GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER};
+DB
+echo "  -- Your etherpad db password is: $ETHERPAD_DB_PASS"
+echo -e "     Please save it somewhere safe.\n"
+
+# Check fot docker if not running then execute
+if [ ! "$(docker ps -q -f name=etherpad)" ]; then
+    if [ "$(docker ps -aq -f status=exited -f name=etherpad)" ]; then
+        # cleanup
+        docker rm etherpad
+    fi
+    # run your container
+    docker run -d --restart always \
+    --network=host \
+    --name etherpad \
+    -p 127.0.0.1:9001:9001 \
+    -e "ADMIN_PASSWORD=$ETHERPAD_ADMIN_PASS" \
+    -e "DB_TYPE=postgres"   \
+    -e "DB_HOST=localhost"   \
+    -e "DB_PORT=5432"   \
+    -e "DB_NAME=$ETHERPAD_DB_NAME"   \
+    -e "DB_USER=$ETHERPAD_DB_USER" \
+    -e "DB_PASS=$ETHERPAD_DB_PASS" \
+    -i -t etherpad/etherpad
+fi
+
+# Tune webserver for Jitsi App control
+
+if [ "$(grep -c etherpad "$WS_CONF")" != 0 ]; then
+    echo "> Webserver seems configured, skipping..."
+elif [ -f "$WS_CONF" ]; then
+    echo "> Setting up webserver configuration file..."
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ #Etherpad block" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ location \^\~\ \/etherpad\/ {" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_buffering off;" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_redirect off;" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header       Host \$host;" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \ \ \ \ }" "$WS_CONF"
+    sed -i "/$WS_CONF_MATCH1/i \\\n" "$WS_CONF"
+else
+    echo "> No etherpad config done to server file, please report to:
+    -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
+fi
+
+# Configure config.js
+if [ "$(grep -c "etherpad_base" "$WS_CONF")" != 0 ]; then
+    echo -e "> $MEET_CONF seems configured, skipping...\n"
+else
+    echo -e "> Setting etherpad domain at $MEET_CONF...\n"
+    sed -i "s|// etherpad_base: .*|etherpad_base: \'https://$DOMAIN/etherpad/p/\',|" "$MEET_CONF"
+fi
+
+echo "> Checking nginx configuration..."
+
+if nginx -t 2>/dev/null ; then
+    echo -e "  -- Docker configuration seems fine, enabling it."
+#    systemctl reload nginx
+else
+    echo "Please check your configuration, something may be wrong."
+    echo "Will not try to enable etherpad nginx configuration, please report to:
+    -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
+fi

etherpad.sh

@@ -1,195 +0,0 @@
-#!/bin/bash
-# Etherpad Installer for Jitsi Meet
-# SwITNet Ltd © - 2020, https://switnet.net/
-#
-# GPLv3 or later.
-
-while getopts m: option
-do
-	case "${option}"
-	in
-		m) MODE=${OPTARG};;
-		\?) echo "Usage: sudo ./etherpad.sh [-m debug]" && exit;;
-	esac
-done
-
-#DEBUG
-if [ "$MODE" = "debug" ]; then
-set -x
-fi
-
-if ! [ $(id -u) = 0 ]; then
-   echo "You need to be root or have sudo privileges!"
-   exit 0
-fi
-
-clear
-echo '
-########################################################################
-                         Etherpad Docker addon
-########################################################################
-                    by Software, IT & Networks Ltd
-'
-
-check_apt_policy() {
-apt-cache policy 2>/dev/null| \
-grep http | \
-grep $1 | \
-awk '{print $3}' | \
-head -n 1 | \
-cut -d "/" -f2
-}
-install_ifnot() {
-if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
-	echo " $1 is installed, skipping..."
-    else
-    	echo -e "\n---- Installing $1 ----"
-		apt-get -yq2 install $1
-fi
-}
-DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
-MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
-WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf"
-PSGVER="$(apt-cache madison postgresql | head -n1 | awk '{print $3}' | cut -d "+" -f1)"
-NODE_JS_REPO="$(check_apt_policy node_10)"
-ETHERPAD_USER="etherpad-lite"
-ETHERPAD_HOME="/opt/$ETHERPAD_USER"
-ETHERPAD_DB_USER="meetpad"
-ETHERPAD_DB_NAME="etherpad"
-ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
-ETHERPAD_SYSTEMD="/etc/systemd/system/etherpad-lite.service"
-
-# NodeJS
-echo "Addin NodeJS repo..."
-
-if [ "$NODE_JS_REPO" = "main" ]; then
-	echo "NodeJS repository already installed"
-else
-		curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
-		apt-get update
-fi
-
-read -p "Set your etherpad docker admin password: " -r ETHERPAD_ADMIN_PASS
-
-# Install required packages
-install_ifnot jq
-install_ifnot nodejs
-install_ifnot postgresql-$PSGVER
-
-# Link LE certs on Etherpad directory
-#chmod 755 /etc/letsencrypt/live
-#ln -s /etc/letsencrypt/live/$DOMAIN $ETHERPAD_HOME/
-
-# Create DB
-echo -e "> Creating postgresql database for etherpad...\n"
-sudo -u postgres psql <<DB
-CREATE DATABASE ${ETHERPAD_DB_NAME};
-CREATE USER ${ETHERPAD_DB_USER} WITH ENCRYPTED PASSWORD '${ETHERPAD_DB_PASS}';
-GRANT ALL PRIVILEGES ON DATABASE ${ETHERPAD_DB_NAME} TO ${ETHERPAD_DB_USER};
-DB
-
-echo "  -- Your etherpad db password is: $ETHERPAD_DB_PASS"
-echo -e "     Please save it somewhere safe."
-
-#Set system users
-adduser --system --home=${ETHERPAD_HOME} --group ${ETHERPAD_USER}
-sudo -u $ETHERPAD_USER git clone -b master https://github.com/ether/etherpad-lite.git $ETHERPAD_HOME/
-
-  #Issue: https://github.com/ether/etherpad-lite/issues/3460
-  cat <<< "$(jq  'del(.devDependencies)'< $ETHERPAD_HOME/src/package.json)" > $ETHERPAD_HOME/src/package.json
-
-bash $ETHERPAD_HOME/bin/installDeps.sh
-
-cp $ETHERPAD_HOME/settings.json $ETHERPAD_HOME/settings.json.backup
-
-cat << SETTINGS_JSON > $ETHERPAD_HOME/settings.json
-{
- "title": "Conference Etherpad",
-  "favicon": "favicon.ico",
-  "skinName": "colibris",
-  "ip": "0.0.0.0",
-  "port": 9001,
-  "showSettingsInAdminPage": true,
-//  "ssl" : {
-//            "key"  : "$ETHERPAD_HOME/$DOMAIN/privkey.pem",
-//            "cert" : "$ETHERPAD_HOME/$DOMAIN/fullchain.pem",
-//            "ca"   : "$ETHERPAD_HOME/$DOMAIN/chain.pem"
-//          },
-  "dbType" : "postgres",
-  "dbSettings" : {
-    "user"    : "$ETHERPAD_DB_USER",
-    "host"    : "localhost",
-    "password": "$ETHERPAD_DB_PASS",
-    "database": "$ETHERPAD_DB_NAME",
-    "charset" : "utf8mb4"
-  },
-  "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at https:\/\/etherpad.org\n",
-  "users": {
-    "admin": {
-      // 1) "password" can be replaced with "hash" if you install ep_hash_auth
-      // 2) please note that if password is null, the user will not be created
-      "password": "$ETHERPAD_ADMIN_PASS",
-      "is_admin": true
-    }
-  }
-}
-SETTINGS_JSON
-
-cat << SYSTEMD > $ETHERPAD_SYSTEMD
-[Unit]
-Description=Etherpad-lite, the collaborative editor.
-After=syslog.target network.target
-
-[Service]
-Type=simple
-User=$ETHERPAD_USER
-Group=Group=$ETHERPAD_USER
-WorkingDirectory=$ETHERPAD_HOME
-Environment=NODE_ENV=production
-ExecStart=$ETHERPAD_HOME/bin/run.sh
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-SYSTEMD
-
-#Systemd services
-systemctl enable etherpad-lite
-systemctl restart etherpad-lite
-
-# Tune webserver for Jitsi App control
-if [ $(grep -c "etherpad" $WS_CONF) != 0 ]; then
-    echo "> Webserver seems configured, skipping..."
-elif [ -f $WS_CONF ]; then
-    echo "> Setting up webserver configuration file..."
-	sed -i "/Anything that didn't match above/i \ \ \ \ location \^\~\ \/etherpad\/ {" $WS_CONF
-	sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:9001\/;" $WS_CONF
-	sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_set_header X-Forwarded-For \$remote_addr;" $WS_CONF
-	sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_buffering off;" $WS_CONF
-    sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_set_header       Host \$host;" $WS_CONF
-	sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF
-	sed -i "/Anything that didn't match above/i \\\n" $WS_CONF
-else
-	echo "> No etherpad config done to server file, please report to:
-    -> https://github.com/switnet-ltd/quick-jibri-installer/issues"
-fi
-    
-# Configure config.js
-if [ $(grep -c "etherpad_base" $WS_CONF) != 0 ]; then
-    echo -e "> $MEET_CONF seems configured, skipping...\n"
-else
-    echo -e "> Setting etherpad domain at $MEET_CONF...\n"
-    sed -i "/ domain: '$DOMAIN'/a\ \ \ \ \ \ \ \ etherpad_base: \'https://$DOMAIN/etherpad/p/\'," $MEET_CONF
-fi
-
-echo "> Checking nginx configuration..."
-nginx -t 2>/dev/null
-
-if [ $? = 0 ]; then
-	echo -e "  -- Docker configuration seems fine, enabling it."
-	systemctl reload nginx
-else
-	echo "Please check your configuration, something may be wrong."
-	echo "Will not try to enable etherpad nginx configuration, please report to:
-    -> https://github.com/switnet-ltd/quick-jibri-installer/issues"
-fi

excalidraw-backend.sh

@@ -0,0 +1,208 @@
+#!/bin/bash
+# Excalidraw Jitsi Backend Installer
+#
+# Based on:
+# - https://community.jitsi.org/t/118883
+#
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+# Reset
+Color_Off='\e[0m'       # Text Reset
+# Regular Colors
+Black='\e[0;30m'        # Black
+Red='\e[0;31m'          # Red
+Green='\e[0;32m'        # Green
+Yellow='\e[0;33m'       # Yellow
+Blue='\e[0;34m'         # Blue
+Purple='\e[0;35m'       # Purple
+Cyan='\e[0;36m'         # Cyan
+
+printwc() {
+    printf "%b$2%b" "$1" "${Color_Off}"
+}
+print_title() {
+printwc "${Blue}" "\n#--------------------------------------------------"
+printwc "${Blue}" "\n# $1"
+printwc "${Blue}" "\n#--------------------------------------------------\n"
+}
+restart_jibri() {
+if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
+then
+    systemctl restart jibri
+    systemctl restart jibri-icewm
+    systemctl restart jibri-xorg
+else
+    echo "Jibri service not installed"
+fi
+}
+restart_services() {
+    systemctl restart jitsi-videobridge2
+    systemctl restart jicofo
+    restart_jibri
+    systemctl restart prosody
+}
+test_match() {
+if grep -q "$1" "$2" ; then
+    echo "$(basename "$2") - OK..."
+else
+    echo "$(basename "$2"), FAIL..."
+    echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
+    exit
+fi
+}
+
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
+if ! [ "$(id -u)" = 0 ]; then
+   echo "You need to be root or have sudo privileges!"
+   exit 0
+fi
+clear
+echo -e '\n
+########################################################################
+                  Excalidraw Jitsi Backend Installer
+########################################################################
+                    by Software, IT & Networks Ltd
+\n'
+
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
+WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
+PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua"
+MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
+WS_MATCH1='# ensure all static content can always be found first'
+PROS_MATCH1='"av_moderation";'
+PROS_MATCH2='breakout_rooms_muc = "breakout.'
+PROS_MATCH3='VirtualHost "recorder.'
+CONFIG_MATCH1='List of undocumented settings used in jitsi-meet'
+EXCALIDRAW_HOME="/opt/excalidraw"
+EXCAL_MATCH1="prometheus.metrics(io"
+EXCAL_NEW_PORT="9091"
+EXCAL_PORT_FILE="$EXCALIDRAW_HOME/backend/src/index.ts"
+
+# Make sure we can rely on the match strings.
+printf "Testing match strings on config files.\n"
+test_match "$WS_MATCH1" "$WS_CONF"
+test_match "$PROS_MATCH1" "$PROSODY_FILE"
+test_match "$PROS_MATCH2" "$PROSODY_FILE"
+test_match "$PROS_MATCH3" "$PROSODY_FILE"
+test_match "$PROS_MATCH3" "$PROSODY_FILE"
+test_match "$CONFIG_MATCH1" "$MEET_CONF"
+
+#--------------------------------------------------
+print_title "Setup excalidraw backend."
+#--------------------------------------------------
+adduser --home "$EXCALIDRAW_HOME" --disabled-password --gecos "" excalidraw
+git clone https://github.com/jitsi/excalidraw-backend "$EXCALIDRAW_HOME/backend"
+test_match "$EXCAL_MATCH1" "$EXCAL_PORT_FILE"
+
+chown -R excalidraw:excalidraw "$EXCALIDRAW_HOME"
+cd "$EXCALIDRAW_HOME/backend"
+sudo -u excalidraw cp .env.development .env.production
+
+# Use documented port to get some sort of standarization.
+if sed -n "/$EXCAL_MATCH1/,/});/p" "$EXCAL_PORT_FILE" |grep -q port: ; then
+    echo -e "> Update predefined port for metrics to $EXCAL_NEW_PORT\n"
+    sed -i "/$EXCAL_MATCH1/,/});/s|port:.*,|port: $EXCAL_NEW_PORT,|" "$EXCAL_PORT_FILE"
+else
+    echo -e "> Define new port from default to $EXCAL_NEW_PORT\n"
+    sed -i  "/$EXCAL_MATCH1/a \ \ \ \ port: $EXCAL_NEW_PORT," "$EXCAL_PORT_FILE"
+fi
+
+printf "Installing npm backend.\n"
+sudo -u excalidraw npm install
+sudo -u excalidraw npm run build
+
+#--------------------------------------------------
+print_title "Setup system & jitsi config files."
+#--------------------------------------------------
+# Enable websocket on nginx
+sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
+sed -i "/$WS_MATCH1/i \ \ \ \ location = /socket.io/ {" "$WS_CONF"
+sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ proxy_pass http://127.0.0.1:3002/socket.io/?\$args;" "$WS_CONF"
+sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
+sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
+sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Connection \"upgrade\";" "$WS_CONF"
+sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ proxy_set_header Host \$http_host;" "$WS_CONF"
+sed -i "/$WS_MATCH1/i \ \ \ \ \ \ \ \ tcp_nodelay on;" "$WS_CONF"
+sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
+sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
+
+if grep -rq room_metadata /etc/prosody/conf.d/ ;then
+    echo "> Prosody seems to be already configured."
+else
+    echo "> Setting up prosody for whiteboard..."
+    # Modules enabled
+    sed -i "/$PROS_MATCH1/a \ \ \ \ \ \ \ \ \"room_metadata\";" "$PROSODY_FILE"
+    # Define internal component
+    sed -i "/$PROS_MATCH2/a \ \ \ \ room_metadata_component = \"metadata.$DOMAIN\"" "$PROSODY_FILE"
+    # Register component
+    sed -i "/$PROS_MATCH3/i \\\n" "$PROSODY_FILE"
+    sed -i "/$PROS_MATCH3/i Component \"metadata.$DOMAIN\" \"room_metadata_component\"" "$PROSODY_FILE"
+    sed -i "/$PROS_MATCH3/i \ \ \ \ muc_component = \"conference.$DOMAIN\"" "$PROSODY_FILE"
+    sed -i "/$PROS_MATCH3/i \ \ \ \ breakout_rooms_component = \"breakout.$DOMAIN\"" "$PROSODY_FILE"
+    sed -i "/$PROS_MATCH3/i \\\n" "$PROSODY_FILE"
+fi
+
+printf "\n# Checking for whitebord setup at %s.\n" "$(basename "$MEET_CONF")"
+if [ -z "$(sed -n '/whiteboard: {/,/},/p' "$MEET_CONF")" ]; then
+    echo "> No present configuration on current config.js file"
+    sed -i "/$CONFIG_MATCH1/i \\\n" "$MEET_CONF"
+    sed -i "/$CONFIG_MATCH1/i \ \ \ \ whiteboard: {" "$MEET_CONF"
+    sed -i "/$CONFIG_MATCH1/i \ \ \ \ \ \ \ \ enabled: true," "$MEET_CONF"
+    sed -i "/$CONFIG_MATCH1/i \ \ \ \ \ \ \ \ collabServerBaseUrl: 'https://$DOMAIN'" "$MEET_CONF"
+    sed -i "/$CONFIG_MATCH1/i \ \ \ \ }," "$MEET_CONF"
+    sed -i "/$CONFIG_MATCH1/i \\\n" "$MEET_CONF"
+else
+    echo "> Enabling configuration on current config.js file"
+    sed -i "/whiteboard: {/,/},/s|// ||" "$MEET_CONF"
+    sed -i "/collabServerBaseUrl:/s|'https://.*'|'https://$DOMAIN'|" "$MEET_CONF"
+fi
+
+if  sed -n '/toolbarButtons: \[/,/\],/p' "$MEET_CONF" | \
+    grep -v '//'| grep -q whiteboard ; then
+    echo "> Whiteboard toolbar already enabled."
+elif sed -n '/toolbarButtons: \[/,/\],/p' "$MEET_CONF" | \
+     grep -v '//'|grep -q toolbarButtons: ; then 
+    echo "> Enabling whiteboard toolbar."
+    sed -i "/toolbarButtons:/a \ \ \ \ \ \ \ 'whiteboard'," "$MEET_CONF"
+else
+    echo "> ToolbarButtons not customized, whiteboard should be enabled by default,"
+    echo "  otherwise, please report to: https://forge.switnet.net/switnet/quick-jibri-installer/issues"
+fi
+
+printf "\n# Add systemd service\n"
+cat << EOF > /etc/systemd/system/excalidraw.service
+[Unit]
+Description=Excalidraw backend
+After=network-online.target
+
+[Service]
+User=excalidraw
+Group=excalidraw
+WorkingDirectory=$EXCALIDRAW_HOME/backend
+ExecStart=npm start
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl enable excalidraw.service
+systemctl start excalidraw.service
+
+printwc "${Green}" "\nExcalidraw setup complete!\n"
+restart_services

files/jibri.conf

@@ -0,0 +1,109 @@
+// XMPP environment config.
+jibri {
+    streaming {
+        // A list of regex patterns for allowed RTMP URLs.  The RTMP URL used
+        // when starting a stream must match at least one of the patterns in
+        // this list.
+        rtmp-allow-list = [
+          // By default, all services are allowed
+          ".*"
+        ]
+    }
+    ffmpeg {
+        resolution = JIBRI_RES_CONF
+    }
+    chrome {
+        // The flags which will be passed to chromium when launching
+        flags = [
+          "--use-fake-ui-for-media-stream",
+          "--start-maximized",
+          "--kiosk",
+          "--enabled",
+          "--disable-infobars",
+          "--autoplay-policy=no-user-gesture-required",
+          "--ignore-certificate-errors",
+          "--disable-dev-shm-usage"
+        ]
+    }
+    stats {
+        enable-stats-d = true
+    }
+    call-status-checks {
+        // If all clients have their audio and video muted and if Jibri does not
+        // detect any data stream (audio or video) comming in, it will stop
+        // recording after NO_MEDIA_TIMEOUT expires.
+        no-media-timeout = 30 seconds
+
+        // If all clients have their audio and video muted, Jibri consideres this
+        // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
+        all-muted-timeout = 10 minutes
+
+        // When detecting if a call is empty, Jibri takes into consideration for how
+        // long the call has been empty already. If it has been empty for more than
+        // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
+        default-call-empty-timeout = 30 seconds
+    }
+    recording {
+         recordings-directory = "DIR_RECORD"
+         finalize-script = "REC_DIR"
+    }
+    api {
+        xmpp {
+            environments = [
+                {
+                // A user-friendly name for this environment
+                name = "JB_NAME"
+
+                // A list of XMPP server hosts to which we'll connect
+                xmpp-server-hosts = [ "DOMAIN" ]
+
+                // The base XMPP domain
+                xmpp-domain = "DOMAIN"
+
+                // The MUC we'll join to announce our presence for
+                // recording and streaming services
+                control-muc {
+                    domain = "internal.auth.DOMAIN"
+                    room-name = "JibriBrewery"
+                    nickname = "Live"
+                }
+
+                // The login information for the control MUC
+                control-login {
+                    domain = "auth.DOMAIN"
+                    username = "jibri"
+                    password = "JB_AUTH_PASS"
+                }
+
+                // An (optional) MUC configuration where we'll
+                // join to announce SIP gateway services
+            //    sip-control-muc {
+            //        domain = "domain"
+            //        room-name = "room-name"
+            //        nickname = "nickname"
+            //    }
+
+                // The login information the selenium web client will use
+                call-login {
+                    domain = "recorder.DOMAIN"
+                    username = "recorder"
+                    password = "JB_REC_PASS"
+                }
+
+                // The value we'll strip from the room JID domain to derive
+                // the call URL
+                strip-from-room-domain = "conference."
+
+                // How long Jibri sessions will be allowed to last before
+                // they are stopped.  A value of 0 allows them to go on
+                // indefinitely
+                usage-timeout = 0 hour
+
+                // Whether or not we'll automatically trust any cert on
+                // this XMPP domain
+                trust-all-xmpp-certs = true
+                }
+            ]
+        }
+    }
+}

files/nextcloud.conf

@@ -0,0 +1,177 @@
+# Nextcloud 28 nginx - configuration
+upstream php-handler {
+    #server 127.0.0.1:9000;
+    server unix:/run/php/php_PHPVER-fpm.sock;
+}
+
+# Set the `immutable` cache control options only for assets with a cache busting `v` argument
+map $arg_v $asset_immutable {
+    "" "";
+    default "immutable";
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name _NC_DOMAIN;
+    # enforce https
+    return 301 https://\$server_name\$request_uri;
+}
+
+server {
+    listen _NC_NGINX_SSL_PORT ssl http2;
+    listen [::]:_NC_NGINX_SSL_PORT ssl http2;
+    server_name _NC_DOMAIN;
+
+    # Path to the root of your installation
+    root _NC_PATH/;
+
+    ssl_certificate /etc/letsencrypt/live/_NC_DOMAIN/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/_NC_DOMAIN/privkey.pem;
+
+    # Prevent nginx HTTP Server Detection
+    server_tokens off;
+
+    # HSTS settings
+    # WARNING: Only add the preload option once you read about
+    # the consequences in https://hstspreload.org/. This option
+    # will add the domain to a hardcoded list that is shipped
+    # in all major browsers and getting removed from this list
+    # could take several months.
+    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
+
+    # set max upload size and increase upload timeout:
+    client_max_body_size 512M;
+    client_body_timeout 300s;
+    fastcgi_buffers 64 4K;
+
+    # Enable gzip but do not remove ETag headers
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 4;
+    gzip_min_length 256;
+    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+    gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+    # Pagespeed is not supported by Nextcloud, so if your server is built
+    # with the `ngx_pagespeed` module, uncomment this line to disable it.
+    #pagespeed off;
+
+    # The settings allows you to optimize the HTTP2 bandwidth.
+    # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
+    # for tuning hints
+    client_body_buffer_size 512k;
+
+    # HTTP response headers borrowed from Nextcloud `.htaccess`
+    add_header Referrer-Policy                   "no-referrer"       always;
+    add_header X-Content-Type-Options            "nosniff"           always;
+    add_header X-Frame-Options                   "SAMEORIGIN"        always;
+    add_header X-Permitted-Cross-Domain-Policies "none"              always;
+    add_header X-Robots-Tag                      "noindex, nofollow" always;
+    add_header X-XSS-Protection                  "1; mode=block"     always;
+
+    # Remove X-Powered-By, which is an information leak
+    fastcgi_hide_header X-Powered-By;
+
+    # Specify how to handle directories -- specifying `/index.php$request_uri`
+    # here as the fallback means that Nginx always exhibits the desired behaviour
+    # when a client requests a path that corresponds to a directory that exists
+    # on the server. In particular, if that directory contains an index.php file,
+    # that file is correctly served; if it doesn't, then the request is passed to
+    # the front-end controller. This consistent behaviour means that we don't need
+    # to specify custom rules for certain paths (e.g. images and other assets,
+    # `/updater`, `/ocs-provider`), and thus
+    # `try_files $uri $uri/ /index.php$request_uri`
+    # always provides the desired behaviour.
+    index index.php index.html /index.php$request_uri;
+
+    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+    location = / {
+        if ( $http_user_agent ~ ^DavClnt ) {
+            return 302 /remote.php/webdav/$is_args$args;
+        }
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Make a regex exception for `/.well-known` so that clients can still
+    # access it despite the existence of the regex rule
+    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+    # for `/.well-known`.
+    location ^~ /.well-known {
+        # The rules in this block are an adaptation of the rules
+        # in `.htaccess` that concern `/.well-known`.
+
+        location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+
+        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+
+        # Let Nextcloud's API for `/.well-known` URIs handle all other
+        # requests by passing them to the front-end controller.
+        return 301 /index.php$request_uri;
+    }
+
+    # Rules borrowed from `.htaccess` to hide certain paths from clients
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+
+    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+    # which handle static assets (as seen below). If this block is not declared first,
+    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+    # to the URI, resulting in a HTTP 500 error response.
+    location ~ \.php(?:$|/) {
+        # Required for legacy support
+        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        set $path_info $fastcgi_path_info;
+
+        try_files $fastcgi_script_name =404;
+
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $path_info;
+        fastcgi_param HTTPS on;
+
+        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
+        fastcgi_param front_controller_active true;     # Enable pretty urls
+        fastcgi_pass php-handler;
+
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+
+        fastcgi_max_temp_file_size 0;
+    }
+
+    # Serve static files
+    location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+        access_log off;     # Optional: Don't log access to assets
+
+        location ~ \.wasm$ {
+            default_type application/wasm;
+        }
+    }
+
+    location ~ \.woff2?$ {
+        try_files $uri /index.php$request_uri;
+        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
+        access_log off;     # Optional: Don't log access to assets
+    }
+
+    # Rule borrowed from `.htaccess`
+    location /remote {
+        return 301 /remote.php$request_uri;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php$request_uri;
+    }
+}

grafana.sh

@@ -7,8 +7,8 @@
 # - https://grafana.com/grafana/dashboards/11969
 # by "mephisto"
 #
-# Igor Kerstges © - 2020
-# SwITNet Ltd © - 2020, https://switnet.net/
+# Igor Kerstges © - 2021
+# SwITNet Ltd © - 2024, https://switnet.net/
 #
 # GPLv3 or later.
 
@@ -17,7 +17,7 @@ do
 	case "${option}"
 	in
 		m) MODE=${OPTARG};;
-		\?) echo "Usage: sudo ./grafana.sh [-m debug]" && exit;;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
 	esac
 done
 
@@ -26,7 +26,7 @@ if [ "$MODE" = "debug" ]; then
 set -x
 fi
 
-if ! [ $(id -u) = 0 ]; then
+if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
    exit 0
 fi
@@ -39,42 +39,63 @@ echo '
                     by Software, IT & Networks Ltd
 '
 run_service() {
-systemctl enable $1
-systemctl restart $1
-systemctl status $1
+systemctl enable "$1"
+systemctl restart "$1"
+systemctl status "$1"
+}
+test_match() {
+    if grep -q "$1" "$2" ; then
+        echo "$(basename "$2") - OK..."
+    else
+        echo "$(basename "$2"), FAIL..."
+        echo "Please report this to https://forge.switnet.net/switnet/quick-jibri-installer"
+        exit
+    fi
 }
 MAIN_TEL="/etc/telegraf/telegraf.conf"
 TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf"
 GRAFANA_INI="/etc/grafana/grafana.ini"
-DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
-WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf"
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
+WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
+WS_MATCH1="# ensure all static content can always be found first"
+WS_MATCH2="upstream prosody {"
 GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
 
 # Min requirements
-apt update && apt install -y gnupg2 curl wget jq
+apt-get update && \
+apt-get install -y gnupg2 \
+                   curl \
+                   wget \
+                   jq
+
+# Make sure we can rely on the match strings.
+printf "> Testing match strings on config files.\n"
+test_match "$WS_MATCH1" "$WS_CONF"
 
 echo "
 # Setup InfluxDB Packages
 "
-wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add -
-echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
-apt update && apt install influxdb -y
+curl -s https://repos.influxdata.com/influxdata-archive.key > \
+    /etc/apt/trusted.gpg.d/influxdata-archive.key
+echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | \
+    sudo tee /etc/apt/sources.list.d/influxdb.list
+apt-get update && apt-get install influxdb -y
 run_service influxdb
 
 echo "
 #  Setup Grafana Packages
 "
-curl -s https://packages.grafana.com/gpg.key | sudo apt-key add -
-add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
-apt update && apt install grafana -y
+curl -s https://apt.grafana.com/gpg-full.key | \
+gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg  >/dev/null
+echo "deb https://packages.grafana.com/oss/deb stable main" | \
+    sudo tee /etc/apt/sources.list.d/grafana_com_oss_deb.list
+apt-get update && apt-get install grafana -y
 run_service grafana-server
 
 echo "
 # Setup Telegraf Packages
 "
-wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add -
-echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
-apt update && apt install telegraf -y
+apt-get update && apt-get install telegraf -y
 mv /etc/telegraf/telegraf.conf /etc/telegraf/telegraf.conf.original
 
 echo "
@@ -130,18 +151,18 @@ JITSI_TELEGRAF
 
 run_service telegraf
 
-echo "
-# Setup videobridge  options
-"
-sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobridge/config
+echo -e "\n# Setup videobridge  options\n"
+echo '
+# extra options to pass to the JVB daemon
+JVB_OPTS="--apis=rest,xmpp"' >>  /etc/jitsi/videobridge/config
 sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties
+# Enable videobridge REST API
+hocon -f /etc/jitsi/videobridge/jvb.conf set videobridge.apis.rest.enabled true
 systemctl restart jitsi-videobridge2
 
-echo "
-# Setup Grafana nginx domain
-"
+echo -e "\n# Setup Grafana nginx domain\n"
 sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI
-sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI
+sed -i "s|;http_addr =.*|http_addr = 127.0.0.1|" $GRAFANA_INI
 sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI
 sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI
 sed -i "s|;enforce_domain =.*|enforce_domain = false|" $GRAFANA_INI
@@ -158,15 +179,35 @@ while [ $secs -gt 0 ]; do
    : $((secs--))
 done
 
-if [ -f $WS_CONF ]; then
-	sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF
-	sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" $WS_CONF
-	sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF
-	sed -i "/Anything that didn't match above/i \\\n" $WS_CONF
-	systemctl restart nginx
+if [ -f "$WS_CONF" ]; then
+    sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana." "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ location ~ ^/(grafana/|grafana/login) {" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ # Proxy Grafana Live WebSocket connections." "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ location /grafana/api/live/ {" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_http_version 1.1;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Upgrade \$http_upgrade;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Connection \$connection_upgrade;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_set_header Host \$host;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ \ \ proxy_pass http://grafana;" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \ \ \ \ }" "$WS_CONF"
+
+    sed -i "/$WS_MATCH2/i # This is required to proxy Grafana Live WebSocket connections." "$WS_CONF"
+    sed -i "/$WS_MATCH2/i map \$http_upgrade \$connection_upgrade {" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i \ \ default upgrade;" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i \ \ '' close;" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i }" "$WS_CONF"
+    sed -i "/$WS_MATCH1/i \\\n" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i upstream grafana {" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i \ \ server localhost:3000;" "$WS_CONF"
+    sed -i "/$WS_MATCH2/i }" "$WS_CONF"
+    systemctl restart nginx
 else
-	echo "No app configuration done to server file, please report to:
-    -> https://github.com/switnet-ltd/quick-jibri-installer/issues"
+    echo "No app configuration done to server file, please report to:
+    -> https://forge.switnet.net/switnet/quick-jibri-installer/issues"
 fi
 
 echo "
@@ -178,7 +219,7 @@ PUT -H "Content-Type: application/json;charset=UTF-8" -d \
   \"oldPassword\": \"admin\",
   \"newPassword\": \"$GRAFANA_PASS\",
   \"confirmNew\": \"$GRAFANA_PASS\"
-}" http://localhost:3000/api/user/password; echo ""
+}" http://127.0.0.1:3000/api/user/password; echo ""
 
 echo "
 # Create InfluxDB datasource
@@ -186,24 +227,24 @@ echo "
 curl -s -k -u "admin:$GRAFANA_PASS" -X \
 POST -H 'Content-Type: application/json;charset=UTF-8' -d \
 '{
-	"name": "InfluxDB",
-	"type": "influxdb",
-	"url": "http://localhost:8086",
-	"access": "proxy",
-	"isDefault": true,
-	"database": "jitsi"
-}' http://localhost:3000/api/datasources; echo ""
+    "name": "InfluxDB",
+    "type": "influxdb",
+    "url": "http://127.0.0.1:8086",
+    "access": "proxy",
+    "isDefault": true,
+    "database": "jitsi"
+}' http://127.0.0.1:3000/api/datasources; echo ""
 
 echo "
 # Add Grafana Dashboard
 "
-grafana_host="http://localhost:3000"
+grafana_host="http://127.0.0.1:3000"
 grafana_cred="admin:$GRAFANA_PASS"
 grafana_datasource="InfluxDB"
 ds=(11969);
 for d in "${ds[@]}"; do
-  echo -n "Processing $d: "
-  j=$(curl -s -k -u "$grafana_cred" $grafana_host/api/gnet/dashboards/$d | jq .json)
+  echo "Processing $d: "
+  j="$(curl -s -k -u "$grafana_cred" "$grafana_host"/api/gnet/dashboards/"$d" | jq .json)"
   curl -s -k -u "$grafana_cred" -XPOST -H "Accept: application/json" \
     -H "Content-Type: application/json" \
     -d "{

images/watermark2.svg

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" width="1" height="1"/>

jigasi-vosk-backend.sh

@@ -0,0 +1,128 @@
+#!/bin/bash
+# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+#Check if user is root
+if ! [ "$(id -u)" = 0 ]; then
+   echo "You need to be root or have sudo privileges!"
+   exit 0
+fi
+exit_if_not_installed() {
+if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then
+    echo " This instance doesn't have $1 installed, exiting..."
+    echo " If you think this is an error, please report to:
+    -> https://forge.switnet.net/switnet/quick-jibri-installer/issues "
+    exit
+fi
+}
+
+clear
+echo ''
+echo '########################################################################'
+echo '                       Jigasi Transcript addon'
+echo '########################################################################'
+echo '                    by Software, IT & Networks Ltd'
+echo ''
+
+exit_if_not_installed jitsi-meet
+
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
+JIG_TRANSC_PASWD="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 16 | head -n1)"
+JIG_SIP_PROP="/etc/jitsi/jigasi/sip-communicator.properties"
+export DOMAIN
+export JIG_TRANSC_PASWD
+
+apt-get -q2 update
+
+# Disable SIP account prompt by default
+echo "jigasi	jigasi/sip-account	string	''" | debconf-set-selections
+echo "jigasi	jigasi/sip-password	password	''" | debconf-set-selections
+
+echo "Installing Jigasi, SIP configuration disabled by default."
+apt-get -y install gettext-base jigasi docker.io
+
+echo "Please select a language for the VOSK transcription model:"
+echo "1) Chinese"
+echo "2) English"
+echo "3) French"
+echo "4) German"
+echo "5) Hindi"
+echo "6) Japanese"
+echo "7) Russian"
+echo "8) Spanish"
+
+read -p "Enter the number corresponding to your language choice: " -r lang_choice
+
+case $lang_choice in
+    1)
+        echo "You selected Chinese."
+        VOSK_DOCKER_MODEL="alphacep/kaldi-cn"
+        ;;
+    2)
+        echo "You selected English."
+        VOSK_DOCKER_MODEL="alphacep/kaldi-en"
+        ;;
+    3)
+        echo "You selected French."
+        VOSK_DOCKER_MODEL="alphacep/kaldi-fr"
+        ;;
+    4)
+        echo "You selected German."
+        VOSK_DOCKER_MODEL="alphacep/kaldi-de"
+        ;;
+    5)
+        echo "You selected Hindi."
+        VOSK_DOCKER_MODEL="alphacep/kaldi-hi"
+        ;;
+    6)
+        echo "You selected Japanese."
+        VOSK_DOCKER_MODEL="alphacep/kaldi-ja"
+        ;;
+    7)
+        echo "You selected Russian."
+        VOSK_DOCKER_MODEL="alphacep/kaldi-ru"
+        ;;
+    8)
+        echo "You selected Spanish."
+        VOSK_DOCKER_MODEL="alphacep/kaldi-es"
+        ;;
+    *)
+        echo "Invalid selection. Please choose a number between 1 and 8."
+        ;;
+esac
+
+# Running selected VOSK docker model.
+docker run -d --restart always -p 2700:2700 ${VOSK_DOCKER_MODEL}:latest
+
+echo "Setting up Jigasi transcript with current platform..."
+
+# Jitsi Meet
+echo "> Patching Jitsi Meet's config.js for Transcription support."
+echo "  Read more at patches/jigasi/001-jigasi-meet-config.patch file"
+envsubst < patches/jigasi/001-jigasi-meet-config.patch | \
+  patch --no-backup-if-mismatch -d / -p1
+
+# Jigasi
+echo "> Patching jigasi's sip-communicator.properties configuration."
+echo "  Read more at patches/jigasi/002-jigasi-sip-properties.patch file"
+cp "$JIG_SIP_PROP" ${JIG_SIP_PROP}-dpkg-file
+envsubst < patches/jigasi/002-jigasi-sip-properties.patch | \
+  patch --no-backup-if-mismatch -d / -p1
+
+# Create transcribe user on hidden domain.
+prosodyctl register transcriber recorder."$DOMAIN" "$JIG_TRANSC_PASWD"
+
+# Restart services.
+systemctl restart prosody \
+                  jicofo \
+                  jigasi \
+                  jibri* \
+                  jitsi-videobridge2
+
+echo ""
+echo "Full transcript files are available at:"
+echo "--> /var/lib/jigasi/transcripts/"
+echo ""
+echo "Happy transcripting!"
+echo ""

jitsi-updater.sh

@@ -1,127 +1,214 @@
 #!/bin/bash
 # Jitsi Meet recurring upgrader and customization keeper
 # for Debian/*buntu binaries.
-# 2020 - SwITNet Ltd
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GNU GPLv3 or later.
 
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
 Blue='\e[0;34m'
 Purple='\e[0;35m'
+Red='\e[0;31m'
 Green='\e[0;32m'
 Yellow='\e[0;33m'
 Color_Off='\e[0m'
+printwc() {
+    printf "%b$2%b" "$1" "${Color_Off}"
+}
 #Check if user is root
-if ! [ $(id -u) = 0 ]; then
+if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
    exit 0
 fi
 if [ ! -f jm-bm.sh ]; then
-        echo "Please check that you are running the jitsi updater while being on the project folder"
-        echo "other wise the updater might have errors or be incomplete. Exiting..."
-        exit
+    echo "Please check that you are running the jitsi updater while being on the project folder"
+    echo "other wise the updater might have errors or be incomplete. Exiting..."
+    exit
 fi
 support="https://switnet.net/support"
 apt_repo="/etc/apt/sources.list.d"
-LOC_REC="TBD"
 ENABLE_BLESSM="TBD"
-CHD_LST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)"
+G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3)
+CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing"
+CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \
+                jq -r ".versions[].downloads.chromedriver | select(. != null) | .[].url" | \
+                grep linux64 | grep "$G_CHROME" | tail -1)
+CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL")
+CHD_LTST_2D="$(cut -d "." -f 1,2 <<<  "$CHD_LTST")"
 CHDB="$(whereis chromedriver | awk '{print$2}')"
-DOMAIN="$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')"
+if [ -d /etc/prosody/conf.d/ ]; then
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua | \
+          awk -F'.cfg' '!/localhost/{print $1}' | xargs basename)"
+else
+    echo -e "Seems no prosody is installed...\n  > is this a jibri node?"
+fi
 NC_DOMAIN="TBD"
 JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
-if [ -f $JITSI_MEET_PROXY ];then
-PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1)
+if [ -f "$JITSI_MEET_PROXY" ];then
+PREAD_PROXY="$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1)"
 fi
 INT_CONF="/usr/share/jitsi-meet/interface_config.js"
 INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js"
-jibri_packages="$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages |sort -u|awk '{print $2}'|sed 's|jigasi||'|paste -s -d ' ')"
+read -r -a jibri_packages < <(grep ^Package /var/lib/apt/lists/download.jitsi.org_*_Packages | \
+                              sort -u | awk '{print $2}' | sed '/jigasi/d' | \
+                              xargs)
 AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)"
-if [ -f $apt_repo/google-chrome.list ]; then
-    google_package=$(grep Package /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages | sort -u | cut -d ' ' -f2 | paste -s -d ' ')
+if [ -f "$apt_repo"/google-chrome.list ]; then
+read -r -a google_package < <(grep ^Package /var/lib/apt/lists/dl.google.com_*_Packages | \
+                              sort -u | awk '{print $2}' | xargs)
 else
     echo "Seems no Google repo installed"
 fi
-if [ -z $CHDB ]; then
-	echo "Seems no chromedriver installed"
+if [ -f "$apt_repo"/nodesource.list ]; then
+read -r -a nodejs_package < <(grep ^Package /var/lib/apt/lists/deb.nodesource.com_node*_Packages | \
+                              sort -u | awk '{print $2}' | xargs)
 else
-    CHD_AVB=$(chromedriver -v | awk '{print $2}')
+    echo "Seems no nodejs repo installed"
 fi
-
+# True if $1 is greater than $2
 version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
 
-check_jibri() {
+restart_jibri() {
 if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
 then
-	systemctl restart jibri
-	systemctl restart jibri-icewm
-	systemctl restart jibri-xorg
+    systemctl restart jibri
+    systemctl restart jibri-icewm
+    systemctl restart jibri-xorg
 else
-	echo "Jibri service not installed"
+    echo "Jibri service not installed"
 fi
 }
 
 # Restarting services
 restart_services() {
-	systemctl restart jitsi-videobridge2
-	systemctl restart jicofo
-	check_jibri
-	systemctl restart prosody
-}
-
-upgrade_cd() {
-if version_gt $CHD_LST $CHD_AVB
-then
-	echo "Upgrading ..."
-	wget https://chromedriver.storage.googleapis.com/$CHD_LST/chromedriver_linux64.zip
-	unzip chromedriver_linux64.zip
-	sudo cp chromedriver $CHDB
-	rm -rf chromedriver chromedriver_linux64.zip
-	chromedriver -v
-else
-	echo "No need to upgrade Chromedriver"
-	printf "Current version: ${Green} $CHD_AVB ${Color_Off}\n"
-fi
+    systemctl restart jitsi-videobridge2
+    systemctl restart jicofo
+    restart_jibri
+    systemctl restart prosody
 }
 
 update_jitsi_repo() {
     apt-get update -o Dir::Etc::sourcelist="sources.list.d/jitsi-$1.list" \
         -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"
-    apt-get install -qq --only-upgrade $jibri_packages
+    apt-get install -q2 --only-upgrade <<< printf "${jibri_packages[@]}"
 }
 
 update_google_repo() {
-	if [ -f $apt_repo/google-chrome.list ]; then
+    if [ -f "$apt_repo"/google-chrome.list ]; then
     apt-get update -o Dir::Etc::sourcelist="sources.list.d/google-chrome.list" \
         -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"
-    apt-get install -qq --only-upgrade $google_package
+    apt-get install -q2 --only-upgrade <<< printf "${google_package[@]}"
     else
-		echo "No Google repository found"
+        echo "No Google repository found"
+    fi
+	if [ -z "$CHDB" ]; then
+		echo "Seems no chromedriver installed"
+	else
+		CHD_VER_LOCAL="$($CHDB -v | awk '{print $2}')"
+		CHD_VER_2D="$(awk '{printf "%.1f\n", $NF}' <<< "$CHD_VER_LOCAL")"
 	fi
 }
+update_nodejs_repo() {
+    apt-get update -o Dir::Etc::sourcelist="sources.list.d/nodesource.list" \
+        -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"
+    apt-get install -q2 --only-upgrade <<< printf "${nodejs_package[@]}"
+}
+check_latest_gc() {
+printwc "${Purple}" "Checking for Google Chrome\n"
+if [ -f /usr/bin/google-chrome ]; then
+    GOOGL_VER_2D="$(/usr/bin/google-chrome --version|awk '{printf "%.1f\n", $NF}')"
+else
+    printwc "${Yellow}" " -> Seems there is no Google Chrome installed\n"
+    IS_GLG_CHRM="no"
+fi
+}
+check_latest_gc
+upgrade_cd() {
+if [ -n "$GOOGL_VER_2D" ]; then
+    check_latest_gc
+    if version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" ; then
+        echo "Upgrading Chromedriver to Google Chromes version"
+        wget -q "$CHD_LTST_DWNL" \
+             -O /tmp/chromedriver_linux64.zip
+        unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/
+        mv /usr/local/bin/chromedriver-linux64/chromedriver "$CHDB"
+        chown root:root "$CHDB"
+        chmod 0755 "$CHDB"
+        rm -rf /tpm/chromedriver_linux64.zip
+        printf "Current version: "
+        printwc "$Green" "$($CHDB -v |awk '{print $2}'|awk '{printf "%.1f\n", $NF}')"
+        echo -e " (latest available)\n"
+    elif [ "$GOOGL_VER_2D" = "$CHD_LTST_2D" ]; then
+        echo "No need to upgrade Chromedriver"
+        printf "Current version: "
+        printwc "$Green" "$CHD_VER_2D\n"
+    fi
+else
+  printwc "${Yellow}" " -> No Google Chrome versión to match, leaving untouched.\n"
+fi
+}
 
 check_lst_cd() {
-printf "${Purple}Checking for the latest Chromedriver${Color_Off}\n"
-if [ -f $CHDB ]; then
-        printf "Current installed Chromedriver: ${Yellow} $CHD_AVB ${Color_Off}\n"
-        printf "Latest Chromedriver version available: ${Green} $CHD_LST ${Color_Off}\n"
-        upgrade_cd
+printwc "${Purple}" "Checking for the latest Chromedriver\n"
+if [ -f "$CHDB" ]; then
+    printf "Current installed Chromedriver: "
+    printwc "${Yellow}" "$CHD_VER_2D\n"
+    printf "Current installed Google Chrome: "
+    printwc "${Green}" "$GOOGL_VER_2D\n"
+    upgrade_cd
 else
-	printf "${Yellow} -> Seems there is no Chromedriver installed${Color_Off}\n"
+    printwc "${Yellow}" " -> Seems there is no Chromedriver installed\n"
+    IS_CHDB="no"
 fi
 }
 
-printf "${Blue}Update & upgrade Jitsi and components - v2.3${Color_Off}\n"
-if [ -f $apt_repo/jitsi-unstable.list ]; then
-	update_jitsi_repo unstable
-	update_google_repo
-	check_lst_cd
-elif [ -f $apt_repo/jitsi-stable.list ]; then
-	update_jitsi_repo stable
-	update_google_repo
-	check_lst_cd
+printwc "${Blue}" "Update & upgrade Jitsi and components\n"
+if [ -f "$apt_repo"/jitsi-unstable.list ]; then
+    update_jitsi_repo unstable
+    update_google_repo
+    check_lst_cd
+elif [ -f "$apt_repo"/jitsi-stable.list ]; then
+    update_jitsi_repo stable
+    update_google_repo
+    check_lst_cd
 else
-	echo "Please check your repositories, something is not right."
-	exit 1
+    echo "Please check your repositories, something is not right."
+    exit 1
 fi
+printwc "${Blue}" "Check for supported nodejs LTS version"
+if version_gt "14" "$(dpkg-query -W -f='${Version}' nodejs)"; then
+    curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
+    apt-get install -yq2 nodejs
+else
+    update_nodejs_repo
+fi
+check_if_installed(){
+if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
+    echo "1"
+else
+    echo "0"
+fi
+}
+check_for_jibri_node() {
+if [ "$(check_if_installed jibri)" = 1 ] && \
+   [ "$(check_if_installed jitsi-meet)" = 0 ] && \
+   [ "$(check_if_installed prosody)" = 0 ]; then
+    printwc "${Green}" "\n::: This seems to be a jibri node :::\n"
+JIBRI_NODE="yes"
+fi
+}
 # Any customization, image, name or link change for any purpose should
 # be documented here so new updates won't remove those changes.
 # We divide them on UI changes and branding changes, feel free to adapt
@@ -132,61 +219,77 @@ fi
 ########################################################################
 #                     User interface changes                           #
 ########################################################################
+#Check for jibri node
+check_for_jibri_node
 
+[ "$JIBRI_NODE" != yes ] && \
 if [ -f "$INT_CONF_ETC" ]; then
     echo "Static interface_config.js exists, skipping modification..."
 else
     echo "This setup doesn't have a static interface_config.js, checking changes..."
-	printf "${Purple}========== Setting Static Avatar  ==========${Color_Off}\n"
-	if [[ -z "$AVATAR" ]]; then
-		echo "Moving on..."
-	else
-		echo "Setting Static Avatar"
-		sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'http://$DOMAIN/avatar/\'|" $INT_CONF
-		sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF
-	fi
-
-	printf "${Purple}========== Setting Support Link  ==========${Color_Off}\n"
-	if [[ -z $support ]]; then
-		echo "Moving on..."
-	else
-		echo "Setting Support custom link"
-		sed -i "s|https://jitsi.org/live|$support|g" $INT_CONF
-	fi
-
-	printf "${Purple}========== Disable Localrecording  ==========${Color_Off}\n"
-	if [ "$LOC_REC" != "on" ]; then
-			echo "Removing localrecording..."
-			sed -i "s|'localrecording',||" $INT_CONF
-	fi
-
-	printf "${Purple}========== Disable Blur my background  ==========${Color_Off}\n"
-	sed -i "s|'videobackgroundblur', ||" $INT_CONF
-
+    printwc "${Purple}" "========== Setting Static Avatar  ==========\n"
+    if [ -z "$AVATAR" ]; then
+        echo "Moving on..."
+    else
+        echo "Setting Static Avatar"
+        sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'http://$DOMAIN/avatar/\'|" "$INT_CONF"
+        sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" "$INT_CONF"
+    fi
+    printwc "${Purple}" "========== Setting Support Link  ==========\n"
+    if [ -z "$support" ]; then
+        echo "Moving on..."
+    else
+        echo "Setting Support custom link"
+        sed -i "s|https://jitsi.org/live|$support|g" "$INT_CONF"
+    fi
+    printwc "${Purple}" "========== Disable Blur my background  ==========\n"
+    sed -i "s|'videobackgroundblur', ||" "$INT_CONF"
+fi
+if [ "$(check_if_installed openjdk-8-jre-headless)" = 1 ]; then
+    printwc "${Red}" "\n::: Unsupported OpenJDK JRE version found :::\n"
+    apt-get install -y openjdk-11-jre-headless
+    apt-get purge -y openjdk-8-jre-headless
+    printwc "${Green}" "\n::: Updated to supported OpenJDK JRE version 11 :::\n"
 fi
 
+[ "$JIBRI_NODE" != yes ] && \
 if [  "$NC_DOMAIN" != "TBD" ]; then
-printf "${Purple}========== Enable $NC_DOMAIN for sync client ==========${Color_Off}\n"
-    if [ -z "$PREAD_PROXY" ]; then
-        echo "
-  Setting up Nextcloud domain on Jitsi Meet turn proxy
-"
-        sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" $JITSI_MEET_PROXY
-        sed -i "/server {/i \ \ \ \ \ \ $DOMAIN      web;" $JITSI_MEET_PROXY
-        sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" $JITSI_MEET_PROXY
-        sed -i "/server {/i \ \ }" $JITSI_MEET_PROXY
+printwc "${Purple}" "========== Enable $NC_DOMAIN for sync client ==========\n"
+    if [ -f "$JITSI_MEET_PROXY" ] && [ -z "$PREAD_PROXY" ]; then
+        printf "\n  Setting up Nextcloud domain on Jitsi Meet turn proxy\n\n"
+        sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" "$JITSI_MEET_PROXY"
+        sed -i "/server {/i \ \ \ \ \ \ $DOMAIN    web;" "$JITSI_MEET_PROXY"
+        sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN    web;" "$JITSI_MEET_PROXY"
+        sed -i "/server {/i \ \ }" "$JITSI_MEET_PROXY"
       else
         echo "$NC_DOMAIN seems to be on place, skipping..."
     fi
 fi
 
-restart_services
+# Final check & upgrade call.
+check_lst_cd
 
+if [ "$JIBRI_NODE" = "yes" ]; then
+    restart_jibri
+else
+    restart_services
+fi
 
+if  [ "$JIBRI_NODE" = "yes" ] && \
+    [ "$IS_CHDB" = "no" ] && \
+    [ "$IS_GLG_CHRM" = "no" ];then
+printwc "${Red}" "\nBeware: This jibri node seems to be missing important packages.\n"
+echo " > Googe Chrome"
+echo " > Chromedriver"
+fi
 ########################################################################
 #                         Brandless mode                               #
 ########################################################################
-if [ $ENABLE_BLESSM = on ]; then
-	bash $PWD/jm-bm.sh
+if [ "$ENABLE_BLESSM" = "on" ]; then
+    if [ "$MODE" = "debug" ]; then
+        bash "$PWD"/jm-bm.sh -m debug
+    else
+        bash "$PWD"/jm-bm.sh
+    fi
 fi
-printf "${Blue}Script completed \o/! ${Color_Off}\n"
+printwc "${Blue}" "Script completed \o/!\n"

jm-bm.sh

@@ -1,10 +1,24 @@
 #!/bin/bash
 # Jitsi Meet brandless mode
 # for Debian/*buntu binaries.
-# 2020 - SwITNet Ltd
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GNU GPLv3 or later.
 
-DOMAIN="$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')"
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
 CSS_FILE="/usr/share/jitsi-meet/css/all.css"
 TITLE_FILE="/usr/share/jitsi-meet/title.html"
 INT_CONF="/usr/share/jitsi-meet/interface_config.js"
@@ -13,6 +27,7 @@ BUNDLE_JS="/usr/share/jitsi-meet/libs/app.bundle.min.js"
 #
 JM_IMG_PATH="/usr/share/jitsi-meet/images"
 WTM2_PATH="$JM_IMG_PATH/watermark2.png"
+WTM2_SVG_PATH="$JM_IMG_PATH/watermark2.svg"
 FICON_PATH="$JM_IMG_PATH/favicon2.ico"
 REC_ICON_PATH="$JM_IMG_PATH/gnome_record.png"
 #
@@ -21,59 +36,65 @@ MOVILE_APP_NAME="Jitsi Meet"
 PART_USER="Participant"
 LOCAL_USER="me"
 #
-SEC_ROOM="TBD"
+#SEC_ROOM="TBD"
+copy_if_not_there() {
+	if [ ! -f "$1" ]; then
+        cp images/"$(echo $1|xargs basename)" "$1"
+    else
+        echo "$(echo $1|xargs basename) file exists, skipping copying..."
+    fi
+}
 echo '
 #--------------------------------------------------
 # Applying Brandless mode
 #--------------------------------------------------
 '
+
 #Watermark
-if [ ! -f $WTM2_PATH ]; then
-	cp images/watermark2.png $WTM2_PATH
-else
-	echo "watermark2 file exists, skipping copying..."
-fi
+copy_if_not_there "$WTM2_PATH"
+
+#Watermark svg
+copy_if_not_there "$WTM2_SVG_PATH"
+
 #Favicon
-if [ ! -f $FICON_PATH ]; then
-	cp images/favicon2.ico $FICON_PATH
-else
-	echo "favicon2 file exists, skipping copying..."
-fi
+copy_if_not_there "$FICON_PATH"
+
 #Local recording icon
-if [ ! -f $REC_ICON_PATH ];then
-	cp images/gnome_record.png $REC_ICON_PATH
-else
-        echo "recodring icon exists, skipping copying..."
-fi
+copy_if_not_there "$REC_ICON_PATH"
 
 #Custom / Remove icons
-sed -i "s|watermark.png|watermark2.png|g" $CSS_FILE
-sed -i "s|favicon.ico|favicon2.ico|g" $TITLE_FILE
-sed -i "s|jitsilogo.png|watermark2.png|g" $TITLE_FILE
-sed -i "s|logo-deep-linking.png|watermark2.png|g" $BUNDLE_JS
-sed -i "s|jitsiLogo_square.png|gnome_record.png|g" $BUNDLE_JS
+sed -i "s|watermark.png|watermark2.png|g" "$CSS_FILE"
+sed -i "s|favicon.ico|favicon2.ico|g" "$TITLE_FILE"
+sed -i "s|jitsilogo.png|watermark2.png|g" "$TITLE_FILE"
+sed -i "s|logo-deep-linking.png|watermark2.png|g" "$BUNDLE_JS"
+sed -i "s|icon-cloud.png|gnome_record.png|g" "$BUNDLE_JS"
 #Disable logo and url
-if [ -z $(grep -nr ".leftwatermark{display:none" $CSS_FILE) ]; then
-sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" $CSS_FILE
+if ! grep -q ".leftwatermark{display:none" "$CSS_FILE" ; then
+    sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" "$CSS_FILE"
 fi
+#Replace App logo
+sed -i "s|// defaultLogoUrl: .*|    defaultLogoUrl: 'images/watermark2.svg',|" "$MEET_CONF"
+#Overwrite favicon svg
+cp images/watermark2.svg $JM_IMG_PATH/favicon.svg
 
 #Customize room title
-sed -i "s|Jitsi Meet|$APP_NAME|g" $TITLE_FILE
-sed -i "s| powered by the Jitsi Videobridge||g" $TITLE_FILE
-sed -i "/appNotInstalled/ s|{{app}}|$MOVILE_APP_NAME|" /usr/share/jitsi-meet/lang/*
+sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE"
+sed -i "s| powered by the Jitsi Videobridge||g" "$TITLE_FILE"
+sed -i "/appNotInstalled/ s|{{app}}|$MOVILE_APP_NAME|g" /usr/share/jitsi-meet/lang/*
 
 #Custom UI changes
 if [ -f "$INT_CONF_ETC" ]; then
     echo "Static interface_config.js exists, skipping modification..."
 else
     echo "This setup doesn't have a static interface_config.js, checking changes..."
-	echo -e "\nPlease note that brandless mode will also overwrite support links.\n"
-	sed -i "21,32 s|Jitsi Meet|$APP_NAME|g" $INT_CONF
-	sed -i  "s|\([[:space:]]\)APP_NAME:.*| APP_NAME: \'$APP_NAME\',|" $INT_CONF
-	sed -i "s|Fellow Jitster|$PART_USER|g" $INT_CONF
-	sed -i "s|'me'|'$LOCAL_USER'|" $INT_CONF
-	sed -i "s|LIVE_STREAMING_HELP_LINK: .*|LIVE_STREAMING_HELP_LINK: '#',|g" $INT_CONF
-	sed -i "s|SUPPORT_URL: .*|SUPPORT_URL: '#',|g" $INT_CONF
-	#Logo 2
-	sed -i "s|watermark.png|watermark2.png|g" $INT_CONF
+    echo -e "\nPlease note that brandless mode will also overwrite support links.\n"
+    sed -i "21,32 s|Jitsi Meet|$APP_NAME|g" "$INT_CONF"
+    sed -i  "s|\([[:space:]]\)APP_NAME:.*| APP_NAME: \'$APP_NAME\',|" "$INT_CONF"
+    sed -i "s|Fellow Jitster|$PART_USER|g" "$INT_CONF"
+    sed -i "s|'me'|'$LOCAL_USER'|" "$INT_CONF"
+    sed -i "s|LIVE_STREAMING_HELP_LINK: .*|LIVE_STREAMING_HELP_LINK: '#',|g" "$INT_CONF"
+    sed -i "s|SUPPORT_URL: .*|SUPPORT_URL: '#',|g" "$INT_CONF"
+    #Logo 2
+    sed -i "s|watermark.png|watermark2.png|g" "$INT_CONF"
+    sed -i "s|watermark.svg|watermark2.png|g" "$INT_CONF"
 fi

jra_nextcloud.sh

@@ -1,31 +1,32 @@
 #!/bin/bash
 # JRA (Jibri Recordings Access) via Nextcloud
-# SwITNet Ltd © - 2020, https://switnet.net/
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GPLv3 or later.
+
 while getopts m: option
 do
 	case "${option}"
 	in
 		m) MODE=${OPTARG};;
-		\?) echo "Usage: sudo ./jra_nextcloud.sh [-m debug]" && exit;;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
 	esac
 done
 
 #DEBUG
 if [ "$MODE" = "debug" ]; then
-set -x
+    set -x
 fi
 
-if ! [ $(id -u) = 0 ]; then
+if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
    exit 0
 fi
 exit_if_not_installed() {
-if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" != "1" ]; then
-	echo " This instance doesn't have $1 installed, exiting..."
-	echo " If you think this is an error, please report to:
-    -> https://github.com/switnet-ltd/quick-jibri-installer/issues "
-	exit
+if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" != "1" ]; then
+    echo " This instance doesn't have $1 installed, exiting..."
+    echo " If you think this is an error, please report to:
+    -> https://forge.switnet.net/switnet/quick-jibri-installer/issues "
+    exit
 fi
 }
 clear
@@ -36,16 +37,16 @@ echo -e '\n
                     by Software, IT & Networks Ltd
 \n'
 exit_if_not_installed jitsi-meet
+## APT checks
+apt-get update -q2
+# Manually add prerequisites.
+apt-get install -y curl letsencrypt nginx
 
-DISTRO_RELEASE="$(lsb_release -sc)"
-DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
-PHP_REPO=$(apt-cache policy | grep http | grep php | head -n 1 | awk '{print $2}' | cut -d "/" -f5)
-PHPVER="7.4"
-PSGVER="$(apt-cache madison postgresql | head -n1 | awk '{print $3}' | cut -d "+" -f1)"
-PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
-PHP_INI="$PHP_FPM_DIR/php.ini"
-PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
-NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-enabled/$DOMAIN.conf | awk '{print$2}')"
+MIN_PHP="8.2"
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
+PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
+NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-available/"$DOMAIN".conf | awk '{print$2}')"
+[ -z "$NC_NGINX_SSL_PORT" ] && NC_NGINX_SSL_PORT="443"
 NC_REPO="https://download.nextcloud.com/server/releases"
 NCVERSION="$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)"
 STABLEVERSION="nextcloud-$NCVERSION"
@@ -54,54 +55,111 @@ NC_CONFIG="$NC_PATH/config/config.php"
 NC_DB_USER="nextcloud_user"
 NC_DB="nextcloud_db"
 NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
-DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)"
+DIR_RECORD="$(awk  -F '"' '/RECORDING/{print$2}'  /home/jibri/finalize_recording.sh|awk 'NR==1{print$1}')"
 REDIS_CONF="/etc/redis/redis.conf"
 JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
-if [ -f $JITSI_MEET_PROXY ];then
-PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1)
-fi
+[ -f "$JITSI_MEET_PROXY" ] && PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1)
+PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)"
+ISO3166_CODE=TBD
+NL="$(printf '\n  ')"
 
-while [[ -z "$NC_DOMAIN" ]]
-do
-read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN
-if [ -z "$NC_DOMAIN" ];then
-	echo "-- This field is mandatory."
-elif [ "$NC_DOMAIN" = "$DOMAIN" ]; then
-	echo "-- You can not use the same domain for both, Jitsi Meet and JRA via Nextcloud."
+
+exit_ifinstalled() {
+if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
+    echo " This instance already has $1 installed, exiting..."
+    echo " If you think this is an error, please report to:
+    -> https://forge.switnet.net/switnet/quick-jibri-installer/issues "
+    exit
 fi
+}
+install_ifnot() {
+if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
+    echo " $1 is installed, skipping..."
+else
+    echo -e "\n---- Installing $1 ----"
+    apt-get -yq2 install "$1"
+fi
+}
+while [[ "$ANS_NCD" != "yes" ]]
+do
+  read -p "> Please set your domain (or subdomain) here for Nextcloud: (e.g.: cloud.domain.com)$NL" -r NC_DOMAIN
+  if [ -z "$NC_DOMAIN" ];then
+    echo " - This field is mandatory."
+  elif [ "$NC_DOMAIN" = "$DOMAIN" ]; then
+    echo " - You can not use the same domain for both, Jitsi Meet and JRA via Nextcloud."
+  fi
+  read -p "  > Did you mean?: $NC_DOMAIN (yes or no)$NL" -r ANS_NCD
+  if [ "$ANS_NCD" = "yes" ]; then
+    echo "   - Alright, let's use $NC_DOMAIN."
+  else
+    echo "   - Please try again."
+  fi
 done
+sleep .1
+  #Simple DNS test
+if [ "$PUBLIC_IP" = "$(dig -4 +short "$NC_DOMAIN"|awk -v RS='([0-9]+\\.){3}[0-9]+' 'RT{print RT}')" ]; then
+  echo -e "Server public IP  & DNS record for $NC_DOMAIN seems to match, continuing...\n\n"
+  sleep .1
+else
+  echo "Server public IP ($PUBLIC_IP) & DNS record for $NC_DOMAIN don't seem to match."
+  echo "  > Please check your dns records are applied and updated, otherwise Nextcloud may fail."
+  read -p "  > Do you want to continue?: (yes or no)$NL" -r DNS_CONTINUE
+  if [ "$DNS_CONTINUE" = "yes" ]; then
+    echo "  - We'll continue anyway..."
+  else
+    echo "  - Exiting for now..."
+  exit
+  fi
+fi
+sleep .1
 NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf"
-while [[ -z "$NC_USER" ]]
+while [ -z "$NC_USER" ]
 do
-read -p "Nextcloud user: " -r NC_USER
-if [ -z "$NC_USER" ]; then
-	echo "-- This field is mandatory."
-fi
+    read -p "Nextcloud user: " -r NC_USER
+    if [ -z "$NC_USER" ]; then
+        echo " - This field is mandatory."
+    fi
 done
-while [ -z "$NC_PASS" ]  || [ ${#NC_PASS} -lt 6 ]
+sleep .1
+while [ -z "$NC_PASS" ]  || [ ${#NC_PASS} -lt 8 ]
 do
-read -p "Nextcloud user password: " -r NC_PASS
-
-if [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 6 ]; then
-	echo -e "-- This field is mandatory. \nPlease make sure it's at least 6 caracters.\n"
-fi
+    read -p "Nextcloud user password: " -r NC_PASS
+    if [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 8 ]; then
+        echo -e " - This field is mandatory. \nPlease make sure it's at least 8 characters.\n"
+    fi
 done
+sleep .1
 #Enable HSTS
-while [[ "$ENABLE_HSTS" != "yes" && "$ENABLE_HSTS" != "no" ]]
+while [ "$ENABLE_HSTS" != "yes" ] && [ "$ENABLE_HSTS" != "no" ]
 do
-read -p "> Do you want to enable HSTS for this domain?: (yes or no)
+    read -p "> Do you want to enable HSTS for this domain?: (yes or no)
   Be aware this option apply mid-term effects on the domain, choose \"no\"
-  in case you don't know what you are doing. More at https://hstspreload.org/"$'\n' -r ENABLE_HSTS
-if [ "$ENABLE_HSTS" = "no" ]; then
-	echo "-- HSTS won't be enabled."
-elif [ "$ENABLE_HSTS" = "yes" ]; then
-	echo "-- HSTS will be enabled."
-fi
+  in case you don't know what you are doing. More at https://hstspreload.org/$NL" -r ENABLE_HSTS
+    if [ "$ENABLE_HSTS" = "no" ]; then
+        echo " - HSTS won't be enabled."
+    elif [ "$ENABLE_HSTS" = "yes" ]; then
+        echo " - HSTS will be enabled."
+    fi
 done
-
+sleep .1
+echo -e "#Default country phone code\n
+> Starting at Nextcloud 21.x it's required to set a default country phone ISO 3166-1 alpha-2 code.\n
+>>> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements  <<<\n"
+sleep .1
+while [ ${#ISO3166_CODE} -gt 2 ];
+do
+echo -e "Some examples might be: Germany > DE | Mexico > MX | Spain > ES | USA > US\n
+Do you want to set such code for your installation?"
+sleep .1
+read -p "Leave empty if you don't want to set any: " -r ISO3166_CODE
+  if [ ${#ISO3166_CODE} -gt 2 ]; then
+    echo -e "\n-- This code is only 2 characters long, please check your input.\n"
+  fi
+done
+sleep .1
 echo -e "\n# Check for jitsi-meet/jibri\n"
 if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed")" == "1" ] || \
-   [ -f /etc/prosody/conf.d/$DOMAIN.conf ]; then
+   [ -f /etc/prosody/conf.d/"$DOMAIN".conf ]; then
     echo "jitsi meet/jibri is installed, checking version:"
     apt-show-versions jibri
 else
@@ -109,308 +167,84 @@ else
     exit
 fi
 
-exit_ifinstalled() {
-if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
-	echo " This instance already has $1 installed, exiting..."
-	echo " If you think this is an error, please report to:
-    -> https://github.com/switnet-ltd/quick-jibri-installer/issues "
-	exit
-fi
-}
-install_ifnot() {
-if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
-	echo " $1 is installed, skipping..."
-    else
-    	echo -e "\n---- Installing $1 ----"
-		apt-get -yq2 install $1
-fi
-}
-add_php74() {
-	if [ "$PHP_REPO" = "php" ]; then
-		echo "PHP $PHPVER already installed"
-		apt-get -q2 update
-		apt-get -yq2 dist-upgrade
-	else
-		echo "# Adding Ondrej PHP $PHPVER PPA Repository"
-		apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C
-		echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list
-		apt-get update -q2
-	fi
-}
 #Prevent root folder permission issues
-cp $PWD/files/jra-nc-app-ef.json /tmp
+cp "$PWD"/files/jra-nc-app-ef.json /tmp
 
-exit_ifinstalled postgresql-$PSGVER
+exit_ifinstalled postgresql-"$PSGVER"
 
 ## Install software requirements
 # PostgresSQL
-install_ifnot postgresql-$PSGVER
+install_ifnot postgresql-"$PSGVER"
 
-# PHP 7.4
-add_php74
-apt-get install -y \
-            php$PHPVER-fpm \
-            php$PHPVER-bcmath \
-            php$PHPVER-bz2 \
-            php$PHPVER-curl \
-            php$PHPVER-gd \
-            php$PHPVER-gmp \
-            php$PHPVER-intl \
-            php$PHPVER-json \
-            php$PHPVER-ldap \
-            php$PHPVER-mbstring \
-            php$PHPVER-pgsql \
-            php$PHPVER-soap \
-            php$PHPVER-xml \
-            php$PHPVER-xmlrpc \
-            php$PHPVER-zip \
-            php-imagick \
-            php-redis \
-            redis-server \
-            unzip
 
-#System related
-install_ifnot smbclient
-sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" $PHP_CONF
-sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" $PHP_CONF
-sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" $PHP_CONF
-sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" $PHP_CONF
-sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" $PHP_CONF
-sed -i "s|;clear_env = no|clear_env = no|" $PHP_CONF
+#--------------------------------------------------
+# Prepare PHP
+#--------------------------------------------------
 
-echo "
-Tunning PHP.ini...
-"
-# Change values in php.ini (increase max file size)
-# max_execution_time
-sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
-# max_input_time
-sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
-# memory_limit
-sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
-# post_max
-sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
-# upload_max
-sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
-
-phpenmod opcache
-{
-
-echo "# OPcache settings for Nextcloud"
-echo "opcache.enable=1"
-echo "opcache.enable_cli=1"
-echo "opcache.interned_strings_buffer=8"
-echo "opcache.max_accelerated_files=10000"
-echo "opcache.memory_consumption=256"
-echo "opcache.save_comments=1"
-echo "opcache.revalidate_freq=1"
-echo "opcache.validate_timestamps=1"
-} >> "$PHP_INI"
-
-systemctl restart php$PHPVER-fpm.service
+if [ "$MODE" = "debug" ]; then
+    bash -x "$PWD"/tools/prepare_php.sh "$MIN_PHP"
+else
+    bash "$PWD"/tools/prepare_php.sh "$MIN_PHP"
+fi
 
 #--------------------------------------------------
 # Create DB user
 #--------------------------------------------------
 
 echo -e "\n---- Creating the PgSQL DB & User  ----"
-cd /tmp
 sudo -u postgres psql <<DB
 CREATE DATABASE nextcloud_db;
 CREATE USER ${NC_DB_USER} WITH ENCRYPTED PASSWORD '${NC_DB_PASSWD}';
 GRANT ALL PRIVILEGES ON DATABASE ${NC_DB} TO ${NC_DB_USER};
 DB
-echo "Done!
-"
+echo -e "\nDone!\n"
 
-#nginx - configuration
-cat << NC_NGINX > $NC_NGINX_CONF
-#nextcloud config
-upstream php-handler {
-    #server 127.0.0.1:9000;
-    server unix:/run/php/php${PHPVER}-fpm.sock;
-}
+# Add .mjs as a file extension for javascript
+sed -i "/application\/javascript/s|js.*;|js mjs;|" /etc/nginx/mime.types
 
-server {
-    listen 80;
-    listen [::]:80;
-    server_name $NC_DOMAIN;
-    # enforce https
-    return 301 https://\$server_name\$request_uri;
-}
+# nginx conf setup.
+cp files/nextcloud.conf "$NC_NGINX_CONF"
+sed -i "s|_PHPVER|$MIN_PHP|g" "$NC_NGINX_CONF"
+sed -i "s|_NC_DOMAIN|$NC_DOMAIN|g" "$NC_NGINX_CONF"
+sed -i "s|_NC_NGINX_SSL_PORT|$NC_NGINX_SSL_PORT|g" "$NC_NGINX_CONF"
+sed -i "s|_NC_PATH|$NC_PATH|g" "$NC_NGINX_CONF"
 
-server {
-    listen $NC_NGINX_SSL_PORT ssl http2;
-    listen [::]:$NC_NGINX_SSL_PORT ssl http2;
-    server_name $NC_DOMAIN;
-
-    ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/$NC_DOMAIN/privkey.pem;
-
-    # Add headers to serve security related headers
-    # Before enabling Strict-Transport-Security headers please read into this
-    # topic first.
-    # add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload;";
-    #
-    # WARNING: Only add the preload option once you read about
-    # the consequences in https://hstspreload.org/. This option
-    # will add the domain to a hardcoded list that is shipped
-    # in all major browsers and getting removed from this list
-    # could take several months.
-    add_header Referrer-Policy "no-referrer" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header X-Download-Options "noopen" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Permitted-Cross-Domain-Policies "none" always;
-    add_header X-Robots-Tag "none" always;
-    add_header X-XSS-Protection "1; mode=block" always;
-
-    # Path to the root of your installation
-    root $NC_PATH/;
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    # The following 2 rules are only needed for the user_webfinger app.
-    # Uncomment it if you're planning to use this app.
-    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
-    # last;
-
-    location = /.well-known/carddav {
-      return 301 \$scheme://\$host/remote.php/dav;
-    }
-    location = /.well-known/caldav {
-      return 301 \$scheme://\$host/remote.php/dav;
-    }    
-    location ~ /.well-known/acme-challenge {
-      allow all;
-    }
-
-    # set max upload size
-    client_max_body_size 1024M;
-    fastcgi_buffers 64 4K;
-
-    # Enable gzip but do not remove ETag headers
-    gzip on;
-    gzip_vary on;
-    gzip_comp_level 4;
-    gzip_min_length 256;
-    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-
-    # Uncomment if your server is built with the ngx_pagespeed module
-    # This module is currently not supported.
-    #pagespeed off;
-
-    location / {
-        rewrite ^ /index.php\$uri;
-    }
-
-    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
-        deny all;
-    }
-    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
-        deny all;
-    }
-
-    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:\$|/) {
-        fastcgi_split_path_info ^(.+\.php)(/.*)\$;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
-        fastcgi_param PATH_INFO \$fastcgi_path_info;
-        fastcgi_param HTTPS on;
-        #Avoid sending the security headers twice
-        fastcgi_param modHeadersAvailable true;
-        fastcgi_param front_controller_active true;
-        fastcgi_pass php-handler;
-        fastcgi_intercept_errors on;
-        fastcgi_request_buffering off;
-        fastcgi_read_timeout 300;
-    }
-
-    location ~ ^/(?:updater|ocs-provider)(?:\$|/) {
-        try_files \$uri/ =404;
-        index index.php;
-    }
-
-    # Adding the cache control header for js and css files
-    # Make sure it is BELOW the PHP block
-    location ~ \.(?:css|js|woff|svg|gif)\$ {
-        try_files \$uri /index.php\$uri\$is_args\$args;
-        add_header Cache-Control "public, max-age=15778463";
-        # Add headers to serve security related headers (It is intended to
-        # have those duplicated to the ones above)
-        # Before enabling Strict-Transport-Security headers please read into
-        # this topic first.
-        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
-        #
-        # WARNING: Only add the preload option once you read about
-        # the consequences in https://hstspreload.org/. This option
-        # will add the domain to a hardcoded list that is shipped
-        # in all major browsers and getting removed from this list
-        # could take several months.
-        add_header Referrer-Policy "no-referrer" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-Download-Options "noopen" always;
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Permitted-Cross-Domain-Policies "none" always;
-        add_header X-Robots-Tag "none" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-        # Optional: Don't log access to assets
-        access_log off;
-    }
-
-    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)\$ {
-        try_files \$uri /index.php\$uri\$is_args\$args;
-        # Optional: Don't log access to other assets
-        access_log off;
-    }
-}
-NC_NGINX
 systemctl stop nginx
-letsencrypt certonly --standalone --renew-by-default --agree-tos -d $NC_DOMAIN
-if [ -f /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem ];then
-	ln -s $NC_NGINX_CONF /etc/nginx/sites-enabled/
+letsencrypt certonly --standalone --renew-by-default --agree-tos -d "$NC_DOMAIN"
+if [ -f /etc/letsencrypt/live/"$NC_DOMAIN"/fullchain.pem ];then
+    ln -s "$NC_NGINX_CONF" /etc/nginx/sites-enabled/
 else
-	echo "There are issues on getting the SSL certs..."
-	read -n 1 -s -r -p "Press any key to continue"
+    echo "There are issues on getting the SSL certs..."
+    read -n 1 -s -r -p "Press any key to continue"
 fi
 nginx -t
 systemctl restart nginx
 
 if [ "$ENABLE_HSTS" = "yes" ]; then
-sed -i "s|# add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF
+    sed -i "s|#add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" "$NC_NGINX_CONF"
 fi
 
-if [ "$DISTRO_RELEASE" != "xenial" ] && [ -z $PREAD_PROXY ]; then
-echo "
+if [ -n "$PREAD_PROXY" ]; then
+    echo "
   Setting up Nextcloud domain on Jitsi Meet turn proxy
 "
-	sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" $JITSI_MEET_PROXY
-	sed -i "/server {/i \ \ \ \ \ \ $DOMAIN      web;" $JITSI_MEET_PROXY
-	sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" $JITSI_MEET_PROXY
-	sed -i "/server {/i \ \ }" $JITSI_MEET_PROXY
+    sed -i "/server {/i \ \ map \$ssl_preread_server_name \$upstream {" "$JITSI_MEET_PROXY"
+    sed -i "/server {/i \ \ \ \ \ \ $DOMAIN      web;" "$JITSI_MEET_PROXY"
+    sed -i "/server {/i \ \ \ \ \ \ $NC_DOMAIN web;" "$JITSI_MEET_PROXY"
+    sed -i "/server {/i \ \ }" "$JITSI_MEET_PROXY"
 fi
 
-echo "
-  Latest version to be installed: $STABLEVERSION
-  (This might take sometime, please be patient...)
-"
-curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/$STABLEVERSION.zip
-unzip -q /tmp/$STABLEVERSION.zip
-mv nextcloud $NC_PATH
+echo -e "\n  Latest version to be installed: $STABLEVERSION
+  (This might take sometime, please be patient...)\n"
+curl -s "$NC_REPO"/"$STABLEVERSION".zip > /tmp/"$STABLEVERSION".zip
+unzip -q /tmp/"$STABLEVERSION".zip
+mv nextcloud "$NC_PATH"
 
-chown -R www-data:www-data $NC_PATH
-chmod -R 755 $NC_PATH
+chown -R www-data:www-data "$NC_PATH"
+chmod -R 755 "$NC_PATH"
 
-echo "
-Database installation...
-"
-sudo -u www-data php $NC_PATH/occ maintenance:install \
+echo -e "\nDatabase installation...\n"
+sudo -u www-data php$MIN_PHP "$NC_PATH"/occ maintenance:install \
 --database=pgsql \
 --database-name="$NC_DB" \
 --database-user="$NC_DB_USER" \
@@ -418,64 +252,57 @@ sudo -u www-data php $NC_PATH/occ maintenance:install \
 --admin-user="$NC_USER" \
 --admin-pass="$NC_PASS"
 
-echo "
-Apply custom mods...
-"
-sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG
-sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG
-sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG
-sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG
+echo -e "\nApply custom mods...\n"
+sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," "$NC_CONFIG"
+sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," "$NC_CONFIG"
+sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," "$NC_CONFIG"
+sed -i "s|http://localhost|https://$NC_DOMAIN|" "$NC_CONFIG"
 
-echo "Add crontab..."
-crontab -u www-data -l | { cat; echo "*/5  *  *  *  * php -f $NC_PATH/cron.php"; } | crontab -u www-data -
+echo -e "\nAdd crontab...\n"
+crontab -u www-data -l | { cat; echo "*/5  *  *  *  * php$MIN_PHP -f $NC_PATH/cron.php"; } | crontab -u www-data -
 
-echo "
-Add memcache support...
-"
-sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" $REDIS_CONF
-sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" $REDIS_CONF
-sed -i "s|port 6379|port 0|" $REDIS_CONF
+echo -e "\nAdd memcache support...\n"
+sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" "$REDIS_CONF"
+sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" "$REDIS_CONF"
+sed -i "s|port 6379|port 0|" "$REDIS_CONF"
 systemctl restart redis-server
 
-echo "--> Setting config.php..."
-sed -i "/);/i \ \ 'filelocking.enabled' => 'true'," $NC_CONFIG
-sed -i "/);/i \ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
-sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
-sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
-sed -i "/);/i \ \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
-sed -i "/);/i \ \ 'redis' =>" $NC_CONFIG
-sed -i "/);/i \ \ \ \ array (" $NC_CONFIG
-sed -i "/);/i \ \ \ \ \ 'host' => '/var/run/redis/redis.sock'," $NC_CONFIG
-sed -i "/);/i \ \ \ \ \ 'port' => 0," $NC_CONFIG
-sed -i "/);/i \ \ \ \ \ 'timeout' => 0," $NC_CONFIG
-sed -i "/);/i \ \ )," $NC_CONFIG
-echo "Done
-"
-echo "
-Addding & Setting up Files External App for Local storage...
-"
-sudo -u www-data php $NC_PATH/occ app:install files_external
-sudo -u www-data php $NC_PATH/occ app:enable files_external
-sudo -u www-data php $NC_PATH/occ files_external:import /tmp/jra-nc-app-ef.json
+echo -e "\n--> Setting config.php...\n"
+if [ -n "$ISO3166_CODE" ]; then
+  sed -i "/);/i \ \ 'default_phone_region' => '$ISO3166_CODE'," "$NC_CONFIG"
+fi
+sed -i "/);/i \ \ 'filelocking.enabled' => 'true'," "$NC_CONFIG"
+sed -i "/);/i \ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG"
+sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG"
+sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG"
+sed -i "/);/i \ \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis'," "$NC_CONFIG"
+sed -i "/);/i \ \ 'redis' =>" "$NC_CONFIG"
+sed -i "/);/i \ \ \ \ array (" "$NC_CONFIG"
+sed -i "/);/i \ \ \ \ \ 'host' => '/var/run/redis/redis.sock'," "$NC_CONFIG"
+sed -i "/);/i \ \ \ \ \ 'port' => 0," "$NC_CONFIG"
+sed -i "/);/i \ \ \ \ \ 'timeout' => 0," "$NC_CONFIG"
+sed -i "/);/i \ \ )," "$NC_CONFIG"
+echo -e "Done\n"
+
+echo -e "\nAddding & Setting up Files External App for Local storage...\n"
+sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:install files_external
+sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:enable files_external
+sudo -u www-data php$MIN_PHP "$NC_PATH"/occ app:disable support
+sudo -u www-data php$MIN_PHP "$NC_PATH"/occ files_external:import /tmp/jra-nc-app-ef.json
 
 usermod -a -G jibri www-data
-chmod -R 770 $DIR_RECORD
-chmod -R g+s $DIR_RECORD
+chmod -R 770 "$DIR_RECORD"
+chmod -R g+s "$DIR_RECORD"
 
-echo "
-Fixing possible missing tables...
-"
-echo "y"|sudo -u www-data php $NC_PATH/occ db:convert-filecache-bigint
-sudo -u www-data php $NC_PATH/occ db:add-missing-indices
-sudo -u www-data php $NC_PATH/occ db:add-missing-columns
+echo -e "\nFixing possible missing tables...\n\n"
+echo "y"|sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:convert-filecache-bigint
+sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-indices
+sudo -u www-data php$MIN_PHP "$NC_PATH"/occ db:add-missing-columns
 
-echo "
-Adding trusted domain...
-"
-sudo -u www-data php $NC_PATH/occ config:system:set trusted_domains 0 --value=$NC_DOMAIN
+echo -e "\nAdding trusted domain...\n"
+sudo -u www-data php$MIN_PHP "$NC_PATH"/occ config:system:set trusted_domains 0 --value="$NC_DOMAIN"
 
-echo "Setting JRA domain on jitsi-updater.sh"
-cd ~/quick-jibri-installer
+echo -e "\nSetting JRA domain on jitsi-updater.sh\n"
 sed -i "s|NC_DOMAIN=.*|NC_DOMAIN=\"$NC_DOMAIN\"|" jitsi-updater.sh
 
-echo "Quick Nextcloud installation complete!"
+echo -e "\nQuick Nextcloud installation complete!\n"

mode/chp-mode.sh

@@ -1,20 +1,14 @@
 #!/bin/bash
 # Custom High Performance Jitsi conf
-# SwITNet Ltd © - 2020, https://switnet.net/
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GPLv3 or later.
 
-#Check if user is root
-if ! [ $(id -u) = 0 ]; then
-   echo "You need to be root or have privileges!"
-   exit 0
-fi
-
 while getopts m: option
 do
 	case "${option}"
 	in
 		m) MODE=${OPTARG};;
-		\?) echo "Usage: sudo ./chp-mode.sh [-m debug]" && exit;;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
 	esac
 done
 
@@ -23,6 +17,12 @@ if [ "$MODE" = "debug" ]; then
 set -x
 fi
 
+#Check if user is root
+if ! [ "$(id -u)" = 0 ]; then
+   echo "You need to be root or have privileges!"
+   exit 0
+fi
+
 wait_seconds() {
 secs=$(($1))
 while [ $secs -gt 0 ]; do
@@ -31,9 +31,20 @@ while [ $secs -gt 0 ]; do
    : $((secs--))
 done
 }
+set_once() {
+if ! grep -q "$(awk '!/^ *#/ && NF {print}' "$2"|grep "$(awk -F '=' '{print$1}' <<< "$1")")" ; then
+  echo "Setting $1 on $2..."
+  echo "$1" | tee -a "$2"
+else
+  echo " \"$(echo "$1"|awk -F '=' '{print$1}')\" seems present, skipping setting this variable"
+fi
+}
+# True if $1 is greater than $2
+version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
+
 
 LTS_REL="$(lsb_release -d | awk '{print$4}')"
-DOMAIN="$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')"
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
 JVB_LOG_POP="/etc/jitsi/videobridge/logging.properties"
 JVB_RC="/usr/share/jitsi-videobridge/lib/videobridge.rc"
 JICOFO_LOG_POP="/etc/jitsi/videobridge/logging.properties"
@@ -42,10 +53,17 @@ MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
 MEET_CONF_HP="/etc/jitsi/meet/${DOMAIN}-chp-config.js"
 INT_CONF_JS="/etc/jitsi/meet/${DOMAIN}-interface_config.js"
 INT_CONF_JS_HP="/etc/jitsi/meet/${DOMAIN}-chp-interface_config.js"
-WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf"
-FSTAB="/etc/fstab"
+WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
+CHAT_DISABLED="TBD"
 
-if [ -z $LTS_REL ] || [ -z $DOMAIN ];then
+if [ -f "$MEET_CONF_HP" ] || [ -f "$INT_CONF_JS_HP" ]; then
+echo "
+This script can't be run multiple times on the same system,
+idempotence not guaranteed, exiting..."
+exit
+fi
+
+if [ -z "$LTS_REL" ] || [ -z "$DOMAIN" ];then
 echo "This system isn't suitable to configure."
 exit
   else
@@ -61,8 +79,20 @@ Overview:
    * jicofo logging
    * meet logging
  - Modify UX by changing session configuration & toolbar.
- 
-Try to avoid running multiple times on the same machine, idempotence not guaranteed."
+ - Disable browsers not compatible with CHP,
+   * Safari
+   * Firefox*
+"
+
+echo "# Note: As for January 2021 Firefox can't handle correctly widescreen sizing
+# on lower resolution than HD (nHD & qHD), setting as incompatible for now.
+# (If you know this is no longer the case. Please report it to \
+https://forge.switnet.net/switnet/quick-jibri-installer/issues)
+"
+
+#Tools to consider
+##Profiling
+#https://github.com/jvm-profiling-tools/async-profiler
 
 while [[ "$CONTINUE_HP" != "yes" && "$CONTINUE_HP" != "no" ]]
     do
@@ -75,108 +105,225 @@ while [[ "$CONTINUE_HP" != "yes" && "$CONTINUE_HP" != "no" ]]
     fi
 done
 
-#Tools to consider
-##Profiling
-#https://github.com/jvm-profiling-tools/async-profiler
+# Video resolution selector
+echo "
+#--------------------------------------------------
+# Conference widescreen video resolution.
+#--------------------------------------------------
+"
+echo "If you are using a high volume of users we recommend to use nHD (640x360),
+or at most qHD (960x540) resolution as default, since bandwith increase
+exponentially with the more concurrent users on a meeting.
+Either way, choose your desired video resolution.
+"
 
-#SYSTEM
-##Disable swap
-swapoff -a
-sed -ir  '/\sswap\s/s/^#?/#/' $FSTAB
+PS3='Select the desired resolution for high performance mode: '
+options=("nHD - 640x360" "qHD - 960x540" "HD - 1280x720")
+select opt in "${options[@]}"
+do
+    case "$opt" in
+        "nHD - 640x360")
+            echo -e "\n  > Setting 640x360 resolution.\n"
+            VID_RES="360"
+            break
+            ;;
+        "qHD - 960x540")
+            echo -e "\n  > Setting 960x540 resolution.\n"
+            VID_RES="540"
+            break
+            ;;
+        "HD - 1280x720")
+            echo -e "\n  > Setting 1280x720 resolution.\n"
+            VID_RES="720"
+            break
+            ;;
+        *) echo "Invalid option $REPLY, choose 1, 2 or 3";;
+    esac
+done
 
-##Kernel
-#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/tuning_and_optimizing_red_hat_enterprise_linux_for_oracle_9i_and_10g_databases/sect-oracle_9i_and_10g_tuning_guide-adjusting_network_settings-changing_network_kernel_settings
-sysctl -w net.core.rmem_default=262144
-sysctl -w net.core.wmem_default=262144
-sysctl -w net.core.rmem_max=262144
-sysctl -w net.core.wmem_max=262144
-echo 'net.core.rmem_default=262144' | tee -a /etc/sysctl.conf
-echo 'net.core.wmem_default=262144' | tee -a /etc/sysctl.conf
-echo 'net.core.rmem_max=262144' | tee -a /etc/sysctl.conf
-echo 'net.core.wmem_max=262144' | tee -a /etc/sysctl.conf
+echo "
+# Disable Chat?
+> In case you have your own chat solution for the meetings you might
+wanna disable Jitsi's chat from the toolbox.
+"
+while [[ "$CHAT_DISABLED" != "yes" && \
+         "$CHAT_DISABLED" != "no" && \
+         "$CHAT_DISABLED" != "" ]]
+do
+echo "> Do you want to disable jitsi's built-in chat?: (yes or no)"
+read -p "(Also you can leave empty to disable)"$'\n' -r CHAT_DISABLED
+if [ "$CHAT_DISABLED" = "no" ]; then
+	echo -e "-- Jitsi's built-in chat will be kept active.\n"
+elif [ "$CHAT_DISABLED" = "yes" ] || [ -z "$CHAT_DISABLED" ]; then
+	echo -e "-- Jitsi's built-in chat will be disabled. \n"
+fi
+done
 
-#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes
-sysctl -w net.ipv4.tcp_timestamps=0
-echo 'net.ipv4.tcp_timestamps=0' | tee -a /etc/sysctl.conf
-
-#https://bugzilla.redhat.com/show_bug.cgi?id=1283676
-sysctl -w net.core.netdev_max_backlog=100000
-echo 'net.core.netdev_max_backlog=100000' | tee -a /etc/sysctl.conf
-
-##nginx
-sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf
-
-#Missing docs
-#sysctl -w net.ipv4.tcp_low_latency=1
+## JMS system tune up
+if [ "$MODE" = "debug" ]; then
+    bash "$PWD"/jms-stu.sh -m debug
+else
+    bash "$PWD"/jms-stu.sh
+fi
 
 #JVB2
-##Loose up logging 
+##Loose up logging
 # https://community.jitsi.org/t/23641/13
-sed -i "/java.util.logging.FileHandler.level/s|ALL|WARNING|g" $JVB_LOG_POP
-sed -i "s|^.level=INFO|.level=WARNING|" $JVB_LOG_POP
-sed -i "/VIDEOBRIDGE_MAX_MEMORY=/i \ VIDEOBRIDGE_MAX_MEMORY=8192m" $JVB_RC
+sed -i "/java.util.logging.FileHandler.level/s|ALL|WARNING|g" "$JVB_LOG_POP"
+sed -i "s|^.level=INFO|.level=WARNING|" "$JVB_LOG_POP"
+sed -i "/VIDEOBRIDGE_MAX_MEMORY=/i \ VIDEOBRIDGE_MAX_MEMORY=8192m" "$JVB_RC"
 
 #JICOFO
-sed -i "/java.util.logging.FileHandler.level/s|ALL|OFF|g" $JICOFO_LOG_POP
-sed -i "s|^.level=INFO|.level=WARNING|" $JICOFO_LOG_POP
+sed -i "/java.util.logging.FileHandler.level/s|ALL|OFF|g" "$JICOFO_LOG_POP"
+sed -i "s|^.level=INFO|.level=WARNING|" "$JICOFO_LOG_POP"
 
 #MEET
-sed -i "s|defaultLogLevel:.*|defaultLogLevel: 'error',|" $MEET_LOG_CONF
-sed -i "/TraceablePeerConnection.js/s|info|error|" $MEET_LOG_CONF
-sed -i "/CallStats.js/s|info|error|" $MEET_LOG_CONF
-sed -i "/strophe.util.js/s|log|error|" $MEET_LOG_CONF
+sed -i "s|defaultLogLevel:.*|defaultLogLevel: 'error',|" "$MEET_LOG_CONF"
+sed -i "/TraceablePeerConnection.js/s|info|error|" "$MEET_LOG_CONF"
+sed -i "/CallStats.js/s|info|error|" "$MEET_LOG_CONF"
+sed -i "/strophe.util.js/s|log|error|" "$MEET_LOG_CONF"
 
 #UX - Room settings and interface
 ## config.js
-cp $MEET_CONF $MEET_CONF_HP
-sed -i "s|// disableAudioLevels:.*|disableAudioLevels: true,|" $MEET_CONF_HP
-sed -i "s|enableNoAudioDetection:.*|enableNoAudioDetection: false,|" $MEET_CONF_HP
-sed -i "s|enableNoisyMicDetection:.*|enableNoisyMicDetection: false,|" $MEET_CONF_HP
-sed -i "s|startAudioMuted:.*|startAudioMuted: 5,|" $MEET_CONF_HP
-sed -i "s|// startVideoMuted:.*|startVideoMuted: 5,|" $MEET_CONF_HP
-sed -i "s|startWithVideoMuted: true,|startWithVideoMuted: false,|" $MEET_CONF_HP
-sed -i "s|channelLastN:.*|channelLastN: 10,|" $MEET_CONF_HP
-sed -i "s|// enableLayerSuspension:.*|enableLayerSuspension: true,|" $MEET_CONF_HP
-sed -i "s|// resolution:.*|resolution: 480,|" $MEET_CONF_HP
-sed -i "s|// apiLogLevels:.*|apiLogLevels: \['warn', 'error'],|" $MEET_CONF_HP
+cp "$MEET_CONF" "$MEET_CONF_HP"
+sed -i "s|// disableAudioLevels:.*|disableAudioLevels: true,|" "$MEET_CONF_HP"
+sed -i "s|enableNoAudioDetection:.*|enableNoAudioDetection: false,|" "$MEET_CONF_HP"
+sed -i "s|enableNoisyMicDetection:.*|enableNoisyMicDetection: false,|" "$MEET_CONF_HP"
+sed -i "s|startAudioMuted:.*|startAudioMuted: 5,|" "$MEET_CONF_HP"
+sed -i "s|// startVideoMuted:.*|startVideoMuted: 5,|" "$MEET_CONF_HP"
+sed -i "s|startWithVideoMuted: true,|startWithVideoMuted: false,|" "$MEET_CONF_HP"
+sed -i "s|channelLastN:.*|channelLastN: 10,|" "$MEET_CONF_HP"
+sed -i "s|// enableLayerSuspension:.*|enableLayerSuspension: true,|" "$MEET_CONF_HP"
+sed -i "s|// apiLogLevels:.*|apiLogLevels: \['warn', 'error'],|" "$MEET_CONF_HP"
 
-sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// constraints: {| constraints: {|" $MEET_CONF_HP
-###Standar 4:3
-#sed -i "/w3c spec-compliant/,/disableSimulcast:/s|//     video: {|     video: {|" $MEET_CONF_HP
-###Widescreen 16:9
-sed -i "/w3c spec-compliant/,/disableSimulcast:/s|//     video: {|     video: {\\
-\ \ \ \ \ \ \ \ \ \ \ \ \ aspectRatio: 16 / 9,|" $MEET_CONF_HP
-sed -i "/w3c spec-compliant/,/disableSimulcast:/s|//         height: {|         height: {|" $MEET_CONF_HP
-sed -i "/w3c spec-compliant/,/disableSimulcast:/s|//             ideal:.*|             ideal: 480,|" $MEET_CONF_HP
-sed -i "/w3c spec-compliant/,/disableSimulcast:/s|//             max:.*|             max: 480,|" $MEET_CONF_HP
-sed -i "/w3c spec-compliant/,/disableSimulcast:/s|//             min:.*|             min:240|" $MEET_CONF_HP
-sed -i "/w3c spec-compliant/,/disableSimulcast:/s|//         }|         }|" $MEET_CONF_HP
-sed -i "/w3c spec-compliant/,/disableSimulcast:/s|//     }|     }|" $MEET_CONF_HP
-sed -i "/w3c spec-compliant/,/disableSimulcast:/s|// },| },|" $MEET_CONF_HP
+if [ "$VID_RES" = "360" ]; then
+sed -i "/Start QJI/,/End QJI/d" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 360," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 360," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 360," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 640," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 640," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" "$MEET_CONF_HP"
+fi
+if [ "$VID_RES" = "540" ]; then
+sed -i "/Start QJI/,/End QJI/d" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 540," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 540," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 540," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 960," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 960," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" "$MEET_CONF_HP"
+fi
+if [ "$VID_RES" = "720" ]; then
+sed -i "/Start QJI/,/End QJI/d" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \/\/ Start QJI - Set resolution and widescreen format" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ resolution: 720," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ constraints: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ aspectRatio: 16 \/ 9," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ video: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ height: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 720," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 720," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 180" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ width: {" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ideal: 1280," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ max: 1280," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ min: 320" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ \ \ \ \ }" "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \ \ \ \ \ }," "$MEET_CONF_HP"
+sed -i "/Enable \/ disable simulcast support/i \/\/ End QJI" "$MEET_CONF_HP"
+fi
 
 ## interface_config.js
-cp $INT_CONF_JS $INT_CONF_JS_HP
-sed -i "s|CONNECTION_INDICATOR_DISABLED:.*|CONNECTION_INDICATOR_DISABLED: true,|" $INT_CONF_JS_HP
-sed -i "s|DISABLE_DOMINANT_SPEAKER_INDICATOR:.*|DISABLE_DOMINANT_SPEAKER_INDICATOR: true,|" $INT_CONF_JS_HP
-sed -i "s|DISABLE_FOCUS_INDICATOR:.*|DISABLE_FOCUS_INDICATOR: false,|" $INT_CONF_JS_HP
-sed -i "s|DISABLE_JOIN_LEAVE_NOTIFICATIONS:.*|DISABLE_JOIN_LEAVE_NOTIFICATIONS: true,|" $INT_CONF_JS_HP
-sed -i "s|DISABLE_VIDEO_BACKGROUND:.*|DISABLE_VIDEO_BACKGROUND: true,|" $INT_CONF_JS_HP
-sed -i "s|OPTIMAL_BROWSERS: \[.*|OPTIMAL_BROWSERS: \[ 'chrome', 'chromium', 'electron' \],|" $INT_CONF_JS_HP
-sed -i "s|UNSUPPORTED_BROWSERS: .*|UNSUPPORTED_BROWSERS: \[ 'nwjs', 'safari' \],|" $INT_CONF_JS_HP
+cp "$INT_CONF_JS" "$INT_CONF_JS_HP"
+sed -i "s|CONNECTION_INDICATOR_DISABLED:.*|CONNECTION_INDICATOR_DISABLED: true,|" "$INT_CONF_JS_HP"
+sed -i "s|DISABLE_DOMINANT_SPEAKER_INDICATOR:.*|DISABLE_DOMINANT_SPEAKER_INDICATOR: true,|" "$INT_CONF_JS_HP"
+sed -i "s|DISABLE_FOCUS_INDICATOR:.*|DISABLE_FOCUS_INDICATOR: false,|" "$INT_CONF_JS_HP"
+sed -i "s|DISABLE_JOIN_LEAVE_NOTIFICATIONS:.*|DISABLE_JOIN_LEAVE_NOTIFICATIONS: true,|" "$INT_CONF_JS_HP"
+sed -i "s|DISABLE_VIDEO_BACKGROUND:.*|DISABLE_VIDEO_BACKGROUND: true,|" "$INT_CONF_JS_HP"
+sed -i "s|OPTIMAL_BROWSERS: \[.*|OPTIMAL_BROWSERS: \[ 'chrome', 'chromium', 'electron' \],|" "$INT_CONF_JS_HP"
+sed -i "s|UNSUPPORTED_BROWSERS: .*|UNSUPPORTED_BROWSERS: \[ 'nwjs', 'safari', 'firefox' \],|" "$INT_CONF_JS_HP"
 
 ### Toolbars
-sed -i "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" $INT_CONF_JS_HP
+if version_gt "$(apt-show-versions jitsi-meet|awk '{print$2}')" "2.0.5390-3" ; then
+  #New toolbar in config.js
+  sed -i "/\/\/ toolbarButtons:/i \ \ \ \ toolbarButtons:: \[" "$MEET_CONF_HP"
+  sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," "$MEET_CONF_HP"
+  if [ -z "$CHAT_DISABLED" ] || [ "$CHAT_DISABLED" = "yes" ]; then
+    sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," "$MEET_CONF_HP"
+  else
+    sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording'," "$MEET_CONF_HP"
+  fi
+  sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'livestreaming', 'etherpad', 'settings', 'raisehand'," "$MEET_CONF_HP"
+  sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," "$MEET_CONF_HP"
+  sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'" "$MEET_CONF_HP"
+  sed -i "/\/\/ toolbarButtons:/i \ \ \ \ \]," "$MEET_CONF_HP"
+else
+  #Old toolbar in interface.js (soon deprecated on newer versions)
+  sed -i "/^\s*TOOLBAR_BUTTONS*\]$/ s|^|//|; /^\s*TOOLBAR_BUTTONS/, /\],$/ s|^|//|" "$INT_CONF_JS_HP"
 
-sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ TOOLBAR_BUTTONS: \[" $INT_CONF_JS_HP
-sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," $INT_CONF_JS_HP
-sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," $INT_CONF_JS_HP
-sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'etherpad', 'settings', 'raisehand'," $INT_CONF_JS_HP
-sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," $INT_CONF_JS_HP
-sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'security'" $INT_CONF_JS_HP
-sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \]," $INT_CONF_JS_HP
+  sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ TOOLBAR_BUTTONS: \[" "$INT_CONF_JS_HP"
+  sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'microphone', 'camera', 'desktop', 'fullscreen'," "$INT_CONF_JS_HP"
+  if [ -z "$CHAT_DISABLED" ] || [ "$CHAT_DISABLED" = "yes" ]; then
+    sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'recording'," "$INT_CONF_JS_HP"
+  else
+    sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'fodeviceselection', 'hangup', 'profile', 'chat', 'recording'," "$INT_CONF_JS_HP"
+  fi
+  sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'livestreaming', 'etherpad', 'settings', 'raisehand'," "$INT_CONF_JS_HP"
+  sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'videoquality', 'filmstrip', 'feedback'," "$INT_CONF_JS_HP"
+  sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \ \ \ \ 'tileview', 'download', 'help', 'mute-everyone', 'mute-video-everyone', 'security'" "$INT_CONF_JS_HP"
+  sed -i "/\/\/    TOOLBAR_BUTTONS/i \ \ \ \ \]," "$INT_CONF_JS_HP"
+fi
 
-sed -i "s|$MEET_CONF|$MEET_CONF_HP|g" $WS_CONF
-sed -i "s|$INT_CONF_JS|$INT_CONF_JS_HP|" $WS_CONF
+#Check config file
+echo -e "\n# Checking $MEET_CONF file for errors\n"
+CHECKJS_MEET_CHP="$(esvalidate "$MEET_CONF_HP"| cut -d ":" -f2)"
+if [ -z "$CHECKJS_MEET_CHP" ]; then
+echo -e "\n# The $MEET_CONF_HP configuration seems correct. =)\n"
+else
+echo -e "\n  Watch out!, there seems to be an issue on $MEET_CONF_HP line:
+    $CHECKJS_MEET_CHP
+  Most of the times this is due upstream changes, please report to
+  https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
+fi
+CHECKJS_INT_CHP="$(esvalidate "$INT_CONF_JS_HP"| cut -d ":" -f2)"
+if [ -z "$CHECKJS_INT_CHP" ]; then
+echo -e "\n# The $INT_CONF_JS_HP configuration seems correct. =)\n"
+else
+echo -e "\n  Watch out!, there seems to be an issue on $INT_CONF_JS_HP line:
+    $CHECKJS_INT_CHP
+  Most of the times this is due upstream changes, please report to
+  https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
+fi
+
+sed -i "s|$MEET_CONF|$MEET_CONF_HP|g" "$WS_CONF"
+sed -i "s|$INT_CONF_JS|$INT_CONF_JS_HP|" "$WS_CONF"
 nginx -t
 #systemctl restart nginx
 

mode/grid/selenium-grid-docker.sh

@@ -1,11 +1,25 @@
 #!/bin/bash
 # Custom Selenium Grid-Node fro Jitsi Meet
 # Pandian © - https://community.jitsi.org/u/Pandian
-# SwITNet Ltd © - 2020, https://switnet.net/
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GPLv3 or later.
 
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
 #Check if user is root
-if ! [ $(id -u) = 0 ]; then
+if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
    exit 0
 fi
@@ -14,7 +28,7 @@ WAN_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
 AV_SPACE="$(df -h .|grep -v File|awk '{print$4}'|sed -e 's|G||')"
 
 echo -e "\n-- Make sure you have at least 10GB of disk space available.\n"
-if [ $(echo "$AV_SPACE > 9" | bc) -ne 0 ]; then
+if [ "$(echo "$AV_SPACE > 9" | bc)" -ne 0 ]; then
   echo "> Seems we have enough disk space."
 else
   echo "> Please meet the minimum required disk space for this installer, exiting..."
@@ -30,7 +44,7 @@ apt-get install -y \
                          wget \
                          unzip \
                          maven \
-                         openjdk-8-jdk
+                         openjdk-11-jdk
 # Docker
 curl -fsSL https://get.docker.com -o get-docker.sh
 sh get-docker.sh
@@ -40,17 +54,17 @@ chmod +x /usr/local/bin/docker-compose
 ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
 
 # Jitsi Meet Torture
-cd /opt
+cd /opt || exit
 git clone https://github.com/jitsi/jitsi-meet-torture
-cd jitsi-meet-torture/resources
-if [ -f FourPeople_1280x720_30.y4m ] ; then
-echo "FourPeople_1280x720_30.y4m exists"
+cd jitsi-meet-torture/ || exit
+if [ -f resources/FourPeople_1280x720_30.y4m ] ; then
+  echo "FourPeople_1280x720_30.y4m exists"
 else
-echo "FourPeople_1280x720_30.y4m doesn't exists, getting a copy..."
-wget -c https://media.xiph.org/video/derf/y4m/FourPeople_1280x720_60.y4m
-cp FourPeople_1280x720_60.y4m FourPeople_1280x720_30.y4m
+  echo "FourPeople_1280x720_30.y4m doesn't exists, getting a copy..."
+  wget -c https://media.xiph.org/video/derf/y4m/FourPeople_1280x720_60.y4m
+  mv FourPeople_1280x720_60.y4m resources/
+  cp resources/FourPeople_1280x720_60.y4m resources/FourPeople_1280x720_30.y4m
 fi
-cd ..
 
 #150 "participants" available
 ## Tested up to 120 with AWS c5.24xlarge
@@ -133,7 +147,7 @@ SELENIUM_GRID_DOCKER
 docker-compose -f selenium.yml up -d
 
 echo -e "\n#=================== End of Seleniun Grid build ========================#\n"
-echo -e "\nChange the values acording to you test requirements using something like;\n"
+echo -e "\nChange the values according to you test requirements using something like;\n"
 echo "cd /opt/jitsi-meet-torture
 sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\
                         --conferences=1 \\
@@ -145,8 +159,8 @@ sudo bash /opt/jitsi-meet-torture/scripts/malleus.sh \\
                         --hub-url=http://localhost:4444/wd/hub \\
                         --instance-url=https://YOUR.JITSI-MEET-INSTANCE.DOMAIN
 "
-echo -e "\n-- If using 'hamertesting' as prefix name you can join the room 
-hamertesting0, hamertesting1, hamertestingN 
+echo -e "\n-- If using 'hamertesting' as prefix name you can join the room
+hamertesting0, hamertesting1, hamertestingN
 according to the 'N' number of conferences you have set to watch the test.
 
 *Beware* for 120 \"participants\" to join video-muted it was necessary at least a c5.24xlarge AWS instance.

mode/jms-stu.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+# System-tune-up to remove system software restrictions on a huge load of connections.
+# Be aware that hardware/infrastructure resources are the most common limiters.
+#
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
+#Check if user is root
+if ! [ "$(id -u)" = 0 ]; then
+   echo "You need to be root or have privileges!"
+   exit 0
+fi
+
+echo '
+#--------------------------------------------------
+# Starting system tune up configuration
+# for high performance
+#--------------------------------------------------
+'
+
+set_once_hash_comment() {
+if ! awk '!/^ *#/ && NF {print}' "$2"|grep -q "$(awk -F '=' '{print$1}' <<< "$1")" ; then
+  echo "Setting $1 on $2..."
+  echo "$1" | tee -a "$2"
+else
+  echo "\"$(awk -F '=' '{print$1}' <<< "$1")\" seems already present, skipping setting this variable"
+fi
+}
+FSTAB=/etc/fstab
+
+##Disable swap
+swapoff -a
+sed -r  '/\sswap\s/s/^#?/#/' -i "$FSTAB"
+
+##Alternative swap tuning (need more documentation).
+#vm.swappiness=5
+#vm.vfs_cache_pressure=50
+
+##Kernel
+#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/tuning_and_optimizing_red_hat_enterprise_linux_for_oracle_9i_and_10g_databases/sect-oracle_9i_and_10g_tuning_guide-adjusting_network_settings-changing_network_kernel_settings
+sysctl -w net.core.rmem_default=262144
+sysctl -w net.core.wmem_default=262144
+sysctl -w net.core.rmem_max=262144
+sysctl -w net.core.wmem_max=262144
+set_once_hash_comment "net.core.rmem_default=262144" "/etc/sysctl.conf"
+set_once_hash_comment "net.core.wmem_default=262144" "/etc/sysctl.conf"
+set_once_hash_comment "net.core.rmem_max=262144" "/etc/sysctl.conf"
+set_once_hash_comment "net.core.wmem_max=262144" "/etc/sysctl.conf"
+
+#system
+#https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
+set_once_hash_comment "DefaultLimitNOFILE=65000" "/etc/sysctl.conf"
+set_once_hash_comment "DefaultLimitNPROC=65000" "/etc/sysctl.conf"
+set_once_hash_comment "DefaultTasksMax=65000" "/etc/sysctl.conf"
+
+#https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/reduce_tcp_performance_spikes
+sysctl -w net.ipv4.tcp_timestamps=0
+set_once_hash_comment "net.ipv4.tcp_timestamps=0" "/etc/sysctl.conf"
+
+#https://bugzilla.redhat.com/show_bug.cgi?id=1283676
+sysctl -w net.core.netdev_max_backlog=100000
+set_once_hash_comment "net.core.netdev_max_backlog=100000" "/etc/sysctl.conf"
+
+##nginx
+sed -i "s|worker_connections.*|worker_connections 2000;|" /etc/nginx/nginx.conf
+nginx -t
+
+#Missing docs
+#sysctl -w net.ipv4.tcp_low_latency=1
+
+echo "System tune up...
+  Done!"

mode/jwt.sh

@@ -1,16 +1,31 @@
 #!/bin/bash
 # JWT Mode Setup
-# SwITNet Ltd © - 2020, https://switnet.net/
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GPLv3 or later.
-DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
+
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
 MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
 JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties"
 PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua"
 PROSODY_SYS="/etc/prosody/prosody.cfg.lua"
 APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)"
 SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)"
-SRP_STR=$(grep -n "VirtualHost \"$DOMAIN\"" $PROSODY_FILE | head -n1 | cut -d ":" -f1)
-SRP_END=$((SRP_STR + 10))
+SRP_STR="$(grep -n "VirtualHost \"$DOMAIN\"" "$PROSODY_FILE" | head -n1 | cut -d ":" -f1)"
+SRP_END="$((SRP_STR + 10))"
 
 ## Required  openssl for Focal 20.04
 if [ "$(lsb_release -sc)" = "focal" ]; then
@@ -37,52 +52,55 @@ echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-select
 apt-get install -y jitsi-meet-tokens
 
 #Setting up
-sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" $PROSODY_SYS
+sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" "$PROSODY_SYS"
 #-
-sed -i "$SRP_STR,$SRP_END{s|authentication = \"anonymous\"|authentication = \"token\"|}" $PROSODY_FILE
-sed -i "s|--app_id=\"example_app_id\"|app_id=\"$APP_ID\"|" $PROSODY_FILE
-sed -i "s|--app_secret=\"example_app_secret\"|app_secret=\"$SECRET_APP\"|" $PROSODY_FILE
-sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" $PROSODY_FILE
-sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \"RocketChat\" }" $PROSODY_FILE
-#allow_empty_token = false
+sed -i "$SRP_STR,$SRP_END{s|authentication = \"jitsi-anonymous\"|authentication = \"token\"|}" "$PROSODY_FILE"
+sed -i "s|--app_id=\"example_app_id\"|app_id=\"$APP_ID\"|" "$PROSODY_FILE"
+sed -i "s|--app_secret=\"example_app_secret\"|app_secret=\"$SECRET_APP\"|" "$PROSODY_FILE"
+sed -i "/app_secret/a \\\\" "$PROSODY_FILE"
+sed -i "/app_secret/a \ \ \ \ allow_empty_token = false" "$PROSODY_FILE"
+sed -i "/app_secret/a \\\\" "$PROSODY_FILE"
+sed -i "/app_secret/a \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" "$PROSODY_FILE"
+sed -i "/app_secret/a \ \ \ \ asap_accepted_audiences = { \"$APP_ID\", \"RocketChat\" }" "$PROSODY_FILE"
+sed -i "/app_secret/a \\\\" "$PROSODY_FILE"
+sed -i "s|--allow_empty_token =.*|allow_empty_token = false|" "$PROSODY_FILE"
+sed -i 's|--"token_verification"|"token_verification"|' "$PROSODY_FILE"
 
 #Request auth
-sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" $JICOFO_SIP
-sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF
+sed -i "s|#org.jitsi.jicofo.auth.URL=EXT_JWT:|org.jitsi.jicofo.auth.URL=EXT_JWT:|" "$JICOFO_SIP"
+sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" "$MEET_CONF"
 
 #Enable jibri recording
-cat  << REC-JIBRI >> $PROSODY_FILE
+cat  << REC-JIBRI >> "$PROSODY_FILE"
 
 VirtualHost "recorder.$DOMAIN"
   modules_enabled = {
     "ping";
   }
-  authentication = "internal_plain"
+  authentication = "internal_hashed"
 
 REC-JIBRI
 
 #Setup guests and lobby
-cat << P_SR >> $PROSODY_FILE
-
+cat << P_SR >> "$PROSODY_FILE"
+-- #Change back lobby - https://community.jitsi.org/t/64769/136
 VirtualHost "guest.$DOMAIN"
     authentication = "token"
     allow_empty_token = true
     c2s_require_encryption = false
-    muc_lobby_whitelist = { "recorder.$DOMAIN", "auth.$DOMAIN" }
     speakerstats_component = "speakerstats.$DOMAIN"
-    conference_duration_component = "conferenceduration.$DOMAIN"
     app_id="$APP_ID";
     app_secret="$SECRET_APP";
 
     modules_enabled = {
       "speakerstats";
-      "conference_duration";
+--      "conference_duration";
     }
 P_SR
 
 echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n"
-echo -e "\n$APP_ID" && \
-echo -e "$SECRET_APP\n"
+echo -e "\nAPP_ID: $APP_ID" && \
+echo -e "SECRET_APP: $SECRET_APP\n"
 
 echo -e "You can test JWT authentication with the following token:\n"
 pyjwt3 --key="$SECRET_APP" \

patches/jigasi/001-jigasi-meet-config.patch

@@ -0,0 +1,40 @@
+# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+Enable transcription on jitsi meet config.js file.
+
+diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
+index f412891..f704157 100644
+--- a/etc/jitsi/meet/${DOMAIN}-config.js
++++ b/etc/jitsi/meet/${DOMAIN}-config.js
+@@ -426,9 +426,9 @@ var config = {
+     // autoCaptionOnRecord: false,
+ 
+     // Transcription options.
+-    // transcription: {
++    transcription: {
+     //     // Whether the feature should be enabled or not.
+-    //     enabled: false,
++        enabled: true,
+ 
+     //     // Translation languages.
+     //     // Available languages can be found in
+@@ -443,7 +443,7 @@ var config = {
+     //     // detected based on the environment, e.g. if the app is opened in a chrome instance which
+     //     // is using french as its default language then transcriptions for that participant will be in french.
+     //     // Defaults to true.
+-    //     useAppLanguage: true,
++        useAppLanguage: true,
+ 
+     //     // Transcriber language. This settings will only work if "useAppLanguage"
+     //     // is explicitly set to false.
+@@ -453,7 +453,7 @@ var config = {
+ 
+     //     // Enables automatic turning on transcribing when recording is started
+     //     autoTranscribeOnRecord: false,
+-    // },
++    },
+ 
+     // Misc
+ 

patches/jigasi/002-jigasi-sip-properties.patch

@@ -0,0 +1,80 @@
+# Quick Jigasi Installer with VOSK backend - *buntu (LTS) based systems.
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+Modify sip-communicator.properties to run Jigasi along with VOSK Models.
+
+diff --git a/etc/jitsi/jigasi/sip-communicator.properties b/etc/jitsi/jigasi/sip-communicator.properties
+index 7a8d0f3..ae5369a 100644
+--- a/etc/jitsi/jigasi/sip-communicator.properties
++++ b/etc/jitsi/jigasi/sip-communicator.properties
+@@ -165,12 +165,12 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
+ 
+ # If you want jigasi to perform authenticated login instead of anonymous login
+ # to the XMPP server, you can set the following properties.
+-# org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
+-# org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
+-# org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
++org.jitsi.jigasi.xmpp.acc.USER_ID=transcriber@recorder.${DOMAIN}
++org.jitsi.jigasi.xmpp.acc.PASS=${JIG_TRANSC_PASWD}
++org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
+ 
+ # To fix SSL/TLS required by client but not supported by server
+-#org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
++org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
+ 
+ # Can be used in combination with jitsi-meet module mod_auth_jitsi-shared-secret
+ # To have jigasi use a random username on every call
+@@ -187,7 +187,7 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
+ # Activate this property if you are using self-signed certificates or other
+ # type of non-trusted certicates. In this mode your service trust in the
+ # remote certificates always.
+-# net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
++net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
+ 
+ # Enable this property to be able to shutdown gracefully jigasi using
+ # a rest command
+@@ -196,31 +196,31 @@ org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
+ # Options regarding Transcription. Read the README for a detailed description
+ # about each property
+ 
+-#org.jitsi.jigasi.ENABLE_TRANSCRIPTION=false
+-#org.jitsi.jigasi.ENABLE_SIP=true
++org.jitsi.jigasi.ENABLE_TRANSCRIPTION=true
++org.jitsi.jigasi.ENABLE_SIP=false
+ 
+ # whether to use the more expensive, but better performing
+ # "video" model when doing transcription
+ # org.jitsi.jigasi.transcription.USE_VIDEO_MODEL = false
+ 
+ # delivering final transcript
+-# org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
+-# org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
+-# org.jitsi.jigasi.transcription.jetty.port=-1
+-# org.jitsi.jigasi.transcription.ADVERTISE_URL=false
++org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
++org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
++org.jitsi.jigasi.transcription.jetty.port=-1
++org.jitsi.jigasi.transcription.ADVERTISE_URL=false
+ 
+ # save formats
+-# org.jitsi.jigasi.transcription.SAVE_JSON=false
+-# org.jitsi.jigasi.transcription.SAVE_TXT=true
++org.jitsi.jigasi.transcription.SAVE_JSON=false
++org.jitsi.jigasi.transcription.SAVE_TXT=true
+ 
+ # send formats
+-# org.jitsi.jigasi.transcription.SEND_JSON=true
+-# org.jitsi.jigasi.transcription.SEND_TXT=false
++org.jitsi.jigasi.transcription.SEND_JSON=true
++org.jitsi.jigasi.transcription.SEND_TXT=false
+ 
+ # Vosk server
+-# org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
++org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.VoskTranscriptionService
+ # org.jitsi.jigasi.transcription.vosk.websocket_url={"en": "ws://localhost:2700", "fr": "ws://localhost:2710"}
+-# org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
++org.jitsi.jigasi.transcription.vosk.websocket_url=ws://localhost:2700
+ 
+ # Whisper live transcription server
+ # org.jitsi.jigasi.transcription.customService=org.jitsi.jigasi.transcription.WhisperTranscriptionService

patches/jitsi-meet/001-jitsi-meet-enable-livestreaming-and-recording.patch

@@ -0,0 +1,66 @@
+# Quick Jibri Installer - *buntu (LTS) based systems.
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+Patch jitsi-meet config.js to enable recording and livestreaming by default.
+
+diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
+index dcb860b..8f64c7c 100644
+--- a/etc/jitsi/meet/${DOMAIN}-config.js
++++ b/etc/jitsi/meet/${DOMAIN}-config.js
+@@ -343,12 +343,12 @@ var config = {
+     //    // showPrejoinWarning: true,
+     // },
+ 
+-    // recordingService: {
++    recordingService: {
+     //     // When integrations like dropbox are enabled only that will be shown,
+     //     // by enabling fileRecordingsServiceEnabled, we show both the integrations
+     //     // and the generic recording service (its configuration and storage type
+     //     // depends on jibri configuration)
+-    //     enabled: false,
++        enabled: true,
+ 
+     //     // Whether to show the possibility to share file recording with other people
+     //     // (e.g. meeting participants), based on the actual implementation
+@@ -357,7 +357,7 @@ var config = {
+ 
+     //     // Hide the warning that says we only store the recording for 24 hours.
+     //     hideStorageWarning: false,
+-    // },
++    },
+ 
+     // DEPRECATED. Use recordingService.enabled instead.
+     // fileRecordingsServiceEnabled: false,
+@@ -368,7 +368,7 @@ var config = {
+     // Local recording configuration.
+     // localRecording: {
+     //     // Whether to disable local recording or not.
+-    //     disable: false,
++    //     disable: true,
+ 
+     //     // Whether to notify all participants when a participant is recording locally.
+     //     notifyAllParticipants: false,
+@@ -378,9 +378,9 @@ var config = {
+     // },
+ 
+     // Customize the Live Streaming dialog. Can be modified for a non-YouTube provider.
+-    // liveStreaming: {
++    liveStreaming: {
+     //    // Whether to enable live streaming or not.
+-    //    enabled: false,
++       enabled: true,
+     //    // Terms link
+     //    termsLink: 'https://www.youtube.com/t/terms',
+     //    // Data privacy link
+@@ -388,8 +388,8 @@ var config = {
+     //    // RegExp string that validates the stream key input field
+     //    validatorRegExpString: '^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}',
+     //    // Documentation reference for the live streaming feature.
+-    //    helpLink: 'https://jitsi.org/live'
+-    // },
++       helpLink: 'https://forge.switnet.net/switnet/quick-jibri-installer'
++    },
+ 
+     // DEPRECATED. Use liveStreaming.enabled instead.
+     // liveStreamingEnabled: false,

patches/jitsi-meet/002-jitsi-meet-welcome-page-on-off.patch

@@ -0,0 +1,31 @@
+# Quick Jibri Installer - *buntu (LTS) based systems.
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+Patch jitsi-meet config.js to enable/disable welcome page.
+
+diff --git a/etc/jitsi/meet/${DOMAIN}-config.js b/etc/jitsi/meet/${DOMAIN}-config.js
+index dcb860b..2094287 100644
+--- a/etc/jitsi/meet/${DOMAIN}-config.js
++++ b/etc/jitsi/meet/${DOMAIN}-config.js
+@@ -664,13 +664,13 @@ var config = {
+     // enableWelcomePage: true,
+ 
+     // Configs for welcome page.
+-    // welcomePage: {
+-    //     // Whether to disable welcome page. In case it's disabled a random room
+-    //     // will be joined when no room is specified.
+-    //     disabled: false,
+-    //     // If set, landing page will redirect to this URL.
+-    //     customUrl: ''
+-    // },
++    welcomePage: {
++        // Whether to disable welcome page. In case it's disabled a random room
++        // will be joined when no room is specified.
++        disabled: ${ENABLE_WELCP_BOL},
++        // If set, landing page will redirect to this URL.
++        customUrl: ''
++    },
+ 
+     // Configs for the lobby screen.
+     // lobby: {

tools/aws-grub-setup.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+# Automated AWS generic kernel setup for jibri.
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
+wait_seconds() {
+secs=$(($1))
+while [ $secs -gt 0 ]; do
+   echo -ne "$secs\033[0K\r"
+   sleep 1
+   : $((secs--))
+done
+}
+
+echo "####
+# WARNING: Only use this script if you know what you are doing.
+# Under your own risk.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY.
+####"
+
+# Check if user is root
+if [ "$UID" != 0 ]; then
+    echo You need to run this script as root or sudo rights!
+    exit 1
+fi
+
+TMP_DIR="$(mktemp -d)"
+KERNEL_LOG="$TMP_DIR/kernel_log"
+GRUB_FILE="/etc/default/grub"
+
+echo -e "# Check and update HWE kernel if possible...\n"
+apt-get -q2 update
+HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")"
+if [ "$HWE_VIR_MOD" = "1" ]; then
+    apt-get -y install \
+    linux-image-generic-hwe-"$(lsb_release -sr)" \
+    linux-tools-generic-hwe-"$(lsb_release -sr)"
+else
+    apt-get -y install \
+    linux-image-generic \
+    linux-modules-extra-"$(uname -r)"
+fi
+apt-get -y autoremove
+apt-get autoclean
+
+#Write update-grub output
+update-grub > "$KERNEL_LOG" 2>&1
+
+#Get clean output
+awk -F'boot/' '{print$2}' < "$KERNEL_LOG"|sed '/^[[:space:]]*$/d' | \
+tee "$KERNEL_LOG".tmp
+mv "$KERNEL_LOG".tmp "$KERNEL_LOG"
+
+echo -e "Check if AWS kernel is installed.\n"
+[ "$(grep -wc aws "$KERNEL_LOG")" = 0 ] && echo "No AWS kernel found, exiting..." && exit
+
+#Get kernel number
+RAW_KERNEL_NUM="$(grep -Fn generic "$KERNEL_LOG"|head -n1|cut -d ':' -f1)"
+FIXED_KERNEL_NUM="$(awk "BEGIN{ print $RAW_KERNEL_NUM - 1 }")"
+
+echo -e "Set up GRUB for custom kernel.\n"
+sed -i "s|GRUB_DEFAULT=.*|GRUB_DEFAULT=\"1\>$FIXED_KERNEL_NUM\"|" "$GRUB_FILE"
+
+echo -e "Saving changes...\n"
+update-grub
+
+echo "Time to reboot..."
+echo "Rebooting in..."
+wait_seconds 15
+reboot

tools/fail2ban_ssh.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # Simple Fail2ban configuration
-# 2020 - SwITNet Ltd
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GNU GPLv3 or later.
 
 while getopts m: option
@@ -8,7 +8,7 @@ do
 	case "${option}"
 	in
 		m) MODE=${OPTARG};;
-		\?) echo "Usage: sudo ./fail2ban_ssh.sh [-m debug]" && exit;;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
 	esac
 done
 
@@ -18,7 +18,7 @@ set -x
 fi
 
 #Check if user is root
-if ! [ $(id -u) = 0 ]; then
+if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
    exit 0
 fi
@@ -27,8 +27,8 @@ apt-get -y install fail2ban
 
 if \
 [ -f /var/log/ssh_f2b.log ] && \
-[ $(grep -c 604800 /etc/fail2ban/jail.local) = "1" ] && \
-[ $(grep -c ssh_f2b.log /etc/fail2ban/jail.local) = "1"]; then
+[ "$(grep -c 604800 /etc/fail2ban/jail.local)" = "1" ] && \
+[ "$(grep -c ssh_f2b.log /etc/fail2ban/jail.local)" = "1" ]; then
     echo -e "\nFail2ban seems to be already configured.\n"
 else
     echo -e "\nConfiguring Fail2ban...\n"

tools/jibri-conf-upgrade.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # Simple Jibri conf updater
-# 2020 - SwITNet Ltd
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GNU GPLv3 or later.
 
 while getopts m: option
@@ -8,7 +8,7 @@ do
 	case "${option}"
 	in
 		m) MODE=${OPTARG};;
-		\?) echo "Usage: sudo ./test-jibri-env.sh [-m debug]" && exit;;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
 	esac
 done
 
@@ -25,7 +25,7 @@ echo -e '
 \n'
 
 #Check if user is root
-if ! [ $(id -u) = 0 ]; then
+if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
    exit 0
 fi
@@ -46,19 +46,19 @@ else
 fi
 
 if [ -d /etc/prosody/ ];then
-DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
 fi
 CONF_JSON="/etc/jitsi/jibri/config.json"
 JIBRI_CONF="/etc/jitsi/jibri/jibri.conf"
-DIR_RECORD=/var/jbrecord
-REC_DIR=/home/jibri/finalize_recording.sh
-JibriBrewery=JibriBrewery
+DIR_RECORD="/var/jbrecord"
+REC_DIR="/home/jibri/finalize_recording.sh"
+JibriBrewery="JibriBrewery"
 
 check_read_vars() {
     echo "Checking $1"
     if [ -z "$2" ];then
-    echo "This variable seems wrong, please check before continue"
-    exit 1
+        echo "This variable seems wrong, please check before continue"
+        exit 1
     fi
 }
 restart_services_jibri() {
@@ -73,44 +73,44 @@ fi
 }
 
 #Prevent re-run on completed jibri upgraded instance
-if [ -f $CONF_JSON_disabled ] && \
-   [ -f $JIBRI_CONF ] && \
-   [ -f $JIBRI_CONF-dpkg-file ]; then
+if [ -f "$CONF_JSON"_disabled ] && \
+   [ -f "$JIBRI_CONF" ] && \
+   [ -f "$JIBRI_CONF"-dpkg-file ]; then
     echo -e "\n> This jibri config has been upgraded already, we'll exit...\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
-https://github.com/switnet-ltd/quick-jibri-installer/issues\n"
+https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
     exit
-elif [ ! -f $CONF_JSON ] && \
-   [ -f $JIBRI_CONF ] && \
-   [ -f $JIBRI_CONF-dpkg-file ]; then
-    echo -e "\n> This jibri seems to be running the lastest configuration already, we'll exit...\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
-https://github.com/switnet-ltd/quick-jibri-installer/issues\n"
+elif [ ! -f "$CONF_JSON" ] && \
+   [ -f "$JIBRI_CONF" ] && \
+   [ -f "$JIBRI_CONF"-dpkg-file ]; then
+    echo -e "\n> This jibri seems to be running the latest configuration already, we'll exit...\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
+https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
     exit
-elif [ -f $CONF_JSON ] && \
-   [ -f $JIBRI_CONF ]; then
+elif [ -f "$CONF_JSON" ] && \
+   [ -f "$JIBRI_CONF" ]; then
     echo -e "\n> This jibri config seems to be candidate for upgrading, we'll continue...\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
-https://github.com/switnet-ltd/quick-jibri-installer/issues\n"
+https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
 fi
 
 #Read missing variables
-if [ -f $CONF_JSON ]; then
+if [ -f "$CONF_JSON" ]; then
     echo "Reading current config.json file..."
-    if [ -z $DOMAIN ]; then
-        DOMAIN=$(jq .xmpp_environments[0].xmpp_domain $CONF_JSON|cut -d '"' -f2)
+    if [ -z "$DOMAIN" ]; then
+        DOMAIN="$(jq .xmpp_environments[0].xmpp_domain $CONF_JSON|cut -d '"' -f2)"
     fi
-    JB_NAME=$(jq .xmpp_environments[0].name $CONF_JSON|cut -d '"' -f2)
-    JB_AUTH_PASS=$(jq .xmpp_environments[0].control_login.password $CONF_JSON|cut -d '"' -f2)
-    JB_REC_PASS=$(jq .xmpp_environments[0].call_login.password $CONF_JSON|cut -d '"' -f2)
-    JB_NICKN=$(jq .xmpp_environments[0].control_muc.nickname $CONF_JSON|cut -d '"' -f2)
+    JB_NAME="$(jq .xmpp_environments[0].name $CONF_JSON|cut -d '"' -f2)"
+    JB_AUTH_PASS="$(jq .xmpp_environments[0].control_login.password $CONF_JSON|cut -d '"' -f2)"
+    JB_REC_PASS="$(jq .xmpp_environments[0].call_login.password $CONF_JSON|cut -d '"' -f2)"
+    JB_NICKN="$(jq .xmpp_environments[0].control_muc.nickname $CONF_JSON|cut -d '"' -f2)"
 else
     echo "Can't find the instance config.json file, exiting..."
     exit
 fi
 
-check_read_vars "Jibri Name" $JB_NAME
-check_read_vars "(Main server) Domain" $DOMAIN
-check_read_vars "Control login passwd" $JB_AUTH_PASS
-check_read_vars "Call login passwd" $JB_REC_PASS
-check_read_vars "Jibri Node nickname" $JB_NICKN
+check_read_vars "Jibri Name" "$JB_NAME"
+check_read_vars "(Main server) Domain" "$DOMAIN"
+check_read_vars "Control login passwd" "$JB_AUTH_PASS"
+check_read_vars "Call login passwd" "$JB_REC_PASS"
+check_read_vars "Jibri Node nickname" "$JB_NICKN"
 
 if [ "$MODE" = "debug" ]; then
 echo "$JB_NAME"
@@ -121,11 +121,11 @@ echo "$JB_NICKN"
 fi
 
 #Backup and setup new conf file
-echo -e "Backing up config.json for historical porpuses at:\n ${CONF_JSON}_disabled"
-mv $CONF_JSON ${CONF_JSON}_disabled
+echo -e "Backing up config.json for historical purposes at:\n ${CONF_JSON}_disabled"
+mv "$CONF_JSON" "${CONF_JSON}"_disabled
 
-mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file
-cat << NEW_CONF > $JIBRI_CONF
+mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file
+cat << NEW_CONF > "$JIBRI_CONF"
 // New XMPP environment config.
 jibri {
     recording {
@@ -195,13 +195,13 @@ jibri {
 NEW_CONF
 
 echo "Check final jibri.conf file:"
-cat $JIBRI_CONF
-read -n 1 -s -r -p "Press any key to continue..."$'\n'
+cat "$JIBRI_CONF"
+read -n 1 -s -r -p "Press any key to continue..."
 
 restart_services_jibri
 systemctl status jibri
 
 if [ -f /var/log/jitsi/jicofo.log ]; then
-echo -e "Checking for jicofo recognizing \"Live\" jibri node..."
-tail -n 10 | grep Live
+    echo -e "Checking for jicofo recognizing \"Live\" jibri node..."
+    tail -n 10 | grep Live
 fi

tools/jibri-resolution-enhancer.sh

@@ -0,0 +1,123 @@
+#!/bin/bash
+# Simple Jibri resolution enhancer
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GNU GPLv3 or later.
+
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
+#Check if user is root
+if ! [ "$(id -u)" = 0 ]; then
+   echo "You need to be root or have sudo privileges!"
+   exit 0
+fi
+
+# Make sure jibri is installed
+if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed")" == "1" ]; then
+  echo "Good Jibri is installed on this server"
+else
+  echo "Jibri is not on this system, it is a requirement.
+Exiting..."
+  exit
+fi
+
+apt-get -y install apt-show-versions
+
+JIBRI_OPT="/opt/jitsi/jibri"
+JIBRI_ENH_PATH="/opt/jibri-res-enhancer"
+INSTALLED_JIBRI_VERSION="$(apt-show-versions jibri|awk '{print$2}')"
+
+#Check if already run
+if [ -f "$JIBRI_OPT/jibri-res_enh.jar" ] && \
+   [ -d "$JIBRI_ENH_PATH" ]; then
+  echo "Seems this tools have been run before..."
+  exit
+fi
+
+mkdir /tmp/jibri
+cd /tmp/jibri || exit
+
+#Get md5sum for current jibri installed.
+apt-get download jibri="$INSTALLED_JIBRI_VERSION"
+ar x jibri_*.deb
+tar xvf data.tar.xz
+UPSTREAM_DEB_JAR_SUM="$(md5sum 2>/dev/null /tmp/jibri/opt/jitsi/jibri/jibri.jar |awk '{print$1}')"
+
+if [ -z "$UPSTREAM_DEB_JAR_SUM" ]; then
+  echo "Not possible to continue, exiting..."
+  exit
+fi
+
+#Compile requisites
+apt-get -y install devscripts \
+                   git \
+                   maven \
+                   openjdk-11-jdk
+
+#Build repository
+git clone https://github.com/jitsi/jibri "$JIBRI_ENH_PATH"
+cd "$JIBRI_ENH_PATH" || exit
+
+# Default values
+## videoEncodePreset - "veryfast" || h264ConstantRateFactor - 25
+# Recomemended values based on: https://trac.ffmpeg.org/wiki/Encode/H.264#crf
+## videoEncodePreset - "medium" || h264ConstantRateFactor - 17
+sed -i "/videoEncodePreset/s|String =.*|String = \"medium\",|"  src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt
+sed -i "/h264ConstantRateFactor/s|Int =.*|Int = 17,|"  src/main/kotlin/org/jitsi/jibri/capture/ffmpeg/FfmpegCapturer.kt
+mvn package
+
+JIBRI_JAR="$(find "$JIBRI_ENH_PATH" -name \*.jar|awk '/dependencies/{print}'|awk 'NR==1{print}')"
+cp "$JIBRI_ENH_PATH"/target/"$JIBRI_JAR" "$JIBRI_ENH_PATH"/target/jibri.jar
+
+# Backing up default binaries
+if [ "$UPSTREAM_DEB_JAR_SUM" = "$(md5sum 2>/dev/null $JIBRI_OPT/jibri.jar|awk '{print$1}')" ]; then
+  cp "$JIBRI_OPT"/jibri.jar "$JIBRI_OPT"/jibri-dpkg-package.jar
+fi
+
+# Migrate original to enhanced jibri
+cp "$JIBRI_ENH_PATH"/target/jibri.jar "$JIBRI_OPT"/jibri-res_enh.jar
+if [ -f "$JIBRI_OPT"/jibri-dpkg-package.jar ];then
+ cp "$JIBRI_OPT"/jibri-res_enh.jar "$JIBRI_OPT"/jibri.jar
+fi
+
+JIBRI_RES_ENH_HASH="$(md5sum 2>/dev/null $JIBRI_OPT/jibri-res_enh.jar|awk '{print$1}')"
+USED_JIBRI_HASH="$(md5sum 2>/dev/null $JIBRI_OPT/jibri.jar|awk '{print$1}')"
+
+if [ "$JIBRI_RES_ENH_HASH" = "$USED_JIBRI_HASH" ]; then
+  echo "Everything seems to have gone well."
+else 
+  echo "Something went wrong, restoring default package..."
+  if [ "$(md5sum 2>/dev/null $JIBRI_OPT/jibri-dpkg-package.jar|awk '{print$1}')" = "$UPSTREAM_DEB_JAR_SUM" ]; then
+    cp "$JIBRI_OPT"/jibri-dpkg-package.jar "$JIBRI_OPT"/jibri.jar
+    CLEAN="true"
+  else
+    if [ -f /tmp/jibri/opt/jitsi/jibri/jibri.jar ]; then
+      echo "Restoring from upstream package..."
+      cp /tmp/jibri/opt/jitsi/jibri/jibri.jar "$JIBRI_OPT"/jibri.jar
+      CLEAN="true"
+    else
+      echo "Wow, someone took the time to avoid restoration, please manually review your changes."
+      echo "Exiting..."
+      exit
+    fi
+  fi
+fi
+if [ "$CLEAN" = "true" ]; then
+  rm -r /tmp/jibri
+  rm -r "$JIBRI_ENH_PATH"
+  rm /opt/jitsi/jibri/jibri-res_enh.jar
+fi
+
+systemctl restart jibri
+echo "This will be a good time to test the enhanced resolution."

tools/prepare_php.sh

@@ -0,0 +1,138 @@
+#!/bin/bash
+# Automated PHP environment build for Nextcloud.
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+PHPVER=$1
+STABLE_PHP="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
+DISTRO_RELEASE="$(lsb_release -sc)"
+PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
+PHP_REPO_URL="http://ppa.launchpad.net/ondrej/php/ubuntu"
+PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
+PHP_INI="$PHP_FPM_DIR/php.ini"
+PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
+TMP_GPG_REPO="$(mktemp -d)"
+
+if [ $# -ne 1 ]; then
+  echo "Usage: $0 8.2"
+  exit 1
+fi
+
+install_ifnot() {
+    if [ "$(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed")" == "1" ]; then
+        echo " $1 is installed, skipping..."
+    else
+        printf "\n---- Installing %s ----" "$1"
+        apt-get -yq2 install "$1"
+    fi
+}
+
+install_aval_package() {
+for i in $1
+  do
+     if [ -z "$(apt-cache madison "$i" 2>/dev/null)" ]; then
+     echo " > Package $i not available on repo."
+     else
+     echo " > Add package $i to the install list"
+     packages="$packages $i"
+     fi
+ done
+ echo "$packages"
+ apt-get -y install $packages #< don't quote.
+ packages=""
+}
+
+add_gpg_keyring() {
+apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
+apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
+apt-key del "$1"
+mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
+}
+
+add_php_repo() {
+if [ "$PHP_REPO" = "php" ]; then
+    echo "PHP $PHPVER already installed"
+    apt-get -q2 update
+    apt-get -yq2 dist-upgrade
+else
+    echo "# Adding Ondrej PHP $PHPVER PPA Repository"
+    add_gpg_keyring E5267A6C
+    echo "deb [arch=amd64] $PHP_REPO_URL $DISTRO_RELEASE main" | \
+    tee /etc/apt/sources.list.d/php"$PHPVER".list
+    apt-get update -q2
+fi
+}
+
+add_php_repo
+
+install_aval_package " \
+            imagemagick \
+            php$PHPVER-fpm \
+            php$PHPVER-bcmath \
+            php$PHPVER-bz2 \
+            php$PHPVER-cli \
+            php$PHPVER-cgi \
+            php$PHPVER-curl \
+            php$PHPVER-gd \
+            php$PHPVER-gmp \
+            php$PHPVER-imagick \
+            php$PHPVER-intl \
+            php$PHPVER-json \
+            php$PHPVER-ldap \
+            php$PHPVER-mbstring \
+            php$PHPVER-pgsql \
+            php$PHPVER-redis \
+            php$PHPVER-soap \
+            php$PHPVER-xml \
+            php$PHPVER-xmlrpc \
+            php$PHPVER-zip \
+            redis-server \
+            unzip \
+            "
+
+#System related
+install_ifnot smbclient
+sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" "$PHP_CONF"
+sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" "$PHP_CONF"
+sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" "$PHP_CONF"
+sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" "$PHP_CONF"
+sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" "$PHP_CONF"
+sed -i "s|;clear_env = no|clear_env = no|" "$PHP_CONF"
+
+echo "
+Tunning PHP.ini...
+"
+# Change values in php.ini (increase max file size)
+# max_execution_time
+sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI"
+# max_input_time
+sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI"
+# memory_limit
+sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI"
+# post_max
+sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI"
+# upload_max
+sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI"
+
+phpenmod opcache
+{
+
+echo "# OPcache settings for Nextcloud"
+echo "opcache.enable=1"
+echo "opcache.enable_cli=1"
+echo "opcache.interned_strings_buffer=8"
+echo "opcache.max_accelerated_files=10000"
+echo "opcache.memory_consumption=256"
+echo "opcache.save_comments=1"
+echo "opcache.revalidate_freq=1"
+echo "opcache.validate_timestamps=1"
+} >> "$PHP_INI"
+
+update-alternatives --set php           /usr/bin/php"$STABLE_PHP"
+update-alternatives --set php-fpm.sock  /run/php/php"$STABLE_PHP"-fpm.sock
+update-alternatives --set php-cgi      	/usr/bin/php-cgi"$STABLE_PHP"
+update-alternatives --set php-cgi-bin   /usr/lib/cgi-bin/php"$STABLE_PHP"
+update-alternatives --set phar          /usr/bin/phar"$STABLE_PHP"
+update-alternatives --set phar.phar     /usr/bin/phar.phar"$STABLE_PHP"
+
+systemctl restart php"$PHPVER"-fpm.service

tools/start-over.sh

@@ -0,0 +1,144 @@
+#!/bin/bash
+#Start over
+# SwITNet Ltd © - 2024, https://switnet.net/
+# GPLv3 or later.
+
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
+#Check if user is root
+if ! [ "$(id -u)" = 0 ]; then
+   echo "You need to be root or have sudo privileges!"
+   exit 0
+fi
+
+wait_seconds() {
+secs=$(($1))
+while [ $secs -gt 0 ]; do
+   echo -ne "$secs\033[0K\r"
+   sleep 1
+   : $((secs--))
+done
+}
+remove_residuals() {
+  if [ -d "$1" ]; then
+    rm -r "$1"
+  fi
+}
+purge_debconf() {
+  echo PURGE | debconf-communicate "$1"
+}
+remove_services() {
+  systemctl disable "$1"
+  systemctl stop "$1"
+}
+echo -e '
+########################################################################
+                Welcome to the Start Over cleaner script
+########################################################################
+                    by Software, IT & Networks Ltd
+\n'
+
+SYNC_USER="$(find /home -maxdepth 1 -type d |awk '/jbsync/{print}')"
+DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
+
+echo "We are about to remove and clean all the jitsi-meet platform bits and pieces...
+Please make sure you have backed up anything you don't want to loose."
+
+echo "
+# WARGNING #: This is only recommended if you want to start over a failed installation,
+or plain and simple remove jitsi from your system."
+
+while [[ "$CONTINUE_PURGE1" != "yes" && "$CONTINUE_PURGE1" != "no" ]]
+do
+read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_PURGE1
+if [ "$CONTINUE_PURGE1" = "no" ]; then
+    echo "  Good, see you next time..."
+    exit
+elif [ "$CONTINUE_PURGE1" = "yes" ]; then
+    echo ""
+fi
+done
+
+echo "Let me ask just one more time..."
+while [[ "$CONTINUE_PURGE2" != "yes" && "$CONTINUE_PURGE2" != "no" ]]
+do
+read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_PURGE2
+if [ "$CONTINUE_PURGE2" = "no" ]; then
+    echo "  Good, see you next time..."
+    exit
+elif [ "$CONTINUE_PURGE2" = "yes" ]; then
+    echo "No going back, let's start..."
+    wait_seconds 10
+fi
+done
+
+#Purging all jitsi meet packages
+apt-get -y purge jibri \
+                 jicofo \
+                 jigasi \
+                 jitsi-meet \
+                 jitsi-meet-web \
+                 jitsi-meet-web-config \
+                 jitsi-meet-prosody \
+                 jitsi-meet-turnserver \
+                 jitsi-videobridge2 \
+                 prosody
+
+#Chome related packages
+apt-get -y purge google-chrome-stable
+rm /usr/local/bin/chromedriver
+
+#Services stop
+remove_services jibri
+remove_services jibri-icewm
+remove_services jibri-xorg
+
+#Cleaning packages
+apt-get -y autoremove
+apt-get clean
+
+#Removing residual files
+remove_residuals /etc/jitsi
+remove_residuals /opt/jitsi
+remove_residuals /usr/share/jicofo
+remove_residuals /usr/share/jitsi-*
+
+#Clean /etc/hosts
+sed -i "/$DOMAIN/d" /etc/hosts
+
+echo "#Purging debconf db"
+purge_debconf jicofo
+purge_debconf jigasi
+purge_debconf jitsi-meet
+purge_debconf jitsi-meet-prosody
+purge_debconf jitsi-meet-turnserver
+purge_debconf jitsi-meet-web-config
+purge_debconf jitsi-videobridge2
+
+#Remove unused users & groups
+if [ -n "$SYNC_USER" ]; then
+  deluser --remove-home "$SYNC_USER"
+fi
+if [ -d /home/jibri ]; then
+  deluser --remove-home  jibri
+  rm -r /home/jibri
+fi
+groupdel  jibri
+
+#Remove crontab
+crontab -l | grep -v '@weekly certbot renew --nginx' | crontab -
+crontab -l
+
+echo "We are done..."

tools/test-jibri-env.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # Simple Jibri Env tester
-# 2020 - SwITNet Ltd
+# SwITNet Ltd © - 2024, https://switnet.net/
 # GNU GPLv3 or later.
 
 while getopts m: option
@@ -8,7 +8,7 @@ do
 	case "${option}"
 	in
 		m) MODE=${OPTARG};;
-		\?) echo "Usage: sudo ./test-jibri-env.sh [-m debug]" && exit;;
+		\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
 	esac
 done
 
@@ -25,34 +25,44 @@ echo -e '
 \n'
 
 #Check if user is root
-if ! [ $(id -u) = 0 ]; then
+if ! [ "$(id -u)" = 0 ]; then
    echo "You need to be root or have sudo privileges!"
    exit 0
 fi
 
 echo "Checking for updates...."
 apt-get -q2 update
-apt-get -yq2 install apt-show-versions
-
-JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1)
-SND_AL_MODULE=$(lsmod | awk '{print$1}'| grep snd_aloop)
-HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe")
-CONF_JSON="/etc/jitsi/jibri/config.json"
-JIBRI_CONF="/etc/jitsi/jibri/jibri.conf"
-CHD_VER="$(/usr/local/bin/chromedriver --version 2>/dev/null| awk '{print$1,$2}')"
-GOOGL_VER="$(/usr/bin/google-chrome --version 2>/dev/null)"
+apt-get -yq2 install apt-show-versions \
+                     curl
 
 check_google_binaries() {
 if [ -z "$2" ]; then
   echo "Warning: No $1 doesn't seem installed"
 else
-  echo $2
+  echo "$2"
 fi
 }
 
+# True if $1 is greater than $2
+version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
+
+JITSI_REPO="$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1)"
+SND_AL_MODULE=$(lsmod | awk '{print$1}'| grep snd_aloop)
+HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")"
+CONF_JSON="/etc/jitsi/jibri/config.json"
+JIBRI_CONF="/etc/jitsi/jibri/jibri.conf"
+JMS_DOMAIN="$(awk -F '"' '/xmpp-domain/{print$2}' "$JIBRI_CONF")"
+CHDB="$(whereis chromedriver | awk '{print$2}')"
+CHD_VER_LOCAL="$($CHDB --version 2>/dev/null| awk '{print$1,$2}')"
+GOOGL_VER_LOCAL="$(/usr/bin/google-chrome --version 2>/dev/null)"
+CHD_VER_2D="$(echo "$CHD_VER_LOCAL"|awk '{print$2}'|cut -d "." -f 1,2)"
+GOOGL_VER_2D="$(echo "$GOOGL_VER_LOCAL"|awk '{print$3}'|cut -d "." -f 1,2)"
+CHD_LTST="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)"
+CHD_LTST_2D="$(echo "$CHD_LTST"|cut -d "." -f 1,2)"
+
 #T1
 echo -e "\n#1 -- Check repository --\n"
-if [ -z $JITSI_REPO ]; then
+if [ -z "$JITSI_REPO" ]; then
     echo "No repository detected, wait whaaaat?..."
     while [[ "$CONT_TEST" != "yes" && "$CONT_TEST" != "no" ]]
     do
@@ -62,7 +72,7 @@ if [ -z $JITSI_REPO ]; then
         exit
       elif [ "$CONT_TEST" = "yes" ]; then
         echo "Hmm, seems there won't be anything to test, continuing anyway..."
-        T=0
+        T1=0
       fi
     done
 else
@@ -81,52 +91,80 @@ else
 fi
 
 if [ "$(apt-show-versions jibri | grep -c "uptodate")" = "1" ]; then
-echo -e "Jibri is already up to date: \xE2\x9C\x94"
+    echo -e "Jibri is already up to date: \xE2\x9C\x94"
 else
-echo -e "\nAttempting jibri upgrade!"
-apt -y install --only-upgrade jibri
+    echo -e "\nAttempting jibri upgrade!"
+    apt-get -y install --only-upgrade jibri
 fi
 T2=1
 
 #T3
 echo -e "\n#3 -- Check Google Chrome/driver software.  --\n"
-check_google_binaries "Chromedriver" "$CHD_VER"
-check_google_binaries "Google Chrome" "$GOOGL_VER"
-if [ ! -z "$CHD_VER" ] && [ ! -z "$GOOGL_VER" ]; then
-T3=1
-elif [ -z "$CHD_VER" ] || [ -z "$GOOGL_VER" ]; then
-T3=0
-else
-T3=0
+check_google_binaries "Google Chrome" "$GOOGL_VER_LOCAL"
+check_google_binaries "Chromedriver" "$CHD_VER_LOCAL"
+
+if [ -n "$CHD_VER_LOCAL" ] && [ -n "$GOOGL_VER_LOCAL" ]; then
+# Chrome upgrade process
+  if [ "$(apt-show-versions google-chrome-stable | grep -c "uptodate")" = "1" ]; then
+    echo -e "Google Chrome is already up to date: \xE2\x9C\x94"
+  else
+    echo -e "\nAttempting Google Chrome upgrade!"
+    apt-get -yq install --only-upgrade google-chrome-stable
+  fi
+# Only upgrade chromedriver if it's on a lower version, not just a different one.
+  if [ "$CHD_VER_2D" = "$GOOGL_VER_2D" ]; then
+      echo -e "\nChromedriver version seems according to Google Chrome: \xE2\x9C\x94"
+      T3=1
+      elif version_gt "$GOOGL_VER_2D" "$CHD_VER_2D" && \
+      [ "$GOOGL_VER_2D" = "$CHD_LTST_2D" ]; then
+          echo -e "\nAttempting  Chromedriver update!"
+          wget -q https://chromedriver.storage.googleapis.com/"$CHD_LTST"/chromedriver_linux64.zip \
+               -O /tmp/chromedriver_linux64.zip
+          unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/
+          chown root:root "$CHDB"
+          chmod 0755 "$CHDB"
+          rm -rf /tpm/chromedriver_linux64.zip
+          if [ "$($CHDB -v | awk '{print $2}'|cut -d "." -f 1,2)" = "$GOOGL_VER_2D" ]; then
+              echo "Successful update"
+              T3=1
+          else
+              echo "Something might gone wrong on the update process, please report."
+              T3=0
+          fi
+      else
+      T3=0
+  fi
+ else
+  T3=0
 fi
 
 #T4
 echo -e "\n#4 -- Test kernel modules --\n"
-if [ -z $SND_AL_MODULE ]; then
+if [ -z "$SND_AL_MODULE" ]; then
 #First make sure the recommended kernel is installed.
-  if [ "$HWE_VIR_MOD" == "1" ]; then
+  if [ "$HWE_VIR_MOD" = "1" ]; then
       apt-get -y install \
-      linux-image-generic-hwe-$(lsb_release -sr) \
-      linux-modules-extra-virtual-hwe-$(lsb_release -sr)
-    else
+      linux-image-generic-hwe-"$(lsb_release -sr)"
+      else
       apt-get -y install \
-      linux-modules-extra-$(uname -r)
+      linux-image-generic \
+      linux-modules-extra-"$(uname -r)"
   fi
     echo -e "\nNo module snd_aloop detected. \xE2\x9C\x96 <== IMPORTANT! \nCurrent kernel: $(uname -r)\n"
     echo -e "\nIf you just installed a new kernel, \
 please try rebooting.\nFor now wait 'til the end of the recommended kernel installation."
   echo "# Check and Install HWE kernel if possible..."
   if uname -r | grep -q aws;then
-  KNL_HWE="$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr)|head -n1|awk '{print$3}'|cut -d "." -f1-4)"
-  KNL_MENU="$(awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg | grep generic | grep -v recovery | awk '{print$3,$4}'|grep $KNL_HWE)"
-      if [ ! -z "$KNL_MENU" ];then
+  KNL_HWE="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)"|awk 'NR==1{print$3}'|cut -d "." -f1-4)"
+  KNL_MENU="$(awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg|awk '!/recovery/&&/generic/{print$3,$4}'|grep "$KNL_HWE")"
+      if [ -n "$KNL_MENU" ];then
       echo -e "\nSeems you are using an AWS kernel \xE2\x9C\x96 <== IMPORTANT! \nYou might consider modify your grub (/etc/default/grub) to use the following:" && \
       echo -e "\n > $KNL_MENU"
       fi
   fi
   T4=0
 else
-    echo -e "Great!\nModule snd-aloop found!"
+    echo -e "Great!, module snd-aloop found. \xE2\x9C\x94"
     T4=1
 fi
 
@@ -134,14 +172,14 @@ fi
 echo -e "\n#5 -- Test .asoundrc file --\n"
 ASRC_MASTER="https://raw.githubusercontent.com/jitsi/jibri/master/resources/debian-package/etc/jitsi/jibri/asoundrc"
 ASRC_INSTALLED="/home/jibri/.asoundrc"
-ASRC_MASTER_MD5SUM=$(curl -sL $ASRC_MASTER | md5sum | cut -d ' ' -f 1)
-ASRC_INSTALLED_MD5SUM=$(md5sum $ASRC_INSTALLED | cut -d ' ' -f 1)
+ASRC_MASTER_MD5SUM="$(curl -sL "$ASRC_MASTER" | md5sum | cut -d ' ' -f 1)"
+ASRC_INSTALLED_MD5SUM="$(md5sum "$ASRC_INSTALLED" | cut -d ' ' -f 1)"
 
 if [ "$ASRC_MASTER_MD5SUM" == "$ASRC_INSTALLED_MD5SUM" ]; then
-    echo "Seems to be using the latest asoundrc file available!"
+    echo -e "Seems to be using the latest asoundrc file available. \xE2\x9C\x94"
     T5=1
 else
-    echo "asoundrc files differ, if you have errors, you might wanna check this file!"
+    echo -e "asoundrc files differ, if you have errors, you might wanna check this file \xE2\x9C\x96"
     T5=0
 fi
 
@@ -149,30 +187,52 @@ fi
 echo -e "\n#6 -- Old or new config --\n"
 
 echo -e "What config version is this using?"
-if [ -f ${CONF_JSON}_disabled ] && \
-   [ -f $JIBRI_CONF ] && \
-   [ -f $JIBRI_CONF-dpkg-file ]; then
-    echo -e "\n> This jibri config has been upgraded already.\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
-https://github.com/switnet-ltd/quick-jibri-installer/issues\n"
+if [ -f "${CONF_JSON}"_disabled ] && \
+   [ -f "$JIBRI_CONF" ] && \
+   [ -f "$JIBRI_CONF"-dpkg-file ]; then
+    echo -e "\n> This jibri config has been upgraded already. \xE2\x9C\x94 \n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
+https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
 T6=1
-elif [ ! -f $CONF_JSON ] && \
-   [ -f $JIBRI_CONF ] && \
-   [ -f ${JIBRI_CONF}-dpkg-file ]; then
-    echo -e "\n> This jibri seems to be running the lastest configuration already.\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
-https://github.com/switnet-ltd/quick-jibri-installer/issues\n"
+elif [ ! -f "$CONF_JSON" ] && \
+     [ -f "$JIBRI_CONF" ] && \
+     [ -f "${JIBRI_CONF}"-dpkg-file ]; then
+    echo -e "\n> This jibri seems to be running the latest configuration already. \xE2\x9C\x94 \n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
+https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
 T6=1
-elif [ -f ${CONF_JSON} ] && \
-   [ -f $JIBRI_CONF ]; then
-    echo -e "\n> This jibri config seems to be candidate for upgrading.\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
-https://github.com/switnet-ltd/quick-jibri-installer/issues\n"
+elif [ -f "${CONF_JSON}" ] && \
+     [ -f "$JIBRI_CONF" ]; then
+    echo -e "\n> This jibri config seems to be candidate for upgrading. \xE2\x9C\x96 \nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
+https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
 T6=0
 fi
 
-TEST_TOTAL=$((T1 + T2 + T3 + T4 + T5 + T6))
+#T6.1
+echo -e "\n#6.1 -- Check for specific Chrome flag --\n"
+if [ "$(grep -c "ignore-certificate-errors"  $JIBRI_CONF)" != 0 ]; then
+    echo -e "\n> Seems you have the \"--ignore-certificate-errors\" flag required for Chrome v88 and later. \xE2\x9C\x94 \n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
+https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
+T6_1="0.1"
+else
+echo -e "\n> The jibri config may be missing the required chrome flags. \xE2\x9C\x96 \nPlease check:\n https://forge.switnet.net/switnet/quick-jibri-installer/src/branch/master/quick_jibri_installer.sh#L870 \n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \
+https://forge.switnet.net/switnet/quick-jibri-installer/issues\n"
+T6_1=0
+fi
+
+#T7
+echo -e "\n#7 -- Check for open communication port among Jibri and JMS --\n"
+if ! nc -z -v -w5 "$JMS_DOMAIN" 5222 ; then
+  echo -e "Connection failed! \xE2\x9C\x96\n > You might want to check both Jibri & JMS firewall rules (TCP 5222)."
+  T7=0
+else
+  echo -e "Connection succeeded! \xE2\x9C\x94\n"
+  T7=1
+fi
+
+TEST_TOTAL=$(awk "BEGIN{ print $T1 + $T2 + $T3 + $T4 + $T5 + $T6 + $T6_1 + $T7 }")
 echo "
-###########################
+##############################
      \
-Score: $TEST_TOTAL out of 6
-###########################
+Score: $TEST_TOTAL out of 7.1
+##############################
 "
 echo -e "\nJibri Test complete, thanks for testing.\n"