diff --git a/README.md b/README.md index 1e60e3f..4328e14 100644 --- a/README.md +++ b/README.md @@ -2,23 +2,28 @@ Bash installer for Jibri on *buntu LTS based systems ## Features -* Enabled Local (audio) recording using flac * Enabled Session (video) Recording using Jibri * Enabled Jitsi Electron app detection server side. * Standalone SSL Certbot/LE implementation +* Option to enable Local audio recording using flac. * Option to enable Secure Rooms * Option to enable Welcome Page * Option to setup UI language -* (New) Jigasi Transcript - Speech to Text powered by Google API +* Jigasi Transcript - Speech to Text powered by Google API +* (New) JRA (Jibri Recordings Access) via Nextcloud +* (New) Customized brandless mode +* (New) Improved recurring updater ## Requirements -* Valid domain with DNS already set (preferably). +* Valid domain with DNS record. * Minimum recommended for video recording: 4 GB RAM / 4 Cores. * Dropbox developer App key & redirect url configured (if you choose to enable Dropbox upload). * Webcam ### Jigasi Transcript * SIP account * Google Cloud Account with Billing setup. +### Jibri Recodings Access via Nextcloud +* Valid domain with DNS record for Nextcloud SSL. ## Custom changes * Start with video muted by default @@ -28,4 +33,4 @@ Bash installer for Jibri on *buntu LTS based systems Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. -SwITNet Ltd © - 2019, https://switnet.net/ +SwITNet Ltd © - 2020, https://switnet.net/ diff --git a/files/jra-nc-app-ef.json b/files/jra-nc-app-ef.json new file mode 100644 index 0000000..42b2a1e --- /dev/null +++ b/files/jra-nc-app-ef.json @@ -0,0 +1,23 @@ +[ + { + "mount_id": 1, + "mount_point": "\/Jitsi Record", + "storage": "\\OC\\Files\\Storage\\Local", + "authentication_type": "null::null", + "configuration": { + "datadir": "\/var\/jbrecord" + }, + "options": { + "encrypt": true, + "previews": true, + "enable_sharing": false, + "filesystem_check_changes": 1, + "encoding_compatibility": false, + "readonly": false + }, + "applicable_users": [], + "applicable_groups": [ + "admin" + ] + } +] diff --git a/files/patch_425_3dty.patch b/files/patch_425_3dty.patch new file mode 100644 index 0000000..e97492c --- /dev/null +++ b/files/patch_425_3dty.patch @@ -0,0 +1,24 @@ +--- Compiler.php 2020-03-11 08:52:46.000000000 -0600 ++++ Compiler-fixed.php 2020-04-04 06:56:43.175786008 -0600 +@@ -5211,10 +5211,10 @@ + return new Node\Number(strlen($stringContent), ''); + } + +- protected static $libStrSlice = ['string', 'start-at', 'end-at']; ++ protected static $libStrSlice = ['string', 'start-at', 'end-at:-1']; + protected function libStrSlice($args) + { +- if (isset($args[2]) && $args[2][1] == 0) { ++ if (isset($args[2]) && ! $args[2][1]) { + return static::$nullString; + } + +@@ -5227,7 +5227,7 @@ + $start--; + } + +- $end = (int) $args[2][1]; ++ $end = isset($args[2]) ? (int) $args[2][1] : -1; + $length = $end < 0 ? $end + 1 : ($end > 0 ? $end - $start : $end); + + $string[2] = $length diff --git a/images/avatar2.png b/images/avatar2.png new file mode 100644 index 0000000..12c1007 Binary files /dev/null and b/images/avatar2.png differ diff --git a/images/favicon2.ico b/images/favicon2.ico new file mode 100644 index 0000000..71d6c98 Binary files /dev/null and b/images/favicon2.ico differ diff --git a/images/watermark2.png b/images/watermark2.png new file mode 100644 index 0000000..394437f Binary files /dev/null and b/images/watermark2.png differ diff --git a/jigasi.sh b/jigasi.sh index 661896d..861e583 100644 --- a/jigasi.sh +++ b/jigasi.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Quick Jigasi Installer - *buntu 16.04 (LTS) based systems. -# SwITNet Ltd © - 2019, https://switnet.net/ +# Quick Jigasi Installer - *buntu (LTS) based systems. +# SwITNet Ltd © - 2020, https://switnet.net/ # GPLv3 or later. ##################### Whistlist ####################### @@ -208,8 +208,10 @@ sed -i "/xmpp.acc.ANONYMOUS_AUTH/ s|# ||" $JIG_SIP_PROP prosodyctl register transcript auth.$DOMAIN jigasi -systemctl restart prosody ji* - +systemctl restart prosody \ + jicofo \ + jibri* \ + jitsi-videobridge* echo " To test, you need to enable subtitles beforehand then invite \ \"jitsi_meet_transcribe\" to the meeting (no quotes). diff --git a/jitsi-updater.sh b/jitsi-updater.sh index bf2be12..af50812 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -1,19 +1,24 @@ #!/bin/bash -# Jitsi Meet upgrade and custom keeper for Debian/*buntu binaries. -# 2019 - SwITNet Ltd +# Jitsi Meet recurring upgrader and customization keeper +# for Debian/*buntu binaries. +# 2020 - SwITNet Ltd # GNU GPLv3 or later. Blue='\e[0;34m' Purple='\e[0;35m' +Green='\e[0;32m' +Yellow='\e[0;33m' Color_Off='\e[0m' support="https://switnet.net/support" apt_repo="/etc/apt/sources.list.d" jibri_packages=$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages | sort -u | awk '{print $2}' | paste -s -d ' ') -LocRec="on" +LOC_REC="TBD" +ENABLE_BLESSM="TBD" CHD_LST=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE) CHDB=$(whereis chromedriver | awk '{print$2}') DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') INT_CONF=/usr/share/jitsi-meet/interface_config.js +AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)" if [ -f $apt_repo/google-chrome.list ]; then google_package=$(grep Package /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages | sort -u | cut -d ' ' -f2 | paste -s -d ' ') else @@ -102,12 +107,18 @@ else exit 1 fi +# Any customization, image, name or link change for any purpose should +# be documented here so new updates won't remove those changes. +# We divide them on UI changes and branding changes, feel free to adapt +# to your needs. +# +# Please keep in mind that fees to support for customization changes +# may apply. ######################################################################## -# Keeping changes # +# User interface changes # ######################################################################## printf "${Purple}========== Setting Static Avatar ==========${Color_Off}\n" -avatar="$(grep -r avatar /etc/*/sites-*/ 2>/dev/null)" -if [[ -z $avatar ]]; then +if [[ -z $AVATAR ]]; then echo "Moving on..." else echo "Setting Static Avatar" @@ -124,7 +135,7 @@ else fi printf "${Purple}========== Re-enable Localrecording ==========${Color_Off}\n" -if [ $LocRec = on ]; then +if [ $LOC_REC = on ]; then echo "Setting LocalRecording..." sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF else @@ -135,4 +146,12 @@ printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n sed -i "s|'videobackgroundblur', ||" $INT_CONF restart_services + + +######################################################################## +# Brandless mode # +######################################################################## +if [ $ENABLE_BLESSM = on ]; then + bash $PWD/jm-bm.sh +fi printf "${Blue}Script completed \o/! ${Color_Off}\n" diff --git a/jm-bm.sh b/jm-bm.sh new file mode 100644 index 0000000..5786d83 --- /dev/null +++ b/jm-bm.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# Jitsi Meet brandless mode +# for Debian/*buntu binaries. +# 2020 - SwITNet Ltd +# GNU GPLv3 or later. + +CSS_FILE="/usr/share/jitsi-meet/css/all.css" +TITLE_FILE="/usr/share/jitsi-meet/title.html" +INT_CONF="/usr/share/jitsi-meet/interface_config.js" +# +JM_IMG_PATH="/usr/share/jitsi-meet/images/" +WTM2_PATH="$JM_IMG_PATH/watermark2.png" +FICON_PATH="$JM_IMG_PATH/favicon2.ico" +# +APP_NAME="Conferences" +PART_USER="Participant" +echo ' +#-------------------------------------------------- +# Applying Brandless mode +#-------------------------------------------------- +' +#Watermark +if [ ! -f $WTM2_PATH ]; then + cp images/watermark2.png $WTM2_PATH +else + echo "watermark2 file exists, skipping copying..." +fi +#Favicon +if [ ! -f $FICON_PATH ]; then + cp images/favicon2.ico $FICON_PATH +else + echo "favicon2 file exists, skipping copying..." +fi + +#Custom / Remove icons +sed -i "s|watermark.png|watermark2.png|g" $CSS_FILE +sed -i "s|favicon.ico|favicon2.ico|g" $TITLE_FILE +sed -i "s|jitsilogo.png|watermark2.png|g" $TITLE_FILE + +#Disable logo and url +sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" $CSS_FILE + +#Customize room title +sed -i "s|Jitsi Meet|$APP_NAME|g" $TITLE_FILE +sed -i "s| powered by the Jitsi Videobridge||g" $TITLE_FILE +sed -i "21,32 s|Jitsi Meet|$APP_NAME|g" $INT_CONF + +#Custom UI changes +echo " +Please note that brandless mode will also overwrite support links. +" +sed -i "s|Fellow Jitster|$PART_USER|g" $INT_CONF +sed -i "s|LIVE_STREAMING_HELP_LINK: .*|LIVE_STREAMING_HELP_LINK: '#',|g" $INT_CONF +sed -i "s|SUPPORT_URL: .*|SUPPORT_URL: '#',|g" $INT_CONF diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh new file mode 100644 index 0000000..17faa70 --- /dev/null +++ b/jra_nextcloud.sh @@ -0,0 +1,372 @@ +#!/bin/bash +# JRA (Jibri Recordings Access) via Nextcloud +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. +if ! [ $(id -u) = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi + +clear +echo ' +######################################################################## + Jibri Recordings Access via Nextcloud +######################################################################## + by Software, IT & Networks Ltd +' +read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN +read -p "Nextcloud user: " -r NC_USER +read -p "Nextcloud user password: " -r NC_PASS + +DISTRO_RELEASE=$(lsb_release -sc) +PHPVER=7.4 +MDBVER=10.4 +PHP_FPM_DIR=/etc/php/$PHPVER/fpm +PHP_INI=$PHP_FPM_DIR/php.ini +NC_REPO="https://download.nextcloud.com/server/releases" +NCVERSION=$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1) +STABLEVERSION="nextcloud-$NCVERSION" +NC_PATH="/var/www/nextcloud" +NC_CONFIG="$NC_PATH/config/config.php" +NC_DB_USER="nextcloud_user" +NC_DB="nextcloud_db" +NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" +DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)" + +exit_ifinstalled() { +if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then + echo " This instance already has $1 installed, exiting..." + echo " Please report to: + -> https://github.com/switnet-ltd/quick-jibri-installer/issues " + exit +fi +} +install_ifnot() { +if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then + echo " $1 is installed, skipping..." + else + echo -e "\n---- Installing $1 ----" + apt -yqq install $1 +fi +} +add_mariadb() { + if [ "$(dpkg-query -W -f='${Status}' "mariadb-server" 2>/dev/null | grep -c "ok installed")" == "1" ]; then + echo "MariaDB already installed" + else + echo "# Adding MariaDB $MDBVER repository" + apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C74CD1D8 + echo "deb [arch=amd64] http://ftp.ddg.lth.se/mariadb/repo/$MDBVER/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/mariadb.list + apt update -qq + fi +} +add_php74() { + if [ "$(dpkg-query -W -f='${Status}' "php$PHPVER-fpm" 2>/dev/null | grep -c "ok installed")" == "1" ]; then + echo "PHP $PHPVER already installed" + else + echo "# Adding PHP $PHPVER Repository" + apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C + echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list + apt update -qq + fi +} + +exit_ifinstalled mariadb-server + +## Install software requirements +# MariaDB +add_mariadb +install_ifnot mariadb-server-$MDBVER + +# PHP 7.4 +add_php74 +apt install -y \ + php$PHPVER-fpm \ + php$PHPVER-bz2 \ + php$PHPVER-curl \ + php$PHPVER-gd \ + php$PHPVER-gmp \ + php$PHPVER-intl \ + php$PHPVER-json \ + php$PHPVER-ldap \ + php$PHPVER-mbstring \ + php$PHPVER-mysql \ + php$PHPVER-soap \ + php$PHPVER-xml \ + php$PHPVER-xmlrpc \ + php$PHPVER-zip \ + php-imagick + +#System related +install_ifnot smbclient +sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|;clear_env = no|clear_env = no|" /etc/php/$PHPVER/fpm/pool.d/www.conf + +echo " +Tunning PHP.ini... +" +# Change values in php.ini (increase max file size) +# max_execution_time +sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI" +# max_input_time +sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI" +# memory_limit +sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI" +# post_max +sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI" +# upload_max +sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI" + +phpenmod opcache +{ + +echo "# OPcache settings for Nextcloud" +echo "opcache.enable=1" +echo "opcache.enable_cli=1" +echo "opcache.interned_strings_buffer=8" +echo "opcache.max_accelerated_files=10000" +echo "opcache.memory_consumption=256" +echo "opcache.save_comments=1" +echo "opcache.revalidate_freq=1" +echo "opcache.validate_timestamps=1" +} >> "$PHP_INI" + +systemctl restart php$PHPVER-fpm.service + +#-------------------------------------------------- +# Create MySQL user +#-------------------------------------------------- + +echo -e "\n---- Creating the MariaDB User ----" + +mysql -u root < /etc/nginx/sites-available/$NC_DOMAIN.conf +upstream php-handler { + #server 127.0.0.1:9000; + server unix:/run/php/php${PHPVER}-fpm.sock; +} + +server { + listen 80; + listen [::]:80; + server_name $NC_DOMAIN; + # enforce https + return 301 https://\$server_name\$request_uri; +} + +server { + listen 4444 ssl http2; + listen [::]:4444 ssl http2; + server_name $NC_DOMAIN; + + ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NC_DOMAIN/privkey.pem; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15552000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Path to the root of your installation + root $NC_PATH/; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # The following 2 rules are only needed for the user_webfinger app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json + # last; + + location = /.well-known/carddav { + return 301 \$scheme://\$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 \$scheme://\$host/remote.php/dav; + } + location ~ /.well-known/acme-challenge { + allow all; + } + + # set max upload size + client_max_body_size 1024M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Uncomment if your server is built with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + location / { + rewrite ^ /index.php\$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:\$|/) { + fastcgi_split_path_info ^(.+\.php)(/.*)\$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param PATH_INFO \$fastcgi_path_info; + fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:\$|/) { + try_files \$uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff|svg|gif)\$ { + try_files \$uri /index.php\$uri\$is_args\$args; + add_header Cache-Control "public, max-age=15778463"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)\$ { + try_files \$uri /index.php\$uri\$is_args\$args; + # Optional: Don't log access to other assets + access_log off; + } +} +NC_NGINX +systemctl stop nginx +letsencrypt certonly --standalone --renew-by-default --agree-tos -d $NC_DOMAIN +if [ -f /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem ];then + ln -s /etc/nginx/sites-available/$NC_DOMAIN.conf /etc/nginx/sites-enabled/ +else + echo "There are issues on getting the SSL certs..." + read -n 1 -s -r -p "Press any key to continue" +fi +nginx -t +systemctl restart nginx + +echo " + Latest version to be installed: $STABLEVERSION +" +curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/$STABLEVERSION.zip +unzip -q /tmp/$STABLEVERSION.zip +mv nextcloud $NC_PATH + +chown -R www-data:www-data $NC_PATH +chmod -R 755 $NC_PATH + +if $(dpkg --compare-versions "$NCVERSION" "le" "18.0.3"); then +echo " +-> Patching #425 (scssphp/src/Compiler.php)..." +sudo -u www-data patch -d "$NC_PATH/3rdparty/leafo/scssphp/src/" -p0 < $PWD/files/patch_425_3dty.patch +fi + +echo " +Database installation... +" +sudo -u www-data php $NC_PATH/occ maintenance:install \ +--database=mysql \ +--database-name="$NC_DB" \ +--database-user="$NC_DB_USER" \ +--database-pass="$NC_DB_PASSWD" \ +--admin-user="$NC_USER" \ +--admin-pass="$NC_PASS" + +echo " +Prevent demo data on accounts and custom mods... +" +sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG +sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG +sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG +sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG + +echo " +Addding & Setting up Files External App for Local storage... +" +sudo -u www-data php $NC_PATH/occ app:install files_external +sudo -u www-data php $NC_PATH/occ app:enable files_external +sudo -u www-data php $NC_PATH/occ files_external:import $PWD/files/jra-nc-app-ef.json + +usermod -a -G jibri www-data +chown -R jibri:www-data $DIR_RECORD +chmod -R 770 $DIR_RECORD +chmod -R g+s $DIR_RECORD + +echo " +Fixing possible missing tables... +" +echo "y"|sudo -u www-data php $NC_PATH/occ db:convert-filecache-bigint +sudo -u www-data php $NC_PATH/occ db:add-missing-indices + +echo " +Adding trusted domain... +" +sudo -u www-data php $NC_PATH/occ config:system:set trusted_domains 0 --value=$NC_DOMAIN + +echo "Quick Nextcloud installation complete!" diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 6179233..f5a900a 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Quick Jibri Installer - *buntu 16.04 (LTS) based systems. -# SwITNet Ltd © - 2019, https://switnet.net/ +# Quick Jibri Installer - *buntu (LTS) based systems. +# SwITNet Ltd © - 2020, https://switnet.net/ # GPLv3 or later. { echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log @@ -20,7 +20,7 @@ set -x fi # SYSTEM SETUP -JITSI_UNS_REPO=$(apt-cache policy | grep http | grep jitsi | grep unstable | awk '{print $3}' | head -n 1 | cut -d "/" -f 1) +JITSI_STBL_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f 1) CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f 4) APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") @@ -30,6 +30,9 @@ GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" if [ $DIST = flidas ]; then DIST="xenial" fi +if [ $DIST = etiona ]; then +DIST="bionic" +fi install_ifnot() { if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." @@ -39,14 +42,15 @@ if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" = fi } check_serv() { -if [ "$APACHE_2" -eq 1 ] || [ "$NGINX" -eq 1 ]; then +if [ "$APACHE_2" -eq 1 ]; then echo " -Webserver already installed! +The recommended setup is using NGINX, exiting... " -elif [ "$APACHE_2" -eq 1 ] && [ "$NGINX" -eq 0 ]; then + exit +elif [ "$NGINX" -eq 1 ]; then echo " -Apache webserver already installed! +Webserver already installed! " else @@ -60,10 +64,18 @@ check_snd_driver() { modprobe snd-aloop echo "snd-aloop" >> /etc/modules if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then - echo "Audio driver seems ok." + echo " +#-------------------------------------------------- +# Audio driver seems - OK. +#--------------------------------------------------" else - echo "Seems to be an issue with your audio driver, please fix this before continue." - #exit + echo " +#-------------------------------------------------- +# Seems to be an issue with your audio driver, +# please review your hw setup. +#--------------------------------------------------" +read -n 1 -s -r -p "Press any key to continue... +" fi } update_certbot() { @@ -72,8 +84,8 @@ update_certbot() { Cerbot repository already on the system! Checking for updates... " - apt -qq update - apt -yqq dist-upgrade + apt -q2 update + apt -yq2 dist-upgrade else echo " Adding cerbot (formerly letsencrypt) PPA repository for latest updates @@ -91,20 +103,43 @@ echo ' Welcome to Jitsi/Jibri Installer ######################################################################## by Software, IT & Networks Ltd + +Featuring: +- Jibri Recording and YouTube Streaming +- Jibri Recordings Access via Nextcloud +- Jigasi Transcription +- Customized brandless mode +- Recurring changes updater + +See more at: https://github.com/switnet-ltd/quick-jibri-installer/ ' +read -n 1 -s -r -p "Press any key to continue..." #Check if user is root if ! [ $(id -u) = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi - +if [ "$DIST" = "xenial" ] || [ "$DIST" = "bionic" ]; then + echo "OS: $(lsb_release -sd) +Good, this is a supported platform!" +else + echo "OS: $(lsb_release -sd) +Sorry, this platform is not supported... exiting" + exit +fi +#Suggest 18.04 LTS release over 16.04 +if [ "$DIST" = "xenial" ]; then +echo "$(lsb_release -sc), even when it's compatible and functional. +We suggest to use the next (LTS) release, for longer support and security reasons." +read -n 1 -s -r -p "Press any key to continue..." +fi # Jitsi-Meet Repo echo "Add Jitsi key" -if [ "$JITSI_UNS_REPO" = "unstable" ]; then - echo "Jitsi unstable repository already installed" +if [ "$JITSI_STBL_REPO" = "stable" ]; then + echo "Jitsi stable repository already installed" else - echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list + echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - fi @@ -112,16 +147,18 @@ fi echo "We'll start by installing system requirements this may take a while please be patient..." apt update -yq2 apt dist-upgrade -yq2 -apt -yqq install \ + +apt -y install \ bmon \ curl \ ffmpeg \ git \ htop \ letsencrypt \ - linux-image-extra-virtual \ + linux-image-generic-hwe-$(lsb_release -r|awk '{print$2}') \ unzip \ wget + check_serv echo " @@ -129,7 +166,7 @@ echo " # Install Jitsi Framework #-------------------------------------------------- " -apt -yqq install \ +apt -y install \ jitsi-meet \ jibri \ openjdk-8-jre-headless @@ -147,7 +184,7 @@ if [ "$(dpkg-query -W -f='${Status}' nodejs 2>/dev/null | grep -c "ok")" == "1" echo "Nodejs is installed, skipping..." else curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - - apt install -yqq nodejs + apt install -yq2 nodejs echo "Installing nodejs esprima package..." npm install -g esprima fi @@ -163,23 +200,25 @@ fi echo "snd-aloop" | tee -a /etc/modules check_snd_driver CHD_VER=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE) +GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" + echo "# Installing Google Chrome / ChromeDriver" if [ -f $GOOGL_REPO ]; then -echo "Google repository already set." + echo "Google repository already set." else -echo "Installing Google Chrome Stable" + echo "Installing Google Chrome Stable" wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO fi apt -qq update -apt install -yqq google-chrome-stable +apt install -yq2 google-chrome-stable rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list if [ -f /usr/local/bin/chromedriver ]; then echo "Chromedriver already installed." else echo "Installing Chromedriver" - wget https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip + wget -q https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/ chown root:root /usr/local/bin/chromedriver chmod 0755 /usr/local/bin/chromedriver @@ -192,23 +231,33 @@ Check Google Software Working... /usr/bin/google-chrome --version /usr/local/bin/chromedriver --version | awk '{print$1,$2}' +echo " +Remove Chrome warning... +" +mkdir -p /etc/opt/chrome/policies/managed +echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' >> $GCMP_JSON + echo ' ######################################################################## - Starting Jibri configuration + Please Setup Your Instalation ######################################################################## ' # MEET / JIBRI SETUP DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') -JB_AUTH_PASS_FILE=/var/JB_AUTH_PASS.txt -JB_REC_PASS_FILE=/var/JB_REC_PASS.txt +WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf +JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" +JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua +PROSODY_SYS=/etc/prosody/prosody.cfg.lua JICOFO_SIP=/etc/jitsi/jicofo/sip-communicator.properties MEET_CONF=/etc/jitsi/meet/$DOMAIN-config.js CONF_JSON=/etc/jitsi/jibri/config.json -DIR_RECORD=/tmp/recordings +DIR_RECORD=/var/jbrecord REC_DIR=/home/jibri/finalize_recording.sh JB_NAME="Jibri Sessions" LE_RENEW_LOG="/var/log/letsencrypt/renew.log" +MOD_LISTU="https://prosody.im/files/mod_listusers.lua" +MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" echo "## Setting up Jitsi Meet language ## You can define your language by using a two letter code (ISO 639-1); English -> en @@ -219,52 +268,125 @@ You can define your language by using a two letter code (ISO 639-1); Jitsi Meet web interface will be set to use such language (if availabe). " read -p "Please set your language:"$'\n' -r LANG -read -p "Jibri internal.auth.$DOMAIN password: "$'\n' -sr JB_AUTH_PASS -read -p "Jibri recorder.$DOMAIN password: "$'\n' -sr JB_REC_PASS read -p "Set sysadmin email: "$'\n' -r SYSADMIN_EMAIL +#Drop unsecure TLS +while [[ $DROP_TLS1 != yes && $DROP_TLS1 != no ]] +do +read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1 +if [ $DROP_TLS1 = no ]; then + echo "TLSv1.0/1.1 will remain." +elif [ $DROP_TLS1 = yes ]; then + echo "TLSv1.0/1.1 will be dropped" +fi +done +#Dropbox while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]] do -read -p "Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB +read -p "> Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB if [ $ENABLE_DB = no ]; then echo "Dropbox won't be enable" elif [ $ENABLE_DB = yes ]; then read -p "Please set your Drobbox App key: "$'\n' -r DB_CID fi done +#SSL LE while [[ $ENABLE_SSL != yes && $ENABLE_SSL != no ]] do -read -p "Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL +read -p "> Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL if [ $ENABLE_SSL = no ]; then echo "Please run letsencrypt.sh manually post-installation." elif [ $ENABLE_SSL = yes ]; then echo "SSL will be enabled." fi done +#Brandless Mode +while [[ $ENABLE_BLESSM != yes && $ENABLE_BLESSM != no ]] +do +read -p "> Do you want to install customized \"brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM +if [ $ENABLE_BLESSM = no ]; then + echo "Brandless mode won't be set." +elif [ $ENABLE_BLESSM = yes ]; then + echo "Brandless mode will be set." +fi +done +#Jibri Records Access (JRA) via Nextcloud +while [[ $ENABLE_NC_ACCESS != yes && $ENABLE_NC_ACCESS != no ]] +do +read -p "> Do you want to setup Jibri Records Access via Nextcloud: (yes or no)"$'\n' -r ENABLE_NC_ACCESS +if [ $ENABLE_NC_ACCESS = no ]; then + echo "JRA via Nextcloud won't be enabled." +elif [ $ENABLE_NC_ACCESS = yes ]; then + echo "JRA via Nextcloud will be enabled." +fi +done #Jigasi while [[ $ENABLE_TRANSCRIPT != yes && $ENABLE_TRANSCRIPT != no ]] do -read -p "Do you want to setup Jigasi Transcription: (yes or no)"$'\n' -r ENABLE_TRANSCRIPT +read -p "> Do you want to setup Jigasi Transcription: (yes or no)"$'\n' -r ENABLE_TRANSCRIPT if [ $ENABLE_TRANSCRIPT = no ]; then echo "Jigasi Transcription won't be enabled." elif [ $ENABLE_TRANSCRIPT = yes ]; then echo "Jigasi Transcription will be enabled." fi done - -echo "$JB_AUTH_PASS" > $JB_AUTH_PASS_FILE -chmod 600 $JB_AUTH_PASS_FILE -echo "$JB_REC_PASS" > $JB_REC_PASS_FILE -chmod 600 $JB_REC_PASS_FILE +#Enable static avatar +while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] +do +read -p "> Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA +if [ "$ENABLE_SA" = "no" ]; then + echo "Static avatar won't be enabled" +elif [ "$ENABLE_SA" = "yes" ]; then + echo "Static avatar will be enabled" +fi +done +#Enable local audio recording +while [[ "$ENABLE_LAR" != "yes" && "$ENABLE_LAR" != "no" ]] +do +read -p "> Do you want to enable local audio recording option?: (yes or no)"$'\n' -r ENABLE_LAR +if [ "$ENABLE_LAR" = "no" ]; then + echo "Local audio recording option won't be enabled" +elif [ "$ENABLE_LAR" = "yes" ]; then + echo "Local audio recording option will be enabled" +fi +done +#Secure room initial user +while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]] +do +read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC +if [ "$ENABLE_SC" = "no" ]; then + echo "-- Secure rooms won't be enabled." +elif [ "$ENABLE_SC" = "yes" ]; then + echo "-- Secure rooms will being enabled." + read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER + read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS +fi +done +#Welcome Page +while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]] +do +read -p "> Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP +if [ $ENABLE_WELCP = yes ]; then + echo "Welcome page will be disabled." +elif [ $ENABLE_WELCP = no ]; then + echo "Welcome page will be enabled." +fi +done +#Start configuration +echo ' +######################################################################## + Start Jitsi Framework configuration +######################################################################## +' JibriBrewery=JibriBrewery -INT_CONF=/usr/share/jitsi-meet/interface_config.js +INT_CONF="/usr/share/jitsi-meet/interface_config.js" WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) ssl_wa() { -service $1 stop +systemctl stop $1 letsencrypt certonly --standalone --renew-by-default --agree-tos --email $5 -d $6 sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" $4 sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" $4 -service $1 restart +systemctl restart $1 #Add cron crontab -l | { cat; echo "@weekly certbot renew --${2} > $LE_RENEW_LOG 2>&1 || mail -s 'LE SSL Errors' $SYSADMIN_EMAIL < $LE_RENEW_LOG"; } | crontab - crontab -l @@ -273,9 +395,9 @@ service $1 restart enable_letsencrypt() { if [ "$ENABLE_SSL" = "yes" ]; then echo ' -######################################################################## - Starting LetsEncrypt configuration -######################################################################## +#-------------------------------------------------- +# Starting LetsEncrypt configuration +#-------------------------------------------------- ' #Disabled 'til fixed upstream #bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh @@ -290,9 +412,9 @@ fi check_jibri() { if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ] then - service jibri restart - service jibri-icewm restart - service jibri-xorg restart + systemctl restart jibri + systemctl restart jibri-icewm + systemctl restart jibri-xorg else echo "Jibri service not installed" fi @@ -300,9 +422,9 @@ fi # Restarting services restart_services() { - service jitsi-videobridge restart - service jicofo restart - service prosody restart + systemctl restart jitsi-videobridge* + systemctl restart jicofo + systemctl restart prosody check_jibri } @@ -330,6 +452,27 @@ VirtualHost "recorder.$DOMAIN" REC-JIBRI +#Fix Jibri conectivity issues +sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "/c2s_require_encryption = false/a \\ +\\ +consider_bosh_secure = true" $PROSODY_SYS + +if [ ! -f $MOD_LIST_FILE ]; then +echo " +-> Adding external module to list prosody users... +" +curl -s $MOD_LISTU > $MOD_LIST_FILE + +echo "Now you can check registered users with: +prosodyctl mod_listusers +" +else +echo "Prosody support for listing users seems to be enabled. +check with: prosodyctl mod_listusers +" +fi + ### Prosody users prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS prosodyctl register recorder recorder.$DOMAIN $JB_REC_PASS @@ -361,11 +504,8 @@ sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF fi #LocalRecording -#No longer necessary thanks to: makeJsonParserHappy +if [ $ENABLE_LAR = "yes" ]; then echo "# Enabling local recording (audio only)." -#DI_STR=$(grep -n "deploymentInfo:" $MEET_CONF | cut -d ":" -f1) -#DI_END=$((DI_STR + 6)) -#sed -i "$DI_STR,$DI_END{s|}|},|}" $MEET_CONF LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1) LR_END=$((LR_STR + 18)) sed -i "$LR_STR,$LR_END{s|// localRecording: {|localRecording: {|}" $MEET_CONF @@ -374,7 +514,8 @@ sed -i "$LR_STR,$LR_END{s|// format: 'flac'|format: 'flac'|}" $MEET_CONF sed -i "$LR_STR,$LR_END{s|// }|}|}" $MEET_CONF sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF -#EOLR +sed -i "s|LOC_REC=.*|LOC_REC=\"on\"|" jitsi-updater.sh +fi #Setup main language if [ -z $LANG ] || [ "$LANG" = "en" ]; then @@ -404,18 +545,25 @@ https://github.com/switnet-ltd/quick-jibri-installer/issues fi # Recording directory +mkdir $DIR_RECORD +chown -R jibri:jibri $DIR_RECORD + cat << REC_DIR > $REC_DIR #!/bin/bash -RECORDINGS_DIR=$1 +RECORDINGS_DIR=$DIR_RECORD echo "This is a dummy finalize script" > /tmp/finalize.out echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out echo "You should put any finalize logic (renaming, uploading to a service" >> /tmp/finalize.out echo "or storage provider, etc.) in this script" >> /tmp/finalize.out +chmod -R 770 \$RECORDINGS_DIR + exit 0 REC_DIR +chown jibri:jibri $REC_DIR +chmod +x $REC_DIR ## JSON Config cp $CONF_JSON $CONF_JSON.orig @@ -427,7 +575,7 @@ cat << CONF_JSON > $CONF_JSON { "name": "$JB_NAME", "xmpp_server_hosts": [ - "$WAN_IP" + "$DOMAIN" ], "xmpp_domain": "$DOMAIN", "control_login": { @@ -446,7 +594,7 @@ cat << CONF_JSON > $CONF_JSON "password": "$JB_REC_PASS" }, - "room_jid_domain_string_to_strip_from_start": "internal.auth", + "room_jid_domain_string_to_strip_from_start": "conference.", "usage_timeout": "0" } ] @@ -454,74 +602,46 @@ cat << CONF_JSON > $CONF_JSON CONF_JSON #Tune webserver for Jitsi App control -if [ -f /etc/apache2/sites-available/$DOMAIN.conf ]; then -WS_CONF=/etc/apache2/sites-available/$DOMAIN.conf -sed -i '$ d' $WS_CONF -cat << NG_APP >> $WS_CONF - - Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js" - Alias "/external_api.min.js" "/usr/share/jitsi-meet/libs/external_api.min.js" - - -NG_APP -service apache2 reload -elif [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then -WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf -WS_STR=$(grep -n "external_api.js" $WS_CONF | cut -d ":" -f1) -WS_END=$((WS_STR + 2)) -sed -i "${WS_STR},${WS_END} s|^|#|" $WS_CONF -sed -i '$ d' $WS_CONF -cat << NG_APP >> $WS_CONF - - location /external_api.min.js { - alias /usr/share/jitsi-meet/libs/external_api.min.js; - } - - location /external_api.js { - alias /usr/share/jitsi-meet/libs/external_api.min.js; - } -} -NG_APP -service nginx reload +if [ -f $WS_CONF ]; then + sed -i "/Anything that didn't match above/i \\\n" $WS_CONF + sed -i "/Anything that didn't match above/i \ \ \ \ location = \/external_api.min.js {" $WS_CONF + sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" $WS_CONF + sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF + sed -i "/Anything that didn't match above/i \\\n" $WS_CONF + systemctl reload nginx else echo "No app configuration done to server file, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues" fi - -#Enable static avatar -while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] -do -read -p "Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA -if [ "$ENABLE_SA" = "no" ]; then - echo "Static avatar won't be enable" -elif [ "$ENABLE_SA" = "yes" ] && [ -f /etc/apache2/sites-available/$DOMAIN.conf ]; then - echo "Static avatar are being enable" - wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png - WS_CONF=/etc/apache2/sites-available/$DOMAIN.conf - sed -i "/Alias \"\/external_api.js\"/i \ \ AliasMatch \^\/avatar\/\(.\*\)\\\.png /usr/share/jitsi-meet/images/avatar2.png" $WS_CONF - sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF - sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF -elif [ "$ENABLE_SA" = "yes" ] && [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then - wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png - WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf - sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {\\ -\ -\ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;\\ -\ -\ \ \ \ }\\ +#Static avatar +if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then + #wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png + cp images/avatar2.png /usr/share/jitsi-meet/images/ + sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" $WS_CONF + sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" $WS_CONF + sed -i "/location \/external_api.min.js/i \ \ \ \ }\\ \ " $WS_CONF sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF -else - echo "No app configuration done to server file, please report to: - -> https://github.com/switnet-ltd/quick-jibri-installer/issues" fi -done +#nginx -tlsv1/1.1 +if [ $DROP_TLS1 = "yes" ] && [ $DIST = "bionic" ];then + echo "Dropping TLSv1/1.1 in favor of v1.3" + sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf + #sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF +elif [ $DROP_TLS1 = "yes" ] && [ ! $DIST = "bionic" ];then + echo "Only dropping TLSv1/1.1" + sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf + #sed -i "s|TLSv1 TLSv1.1||" $WS_CONF +else + echo "No TLSv1/1.1 dropping was done. Please report to +https://github.com/switnet-ltd/quick-jibri-installer/issues " +fi -# Temporary disable "Blur my background" until is stable +# Disable "Blur my background" until new notice sed -i "s|'videobackgroundblur', ||" $INT_CONF -#Enable secure rooms? +#Setup secure rooms cat << P_SR >> $PROSODY_FILE VirtualHost "$DOMAIN" authentication = "internal_plain" @@ -530,24 +650,15 @@ VirtualHost "guest.$DOMAIN" authentication = "anonymous" c2s_require_encryption = false P_SR -while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]] -do -read -p "Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC -if [ "$ENABLE_SC" = "no" ]; then - echo "Secure rooms won't be enable" -elif [ "$ENABLE_SC" = "yes" ]; then - echo "Secure rooms are being enable" #Secure room initial user -read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER -read -p "Secure room moderator password: "$'\n' -sr SEC_ROOM_PASS +if [ "$ENABLE_SC" = "yes" ]; then +echo "Secure rooms are being enabled..." echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS fi -done - #Start with video muted by default sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF @@ -555,18 +666,11 @@ sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" $MEET_CONF #Disable/enable welcome page -while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]] -do -read -p "Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP if [ $ENABLE_WELCP = yes ]; then - echo "Welcome page will be disabled." sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" $MEET_CONF elif [ $ENABLE_WELCP = no ]; then - echo "Welcome page will be enabled." sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" $MEET_CONF fi -done - #Set displayname as not required since jibri can't set it up. sed -i "s|// requireDisplayName: true,|requireDisplayName: false,|" $MEET_CONF @@ -579,21 +683,33 @@ restart_services enable_letsencrypt #SSL workaround -if [ "$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then - ssl_wa apache2 apache $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN - install_ifnot python3-certbot-apache -elif [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then +if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then ssl_wa nginx nginx $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN install_ifnot python3-certbot-nginx else echo "No webserver found please report." fi - +#Brandless Mode +if [ $ENABLE_BLESSM = yes ]; then + echo "Custom brandless mode will be enabled." + sed -i "s|ENABLE_BLESSM=.*|ENABLE_BLESSM=\"on\"|" jitsi-updater.sh + bash $PWD/jm-bm.sh +fi +#JRA via Nextcloud +if [ $ENABLE_NC_ACCESS = yes ]; then + echo "Jigasi Transcription will be enabled." + bash $PWD/jra_nextcloud.sh +fi +#Jigasi Transcript if [ $ENABLE_TRANSCRIPT = yes ]; then echo "Jigasi Transcription will be enabled." bash $PWD/jigasi.sh fi +#Prevent Jibri conecction issue +sed -i "/127.0.0.1/a \\ +127.0.0.1 $DOMAIN" /etc/hosts + echo " ######################################################################## Installation complete!!