From e80fb126e99602687d7caa770594559ea147d513 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Mon, 6 Apr 2020 21:08:39 -0500 Subject: [PATCH 01/34] Add new fixes for new version --- quick_jibri_installer.sh | 100 +++++++++++++++++++++++++++++---------- 1 file changed, 75 insertions(+), 25 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 6179233..7474eef 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -20,7 +20,7 @@ set -x fi # SYSTEM SETUP -JITSI_UNS_REPO=$(apt-cache policy | grep http | grep jitsi | grep unstable | awk '{print $3}' | head -n 1 | cut -d "/" -f 1) +JITSI_STBL_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f 1) CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f 4) APACHE_2=$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") @@ -60,10 +60,16 @@ check_snd_driver() { modprobe snd-aloop echo "snd-aloop" >> /etc/modules if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then - echo "Audio driver seems ok." + echo " +######################################################################## + Audio driver seems - OK. +########################################################################" else - echo "Seems to be an issue with your audio driver, please fix this before continue." - #exit + echo " +######################################################################## +Seems to be an issue with your audio driver, please review your hw setup. +########################################################################" + read -p fi } update_certbot() { @@ -99,12 +105,22 @@ if ! [ $(id -u) = 0 ]; then exit 0 fi +DISTRO_RELEASE=$(lsb_release -sc) +if [ $DISTRO_RELEASE = xenial ] || [ $DISTRO_RELEASE = bionic ]; then + echo "OS: $(lsb_release -sd) +Good, this is a supported platform!" +else + echo "OS: $(lsb_release -sd) +Sorry, this platform is not supported... exiting" +exit +fi + # Jitsi-Meet Repo echo "Add Jitsi key" -if [ "$JITSI_UNS_REPO" = "unstable" ]; then - echo "Jitsi unstable repository already installed" +if [ "$JITSI_STBL_REPO" = "stable" ]; then + echo "Jitsi stable repository already installed" else - echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list + echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - fi @@ -112,6 +128,7 @@ fi echo "We'll start by installing system requirements this may take a while please be patient..." apt update -yq2 apt dist-upgrade -yq2 + apt -yqq install \ bmon \ curl \ @@ -119,9 +136,10 @@ apt -yqq install \ git \ htop \ letsencrypt \ - linux-image-extra-virtual \ + linux-image-generic-hwe-$(lsb_release -r|awk '{print$2}') \ unzip \ wget + check_serv echo " @@ -163,6 +181,8 @@ fi echo "snd-aloop" | tee -a /etc/modules check_snd_driver CHD_VER=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE) +GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" + echo "# Installing Google Chrome / ChromeDriver" if [ -f $GOOGL_REPO ]; then echo "Google repository already set." @@ -192,6 +212,12 @@ Check Google Software Working... /usr/bin/google-chrome --version /usr/local/bin/chromedriver --version | awk '{print$1,$2}' +echo " +Remove Chrome warning... +" +mkdir -p /etc/opt/chrome/policies/managed +echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' >> $GCMP_JSON + echo ' ######################################################################## Starting Jibri configuration @@ -199,13 +225,14 @@ echo ' ' # MEET / JIBRI SETUP DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') -JB_AUTH_PASS_FILE=/var/JB_AUTH_PASS.txt -JB_REC_PASS_FILE=/var/JB_REC_PASS.txt +JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" +JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua +PROSODY_SYS=/etc/prosody/prosody.cfg.lua JICOFO_SIP=/etc/jitsi/jicofo/sip-communicator.properties MEET_CONF=/etc/jitsi/meet/$DOMAIN-config.js CONF_JSON=/etc/jitsi/jibri/config.json -DIR_RECORD=/tmp/recordings +DIR_RECORD=/var/jbrecord REC_DIR=/home/jibri/finalize_recording.sh JB_NAME="Jibri Sessions" LE_RENEW_LOG="/var/log/letsencrypt/renew.log" @@ -219,8 +246,6 @@ You can define your language by using a two letter code (ISO 639-1); Jitsi Meet web interface will be set to use such language (if availabe). " read -p "Please set your language:"$'\n' -r LANG -read -p "Jibri internal.auth.$DOMAIN password: "$'\n' -sr JB_AUTH_PASS -read -p "Jibri recorder.$DOMAIN password: "$'\n' -sr JB_REC_PASS read -p "Set sysadmin email: "$'\n' -r SYSADMIN_EMAIL while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]] do @@ -251,10 +276,6 @@ elif [ $ENABLE_TRANSCRIPT = yes ]; then fi done -echo "$JB_AUTH_PASS" > $JB_AUTH_PASS_FILE -chmod 600 $JB_AUTH_PASS_FILE -echo "$JB_REC_PASS" > $JB_REC_PASS_FILE -chmod 600 $JB_REC_PASS_FILE JibriBrewery=JibriBrewery INT_CONF=/usr/share/jitsi-meet/interface_config.js WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) @@ -330,6 +351,28 @@ VirtualHost "recorder.$DOMAIN" REC-JIBRI +#Fix Jibri conectivity issues +sed -i "s|c2s_require_encryption = .*|c2s_require_encryption = false|" $PROSODY_SYS +sed -i "/c2s_require_encryption = false/a \\ +\\ +consider_bosh_secure = true" $PROSODY_SYS + +if [ ! -f /usr/lib/prosody/modules/mod_listusers.lua ]; then +echo " +-> Adding external module to list prosody users... +" +cd /usr/lib/prosody/modules/ +curl -s https://prosody.im/files/mod_listusers.lua > mod_listusers.lua + +echo "Now you can check registered users with: +prosodyctl mod_listusers +" +else +echo "Prosody support for listing users seems to be enabled. +check with: prosodyctl mod_listusers +" +fi + ### Prosody users prosodyctl register jibri auth.$DOMAIN $JB_AUTH_PASS prosodyctl register recorder recorder.$DOMAIN $JB_REC_PASS @@ -361,11 +404,7 @@ sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF fi #LocalRecording -#No longer necessary thanks to: makeJsonParserHappy echo "# Enabling local recording (audio only)." -#DI_STR=$(grep -n "deploymentInfo:" $MEET_CONF | cut -d ":" -f1) -#DI_END=$((DI_STR + 6)) -#sed -i "$DI_STR,$DI_END{s|}|},|}" $MEET_CONF LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1) LR_END=$((LR_STR + 18)) sed -i "$LR_STR,$LR_END{s|// localRecording: {|localRecording: {|}" $MEET_CONF @@ -404,18 +443,25 @@ https://github.com/switnet-ltd/quick-jibri-installer/issues fi # Recording directory +mkdir $DIR_RECORD +chown -R jibri:jibri $DIR_RECORD + cat << REC_DIR > $REC_DIR #!/bin/bash -RECORDINGS_DIR=$1 +RECORDINGS_DIR=$DIR_RECORD echo "This is a dummy finalize script" > /tmp/finalize.out echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out echo "You should put any finalize logic (renaming, uploading to a service" >> /tmp/finalize.out echo "or storage provider, etc.) in this script" >> /tmp/finalize.out +chmod -R 770 \$RECORDINGS_DIR + exit 0 REC_DIR +chown jibri:jibri $REC_DIR +chmod +x $REC_DIR ## JSON Config cp $CONF_JSON $CONF_JSON.orig @@ -427,7 +473,7 @@ cat << CONF_JSON > $CONF_JSON { "name": "$JB_NAME", "xmpp_server_hosts": [ - "$WAN_IP" + "$DOMAIN" ], "xmpp_domain": "$DOMAIN", "control_login": { @@ -446,7 +492,7 @@ cat << CONF_JSON > $CONF_JSON "password": "$JB_REC_PASS" }, - "room_jid_domain_string_to_strip_from_start": "internal.auth", + "room_jid_domain_string_to_strip_from_start": "conference.", "usage_timeout": "0" } ] @@ -534,7 +580,7 @@ while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]] do read -p "Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC if [ "$ENABLE_SC" = "no" ]; then - echo "Secure rooms won't be enable" + echo "-- Secure rooms won't be enable" elif [ "$ENABLE_SC" = "yes" ]; then echo "Secure rooms are being enable" #Secure room initial user @@ -594,6 +640,10 @@ if [ $ENABLE_TRANSCRIPT = yes ]; then bash $PWD/jigasi.sh fi +#Prevent Jibri conecction issue +sed -i "/127.0.0.1/a \\ +127.0.0.1 $DOMAIN" /etc/hosts + echo " ######################################################################## Installation complete!! -- 2.34.1 From 90fab0a179fd0c36cf1ce3c68856073dd6dbb35a Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 7 Apr 2020 16:00:38 -0500 Subject: [PATCH 02/34] Start using systemd over service scripts. --- quick_jibri_installer.sh | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 7474eef..1464576 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -78,8 +78,8 @@ update_certbot() { Cerbot repository already on the system! Checking for updates... " - apt -qq update - apt -yqq dist-upgrade + apt -q2 update + apt -yq2 dist-upgrade else echo " Adding cerbot (formerly letsencrypt) PPA repository for latest updates @@ -129,7 +129,7 @@ echo "We'll start by installing system requirements this may take a while please apt update -yq2 apt dist-upgrade -yq2 -apt -yqq install \ +apt -y install \ bmon \ curl \ ffmpeg \ @@ -147,7 +147,7 @@ echo " # Install Jitsi Framework #-------------------------------------------------- " -apt -yqq install \ +apt -y install \ jitsi-meet \ jibri \ openjdk-8-jre-headless @@ -165,7 +165,7 @@ if [ "$(dpkg-query -W -f='${Status}' nodejs 2>/dev/null | grep -c "ok")" == "1" echo "Nodejs is installed, skipping..." else curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - - apt install -yqq nodejs + apt install -yq2 nodejs echo "Installing nodejs esprima package..." npm install -g esprima fi @@ -192,7 +192,7 @@ echo "Installing Google Chrome Stable" echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO fi apt -qq update -apt install -yqq google-chrome-stable +apt install -yq2 google-chrome-stable rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list if [ -f /usr/local/bin/chromedriver ]; then @@ -281,11 +281,11 @@ INT_CONF=/usr/share/jitsi-meet/interface_config.js WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) ssl_wa() { -service $1 stop +systemctl stop $1 letsencrypt certonly --standalone --renew-by-default --agree-tos --email $5 -d $6 sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" $4 sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" $4 -service $1 restart +systemctl restart $1 #Add cron crontab -l | { cat; echo "@weekly certbot renew --${2} > $LE_RENEW_LOG 2>&1 || mail -s 'LE SSL Errors' $SYSADMIN_EMAIL < $LE_RENEW_LOG"; } | crontab - crontab -l @@ -311,9 +311,9 @@ fi check_jibri() { if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ] then - service jibri restart - service jibri-icewm restart - service jibri-xorg restart + systemctl restart jibri + systemctl restart jibri-icewm + systemctl restart jibri-xorg else echo "Jibri service not installed" fi @@ -321,9 +321,9 @@ fi # Restarting services restart_services() { - service jitsi-videobridge restart - service jicofo restart - service prosody restart + systemctl restart jitsi-videobridge* + systemctl restart jicofo + systemctl restart prosody check_jibri } @@ -510,7 +510,7 @@ cat << NG_APP >> $WS_CONF NG_APP -service apache2 reload +systemctl reload apache2 elif [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf WS_STR=$(grep -n "external_api.js" $WS_CONF | cut -d ":" -f1) @@ -528,7 +528,7 @@ cat << NG_APP >> $WS_CONF } } NG_APP -service nginx reload +systemctl reload nginx else echo "No app configuration done to server file, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues" -- 2.34.1 From 7042af5a118dfcb4e5129b7b4ff99cdb026cba61 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Tue, 7 Apr 2020 16:02:49 -0500 Subject: [PATCH 03/34] Add quick nextcloud installation This nextcloud installation is under development, still no ssl implementation. --- quick_nextcloud.sh | 310 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 310 insertions(+) create mode 100644 quick_nextcloud.sh diff --git a/quick_nextcloud.sh b/quick_nextcloud.sh new file mode 100644 index 0000000..e6bc8bd --- /dev/null +++ b/quick_nextcloud.sh @@ -0,0 +1,310 @@ +#!/bin/bash +# Quick Nextcloud Jitsi +# + +read -p "Dominio a usar para nextcloud: " -r NC_DOMAIN +read -p "Usuario para Nextcloud: " -r NC_USER +read -p "Password de usuario para Nextcloud: " -r NC_PASS + +DISTRO_RELEASE=$(lsb_release -sc) +PHPVER=7.4 +MDBVER=10.4 +PHP_FPM_DIR=/etc/php/$PHPVER/fpm +PHP_INI=$PHP_FPM_DIR/php.ini +NC_REPO="https://download.nextcloud.com/server/releases" +NCVERSION=$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1) +STABLEVERSION="nextcloud-$NCVERSION" +NC_PATH="/var/www/nextcloud" +NC_CONFIG="$NC_PATH/config/config.php" +NC_DB_USER="nextcloud_user" +NC_DB="nextcloud_db" +NC_DB_PASSWD="opwezyLWSVZ3_" +DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)" + +install_ifnot() { +if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then + echo " $1 is installed, skipping..." + else + echo -e "\n---- Installing $1 ----" + apt -yqq install $1 +fi +} +add_mariadb() { + if [ "$(dpkg-query -W -f='${Status}' "mariadb-server" 2>/dev/null | grep -c "ok installed")" == "1" ]; then + echo "MariaDB already installed" + else + echo "# Adding MariaDB $MDBVER Repository" + apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C74CD1D8 + echo "deb [arch=amd64] http://ftp.ddg.lth.se/mariadb/repo/$MDBVER/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/mariadb.list + apt update -qq + fi +} +add_php74() { + if [ "$(dpkg-query -W -f='${Status}' "php$PHPVER-fpm" 2>/dev/null | grep -c "ok installed")" == "1" ]; then + echo "MariaDB already installed" + else + echo "# Adding PHP 7.x Repository" + apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C + echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list + apt update -qq + + fi +} + +## Install software requirements +# MariaDB +add_mariadb +install_ifnot mariadb-server-$MDBVER + +# PHP 7.4 +add_php74 +apt install -y \ + php$PHPVER-fpm \ + php$PHPVER-bz2 \ + php$PHPVER-curl \ + php$PHPVER-gd \ + php$PHPVER-gmp \ + php$PHPVER-intl \ + php$PHPVER-json \ + php$PHPVER-ldap \ + php$PHPVER-mbstring \ + php$PHPVER-mysql \ + php$PHPVER-soap \ + php$PHPVER-xml \ + php$PHPVER-xmlrpc \ + php$PHPVER-zip \ + php-imagick + +#System related +install_ifnot smbclient +sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf +sed -i "s|;clear_env = no|clear_env = no|" /etc/php/$PHPVER/fpm/pool.d/www.conf + +echo " +Tunning PHP.ini... +" +# Change values in php.ini (increase max file size) +# max_execution_time +sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI" +# max_input_time +sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI" +# memory_limit +sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI" +# post_max +sed -i "s|post_max_size =.*|post_max_size = 1025M|g" "$PHP_INI" +# upload_max +sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1024M|g" "$PHP_INI" + +phpenmod opcache +{ + +echo "# OPcache settings for Nextcloud" +echo "opcache.enable=1" +echo "opcache.enable_cli=1" +echo "opcache.interned_strings_buffer=8" +echo "opcache.max_accelerated_files=10000" +echo "opcache.memory_consumption=256" +echo "opcache.save_comments=1" +echo "opcache.revalidate_freq=1" +echo "opcache.validate_timestamps=1" +} >> "$PHP_INI" + +systemctl restart php$PHPVER-fpm.service + +#-------------------------------------------------- +# Create MySQL user +#-------------------------------------------------- + +echo -e "\n---- Creating the MariaDB User ----" +cd /tmp + +mysql -u root < /etc/nginx/sites-available/$NC_DOMAIN.conf +server { + listen 80; + server_name $NC_DOMAIN; + + # Add headers to serve security related headers + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + # Path to the root of your installation + root $NC_PATH; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # The following 2 rules are only needed for the user_webfinger app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json + # last; + + location = /.well-known/carddav { + return 301 \$scheme://\$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 \$scheme://\$host/remote.php/dav; + } + + location ~ /.well-known/acme-challenge { + allow all; + } + + # set max upload size + client_max_body_size 1024M; + fastcgi_buffers 64 4K; + + # Disable gzip to avoid the removal of the ETag header + gzip off; + + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + location / { + rewrite ^ /index.php\$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:\$|/) { + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.*)\$; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param PATH_INFO \$fastcgi_path_info; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:\$|/) { + try_files \$uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~* \.(?:css|js)\$ { + try_files \$uri /index.php\$uri\$is_args\$args; + add_header Cache-Control "public, max-age=7200"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) +# add_header X-Content-Type-Options nosniff; +# add_header X-XSS-Protection "1; mode=block"; +# add_header X-Robots-Tag none; +# add_header X-Download-Options noopen; +# add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)\$ { + try_files \$uri /index.php\$uri\$is_args\$args; + # Optional: Don't log access to other assets + access_log off; + } +} +NC_NGINX + +ln -s /etc/nginx/sites-available/$NC_DOMAIN.conf /etc/nginx/sites-enabled/ + +nginx -t +systemctl reload nginx + +echo " + Latest version to be installed: $STABLEVERSION +" +cd /tmp && wget $NC_REPO/$STABLEVERSION.zip +unzip -q $STABLEVERSION.zip +sudo mv nextcloud $NC_PATH + +chown -R www-data:www-data $NC_PATH +chmod -R 755 $NC_PATH + +if $(dpkg --compare-versions "$NCVERSION" "le" "18.0.3"); then +echo " +-> Patching #425 (scssphp/src/Compiler.php)..." +cd $NC_PATH/3rdparty/leafo/scssphp/src +sudo -u www-data curl -s https://nc.switnet.net/s/J89EmtEKcgj9AwP/download \ +> patch_425_3thy.patch +sudo -u www-data patch -p0 < patch_425_3thy.patch +rm patch_425_3thy.patch +fi + +echo " +Database installation... +" +cd $NC_PATH +sudo -u www-data php occ maintenance:install \ +--database=mysql \ +--database-name="$NC_DB" \ +--database-user="$NC_DB_USER" \ +--database-pass="$NC_DB_PASSWD" \ +--admin-user="$NC_USER" \ +--admin-pass="$NC_PASS" + +echo " +Prevent demo data on accounts and custom mods... +" +sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG +sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG +sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG +sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG + +echo " +Addding & Setting up Files External App for Local storage... +" +sudo -u www-data php occ app:install files_external +sudo -u www-data php occ app:enable files_external +curl -s https://nc.switnet.net/s/r22QLNMYzLcay39/download > /tmp/jb-qnci-ef.json +sudo -u www-data php $NC_PATH/occ files_external:import /tmp/jb-qnci-ef.json + +usermod -a -G jibri www-data +chown -R jibri:www-data $DIR_RECORD +chmod -R 770 $DIR_RECORD +chmod -R g+s $DIR_RECORD + +echo " +Fixing possible missing tables... +" +echo "y"|sudo -u www-data php occ db:convert-filecache-bigint +sudo -u www-data php occ db:add-missing-indices + +echo " +Adding trusted domain... +" +sudo -u www-data php occ config:system:set trusted_domains 0 --value=$NC_DOMAIN + +echo "Quick Nextcloud installation complete!" -- 2.34.1 From 8e73776acbb1a3401e76ebf001cca280c6eeedbc Mon Sep 17 00:00:00 2001 From: Ark74 Date: Thu, 9 Apr 2020 21:43:29 -0500 Subject: [PATCH 04/34] Add SSL to nextcloud instance. --- quick_nextcloud.sh | 131 ++++++++++++++++++++++++++++++--------------- 1 file changed, 87 insertions(+), 44 deletions(-) diff --git a/quick_nextcloud.sh b/quick_nextcloud.sh index e6bc8bd..03e1d47 100644 --- a/quick_nextcloud.sh +++ b/quick_nextcloud.sh @@ -41,9 +41,9 @@ add_mariadb() { } add_php74() { if [ "$(dpkg-query -W -f='${Status}' "php$PHPVER-fpm" 2>/dev/null | grep -c "ok installed")" == "1" ]; then - echo "MariaDB already installed" + echo "PHP $PHPVER already installed" else - echo "# Adding PHP 7.x Repository" + echo "# Adding PHP $PHPVER Repository" apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list apt update -qq @@ -123,7 +123,7 @@ echo -e "\n---- Creating the MariaDB User ----" cd /tmp mysql -u root < /etc/nginx/sites-available/$NC_DOMAIN.conf +upstream php-handler { + #server 127.0.0.1:9000; + server unix:/run/php/php${PHPVER}-fpm.sock; +} + server { listen 80; + listen [::]:80; + server_name $NC_DOMAIN; + # enforce https + return 301 https://\$server_name\$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name $NC_DOMAIN; + ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NC_DOMAIN/privkey.pem; + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15552000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; @@ -146,7 +173,7 @@ server { add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation - root $NC_PATH; + root $NC_PATH/; location = /robots.txt { allow all; @@ -161,12 +188,11 @@ server { # last; location = /.well-known/carddav { - return 301 \$scheme://\$host/remote.php/dav; + return 301 \$scheme://\$host/remote.php/dav; } location = /.well-known/caldav { - return 301 \$scheme://\$host/remote.php/dav; - } - + return 301 \$scheme://\$host/remote.php/dav; + } location ~ /.well-known/acme-challenge { allow all; } @@ -175,71 +201,88 @@ server { client_max_body_size 1024M; fastcgi_buffers 64 4K; - # Disable gzip to avoid the removal of the ETag header - gzip off; + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - # Uncomment if your server is build with the ngx_pagespeed module + # Uncomment if your server is built with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - location / { - rewrite ^ /index.php\$uri; + rewrite ^ /index.php\$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { - deny all; + deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } + deny all; + } - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:\$|/) { - include fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(/.*)\$; - fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; - fastcgi_param PATH_INFO \$fastcgi_path_info; - #Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass unix:/run/php/php7.4-fpm.sock; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:\$|/) { + fastcgi_split_path_info ^(.+\.php)(/.*)\$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param PATH_INFO \$fastcgi_path_info; + fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:\$|/) { - try_files \$uri/ =404; - index index.php; + try_files \$uri/ =404; + index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block - location ~* \.(?:css|js)\$ { + location ~ \.(?:css|js|woff|svg|gif)\$ { try_files \$uri /index.php\$uri\$is_args\$args; - add_header Cache-Control "public, max-age=7200"; + add_header Cache-Control "public, max-age=15778463"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) -# add_header X-Content-Type-Options nosniff; -# add_header X-XSS-Protection "1; mode=block"; -# add_header X-Robots-Tag none; -# add_header X-Download-Options noopen; -# add_header X-Permitted-Cross-Domain-Policies none; + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; - } + } - location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)\$ { + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)\$ { try_files \$uri /index.php\$uri\$is_args\$args; # Optional: Don't log access to other assets access_log off; - } + } } NC_NGINX - -ln -s /etc/nginx/sites-available/$NC_DOMAIN.conf /etc/nginx/sites-enabled/ - +systemctl stop nginx +letsencrypt certonly --standalone --renew-by-default --agree-tos -d $NC_DOMAIN +if [ -f /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem ];then + ln -s /etc/nginx/sites-available/$NC_DOMAIN.conf /etc/nginx/sites-enabled/ +else + echo "There are issues on getting the SSL certs, exiting..." + exit +fi nginx -t systemctl reload nginx -- 2.34.1 From c56d7c69e835beab3f10a36929b7d304a7c6f947 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 10 Apr 2020 17:34:39 -0500 Subject: [PATCH 05/34] Dropping apache2 support Moving on with nginx as default browser --- quick_jibri_installer.sh | 55 ++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 1464576..1b958eb 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -30,6 +30,7 @@ GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" if [ $DIST = flidas ]; then DIST="xenial" fi + install_ifnot() { if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." @@ -39,14 +40,15 @@ if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" = fi } check_serv() { -if [ "$APACHE_2" -eq 1 ] || [ "$NGINX" -eq 1 ]; then +if [ "$APACHE_2" -eq 1 ]; then echo " -Webserver already installed! +The recommended setup is using NGINX, exiting... " -elif [ "$APACHE_2" -eq 1 ] && [ "$NGINX" -eq 0 ]; then + exit +elif [ "$NGINX" -eq 1 ]; then echo " -Apache webserver already installed! +Webserver already installed! " else @@ -245,6 +247,14 @@ You can define your language by using a two letter code (ISO 639-1); Jitsi Meet web interface will be set to use such language (if availabe). " +while [[ $DROP_TLS1 != yes && $DROP_TLS1 != no ]] +do +read -p "Do you want to drop support for TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1 +if [ $DROP_TLS1 = no ]; then + echo "TLSv1.0/1.1 will remain." +elif [ $DROP_TLS1 = yes ]; then + echo "TLSv1.0/1.1 will be dropped" +fi read -p "Please set your language:"$'\n' -r LANG read -p "Set sysadmin email: "$'\n' -r SYSADMIN_EMAIL while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]] @@ -500,18 +510,7 @@ cat << CONF_JSON > $CONF_JSON CONF_JSON #Tune webserver for Jitsi App control -if [ -f /etc/apache2/sites-available/$DOMAIN.conf ]; then -WS_CONF=/etc/apache2/sites-available/$DOMAIN.conf -sed -i '$ d' $WS_CONF -cat << NG_APP >> $WS_CONF - - Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js" - Alias "/external_api.min.js" "/usr/share/jitsi-meet/libs/external_api.min.js" - - -NG_APP -systemctl reload apache2 -elif [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then +if [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf WS_STR=$(grep -n "external_api.js" $WS_CONF | cut -d ":" -f1) WS_END=$((WS_STR + 2)) @@ -540,13 +539,6 @@ do read -p "Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA if [ "$ENABLE_SA" = "no" ]; then echo "Static avatar won't be enable" -elif [ "$ENABLE_SA" = "yes" ] && [ -f /etc/apache2/sites-available/$DOMAIN.conf ]; then - echo "Static avatar are being enable" - wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png - WS_CONF=/etc/apache2/sites-available/$DOMAIN.conf - sed -i "/Alias \"\/external_api.js\"/i \ \ AliasMatch \^\/avatar\/\(.\*\)\\\.png /usr/share/jitsi-meet/images/avatar2.png" $WS_CONF - sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF - sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF elif [ "$ENABLE_SA" = "yes" ] && [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf @@ -564,6 +556,18 @@ else fi done +if [ $DROP_TLS1 = yes ] && [ $DIST = "bionic" ];then + echo "Dropping TLSv1/1.1 in favor of v1.3" + if [ -f /etc/nginx/nginx.conf ]; + sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf + fi +elif [ $DROP_TLS1 = yes ] && [ ! $DIST = "bionic" ];then + echo "Only dropping TLSv1/1.1" + if [ -f /etc/nginx/nginx.conf ]; + sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf + fi +fi + # Temporary disable "Blur my background" until is stable sed -i "s|'videobackgroundblur', ||" $INT_CONF @@ -625,10 +629,7 @@ restart_services enable_letsencrypt #SSL workaround -if [ "$(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then - ssl_wa apache2 apache $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN - install_ifnot python3-certbot-apache -elif [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then +if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")" -eq 1 ]; then ssl_wa nginx nginx $DOMAIN $WS_CONF $SYSADMIN_EMAIL $DOMAIN install_ifnot python3-certbot-nginx else -- 2.34.1 From d2637e2d3402ba529a5ef9bbba791e2771946744 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 10 Apr 2020 17:36:44 -0500 Subject: [PATCH 06/34] Fix domain to use internal proxy --- quick_nextcloud.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/quick_nextcloud.sh b/quick_nextcloud.sh index 03e1d47..0dfe914 100644 --- a/quick_nextcloud.sh +++ b/quick_nextcloud.sh @@ -128,7 +128,8 @@ CREATE USER ${NC_DB_USER}@localhost IDENTIFIED BY '${NC_DB_PASSWD}'; GRANT ALL PRIVILEGES ON ${NC_DB}.* TO '${NC_DB_USER}'@'localhost'; FLUSH PRIVILEGES; DB - +echo "Done! +" #Tune MariaDB #mysql_secure_installation @@ -148,8 +149,8 @@ server { } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 4444 ssl http2; + listen [::]:4444 ssl http2; server_name $NC_DOMAIN; ssl_certificate /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem; -- 2.34.1 From 132be4ef7a4c81fe040a218a486f6dad95a6d575 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 00:08:30 -0500 Subject: [PATCH 07/34] Rearrange order and clean structure --- quick_jibri_installer.sh | 180 +++++++++++++++++++++------------------ 1 file changed, 96 insertions(+), 84 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 1b958eb..2951d63 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Quick Jibri Installer - *buntu 16.04 (LTS) based systems. +# Quick Jibri Installer - *buntu (LTS) based systems. # SwITNet Ltd © - 2019, https://switnet.net/ # GPLv3 or later. { @@ -30,7 +30,14 @@ GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" if [ $DIST = flidas ]; then DIST="xenial" fi - +if [ $DIST = etiona ]; then +DIST="bionic" +fi +if [ $DIST="xenial" ]; then +echo "$(lsb_release -sc), even when it's compatible and functional. +We suggest you choose an upgrade to the next (LTS) release." +fi +if install_ifnot() { if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." @@ -63,14 +70,15 @@ modprobe snd-aloop echo "snd-aloop" >> /etc/modules if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then echo " -######################################################################## - Audio driver seems - OK. -########################################################################" +#-------------------------------------------------- +# Audio driver seems - OK. +#--------------------------------------------------" else echo " -######################################################################## -Seems to be an issue with your audio driver, please review your hw setup. -########################################################################" +#-------------------------------------------------- +# Seems to be an issue with your audio driver, +# please review your hw setup. +#--------------------------------------------------" read -p fi } @@ -222,11 +230,12 @@ echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' >> $GCMP_JSON echo ' ######################################################################## - Starting Jibri configuration + Please Setup Your Instalation ######################################################################## ' # MEET / JIBRI SETUP DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') +WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua @@ -238,6 +247,8 @@ DIR_RECORD=/var/jbrecord REC_DIR=/home/jibri/finalize_recording.sh JB_NAME="Jibri Sessions" LE_RENEW_LOG="/var/log/letsencrypt/renew.log" +MOD_LISTU="https://prosody.im/files/mod_listusers.lua" +MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" echo "## Setting up Jitsi Meet language ## You can define your language by using a two letter code (ISO 639-1); English -> en @@ -247,16 +258,19 @@ You can define your language by using a two letter code (ISO 639-1); Jitsi Meet web interface will be set to use such language (if availabe). " +read -p "Please set your language:"$'\n' -r LANG +read -p "Set sysadmin email: "$'\n' -r SYSADMIN_EMAIL +#Drop unsecure TLS while [[ $DROP_TLS1 != yes && $DROP_TLS1 != no ]] do -read -p "Do you want to drop support for TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1 +read -p "Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1 if [ $DROP_TLS1 = no ]; then echo "TLSv1.0/1.1 will remain." elif [ $DROP_TLS1 = yes ]; then echo "TLSv1.0/1.1 will be dropped" fi -read -p "Please set your language:"$'\n' -r LANG -read -p "Set sysadmin email: "$'\n' -r SYSADMIN_EMAIL +done +#Dropbox while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]] do read -p "Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB @@ -266,6 +280,7 @@ elif [ $ENABLE_DB = yes ]; then read -p "Please set your Drobbox App key: "$'\n' -r DB_CID fi done +#SSL LE while [[ $ENABLE_SSL != yes && $ENABLE_SSL != no ]] do read -p "Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL @@ -285,7 +300,44 @@ elif [ $ENABLE_TRANSCRIPT = yes ]; then echo "Jigasi Transcription will be enabled." fi done - +#Enable static avatar +while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] +do +read -p "Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA +if [ "$ENABLE_SA" = "no" ]; then + echo "Static avatar won't be enable" +elif [ "$ENABLE_SA" = "yes" ]; then + echo "Static avatar will be enable" +fi +done +#Secure room initial user +while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]] +do +read -p "Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC +if [ "$ENABLE_SC" = "no" ]; then + echo "-- Secure rooms won't be enabled." +elif [ "$ENABLE_SC" = "yes" ]; then + echo "-- Secure rooms will being enabled." + read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER + read -p "Secure room moderator password: "$'\n' -sr SEC_ROOM_PASS +fi +done +#Welcome Page +while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]] +do +read -p "Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP +if [ $ENABLE_WELCP = yes ]; then + echo "Welcome page will be disabled." +elif [ $ENABLE_WELCP = no ]; then + echo "Welcome page will be enabled." +fi +done +#Start configuration +echo ' +######################################################################## + Start Jitsi Framework configuration +######################################################################## +' JibriBrewery=JibriBrewery INT_CONF=/usr/share/jitsi-meet/interface_config.js WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) @@ -304,9 +356,9 @@ systemctl restart $1 enable_letsencrypt() { if [ "$ENABLE_SSL" = "yes" ]; then echo ' -######################################################################## - Starting LetsEncrypt configuration -######################################################################## +#-------------------------------------------------- +# Starting LetsEncrypt configuration +#-------------------------------------------------- ' #Disabled 'til fixed upstream #bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh @@ -367,12 +419,11 @@ sed -i "/c2s_require_encryption = false/a \\ \\ consider_bosh_secure = true" $PROSODY_SYS -if [ ! -f /usr/lib/prosody/modules/mod_listusers.lua ]; then +if [ ! -f $MOD_LIST_FILE ]; then echo " -> Adding external module to list prosody users... " -cd /usr/lib/prosody/modules/ -curl -s https://prosody.im/files/mod_listusers.lua > mod_listusers.lua +curl -s $MOD_LISTU > $MOD_LIST_FILE echo "Now you can check registered users with: prosodyctl mod_listusers @@ -510,68 +561,45 @@ cat << CONF_JSON > $CONF_JSON CONF_JSON #Tune webserver for Jitsi App control -if [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then -WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf -WS_STR=$(grep -n "external_api.js" $WS_CONF | cut -d ":" -f1) -WS_END=$((WS_STR + 2)) -sed -i "${WS_STR},${WS_END} s|^|#|" $WS_CONF -sed -i '$ d' $WS_CONF -cat << NG_APP >> $WS_CONF - - location /external_api.min.js { - alias /usr/share/jitsi-meet/libs/external_api.min.js; - } - - location /external_api.js { - alias /usr/share/jitsi-meet/libs/external_api.min.js; - } -} -NG_APP -systemctl reload nginx +if [ -f $WS_CONF ]; then + sed -i "/Anything that didn't match above/i \\\n" $WS_CONF + sed -i "/Anything that didn't match above/i \ \ \ \ location = \/external_api.min.js {" $WS_CONF + sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ alias \/usr\/share\/jitsi-meet\/libs\/external_api.min.js;" $WS_CONF + sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF + sed -i "/Anything that didn't match above/i \\\n" $WS_CONF + systemctl reload nginx else echo "No app configuration done to server file, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues" fi - -#Enable static avatar -while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] -do -read -p "Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA -if [ "$ENABLE_SA" = "no" ]; then - echo "Static avatar won't be enable" -elif [ "$ENABLE_SA" = "yes" ] && [ -f /etc/nginx/sites-available/$DOMAIN.conf ]; then +#Static avatar +if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png - WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf - sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {\\ -\ -\ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;\\ -\ -\ \ \ \ }\\ + sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" $WS_CONF + sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" $WS_CONF + sed -i "/location \/external_api.min.js/i \ \ \ \ }\\ \ " $WS_CONF sed -i "/RANDOM_AVATAR_URL_PREFIX/ s|false|\'https://$DOMAIN/avatar/\'|" $INT_CONF sed -i "/RANDOM_AVATAR_URL_SUFFIX/ s|false|\'.png\'|" $INT_CONF -else - echo "No app configuration done to server file, please report to: - -> https://github.com/switnet-ltd/quick-jibri-installer/issues" fi -done - -if [ $DROP_TLS1 = yes ] && [ $DIST = "bionic" ];then +#nginx -tlsv1/1.1 +if [ $DROP_TLS1 = "yes" ] && [ $DIST = "bionic" ];then echo "Dropping TLSv1/1.1 in favor of v1.3" - if [ -f /etc/nginx/nginx.conf ]; - sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf - fi -elif [ $DROP_TLS1 = yes ] && [ ! $DIST = "bionic" ];then + sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf + #sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF +elif [ $DROP_TLS1 = "yes" ] && [ ! $DIST = "bionic" ];then echo "Only dropping TLSv1/1.1" - if [ -f /etc/nginx/nginx.conf ]; - sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf - fi + sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf + #sed -i "s|TLSv1 TLSv1.1||" $WS_CONF +else + echo "No TLSv1/1.1 dropping was done. Please report to +https://github.com/switnet-ltd/quick-jibri-installer/issues " fi -# Temporary disable "Blur my background" until is stable +# Disable "Blur my background" until new notice sed -i "s|'videobackgroundblur', ||" $INT_CONF -#Enable secure rooms? +#Setup secure rooms cat << P_SR >> $PROSODY_FILE VirtualHost "$DOMAIN" authentication = "internal_plain" @@ -580,24 +608,15 @@ VirtualHost "guest.$DOMAIN" authentication = "anonymous" c2s_require_encryption = false P_SR -while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]] -do -read -p "Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC -if [ "$ENABLE_SC" = "no" ]; then - echo "-- Secure rooms won't be enable" -elif [ "$ENABLE_SC" = "yes" ]; then - echo "Secure rooms are being enable" #Secure room initial user -read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER -read -p "Secure room moderator password: "$'\n' -sr SEC_ROOM_PASS +if [ "$ENABLE_SC" = "yes" ]; then +echo "Secure rooms are being enabled..." echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS fi -done - #Start with video muted by default sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF @@ -605,18 +624,11 @@ sed -i "s|// startWithVideoMuted: false,|startWithVideoMuted: true,|" $MEET_CONF sed -i "s|// startAudioMuted: 10,|startAudioMuted: 1,|" $MEET_CONF #Disable/enable welcome page -while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]] -do -read -p "Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP if [ $ENABLE_WELCP = yes ]; then - echo "Welcome page will be disabled." sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: false,|" $MEET_CONF elif [ $ENABLE_WELCP = no ]; then - echo "Welcome page will be enabled." sed -i "s|.*enableWelcomePage:.*| enableWelcomePage: true,|" $MEET_CONF fi -done - #Set displayname as not required since jibri can't set it up. sed -i "s|// requireDisplayName: true,|requireDisplayName: false,|" $MEET_CONF -- 2.34.1 From fa3d9db025b57dac70a733d2cec4b12250061265 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 00:09:43 -0500 Subject: [PATCH 08/34] Avoid preinstalled db. Set automatic db password. --- quick_nextcloud.sh | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/quick_nextcloud.sh b/quick_nextcloud.sh index 0dfe914..e57d5f9 100644 --- a/quick_nextcloud.sh +++ b/quick_nextcloud.sh @@ -1,10 +1,21 @@ #!/bin/bash # Quick Nextcloud Jitsi # +if ! [ $(id -u) = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi -read -p "Dominio a usar para nextcloud: " -r NC_DOMAIN -read -p "Usuario para Nextcloud: " -r NC_USER -read -p "Password de usuario para Nextcloud: " -r NC_PASS +clear +echo ' +######################################################################## + Jibri Recordings Access via Nextcloud +######################################################################## + by Software, IT & Networks Ltd +' +read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN +read -p "Nextcloud user: " -r NC_USER +read -p "Nextcloud user password: " -r NC_PASS DISTRO_RELEASE=$(lsb_release -sc) PHPVER=7.4 @@ -18,9 +29,16 @@ NC_PATH="/var/www/nextcloud" NC_CONFIG="$NC_PATH/config/config.php" NC_DB_USER="nextcloud_user" NC_DB="nextcloud_db" -NC_DB_PASSWD="opwezyLWSVZ3_" +NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)" +exit_ifinstalled() { +if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then + echo " This instance already has $1 installed, exiting..." + echo " Please report to: + -> https://github.com/switnet-ltd/quick-jibri-installer/issues " + exit +} install_ifnot() { if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." @@ -33,7 +51,7 @@ add_mariadb() { if [ "$(dpkg-query -W -f='${Status}' "mariadb-server" 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo "MariaDB already installed" else - echo "# Adding MariaDB $MDBVER Repository" + echo "# Adding MariaDB $MDBVER repository" apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C74CD1D8 echo "deb [arch=amd64] http://ftp.ddg.lth.se/mariadb/repo/$MDBVER/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/mariadb.list apt update -qq @@ -51,6 +69,8 @@ add_php74() { fi } +exit_ifinstalled mariadb-server + ## Install software requirements # MariaDB add_mariadb -- 2.34.1 From bccc07a7871ebfbf355e2d4008a63106c89e121c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 01:34:50 -0500 Subject: [PATCH 09/34] Adding static files --- files/jra-nc-app-ef.json | 23 +++++++++++++++++++++++ files/patch_425_3dty.patch | 24 ++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 files/jra-nc-app-ef.json create mode 100644 files/patch_425_3dty.patch diff --git a/files/jra-nc-app-ef.json b/files/jra-nc-app-ef.json new file mode 100644 index 0000000..42b2a1e --- /dev/null +++ b/files/jra-nc-app-ef.json @@ -0,0 +1,23 @@ +[ + { + "mount_id": 1, + "mount_point": "\/Jitsi Record", + "storage": "\\OC\\Files\\Storage\\Local", + "authentication_type": "null::null", + "configuration": { + "datadir": "\/var\/jbrecord" + }, + "options": { + "encrypt": true, + "previews": true, + "enable_sharing": false, + "filesystem_check_changes": 1, + "encoding_compatibility": false, + "readonly": false + }, + "applicable_users": [], + "applicable_groups": [ + "admin" + ] + } +] diff --git a/files/patch_425_3dty.patch b/files/patch_425_3dty.patch new file mode 100644 index 0000000..e97492c --- /dev/null +++ b/files/patch_425_3dty.patch @@ -0,0 +1,24 @@ +--- Compiler.php 2020-03-11 08:52:46.000000000 -0600 ++++ Compiler-fixed.php 2020-04-04 06:56:43.175786008 -0600 +@@ -5211,10 +5211,10 @@ + return new Node\Number(strlen($stringContent), ''); + } + +- protected static $libStrSlice = ['string', 'start-at', 'end-at']; ++ protected static $libStrSlice = ['string', 'start-at', 'end-at:-1']; + protected function libStrSlice($args) + { +- if (isset($args[2]) && $args[2][1] == 0) { ++ if (isset($args[2]) && ! $args[2][1]) { + return static::$nullString; + } + +@@ -5227,7 +5227,7 @@ + $start--; + } + +- $end = (int) $args[2][1]; ++ $end = isset($args[2]) ? (int) $args[2][1] : -1; + $length = $end < 0 ? $end + 1 : ($end > 0 ? $end - $start : $end); + + $string[2] = $length -- 2.34.1 From 751878d1d6eec7cabf5a65656ed6f33a77e4c50c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 01:38:13 -0500 Subject: [PATCH 10/34] Add branless images --- images/avatar2.png | Bin 0 -> 16334 bytes images/favicon2.ico | Bin 0 -> 326 bytes images/watermark2.png | Bin 0 -> 169 bytes 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 images/avatar2.png create mode 100644 images/favicon2.ico create mode 100644 images/watermark2.png diff --git a/images/avatar2.png b/images/avatar2.png new file mode 100644 index 0000000000000000000000000000000000000000..12c1007048bd87f7014e8c6aab788843a9695558 GIT binary patch literal 16334 zcmX|o1yEc~(>3lA96}%v+}+)6afjd*Jh*F+Ai-JOVX?*C-Q8I{xI+j|2><4Jzxs>X zg4()wrl)64_vzC^l$wehCfa*67#J8#1$k)=7#LVu=m!}E3Hl8@_n89p7wT7eeK!~w zbi98bSeVRgV(6Dh=1OwXFmL~U^1DitVPM3Z6r?4zyw@&rko^r;JlzfP`$%;<)29M>4L0 z0*P980V!h<>K8VdQX}BUkeDP$!J}2 zzPS`l@!fH>^npLjhK7M3GiK!&j+y8mb!91TjfEuW)nD;W_{p4=*@^#fZ%gntf8ZF8 z=oSwV35WZ0$qbX26)5E!#vL+!#N}@TS*@RZ*NRX)mIyw6(8r)k7R`4PmOCQe?U)({ zLYDiEey7TzP4tXQ5NF)tm-DR@t*&x12|c4A9uhx4`&NXC;iKulBHy;q0@6*Va`;vZ z>gxN}8hwhI>{nDO>&oW@UH5A}ZjW)!u73{bSnLJb({*+GOwiiDMtCe&ELDQrX*`xE z*D{t@T`a(Xuh06asi`^?@4hTp#Ad%;XJ%$%*Xh>QH6_cSK^8tC?&=_WvJ*E(V3Jz1 z7#TQUZ1-#n2L0^3J1$xQpRt*=Yz4kJo?To?IS-v)4BqKT^BMaVb|@m{dA?qxjxuV+A*#x`bX7) zCl})UsU@8APH#wIBnD(Cs~Qp~kqKHRmCdLBq}TcP`7C04=+xs+fc>qn-j~w?avtbn zEi-*)2nh-Ql5`M}8YU5DNN0UzvE40>S}su{l9_ELNKnHFx^J_oiu@Qj+wS^cwEPs~ zWneR%Td$JMZ%roXKfAWwy0X^f7un=o=fAw8R~J@Sak+gngL2@GrljG(URPV6b_SG79)~QGbK!%@edO^otO?(J^3tl*WLqZxf{k=x+o40!y_+ckT^E<2I8 zez)Za%(JTcn|kS;+o0mUa~B5(m)K0IC4A<$9C>xWfnm(T{LQ2_%wZf6>5SR(g%(30 zPseyTdF`wLdBmi`rnB>Y`wq{m#_3I;$YT-zi#y!`UlyGjySr$QtAGcCz2P6q?xu(1 zS>B8Mq*+^^+|~n$*b;_SiJgtQJb6x@G0}deUABKA<6pFNT&w4BA#T$4+=rw3GS$9h zP*Co@d%w5bBv->baI~b?b#uzZ3%mA`bsr;I5E%4tuIdGD}{;Vn*mrKnsO_ z%M-m=+px__oH8 zg7QIkDEDg3om_b{D-8AGJsje*7e6Gg>=}c(jSf^rUWH~-Gc)`7F>&v$7gI64@%hyLnf2zd z`bKwf^`i}Dc~|?B=A4!ig1iQkPI!~e4C`6jQ63G9(aP!bU9IQUrsEuZKc-61#93^^ zfo9#ychZ#F4dhHpSAa^awC_V6!}K*W0`-IMexkg=HnSE@CbPkU1Y9`I*EfzmM9gPo#Iy>X91`%t2uuZ6@3TK@XRkRi(LsjBxp+b-o7?9(QY0 z<_VUp?!W2Kihytmc28*jMy!W0aL;Tq;`{i5?~pLb_mN6JUb`|lw4s1}XiMc_3D4}a zf)PaiK3bSNXmk_Q8=_H_!jw+vvfAh0N@_i92IXmQwQXRkD6J+#T!$qKW{<|ogRDOg z*1B|geA`)Ie$o37I|FHVbes14-O*o`DsHe<%gxw}%0mY>Hl6=T6}fS$+%q^od_LzO zV75Qop{(|v%QNB1jm3d3 zoyLN^&0sd~Ag=l*kJ#k2v^2x`&jEVy#b=V~#`CLTZhwp1d;p4 zBAphe%?+T!$yn|b@B%VVko>Kv!vvX{0W3Ede%>5{)9CKgaDTCFkFf9?8oznSzHsxN z9N&F}(vyJnt}GU&sl8wB9G54{4Uu0!luXe}O3PI7!VVKDH%$qf1{CG&(RL7AO7Nd3 zoL#}6Tc#_fX<%D?KYqjJ&=ZMdi;u#qmLDD?dsn+HNQvs#ab?jGih(tHj6gi3F!%Pe z8=5*K;7{`I0KBW)31CSRO_e4#nc$-D&mp45qJ#oGx_CFrjvozF+IJJDh5f^*wCobl zzcyvVuuWBMCK!vfg7U@+X0k<~izXEDJFkJfS9Kzs>HqI+HUi?YgV#rEG;(Xp+gwPGntQr%O|Ee8z4n(Yc#~ErDFgT8q!ecc#tZb6goWhi^z#dXS1sfIpcu`;Feem^6zBvYK(d!phue3k`A3pyW`=q5msR-fl>;9c&+pS z$00-GG1qjB?Q%SIVvPX{Tlf*i>vw5+LJo7nAsdE0&1Q1tO113mcV%?K_i2((uyP27 zpkUjgX@$zl$|2yEAiJ3hC)87=|2(Dj^DdIymmNv*Uv!6VALl5X;z#i zr8eXs(IT=fOUx+zoH~R%sBfce+JwIpabd0~k|ixCRmerF)(S4&cuC;6@nj(uPtxlO zG8BH!O<12ClDOE3=mw@jpg4cES)jr;gff!jW{mN#acIr=%~&Avwup#>wXyv4wOW@2 z-^)W)3rZn<3I(%YqOnp7<%Na)jT@JOSm@23Jg)t0=^D>D9iDb{q2{H!_&RL~Io*<; zoa{-NLP2rFUrrEkhxsI+1V6pkJ&EdDRacfv2`zh0>#O%9wc2rCB>Cu!q-SP56-#Uq zLK1#;3mTR70!W!F2+_Nm~p$FD5`w-~;!o&v>hYL)Qi{KFk0^D-f!xmn6A|nRD=!m4}T0Ir!zm&Ns{7llZ zA`eXjO}-_lfVa`azU6A!j5*;PH_yureSWr61r68grE)I1wuDWr@N;Q1Y95;{<^pK8 zikbS9{jZLKo+3UjaE}L%-#8mD3Lm+f}a)&{*nT%OQpiu{}R@MyF875%H5n2X(#Nzwg_J7B-V} zeapEd3r3(5`qd&pYWDQ(YHR#aWs}rDP@qng69~H9H|m{ISG@GE^=xB+pp{3B%YRl~ zF0sDjbN`MhTXBE6o}3nb?(X@!1u>y`I#&qlzKSlthp)qfz&cakUIdU_wdk&zclFX% zKnD~(LIm}A;W*s((*Q~b>^NnV;@Tq4eVsqF?5~JW+mXJV{3M12K!NE@*+Ct*2snFGm63Mv2Be3zS}?pMG6Kb)43&>w=V)UAM-&FE^BD&wv-1kiS( z{l>oqIz^OdDQA7o>}~9EVI!(vFd9|CmDeDCs_K{5HZsbw_1O$M7&W!m<-#O7UaHh( zP9b;tm-=Of2chB0a8v~WdT25wRs!n?6=!2JxB$uCHE#cQQd32!x4yn!1Ms*wrI?m1 zF(A*YGS{dx5M4qjZ0xslKt`q3ygmtwni_FDj_hmkYW-<~xGg z@!JbL#K#*YJ=>2eOQ@iw!}DbMa+}c1kT@z7wy8LPgM)*--7?dOFt|sWg$RVe9+R>{ zrSPQ&FKqjreAwk#vu{Jq;-`aZ9wx z>y^4BDh1q*R!xi1Om`)l(PK4I$jbX)azxz}(Mx_4O)p&8D~q_k4dC=aLvKGQtw#w7 zz-2S-4#05Cjn~%gNrwV5I1x*Jwvj}$YSYgXH~7+F*{9=QxtB@zKoy7546vKtOvXq* zWJ`C>{t#UU1%#6kUl1oGF)VR0i6#b0>-+BwzeQs3Zm!$#zhC7nhuPvGVQ10Tu*v>l z2aiWouZctj&B~dX@1c(hdLP4}ZGd7=K0wnNtv>Q3qbfdN0?5Lnf;H5u$ZFYAoh3GR zPG51N8D>3GMZly3C;nJ*dJb7A%n&KIPFU~S>@Da8Ht8?iL|D}&OHpa`rP!m_H0gR4 zhbO{OGdQdVjLiUj34DmC}Ya4adoRGj--n|)*%oj_CIo?weaD%I)& zq`pevAs~lqoA;VGbhfQ*u}zOyX#kqulF7yn*GA_Cez0qVV^Tu7?7N}}f{D#uD4&PU z#t9nnnBIVjbfmFb7prYK(AtUKvT~~FCzU-eT+-+J$KC>3mh?lGbQ^@^nWMA8+-abr zsbG`l|>U>)>SVt_7ccZmv}E+&ZYc`~MzNsxaWCB# z%OqF%Bz^ha$qWcd7Ygz;#;-R-r`EhOPzq~{BCaXcw9+mqm%Ds9KX8Dc(C%r_SL)O( zst_Zl6SC=#hC9H=8fb_qN@Fsm*%ma`xYW3;7=b^J8&3m0bhNZ?Y4FmmXEK(A)o;N@ zOu9V#GSJjZF*XNbDgQ`Qh)KGluZ;ZOqS0jmsiiM|k?wA4(C!{Znoe6E(_m%qc8U0!5Mp<>n2`)8ojz7=cT|1x zq(15iJ3lzKXSgu{1hY@0b`=OJ=W%R0%D{?2%SD~cl{1kq#BZN`{cD3VjOd0`x}G>q zl*4fr2}K-OP7>`M)=CLD4Hpi91!~85=RX}FXdng<-Q}7`WtC>BY7~dE%9J5H9~&Bk zF#(sXU~{>jw&;cQ!FH)cDI8krGwRjId|IKV9|+G>K6OPyQJwDjnMkJkKo$P(7- zCwfYtgz4LHfE!v($6{LMY6ql#8On!50V;o#a@-y+)<@c3_oL`zwH(*$XpYbzDilo~ zX+cV7N-y_UbD^le35*U$G0m>5C+^`Miv*9bkiOyL`#FmDyH?MJNFmqzc4uPAmtWpE zM}1{+R|}26tl0o>Jc^>!!PEw`HsAsr} zq~#m*S>02>)oFI8Ts-;moP`{CujOM5&M=piCZ!N5C$%;-PBh)0uU9RB^_!fOa&E0^ ztS3?h7mNhy9$sGI#8)#07{J`@eol_EUcYUq5{hfv=m{ei#;jyQwo}v6f}%yB6ZCS= z-6G`j1y#cWn{_emM;f zr<)Uk{B>9@oRkF%9V zdrG0SU<5PMqkFRTMzwx!N-(=!@O<+5kb{8DzYYu?@>|CANr#qa-96t$gLAVtH8aOV zfb}yvq=M7Y)Y3jIY7VNP&W<|+7VkIj&kRHw;*g8glLt<$5y;E}Tm?F47R&sKL;td^DIDF<@%i7W+PcwH`nm>;-j zF#-0g_K+JIdqGFEu)4irJ!NFlrkK5}t%iln3J5NgtxKfSEpMSWmIxXCi{d(%OhD2| z6jM#5Eypw#XK-ulV^+GC)p#cRnNj~}n|L5RkB|WzRhdXyt>etl&Mck{+`VypDj8)15ohsQrO~tdM!^|8;-l>gy6c&Y|fBB;c+FRRO^lLM=G4DDoX% zI0?0|q^#o~E@Ggn{C`q%r-*sVio`p25{qE4mzpC=Bavs(TD zorU_irfR1;LFR>o@4|jencgn`rA8c!-#k@@_PwGgxNY^N0*na;U}>0b%-hKyjo$vY zwDbNvZjU#=vaoQA)NC?*=K(Et&*#sO=qy#9VCZ7Ep@n|VSrf6CSvFIOJocQ`Rd4Rd zFkz2^*D6bTyVn(MCfz6!z@X06M@4lNF=g3V@5mRk)+TS_*y%X$R`cRpD-%{ek6kn{itB_Z0=7=ID>&i7ev&ZDt@GvmUM>w}<@HEQl z>w6LF6#K7|$5jK|sh{63<)EaDPfYCb{G_c-tE+43{Un7FctB`MC5uIrk(^b#CB28GuDON%IxQKJi6}0%O4rM6 zvre^L?Q*ptUeS`huJy&}HA&M#(@~?jmDH!H7B70kXL3IrQbRNhu5E_V>cMZCJ%O*% z4JxG$7X<_T&h5V?@K}w1|0oz72AWq^R6MgcgFQcz8M9`(3!0glFNZ3)iIxcs!QOd6 z>{nOkwcHAWg)GsAjl2Bb_l5OE=|iaa>?3|aNH(6E_rPCt zy9HthoeLQx1n6tEJTbRl%1q@LKa>E%FdqIrnMOAZ?qIgn7})9`1|k)izMvp(zMaC= zDW$POLo2FBrUUs?S8-t7eJ9N4wA}}!dt%<^TT7*YjZ-CP#)Wfez9J|UVzbm>ojBYY zAs_f}3?XN@h4Z!snS8?KWF3klhUC>2g)2%M{JO5%5W^kb=zDBC9()0nG1^ zQ3RU4{t5->4GIPB>Rq%+q%(a9_4s!O0OGc~s*%OQ!hyJRjWZA%B4l-13`WKSqVwi# zxBjy5Hl*ckzGuhpQh2jF4yY$o*P-U5jjToTu6Fp??e5cc|H0m7rJbPHrr}@LcXVTz z^{%6-1|~s;{{7K78W5duY9W_u*_^ZLN_pji-VgiVzPjzxUk6$;`_ANAA!s%~3=0s& zaOK$O>yILU&dwzq9LmdCl-<{Pte&E+49w0|Ssg>8+5$mtLrHAHJkUn9GNJzEeqOAm z8b}$((DaPk<9R=OjS_L9IenTy2_vgoU0r>yWi@$qb*;A+gBfwjblwjXJg~e%k79vr zT&m_Z*2FU4B6|8nNtGg|nkk%E3WB!lOa6tdcoA|{D@*=ft9jL378GRV3_<;1h0+tQ z(!+i0w3t&uy_huSdLXNzxzM(No6S&%v95yQiC{d1T0mr$mxDtzB?Ub@n!M($g>>Hy z;mJc(u)Ow4^%6%PgLV&?)ushCkH-eYFShCP;@@pq{qrr+xYtwV)`KzN?qAy@`(N;9 zuJ<{hfSV(H{;SXe(l3-;;Rk(5ucrYg=2WhKv*3YU@Ug&kW2(8hl6Ov?p6xP_UukR4 z&);!_G7BFFwUUmA-#vzn())tTq)JHAM!LAy)@b4L?S)0ju5ZzA%6iQyyY?RV3Uq2QZKl3)qG6_)UYq#;3^AqaBUk z;_*$H@Yg(bGDt~Fd@!+@%4GnqVIqCAg-?-Moqx5OH@itBxoyHXbauI|ZHgj*Hs5h* zgOV(k5-&NY)RnYl!z7ZWBCwiiq2vlmwRI7UK4o$`x=u?eU^S*3#RA5B$ZAn(eNVo= zMl560`QBYxr2>J?MBoIOw_yL{4}YTS&&h9J^ITKvtSplO6;Kt#dpw>*$bft9omNz+ zJVE{U&!jE;yt$~q50iRi-KwDFV^k_}LWpPe@rH42{U_{>m$9p5v(EP-7(LS-mBPHP z-`SFolB67HBfa6){}fM^_?&6 z&G&0&RTWT->J`cUC`OhJ;`qWdW`^uoo|l~a=^_rW#yVJm`=Lo-i<;_HsXZHGdb7z; zx9&Tn_17L4ve+n2(bPnUyHW2Exw&k&yZ?)!4WuV&Jv@2x-yM{YZ%%kjmhH^jS$1Y- zy}GDsBgbdVHe)RQqps1OPj=tYyZzQ-yl#K0Hm&(@fj)aASzUfWT~j?PyP z?~7;?=BAiSWjXkAol@acaO_Pi=8|3Zc6SaLKnq{1azgA0%rtExE?R9vO_zvJZ>Oi8 z$6QOlq$TkUXn#0n{owwukJ|a<7PbeHDyuSOR_(S{5d85$WFu3+-goUXgc0n;V>>QA zCw#Tg(xN>l>QUJv^&6WDEgj=R^W(F8@x)&ZOGOF6=#;|Cuj{?A%jtDR^f1=n>D=4H zXm=W+ao0K+#`0YoTTjd(*&*s~JEgtyQCE^=V!&zR*z)(pfhxn7Z98opP?M8KTY9W* zBIx`(3`accb5H5>aD*f!N2vGX_xE)UDD7tp2eZEkCvhO}ng?ZNQ`ov3%Fnw7f&t9H zNWUl$n=jisyiOV7bXkt|4|1;Y_g@WzDh*ql%Bu}G<@|5BL^RSUm6ezHKk>`9Ty9E- z`1TLF^t=2@QI32^@hI$o&+gQp-dRIXBGk~&GvZCp4SS@aDQxtx$zZtyRll2%ut^;5 z-g#828QT1LITjJ?Ad2D0pJt(gc@AixiTHC-o-EGJ>z&!H0N^ED(hHLjf?g59)6cn;q|N=%leqO+4Zaq@(6I-C3O_tW$I(35iK^BlA; zkhY5@UDZia=44fC;DpsFQx?n$t@`C`shZB7+Z*cTmmz%*D34{GM0O&=Tpal!*-)ij zm^G=)sl&TmH5~Vmg*?~$dw+cL-D_rML6oJ6MY_BtR66+m%lcVYTQ|DTX4jgUp-JK2 zYO1HurKc)*qgH$0ed9Ov%`2_jaMwg`f2X^_sufSZiOSl9YU16vkcj#7q#yE*$s{b2 zHTpDa5QUaxgdyTh%J>RJipUhSj@XZnb8DQBv`-sbj1;R@Y)xl%(4a;oQ~t?#GGB)j zSq1sGhhFc)#;GDS$)vnae)kLE=!xZ`BAhT5ANeL|e13bnv;e(`asA{U(rMq1lU|*H z3;@ceRkEXAocbF|0*4f3k2hRmC>I?kCMGs_ZViloV8ml!vKzl+9*(EYR`{ZHG_Wkq ztYaT;P-)0q;CAkpA2Q@$Z0V6^90W}xiOvli>apfYEUuxB=6oAPb}471LeTzrv?c{E2XiF?RG z(r0qO6UbIZ0ZjKT281`S=E+Q0dDoAD(!%csyC8&Lnm0LA=+$&m?00`^)~TnrmXh_A zS!bQ+gdKkb-+8m6!&+I>t?oFWhQSajWYjrW=noIh@20 zD^v(UPOG(tV+OmR1DvA$1ho#p#j<{Vc4D#d@8fCPOiqnAl;0k?QJwFl@)rgvfI*b`0ipw z4o05tmb?}o`V^k07st>?^98Gt3DGt+lT4dzJU*wC{05cIJDix*XBTDAqm;wpZ4$lv zCso_hyp-@*B1EN(+Pzx6aw4D{$56pUb&uFk>!5=%?*m?*eHD(N$J-w&!F{DHP0+j&+MLLx~zPkh440N^&ykmb?z@Dhv3&qQ{_0mmAS<-gI>eY;XN=!I?X@_iJ(t6xFfKnS*j{4~JJn z+iTwBoTEULMql^%8i<#zVyXGFBM%jzcZO)W9F_BJ$ZlIOnSpm=3h{cS9u?pQ?V^B^ zk3v$Jbzb6aI77+}AF82^LXgEs+{Ylr47| z^5GCT5K}vzxZw9mc{=i6Q|4B(ISQqHQb=tCy>gZlWmjkIcx4sUoVonYU&hR>hC2m} z{NvnBko}dLEdgS4m(A-%SvUY;t>B^YSh!XO**eDWlost&q^)6OUO`1dA3%JbNCIHi@eD;pLx`Qo`!I96>s4hqjBt87h}CCqHEjn3@neQ7Dx3Q9FK~e%P9%8W zqK3x*P{M=wFFwyf5I}tOgn-fX1lrTEm_GBmH4_kVc&&aFW%u@&JNuODMEZtG=8(Bn zbGv6HZ^+35{@;(|)P$Rz)>D~Tb+92TXRqIF#oE}@k)rOIVur?5?v5dwt6aLXZNHCt zVQOIjFr@SCzA&P-Akd){KMHdtq*OI8ey-0yJMeGuzoPWRlgJ~lN~%7X8My8*Fqw=9 z-wVeM>i|R58;w#dSd1w9PqpTM=in<>^ZJXW1wqW{_!kC`$}ZVzo-=Dq>d@(COBxO! z+}IhF7=|zywLDC#F(ZQSQcv@@x_<%!F4oTa_TT$bCsZUcqtBoJKte-9XMFs-MTf0a zk#6_0Cd{qsHkSXg-al3RpS8UxwQ!R#LcQV3-clu1#m}_F-GVuddq*q00)eDZq6(2ISJXRPl?4wZ5(jv7P z2xlv*n|pM$33RNacbn{9>{GRk`YX;01FDp?2qbr}KGb-e;OfYvpyXb z`ksrTqb#Acr1qj_Nt-Enh?t!X=xp1{j+Z6;2;YN=nR;Deqn=@G&O- zy7i(ZEMCEf1QREcef@JD`6og3X^Raw8oqc{QahCS+@;B?sZo17*2)gg*i8X@0F;QL zHKzUs=LR6rij=M|cJ}VdOVpqDf(sGDQL89>lq@y9p6S|(X7iOQxN0R6W_l=g(@Vp| z)o(jR4h(XX>v?1Qzhi+rmJ68bz_Ls0Vbyfy-ON_&hxK7%>^^2-dSToy{*&n6erl?1 zm)qStF5%O;<;&iSO4kC)X}I5?%$EMGY^^j+&Nt^DW2sdCgv35}m=%m`rIdSf)5DB` z^cIbE6VR>xL}@4Z2Sn3jabS7aNsa-74nqq8mx@5)0jqAA7No=_+H||XtKMo z&%M2pZkGxBC<0Ub#Z7`7A4SCSZ_oik)akup(tY?kh#~B6NcZ268ddVKGev$O%(!kKk;cn z4+cn|=}Cx#@+qD~q_^Kx=A5aXe-xSs-G&sJF!*k>UcIS*ReY_d*13{!$55Yp`xEM9 zskK$RHKhBz?v-^AkQVrn>Nz_vP5QtQs=WW%`pZYt+*7dq>b&plVB&bS1opDfzCmaB z6=b~KlNuKPx{~`{@%Fiwp`BcEYGnnzOZDm@aKG~RS~rpUKJllOp+KkE8DZnAH}Tu& zpoN*)An1%X(pTQXTW`U~L2pL#mM>d*^Vh{y?AGi~r=fC>%T#};O3+@i8^8&&WzS*~W)R)zS$+Z}$CzQT<$R}4H^H(lQ zA6nA_yCbKsoaPChU#)!Om2O{Up8vv~s64+4Jg+yrdwsQie!@SY4%kACFWu*VeN}(% zpemMn7jOvsye|8k6(E}D3~nY_sk55m-+QF-s8GmFmqvfZbt(BB}^&CMjAxPfMm04&!}AR-@lF0`({8HhC9`ZC?U4$nSV zufjF6AG77e*ywMbiRNCI3*Rc4t`UK=N6QN~EKIjgzy*6uMB_KK=Pd1TnvkX2-|wG& zSjb*{pY!f+e-BGKf5i*vX&e2xDk)|jI!Z# z(5F$4BHZwg6pv!vh*pBD!&_BkP+b!|V)!GABAA4#_O6rz1NZ4^ky>h{Htt(i0^uf(?u+l3?D<~_Bgpz$8aFX5hVLG%JpW4%QbLYDVC<^_4 z__30!?Zb1h-yqWonjz#Rv4__59qssCOFVw^$L(eamhMK&3%}}*L|5t;4|N_G`FVyb z{~Z>UdQcW$9-pfU7S~({4z-RsBt@-G=t~&`1GMJ_(6rSQ|4IFoGoM)niw^a9x7g)o z8xyG~Dkdamo*~H*RX$u2vDKTg_}K3G_=vsu7*(84OB_uV36(*ZBQ}9CN<2DO5Le?< zawru)Cj-9{e==Md992>N4dTd}xXd)2_`#3h@vA%}x*wKWP2SOHdf{9ZZMzI-VX0!R zdcEUHumxk_cfyLEP488`ksEmjgV7-&@W!9~YORb^62i@BgAXxnC~#^oVk~KRVTlD# z{_;MH8fQSl#N-02$+#7p@qqAxKPTl7v8zMS^5h8{4aP!sB7Wi_y{oQ+N#KK{Y)9sJ zhh`(~=5qBFn~Fr;k)H|;K=kmQ;)WKkuvh*O*IzMsG=n4&yPv3t{nJNfB-yp|@8*ac zRAym%k^su)cNX7y20!2;3{sfa4UuRhiQA1e;v3@4=m*X7{A$$HV!Rdc;*3d3fJ?*+ zN#RPyO>ni;fJvP!KJM4q8HUwbL;&;hJS;klL-q$2l!6tL)%)h88`!YGpE8!XGxSM9 z2yBtizWBhSYk!exV0Px8(C9k|OG9IaNXJS}V%5`6QqN`2JFo~QI;-aF9m9|cSiFJqInCq21;&A}_W_^&PJnxiy z)2ADSM^Ke<3iWqOoqY!oCD4)!lY>@Vnj>=6Z6bC9lvQl69YScOF^#jgc9?6i*vgd^ zjb0&dG|p1gkJ&dBGMn4X^Xgvfx>%N-k%~Z=Yi?l5aK~s9K~qpdxMG#8hM2~(uCYT< zWn~KkvNYzRg0)7@AhVtlj}d1K#GB=Ytf+N7{lRdW= z2O}FEi^V-v8)Yq6*Q?G+PU@a;N55n16v{(X+H@VoJyhsHX+tR8O~pxhLt~Q+mfhA>7pn9ZeIUsWD&QePM#$rJ8Kzne>Ze|uEA!!Y!IJFYC(0m z6j19*IG>Y|$_!e!)5b9^zhi7-IG(H(1~Dt$!!hn?*y|}aTLtU7Ez`hShw5RBYNa!X zYvzN3l^NfKXTu3>QFb zG&cQ}dALag4os*Y%f&Sdtl_iZop8Tu;LKvGhw8wnqDfq&U_1g9A97D^*5YVf{ZBb2 ze%DIKAjY5(5wN3Ky61EB4WoRZS&s_AdJ3(E93aG3KhgZ8ikZh1ZSHTRg1?dDq#z4k zWR`b~D{rDSqTL5$AG{AsvO}VUV{U4_gc{bwMAn!+C7EG6gqW7(Qhu#*W*{3ZP+vno z2!MJGfS8GDhwFgrq|z%xNq5i!&xR(V&6!VtO57~j{@@;1?F+c!U$RI$DuR=dlnEU| zAQCb)r!0d1fyK)?;er@9zu{^vta80tpNrz1oe_^IYK-i^Xpo?Uw2wp~XGDKRu~>+q zv|OF7EJ@dx&BL5wTW$e1?=4wupzi$RvO{BUs1i&A$3Zrl&8`_@{Vfy8fpLR+#~~pm zxSGUMgOh(?Cpifgj25y9oDYcb#W<}iA7P%665*p$D^!~c9zr5QWEULemqvJlLywM(i0s|!!Bg4Mv2f5+4TqX~ zZ(+X-Vk}qDoWw9DcfC(4{Z|KN7BY8kWmYop#ZQfJG)S~K`N#Q% zp)%ny1|2SN!>A;9Uy?$8WFC~ws)tyNdJ+phA+V1i<$iRT=y#uzC!5sD&&UUbDkJlu z^3&~8A8V~D?3B+Y?<7aVslgU#at3SCY}yFMD~VX&eO^454*!l2g-5HNPoEJJ7LCcQ zNNDjb29B7_ayMi+V^e;0bPWqWl7)udjqpkvIa&0*9jVwy9iNX3i$Nz%Z__@!(z~gZGNRw4gm2?-TJ2>=kB4? zs6wd13^wBBFeyo}WpH!l^b~lhRI_-gmkl{1rQ{tae-`a2YGN=yVI}Zq$sv`o>#dFb b74zUM;n&5dQGxz1K8%8ligdN4Y3Tn0j2M~n literal 0 HcmV?d00001 diff --git a/images/favicon2.ico b/images/favicon2.ico new file mode 100644 index 0000000000000000000000000000000000000000..71d6c98a793371dd383a90f9aa98b50043f62477 GIT binary patch literal 326 ncmZQzU<5)11tu_Uz{tQL#=yX!0mKSG>;S|d`N0nU4=?}#al(L@ literal 0 HcmV?d00001 diff --git a/images/watermark2.png b/images/watermark2.png new file mode 100644 index 0000000000000000000000000000000000000000..394437f4e89b7704e1119bf2e3f4abebd7ff80b6 GIT binary patch literal 169 zcmeAS@N?(olHy`uVBq!ia0vp^j3CUx1|;Q0k8}blwj^(N7l!{JxM1({$v_d#0*}aI z1_o|n5N2eUHAey{$X?><>&pIwg@sw3Irp3LJ)n?mW=KSdbAE1aYF-JD%fR4Vl$uzQ znxasiS(2gP?&%wlqL<1J6zBDHaSY+Op8Vtge|u&Ijz3KQV&gTe~DWM4f DP}VEP literal 0 HcmV?d00001 -- 2.34.1 From 7573b06c6db771d74b3447cff559da4d4a040c16 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 01:40:51 -0500 Subject: [PATCH 11/34] Rename file --- quick_nextcloud.sh => jra_nextcloud.sh | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) rename quick_nextcloud.sh => jra_nextcloud.sh (96%) diff --git a/quick_nextcloud.sh b/jra_nextcloud.sh similarity index 96% rename from quick_nextcloud.sh rename to jra_nextcloud.sh index e57d5f9..04922e6 100644 --- a/quick_nextcloud.sh +++ b/jra_nextcloud.sh @@ -140,7 +140,6 @@ systemctl restart php$PHPVER-fpm.service #-------------------------------------------------- echo -e "\n---- Creating the MariaDB User ----" -cd /tmp mysql -u root < /tmp/ unzip -q $STABLEVERSION.zip sudo mv nextcloud $NC_PATH @@ -320,18 +319,15 @@ chmod -R 755 $NC_PATH if $(dpkg --compare-versions "$NCVERSION" "le" "18.0.3"); then echo " -> Patching #425 (scssphp/src/Compiler.php)..." -cd $NC_PATH/3rdparty/leafo/scssphp/src -sudo -u www-data curl -s https://nc.switnet.net/s/J89EmtEKcgj9AwP/download \ -> patch_425_3thy.patch -sudo -u www-data patch -p0 < patch_425_3thy.patch -rm patch_425_3thy.patch +#sudo -u www-data cp -s https://nc.switnet.net/s/J89EmtEKcgj9AwP/download \ +#> $NC_PATH/3rdparty/leafo/scssphp/src/patch_425_3thy.patch +sudo -u www-data patch -d "$NC_PATH/3rdparty/leafo/scssphp/src/" -p0 < files/patch_425_3thy.patch fi echo " Database installation... " -cd $NC_PATH -sudo -u www-data php occ maintenance:install \ +sudo -u www-data php $NC_PATH/occ maintenance:install \ --database=mysql \ --database-name="$NC_DB" \ --database-user="$NC_DB_USER" \ @@ -352,8 +348,8 @@ Addding & Setting up Files External App for Local storage... " sudo -u www-data php occ app:install files_external sudo -u www-data php occ app:enable files_external -curl -s https://nc.switnet.net/s/r22QLNMYzLcay39/download > /tmp/jb-qnci-ef.json -sudo -u www-data php $NC_PATH/occ files_external:import /tmp/jb-qnci-ef.json +#curl -s https://nc.switnet.net/s/r22QLNMYzLcay39/download > /tmp/jb-qnci-ef.json +sudo -u www-data php $NC_PATH/occ files_external:import files/jb-qnci-ef.json usermod -a -G jibri www-data chown -R jibri:www-data $DIR_RECORD -- 2.34.1 From 52ebb14e6eb649b2f8a3571b030e90ccd9a682b0 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 02:11:08 -0500 Subject: [PATCH 12/34] Set and rename variable --- jitsi-updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jitsi-updater.sh b/jitsi-updater.sh index bf2be12..d647813 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -9,7 +9,7 @@ Color_Off='\e[0m' support="https://switnet.net/support" apt_repo="/etc/apt/sources.list.d" jibri_packages=$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages | sort -u | awk '{print $2}' | paste -s -d ' ') -LocRec="on" +LOC_REC="TBD" CHD_LST=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE) CHDB=$(whereis chromedriver | awk '{print$2}') DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') @@ -124,7 +124,7 @@ else fi printf "${Purple}========== Re-enable Localrecording ==========${Color_Off}\n" -if [ $LocRec = on ]; then +if [ $LOC_REC = on ]; then echo "Setting LocalRecording..." sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF else -- 2.34.1 From d160cc48d94a452a58b41e47d581fd7974258e28 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 02:19:54 -0500 Subject: [PATCH 13/34] Adding JRA via Nextcloud Testing moving to local files instead of fetching from internet. --- quick_jibri_installer.sh | 38 +++++++++++++++++++++++++++++++++----- 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 2951d63..661bfc6 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -290,6 +290,16 @@ elif [ $ENABLE_SSL = yes ]; then echo "SSL will be enabled." fi done +#Jibri Records Access (JRA) via Nextcloud +while [[ $ENABLE_NC_ACCESS != yes && $ENABLE_NC_ACCESS != no ]] +do +read -p "Do you want to setup Jibri Records Access via Nextcloud: (yes or no)"$'\n' -r ENABLE_NC_ACCESS +if [ $ENABLE_NC_ACCESS = no ]; then + echo "JRA via Nextcloud won't be enabled." +elif [ $ENABLE_NC_ACCESS = yes ]; then + echo "JRA via Nextcloud will be enabled." +fi +done #Jigasi while [[ $ENABLE_TRANSCRIPT != yes && $ENABLE_TRANSCRIPT != no ]] do @@ -305,9 +315,19 @@ while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] do read -p "Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA if [ "$ENABLE_SA" = "no" ]; then - echo "Static avatar won't be enable" + echo "Static avatar won't be enabled" elif [ "$ENABLE_SA" = "yes" ]; then - echo "Static avatar will be enable" + echo "Static avatar will be enabled" +fi +done +#Enable local audio recording +while [[ "$ENABLE_LAR" != "yes" && "$ENABLE_LAR" != "no" ]] +do +read -p "Do you want to enable local audio recording option?: (yes or no)"$'\n' -r ENABLE_LAR +if [ "$ENABLE_LAR" = "no" ]; then + echo "Local audio recording option won't be enabled" +elif [ "$ENABLE_LAR" = "yes" ]; then + echo "Local audio recording option will be enabled" fi done #Secure room initial user @@ -465,6 +485,7 @@ sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF fi #LocalRecording +if echo "# Enabling local recording (audio only)." LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1) LR_END=$((LR_STR + 18)) @@ -474,7 +495,8 @@ sed -i "$LR_STR,$LR_END{s|// format: 'flac'|format: 'flac'|}" $MEET_CONF sed -i "$LR_STR,$LR_END{s|// }|}|}" $MEET_CONF sed -i "s|'tileview'|'tileview', 'localrecording'|" $INT_CONF -#EOLR +sed -i "s|LOC_REC=.*|LOC_REC=\"on\"|" jitsi-updater.sh +fi #Setup main language if [ -z $LANG ] || [ "$LANG" = "en" ]; then @@ -574,7 +596,8 @@ else fi #Static avatar if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then - wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png + #wget https://switnet.net/static/avatar.png -O /usr/share/jitsi-meet/images/avatar2.png + cp images/avatar2.png /usr/share/jitsi-meet/images/ sed -i "/location \/external_api.min.js/i \ \ \ \ location \~ \^\/avatar\/\(.\*\)\\\.png {" $WS_CONF sed -i "/location \/external_api.min.js/i \ \ \ \ \ \ \ \ alias /usr/share/jitsi-meet/images/avatar2.png;" $WS_CONF sed -i "/location \/external_api.min.js/i \ \ \ \ }\\ @@ -647,7 +670,12 @@ if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") else echo "No webserver found please report." fi - +#JRA via Nextcloud +if [ $ENABLE_NC_ACCESS = yes ]; then + echo "Jigasi Transcription will be enabled." + bash $PWD/jra_nextcloud.sh +fi +#Jigasi Transcript if [ $ENABLE_TRANSCRIPT = yes ]; then echo "Jigasi Transcription will be enabled." bash $PWD/jigasi.sh -- 2.34.1 From 37032e03cb87ddb899f9cf949e5cc77487a1ce43 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 02:32:45 -0500 Subject: [PATCH 14/34] Improve suggestion to an earlier OS release --- quick_jibri_installer.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 661bfc6..ce9e3b7 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -33,10 +33,6 @@ fi if [ $DIST = etiona ]; then DIST="bionic" fi -if [ $DIST="xenial" ]; then -echo "$(lsb_release -sc), even when it's compatible and functional. -We suggest you choose an upgrade to the next (LTS) release." -fi if install_ifnot() { if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then @@ -114,7 +110,6 @@ if ! [ $(id -u) = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi - DISTRO_RELEASE=$(lsb_release -sc) if [ $DISTRO_RELEASE = xenial ] || [ $DISTRO_RELEASE = bionic ]; then echo "OS: $(lsb_release -sd) @@ -124,7 +119,12 @@ else Sorry, this platform is not supported... exiting" exit fi - +#Suggest 18.04 LTS release over 16.04 +if [ $DIST="xenial" ]; then +echo "$(lsb_release -sc), even when it's compatible and functional. +We suggest to use the next (LTS) release, for longer support and security reasons." +read -p "Enter any key to continue..." +fi # Jitsi-Meet Repo echo "Add Jitsi key" if [ "$JITSI_STBL_REPO" = "stable" ]; then -- 2.34.1 From e6c655a8766c627dad09d65a2585435e0f0d7a8c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 02:52:19 -0500 Subject: [PATCH 15/34] Improve headers --- jra_nextcloud.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 04922e6..0f7fec5 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -186,11 +186,13 @@ server { # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; # Path to the root of your installation root $NC_PATH/; @@ -279,11 +281,13 @@ server { # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; # Optional: Don't log access to assets access_log off; } -- 2.34.1 From cfb4ef600a0d80b608220dddd5e6262e74ec7792 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 02:57:28 -0500 Subject: [PATCH 16/34] Improve simple header --- jra_nextcloud.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 0f7fec5..055b596 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -1,6 +1,7 @@ #!/bin/bash -# Quick Nextcloud Jitsi -# +# JRA (Jibri Recordings Access) via Nextcloud +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. if ! [ $(id -u) = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 -- 2.34.1 From 741e24dfd1fefac4bdffaa8269c5cc0125888549 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 04:51:31 -0500 Subject: [PATCH 17/34] Improve system restart --- jigasi.sh | 10 ++++++---- quick_jibri_installer.sh | 11 ++++++++++- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/jigasi.sh b/jigasi.sh index 661896d..861e583 100644 --- a/jigasi.sh +++ b/jigasi.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Quick Jigasi Installer - *buntu 16.04 (LTS) based systems. -# SwITNet Ltd © - 2019, https://switnet.net/ +# Quick Jigasi Installer - *buntu (LTS) based systems. +# SwITNet Ltd © - 2020, https://switnet.net/ # GPLv3 or later. ##################### Whistlist ####################### @@ -208,8 +208,10 @@ sed -i "/xmpp.acc.ANONYMOUS_AUTH/ s|# ||" $JIG_SIP_PROP prosodyctl register transcript auth.$DOMAIN jigasi -systemctl restart prosody ji* - +systemctl restart prosody \ + jicofo \ + jibri* \ + jitsi-videobridge* echo " To test, you need to enable subtitles beforehand then invite \ \"jitsi_meet_transcribe\" to the meeting (no quotes). diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index ce9e3b7..0ed9c59 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -1,6 +1,6 @@ #!/bin/bash # Quick Jibri Installer - *buntu (LTS) based systems. -# SwITNet Ltd © - 2019, https://switnet.net/ +# SwITNet Ltd © - 2020, https://switnet.net/ # GPLv3 or later. { echo "Started at $(date +'%Y-%m-%d %H:%M:%S')" >> qj-installer.log @@ -103,6 +103,15 @@ echo ' Welcome to Jitsi/Jibri Installer ######################################################################## by Software, IT & Networks Ltd + +Featuring: +- Jibri +- Jibri Recordings Access via Nextcloud +- Jigasi Transcription +- Brandless Mode +- Recurring changes updater + +See more at: https://github.com/switnet-ltd/quick-jibri-installer/ ' #Check if user is root -- 2.34.1 From a5ec47e57606b9c34af4ad9dfe1bee469913f6d3 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 04:58:50 -0500 Subject: [PATCH 18/34] Add brandless to updater --- jitsi-updater.sh | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/jitsi-updater.sh b/jitsi-updater.sh index d647813..6e303d1 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -1,6 +1,7 @@ #!/bin/bash -# Jitsi Meet upgrade and custom keeper for Debian/*buntu binaries. -# 2019 - SwITNet Ltd +# Jitsi Meet recurring upgrader and customization keeper +# for Debian/*buntu binaries. +# 2020 - SwITNet Ltd # GNU GPLv3 or later. Blue='\e[0;34m' @@ -10,10 +11,12 @@ support="https://switnet.net/support" apt_repo="/etc/apt/sources.list.d" jibri_packages=$(grep Package /var/lib/apt/lists/download.jitsi.org_*_Packages | sort -u | awk '{print $2}' | paste -s -d ' ') LOC_REC="TBD" +ENABLE_BLESSM="TBD" CHD_LST=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE) CHDB=$(whereis chromedriver | awk '{print$2}') DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') INT_CONF=/usr/share/jitsi-meet/interface_config.js +AVATAR="$(grep -r avatar /etc/nginx/sites-*/ 2>/dev/null)" if [ -f $apt_repo/google-chrome.list ]; then google_package=$(grep Package /var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages | sort -u | cut -d ' ' -f2 | paste -s -d ' ') else @@ -102,12 +105,18 @@ else exit 1 fi +# Any customization, image, name or link change for any purpose should +# be documented here so new updates won't remove those changes. +# We divide them on UI changes and branding changes, feel free to adapt +# to your needs. +# +# Please keep in mind that fees to support for customization changes +# may apply. ######################################################################## -# Keeping changes # +# User interface changes # ######################################################################## printf "${Purple}========== Setting Static Avatar ==========${Color_Off}\n" -avatar="$(grep -r avatar /etc/*/sites-*/ 2>/dev/null)" -if [[ -z $avatar ]]; then +if [[ -z $AVATAR ]]; then echo "Moving on..." else echo "Setting Static Avatar" @@ -135,4 +144,12 @@ printf "${Purple}========== Disable Blur my background ==========${Color_Off}\n sed -i "s|'videobackgroundblur', ||" $INT_CONF restart_services + + +######################################################################## +# Brandless mode # +######################################################################## +if [ $ENABLE_BLESSM = on ]; then + bash $PWD/jm-bm.sh +fi printf "${Blue}Script completed \o/! ${Color_Off}\n" -- 2.34.1 From 5663bda852d6e2c19f6a11b0c2139b33b3b19cea Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 04:59:29 -0500 Subject: [PATCH 19/34] Add brandless to updater --- quick_jibri_installer.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 0ed9c59..d4f6627 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -299,6 +299,16 @@ elif [ $ENABLE_SSL = yes ]; then echo "SSL will be enabled." fi done +#Brandless Mode +while [[ $ENABLE_BLESSM != yes && $ENABLE_BLESSM != no ]] +do +read -p "Do you want to install on custom \"Brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM +if [ $ENABLE_BLESSM = no ]; then + echo "Brandless mode won't be set." +elif [ $ENABLE_BLESSM = yes ]; then + echo "Brandless mode will be set." +fi +done #Jibri Records Access (JRA) via Nextcloud while [[ $ENABLE_NC_ACCESS != yes && $ENABLE_NC_ACCESS != no ]] do @@ -368,7 +378,7 @@ echo ' ######################################################################## ' JibriBrewery=JibriBrewery -INT_CONF=/usr/share/jitsi-meet/interface_config.js +INT_CONF="/usr/share/jitsi-meet/interface_config.js" WAN_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) ssl_wa() { @@ -679,6 +689,12 @@ if [ "$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") else echo "No webserver found please report." fi +#Brandless Mode +if [ $ENABLE_BLESSM = yes ]; then + echo "Jigasi Transcription will be enabled." + sed -i "s|ENABLE_BLESSM=.*|ENABLE_BLESSM=\"on\"|" jitsi-updater.sh + bash $PWD/jm-bm.sh +fi #JRA via Nextcloud if [ $ENABLE_NC_ACCESS = yes ]; then echo "Jigasi Transcription will be enabled." -- 2.34.1 From 71cdc24492af393ee42ec967ca3261bf6a5090db Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 05:03:16 -0500 Subject: [PATCH 20/34] Add Jitsi Meet Brandless mode --- jm-bm.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 jm-bm.sh diff --git a/jm-bm.sh b/jm-bm.sh new file mode 100644 index 0000000..5786d83 --- /dev/null +++ b/jm-bm.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# Jitsi Meet brandless mode +# for Debian/*buntu binaries. +# 2020 - SwITNet Ltd +# GNU GPLv3 or later. + +CSS_FILE="/usr/share/jitsi-meet/css/all.css" +TITLE_FILE="/usr/share/jitsi-meet/title.html" +INT_CONF="/usr/share/jitsi-meet/interface_config.js" +# +JM_IMG_PATH="/usr/share/jitsi-meet/images/" +WTM2_PATH="$JM_IMG_PATH/watermark2.png" +FICON_PATH="$JM_IMG_PATH/favicon2.ico" +# +APP_NAME="Conferences" +PART_USER="Participant" +echo ' +#-------------------------------------------------- +# Applying Brandless mode +#-------------------------------------------------- +' +#Watermark +if [ ! -f $WTM2_PATH ]; then + cp images/watermark2.png $WTM2_PATH +else + echo "watermark2 file exists, skipping copying..." +fi +#Favicon +if [ ! -f $FICON_PATH ]; then + cp images/favicon2.ico $FICON_PATH +else + echo "favicon2 file exists, skipping copying..." +fi + +#Custom / Remove icons +sed -i "s|watermark.png|watermark2.png|g" $CSS_FILE +sed -i "s|favicon.ico|favicon2.ico|g" $TITLE_FILE +sed -i "s|jitsilogo.png|watermark2.png|g" $TITLE_FILE + +#Disable logo and url +sed -i "s|.leftwatermark{|.leftwatermark{display:none;|" $CSS_FILE + +#Customize room title +sed -i "s|Jitsi Meet|$APP_NAME|g" $TITLE_FILE +sed -i "s| powered by the Jitsi Videobridge||g" $TITLE_FILE +sed -i "21,32 s|Jitsi Meet|$APP_NAME|g" $INT_CONF + +#Custom UI changes +echo " +Please note that brandless mode will also overwrite support links. +" +sed -i "s|Fellow Jitster|$PART_USER|g" $INT_CONF +sed -i "s|LIVE_STREAMING_HELP_LINK: .*|LIVE_STREAMING_HELP_LINK: '#',|g" $INT_CONF +sed -i "s|SUPPORT_URL: .*|SUPPORT_URL: '#',|g" $INT_CONF -- 2.34.1 From 4850203d2cc014ed83ae09363ecb43e1e5ce810b Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 05:20:42 -0500 Subject: [PATCH 21/34] Update README --- README.md | 13 +++++++++---- quick_jibri_installer.sh | 4 ++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1e60e3f..4328e14 100644 --- a/README.md +++ b/README.md @@ -2,23 +2,28 @@ Bash installer for Jibri on *buntu LTS based systems ## Features -* Enabled Local (audio) recording using flac * Enabled Session (video) Recording using Jibri * Enabled Jitsi Electron app detection server side. * Standalone SSL Certbot/LE implementation +* Option to enable Local audio recording using flac. * Option to enable Secure Rooms * Option to enable Welcome Page * Option to setup UI language -* (New) Jigasi Transcript - Speech to Text powered by Google API +* Jigasi Transcript - Speech to Text powered by Google API +* (New) JRA (Jibri Recordings Access) via Nextcloud +* (New) Customized brandless mode +* (New) Improved recurring updater ## Requirements -* Valid domain with DNS already set (preferably). +* Valid domain with DNS record. * Minimum recommended for video recording: 4 GB RAM / 4 Cores. * Dropbox developer App key & redirect url configured (if you choose to enable Dropbox upload). * Webcam ### Jigasi Transcript * SIP account * Google Cloud Account with Billing setup. +### Jibri Recodings Access via Nextcloud +* Valid domain with DNS record for Nextcloud SSL. ## Custom changes * Start with video muted by default @@ -28,4 +33,4 @@ Bash installer for Jibri on *buntu LTS based systems Please note: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. -SwITNet Ltd © - 2019, https://switnet.net/ +SwITNet Ltd © - 2020, https://switnet.net/ diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index d4f6627..35dff38 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -105,10 +105,10 @@ echo ' by Software, IT & Networks Ltd Featuring: -- Jibri +- Jibri Recording and YouTube Streaming - Jibri Recordings Access via Nextcloud - Jigasi Transcription -- Brandless Mode +- Customized brandless mode - Recurring changes updater See more at: https://github.com/switnet-ltd/quick-jibri-installer/ -- 2.34.1 From b7269f85cec029367ffc809d86c63f80c30e03e5 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 05:29:04 -0500 Subject: [PATCH 22/34] Fix missing condition --- quick_jibri_installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 35dff38..670b027 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -504,7 +504,7 @@ sed -i "$DB_STR,$DB_END{s|// },|},|}" $MEET_CONF fi #LocalRecording -if +if [ $ENABLE_LAR = "yes" ]; then echo "# Enabling local recording (audio only)." LR_STR=$(grep -n "// Local Recording" $MEET_CONF | cut -d ":" -f1) LR_END=$((LR_STR + 18)) -- 2.34.1 From 5097fef19b595b2148dda883e534b4c1c3f90a67 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 05:38:36 -0500 Subject: [PATCH 23/34] Remove wrong if --- quick_jibri_installer.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 670b027..03ad289 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -33,7 +33,6 @@ fi if [ $DIST = etiona ]; then DIST="bionic" fi -if install_ifnot() { if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " $1 is installed, skipping..." @@ -204,9 +203,9 @@ GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" echo "# Installing Google Chrome / ChromeDriver" if [ -f $GOOGL_REPO ]; then -echo "Google repository already set." + echo "Google repository already set." else -echo "Installing Google Chrome Stable" + echo "Installing Google Chrome Stable" wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee $GOOGL_REPO fi -- 2.34.1 From ce9a7f2fef22aa6c98b4b6eb0ffd3ec69e9a6094 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 06:52:08 -0500 Subject: [PATCH 24/34] Fix condition --- quick_jibri_installer.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 03ad289..cceeb23 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -118,17 +118,16 @@ if ! [ $(id -u) = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi -DISTRO_RELEASE=$(lsb_release -sc) -if [ $DISTRO_RELEASE = xenial ] || [ $DISTRO_RELEASE = bionic ]; then +if [ "$DIST" = "xenial" ] || [ "$DIST" = "bionic" ]; then echo "OS: $(lsb_release -sd) Good, this is a supported platform!" else echo "OS: $(lsb_release -sd) Sorry, this platform is not supported... exiting" -exit + exit fi #Suggest 18.04 LTS release over 16.04 -if [ $DIST="xenial" ]; then +if [ "$DIST" = "xenial" ]; then echo "$(lsb_release -sc), even when it's compatible and functional. We suggest to use the next (LTS) release, for longer support and security reasons." read -p "Enter any key to continue..." -- 2.34.1 From 735e3120648b57c836c8af450fbdb044972a8f28 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 07:44:14 -0500 Subject: [PATCH 25/34] fix missing if statement --- jra_nextcloud.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 055b596..2b499d8 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -39,6 +39,7 @@ if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" = echo " Please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues " exit +fi } install_ifnot() { if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then -- 2.34.1 From 82fcada795ee6273c7a8f8a3bf892b4ad958db75 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 07:46:24 -0500 Subject: [PATCH 26/34] Fix label --- quick_jibri_installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index cceeb23..0feeb20 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -689,7 +689,7 @@ else fi #Brandless Mode if [ $ENABLE_BLESSM = yes ]; then - echo "Jigasi Transcription will be enabled." + echo "Custom brandless mode will be enabled." sed -i "s|ENABLE_BLESSM=.*|ENABLE_BLESSM=\"on\"|" jitsi-updater.sh bash $PWD/jm-bm.sh fi -- 2.34.1 From 625cf131537566ad9a3d86d1c8164533e713122c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 08:02:49 -0500 Subject: [PATCH 27/34] Add missing colors --- jitsi-updater.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jitsi-updater.sh b/jitsi-updater.sh index 6e303d1..af50812 100644 --- a/jitsi-updater.sh +++ b/jitsi-updater.sh @@ -6,6 +6,8 @@ Blue='\e[0;34m' Purple='\e[0;35m' +Green='\e[0;32m' +Yellow='\e[0;33m' Color_Off='\e[0m' support="https://switnet.net/support" apt_repo="/etc/apt/sources.list.d" -- 2.34.1 From ef10d3c18f12a76b7f74118140c58c4852afefed Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 08:05:17 -0500 Subject: [PATCH 28/34] Fix broken download --- jra_nextcloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 2b499d8..dac8b69 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -315,7 +315,7 @@ systemctl reload nginx echo " Latest version to be installed: $STABLEVERSION " -curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/ +curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/$STABLEVERSION.zip unzip -q $STABLEVERSION.zip sudo mv nextcloud $NC_PATH -- 2.34.1 From d911bcaad1aceeb68d65ae1dca9a719a8885122a Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 10:58:37 -0500 Subject: [PATCH 29/34] Fix patching and nc download --- jra_nextcloud.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index dac8b69..9396791 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -316,8 +316,8 @@ echo " Latest version to be installed: $STABLEVERSION " curl -s $NC_REPO/$STABLEVERSION.zip > /tmp/$STABLEVERSION.zip -unzip -q $STABLEVERSION.zip -sudo mv nextcloud $NC_PATH +unzip -q /tmp/$STABLEVERSION.zip +mv nextcloud $NC_PATH chown -R www-data:www-data $NC_PATH chmod -R 755 $NC_PATH @@ -325,9 +325,7 @@ chmod -R 755 $NC_PATH if $(dpkg --compare-versions "$NCVERSION" "le" "18.0.3"); then echo " -> Patching #425 (scssphp/src/Compiler.php)..." -#sudo -u www-data cp -s https://nc.switnet.net/s/J89EmtEKcgj9AwP/download \ -#> $NC_PATH/3rdparty/leafo/scssphp/src/patch_425_3thy.patch -sudo -u www-data patch -d "$NC_PATH/3rdparty/leafo/scssphp/src/" -p0 < files/patch_425_3thy.patch +sudo -u www-data patch -d "$NC_PATH/3rdparty/leafo/scssphp/src/" -p0 < files/patch_425_3dty.patch fi echo " -- 2.34.1 From 98b4ec0578c282fa6377fc8625aa2384d82c695e Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 11:27:40 -0500 Subject: [PATCH 30/34] Minor fix --- quick_jibri_installer.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 0feeb20..e03af6b 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -74,7 +74,7 @@ else # Seems to be an issue with your audio driver, # please review your hw setup. #--------------------------------------------------" - read -p + read -n 1 -s -r -p "Press any key to continue" fi } update_certbot() { @@ -216,7 +216,7 @@ if [ -f /usr/local/bin/chromedriver ]; then echo "Chromedriver already installed." else echo "Installing Chromedriver" - wget https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip + wget -q https://chromedriver.storage.googleapis.com/$CHD_VER/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/ chown root:root /usr/local/bin/chromedriver chmod 0755 /usr/local/bin/chromedriver -- 2.34.1 From 02d9b07fca4a63745070b14175a343b42792eb2c Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 11:52:10 -0500 Subject: [PATCH 31/34] Format adjustment --- quick_jibri_installer.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index e03af6b..c0a2e39 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -280,7 +280,7 @@ done #Dropbox while [[ $ENABLE_DB != yes && $ENABLE_DB != no ]] do -read -p "Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB +read -p "> Do you want to setup the Dropbox feature now: (yes or no)"$'\n' -r ENABLE_DB if [ $ENABLE_DB = no ]; then echo "Dropbox won't be enable" elif [ $ENABLE_DB = yes ]; then @@ -290,7 +290,7 @@ done #SSL LE while [[ $ENABLE_SSL != yes && $ENABLE_SSL != no ]] do -read -p "Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL +read -p "> Do you want to setup LetsEncrypt with your domain: (yes or no)"$'\n' -r ENABLE_SSL if [ $ENABLE_SSL = no ]; then echo "Please run letsencrypt.sh manually post-installation." elif [ $ENABLE_SSL = yes ]; then @@ -300,7 +300,7 @@ done #Brandless Mode while [[ $ENABLE_BLESSM != yes && $ENABLE_BLESSM != no ]] do -read -p "Do you want to install on custom \"Brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM +read -p "> Do you want to install on custom \"Brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM if [ $ENABLE_BLESSM = no ]; then echo "Brandless mode won't be set." elif [ $ENABLE_BLESSM = yes ]; then @@ -310,7 +310,7 @@ done #Jibri Records Access (JRA) via Nextcloud while [[ $ENABLE_NC_ACCESS != yes && $ENABLE_NC_ACCESS != no ]] do -read -p "Do you want to setup Jibri Records Access via Nextcloud: (yes or no)"$'\n' -r ENABLE_NC_ACCESS +read -p "> Do you want to setup Jibri Records Access via Nextcloud: (yes or no)"$'\n' -r ENABLE_NC_ACCESS if [ $ENABLE_NC_ACCESS = no ]; then echo "JRA via Nextcloud won't be enabled." elif [ $ENABLE_NC_ACCESS = yes ]; then @@ -320,7 +320,7 @@ done #Jigasi while [[ $ENABLE_TRANSCRIPT != yes && $ENABLE_TRANSCRIPT != no ]] do -read -p "Do you want to setup Jigasi Transcription: (yes or no)"$'\n' -r ENABLE_TRANSCRIPT +read -p "> Do you want to setup Jigasi Transcription: (yes or no)"$'\n' -r ENABLE_TRANSCRIPT if [ $ENABLE_TRANSCRIPT = no ]; then echo "Jigasi Transcription won't be enabled." elif [ $ENABLE_TRANSCRIPT = yes ]; then @@ -330,7 +330,7 @@ done #Enable static avatar while [[ "$ENABLE_SA" != "yes" && "$ENABLE_SA" != "no" ]] do -read -p "Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA +read -p "> Do you want to enable static avatar?: (yes or no)"$'\n' -r ENABLE_SA if [ "$ENABLE_SA" = "no" ]; then echo "Static avatar won't be enabled" elif [ "$ENABLE_SA" = "yes" ]; then @@ -340,7 +340,7 @@ done #Enable local audio recording while [[ "$ENABLE_LAR" != "yes" && "$ENABLE_LAR" != "no" ]] do -read -p "Do you want to enable local audio recording option?: (yes or no)"$'\n' -r ENABLE_LAR +read -p "> Do you want to enable local audio recording option?: (yes or no)"$'\n' -r ENABLE_LAR if [ "$ENABLE_LAR" = "no" ]; then echo "Local audio recording option won't be enabled" elif [ "$ENABLE_LAR" = "yes" ]; then @@ -350,7 +350,7 @@ done #Secure room initial user while [[ "$ENABLE_SC" != "yes" && "$ENABLE_SC" != "no" ]] do -read -p "Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC +read -p "> Do you want to enable secure rooms?: (yes or no)"$'\n' -r ENABLE_SC if [ "$ENABLE_SC" = "no" ]; then echo "-- Secure rooms won't be enabled." elif [ "$ENABLE_SC" = "yes" ]; then @@ -362,7 +362,7 @@ done #Welcome Page while [[ $ENABLE_WELCP != yes && $ENABLE_WELCP != no ]] do -read -p "Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP +read -p "> Do you want to disable the Welcome page: (yes or no)"$'\n' -r ENABLE_WELCP if [ $ENABLE_WELCP = yes ]; then echo "Welcome page will be disabled." elif [ $ENABLE_WELCP = no ]; then -- 2.34.1 From fca371d1da661377e8a99bf8e9171ee8ab8fa468 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 11:52:53 -0500 Subject: [PATCH 32/34] Restart service stopped. --- jra_nextcloud.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 9396791..01e9cb8 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -67,7 +67,6 @@ add_php74() { apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list apt update -qq - fi } @@ -306,11 +305,11 @@ letsencrypt certonly --standalone --renew-by-default --agree-tos -d $NC_DOMAIN if [ -f /etc/letsencrypt/live/$NC_DOMAIN/fullchain.pem ];then ln -s /etc/nginx/sites-available/$NC_DOMAIN.conf /etc/nginx/sites-enabled/ else - echo "There are issues on getting the SSL certs, exiting..." - exit + echo "There are issues on getting the SSL certs..." + read -n 1 -s -r -p "Press any key to continue" fi nginx -t -systemctl reload nginx +systemctl restart nginx echo " Latest version to be installed: $STABLEVERSION @@ -352,7 +351,6 @@ Addding & Setting up Files External App for Local storage... " sudo -u www-data php occ app:install files_external sudo -u www-data php occ app:enable files_external -#curl -s https://nc.switnet.net/s/r22QLNMYzLcay39/download > /tmp/jb-qnci-ef.json sudo -u www-data php $NC_PATH/occ files_external:import files/jb-qnci-ef.json usermod -a -G jibri www-data -- 2.34.1 From 92cfed6443b95fdda02ebd47dd1426b0b6effeae Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 14:17:42 -0500 Subject: [PATCH 33/34] Fix path and file name --- jra_nextcloud.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 01e9cb8..17faa70 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -324,7 +324,7 @@ chmod -R 755 $NC_PATH if $(dpkg --compare-versions "$NCVERSION" "le" "18.0.3"); then echo " -> Patching #425 (scssphp/src/Compiler.php)..." -sudo -u www-data patch -d "$NC_PATH/3rdparty/leafo/scssphp/src/" -p0 < files/patch_425_3dty.patch +sudo -u www-data patch -d "$NC_PATH/3rdparty/leafo/scssphp/src/" -p0 < $PWD/files/patch_425_3dty.patch fi echo " @@ -349,9 +349,9 @@ sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG echo " Addding & Setting up Files External App for Local storage... " -sudo -u www-data php occ app:install files_external -sudo -u www-data php occ app:enable files_external -sudo -u www-data php $NC_PATH/occ files_external:import files/jb-qnci-ef.json +sudo -u www-data php $NC_PATH/occ app:install files_external +sudo -u www-data php $NC_PATH/occ app:enable files_external +sudo -u www-data php $NC_PATH/occ files_external:import $PWD/files/jra-nc-app-ef.json usermod -a -G jibri www-data chown -R jibri:www-data $DIR_RECORD @@ -361,12 +361,12 @@ chmod -R g+s $DIR_RECORD echo " Fixing possible missing tables... " -echo "y"|sudo -u www-data php occ db:convert-filecache-bigint -sudo -u www-data php occ db:add-missing-indices +echo "y"|sudo -u www-data php $NC_PATH/occ db:convert-filecache-bigint +sudo -u www-data php $NC_PATH/occ db:add-missing-indices echo " Adding trusted domain... " -sudo -u www-data php occ config:system:set trusted_domains 0 --value=$NC_DOMAIN +sudo -u www-data php $NC_PATH/occ config:system:set trusted_domains 0 --value=$NC_DOMAIN echo "Quick Nextcloud installation complete!" -- 2.34.1 From c1ec98031703952ec9bbc245e48ead4997553ee3 Mon Sep 17 00:00:00 2001 From: Ark74 Date: Sat, 11 Apr 2020 14:19:12 -0500 Subject: [PATCH 34/34] Add and fix pauses --- quick_jibri_installer.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index c0a2e39..f5a900a 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -74,7 +74,8 @@ else # Seems to be an issue with your audio driver, # please review your hw setup. #--------------------------------------------------" - read -n 1 -s -r -p "Press any key to continue" +read -n 1 -s -r -p "Press any key to continue... +" fi } update_certbot() { @@ -112,6 +113,7 @@ Featuring: See more at: https://github.com/switnet-ltd/quick-jibri-installer/ ' +read -n 1 -s -r -p "Press any key to continue..." #Check if user is root if ! [ $(id -u) = 0 ]; then @@ -130,7 +132,7 @@ fi if [ "$DIST" = "xenial" ]; then echo "$(lsb_release -sc), even when it's compatible and functional. We suggest to use the next (LTS) release, for longer support and security reasons." -read -p "Enter any key to continue..." +read -n 1 -s -r -p "Press any key to continue..." fi # Jitsi-Meet Repo echo "Add Jitsi key" @@ -270,7 +272,7 @@ read -p "Set sysadmin email: "$'\n' -r SYSADMIN_EMAIL #Drop unsecure TLS while [[ $DROP_TLS1 != yes && $DROP_TLS1 != no ]] do -read -p "Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1 +read -p "> Do you want to drop support for unsecure protocols TLSv1.0/1.1 now: (yes or no)"$'\n' -r DROP_TLS1 if [ $DROP_TLS1 = no ]; then echo "TLSv1.0/1.1 will remain." elif [ $DROP_TLS1 = yes ]; then @@ -300,7 +302,7 @@ done #Brandless Mode while [[ $ENABLE_BLESSM != yes && $ENABLE_BLESSM != no ]] do -read -p "> Do you want to install on custom \"Brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM +read -p "> Do you want to install customized \"brandless mode\"?: (yes or no)"$'\n' -r ENABLE_BLESSM if [ $ENABLE_BLESSM = no ]; then echo "Brandless mode won't be set." elif [ $ENABLE_BLESSM = yes ]; then @@ -356,7 +358,7 @@ if [ "$ENABLE_SC" = "no" ]; then elif [ "$ENABLE_SC" = "yes" ]; then echo "-- Secure rooms will being enabled." read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER - read -p "Secure room moderator password: "$'\n' -sr SEC_ROOM_PASS + read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS fi done #Welcome Page -- 2.34.1