Scaling up and performance features. #22
|
@ -0,0 +1,52 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# JWT Mode Setup
|
||||||
|
# SwITNet Ltd © - 2020, https://switnet.net/
|
||||||
|
# GPLv3 or later.
|
||||||
|
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
|
||||||
|
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
|
||||||
|
APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)"
|
||||||
|
SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)"
|
||||||
|
echo $APP_ID && echo $SECRET_APP
|
||||||
|
|
||||||
|
## Required openssl for Focal 20.04
|
||||||
|
if [ "$(lsb_release -sc)" = "focal" ]; then
|
||||||
|
echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \
|
||||||
|
sudo tee /etc/apt/sources.list.d/rvm.list
|
||||||
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F4E3FBBE
|
||||||
|
apt-get update
|
||||||
|
fi
|
||||||
|
|
||||||
|
apt-get -y install \
|
||||||
|
lua5.2 \
|
||||||
|
liblua5.2 \
|
||||||
|
luarocks \
|
||||||
|
libssl1.0-dev \
|
||||||
|
python3-jwt
|
||||||
|
|
||||||
|
luarocks install basexx
|
||||||
|
luarocks install luacrypto
|
||||||
|
luarocks install lua-cjson 2.1.0-1
|
||||||
|
|
||||||
|
echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections
|
||||||
|
echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections
|
||||||
|
|
||||||
|
apt-get install -y jitsi-meet-tokens
|
||||||
|
|
||||||
|
#Setting up
|
||||||
|
sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" /etc/prosody/prosody.cfg.lua
|
||||||
|
sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua
|
||||||
|
sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua
|
||||||
|
|
||||||
|
#allow_empty_token = true
|
||||||
|
|
||||||
|
sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF
|
||||||
|
|
||||||
|
echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n"
|
||||||
|
pyjwt3 --key="$SECRET_APP" \
|
||||||
|
encode \
|
||||||
|
group="Rocket.Chat" \
|
||||||
|
aud="$APP_ID" \
|
||||||
|
iss="$APP_ID" \
|
||||||
|
sub="$DOMAIN" \
|
||||||
|
room="*" \
|
||||||
|
algorithm="HS256"
|
|
@ -510,8 +510,6 @@ do
|
||||||
"Local")
|
"Local")
|
||||||
echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n"
|
echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n"
|
||||||
ENABLE_SC="yes"
|
ENABLE_SC="yes"
|
||||||
read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER
|
|
||||||
read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS
|
|
||||||
break
|
break
|
||||||
;;
|
;;
|
||||||
"JWT")
|
"JWT")
|
||||||
|
@ -977,47 +975,22 @@ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered.
|
||||||
If you have issues with the password refer to your sysadmin."
|
If you have issues with the password refer to your sysadmin."
|
||||||
sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP
|
sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP
|
||||||
#Secure room initial user
|
#Secure room initial user
|
||||||
|
read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER
|
||||||
|
read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS
|
||||||
prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS
|
prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS
|
||||||
sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh
|
sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh
|
||||||
fi
|
fi
|
||||||
|
|
||||||
###JWT
|
###JWT
|
||||||
if [ "$ENABLE_JWT" = "yes" ]; then
|
if [ "$ENABLE_JWT" = "yes" ]; then
|
||||||
echo -e "\nJWT auth are being setup..."
|
echo -e "\nJWT auth is being setup..."
|
||||||
|
|
||||||
## Focal Openssl
|
bash $PWD/mode/jwt.sh
|
||||||
if [ "$(lsb_release -sc)" = "focal" ]; then
|
|
||||||
echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \
|
|
||||||
sudo tee /etc/apt/sources.list.d/rvm.list
|
|
||||||
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F4E3FBBE
|
|
||||||
apt-get update
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "No authentication method selected."
|
||||||
|
|
||||||
apt-get -y install \
|
read -n 1 -s -r -p "Press any key to continue..."$'\n'
|
||||||
lua5.2 \
|
|
||||||
liblua5.2 \
|
|
||||||
luarocks \
|
|
||||||
libssl1.0-dev \
|
|
||||||
python3-jwt
|
|
||||||
|
|
||||||
luarocks install basexx
|
|
||||||
luarocks install luacrypto
|
|
||||||
luarocks install lua-cjson 2.1.0-1
|
|
||||||
|
|
||||||
echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections
|
|
||||||
echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections
|
|
||||||
|
|
||||||
apt-get install -y jitsi-meet-tokens
|
|
||||||
|
|
||||||
#Setting up
|
|
||||||
sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" /etc/prosody/prosody.cfg.lua
|
|
||||||
sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua
|
|
||||||
sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua
|
|
||||||
|
|
||||||
#allow_empty_token = true
|
|
||||||
|
|
||||||
sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#Guest allow
|
#Guest allow
|
||||||
|
@ -1040,22 +1013,6 @@ VirtualHost "guest.$DOMAIN"
|
||||||
}
|
}
|
||||||
|
|
||||||
P_SR
|
P_SR
|
||||||
|
|
||||||
echo "Use the following for your App (e.g. Rocket.Chat):"
|
|
||||||
pyjwt3 --key="$SECRET_APP" \
|
|
||||||
encode \
|
|
||||||
group="Rocket.Chat" \
|
|
||||||
aud="$APP_ID" \
|
|
||||||
iss="$APP_ID" \
|
|
||||||
sub="$DOMAIN" \
|
|
||||||
room="*" \
|
|
||||||
algorithm="HS256"
|
|
||||||
|
|
||||||
else
|
|
||||||
echo "No authentication method selected."
|
|
||||||
|
|
||||||
read -n 1 -s -r -p "Press any key to continue..."$'\n'
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
#======================
|
#======================
|
||||||
#Start with video muted by default
|
#Start with video muted by default
|
||||||
|
|
Loading…
Reference in New Issue