From fbe108909909585d1f880218e654fca9b46f668c Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 16 May 2020 13:42:22 +0200 Subject: [PATCH] add support for Jibri Streamin/Recording. --- conf/default_ports.conf | 4 +++ conf/main_ipv4.conf.sample | 22 ++++++++++++++++ conf/main_ipv6.conf.sample | 22 ++++++++++++++++ conf/post_decalrations.conf | 21 +++++++++++++++ ip6t-firewall-server | 50 +++++++++++++++++++++++++++++++++--- ipt-firewall-server | 51 ++++++++++++++++++++++++++++++++++--- 6 files changed, 162 insertions(+), 8 deletions(-) diff --git a/conf/default_ports.conf b/conf/default_ports.conf index a72d902..9d56233 100644 --- a/conf/default_ports.conf +++ b/conf/default_ports.conf @@ -59,6 +59,10 @@ standard_jitsi_tcp_ports="$standard_http_ports" standard_jitsi_udp_port_range="10000:20000" default_jitsi_dovecout_auth_port="$dovecot_external_auth_port" +# - Jibri Service +# - +default_jibri_out_port=5222 + # - TURN Server (Stun Server) (for Nextcloud 'talk' app) # - diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index 4d75f9b..5bfdfb8 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -403,6 +403,28 @@ jitsi_dovecot_auth=false jitsi_dovecot_host="" jitsi_dovecot_port="$default_jitsi_dovecout_auth_port" +# - Jibri extern Client Recording / Streamin +# - +jitsi_jibri_remote_auth=false +# - Remote Jibri servers +# - +# - blank separated list of ipv4 addresses +# - +jitsi_jibri_remote_ips="" +jitsi_jibri_remote_auth_port="$default_jibri_out_port" + + +# - Jibri Recording / Streaming Service +# - +# - blank separated list of ipv4 addresse +# - +jibri_server_ips="" +# - blank separated list of ipv4 addresse +# - +forward_jibri_server_ips="" +jibri_remote_jitsi_server="" +jibri_remote_auth_port="$default_jibri_out_port" + # - TURN Server (Stun Server) (for Nextcloud 'talk' app) # - diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index b313f7b..4edefb4 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -422,6 +422,28 @@ jitsi_dovecot_auth=false jitsi_dovecot_host="" jitsi_dovecot_port="$default_jitsi_dovecout_auth_port" +# - Jibri extern Client Recording / Streamin +# - +jitsi_jibri_remote_auth=false +# - Remote Jibri servers +# - +# - colon separated list of ipv6 addresses +# - +jitsi_jibri_remote_ips="" +jitsi_jibri_remote_auth_port="$default_jibri_out_port" + + +# - Jibri Recording / Streaming Service +# - +# - colon separated list of ipv6 addresses +# - +jibri_server_ips="" +# - colon separated list of ipv6 addresses +# - +forward_jibri_server_ips="" +jibri_remote_jitsi_server="" +jibri_remote_auth_port="$default_jibri_out_port" + # - TURN Server (Stun Server) (for Nextcloud 'talk' app) # - diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf index 626e081..45dc514 100644 --- a/conf/post_decalrations.conf +++ b/conf/post_decalrations.conf @@ -315,6 +315,27 @@ for _ip in $forward_jitsi_server_ips ; do forward_jitsi_server_ip_arr+=("$_ip") done +# --- +# - IP Addresses Remote Jibri Server +# --- +declare -a jitsi_jibri_remote_ip_arr +for _ip in $jitsi_jibri_remote_ips ; do + jitsi_jibri_remote_ip_arr+=("$_ip") +done + +# --- +# - IP Addresses Jibri Recording / Streaming Server +# --- +declare -a jibri_server_ip_arr +for _ip in $jibri_server_ips ; do + jibri_server_ip_arr+=("$_ip") +done +# DMZ +declare -a forward_jibri_server_ip_arr +for _ip in $forward_jibri_server_ips ; do + forward_jibri_server_ip_arr+=("$_ip") +done + # --- # - IP Addresses TURN Server (Stun Server) (for Nextcloud 'talk' app) # --- diff --git a/ip6t-firewall-server b/ip6t-firewall-server index 4328235..5d9c986 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -1756,7 +1756,7 @@ if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_mumble_server_ip_arr done fi - if [[ ${#forward_mumble_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then + if [[ ${#forward_mumble_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then for _ip in ${forward_mumble_server_ip_arr[@]} ; do $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT $ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT @@ -1786,7 +1786,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@ done fi - if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then + if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then for _ip in ${forward_jitsi_server_ip_arr[@]} ; do if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT @@ -1809,7 +1809,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@ done fi - if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then + if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then for _ip in ${forward_jitsi_server_ip_arr[@]} ; do $ip6t -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT $ip6t -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT @@ -1827,7 +1827,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@ $ip6t -A OUTPUT -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT fi - if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then + if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then $ip6t -A FORWARD -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT fi echo_done @@ -1838,6 +1838,48 @@ else echo_skipped fi +echononl "\t\tJitsi Remote Jibri Client" +if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] \ + && $jitsi_jibri_remote_auth \ + && [[ ${#jitsi_jibri_remote_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${jitsi_jibri_remote_ip_arr[@]} ; do + $ip6t -A INPUT -p tcp -s $_ip --dport $jitsi_jibri_remote_auth_port -m state --state NEW -j ACCEPT + done + + echo_done +else + echo_skipped +fi + + +# --- +# - Jibri Recording / Streaming Service +# --- + +echononl "\t\tJibri Recording / Streaming Service" +if [[ ${#jibri_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jibri_server_ip_arr[@]} -gt 0 ]]; then + + if [[ -z "$jibri_remote_jitsi_server" ]]; then + echo_skipped + else + if [[ ${#jibri_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${jibri_server_ip_arr[@]} ; do + $ip6t -A OUTPUT -p tcp -d $jibri_remote_jitsi_server --dport $jibri_remote_auth_port -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_jibri_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then + for _ip in ${forward_jibri_server_ip_arr[@]} ; do + $ip6t -A FORWARD -p tcp -d $jibri_remote_jitsi_server --dport $jibri_remote_auth_port -m state --state NEW -j ACCEPT + done + fi + + echo_done + fi +else + echo_skipped +fi + # --- # - TURN Service (for NC Talk App) diff --git a/ipt-firewall-server b/ipt-firewall-server index b48e3b2..f5bd0b7 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -2002,7 +2002,7 @@ if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_mumble_server_ip_arr done fi - if [[ ${#forward_mumble_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then + if [[ ${#forward_mumble_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then for _ip in ${forward_mumble_server_ip_arr[@]} ; do $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT $ipt -A FORWARD -p udp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT @@ -2032,7 +2032,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@ done fi - if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then + if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then for _ip in ${forward_jitsi_server_ip_arr[@]} ; do if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT @@ -2055,7 +2055,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@ done fi - if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then + if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then for _ip in ${forward_jitsi_server_ip_arr[@]} ; do $ipt -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT $ipt -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT @@ -2073,7 +2073,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@ $ipt -A OUTPUT -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT fi - if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then + if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then $ipt -A FORWARD -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT fi echo_done @@ -2084,6 +2084,49 @@ else echo_skipped fi +echononl "\t\tJitsi Remote Jibri Client" +if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] \ + && $jitsi_jibri_remote_auth \ + && [[ ${#jitsi_jibri_remote_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${jitsi_jibri_remote_ip_arr[@]} ; do + $ipt -A INPUT -p tcp -s $_ip --dport $jitsi_jibri_remote_auth_port -m state --state NEW -j ACCEPT + done + + echo_done +else + echo_skipped +fi + + +# --- +# - Jibri Recording / Streaming Service +# --- + +echononl "\t\tJibri Recording / Streaming Service" +if [[ ${#jibri_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jibri_server_ip_arr[@]} -gt 0 ]]; then + + if [[ -z "$jibri_remote_jitsi_server" ]]; then + echo_skipped + else + if [[ ${#jibri_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${jibri_server_ip_arr[@]} ; do + $ipt -A OUTPUT -p tcp -d $jibri_remote_jitsi_server --dport $jibri_remote_auth_port -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_jibri_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then + for _ip in ${forward_jibri_server_ip_arr[@]} ; do + $ipt -A FORWARD -p tcp -d $jibri_remote_jitsi_server --dport $jibri_remote_auth_port -m state --state NEW -j ACCEPT + done + fi + + echo_done + fi +else + echo_skipped +fi + + # --- # - TURN Service (for NC Talk App) # ---