diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bfb59d0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.swp +conf/*.conf diff --git a/README.install b/README.install index e66fb1d..49e9d01 100644 --- a/README.install +++ b/README.install @@ -14,6 +14,7 @@ FQND_HOSTNAME="meet.oopen.de" FQND_HOSTNAME="meet2.oopen.de" FQND_HOSTNAME="meet.faire-mobilitaet.de" +FQND_HOSTNAME="video.faire-mobilitaet.de" # 0.) Create new LX Container # @@ -44,14 +45,77 @@ FQND_HOSTNAME="meet.faire-mobilitaet.de" # cd /usr/local/src/nginx # ./install_nginx.sh +Adjust 'DefaultLimitNOFILE' file /etc/systemd/system.conf +if ! $(grep -q -E "^\s*DefaultLimitNOFILE=" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^(\s*#DefaultLimitNOFILE=.*)/\1\nDefaultLimitNOFILE=1048576/" \ + /etc/systemd/system.conf +elif ! $(grep -q -E "^\s*DefaultLimitNOFILE=1048576" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^\s*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=1048576/" \ + /etc/systemd/system.conf +fi + +Adjust 'DefaultLimitNPROC' file /etc/systemd/system.conf +if ! $(grep -q -E "^\s*DefaultLimitNPROC=" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^(\s*#DefaultLimitNPROC=.*)/\1\nDefaultLimitNPROC=1048576/" \ + /etc/systemd/system.conf +elif ! $(grep -q -E "^\s*DefaultLimitNPROC=1048576" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^\s*DefaultLimitNPROC=.*/DefaultLimitNPROC=1048576/" \ + /etc/systemd/system.conf +fi + +Adjust 'DefaultTasksMax' file /etc/systemd/system.conf +if ! $(grep -q -E "^\s*DefaultTasksMax=" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^(\s*#DefaultTasksMax=.*)/\1\nDefaultTasksMax=1048576/" \ + /etc/systemd/system.conf +elif ! $(grep -q -E "^\s*DefaultTasksMax=1048576" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^\s*DefaultTasksMax=.*/DefaultTasksMax=1048576/" \ + /etc/systemd/system.conf +fi + +Adjust 'DefaultLimitRTPRIO' file /etc/systemd/system.conf +if ! $(grep -q -E "^\s*DefaultLimitRTPRIO=" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^(\s*#DefaultLimitRTPRIO=.*)/\1\nDefaultLimitRTPRIO=infinity/" \ + /etc/systemd/system.conf +elif ! $(grep -q -E "^\s*DefaultLimitRTPRIO=infinity" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^\s*DefaultLimitRTPRIO=.*/DefaultLimitRTPRIO=infinity/" \ + /etc/systemd/system.conf +fi + +Adjust 'DefaultLimitRTTIME' file /etc/systemd/system.conf +if ! $(grep -q -E "^\s*DefaultLimitRTTIME=" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^(\s*#DefaultLimitRTTIME=.*)/\1\nDefaultLimitRTTIME=infinity/" \ + /etc/systemd/system.conf +elif ! $(grep -q -E "^\s*DefaultLimitRTTIME=infinity" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^\s*DefaultLimitRTTIME=.*/DefaultLimitRTTIME=infinity/" \ + /etc/systemd/system.conf +fi + +Adjust 'DefaultLimitCORE' file /etc/systemd/system.conf +if ! $(grep -q -E "^\s*DefaultLimitCORE=" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^(\s*#DefaultLimitCORE=.*)/\1\nDefaultLimitCORE=infinity/" \ + /etc/systemd/system.conf +elif ! $(grep -q -E "^\s*DefaultLimitCORE=infinity" /etc/systemd/system.conf 2> /dev/null); then + perl -i -n -p -e "s/^\s*DefaultLimitCORE=.*/DefaultLimitCORE=infinity/" \ + /etc/systemd/system.conf +fi + + +systemctl daemon-reload + + # 5.) Install 'dehydrated-cron' (Let's Encrypt Certificates) # -# cd /usr/local/src/dehydrated-cron -# ./install_dehydrated.sh +# Install Let's Encrypt Certificate +# +/usr/local/src/dehydrated-cron/install_dehydrated.sh + +# Adjust '/var/lib/dehydrated/domains.txt' +# cat <> /var/lib/dehydrated/domains.txt $FQND_HOSTNAME EOF + # Generate Certificate # /var/lib/dehydrated/cron/dehydrated_cron.sh @@ -103,6 +167,9 @@ apt-get update apt-get install jitsi-meet +# !! Adjust nginx configuration !! + + # Maybe reinstall of 'jitsi-meet-turnserver' is needed.. # # Note: not needed if 'unstable' packages are installed. @@ -111,8 +178,6 @@ apt-get install jitsi-meet # apt-get install --reinstall jitsi-meet-turnserver #fi - - cd /etc/nginx/modules-enabled # for streamin at leas module 'ngx_stream_module.so' is needed @@ -131,10 +196,6 @@ for _file in $(ls /usr/share/nginx/modules-available/) ; do echo $_file done -# Install Let's Encrypt Certificate -# -/usr/local/src/dehydrated-cron/install_dehydrated.sh - # Addjust file nginx vhost congiguration '/etc/nginx/sites-enabled/${FQND_HOSTNAME}.conf' # @@ -189,7 +250,7 @@ fi # Prepare configuration file for 'check_string_ps' # -if ! $(grep -q -E "^\s*check_string_ps=\"[[:digit:]]\\ /usr/bin/turnserver\"" \ +if ! $(grep -q -E "^\s*check_string_ps=\"\[\[:digit:\]\]\\\ /usr/bin/turnserver\"" \ /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then perl -i -n -p -e "s/^(#check_string_ps*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ \/usr\/bin\/turnserver\"/" \ /root/bin/monitoring/conf/check_cert_for_service.conf diff --git a/conf/jitsi.conf.sample b/conf/jitsi.conf.sample new file mode 100644 index 0000000..16df7fe --- /dev/null +++ b/conf/jitsi.conf.sample @@ -0,0 +1,13 @@ +#----------------------------------- +# Settings for Jitsi Install scripts +#----------------------------------- + +# FQHN_HOSTNAME +# +# The full qualified histname under which bbb service +# is available +# +# Defaults to full qualified hostname of the system +# +FQHN_HOSTNAME="" + diff --git a/jitsi-post-install.sh b/jitsi-post-install.sh new file mode 100755 index 0000000..87a6fe0 --- /dev/null +++ b/jitsi-post-install.sh @@ -0,0 +1,805 @@ +#!/usr/bin/env bash + +script_name="$(basename $(realpath $0))" +working_dir="$(dirname $(realpath $0))" + +#conf_file="${working_dir}/conf/${script_name%%.*}.conf" +conf_file="${working_dir}/conf/jitsi.conf" + +LOCK_DIR="/tmp/$(basename $0).$$.LOCK" +log_file="${LOCK_DIR}/${script_name%%.*}.log" + + +# ---------- +# Base Function(s) +# ---------- + +clean_up() { + + # Perform program exit housekeeping + rm -rf "$LOCK_DIR" + blank_line + exit $1 +} + +echononl(){ + if $terminal ; then + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n " $*\\c" 1>&2 + else + echo -e -n " $*" 1>&2 + fi + rm /tmp/shprompt$$ + fi +} +fatal(){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mFatal\033[m ] $*" + else + echo -e " [ Fatal ] $*" + fi + echo "" + if $terminal ; then + echo -e " \033[1mScript terminated\033[m.." + else + echo -e " Script terminated.." + fi + echo "" + rm -rf $LOCK_DIR + exit 1 +} +error (){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mError\033[m ] $*" + else + echo " [ Error ] $*" + fi + echo "" +} + +echo_ok() { + if $terminal ; then + echo -e "\033[85G[ \033[32mok\033[m ]" + fi +} +echo_failed(){ + if $terminal ; then + echo -e "\033[85G[ \033[1;31mfailed\033[m ]" + fi +} +echo_skipped() { + if $terminal ; then + echo -e "\033[85G[ \033[33m\033[1mskipped\033[m ]" + fi +} +echo_wait(){ + if $terminal ; then + echo -en "\033[85G[ \033[5m\033[1m..\033[m ]" + fi +} + +trim() { + local var="$*" + var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters + var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters + echo -n "$var" +} + +blank_line() { + if $terminal ; then + echo "" + fi +} + +detect_os () { + + if $(which lsb_release > /dev/null 2>&1) ; then + + DIST="$(lsb_release -i | awk '{print tolower($3)}')" + DIST_VERSION="$(lsb_release -r | awk '{print tolower($2)}')" + DIST_CODENAME="$(lsb_release -c | awk '{print tolower($2)}')" + + if [[ "$DIST" = "debian" ]]; then + if $(echo "$DIST_VERSION" | grep -q '\.') ; then + DIST_VERSION=$(echo "$DIST_VERSION" | cut --delimiter='.' -f1) + fi + fi + + elif [[ -e "/etc/os-release" ]]; then + + . /etc/os-release + + DIST=$ID + DIST_VERSION=${VERSION_ID} + + fi + + # remove whitespace from DIST and DIST_VERSION + DIST="${DIST// /}" + DIST_VERSION="${DIST_VERSION// /}" + +} + + + +# ---------- +# - Jobhandling +# ---------- + +# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM +# - +trap clean_up SIGHUP SIGINT SIGTERM + +# - Create lock directory '$LOCK_DIR" +# +mkdir "$LOCK_DIR" + + +# ---------- +# - Some checks .. +# ---------- + +# - Running in a terminal? +# - +if [[ -t 1 ]] ; then + terminal=true +else + fatal "Script must run in a terminal." +fi + + +# ========== +# - Begin Main Script +# ========== + +# ---------- +# - Headline +# ---------- + +if $terminal ; then + echo "" + echo -e "\033[1m----------\033[m" + echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m" + echo -e "\033[1m----------\033[m" +fi + + +# ---------- +# Read Configurations from $conf_file +# ---------- + + +# - Give your default values here +# - +DEFAULT_FQHN_HOSTNAME="$(hostname -f)" + +if [[ -f "$conf_file" ]]; then + source "$conf_file" +else + warn "No configuration file '$conf_file' present.\n + Loading default values.." +fi + +[[ -n "$FQHN_HOSTNAME" ]] && DEFAULT_FQHN_HOSTNAME="$FQHN_HOSTNAME" + + +blank_line +echononl "Detect distribution/release of running OS.." +detect_os > "$log_file" 2>&1 +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok +fi + + +FQHN_HOSTNAME= +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert full qualified hostname for BigBlueButton Service" +echo "" +if [[ -n "$DEFAULT_FQHN_HOSTNAME" ]]; then + while [[ "X${FQHN_HOSTNAME}" = "X" ]]; do + echononl "Full qualified hostname [${DEFAULT_FQHN_HOSTNAME}]: " + read FQHN_HOSTNAME + if [[ "X${FQHN_HOSTNAME}" = "X" ]]; then + FQHN_HOSTNAME=$DEFAULT_FQHN_HOSTNAME + fi + if [[ ! $FQHN_HOSTNAME =~ \. ]]; then + echo -e "\n\tGiven Host \033[33m\033[1m$FQHN_HOSTNAME\033[m seems not to be a full qualified hostname.\n" + FQHN_HOSTNAME="" + fi + done +else + while [[ "X${FQHN_HOSTNAME}" = "X" ]]; do + echononl "Full qualified hostname: " + read FQHN_HOSTNAME + if [[ "X${FQHN_HOSTNAME}" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mFull qualified hostname is reqired\033[m\n" + fi + if [[ ! $FQHN_HOSTNAME =~ \. ]]; then + echo -e "\n\tGiven Host \033[33m\033[1m$FQHN_HOSTNAME\033[m seems not to be a full qualified hostname.\n" + FQHN_HOSTNAME="" + fi + done +fi +HOSTNAME="${FQHN_HOSTNAME%%.*}" + +echo "" +echo "" +echo -e "\t\033[32mStart pre-install script for BigBlueButton Service with the following parameters\033[m" +echo "" +echo -e "\tFull qualified Hostname..: $FQHN_HOSTNAME" +echo -e "\tHostname.................: $HOSTNAME" +echo "" +echo -e "\tOS Distribution..........: $DIST" +echo -e "\tDistribution's codename..: $DIST_CODENAME" +echo "" +echononl "einverstanden (yes/no): " +read OK +OK=${OK,,} +while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do + echononl "Wrong entry! [yes/no]: " + read OK + OK=${OK,,} +done +[ $OK = "yes" ] || fatal Repeat with other settings.. + +echo "" +echo "" + + +echo +echo -e "\033[37m\033[1mInstall script checking if certificate/key of coTURN service is up-to-date..\033[m" +echo + + +# ------ +# Create configuration file for certification check of coTURN service +# ------ + +echononl "Create configuration file for certification check of coTURN service.." +if [[ ! -f "/root/bin/monitoring/conf/check_cert_for_service.conf" ]]; then + cp /root/bin/monitoring/conf/check_cert_for_service.conf.sample \ + /root/bin/monitoring/conf/check_cert_for_service.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + + +echononl "Prepare configuration file for 'service_name'.." +if ! $(grep -q -E "^\s*service_name=\"coTURN\"" /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#service_name.*)/#\1\nservice_name=\"coTURN\"/" \ + /root/bin/monitoring/conf/check_cert_for_service.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + + +echononl "Prepare configuration file for 'check_string_ps'.." +if ! $(grep -q -E "^\s*check_string_ps=\"\[\[:digit:\]\]\\\ /usr/bin/turnserver\"" \ + /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+check_string_ps*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ \/usr\/bin\/turnserver\"/" \ + /root/bin/monitoring/conf/check_cert_for_service.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'service_user'.." +if ! $(grep -q -E "^\s*service_user=\"turnserver\"" \ + /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+service_user.*)/#\1\nservice_user=\"turnserver\"/" \ + /root/bin/monitoring/conf/check_cert_for_service.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + + +echononl "Prepare configuration file for 'service_group'.." +if ! $(grep -q -E "^\s*service_group=\"turnserver\"" \ + /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+service_group.*)/#\1\nservice_group=\"turnserver\"/" \ + /root/bin/monitoring/conf/check_cert_for_service.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + + +echononl "Prepare configuration file for 'cert_installed'.." +# +if ! $(grep -q -E "^\s*cert_installed=\"/etc/ssl/fullchain.pem\"" \ + /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+cert_installed.*)/#\1\ncert_installed=\"\/etc\/ssl\/fullchain.pem\"/" \ + /root/bin/monitoring/conf/check_cert_for_service.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + + +echononl "Prepare configuration file for 'key_installed'.." +# +if ! $(grep -q -E "^\s*key_installed=\"/etc/ssl/privkey.pem\"" \ + /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+key_installed.*)/#\1\nkey_installed=\"\/etc\/ssl\/privkey.pem\"/" \ + /root/bin/monitoring/conf/check_cert_for_service.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'cert_newest'.." +# +if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/fullchain.pem\"" \ + /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then + perl -i -n -p -e \ + "s/^(#+cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/fullchain.pem\"/" \ + /root/bin/monitoring/conf/check_cert_for_service.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'key_newest'.." +# +if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/privkey.pem\"" \ + /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then + perl -i -n -p -e \ + "s/^(#+key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/privkey.pem\"/" \ + /root/bin/monitoring/conf/check_cert_for_service.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +blank_line + +echononl "Initial run of script 'check_cert_for_service.sh'.." +echo_wait +/root/bin/monitoring//check_cert_for_service.sh > "$log_file" 2>&1 +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok + if [[ -s "$log_file" ]] ; then + echo -e " +\033[32m----------\033[m +\033[1mOutput from :run of script 'check_cert_for_service.sh' was:\033[m + +$(cat "$log_file") +\033[32m----------\033[m +" + fi +fi + +blank_line + +# Add Cronjob for checcking if certificate/key of coTURN service is up to date +# +_failed=false +echononl "Add Cronjob for checcking if certificate/key of coTURN service is up-to-date.." +_crontab_tmp_file=/tmp/crontab_root.$$ +crontab -l > "$_crontab_tmp_file" 2> "$log_file" +if [[ $? -ne 0 ]]; then + _failed=true +fi + +if ! $(grep -q "/root/bin/monitoring/check_cert_for_service.sh" "$_crontab_tmp_file" 2>/dev/null) ; then + cat <> "$_crontab_tmp_file" 2>> "$log_file" + +# - Check if cert for coTURN service is up-to-date +# - +39 05 * * * /root/bin/monitoring/check_cert_for_service.sh +EOF + if [[ $? -ne 0 ]]; then + _failed=true + fi + crontab "$_crontab_tmp_file" + if [[ $? -ne 0 ]]; then + _failed=true + fi + rm -f "$_crontab_tmp_file" + if [[ $? -ne 0 ]]; then + _failed=true + fi + + if $_failed ; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + +else + echo_skipped +fi + +blank_line + +echo +echo -e "\033[37m\033[1mInstall script checking if certificate/key of Prosody service is up-to-date..\033[m" +echo + +# ------ +# Create configuration file for certification check of Prosody service +# ------ + +echononl "Create configuration file for certification check of Prosody service.." +if [[ ! -f "/root/bin/monitoring/conf/check_cert_for_prosody.conf" ]]; then + cp /root/bin/monitoring/conf/check_cert_for_prosody.conf.sample \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + + +echononl "Prepare configuration file for 'service_name'.." +if ! $(grep -q -E "^\s*service_domain=\"${FQHN_HOSTNAME}\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#service_domain.*)/#\1\nservice_domain=\"${FQHN_HOSTNAME}\"/" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +if ! $(grep -q -E "^\s*service_name=\"Prosody\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+service_name.*)/#\1\nservice_name=\"Prosody\"/" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'check_string_ps'.." +if ! $(grep -q -E "^\s*check_string_ps=\"\[\[:digit:\]\]\\\ lua\[\[:digit:\]\].\[\[:digit:\]\] /usr/bin/prosody\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+check_string_ps.*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ lua[[:digit:]].[[:digit:]] \/usr\/bin\/prosody\"/" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'service_user'.." +if ! $(grep -q -E "^\s*service_user=\"prosody\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+service_user.*)/#\1\nservice_user=\"prosody\"/" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'service_group'.." +if ! $(grep -q -E "^\s*service_group=\"prosody\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+service_group.*)/#\1\nservice_group=\"prosody\"/" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'cert_installed'.." +if ! $(grep -q -E "^\s*cert_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.crt\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+cert_installed.*)/#\1\ncert_installed=\"\/etc\/prosody\/certs\/${FQHN_HOSTNAME}.crt\"/" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'key_installed'.." +if ! $(grep -q -E "^\s*key_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.key\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then + perl -i -n -p -e "s/^(#+key_installed.*)/#\1\nkey_installed=\"\/etc\/prosody\/certs\/${FQHN_HOSTNAME}.key\"/" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'cert_newest'.." +if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/fullchain.pem\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then + perl -i -n -p -e \ + "s/^(#+cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/fullchain.pem\"/" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +echononl "Prepare configuration file for 'key_newest'.." +if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/privkey.pem\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then + perl -i -n -p -e \ + "s/^(#+key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/privkey.pem\"/" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +blank_line + +echononl "Initial run of script 'check_cert_for_prosody.sh'.." +echo_wait +/root/bin/monitoring/check_cert_for_prosody.sh > "$log_file" 2>&1 +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok + if [[ -s "$log_file" ]] ; then + echo -e " +\033[32m----------\033[m +\033[1mOutput from :run of script 'check_cert_for_prosody.sh' was:\033[m + +$(cat "$log_file") +\033[32m----------\033[m +" + fi +fi + +blank_line + +# Add Cronjob for checcking if certificate/key of Prosody service is up to date +# +_failed=false +echononl "Add Cronjob for checcking if certificate/key of Prosody service is up-to-date.." +_crontab_tmp_file=/tmp/crontab_root.$$ +crontab -l > "$_crontab_tmp_file" 2> "$log_file" +if [[ $? -ne 0 ]]; then + _failed=true +fi + +if ! $(grep -q "/root/bin/monitoring/check_cert_for_prosody.sh" "$_crontab_tmp_file" 2>/dev/null) ; then + cat <> "$_crontab_tmp_file" 2>> "$log_file" + +# - Check if cert(s) for Prosody service are up-zp-date +# - +13 05 * * * /root/bin/monitoring/check_cert_for_prosody.sh +EOF + if [[ $? -ne 0 ]]; then + _failed=true + fi + crontab "$_crontab_tmp_file" + if [[ $? -ne 0 ]]; then + _failed=true + fi + rm -f "$_crontab_tmp_file" + if [[ $? -ne 0 ]]; then + _failed=true + fi + + if $_failed ; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + +else + echo_skipped +fi + +blank_line + +echo +echo -e "\033[37m\033[1mConfigure Jitsi Meet..\033[m" +echo + +_failed=false +_changed=false +echononl "Adjust '/etc/jitsi/videobridge/sip-communicator.properties'.." +if ! $(grep -q -E "^\s*org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true" \ + /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file") ; then +cat <> /etc/jitsi/videobridge/sip-communicator.properties + +# disable the built-in webserver (required) +org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true +EOF + if [[ $? -ne 0 ]]; then + _failed=true + fi + _changed=true +fi + + +if ! $(grep -q -E "^\s*org.jitsi.videobridge.TCP_HARVESTER_PORT=4443" \ + /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file") ; then +cat <> /etc/jitsi/videobridge/sip-communicator.properties +# sometimes the above setting does not work, therefore we change the port too (required) +org.jitsi.videobridge.TCP_HARVESTER_PORT=4443 +# sometimes the above setting does not work, therefore we change the port too (required) +org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443 +EOF + if [[ $? -ne 0 ]]; then + _failed=true + fi + _changed=true +fi + +if ! $(grep -q -E "^\s*#+org.jitsi.videobridge.ENABLE_STATISTICS=false" \ + /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file") ; then +cat <> /etc/jitsi/videobridge/sip-communicator.properties +# disable statistics to third parties (optional) +# DOES NOT WORK +#org.jitsi.videobridge.ENABLE_STATISTICS=false +EOF + if [[ $? -ne 0 ]]; then + _failed=true + fi + _changed=true +fi + +if $_changed ; then + + if $_failed; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + + +echononl "Adjust '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.." +if ! $(grep -q -E "^\s*{ urls: 'stun.nextcloud.com:443' }" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> "$log_file") ; then + perl -i -n -p -e "s/((\s*)stunServers: \[.*)/\1\n\n\2 { urls: 'stun.nextcloud.com:443' },\n\2 { urls: 'stun.stunprotocol.org:3478' },\n\2 { urls: 'stun.services.mozilla.com:3478' },/" /etc/jitsi/meet/video.faire-mobilitaet.de-config.js + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + echo_skipped +fi + +blank_line + +echo +echo -e "\033[37m\033[1mRestart services..\033[m" +echo + +echononl "Restart prosody service.." +systemctl restart prosody > "$log_file" 2>&1 +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok +fi + +echononl "Restart jicofo service.." +systemctl restart prosody > "$log_file" 2>&1 +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok +fi + +echononl "Restart jitsi-videobridge2 service.." +systemctl restart jitsi-videobridge2 > "$log_file" 2>&1 +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok +fi + +clean_up 0