From 6fa244a6313a70ee2061b689091ebb8175e88002 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 2 May 2020 19:57:08 +0200 Subject: [PATCH] Add script 'jitsi-auth-dovecot.sh'. Add/Justify some documentation. --- README.auth-basic | 101 +++++ README.auth-dovecot | 7 + README.authentication | 96 ----- README.install | 13 +- conf/jitsi.conf.sample | 26 ++ jitsi-auth-dovecot.sh | 906 +++++++++++++++++++++++++++++++++++++++++ jitsi-post-install.sh | 9 + 7 files changed, 1056 insertions(+), 102 deletions(-) create mode 100644 README.auth-basic create mode 100644 README.auth-dovecot delete mode 100644 README.authentication create mode 100755 jitsi-auth-dovecot.sh diff --git a/README.auth-basic b/README.auth-basic new file mode 100644 index 0000000..b99ce92 --- /dev/null +++ b/README.auth-basic @@ -0,0 +1,101 @@ +# ============================================================================ +# +# Enable authentication for Jitsi +# +# Self-hosted Jitsi server with authentication +# - https://dev.to/noandrea/self-hosted-jitsi-server-with-authentication-ie7 +# +# see also: +# - https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md +# +# - https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md +# +# ============================================================================ + +FQHN_HOSTNAME="jo.oopen.de" +FQHN_HOSTNAME="meet.oopen.de" +FQHN_HOSTNAME="meet2.oopen.de" +FQHN_HOSTNAME="meet.faire-mobilitaet.de" +FQHN_HOSTNAME="video.faire-mobilitaet.de" + +cp /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG +cp /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua.ORIG +cp /etc/jitsi/jicofo/sip-communicator.properties /etc/jitsi/jicofo/sip-communicator.properties.ORIG + + +# -- +# file: /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js +# -- + +# Section 'host' +# +# anonymousdomain: 'guest.${FQHN_HOSTNAME}, +# +if ! $(grep -q -E "^\s*anonymousdomain:\s+'guest.${FQHN_HOSTNAME}'\s*," \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2>/dev/null); then + perl -i -n -p -e "s#^((\s*)// anonymousdomain:.*)#\1\n\2anonymousdomain: 'guest.${FQHN_HOSTNAME}',#" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js +fi + +# Section 'host' +# +# authdomain: 'guest.${FQHN_HOSTNAME}, +# +if ! $(grep -q -E "^\s*authdomain:\s+'${FQHN_HOSTNAME}'\s*," \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2>/dev/null); then + perl -i -n -p -e "s#^((\s*)// authdomain:.*)#\1\n\2authdomain: '${FQHN_HOSTNAME}',#" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js +fi + + +# root Section (var config = {) +# +# Enable: +# +# requireDisplayName: true, +# +if ! $(grep -q -E "^\s*requireDisplayName:\s+true\s*," \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2>/dev/null); then + perl -i -n -p -e "s#^((\s*)// requireDisplayName:.*)#\1\n\2requireDisplayName: true,#" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js +fi + + +# --- +# file: /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua +# --- + + +# Root section of 'VirtualHost "${FQHN_HOSTNAME}"' +# +# authentication = "internal_plain" +# +if $(grep -q -E "^\s*authentication\s+=\s+\"anonymous\"" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua 2>/dev/null); then + perl -i -n -p -e "s/^(\s*)(authentication\s*=\s*\"anonymous\")/\1--\2\n\1authentication = \"internal_plain\"/" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua +fi + + +# Add Section 'VirtualHost "guest.${FQHN_HOSTNAME}"" +# +if ! $(grep -q -E "^\s*VirtualHost \"guest.${FQHN_HOSTNAME}\"" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua 2>/dev/null); then + cat <> /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua + +VirtualHost "guest.${FQHN_HOSTNAME}" + authentication = "anonymous" + c2s_require_encryption = false +EOF +fi + +# --- +# file: /etc/jitsi/jicofo/sip-communicator.properties +# --- + +if ! $(grep -q -E "^\s*org.jitsi.jicofo.auth.URL\s*=\s*XMPP:${FQHN_HOSTNAME}" \ + /etc/jitsi/jicofo/sip-communicator.properties 2>/dev/null); then + cat <> /etc/jitsi/jicofo/sip-communicator.properties +org.jitsi.jicofo.auth.URL=XMPP:${FQHN_HOSTNAME} +EOF +fi diff --git a/README.auth-dovecot b/README.auth-dovecot new file mode 100644 index 0000000..392b54f --- /dev/null +++ b/README.auth-dovecot @@ -0,0 +1,7 @@ + + +# --- +# 1. Cinfugure Jitsi Meet to authenticate agains Dovecot Auth Service +# --- + +/usr/local/src/jitsi/jitsi-auth-dovecot.sh diff --git a/README.authentication b/README.authentication deleted file mode 100644 index a1eca8d..0000000 --- a/README.authentication +++ /dev/null @@ -1,96 +0,0 @@ -# ============================================================================ -# Enable authentication for Jitsi -# -# Self-hosted Jitsi server with authentication -# - https://dev.to/noandrea/self-hosted-jitsi-server-with-authentication-ie7 -# -# see also: -# - https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md -# -# - https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md -# i============================================================================ - -FQND_HOSTNAME="meet.oopen.de" -FQND_HOSTNAME="meet.faire-mobilitaet.de" - -cp /etc/jitsi/meet/${FQND_HOSTNAME}-config.js /etc/jitsi/meet/${FQND_HOSTNAME}-config.js.ORIG -cp /etc/prosody/conf.avail/${FQND_HOSTNAME}.cfg.lua /etc/prosody/conf.avail/${FQND_HOSTNAME}.cfg.lua.ORIG -cp /etc/jitsi/jicofo/sip-communicator.properties /etc/jitsi/jicofo/sip-communicator.properties.ORIG - - -# -- -# file: /etc/jitsi/meet/${FQND_HOSTNAME}-config.js -# -- - -# Section 'host' -# -# anonymousdomain: 'guest.${FQND_HOSTNAME}, -# -if ! $(grep -q -E "^\s*anonymousdomain:\s+'guest.${FQND_HOSTNAME}'\s*," \ - /etc/jitsi/meet/${FQND_HOSTNAME}-config.js 2>/dev/null); then - perl -i -n -p -e "s#^((\s*)// anonymousdomain:.*)#\1\n\2anonymousdomain: 'guest.${FQND_HOSTNAME}',#" \ - /etc/jitsi/meet/${FQND_HOSTNAME}-config.js -fi - -# Section 'host' -# -# authdomain: 'guest.${FQND_HOSTNAME}, -# -if ! $(grep -q -E "^\s*authdomain:\s+'${FQND_HOSTNAME}'\s*," \ - /etc/jitsi/meet/${FQND_HOSTNAME}-config.js 2>/dev/null); then - perl -i -n -p -e "s#^((\s*)// authdomain:.*)#\1\n\2authdomain: '${FQND_HOSTNAME}',#" \ - /etc/jitsi/meet/${FQND_HOSTNAME}-config.js -fi - - -# root Section (var config = {) -# -# Enable: -# -# requireDisplayName: true, -# -if ! $(grep -q -E "^\s*requireDisplayName:\s+true\s*," \ - /etc/jitsi/meet/${FQND_HOSTNAME}-config.js 2>/dev/null); then - perl -i -n -p -e "s#^((\s*)// requireDisplayName:.*)#\1\n\2requireDisplayName: true,#" \ - /etc/jitsi/meet/${FQND_HOSTNAME}-config.js -fi - - -# --- -# file: /etc/prosody/conf.avail/${FQND_HOSTNAME}.cfg.lua -# --- - - -# Root section of 'VirtualHost "${FQND_HOSTNAME}"' -# -# authentication = "internal_plain" -# -if $(grep -q -E "^\s*authentication\s+=\s+\"anonymous\"" \ - /etc/prosody/conf.avail/${FQND_HOSTNAME}.cfg.lua 2>/dev/null); then - perl -i -n -p -e "s/^(\s*)(authentication\s*=\s*\"anonymous\")/\1--\2\n\1authentication = \"internal_plain\"/" \ - /etc/prosody/conf.avail/${FQND_HOSTNAME}.cfg.lua -fi - - -# Add Section 'VirtualHost "guest.${FQND_HOSTNAME}"" -# -if ! $(grep -q -E "^\s*VirtualHost \"guest.${FQND_HOSTNAME}\"" \ - /etc/prosody/conf.avail/${FQND_HOSTNAME}.cfg.lua 2>/dev/null); then - cat <> /etc/prosody/conf.avail/${FQND_HOSTNAME}.cfg.lua - -VirtualHost "guest.${FQND_HOSTNAME}" - authentication = "anonymous" - c2s_require_encryption = false -EOF -fi - -# --- -# file: /etc/jitsi/jicofo/sip-communicator.properties -# --- - -if ! $(grep -q -E "^\s*org.jitsi.jicofo.auth.URL\s*=\s*XMPP:${FQND_HOSTNAME}" \ - /etc/jitsi/jicofo/sip-communicator.properties 2>/dev/null); then - cat <> /etc/jitsi/jicofo/sip-communicator.properties -org.jitsi.jicofo.auth.URL=XMPP:${FQND_HOSTNAME} -EOF -fi diff --git a/README.install b/README.install index 00fbe73..8de107a 100644 --- a/README.install +++ b/README.install @@ -14,14 +14,15 @@ # Requirements: # # - webserver nginx is installed -# - lets encrypt certificates available for $FQDN_HOSTNAME +# - lets encrypt certificates available for $FQHN_HOSTNAME # ============================================================================= -FQND_HOSTNAME="meet.oopen.de" -FQND_HOSTNAME="meet2.oopen.de" -FQND_HOSTNAME="meet.faire-mobilitaet.de" -FQND_HOSTNAME="video.faire-mobilitaet.de" +FQHN_HOSTNAME="jo.oopen.de" +FQHN_HOSTNAME="meet.oopen.de" +FQHN_HOSTNAME="meet2.oopen.de" +FQHN_HOSTNAME="meet.faire-mobilitaet.de" +FQHN_HOSTNAME="video.faire-mobilitaet.de" # --- # 0.) Requirements @@ -76,7 +77,7 @@ cd /usr/local/src/dehydrated-cron # vim /var/lib/dehydrated/domains.txt # cat <> /var/lib/dehydrated/domains.txt -$FQND_HOSTNAME +$FQHN_HOSTNAME EOF /var/lib/dehydrated/cron/dehydrated_cron.sh diff --git a/conf/jitsi.conf.sample b/conf/jitsi.conf.sample index 444d182..1ec013e 100644 --- a/conf/jitsi.conf.sample +++ b/conf/jitsi.conf.sample @@ -19,3 +19,29 @@ FQHN_HOSTNAME="" # Defaults to: JITSI_REPOSITORY_VERSION="stable" # #JITSI_REPOSITORY_VERSION="" + + +# DOVECOT_HOSTNAME +# +# Hostname of machine supporting Dovecot Auth Service +# +# Only needed if that type of authenticaten is provided +# +#DOVECOT_HOSTNAME="" + + +# DOVECOT_AUTH_PORT +# +# Port on which Dovecot Auth Service is provided +# +# Defaults to: DOVECOT_AUTH_PORT=444444 +# +#DOVECOT_AUTH_PORT="" + +# DOVECOT_AUTH_DOMAIN +# +# Domain agains authentication should work +# +# No default value +# +#DOVECOT_AUTH_DOMAIN="" diff --git a/jitsi-auth-dovecot.sh b/jitsi-auth-dovecot.sh new file mode 100755 index 0000000..7a5f9d0 --- /dev/null +++ b/jitsi-auth-dovecot.sh @@ -0,0 +1,906 @@ +#!/usr/bin/env bash + +script_name="$(basename $(realpath $0))" +working_dir="$(dirname $(realpath $0))" + +#conf_file="${working_dir}/conf/${script_name%%.*}.conf" +conf_file="${working_dir}/conf/jitsi.conf" + +LOCK_DIR="/tmp/$(basename $0).$$.LOCK" +log_file="${LOCK_DIR}/${script_name%%.*}.log" + + +# ---------- +# Base Function(s) +# ---------- + +clean_up() { + + # Perform program exit housekeeping + rm -rf "$LOCK_DIR" + blank_line + exit $1 +} + +echononl(){ + if $terminal ; then + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n " $*\\c" 1>&2 + else + echo -e -n " $*" 1>&2 + fi + rm /tmp/shprompt$$ + fi +} +fatal(){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mFatal\033[m ] $*" + else + echo -e " [ Fatal ] $*" + fi + echo "" + if $terminal ; then + echo -e " \033[1mScript terminated\033[m.." + else + echo -e " Script terminated.." + fi + echo "" + rm -rf $LOCK_DIR + exit 1 +} +error (){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mError\033[m ] $*" + else + echo " [ Error ] $*" + fi + echo "" +} + +warn (){ + echo "" + if $terminal ; then + echo -e " [ \033[33m\033[1mWarning\033[m ] $*" + else + echo " [ Error ] $*" + fi + echo "" +} + +notice (){ + echo "" + if $terminal ; then + echo -e " [ \033[33m\033[1mNotice\033[m ] $*" + else + echo " [ Error ] $*" + fi + echo "" +} + +info (){ + if $terminal ; then + echo "" + if $terminal ; then + echo -e " [ \033[32m\033[1mInfo\033[m ] $*" + else + echo " [ Info ] $*" + fi + echo "" + fi +} + +echo_ok() { + if $terminal ; then + echo -e "\033[85G[ \033[32mok\033[m ]" + fi +} +echo_done() { + if $terminal ; then + echo -e "\033[85G[ \033[32mdone\033[m ]" + fi +} +echo_failed(){ + if $terminal ; then + echo -e "\033[85G[ \033[1;31mfailed\033[m ]" + fi +} +echo_skipped() { + if $terminal ; then + echo -e "\033[85G[ \033[33m\033[1mskipped\033[m ]" + fi +} +echo_wait(){ + if $terminal ; then + echo -en "\033[85G[ \033[5m\033[1m..\033[m ]" + fi +} + +trim() { + local var="$*" + var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters + var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters + echo -n "$var" +} + +blank_line() { + if $terminal ; then + echo "" + fi +} + +detect_os () { + + if $(which lsb_release > /dev/null 2>&1) ; then + + DIST="$(lsb_release -i | awk '{print tolower($3)}')" + DIST_VERSION="$(lsb_release -r | awk '{print tolower($2)}')" + DIST_CODENAME="$(lsb_release -c | awk '{print tolower($2)}')" + + if [[ "$DIST" = "debian" ]]; then + if $(echo "$DIST_VERSION" | grep -q '\.') ; then + DIST_VERSION=$(echo "$DIST_VERSION" | cut --delimiter='.' -f1) + fi + fi + + elif [[ -e "/etc/os-release" ]]; then + + . /etc/os-release + + DIST=$ID + DIST_VERSION=${VERSION_ID} + + fi + + # remove whitespace from DIST and DIST_VERSION + DIST="${DIST// /}" + DIST_VERSION="${DIST_VERSION// /}" + +} + + + +# ---------- +# - Jobhandling +# ---------- + +# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM +# - +trap clean_up SIGHUP SIGINT SIGTERM + +# - Create lock directory '$LOCK_DIR" +# +mkdir "$LOCK_DIR" + + +# ---------- +# - Some checks .. +# ---------- + +# - Running in a terminal? +# - +if [[ -t 1 ]] ; then + terminal=true +else + fatal "Script must run in a terminal." +fi + + +# ========== +# - Begin Main Script +# ========== + +# ---------- +# - Headline +# ---------- + +if $terminal ; then + echo "" + echo -e "\033[1m----------\033[m" + echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m" + echo -e "\033[1m----------\033[m" +fi + + +# ---------- +# Read Configurations from $conf_file +# ---------- + + +# - Give your default values here +# - +DEFAULT_FQHN_HOSTNAME="$(hostname -f)" +DEFAULT_DOVECOT_AUTH_PORT=44444 +# Prosody external module path +DEFAULT_PROSODY_EXT_MOD_PATH="/usr/local/lib/prosody/modules" +restart_needed=false + +if [[ -f "$conf_file" ]]; then + source "$conf_file" +else + warn "No configuration file '$conf_file' present.\n + Loading default values.." +fi + +[[ -n "$FQHN_HOSTNAME" ]] && DEFAULT_FQHN_HOSTNAME="$FQHN_HOSTNAME" +[[ -n "$DOVECOT_HOSTNAME" ]] && DEFAULT_DOVECOT_HOSTNAME="$DOVECOT_HOSTNAME" +[[ -n "$PROSODY_EXT_MOD_PATH" ]] && DEFAULT_PROSODY_EXT_MOD_PATH="$PROSODY_EXT_MOD_PATH" +[[ -n "$DOVECOT_AUTH_DOMAIN" ]] && DEFAULT_DOVECOT_AUTH_DOMAIN="$DOVECOT_AUTH_DOMAIN" + + +blank_line +echononl "Detect distribution/release of running OS.." +detect_os > "$log_file" 2>&1 +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok +fi + + +FQHN_HOSTNAME= +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert full qualified hostname (FQHN) for Jitsi-Meet Service" +echo "" +if [[ -n "$DEFAULT_FQHN_HOSTNAME" ]]; then + while [[ "X${FQHN_HOSTNAME}" = "X" ]]; do + echononl "FQHN Jitsi-Meet Service is reqired [${DEFAULT_FQHN_HOSTNAME}]: " + read FQHN_HOSTNAME + if [[ "X${FQHN_HOSTNAME}" = "X" ]]; then + FQHN_HOSTNAME=$DEFAULT_FQHN_HOSTNAME + fi + if [[ ! $FQHN_HOSTNAME =~ \. ]]; then + echo -e "\n\tGiven Host \033[33m\033[1m$FQHN_HOSTNAME\033[m seems not to be a full qualified hostname.\n" + FQHN_HOSTNAME="" + fi + done +else + while [[ "X${FQHN_HOSTNAME}" = "X" ]]; do + echononl "FQHN Jitsi-Meet Service: " + read FQHN_HOSTNAME + if [[ "X${FQHN_HOSTNAME}" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mFQHN Jitsi-Meet Service is reqired\033[m\n" + fi + if [[ ! $FQHN_HOSTNAME =~ \. ]]; then + echo -e "\n\tGiven Host \033[33m\033[1m$FQHN_HOSTNAME\033[m seems not to be a full qualified hostname.\n" + FQHN_HOSTNAME="" + fi + done +fi +HOSTNAME="${FQHN_HOSTNAME%%.*}" + + +_found=false +while IFS='' read -r _line || [[ -n $_line ]] ; do + + + if ! $_found && echo "$_line" | grep -i -E "^\s*VirtualHost\s+\"${FQHN_HOSTNAME}\"" > /dev/null 2>&1 ; then + _found=true + fi + + if $_found && echo "$_line" | grep -i -E "^\s*$" ; then + _found=false + fi + + if $_found && echo "$_line" | grep -i -q -E "^\s*authentication\s+=\s+" 2> /dev/null ; then + _auth="$(echo "$_line" | awk '{print$3}' | tr -d '"')" + fi + +done < "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua" + +if [[ "$_auth" != "anonymous" ]] && [[ "$_auth" != "dovecot" ]]; then + fatal "Another Authentication Module is running on this domain. Please uninstall it first." +fi + +DOVECOT_HOSTNAME="" +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert full qualified hostname (FQHN) of Dovecot Auth Service" +echo "" +if [[ -n "$DEFAULT_DOVECOT_HOSTNAME" ]]; then + while [[ "X${DOVECOT_HOSTNAME}" = "X" ]]; do + echononl "FQHN Dovecot Auth Service [${DEFAULT_DOVECOT_HOSTNAME}]: " + read DOVECOT_HOSTNAME + if [[ "X${DOVECOT_HOSTNAME}" = "X" ]]; then + DOVECOT_HOSTNAME=$DEFAULT_DOVECOT_HOSTNAME + fi + if [[ ! $DOVECOT_HOSTNAME =~ \. ]]; then + echo -e "\n\tGiven Host \033[33m\033[1m$DOVECOT_HOSTNAME\033[m seems not to be a full qualified hostname.\n" + DOVECOT_HOSTNAME="" + fi + done +else + while [[ "X${DOVECOT_HOSTNAME}" = "X" ]]; do + echononl "FQHN Dovecot Auth Service: " + read DOVECOT_HOSTNAME + if [[ "X${DOVECOT_HOSTNAME}" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mFQHN Dovecot Auth Service is reqired\033[m\n" + fi + if [[ ! $DOVECOT_HOSTNAME =~ \. ]]; then + echo -e "\n\tGiven Host \033[33m\033[1m$DOVECOT_HOSTNAME\033[m seems not to be a full qualified hostname.\n" + DOVECOT_HOSTNAME="" + fi + done +fi + +DOVECOT_AUTH_PORT="" +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert Port of Dovecot Auth Service" +echo "" +if [[ -n "$DEFAULT_DOVECOT_AUTH_PORT" ]]; then + while [[ "X${DOVECOT_AUTH_PORT}" = "X" ]]; do + echononl "Port of Dovecot Auth Service [${DEFAULT_DOVECOT_AUTH_PORT}]: " + read DOVECOT_AUTH_PORT + if [[ "X${DOVECOT_AUTH_PORT}" = "X" ]]; then + DOVECOT_AUTH_PORT=$DEFAULT_DOVECOT_AUTH_PORT + fi + done +else + while [[ "X${DOVECOT_AUTH_PORT}" = "X" ]]; do + echononl "Port of Dovecot Auth Service: " + read DOVECOT_AUTH_PORT + if [[ "X${DOVECOT_AUTH_PORT}" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mFQHN Dovecot Auth Service is reqired\033[m\n" + fi + done +fi + +DOVECOT_AUTH_DOMAIN="" +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert mail domain agains authentication should work" +echo "" +if [[ -n "$DEFAULT_DOVECOT_AUTH_DOMAIN" ]]; then + while [[ "X${DOVECOT_AUTH_DOMAIN}" = "X" ]]; do + echononl "Dovecot Auth Domain [${DEFAULT_DOVECOT_AUTH_DOMAIN}]: " + read DOVECOT_AUTH_DOMAIN + if [[ "X${DOVECOT_AUTH_DOMAIN}" = "X" ]]; then + DOVECOT_AUTH_DOMAIN=$DEFAULT_DOVECOT_AUTH_DOMAIN + fi + done +else + while [[ "X${DOVECOT_AUTH_DOMAIN}" = "X" ]]; do + echononl "Dovecot Auth Domain: " + read DOVECOT_AUTH_DOMAIN + if [[ "X${DOVECOT_AUTH_DOMAIN}" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mDovecot Auth Domain is reqired\033[m\n" + fi + done +fi + +PROSODY_EXT_MOD_PATH="" +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert path to external prosody modules." +echo "" +if [[ -n "$DEFAULT_PROSODY_EXT_MOD_PATH" ]]; then + while [[ "X${PROSODY_EXT_MOD_PATH}" = "X" ]]; do + echononl "Path to external Prosody Modules [${DEFAULT_PROSODY_EXT_MOD_PATH}]: " + read PROSODY_EXT_MOD_PATH + if [[ "X${PROSODY_EXT_MOD_PATH}" = "X" ]]; then + PROSODY_EXT_MOD_PATH=$DEFAULT_PROSODY_EXT_MOD_PATH + fi + done +else + while [[ "X${PROSODY_EXT_MOD_PATH}" = "X" ]]; do + echononl "Path to external Prosody Modules: " + read PROSODY_EXT_MOD_PATH + if [[ "X${PROSODY_EXT_MOD_PATH}" = "X" ]]; then + echo -e "\n\t\033[33m\033[1mThe Module Path is reqired\033[m\n" + fi + done +fi + + +echo "" +echo "" +echo -e "\t\033[32mStart pre-install script for BigBlueButton Service with the following parameters\033[m" +echo "" +echo -e "\tFull qualified Hostname............: $FQHN_HOSTNAME" +echo -e "\tHostname...........................: $HOSTNAME" +echo "" +echo -e "\tHost Dovecot Auth Service..........: $DOVECOT_HOSTNAME" +echo -e "\tPort Dovecot Auth Service..........: $DOVECOT_AUTH_PORT" +echo "" +echo -e "\tAuth (Mail) Domain.................: $DOVECOT_AUTH_DOMAIN" +echo "" +echo -e "\tPath to external Prosody Modules...: $PROSODY_EXT_MOD_PATH" +echo "" +echononl "einverstanden (yes/no): " +read OK +OK=${OK,,} +while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do + echononl "Wrong entry! [yes/no]: " + read OK + OK=${OK,,} +done +[ $OK = "yes" ] || fatal Repeat with other settings.. + +echo "" +echo "" + +echo +echo -e "\033[37m\033[1mSome Pre-installation stuff..\033[m" +echo + +echononl "Install distributed revision-control tool 'Mercurial'" +if ! $(dpkg -s nginx-extras > "$log_file" 2>&1) ; then + DEBIAN_FRONTEND=noninteractive apt-get install -y mercurial > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi +else + echo_skipped +fi + +echononl "Clone (exernal) Prosody modules to '/usr/local/src/prosody-modules'.." +if [[ ! -d "/usr/local/src/prosody-modules" ]] ; then + hg clone https://hg.prosody.im/prosody-modules/ /usr/local/src/prosody-modules > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi +else + echo_skipped +fi + +echononl "Create target directory '$(dirname "${PROSODY_EXT_MOD_PATH}")'.." +if [[ ! -d "$(dirname "${PROSODY_EXT_MOD_PATH}")" ]] ; then + mkdir "$(dirname "${PROSODY_EXT_MOD_PATH}")" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi +else + echo_skipped +fi + +echononl "Create Symlink to mercuries prosody-modules repository.." +if [[ ! -h "$PROSODY_EXT_MOD_PATH" ]]; then + ln -s "/usr/local/src/prosody-modules" "${PROSODY_EXT_MOD_PATH}" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi +else + echo_skipped +fi + + +echo +echo -e "\033[37m\033[1mConfigure Prosody for authentication against dovecot..\033[m" +echo + +echononl "Register Path to external modules.." +if ! $(grep -q -E "^\s*plugin_paths\s+=\s+.*\"${PROSODY_EXT_MOD_PATH}\"" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua 2> /dev/null) ; then + perl -i -n -p -e "s#^(\s*plugin_paths\s+=\s+{.*)}#\1, \"${PROSODY_EXT_MOD_PATH}\"}#" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi +else + echo_skipped +fi + + + +_temp_prosody_config_created=false +if [[ "$_auth" = "dovecot" ]]; then + + echononl "Set parameter 'dovecot_auth_host'.." + if ! $(grep -q -E "^\s*dovecot_auth_host\s*=\s*\"${DOVECOT_HOSTNAME}\"" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua 2> /dev/null); then + perl -i -n -p -e "s/^(\s*dovecot_auth_host).*/\1 = \"${DOVECOT_HOSTNAME}\"/" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + else + echo_skipped + fi + + echononl "Set parameter 'dovecot_auth_port'.." + if ! $(grep -q -E "^\s*dovecot_auth_port\s*=\s*\"${DOVECOT_AUTH_PORT}\"" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua 2> /dev/null); then + perl -i -n -p -e "s/^(\s*dovecot_auth_port).*/\1 = \"${DOVECOT_AUTH_PORT}\"/" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + else + echo_skipped + fi + + echononl "Set parameter 'auth_append_host'.." + if ! $(grep -q -E "^\s*auth_append_host\s*=\s*true" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua 2> /dev/null); then + perl -i -n -p -e "s/^(\s*auth_append_host).*/\1 = true/" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + else + echo_skipped + fi + + echononl "Append Sections for guest (joining an existent cinference).." + if ! $(grep -q -E "^\s*VirtualHost\s+\"guest.${FQHN_HOSTNAME}\"" \ + /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua 2> /dev/null); then + cat <> /etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua 2> "$log_file" + +VirtualHost "guest.${FQHN_HOSTNAME}" + authentication = "anonymous" + c2s_require_encryption = false +EOF + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + else + echo_skipped + fi + +else + + _found=false + echononl "Create temporary configuration '${FQHN_HOSTNAME}.cfg.lua'.." + + :> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua + while IFS='' read -r _line || [[ -n $_line ]] ; do + + if ! $_found && echo "$_line" | grep -i -E "^\s*VirtualHost\s+\"${FQHN_HOSTNAME}\"" > /dev/null 2>&1 ; then + _found=true + fi + + if $_found && echo "$_line" | grep -i -q -E "^\s*authentication\s+=\s+" 2> /dev/null ; then + cat <> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua + authentication = "dovecot" + dovecot_auth_host = "${DOVECOT_HOSTNAME}" + dovecot_auth_port = "${DOVECOT_AUTH_PORT}" + auth_append_host = true +EOF + _found=false + else + echo "$_line" >> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua + fi + + done < "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua" + + if ! $(grep -q -E "^\s*VirtualHost\s+\"guest.${FQHN_HOSTNAME}\"" \ + /etc/prosody/conf.avail/${PROSODY_EXT_MOD_PATH}.cfg.lua 2> /dev/null); then + cat <> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua + +VirtualHost "guest.${FQHN_HOSTNAME}" + authentication = "anonymous" + c2s_require_encryption = false +EOF + fi + + echo_done + + restart_needed=true + _temp_prosody_config_created=true + +fi + +echononl "Copy created file '${FQHN_HOSTNAME}.cfg.lua' back.." +if $_temp_prosody_config_created ; then + cp -a "${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua" "/etc/prosody/conf.avail/" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi +else + echo_skipped +fi + + +echononl "Backup '.../mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua'.." +if [[ ! -f "/usr/local/lib/prosody/modules/mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua.ORIG" ]]; then + cp -a "/usr/local/lib/prosody/modules/mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua" \ + "/usr/local/lib/prosody/modules/mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua.ORIG" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi +else + echo_skipped +fi + +_found=false +_tmp_prosody_module_patched=false +echononl "Patch Prosody module 'auth_dovecot'.." +if ! $(grep -q -E "^\s*if\s+module.host\s+==\s+(\"|')${FQHN_HOSTNAME}\"\s+then" \ + /usr/local/lib/prosody/modules/mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua 2> /dev/null) ; then + while IFS='' read -r _line || [[ -n $_line ]] ; do + + if ! $_found && echo "$_line" | grep -i -E "^\s*if\s+append_host\s+then" 2> /dev/null ; then + _found=true + fi + + if $_found && echo "$_line" | grep -i -E "^\s*return\s+new_sasl\(module.host\):plain_test" 2> /dev/null ; then + cat <> "${LOCK_DIR}/mod_auth_dovecot.lua" + if module.host == "${FQHN_HOSTNAME}" then + return new_sasl(module.host):plain_test(username .. "@".. ("${DOVECOT_AUTH_DOMAIN}"), password) == "success"; + else +EOF + echo " $_line" >> "${LOCK_DIR}/mod_auth_dovecot.lua" + + cat <> "${LOCK_DIR}/mod_auth_dovecot.lua" + end +EOF + _found=false + else + echo "$_line" >> "${LOCK_DIR}/mod_auth_dovecot.lua" + fi + + done < "/usr/local/lib/prosody/modules/mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua" + + + echo_done + + restart_needed=true + _tmp_prosody_module_patched=true + +else + echo_skipped +fi + +echo " Copy created file 'mod_auth_dovecot.lua' to folder" +echononl " '/usr/local/lib/prosody/modules/mod_auth_dovecot/auth_dovecot/'.." +if $_tmp_prosody_module_patched ; then + cp -a "${LOCK_DIR}/mod_auth_dovecot.lua" \ + "/usr/local/lib/prosody/modules/mod_auth_dovecot/auth_dovecot/" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi +else + echo_skipped +fi + + + + +echo +echo -e "\033[37m\033[1mConfigure Jeetsi Meet for dovecot authentication..\033[m" +echo + +_key="anonymousdomain" +# Note: set single quotes for val here if needed. +# +_val="'guest.${FQHN_HOSTNAME}'" +echononl "Set '$_key' file: /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js .." +if ! $(grep -q -E "^\s*$_key:\s+$_val," \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> /dev/null) ; then + if $(grep -q -E "^\s*$_key:" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> /dev/null) ; then + perl -i -n -p -e "s/^(\s*$_key:).*/\1 $_val,/" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + elif $(grep -q -E "^\s*//\s*$_key:" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> /dev/null) ; then + perl -i -n -p -e "s#^((\s*)//\s*$_key:.*)#\1\n\2$_key: $_val,#" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + else + echo echo_failed + error "Setting parameter $_key (/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js) failed." + fi +else + echo_skipped +fi + +_key="authdomain" +# Note: set single quotes for val here if needed. +# +_val="'${FQHN_HOSTNAME}'" +echononl "Set '$_key' file: /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js .." +if ! $(grep -q -E "^\s*$_key:\s+$_val," \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> /dev/null) ; then + if $(grep -q -E "^\s*$_key:" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> /dev/null) ; then + perl -i -n -p -e "s/^(\s*$_key:).*/\1 $_val,/" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + elif $(grep -q -E "^\s*//\s*$_key:" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> /dev/null) ; then + perl -i -n -p -e "s#^((\s*)//\s*$_key:.*)#\1\n\2$_key: $_val,#" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + else + echo echo_failed + error "Setting parameter $_key (/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js) failed." + fi +else + echo_skipped +fi + +_key="requireDisplayName" +# Note: set single quotes for val here if needed. +# +_val="true" +echononl "Set '$_key' file: /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js .." +if ! $(grep -q -E "^\s*$_key:\s+$_val," \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> /dev/null) ; then + if $(grep -q -E "^\s*$_key:" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> /dev/null) ; then + perl -i -n -p -e "s/^(\s*$_key:).*/\1 $_val,/" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + elif $(grep -q -E "^\s*//\s*$_key:" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> /dev/null) ; then + perl -i -n -p -e "s#^((\s*)//\s*$_key:.*)#\1\n\2$_key: $_val,#" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi + else + echo echo_failed + error "Setting parameter $_key (/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js) failed." + fi +else + echo_skipped +fi + +echononl "Adjust file '/etc/jitsi/jicofo/sip-communicator.properties'.." +if ! $(grep -q -E "^\s*org.jitsi.jicofo.auth.URL\s*=\s*XMPP:${FQHN_HOSTNAME}" \ + /etc/jitsi/jicofo/sip-communicator.properties 2>/dev/null); then + cat <> /etc/jitsi/jicofo/sip-communicator.properties +org.jitsi.jicofo.auth.URL=XMPP:${FQHN_HOSTNAME} +EOF + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + restart_needed=true + fi +else + echo_skipped +fi + + +echo +echo -e "\033[37m\033[1mRestart services..\033[m" +echo + + +if $restart_needed ; then + echononl "Restart prosody service.." + systemctl restart prosody > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + + echononl "Restart jicofo service.." + systemctl restart prosody > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + + echononl "Restart jitsi-videobridge2 service.." + systemctl restart jitsi-videobridge2 > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + + echononl "Restart Nginx webservice.." + systemctl restart nginx > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +fi + + + + + +if $_temp_prosody_config_created ; then + notice "Please check file '/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua'" +fi + +if $_tmp_prosody_module_patched ; then + notice "Please check file '/usr/local/lib/prosody/modules/mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua'" +fi + +clean_up 0 + diff --git a/jitsi-post-install.sh b/jitsi-post-install.sh index eab88c4..04e15a0 100755 --- a/jitsi-post-install.sh +++ b/jitsi-post-install.sh @@ -1214,6 +1214,15 @@ else echo_ok fi +echononl "Restart Nginx webservice.." +systemctl restart nginx > "$log_file" 2>&1 +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok +fi + if $_tem_prosody_config_created ; then warn "Please check file '/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua'" fi