install/jitsi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

README.install: disableThirdPartyRequests must NOT BE eenabled at configuration file '/etc/jitsi/meet/-config.js'.

Browse Source
This commit is contained in:
Christoph 2020-04-23 03:12:49 +02:00
parent 780ddea798
commit 84d313c1fb
1 changed files with 91 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
README.install
View File

@ -12,6 +12,7 @@
# =============================================================================
FQND_HOSTNAME="meet.oopen.de"
FQND_HOSTNAME="meet2.oopen.de"
FQND_HOSTNAME="meet.faire-mobilitaet.de"
# 0.) Create new LX Container
@ -31,19 +32,40 @@ FQND_HOSTNAME="meet.faire-mobilitaet.de"
# ansible-playbook --limit meet.oopen.de ansible-dependencies.yml
# ansible-playbook --limit meet.oopen.de common.yml
# ansible-playbook --limit meet.oopen.de scripts/install-ulogd.yml
# ansible-playbook --limit meet.oopen.de firewall.yml
# 3.) Install Postfix SMTP Service (base)
#
# cd /usr/local/src/mailsystem
# ./install_postfix_base.sh
# 4.) Install iptable firewall (optinal)
# 4.) Install NGINX Web Service
#
# cd /usr/local/src/nginx
# ./install_nginx.sh
# 5.) Install 'dehydrated-cron' (Let's Encrypt Certificates)
#
# cd /usr/local/src/dehydrated-cron
# ./install_dehydrated.sh
cat <<EOF >> /var/lib/dehydrated/domains.txt
$FQND_HOSTNAME
EOF
# Generate Certificate
#
/var/lib/dehydrated/cron/dehydrated_cron.sh
# 6.) Install iptable firewall (optinal)
#
# cd /usr/local/src/ipt-server
# see: README.install
# 5.)
# 7.)
#
# - crontab
# - /etc/ssl
@ -57,23 +79,22 @@ chmod 644 /etc/ssl/privkey.pem
ln -s fullchain.pem /etc/ssl/${FQND_HOSTNAME}.crt
ln -s privkey.pem /etc/ssl/${FQND_HOSTNAME}.key
# 5.) Adjust
# 8.) Adjust
#
# - /etc/hostname (must contain this FQDN "meet.oopen.de")
# - /etc/hosts (127.0.0.1 localhost meet.example.org)
# - /etc/ssl
# - /var/lib/dehydrated
# /etc/hostname
cat <<EOF > /etc/hostname
$FQND_HOSTNAME
EOF
# 6.) Install jitsi meet
# 9.) Install jitsi meet
#
# see: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md
echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
apt-get update
@ -84,9 +105,11 @@ apt-get install jitsi-meet
# Maybe reinstall of 'jitsi-meet-turnserver' is needed..
#
if [[ ! -h "/etc/nginx/modules-enabled/60-jitsi-meet.conf" ]] ; then
apt-get install --reinstall jitsi-meet-turnserver
fi
# Note: not needed if 'unstable' packages are installed.
#
#if [[ ! -h "/etc/nginx/modules-enabled/60-jitsi-meet.conf" ]] ; then
# apt-get install --reinstall jitsi-meet-turnserver
#fi
@ -149,7 +172,7 @@ echo "$FQND_HOSTNAME" > /var/lib/dehydrated/domains.txt
# ---
# 7. Install cronjob to adjust certificates at directory '/etc/ssl'
# 10. Install cronjob to adjust certificates at directory '/etc/ssl'
#---
# Prepare cnfiguration file
@ -242,6 +265,64 @@ crontab "$_crontab_tmp_file"
rm -f "$_crontab_tmp_file"
# ---
# 11.) Configure Jitsi Meet
# ---
# First of all we configure the videobridge.
#
# Open /etc/jitsi/videobridge/sip-communicator.properties and add:
#
# # disable the built-in webserver (required)
# org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
# # sometimes the above setting does not work, therefore we change the port too (required)
# org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
# # sometimes the above setting does not work, therefore we change the port too (required)
# org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443
# # disable statistics to third parties (optional)
## org.jitsi.videobridge.ENABLE_STATISTICS=false
# cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties
#
# It is important to remove the comments (# comment)! Otherwise they will not work!
cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties
# disable the built-in webserver (required)
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
# sometimes the above setting does not work, therefore we change the port too (required)
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
# sometimes the above setting does not work, therefore we change the port too (required)
org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443
# disable statistics to third parties (optional)
# DOES NOT WORK
#org.jitsi.videobridge.ENABLE_STATISTICS=false
EOF
# Open /etc/jitsi/meet/${FQND_HOSTNAME}-config.js:
#
# Uncomment and change // disableThirdPartyRequests: false to true
#
# !! DOES NOT WORK !!
#
#if ! $(grep -q -E "^\s*disableThirdPartyRequests:\s+true" /etc/jitsi/meet/${FQND_HOSTNAME}-config.js) ; then
# perl -i -n -p -e "s#^(\s*)(//\s*disableThirdPartyRequests.*)#\1\2\n\1disableThirdPartyRequests: true#" \
# /etc/jitsi/meet/${FQND_HOSTNAME}-config.js
#fi
# Replace the google stun servers under stunServers: with other more privacy
# respecting ones. There is a list available on this GitHub gist. I can
# recommend you to use the following:
#
# { urls: 'stun.nextcloud.com:443' },
# { urls: 'stun.stunprotocol.org:3478' },
# { urls: 'stun.services.mozilla.com:3478' }
#
vim /etc/jitsi/meet/${FQND_HOSTNAME}-config.js
# ===============================
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R "meet.oopen.de"
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R ""159.69.74.155