install/jitsi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compltete 'jitsi-post-install.sh'.

Browse Source
This commit is contained in:
Christoph 2020-05-01 23:59:57 +02:00
parent f4cb1ba629
commit 8e98579901
1 changed files with 417 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

418
jitsi-post-install.sh
View File

@ -60,11 +60,38 @@ error (){
echo ""
}
warn (){
echo ""
if $terminal ; then
echo -e " [ \033[33m\033[1mWarning\033[m ] $*"
else
echo " [ Error ] $*"
fi
echo ""
}
info (){
if $terminal ; then
echo ""
if $terminal ; then
echo -e " [ \033[32m\033[1mInfo\033[m ] $*"
else
echo " [ Info ] $*"
fi
echo ""
fi
}
echo_ok() {
if $terminal ; then
echo -e "\033[85G[ \033[32mok\033[m ]"
fi
}
echo_done() {
if $terminal ; then
echo -e "\033[85G[ \033[32mdone\033[m ]"
fi
}
echo_failed(){
if $terminal ; then
echo -e "\033[85G[ \033[1;31mfailed\033[m ]"
@ -692,6 +719,7 @@ else
echo_skipped
fi
blank_line
echo
@ -754,11 +782,80 @@ else
echo_skipped
fi
echononl "Backup file '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.."
if [[ ! -f "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG" ]]; then
cp -a "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js" \
"/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
#echononl "Adjust '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.."
#if ! $(grep -q -E "^\s*{ urls: 'stun.nextcloud.com:443' }" \
# /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> "$log_file") ; then
# perl -i -n -p -e "s/((\s*)stunServers: \[.*)/\1\n\n\2 { urls: 'stun.nextcloud.com:443' },\n\2 { urls: 'stun.stunprotocol.org:3478' },\n\2 { urls: 'stun.services.mozilla.com:3478' },/" /etc/jitsi/meet/video.faire-mobilitaet.de-config.js
# if [[ $? -ne 0 ]]; then
# echo_failed
# error "$(cat "$log_file")"
# else
# echo_ok
# fi
#else
# echo_skipped
#fi
_temp_jitsi_meet_config_created=false
echononl "Adjust '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.."
if ! $(grep -q -E "^\s*{ urls: 'stun.nextcloud.com:443' }" \
/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> "$log_file") ; then
perl -i -n -p -e "s/((\s*)stunServers: \[.*)/\1\n\n\2 { urls: 'stun.nextcloud.com:443' },\n\2 { urls: 'stun.stunprotocol.org:3478' },\n\2 { urls: 'stun.services.mozilla.com:3478' },/" /etc/jitsi/meet/video.faire-mobilitaet.de-config.js
_found=false
:> ${LOCK_DIR}/${FQHN_HOSTNAME}-config.js
while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && echo "$_line" | grep -iq -E "^\s*// { urls:.*${FQHN_HOSTNAME}" 2> /dev/null ; then
echo "$_line" >> ${LOCK_DIR}/${FQHN_HOSTNAME}-config.js
cat <<EOF >> ${LOCK_DIR}/${FQHN_HOSTNAME}-config.js
{ urls: 'stun.nextcloud.com:443' },
{ urls: 'stun.stunprotocol.org:3478' },
{ urls: 'stun.services.mozilla.com:3478' },
EOF
_found=false
elif $_found && echo "$_line" | grep -iq -E "^\s*\]," ; then
cat <<EOF >> ${LOCK_DIR}/${FQHN_HOSTNAME}-config.js
{ urls: 'stun.nextcloud.com:443' },
{ urls: 'stun.stunprotocol.org:3478' },
{ urls: 'stun.services.mozilla.com:3478' }
EOF
echo "$_line" >> ${LOCK_DIR}/${FQHN_HOSTNAME}-config.js
_found=false
else
echo "$_line" >> ${LOCK_DIR}/${FQHN_HOSTNAME}-config.js
fi
if ! $_found && echo "$_line" | grep -iq -E "^\s*stunServers: \[" 2> /dev/null ; then
_found=true
fi
done < "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js"
echo_done
_temp_jitsi_meet_config_created=true
else
echo_skipped
fi
echononl "Copy created file '${FQHN_HOSTNAME}-config.js' to folder '/etc/jitsi/meet/'.."
if $_temp_jitsi_meet_config_created ; then
cp -a "${LOCK_DIR}/${FQHN_HOSTNAME}-config.js" "/etc/jitsi/meet/" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
@ -771,6 +868,321 @@ fi
blank_line
echo
echo -e "\033[37m\033[1mConfigure Prosody (/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua) ..\033[m"
echo
# Edit file /etc/prosody/conf.d/${FQHN_HOSTNAME}.cfg.lua
#
# after line (the location this is important)
# consider_bosh_secure = true;
#
# add the following lines:
# bosh_ports = {
# {
# port = 5280;
# path = "http-bind";
# },
# {
# port = 5281;
# path = "http-bind";
# ssl = {
# certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt";
# key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key";
# }
# }
# }
#
# http_ports = { 5280 }
# http_interfaces = { "localhost" }
#
# https_ports = { 5281 }
# https_interfaces = { "localhost" }
#
# https_ssl = {
# certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt";
# key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key";
# }
#
echononl "Backup file '/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua'.."
if [[ ! -f "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua.ORIG" ]]; then
cp -a "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua" \
"/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua.ORIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
_found=false
_tem_prosody_config_created=false
echononl "Create temporary configuration '${FQHN_HOSTNAME}.cfg.lua'.."
if ! $(grep -q -E "^\s*bosh_ports = {" /etc/prosody//conf.avail/${FQHN_HOSTNAME}.cfg.lua 2> /dev/null) ; then
:> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua
while IFS='' read -r _line || [[ -n $_line ]] ; do
echo "$_line" >> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua
if ! $_found && echo "$_line" | grep -i -E "^\s*consider_bosh_secure = true;" > /dev/null 2>&1 ; then
_found=true
cat <<EOF >> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua
bosh_ports = {
{
port = 5280;
path = "http-bind";
},
{
port = 5281;
path = "http-bind";
ssl = {
certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt";
key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key";
}
}
}
http_ports = { 5280 }
http_interfaces = { "localhost" }
https_ports = { 5281 }
https_interfaces = { "localhost" }
https_ssl = {
certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt";
key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key";
}
EOF
fi
done < "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua"
echo_done
_tem_prosody_config_created=true
else
echo_skipped
fi
echononl "Copy created file '${FQHN_HOSTNAME}.cfg.lua' to folder '/etc/prosody/conf.avail/'.."
if $_tem_prosody_config_created ; then
cp -a "${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua" "/etc/prosody/conf.avail/" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
blank_line
echo
echo -e "\033[37m\033[1mConfigure nginx configuration ..\033[m"
echo
echononl "Backup nginx configuration '${FQHN_HOSTNAME}.conf'.."
if [[ ! -f "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf.ORIG" ]] ; then
if [[ -f "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" ]] ; then
cp -a "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" \
"/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf.ORIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
else
echo_skipped
fi
echononl "Create nginx configuration for '${FQHN_HOSTNAME}'.."
if ! $(grep -q -E "^\s*include snippets/letsencrypt-acme-challenge.conf;" \
"/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" 2> /dev/null) ; then
cat <<EOF > "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" 2> "$log_file"
# - ${FQHN_HOSTNAME}
server_names_hash_bucket_size 64;
server {
listen 80;
listen [::]:80;
server_name ${FQHN_HOSTNAME};
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${FQHN_HOSTNAME};
# Include location directive for Let's Encrypt ACME Challenge
#
# Needed for (automated) updating certificate
#
include snippets/letsencrypt-acme-challenge.conf;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#
# To generate a dhparam.pem file, run in a terminal
# openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048
#
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Eable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
ssl_protocols TLSv1.2 TLSv1.3;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated)
#
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA';
ssl_prefer_server_ciphers on;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /var/lib/dehydrated/certs/${FQHN_HOSTNAME}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${FQHN_HOSTNAME}/privkey.pem;
ssl_trusted_certificate /var/lib/dehydrated/certs/${FQHN_HOSTNAME}/chain.pem;
root /usr/share/jitsi-meet;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
gzip on;
gzip_types text/plain text/css application/javascript application/json;
gzip_vary on;
location = /config.js {
alias /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js;
}
location = /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)\$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/\$1/\$2;
}
# BOSH
location = /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header Host \$http_host;
}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=\$prefix&\$args;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$http_host;
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)\$ {
try_files \$uri @root_path;
}
location @root_path {
rewrite ^/(.*)\$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js\$
{
set \$subdomain "\$1.";
set \$subdir "\$1/";
alias /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js;
}
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)\$ {
set \$subdomain "\$1.";
set \$subdir "\$1/";
rewrite ^/([^/?&:'"]+)/(.*)\$ /\$2;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set \$subdomain "\$1.";
set \$subdir "\$1/";
set \$prefix "\$1";
rewrite ^/(.*)\$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set \$subdomain "\$1.";
set \$subdir "\$1/";
set \$prefix "\$1";
rewrite ^/(.*)\$ /xmpp-websocket;
}
}
EOF
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
echononl "Enable nginx support for '${FQHN_HOSTNAME}'.."
if [[ ! -h "/etc/nginx/sites-enabled/${FQHN_HOSTNAME}.conf" ]] ; then
ln -s "../sites-available/${FQHN_HOSTNAME}.conf" "/etc/nginx/sites-enabled/${FQHN_HOSTNAME}.conf" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
echo
echo -e "\033[37m\033[1mRestart services..\033[m"
echo
@ -802,4 +1214,8 @@ else
echo_ok
fi
if $_tem_prosody_config_created ; then
warn "Please check file '/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua'"
fi
clean_up 0