From c635f5104ea97cc510fca8b348543ce4aeee2789 Mon Sep 17 00:00:00 2001 From: Christoph Date: Fri, 3 Apr 2026 01:45:01 +0200 Subject: [PATCH] jitsi-post-install.sh: adjust prosody configuration. --- jitsi-post-install.sh | 707 +++++++++++++++++++++++++++++++++--------- 1 file changed, 566 insertions(+), 141 deletions(-) diff --git a/jitsi-post-install.sh b/jitsi-post-install.sh index e1b1b2e..ae8696f 100755 --- a/jitsi-post-install.sh +++ b/jitsi-post-install.sh @@ -9,6 +9,8 @@ conf_file="${working_dir}/conf/jitsi.conf" LOCK_DIR="/tmp/$(basename $0).$$.LOCK" log_file="${LOCK_DIR}/${script_name%%.*}.log" +backup_date="$(date +%F-%H%M)" + # ---------- # Base Function(s) @@ -155,6 +157,177 @@ detect_os () { } +# ------------------------------------ +# - Helper: ensure_vhost_modules +# - $1 = CONFIG +# - $2 = DOMAIN +# - $3 = REQUIRED_MODULES (nameref) +# ------------------------------------ +ensure_vhost_modules() { + local config="$1" + local domain="$2" + local -n modules="$3" + + local vhost_line modules_line closing_line next_block_line all_ok + local VHOST_BLOCK MODULES_BLOCK + + VHOST_BLOCK="VirtualHost \"${domain}\" + modules_enabled = {" + for module in "${modules[@]}"; do + VHOST_BLOCK="${VHOST_BLOCK} + \"${module}\";" + done + VHOST_BLOCK="${VHOST_BLOCK} + }" + + MODULES_BLOCK=" modules_enabled = {" + for module in "${modules[@]}"; do + MODULES_BLOCK="${MODULES_BLOCK} + \"${module}\";" + done + MODULES_BLOCK="${MODULES_BLOCK} + }" + + if ! grep -q "VirtualHost \"${domain}\"" "$config"; then + # VirtualHost fehlt – komplett ans Ende anfügen + echo "" >> "$config" + echo "$VHOST_BLOCK" >> "$config" + if [[ $? -ne 0 ]]; then + echo_failed + error "Failed to insert VirtualHost \"${domain}\" in ${config}" + return 1 + else + echo_ok + fi + else + vhost_line=$(grep -n "VirtualHost \"${domain}\"" "$config" | head -1 | cut -d: -f1) + modules_line=$(awk "NR>${vhost_line} && /modules_enabled\s*=\s*\{/ {print NR; exit}" "$config") + + if [[ -z "$modules_line" ]]; then + # VirtualHost existiert, aber kein modules_enabled – Block einfügen + next_block_line=$(awk "NR>${vhost_line} && /^(VirtualHost|Component)\s/ {print NR; exit}" "$config") + + if [[ -z "$next_block_line" ]]; then + # Kein weiterer Block – ans Ende anfügen + echo "" >> "$config" + echo "$MODULES_BLOCK" >> "$config" + if [[ $? -ne 0 ]]; then + echo_failed + error "Failed to insert modules_enabled in VirtualHost \"${domain}\" in ${config}" + return 1 + else + echo_ok + fi + else + # Vor dem nächsten Block einfügen + export MODULES_BLOCK + perl -i -0pe "s/((?:VirtualHost|Component)\s)/\$ENV{MODULES_BLOCK}\n\n\$1/ if !\$done++" "$config" + if [[ $? -ne 0 ]]; then + echo_failed + error "Failed to insert modules_enabled in VirtualHost \"${domain}\" in ${config}" + return 1 + else + echo_ok + fi + fi + else + # modules_enabled existiert – fehlende Module ergänzen + closing_line=$(awk "NR>${modules_line} && /^\s*\}/ {print NR; exit}" "$config") + + all_ok=true + for module in "${modules[@]}"; do + if ! awk "NR>=${modules_line} && NR<=${closing_line}" "$config" | grep -qE "\"${module}\""; then + sed -i "${closing_line}i\\ \"${module}\";" "$config" + closing_line=$((closing_line + 1)) + all_ok=false + fi + done + + if $all_ok; then + echo_skipped + else + echo_ok + fi + fi + fi +} + +# ------------------------------------ +# - Helper: ensure_component +# - $1 = CONFIG +# - $2 = COMPONENT +# - $3 = COMPONENT_TYPE +# - $4 = REQUIRED_MODULES (nameref, optional) +# ------------------------------------ +ensure_component() { + local config="$1" + local component="$2" + local component_type="$3" + local -n comp_modules="$4" 2>/dev/null + local has_modules=$([[ -n "$4" ]] && echo true || echo false) + + local comp_line modules_line closing_line all_ok + local COMP_BLOCK MODULES_BLOCK + + if ! grep -q "Component \"${component}\"" "$config"; then + # Component fehlt – komplett ans Ende anfügen + if $has_modules; then + COMP_BLOCK="Component \"${component}\" \"${component_type}\" + modules_enabled = {" + for module in "${comp_modules[@]}"; do + COMP_BLOCK="${COMP_BLOCK} + \"${module}\";" + done + COMP_BLOCK="${COMP_BLOCK} + }" + else + COMP_BLOCK="Component \"${component}\" \"${component_type}\"" + fi + + echo "" >> "$config" + echo "$COMP_BLOCK" >> "$config" + if [[ $? -ne 0 ]]; then + echo_failed + error "Failed to insert Component \"${component}\" in ${config}" + return 1 + else + echo_ok + fi + else + if ! $has_modules; then + echo_skipped + return 0 + fi + + # Component existiert – fehlende Module ergänzen + comp_line=$(grep -n "Component \"${component}\"" "$config" | head -1 | cut -d: -f1) + modules_line=$(awk "NR>${comp_line} && /modules_enabled\s*=\s*\{/ {print NR; exit}" "$config") + + if [[ -z "$modules_line" ]]; then + echo_failed + error "Kein modules_enabled-Block in Component \"${component}\" gefunden" + return 1 + else + closing_line=$(awk "NR>${modules_line} && /^\s*\}/ {print NR; exit}" "$config") + + all_ok=true + for module in "${comp_modules[@]}"; do + if ! awk "NR>=${modules_line} && NR<=${closing_line}" "$config" | grep -qE "\"${module}\""; then + sed -i "${closing_line}i\\ \"${module}\";" "$config" + closing_line=$((closing_line + 1)) + all_ok=false + fi + done + + if $all_ok; then + echo_skipped + else + echo_ok + fi + fi + fi +} + # ---------- # - Jobhandling @@ -527,7 +700,7 @@ fi echononl "Prepare configuration file for 'service_name'.." -if ! $(grep -q -E "^\s*service_domain=\"${FQHN_HOSTNAME}\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then +if ! grep -q -E "^\s*service_domain=\"${FQHN_HOSTNAME}\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then perl -i -n -p -e "s/^(#service_domain.*)/#\1\nservice_domain=\"${FQHN_HOSTNAME}\"/" \ /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then @@ -540,7 +713,7 @@ else echo_skipped fi -if ! $(grep -q -E "^\s*service_name=\"Prosody\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then +if ! grep -q -E "^\s*service_name=\"Prosody\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then perl -i -n -p -e "s/^(#+service_name.*)/#\1\nservice_name=\"Prosody\"/" \ /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then @@ -554,8 +727,8 @@ else fi echononl "Prepare configuration file for 'check_string_ps'.." -if ! $(grep -q -E "^\s*check_string_ps=\"\[\[:digit:\]\]\\\ lua\[\[:digit:\]\].\[\[:digit:\]\] /usr/bin/prosody\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then +if ! grep -q -E "^\s*check_string_ps=\"\[\[:digit:\]\]\\\ lua\[\[:digit:\]\].\[\[:digit:\]\] /usr/bin/prosody\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then perl -i -n -p -e "s/^(#+check_string_ps.*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ lua[[:digit:]].[[:digit:]] \/usr\/bin\/prosody\"/" \ /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then @@ -569,8 +742,8 @@ else fi echononl "Prepare configuration file for 'service_user'.." -if ! $(grep -q -E "^\s*service_user=\"prosody\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then +if ! grep -q -E "^\s*service_user=\"prosody\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then perl -i -n -p -e "s/^(#+service_user.*)/#\1\nservice_user=\"prosody\"/" \ /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then @@ -584,8 +757,8 @@ else fi echononl "Prepare configuration file for 'service_group'.." -if ! $(grep -q -E "^\s*service_group=\"prosody\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then +if ! grep -q -E "^\s*service_group=\"prosody\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then perl -i -n -p -e "s/^(#+service_group.*)/#\1\nservice_group=\"prosody\"/" \ /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then @@ -599,8 +772,8 @@ else fi echononl "Prepare configuration file for 'cert_installed'.." -if ! $(grep -q -E "^\s*cert_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.crt\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then +if ! grep -q -E "^\s*cert_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.crt\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then perl -i -n -p -e "s/^(#+cert_installed.*)/#\1\ncert_installed=\"\/etc\/prosody\/certs\/${FQHN_HOSTNAME}.crt\"/" \ /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then @@ -614,8 +787,8 @@ else fi echononl "Prepare configuration file for 'key_installed'.." -if ! $(grep -q -E "^\s*key_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.key\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then +if ! grep -q -E "^\s*key_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.key\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then perl -i -n -p -e "s/^(#+key_installed.*)/#\1\nkey_installed=\"\/etc\/prosody\/certs\/${FQHN_HOSTNAME}.key\"/" \ /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then @@ -629,8 +802,8 @@ else fi echononl "Prepare configuration file for 'cert_newest'.." -if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/fullchain.pem\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then +if ! grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/fullchain.pem\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then perl -i -n -p -e \ "s/^(#+cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/fullchain.pem\"/" \ /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 @@ -645,8 +818,8 @@ else fi echononl "Prepare configuration file for 'key_newest'.." -if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/privkey.pem\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then +if ! grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/privkey.pem\"" \ + /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then perl -i -n -p -e \ "s/^(#+key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/privkey.pem\"/" \ /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 @@ -693,7 +866,7 @@ if [[ $? -ne 0 ]]; then _failed=true fi -if ! $(grep -q "/root/bin/monitoring/check_cert_for_prosody.sh" "$_crontab_tmp_file" 2>/dev/null) ; then +if ! grep -q "/root/bin/monitoring/check_cert_for_prosody.sh" "$_crontab_tmp_file" 2>/dev/null ; then cat <> "$_crontab_tmp_file" 2>> "$log_file" # - Check if cert(s) for Prosody service are up-zp-date @@ -733,8 +906,8 @@ echo _failed=false _changed=false echononl "Adjust '/etc/jitsi/videobridge/sip-communicator.properties'.." -if ! $(grep -q -E "^\s*org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true" \ - /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file") ; then +if ! grep -q -E "^\s*org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true" \ + /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file" ; then cat <> /etc/jitsi/videobridge/sip-communicator.properties # disable the built-in webserver (required) @@ -747,8 +920,8 @@ EOF fi -if ! $(grep -q -E "^\s*org.jitsi.videobridge.TCP_HARVESTER_PORT=4443" \ - /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file") ; then +if ! grep -q -E "^\s*org.jitsi.videobridge.TCP_HARVESTER_PORT=4443" \ + /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file" ; then cat <> /etc/jitsi/videobridge/sip-communicator.properties # sometimes the above setting does not work, therefore we change the port too (required) org.jitsi.videobridge.TCP_HARVESTER_PORT=4443 @@ -761,8 +934,8 @@ EOF _changed=true fi -if ! $(grep -q -E "^\s*#+org.jitsi.videobridge.ENABLE_STATISTICS=false" \ - /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file") ; then +if ! grep -q -E "^\s*#+org.jitsi.videobridge.ENABLE_STATISTICS=false" \ + /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file" ; then cat <> /etc/jitsi/videobridge/sip-communicator.properties # disable statistics to third parties (optional) # DOES NOT WORK @@ -787,14 +960,30 @@ else fi echononl "Backup file '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.." -if [[ ! -f "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG" ]]; then - cp -a "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js" \ - "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG" > "$log_file" 2>&1 - if [[ $? -ne 0 ]]; then - echo_failed - error "$(cat "$log_file")" +if [[ -f "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js" ]] ; then + + if [[ ! -f "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG" ]] ; then + cp -a "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js" \ + "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG" + + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + else - echo_ok + + cp -a "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js" \ + "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.${backup_date}" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + fi else echo_skipped @@ -816,8 +1005,8 @@ fi _temp_jitsi_meet_config_created=false echononl "Adjust '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.." -if ! $(grep -q -E "^\s*{ urls: 'stun.nextcloud.com:443' }" \ - /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> "$log_file") ; then +if ! grep -q -E "^\s*{ urls: 'stun.nextcloud.com:443' }" \ + /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> "$log_file" ; then _found=false :> ${LOCK_DIR}/${FQHN_HOSTNAME}-config.js @@ -873,116 +1062,129 @@ fi blank_line echo -echo -e "\033[37m\033[1mConfigure Prosody (/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua) ..\033[m" +echo -e "\033[37m\033[1mConfigure Prosody (/etc/prosody/conf.avail/* ..\033[m" echo +CONFIG_GLOBAL="/etc/prosody/prosody.cfg.lua" -# Edit file /etc/prosody/conf.d/${FQHN_HOSTNAME}.cfg.lua -# -# after line (the location this is important) -# consider_bosh_secure = true; -# -# add the following lines: -# bosh_ports = { -# { -# port = 5280; -# path = "http-bind"; -# }, -# { -# port = 5281; -# path = "http-bind"; -# ssl = { -# certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt"; -# key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key"; -# } -# } -# } -# -# http_ports = { 5280 } -# http_interfaces = { "localhost" } -# -# https_ports = { 5281 } -# https_interfaces = { "localhost" } -# -# https_ssl = { -# certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt"; -# key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key"; -# } -# -echononl "Backup file '/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua'.." -if [[ ! -f "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua.ORIG" ]]; then - cp -a "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua" \ - "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua.ORIG" > "$log_file" 2>&1 - if [[ $? -ne 0 ]]; then - echo_failed - error "$(cat "$log_file")" - else - echo_ok - fi -else - echo_skipped -fi +echononl "Backup global configuration file $(basename "${CONFIG_GLOBAL}").." +if [[ -f "${CONFIG_GLOBAL}" ]] ; then -_found=false -_tem_prosody_config_created=false -echononl "Create temporary configuration '${FQHN_HOSTNAME}.cfg.lua'.." -if ! $(grep -q -E "^\s*bosh_ports = {" /etc/prosody//conf.avail/${FQHN_HOSTNAME}.cfg.lua 2> /dev/null) ; then - - :> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua - while IFS='' read -r _line || [[ -n $_line ]] ; do - - echo "$_line" >> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua - - if ! $_found && echo "$_line" | grep -i -E "^\s*consider_bosh_secure = true;" > /dev/null 2>&1 ; then - - _found=true - - cat <> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua - -bosh_ports = { - { - port = 5280; - path = "http-bind"; - }, - { - port = 5281; - path = "http-bind"; - ssl = { - certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt"; - key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key"; - } - } -} - -http_ports = { 5280 } -http_interfaces = { "localhost" } - -https_ports = { 5281 } -https_interfaces = { "localhost" } - -https_ssl = { - certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt"; - key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key"; -} -EOF + if [[ ! -f "${CONFIG_GLOBAL}.ORIG" ]]; then + cp -a "${CONFIG_GLOBAL}" "${CONFIG_GLOBAL}.ORIG" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok fi - - done < "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua" - - echo_done - - _tem_prosody_config_created=true + else + cp -a "${CONFIG_GLOBAL}" "${CONFIG_GLOBAL}.${backup_date}" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + fi else echo_skipped fi -echononl "Copy created file '${FQHN_HOSTNAME}.cfg.lua' to folder '/etc/prosody/conf.avail/'.." -if $_tem_prosody_config_created ; then - cp -a "${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua" "/etc/prosody/conf.avail/" > "$log_file" 2>&1 + +CONFIG="/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua" +echononl "Backup Konfiguration $(basename "${CONFIG}").." +if [[ -f "${CONFIG}" ]] ; then + + if [[ ! -f "${CONFIG}.ORIG" ]]; then + cp -a "${CONFIG}" "${CONFIG}.ORIG" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + else + cp -a "${CONFIG}" "${CONFIG}.${backup_date}" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + fi + +else + echo_skipped +fi + +CONFIG_LOCALHOST="/etc/prosody/conf.avail/localhost.cfg.lua" + +echononl "Backup configuration file $(basename "${CONFIG_LOCALHOST}").." +if [[ -f "${CONFIG_LOCALHOST}" ]] ; then + + if [[ ! -f "${CONFIG_LOCALHOST}.ORIG" ]]; then + cp -a "${CONFIG_LOCALHOST}" "${CONFIG_LOCALHOST}.ORIG" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + else + cp -a "${CONFIG_LOCALHOST}" "${CONFIG_LOCALHOST}.${backup_date}" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + fi + +else + echo_skipped +fi + +CONFIG_JAAS="/etc/prosody/conf.avail/localhost.cfg.lua" + +echononl "Backup configuration file $(basename "${CONFIG_JAAS}").." +if [[ -f "${CONFIG_JAAS}" ]] ; then + + if [[ ! -f "${CONFIG_JAAS}.ORIG" ]]; then + cp -a "${CONFIG_JAAS}" "${CONFIG_JAAS}.ORIG" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + else + cp -a "${CONFIG_JAAS}" "${CONFIG_JAAS}.${backup_date}" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + fi + +else + echo_skipped +fi + +blank_line + + +KEY="posix" + +echononl "Comment out module '${KEY}' in $(basename $CONFIG_GLOBAL) .." +if grep -qE "^\s*\"${KEY}\";" "$CONFIG_GLOBAL"; then + sed -i "s|^\(\s*\)\(\"${KEY}\";\)|\1-- \2|" "$CONFIG_GLOBAL" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed - error "$(cat "$log_file")" + echo_failed + error "Failed to comment out module '${KEY}' in ${CONFIG_GLOBAL}" else echo_ok fi @@ -991,6 +1193,232 @@ else fi +blank_line + + +KEY="tcp_keepalives" +VALUE="true" + +echononl "Set ${KEY} = ${VALUE} in $(basename $CONFIG) .." +if grep -qE "^\s*${KEY}\s*=" "$CONFIG"; then + if grep -qE "^\s*${KEY}\s*=\s*${VALUE}\s*;" "$CONFIG"; then + echo_skipped + else + sed -i "s|^\(\s*${KEY}\s*=\s*\).*|\1${VALUE};|" "$CONFIG" + if [[ $? -ne 0 ]]; then + echo_failed + error "Failed to update '${KEY}' in ${CONFIG}" + else + echo_ok + fi + fi +else + perl -i -0pe "s/(VirtualHost\\s)/${KEY} = ${VALUE};\\n\\n\$1/ if !\$done++" "$CONFIG" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + error "Failed to insert '${KEY}' in ${CONFIG}" + else + echo_ok + fi +fi + +KEY="cross_domain_bosh" +INSERT_BLOCK='http_cors_override = {\n bosh = {\n enabled = false;\n };\n websocket = {\n enabled = false;\n };\n}' + +echononl "Comment out '${KEY}' and insert http_cors_override block in $(basename $CONFIG) .." + +# Prüfen ob der Block bereits vorhanden ist +if grep -qE "^\s*http_cors_override\s*=" "$CONFIG"; then + echo_skipped +else + # cross_domain_bosh auskommentieren falls gesetzt + if grep -qE "^\s*${KEY}\s*=" "$CONFIG"; then + sed -i "s|^\(\s*\)\(${KEY}\s*=.*\)|\1-- \2|" "$CONFIG" + fi + + # Block vor erstem VirtualHost einfügen (mit führender Leerzeile) + perl -i -0pe "s/(VirtualHost\\s)/${INSERT_BLOCK}\\n\\n\$1/ if !\$done++" "$CONFIG" > "$log_file" 2>&1 + + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + error "Failed to insert 'http_cors_override' block in ${CONFIG}" + else + echo_ok + fi +fi + +DOMAIN="meet.oopen.de" + +INSERT_BLOCK='http_ports = { 5280 } +http_interfaces = { "127.0.0.1", "::1" } +https_ports = { 5281 } +https_interfaces = { "127.0.0.1", "::1" } +https_ssl = { + certificate = "/etc/prosody/certs/'"${DOMAIN}"'.crt"; + key = "/etc/prosody/certs/'"${DOMAIN}"'.key"; +} +-- http_default_host = "'"${DOMAIN}"'" +http_paths = { + bosh = "/http-bind"; + files = "/" +}' + +echononl "Insert http/https block in $(basename $CONFIG) .." +if grep -q "http_ports" "$CONFIG"; then + echo_skipped +else + export INSERT_BLOCK + perl -i -0pe 's/(VirtualHost\s)/$ENV{INSERT_BLOCK}\n\n$1/ if !$done++' "$CONFIG" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + error "Failed to insert http/https block in ${CONFIG}" + else + echo_ok + fi +fi + + +# ------------------------------------ +# - VirtualHost "auth.meet.oopen.de" +# ------------------------------------ +REQUIRED_MODULES=("mam" "turn_external" "bosh" "websocket") +echononl "Ensure required modules in VirtualHost \"auth.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_vhost_modules "$CONFIG" "auth.meet.oopen.de" REQUIRED_MODULES + +# ------------------------------------ +# - Component "share.auth.meet.oopen.de" +# ------------------------------------ +echononl "Ensure Component \"share.auth.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "share.auth.meet.oopen.de" "http_file_share" + +# ------------------------------------ +# - Component "internal.auth.meet.oopen.de" +# ------------------------------------ +REQUIRED_MODULES=("mam" "bosh" "websocket" "turn_external" "muc_mam") +echononl "Ensure Component \"internal.auth.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "internal.auth.meet.oopen.de" "muc" REQUIRED_MODULES + + +# ------------------------------------ +# - VirtualHost "guest.meet.oopen.de" +# ------------------------------------ +REQUIRED_MODULES=("mam" "turn_external" "bosh" "websocket") +echononl "Ensure required modules in VirtualHost \"guest.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_vhost_modules "$CONFIG" "guest.meet.oopen.de" REQUIRED_MODULES + +# ------------------------------------ +# - Component "share.guest.meet.oopen.de" +# ------------------------------------ +echononl "Ensure Component \"share.guest.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "share.guest.meet.oopen.de" "http_file_share" + +# ------------------------------------ +# - Component "groups.guest.meet.oopen.de" +# ------------------------------------ +REQUIRED_MODULES=("muc_mam") +echononl "Ensure Component \"groups.guest.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "groups.guest.meet.oopen.de" "muc" REQUIRED_MODULES + + + + +# ------------------------------------ +# - VirtualHost "meet.oopen.de" +# ------------------------------------ +REQUIRED_MODULES=("mam") +echononl "Ensure required modules in VirtualHost \"meet.oopen.de\" in $(basename $CONFIG) .." +ensure_vhost_modules "$CONFIG" "meet.oopen.de" REQUIRED_MODULES + +# ------------------------------------ +# - Component "share.meet.oopen.de" +# ------------------------------------ +echononl "Ensure Component \"share.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "share.meet.oopen.de" "http_file_share" + +# ------------------------------------ +# - Component "breakout.meet.oopen.de" +# ------------------------------------ +REQUIRED_MODULES=("muc_hide_all" "muc_meeting_id" "muc_domain_mapper" "muc_rate_limit" "muc_mam") +echononl "Ensure Component \"breakout.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "breakout.meet.oopen.de" "muc" REQUIRED_MODULES + + +# ------------------------------------ +# - VirtualHost "recorder.meet.oopen.de" +# ------------------------------------ +REQUIRED_MODULES=("mam" "bosh" "websocket" "turn_external") +echononl "Ensure required modules in VirtualHost \"recorder.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_vhost_modules "$CONFIG" "recorder.meet.oopen.de" REQUIRED_MODULES + +# ------------------------------------ +# - Component "share.recorder.meet.oopen.de" +# ------------------------------------ +echononl "Ensure Component \"share.recorder.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "share.recorder.meet.oopen.de" "http_file_share" + + +# ------------------------------------ +# - Component "groups.recorder.meet.oopen.de" +# ------------------------------------ +REQUIRED_MODULES=("muc_mam") +echononl "Ensure Component \"groups.recorder.meet.oopen.de\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "groups.recorder.meet.oopen.de" "muc" REQUIRED_MODULES + +blank_line + + +CONFIG="/etc/prosody/conf.avail/localhost.cfg.lua" + +# ------------------------------------ +# - VirtualHost "localhost" (localhost.cfg.lua) +# ------------------------------------ +REQUIRED_MODULES=("bosh" "websocket" "turn_external" "mam") +echononl "Ensure required modules in VirtualHost \"localhost\" in $(basename $CONFIG) .." +ensure_vhost_modules "$CONFIG" "localhost" REQUIRED_MODULES + +# ------------------------------------ +# - Component "share.localhost" +# ------------------------------------ +echononl "Ensure Component \"share.localhost\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "share.localhost" "http_file_share" + +# ------------------------------------ +# - Component "groups.localhost" +# ------------------------------------ +REQUIRED_MODULES=("muc_mam") +echononl "Ensure Component \"groups.localhost\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "groups.localhost" "muc" REQUIRED_MODULES + + +# ------------------------------------ +# - jaas.cfg.lua +# ------------------------------------ +CONFIG="/etc/prosody/conf.avail/jaas.cfg.lua" + +# ------------------------------------ +# - VirtualHost "jigasi.meet.jitsi" +# ------------------------------------ +REQUIRED_MODULES=("mam" "websocket" "turn_external") +echononl "Ensure required modules in VirtualHost \"jigasi.meet.jitsi\" in $(basename $CONFIG) .." +ensure_vhost_modules "$CONFIG" "jigasi.meet.jitsi" REQUIRED_MODULES + +# ------------------------------------ +# - Component "share.jigasi.meet.jitsi" +# ------------------------------------ +echononl "Ensure Component \"share.jigasi.meet.jitsi\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "share.jigasi.meet.jitsi" "http_file_share" + +# ------------------------------------ +# - Component "groups.jigasi.meet.jitsi" +# ------------------------------------ +REQUIRED_MODULES=("muc_mam") +echononl "Ensure Component \"groups.jigasi.meet.jitsi\" in $(basename $CONFIG) .." +ensure_component "$CONFIG" "groups.jigasi.meet.jitsi" "muc" REQUIRED_MODULES + + blank_line echo @@ -998,18 +1426,15 @@ echo -e "\033[37m\033[1mConfigure nginx configuration ..\033[m" echo echononl "Backup nginx configuration '${FQHN_HOSTNAME}.conf'.." -if [[ ! -f "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf.ORIG" ]] ; then - if [[ -f "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" ]] ; then - cp -a "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" \ - "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf.ORIG" > "$log_file" 2>&1 - if [[ $? -ne 0 ]]; then - echo_failed - error "$(cat "$log_file")" - else - echo_ok - fi +if [[ -f "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" ]] ; then + cp -a "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" \ + "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf.${backup_date}" > "$log_file" 2>&1 + + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" else - echo_skipped + echo_ok fi else echo_skipped