install/jitsi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

jitsi-post-install.sh: adjust prosody configuration.

Browse Source
This commit is contained in:
Christoph
2026-04-03 01:45:01 +02:00
parent 5024b4480e
commit c635f5104e
1 changed files with 566 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

707
jitsi-post-install.sh
View File

@@ -9,6 +9,8 @@ conf_file="${working_dir}/conf/jitsi.conf"
LOCK_DIR="/tmp/$(basename $0).$$.LOCK" LOCK_DIR="/tmp/$(basename $0).$$.LOCK"
log_file="${LOCK_DIR}/${script_name%%.*}.log" log_file="${LOCK_DIR}/${script_name%%.*}.log"
backup_date="$(date +%F-%H%M)"
# ---------- # ----------
# Base Function(s) # Base Function(s)
@@ -155,6 +157,177 @@ detect_os () {
} }
# ------------------------------------
# - Helper: ensure_vhost_modules
# - $1 = CONFIG
# - $2 = DOMAIN
# - $3 = REQUIRED_MODULES (nameref)
# ------------------------------------
ensure_vhost_modules() {
local config="$1"
local domain="$2"
local -n modules="$3"
local vhost_line modules_line closing_line next_block_line all_ok
local VHOST_BLOCK MODULES_BLOCK
VHOST_BLOCK="VirtualHost \"${domain}\"
modules_enabled = {"
for module in "${modules[@]}"; do
VHOST_BLOCK="${VHOST_BLOCK}
\"${module}\";"
done
VHOST_BLOCK="${VHOST_BLOCK}
}"
MODULES_BLOCK=" modules_enabled = {"
for module in "${modules[@]}"; do
MODULES_BLOCK="${MODULES_BLOCK}
\"${module}\";"
done
MODULES_BLOCK="${MODULES_BLOCK}
}"
if ! grep -q "VirtualHost \"${domain}\"" "$config"; then
# VirtualHost fehlt komplett ans Ende anfügen
echo "" >> "$config"
echo "$VHOST_BLOCK" >> "$config"
if [[ $? -ne 0 ]]; then
echo_failed
error "Failed to insert VirtualHost \"${domain}\" in ${config}"
return 1
else
echo_ok
fi
else
vhost_line=$(grep -n "VirtualHost \"${domain}\"" "$config" | head -1 | cut -d: -f1)
modules_line=$(awk "NR>${vhost_line} && /modules_enabled\s*=\s*\{/ {print NR; exit}" "$config")
if [[ -z "$modules_line" ]]; then
# VirtualHost existiert, aber kein modules_enabled Block einfügen
next_block_line=$(awk "NR>${vhost_line} && /^(VirtualHost|Component)\s/ {print NR; exit}" "$config")
if [[ -z "$next_block_line" ]]; then
# Kein weiterer Block ans Ende anfügen
echo "" >> "$config"
echo "$MODULES_BLOCK" >> "$config"
if [[ $? -ne 0 ]]; then
echo_failed
error "Failed to insert modules_enabled in VirtualHost \"${domain}\" in ${config}"
return 1
else
echo_ok
fi
else
# Vor dem nächsten Block einfügen
export MODULES_BLOCK
perl -i -0pe "s/((?:VirtualHost|Component)\s)/\$ENV{MODULES_BLOCK}\n\n\$1/ if !\$done++" "$config"
if [[ $? -ne 0 ]]; then
echo_failed
error "Failed to insert modules_enabled in VirtualHost \"${domain}\" in ${config}"
return 1
else
echo_ok
fi
fi
else
# modules_enabled existiert fehlende Module ergänzen
closing_line=$(awk "NR>${modules_line} && /^\s*\}/ {print NR; exit}" "$config")
all_ok=true
for module in "${modules[@]}"; do
if ! awk "NR>=${modules_line} && NR<=${closing_line}" "$config" | grep -qE "\"${module}\""; then
sed -i "${closing_line}i\\ \"${module}\";" "$config"
closing_line=$((closing_line + 1))
all_ok=false
fi
done
if $all_ok; then
echo_skipped
else
echo_ok
fi
fi
fi
}
# ------------------------------------
# - Helper: ensure_component
# - $1 = CONFIG
# - $2 = COMPONENT
# - $3 = COMPONENT_TYPE
# - $4 = REQUIRED_MODULES (nameref, optional)
# ------------------------------------
ensure_component() {
local config="$1"
local component="$2"
local component_type="$3"
local -n comp_modules="$4" 2>/dev/null
local has_modules=$([[ -n "$4" ]] && echo true || echo false)
local comp_line modules_line closing_line all_ok
local COMP_BLOCK MODULES_BLOCK
if ! grep -q "Component \"${component}\"" "$config"; then
# Component fehlt komplett ans Ende anfügen
if $has_modules; then
COMP_BLOCK="Component \"${component}\" \"${component_type}\"
modules_enabled = {"
for module in "${comp_modules[@]}"; do
COMP_BLOCK="${COMP_BLOCK}
\"${module}\";"
done
COMP_BLOCK="${COMP_BLOCK}
}"
else
COMP_BLOCK="Component \"${component}\" \"${component_type}\""
fi
echo "" >> "$config"
echo "$COMP_BLOCK" >> "$config"
if [[ $? -ne 0 ]]; then
echo_failed
error "Failed to insert Component \"${component}\" in ${config}"
return 1
else
echo_ok
fi
else
if ! $has_modules; then
echo_skipped
return 0
fi
# Component existiert fehlende Module ergänzen
comp_line=$(grep -n "Component \"${component}\"" "$config" | head -1 | cut -d: -f1)
modules_line=$(awk "NR>${comp_line} && /modules_enabled\s*=\s*\{/ {print NR; exit}" "$config")
if [[ -z "$modules_line" ]]; then
echo_failed
error "Kein modules_enabled-Block in Component \"${component}\" gefunden"
return 1
else
closing_line=$(awk "NR>${modules_line} && /^\s*\}/ {print NR; exit}" "$config")
all_ok=true
for module in "${comp_modules[@]}"; do
if ! awk "NR>=${modules_line} && NR<=${closing_line}" "$config" | grep -qE "\"${module}\""; then
sed -i "${closing_line}i\\ \"${module}\";" "$config"
closing_line=$((closing_line + 1))
all_ok=false
fi
done
if $all_ok; then
echo_skipped
else
echo_ok
fi
fi
fi
}
# ---------- # ----------
# - Jobhandling # - Jobhandling
@@ -527,7 +700,7 @@ fi
echononl "Prepare configuration file for 'service_name'.." echononl "Prepare configuration file for 'service_name'.."
if ! $(grep -q -E "^\s*service_domain=\"${FQHN_HOSTNAME}\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then if ! grep -q -E "^\s*service_domain=\"${FQHN_HOSTNAME}\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then
perl -i -n -p -e "s/^(#service_domain.*)/#\1\nservice_domain=\"${FQHN_HOSTNAME}\"/" \ perl -i -n -p -e "s/^(#service_domain.*)/#\1\nservice_domain=\"${FQHN_HOSTNAME}\"/" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
@@ -540,7 +713,7 @@ else
echo_skipped echo_skipped
fi fi
if ! $(grep -q -E "^\s*service_name=\"Prosody\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then if ! grep -q -E "^\s*service_name=\"Prosody\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then
perl -i -n -p -e "s/^(#+service_name.*)/#\1\nservice_name=\"Prosody\"/" \ perl -i -n -p -e "s/^(#+service_name.*)/#\1\nservice_name=\"Prosody\"/" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
@@ -554,8 +727,8 @@ else
fi fi
echononl "Prepare configuration file for 'check_string_ps'.." echononl "Prepare configuration file for 'check_string_ps'.."
if ! $(grep -q -E "^\s*check_string_ps=\"\[\[:digit:\]\]\\\ lua\[\[:digit:\]\].\[\[:digit:\]\] /usr/bin/prosody\"" \ if ! grep -q -E "^\s*check_string_ps=\"\[\[:digit:\]\]\\\ lua\[\[:digit:\]\].\[\[:digit:\]\] /usr/bin/prosody\"" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then
perl -i -n -p -e "s/^(#+check_string_ps.*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ lua[[:digit:]].[[:digit:]] \/usr\/bin\/prosody\"/" \ perl -i -n -p -e "s/^(#+check_string_ps.*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ lua[[:digit:]].[[:digit:]] \/usr\/bin\/prosody\"/" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
@@ -569,8 +742,8 @@ else
fi fi
echononl "Prepare configuration file for 'service_user'.." echononl "Prepare configuration file for 'service_user'.."
if ! $(grep -q -E "^\s*service_user=\"prosody\"" \ if ! grep -q -E "^\s*service_user=\"prosody\"" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then
perl -i -n -p -e "s/^(#+service_user.*)/#\1\nservice_user=\"prosody\"/" \ perl -i -n -p -e "s/^(#+service_user.*)/#\1\nservice_user=\"prosody\"/" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
@@ -584,8 +757,8 @@ else
fi fi
echononl "Prepare configuration file for 'service_group'.." echononl "Prepare configuration file for 'service_group'.."
if ! $(grep -q -E "^\s*service_group=\"prosody\"" \ if ! grep -q -E "^\s*service_group=\"prosody\"" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then
perl -i -n -p -e "s/^(#+service_group.*)/#\1\nservice_group=\"prosody\"/" \ perl -i -n -p -e "s/^(#+service_group.*)/#\1\nservice_group=\"prosody\"/" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
@@ -599,8 +772,8 @@ else
fi fi
echononl "Prepare configuration file for 'cert_installed'.." echononl "Prepare configuration file for 'cert_installed'.."
if ! $(grep -q -E "^\s*cert_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.crt\"" \ if ! grep -q -E "^\s*cert_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.crt\"" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then
perl -i -n -p -e "s/^(#+cert_installed.*)/#\1\ncert_installed=\"\/etc\/prosody\/certs\/${FQHN_HOSTNAME}.crt\"/" \ perl -i -n -p -e "s/^(#+cert_installed.*)/#\1\ncert_installed=\"\/etc\/prosody\/certs\/${FQHN_HOSTNAME}.crt\"/" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
@@ -614,8 +787,8 @@ else
fi fi
echononl "Prepare configuration file for 'key_installed'.." echononl "Prepare configuration file for 'key_installed'.."
if ! $(grep -q -E "^\s*key_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.key\"" \ if ! grep -q -E "^\s*key_installed=\"/etc/prosody/certs/${FQHN_HOSTNAME}.key\"" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then
perl -i -n -p -e "s/^(#+key_installed.*)/#\1\nkey_installed=\"\/etc\/prosody\/certs\/${FQHN_HOSTNAME}.key\"/" \ perl -i -n -p -e "s/^(#+key_installed.*)/#\1\nkey_installed=\"\/etc\/prosody\/certs\/${FQHN_HOSTNAME}.key\"/" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
@@ -629,8 +802,8 @@ else
fi fi
echononl "Prepare configuration file for 'cert_newest'.." echononl "Prepare configuration file for 'cert_newest'.."
if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/fullchain.pem\"" \ if ! grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/fullchain.pem\"" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then
perl -i -n -p -e \ perl -i -n -p -e \
"s/^(#+cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/fullchain.pem\"/" \ "s/^(#+cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/fullchain.pem\"/" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1
@@ -645,8 +818,8 @@ else
fi fi
echononl "Prepare configuration file for 'key_newest'.." echononl "Prepare configuration file for 'key_newest'.."
if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/privkey.pem\"" \ if ! grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQHN_HOSTNAME}/privkey.pem\"" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null ; then
perl -i -n -p -e \ perl -i -n -p -e \
"s/^(#+key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/privkey.pem\"/" \ "s/^(#+key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQHN_HOSTNAME}\/privkey.pem\"/" \
/root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1 /root/bin/monitoring/conf/check_cert_for_prosody.conf > "$log_file" 2>&1
@@ -693,7 +866,7 @@ if [[ $? -ne 0 ]]; then
_failed=true _failed=true
fi fi
if ! $(grep -q "/root/bin/monitoring/check_cert_for_prosody.sh" "$_crontab_tmp_file" 2>/dev/null) ; then if ! grep -q "/root/bin/monitoring/check_cert_for_prosody.sh" "$_crontab_tmp_file" 2>/dev/null ; then
cat <<EOF >> "$_crontab_tmp_file" 2>> "$log_file" cat <<EOF >> "$_crontab_tmp_file" 2>> "$log_file"
# - Check if cert(s) for Prosody service are up-zp-date # - Check if cert(s) for Prosody service are up-zp-date
@@ -733,8 +906,8 @@ echo
_failed=false _failed=false
_changed=false _changed=false
echononl "Adjust '/etc/jitsi/videobridge/sip-communicator.properties'.." echononl "Adjust '/etc/jitsi/videobridge/sip-communicator.properties'.."
if ! $(grep -q -E "^\s*org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true" \ if ! grep -q -E "^\s*org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true" \
/etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file") ; then /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file" ; then
cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties
# disable the built-in webserver (required) # disable the built-in webserver (required)
@@ -747,8 +920,8 @@ EOF
fi fi
if ! $(grep -q -E "^\s*org.jitsi.videobridge.TCP_HARVESTER_PORT=4443" \ if ! grep -q -E "^\s*org.jitsi.videobridge.TCP_HARVESTER_PORT=4443" \
/etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file") ; then /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file" ; then
cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties
# sometimes the above setting does not work, therefore we change the port too (required) # sometimes the above setting does not work, therefore we change the port too (required)
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443 org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
@@ -761,8 +934,8 @@ EOF
_changed=true _changed=true
fi fi
if ! $(grep -q -E "^\s*#+org.jitsi.videobridge.ENABLE_STATISTICS=false" \ if ! grep -q -E "^\s*#+org.jitsi.videobridge.ENABLE_STATISTICS=false" \
/etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file") ; then /etc/jitsi/videobridge/sip-communicator.properties 2> "$log_file" ; then
cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties
# disable statistics to third parties (optional) # disable statistics to third parties (optional)
# DOES NOT WORK # DOES NOT WORK
@@ -787,14 +960,30 @@ else
fi fi
echononl "Backup file '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.." echononl "Backup file '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.."
if [[ ! -f "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG" ]]; then if [[ -f "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js" ]] ; then
cp -a "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js" \
"/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG" > "$log_file" 2>&1 if [[ ! -f "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG" ]] ; then
if [[ $? -ne 0 ]]; then cp -a "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js" \
echo_failed "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.ORIG"
error "$(cat "$log_file")"
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else else
echo_ok
cp -a "/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js" \
"/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js.${backup_date}" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi fi
else else
echo_skipped echo_skipped
@@ -816,8 +1005,8 @@ fi
_temp_jitsi_meet_config_created=false _temp_jitsi_meet_config_created=false
echononl "Adjust '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.." echononl "Adjust '/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js'.."
if ! $(grep -q -E "^\s*{ urls: 'stun.nextcloud.com:443' }" \ if ! grep -q -E "^\s*{ urls: 'stun.nextcloud.com:443' }" \
/etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> "$log_file") ; then /etc/jitsi/meet/${FQHN_HOSTNAME}-config.js 2> "$log_file" ; then
_found=false _found=false
:> ${LOCK_DIR}/${FQHN_HOSTNAME}-config.js :> ${LOCK_DIR}/${FQHN_HOSTNAME}-config.js
@@ -873,116 +1062,129 @@ fi
blank_line blank_line
echo echo
echo -e "\033[37m\033[1mConfigure Prosody (/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua) ..\033[m" echo -e "\033[37m\033[1mConfigure Prosody (/etc/prosody/conf.avail/* ..\033[m"
echo echo
CONFIG_GLOBAL="/etc/prosody/prosody.cfg.lua"
# Edit file /etc/prosody/conf.d/${FQHN_HOSTNAME}.cfg.lua echononl "Backup global configuration file $(basename "${CONFIG_GLOBAL}").."
# if [[ -f "${CONFIG_GLOBAL}" ]] ; then
# after line (the location this is important)
# consider_bosh_secure = true;
#
# add the following lines:
# bosh_ports = {
# {
# port = 5280;
# path = "http-bind";
# },
# {
# port = 5281;
# path = "http-bind";
# ssl = {
# certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt";
# key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key";
# }
# }
# }
#
# http_ports = { 5280 }
# http_interfaces = { "localhost" }
#
# https_ports = { 5281 }
# https_interfaces = { "localhost" }
#
# https_ssl = {
# certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt";
# key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key";
# }
#
echononl "Backup file '/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua'.."
if [[ ! -f "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua.ORIG" ]]; then
cp -a "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua" \
"/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua.ORIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
_found=false if [[ ! -f "${CONFIG_GLOBAL}.ORIG" ]]; then
_tem_prosody_config_created=false cp -a "${CONFIG_GLOBAL}" "${CONFIG_GLOBAL}.ORIG" > "$log_file" 2>&1
echononl "Create temporary configuration '${FQHN_HOSTNAME}.cfg.lua'.." if [[ $? -ne 0 ]]; then
if ! $(grep -q -E "^\s*bosh_ports = {" /etc/prosody//conf.avail/${FQHN_HOSTNAME}.cfg.lua 2> /dev/null) ; then echo_failed
error "$(cat "$log_file")"
:> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua else
while IFS='' read -r _line || [[ -n $_line ]] ; do echo_ok
echo "$_line" >> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua
if ! $_found && echo "$_line" | grep -i -E "^\s*consider_bosh_secure = true;" > /dev/null 2>&1 ; then
_found=true
cat <<EOF >> ${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua
bosh_ports = {
{
port = 5280;
path = "http-bind";
},
{
port = 5281;
path = "http-bind";
ssl = {
certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt";
key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key";
}
}
}
http_ports = { 5280 }
http_interfaces = { "localhost" }
https_ports = { 5281 }
https_interfaces = { "localhost" }
https_ssl = {
certificate = "/etc/prosody/certs/${FQHN_HOSTNAME}.crt";
key = "/etc/prosody/certs/${FQHN_HOSTNAME}.key";
}
EOF
fi fi
else
done < "/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua" cp -a "${CONFIG_GLOBAL}" "${CONFIG_GLOBAL}.${backup_date}" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_done echo_failed
error "$(cat "$log_file")"
_tem_prosody_config_created=true else
echo_ok
fi
fi
else else
echo_skipped echo_skipped
fi fi
echononl "Copy created file '${FQHN_HOSTNAME}.cfg.lua' to folder '/etc/prosody/conf.avail/'.."
if $_tem_prosody_config_created ; then CONFIG="/etc/prosody/conf.avail/${FQHN_HOSTNAME}.cfg.lua"
cp -a "${LOCK_DIR}/${FQHN_HOSTNAME}.cfg.lua" "/etc/prosody/conf.avail/" > "$log_file" 2>&1 echononl "Backup Konfiguration $(basename "${CONFIG}").."
if [[ -f "${CONFIG}" ]] ; then
if [[ ! -f "${CONFIG}.ORIG" ]]; then
cp -a "${CONFIG}" "${CONFIG}.ORIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
cp -a "${CONFIG}" "${CONFIG}.${backup_date}" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
else
echo_skipped
fi
CONFIG_LOCALHOST="/etc/prosody/conf.avail/localhost.cfg.lua"
echononl "Backup configuration file $(basename "${CONFIG_LOCALHOST}").."
if [[ -f "${CONFIG_LOCALHOST}" ]] ; then
if [[ ! -f "${CONFIG_LOCALHOST}.ORIG" ]]; then
cp -a "${CONFIG_LOCALHOST}" "${CONFIG_LOCALHOST}.ORIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
cp -a "${CONFIG_LOCALHOST}" "${CONFIG_LOCALHOST}.${backup_date}" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
else
echo_skipped
fi
CONFIG_JAAS="/etc/prosody/conf.avail/localhost.cfg.lua"
echononl "Backup configuration file $(basename "${CONFIG_JAAS}").."
if [[ -f "${CONFIG_JAAS}" ]] ; then
if [[ ! -f "${CONFIG_JAAS}.ORIG" ]]; then
cp -a "${CONFIG_JAAS}" "${CONFIG_JAAS}.ORIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
cp -a "${CONFIG_JAAS}" "${CONFIG_JAAS}.${backup_date}" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
else
echo_skipped
fi
blank_line
KEY="posix"
echononl "Comment out module '${KEY}' in $(basename $CONFIG_GLOBAL) .."
if grep -qE "^\s*\"${KEY}\";" "$CONFIG_GLOBAL"; then
sed -i "s|^\(\s*\)\(\"${KEY}\";\)|\1-- \2|" "$CONFIG_GLOBAL" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo_failed echo_failed
error "$(cat "$log_file")" echo_failed
error "Failed to comment out module '${KEY}' in ${CONFIG_GLOBAL}"
else else
echo_ok echo_ok
fi fi
@@ -991,6 +1193,232 @@ else
fi fi
blank_line
KEY="tcp_keepalives"
VALUE="true"
echononl "Set ${KEY} = ${VALUE} in $(basename $CONFIG) .."
if grep -qE "^\s*${KEY}\s*=" "$CONFIG"; then
if grep -qE "^\s*${KEY}\s*=\s*${VALUE}\s*;" "$CONFIG"; then
echo_skipped
else
sed -i "s|^\(\s*${KEY}\s*=\s*\).*|\1${VALUE};|" "$CONFIG"
if [[ $? -ne 0 ]]; then
echo_failed
error "Failed to update '${KEY}' in ${CONFIG}"
else
echo_ok
fi
fi
else
perl -i -0pe "s/(VirtualHost\\s)/${KEY} = ${VALUE};\\n\\n\$1/ if !\$done++" "$CONFIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
error "Failed to insert '${KEY}' in ${CONFIG}"
else
echo_ok
fi
fi
KEY="cross_domain_bosh"
INSERT_BLOCK='http_cors_override = {\n bosh = {\n enabled = false;\n };\n websocket = {\n enabled = false;\n };\n}'
echononl "Comment out '${KEY}' and insert http_cors_override block in $(basename $CONFIG) .."
# Prüfen ob der Block bereits vorhanden ist
if grep -qE "^\s*http_cors_override\s*=" "$CONFIG"; then
echo_skipped
else
# cross_domain_bosh auskommentieren falls gesetzt
if grep -qE "^\s*${KEY}\s*=" "$CONFIG"; then
sed -i "s|^\(\s*\)\(${KEY}\s*=.*\)|\1-- \2|" "$CONFIG"
fi
# Block vor erstem VirtualHost einfügen (mit führender Leerzeile)
perl -i -0pe "s/(VirtualHost\\s)/${INSERT_BLOCK}\\n\\n\$1/ if !\$done++" "$CONFIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
error "Failed to insert 'http_cors_override' block in ${CONFIG}"
else
echo_ok
fi
fi
DOMAIN="meet.oopen.de"
INSERT_BLOCK='http_ports = { 5280 }
http_interfaces = { "127.0.0.1", "::1" }
https_ports = { 5281 }
https_interfaces = { "127.0.0.1", "::1" }
https_ssl = {
certificate = "/etc/prosody/certs/'"${DOMAIN}"'.crt";
key = "/etc/prosody/certs/'"${DOMAIN}"'.key";
}
-- http_default_host = "'"${DOMAIN}"'"
http_paths = {
bosh = "/http-bind";
files = "/"
}'
echononl "Insert http/https block in $(basename $CONFIG) .."
if grep -q "http_ports" "$CONFIG"; then
echo_skipped
else
export INSERT_BLOCK
perl -i -0pe 's/(VirtualHost\s)/$ENV{INSERT_BLOCK}\n\n$1/ if !$done++' "$CONFIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
error "Failed to insert http/https block in ${CONFIG}"
else
echo_ok
fi
fi
# ------------------------------------
# - VirtualHost "auth.meet.oopen.de"
# ------------------------------------
REQUIRED_MODULES=("mam" "turn_external" "bosh" "websocket")
echononl "Ensure required modules in VirtualHost \"auth.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_vhost_modules "$CONFIG" "auth.meet.oopen.de" REQUIRED_MODULES
# ------------------------------------
# - Component "share.auth.meet.oopen.de"
# ------------------------------------
echononl "Ensure Component \"share.auth.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "share.auth.meet.oopen.de" "http_file_share"
# ------------------------------------
# - Component "internal.auth.meet.oopen.de"
# ------------------------------------
REQUIRED_MODULES=("mam" "bosh" "websocket" "turn_external" "muc_mam")
echononl "Ensure Component \"internal.auth.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "internal.auth.meet.oopen.de" "muc" REQUIRED_MODULES
# ------------------------------------
# - VirtualHost "guest.meet.oopen.de"
# ------------------------------------
REQUIRED_MODULES=("mam" "turn_external" "bosh" "websocket")
echononl "Ensure required modules in VirtualHost \"guest.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_vhost_modules "$CONFIG" "guest.meet.oopen.de" REQUIRED_MODULES
# ------------------------------------
# - Component "share.guest.meet.oopen.de"
# ------------------------------------
echononl "Ensure Component \"share.guest.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "share.guest.meet.oopen.de" "http_file_share"
# ------------------------------------
# - Component "groups.guest.meet.oopen.de"
# ------------------------------------
REQUIRED_MODULES=("muc_mam")
echononl "Ensure Component \"groups.guest.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "groups.guest.meet.oopen.de" "muc" REQUIRED_MODULES
# ------------------------------------
# - VirtualHost "meet.oopen.de"
# ------------------------------------
REQUIRED_MODULES=("mam")
echononl "Ensure required modules in VirtualHost \"meet.oopen.de\" in $(basename $CONFIG) .."
ensure_vhost_modules "$CONFIG" "meet.oopen.de" REQUIRED_MODULES
# ------------------------------------
# - Component "share.meet.oopen.de"
# ------------------------------------
echononl "Ensure Component \"share.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "share.meet.oopen.de" "http_file_share"
# ------------------------------------
# - Component "breakout.meet.oopen.de"
# ------------------------------------
REQUIRED_MODULES=("muc_hide_all" "muc_meeting_id" "muc_domain_mapper" "muc_rate_limit" "muc_mam")
echononl "Ensure Component \"breakout.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "breakout.meet.oopen.de" "muc" REQUIRED_MODULES
# ------------------------------------
# - VirtualHost "recorder.meet.oopen.de"
# ------------------------------------
REQUIRED_MODULES=("mam" "bosh" "websocket" "turn_external")
echononl "Ensure required modules in VirtualHost \"recorder.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_vhost_modules "$CONFIG" "recorder.meet.oopen.de" REQUIRED_MODULES
# ------------------------------------
# - Component "share.recorder.meet.oopen.de"
# ------------------------------------
echononl "Ensure Component \"share.recorder.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "share.recorder.meet.oopen.de" "http_file_share"
# ------------------------------------
# - Component "groups.recorder.meet.oopen.de"
# ------------------------------------
REQUIRED_MODULES=("muc_mam")
echononl "Ensure Component \"groups.recorder.meet.oopen.de\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "groups.recorder.meet.oopen.de" "muc" REQUIRED_MODULES
blank_line
CONFIG="/etc/prosody/conf.avail/localhost.cfg.lua"
# ------------------------------------
# - VirtualHost "localhost" (localhost.cfg.lua)
# ------------------------------------
REQUIRED_MODULES=("bosh" "websocket" "turn_external" "mam")
echononl "Ensure required modules in VirtualHost \"localhost\" in $(basename $CONFIG) .."
ensure_vhost_modules "$CONFIG" "localhost" REQUIRED_MODULES
# ------------------------------------
# - Component "share.localhost"
# ------------------------------------
echononl "Ensure Component \"share.localhost\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "share.localhost" "http_file_share"
# ------------------------------------
# - Component "groups.localhost"
# ------------------------------------
REQUIRED_MODULES=("muc_mam")
echononl "Ensure Component \"groups.localhost\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "groups.localhost" "muc" REQUIRED_MODULES
# ------------------------------------
# - jaas.cfg.lua
# ------------------------------------
CONFIG="/etc/prosody/conf.avail/jaas.cfg.lua"
# ------------------------------------
# - VirtualHost "jigasi.meet.jitsi"
# ------------------------------------
REQUIRED_MODULES=("mam" "websocket" "turn_external")
echononl "Ensure required modules in VirtualHost \"jigasi.meet.jitsi\" in $(basename $CONFIG) .."
ensure_vhost_modules "$CONFIG" "jigasi.meet.jitsi" REQUIRED_MODULES
# ------------------------------------
# - Component "share.jigasi.meet.jitsi"
# ------------------------------------
echononl "Ensure Component \"share.jigasi.meet.jitsi\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "share.jigasi.meet.jitsi" "http_file_share"
# ------------------------------------
# - Component "groups.jigasi.meet.jitsi"
# ------------------------------------
REQUIRED_MODULES=("muc_mam")
echononl "Ensure Component \"groups.jigasi.meet.jitsi\" in $(basename $CONFIG) .."
ensure_component "$CONFIG" "groups.jigasi.meet.jitsi" "muc" REQUIRED_MODULES
blank_line blank_line
echo echo
@@ -998,18 +1426,15 @@ echo -e "\033[37m\033[1mConfigure nginx configuration ..\033[m"
echo echo
echononl "Backup nginx configuration '${FQHN_HOSTNAME}.conf'.." echononl "Backup nginx configuration '${FQHN_HOSTNAME}.conf'.."
if [[ ! -f "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf.ORIG" ]] ; then if [[ -f "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" ]] ; then
if [[ -f "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" ]] ; then cp -a "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" \
cp -a "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf" \ "/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf.${backup_date}" > "$log_file" 2>&1
"/etc/nginx/sites-available/${FQHN_HOSTNAME}.conf.ORIG" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo_failed echo_failed
error "$(cat "$log_file")" error "$(cat "$log_file")"
else
echo_ok
fi
else else
echo_skipped echo_ok
fi fi
else else
echo_skipped echo_skipped