554 lines
19 KiB
Plaintext
554 lines
19 KiB
Plaintext
# ===========================================================================
|
|
# Git Repository Jitsi Meet Service
|
|
# https://github.com/jitsi/jitsi-meet
|
|
#
|
|
# see:
|
|
# - https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md
|
|
#
|
|
# - https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md
|
|
#
|
|
# Self-hosted Jitsi server with authentication
|
|
# - https://dev.to/noandrea/self-hosted-jitsi-server-with-authentication-ie7
|
|
# =============================================================================
|
|
|
|
FQND_HOSTNAME="meet.oopen.de"
|
|
FQND_HOSTNAME="meet2.oopen.de"
|
|
FQND_HOSTNAME="meet.faire-mobilitaet.de"
|
|
FQND_HOSTNAME="video.faire-mobilitaet.de"
|
|
|
|
# 0.) Create new LX Container
|
|
#
|
|
# /root/bin/LXC/create-lx-container.sh
|
|
# ...
|
|
|
|
|
|
# 1.) Assign(Adjust user root
|
|
#
|
|
# lxc-attach -n meet
|
|
# add_new_user.sh root
|
|
|
|
# 2.) Base Install via ansible
|
|
#
|
|
# cd /home/chris/devel/git/git.oopen.de/ansible/oopen-server
|
|
# ansible-playbook --limit meet.oopen.de ansible-dependencies.yml
|
|
# ansible-playbook --limit meet.oopen.de common.yml
|
|
# ansible-playbook --limit meet.oopen.de scripts/install-ulogd.yml
|
|
# ansible-playbook --limit meet.oopen.de firewall.yml
|
|
|
|
# 3.) Install Postfix SMTP Service (base)
|
|
#
|
|
# cd /usr/local/src/mailsystem
|
|
# ./install_postfix_base.sh
|
|
|
|
# 4.) Install NGINX Web Service
|
|
#
|
|
# cd /usr/local/src/nginx
|
|
# ./install_nginx.sh
|
|
|
|
Adjust 'DefaultLimitNOFILE' file /etc/systemd/system.conf
|
|
if ! $(grep -q -E "^\s*DefaultLimitNOFILE=" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^(\s*#DefaultLimitNOFILE=.*)/\1\nDefaultLimitNOFILE=1048576/" \
|
|
/etc/systemd/system.conf
|
|
elif ! $(grep -q -E "^\s*DefaultLimitNOFILE=1048576" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^\s*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=1048576/" \
|
|
/etc/systemd/system.conf
|
|
fi
|
|
|
|
Adjust 'DefaultLimitNPROC' file /etc/systemd/system.conf
|
|
if ! $(grep -q -E "^\s*DefaultLimitNPROC=" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^(\s*#DefaultLimitNPROC=.*)/\1\nDefaultLimitNPROC=1048576/" \
|
|
/etc/systemd/system.conf
|
|
elif ! $(grep -q -E "^\s*DefaultLimitNPROC=1048576" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^\s*DefaultLimitNPROC=.*/DefaultLimitNPROC=1048576/" \
|
|
/etc/systemd/system.conf
|
|
fi
|
|
|
|
Adjust 'DefaultTasksMax' file /etc/systemd/system.conf
|
|
if ! $(grep -q -E "^\s*DefaultTasksMax=" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^(\s*#DefaultTasksMax=.*)/\1\nDefaultTasksMax=1048576/" \
|
|
/etc/systemd/system.conf
|
|
elif ! $(grep -q -E "^\s*DefaultTasksMax=1048576" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^\s*DefaultTasksMax=.*/DefaultTasksMax=1048576/" \
|
|
/etc/systemd/system.conf
|
|
fi
|
|
|
|
Adjust 'DefaultLimitRTPRIO' file /etc/systemd/system.conf
|
|
if ! $(grep -q -E "^\s*DefaultLimitRTPRIO=" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^(\s*#DefaultLimitRTPRIO=.*)/\1\nDefaultLimitRTPRIO=infinity/" \
|
|
/etc/systemd/system.conf
|
|
elif ! $(grep -q -E "^\s*DefaultLimitRTPRIO=infinity" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^\s*DefaultLimitRTPRIO=.*/DefaultLimitRTPRIO=infinity/" \
|
|
/etc/systemd/system.conf
|
|
fi
|
|
|
|
Adjust 'DefaultLimitRTTIME' file /etc/systemd/system.conf
|
|
if ! $(grep -q -E "^\s*DefaultLimitRTTIME=" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^(\s*#DefaultLimitRTTIME=.*)/\1\nDefaultLimitRTTIME=infinity/" \
|
|
/etc/systemd/system.conf
|
|
elif ! $(grep -q -E "^\s*DefaultLimitRTTIME=infinity" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^\s*DefaultLimitRTTIME=.*/DefaultLimitRTTIME=infinity/" \
|
|
/etc/systemd/system.conf
|
|
fi
|
|
|
|
Adjust 'DefaultLimitCORE' file /etc/systemd/system.conf
|
|
if ! $(grep -q -E "^\s*DefaultLimitCORE=" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^(\s*#DefaultLimitCORE=.*)/\1\nDefaultLimitCORE=infinity/" \
|
|
/etc/systemd/system.conf
|
|
elif ! $(grep -q -E "^\s*DefaultLimitCORE=infinity" /etc/systemd/system.conf 2> /dev/null); then
|
|
perl -i -n -p -e "s/^\s*DefaultLimitCORE=.*/DefaultLimitCORE=infinity/" \
|
|
/etc/systemd/system.conf
|
|
fi
|
|
|
|
|
|
systemctl daemon-reload
|
|
|
|
|
|
# 5.) Install 'dehydrated-cron' (Let's Encrypt Certificates)
|
|
#
|
|
# Install Let's Encrypt Certificate
|
|
#
|
|
/usr/local/src/dehydrated-cron/install_dehydrated.sh
|
|
|
|
# Adjust '/var/lib/dehydrated/domains.txt'
|
|
#
|
|
cat <<EOF >> /var/lib/dehydrated/domains.txt
|
|
$FQND_HOSTNAME
|
|
EOF
|
|
|
|
|
|
# Generate Certificate
|
|
#
|
|
/var/lib/dehydrated/cron/dehydrated_cron.sh
|
|
|
|
|
|
|
|
|
|
# 6.) Install iptable firewall (optinal)
|
|
#
|
|
# cd /usr/local/src/ipt-server
|
|
# see: README.install
|
|
|
|
|
|
# 7.)
|
|
#
|
|
# - crontab
|
|
# - /etc/ssl
|
|
|
|
cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/fullchain.pem
|
|
chmod 644 /etc/ssl/fullchain.pem
|
|
|
|
cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/privkey.pem
|
|
chmod 644 /etc/ssl/privkey.pem
|
|
|
|
ln -s fullchain.pem /etc/ssl/${FQND_HOSTNAME}.crt
|
|
ln -s privkey.pem /etc/ssl/${FQND_HOSTNAME}.key
|
|
|
|
# 8.) Adjust
|
|
#
|
|
# - /etc/hostname (must contain this FQDN "meet.oopen.de")
|
|
# - /etc/hosts (127.0.0.1 localhost meet.example.org)
|
|
# - /etc/ssl
|
|
|
|
# /etc/hostname
|
|
cat <<EOF > /etc/hostname
|
|
$FQND_HOSTNAME
|
|
EOF
|
|
|
|
# 9.) Install jitsi meet
|
|
#
|
|
# see: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md
|
|
|
|
echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list
|
|
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
|
|
apt-get update
|
|
|
|
# Install Jitsi Meet Service
|
|
#
|
|
apt-get install jitsi-meet
|
|
|
|
|
|
# !! Adjust nginx configuration !!
|
|
|
|
|
|
# Maybe reinstall of 'jitsi-meet-turnserver' is needed..
|
|
#
|
|
# Note: not needed if 'unstable' packages are installed.
|
|
#
|
|
#if [[ ! -h "/etc/nginx/modules-enabled/60-jitsi-meet.conf" ]] ; then
|
|
# apt-get install --reinstall jitsi-meet-turnserver
|
|
#fi
|
|
|
|
cd /etc/nginx/modules-enabled
|
|
|
|
# for streamin at leas module 'ngx_stream_module.so' is needed
|
|
# load_module modules/ngx_stream_module.so;
|
|
#
|
|
# if [[ ! -h /etc/nginx/modules-enabled/50-mod-stream.conf ]] ; then
|
|
# ln -s /usr/share/nginx/modules-available/mod-stream.conf 50-mod-stream.conf
|
|
# fi
|
|
#
|
|
# But we will load all available modules:
|
|
#
|
|
for _file in $(ls /usr/share/nginx/modules-available/) ; do
|
|
[[ -d "/usr/share/nginx/modules-available/${_file}" ]] && continue
|
|
[[ -h "/etc/nginx/modules-enabled/50-${_file}" ]] && continue
|
|
ln -s "/usr/share/nginx/modules-available/${_file}" "/etc/nginx/modules-enabled/50-${_file}"
|
|
echo $_file
|
|
done
|
|
|
|
|
|
# Addjust file nginx vhost congiguration '/etc/nginx/sites-enabled/${FQND_HOSTNAME}.conf'
|
|
#
|
|
#
|
|
# At section 'server' (configuration for port 80) replace
|
|
#
|
|
# location ^~ /.well-known/acme-challenge/ {
|
|
# default_type "text/plain";
|
|
# root /usr/share/jitsi-meet;
|
|
# }
|
|
# location = /.well-known/acme-challenge/ {
|
|
# return 404;
|
|
# }
|
|
#
|
|
# with
|
|
#
|
|
# # - Needed for (automated) updating certificate
|
|
# # -
|
|
# include snippets/letsencrypt-acme-challenge.conf;
|
|
#
|
|
vim /etc/nginx/sites-enabled/${FQND_HOSTNAME}.conf
|
|
|
|
# Add FQND hostname to /var/lib/dehydrated/domains.txt
|
|
#
|
|
echo "$FQND_HOSTNAME" > /var/lib/dehydrated/domains.txt
|
|
|
|
# Create Certificate
|
|
#
|
|
/var/lib/dehydrated/cron/dehydrated_cron.sh
|
|
|
|
# Change directives 'ssl_certificate'and 'ssl_certificate_key' to
|
|
# meet the new certificate/key locations
|
|
#
|
|
/var/lib/dehydrated/tools/change_ssl_directives.sh
|
|
|
|
|
|
# ---
|
|
# 10. Install cronjob to adjust certificates at directory '/etc/ssl'
|
|
#---
|
|
|
|
# Prepare configuration file for check coTURN service
|
|
#
|
|
cp /root/bin/monitoring/conf/check_cert_for_service.conf.sample \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf
|
|
|
|
# Prepare configuration file for 'service_name'
|
|
#
|
|
if ! $(grep -q -E "^\s*service_name=\"coTURN\"" /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#service_name.*)/#\1\nservice_name=\"coTURN\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'check_string_ps'
|
|
#
|
|
if ! $(grep -q -E "^\s*check_string_ps=\"\[\[:digit:\]\]\\\ /usr/bin/turnserver\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#check_string_ps*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ \/usr\/bin\/turnserver\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'service_user'
|
|
#
|
|
if ! $(grep -q -E "^\s*service_user=\"turnserver\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#service_user.*)/#\1\nservice_user=\"turnserver\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'service_group'
|
|
#
|
|
if ! $(grep -q -E "^\s*service_group=\"turnserver\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#service_group.*)/#\1\nservice_group=\"turnserver\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'cert_installed'
|
|
#
|
|
if ! $(grep -q -E "^\s*cert_installed=\"/etc/ssl/fullchain.pem\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#cert_installed.*)/#\1\ncert_installed=\"\/etc\/ssl\/fullchain.pem\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'key_installed'
|
|
#
|
|
if ! $(grep -q -E "^\s*key_installed=\"/etc/ssl/privkey.pem\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#key_installed.*)/#\1\nkey_installed=\"\/etc\/ssl\/privkey.pem\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'cert_newest'
|
|
#
|
|
if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/fullchain.pem\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e \
|
|
"s/^(#cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/fullchain.pem\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'key_newest'
|
|
#
|
|
if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/privkey.pem\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e \
|
|
"s/^(#key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/privkey.pem\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_service.conf
|
|
fi
|
|
|
|
# Initial
|
|
/root/bin/monitoring//check_cert_for_service.sh
|
|
|
|
# Add Cronjob for checcking if certificate/key is up to date
|
|
#
|
|
_crontab_tmp_file=/tmp/crontab_root.$$
|
|
crontab -l > "$_crontab_tmp_file" 2> /dev/null
|
|
|
|
if ! $(grep -q "/root/bin/monitoring/check_cert_for_service.sh" "$_crontab_tmp_file" 2>/dev/null) ; then
|
|
cat <<EOF >> "$_crontab_tmp_file"
|
|
|
|
# - Check if cert for coTURN service is
|
|
# -
|
|
39 05 * * * /root/bin/monitoring/check_cert_for_service.sh
|
|
EOF
|
|
fi
|
|
crontab "$_crontab_tmp_file"
|
|
rm -f "$_crontab_tmp_file"
|
|
|
|
|
|
# Prepare configuration file for check certificates for prosody service
|
|
#
|
|
cp /root/bin/monitoring/conf/check_cert_for_prosody.conf.sample \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
|
|
# Prepare configuration file for 'service_name'
|
|
#
|
|
if ! $(grep -q -E "^\s*service_domain=\"${FQND_HOSTNAME}\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#service_domain.*)/#\1\nservice_domain=\"${FQND_HOSTNAME}\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
fi
|
|
|
|
if ! $(grep -q -E "^\s*service_name=\"Prosody\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#service_name.*)/#\1\nservice_name=\"Prosody\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'check_string_ps'
|
|
#
|
|
if ! $(grep -q -E "^\s*check_string_ps=\"[[:digit:]]\\ lua[[:digit:]].[[:digit:]] /usr/bin/prosody\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#check_string_ps.*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ lua[[:digit:]].[[:digit:]] \/usr\/bin\/prosody\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'service_user'
|
|
#
|
|
if ! $(grep -q -E "^\s*service_user=\"prosody\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#service_user.*)/#\1\nservice_user=\"prosody\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'service_group'
|
|
#
|
|
if ! $(grep -q -E "^\s*service_group=\"prosody\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#service_group.*)/#\1\nservice_group=\"prosody\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'cert_installed'
|
|
#
|
|
if ! $(grep -q -E "^\s*cert_installed=\"/etc/prosody/certs/${FQND_HOSTNAME}.crt\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#cert_installed.*)/#\1\ncert_installed=\"\/etc\/prosody\/certs\/${FQND_HOSTNAME}.crt\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'key_installed'
|
|
#
|
|
if ! $(grep -q -E "^\s*key_installed=\"/etc/prosody/certs/${FQND_HOSTNAME}.key\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e "s/^(#key_installed.*)/#\1\nkey_installed=\"\/etc\/prosody\/certs\/${FQND_HOSTNAME}.key\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'cert_newest'
|
|
#
|
|
if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/fullchain.pem\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e \
|
|
"s/^(#cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/fullchain.pem\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
fi
|
|
|
|
# Prepare configuration file for 'key_newest'
|
|
#
|
|
if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/privkey.pem\"" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
|
perl -i -n -p -e \
|
|
"s/^(#key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/privkey.pem\"/" \
|
|
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
|
fi
|
|
|
|
# Initial
|
|
/root/bin/monitoring//check_cert_for_prosody.sh
|
|
|
|
# Add Cronjob for checcking if certificate/key is up to date
|
|
#
|
|
_crontab_tmp_file=/tmp/crontab_root.$$
|
|
crontab -l > "$_crontab_tmp_file" 2> /dev/null
|
|
|
|
if ! $(grep -q "/root/bin/monitoring/check_cert_for_prosody.sh" "$_crontab_tmp_file" 2>/dev/null) ; then
|
|
cat <<EOF >> "$_crontab_tmp_file"
|
|
|
|
# - Check if cert(s) for prosody service are up-to-date
|
|
# -
|
|
13 05 * * * /root/bin/monitoring/check_cert_for_prosody.sh
|
|
EOF
|
|
fi
|
|
crontab "$_crontab_tmp_file"
|
|
rm -f "$_crontab_tmp_file"
|
|
|
|
|
|
# ---
|
|
# 11.) Configure Jitsi Meet
|
|
# ---
|
|
|
|
# First of all we configure the videobridge.
|
|
#
|
|
# Open /etc/jitsi/videobridge/sip-communicator.properties and add:
|
|
#
|
|
# # disable the built-in webserver (required)
|
|
# org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
|
|
# # sometimes the above setting does not work, therefore we change the port too (required)
|
|
# org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
|
|
# # sometimes the above setting does not work, therefore we change the port too (required)
|
|
# org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443
|
|
# # disable statistics to third parties (optional)
|
|
## org.jitsi.videobridge.ENABLE_STATISTICS=false
|
|
# cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties
|
|
|
|
#
|
|
# It is important to remove the comments (# comment)! Otherwise they will not work!
|
|
|
|
cat <<EOF >> /etc/jitsi/videobridge/sip-communicator.properties
|
|
|
|
# disable the built-in webserver (required)
|
|
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
|
|
# sometimes the above setting does not work, therefore we change the port too (required)
|
|
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
|
|
# sometimes the above setting does not work, therefore we change the port too (required)
|
|
org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443
|
|
# disable statistics to third parties (optional)
|
|
# DOES NOT WORK
|
|
#org.jitsi.videobridge.ENABLE_STATISTICS=false
|
|
EOF
|
|
|
|
|
|
# Open /etc/jitsi/meet/${FQND_HOSTNAME}-config.js:
|
|
#
|
|
# Uncomment and change // disableThirdPartyRequests: false to true
|
|
#
|
|
# !! DOES NOT WORK !!
|
|
#
|
|
#if ! $(grep -q -E "^\s*disableThirdPartyRequests:\s+true" /etc/jitsi/meet/${FQND_HOSTNAME}-config.js) ; then
|
|
# perl -i -n -p -e "s#^(\s*)(//\s*disableThirdPartyRequests.*)#\1\2\n\1disableThirdPartyRequests: true#" \
|
|
# /etc/jitsi/meet/${FQND_HOSTNAME}-config.js
|
|
#fi
|
|
|
|
|
|
# Replace the google stun servers under stunServers: with other more privacy
|
|
# respecting ones. There is a list available on this GitHub gist. I can
|
|
# recommend you to use the following:
|
|
#
|
|
# { urls: 'stun.nextcloud.com:443' },
|
|
# { urls: 'stun.stunprotocol.org:3478' },
|
|
# { urls: 'stun.services.mozilla.com:3478' }
|
|
#
|
|
vim /etc/jitsi/meet/${FQND_HOSTNAME}-config.js
|
|
|
|
|
|
# ---
|
|
# 12.) Configure Prosody (avoid error message "portmanager error Error binding encrypted port for https.."
|
|
# ---
|
|
|
|
# Edit file /etc/prosody/conf.d/${FQND_HOSTNAME}.cfg.lua
|
|
#
|
|
# after line (the location this is important)
|
|
# consider_bosh_secure = true;
|
|
#
|
|
# add the following lines:
|
|
# bosh_ports = {
|
|
# {
|
|
# port = 5280;
|
|
# path = "http-bind";
|
|
# },
|
|
# {
|
|
# port = 5281;
|
|
# path = "http-bind";
|
|
# ssl = {
|
|
# certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt";
|
|
# key = "/etc/prosody/certs/${FQND_HOSTNAME}.key";
|
|
# }
|
|
# }
|
|
# }
|
|
#
|
|
# http_ports = { 5280 }
|
|
# http_interfaces = { "localhost" }
|
|
#
|
|
# https_ports = { 5281 }
|
|
# https_interfaces = { "localhost" }
|
|
#
|
|
# https_ssl = {
|
|
# certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt";
|
|
# key = "/etc/prosody/certs/${FQND_HOSTNAME}.key";
|
|
# }
|
|
#
|
|
cat <<EOF >> /etc/prosody/conf.d/${FQND_HOSTNAME}.cfg.lua
|
|
|
|
bosh_ports = {
|
|
{
|
|
port = 5280;
|
|
path = "http-bind";
|
|
},
|
|
{
|
|
port = 5281;
|
|
path = "http-bind";
|
|
ssl = {
|
|
certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt";
|
|
key = "/etc/prosody/certs/${FQND_HOSTNAME}.key";
|
|
}
|
|
}
|
|
}
|
|
|
|
http_ports = { 5280 }
|
|
http_interfaces = { "localhost" }
|
|
|
|
https_ports = { 5281 }
|
|
https_interfaces = { "localhost" }
|
|
|
|
https_ssl = {
|
|
certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt";
|
|
key = "/etc/prosody/certs/${FQND_HOSTNAME}.key";
|
|
}
|
|
EOF
|
|
|
|
#
|
|
vim /etc/prosody/conf.d/${FQND_HOSTNAME}.cfg.lua
|
|
|
|
# ===============================
|
|
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R "meet.oopen.de"
|
|
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R ""159.69.74.155
|
|
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R "2a01:4f8:231:19a7::155"
|