commit bc77502b0df1d2ac641bd85d0e6b7735ab06c3c5 Author: Bram Prieshof Date: Thu Oct 22 16:47:36 2020 +0200 Inital commit diff --git a/Install-JIB.sh b/Install-JIB.sh new file mode 100644 index 0000000..03fe00f --- /dev/null +++ b/Install-JIB.sh @@ -0,0 +1,105 @@ +####################### +# JitsiMeet - JIB # +####################### +if [ ! -f "~/jistiMeet.var" ] ; then echo 'Please put "/etc/ICTM/JitsiMeet.var" from main server in "~/jistiMeet.var"' && exit ; fi +source ~/jistiMeet.var + +##-----------------## +# Defining Vars # +##-----------------## +OUTPUT='/dev/tty' + +#PackageManager-config + +dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release") +dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") + +if [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then + PKGM="apt" + PKGI="${PKGM} install -y --no-install-recommends" + PKGLIST="apt" + shortdist=deb10 +else + echo "This os in not supported" + exit +fi + +unset dist_ver dist APTMODE + +#Repo Vars +repo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer +branch=main/JIB +branchtype=branch + +#SelfBuilding Vars +mtype=""$repo"/raw/"$branchtype"/"$branch"" + + +##---------------## +# Functions # +##---------------## + +msg () { +echo "$1" +} + +##--------------------------## +# Installer-Requirements # +##--------------------------## + +msg " Starting installer" 8 78 +$PKGM update > $OUTPUT 2>&1 +$PKGI curl > $OUTPUT 2>&1 + +##----------## +# Menu # +##----------## +read -p 'Instance name (ex: jib1): ' jibinstid + +##-------------------------## +# Generating APT list # +##-------------------------## +#General aptList +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/generic.pkg.list; then + curl "$mtype"/generic.pkg.list >>/tmp/pkg.list +fi + +##--------------------## +# Pre-Requirements # +##--------------------## + +msg " Preconfiguring" +curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1 +$PKGM update +$PKGM upgrade -y + + +##-------------------## +# Pre-configuring # +##-------------------## + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$mtype"/preconf.sh) +fi + +##-------------## +# Installer # +##-------------## + +$PKGM update +cat /tmp/pkg.list | xargs $PKGI + + +##---------------## +# Configuring # +##---------------## + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$mtype"/conf.sh) +fi + +##-------## +# end # +##-------## + +msg " Done!" diff --git a/Install-JMS.sh b/Install-JMS.sh new file mode 100644 index 0000000..0963663 --- /dev/null +++ b/Install-JMS.sh @@ -0,0 +1,163 @@ +####################### +# JitsiMeet - JVB # +####################### + + +##-----------------## +# Defining Vars # +##-----------------## +OUTPUT='/dev/tty' + +#PackageManager-config + +dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release") +dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") + +if [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then + PKGM="apt" + PKGI="${PKGM} install -y --no-install-recommends" + PKGLIST="apt" + shortdist=deb10 +else + echo "This os in not supported" + exit +fi + +unset dist_ver dist + +#Repo Vars +repo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer +branch=main/JVB +branchtype=branch + +#SelfBuilding Vars +mtype=""$repo"/raw/"$branchtype"/"$branch"" +jibsec=${cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 16} +jibrsec=${cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 16} + + +##---------------## +# Functions # +##---------------## + +msg () { +echo "$1" +} + +##--------------------------## +# Installer-Requirements # +##--------------------------## + +msg " Starting installer" 8 78 +$PKGM update > $OUTPUT 2>&1 +$PKGI curl > $OUTPUT 2>&1 + +##----------## +# Menu # +##----------## +read -p 'Domain name: ' domain + + +PS3='Installation type: ' +options=("Scalable" "Stand alone" "Full stand alone" "Quit") +select opt in "${options[@]}" +do + case $opt in + "Scalable") + jitsipack=sc + genjvbsec=1 + extcon=1 + ;; + "Stand alone") + jitsipack=sa + extcon=1 + ;; + "Full stand alone") + jitsipack=sa + extcon=0 + ;; + "Quit") + break + ;; + *) echo "invalid option $REPLY";; + esac +done + +while true; do + read -p "Do you wish to install this program?" yn + case $yn in + [Yy]* ) lecert=1; break;; + [Nn]* ) lecert=0; break;; + * ) echo "Please answer yes or no.";; + esac +done + +if [ "$extcon" = "1" ] ; then + ip link show + read -p 'Enter full name of internal network interface: ' innetworkif + intip=$(ip -o -4 addr list "$innetworkif" | awk '{print $4}' | cut -d/ -f1) +fi + +read -p 'Enter Jitsi username: ' jituser +read -p 'Enter Jitsi password: ' -s jitpasswd +echo "" + +##-------------------------## +# Generating APT list # +##-------------------------## +#General aptList +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/generic.pkg.list; then + curl "$mtype"/generic.pkg.list >>/tmp/pkg.list +fi + +##--------------------## +# Pre-Requirements # +##--------------------## + +msg " Preconfiguring" +curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1 +$PKGM update +$PKGM upgrade -y + + +##-------------------## +# Pre-configuring # +##-------------------## + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$mtype"/preconf.sh) +fi + +##-------------## +# Installer # +##-------------## + +$PKGM update +cat /tmp/pkg.list | xargs $PKGI + + +##---------------## +# Configuring # +##---------------## + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$mtype"/conf.sh) +fi + +#storing config +if [ "$jitsipack" = "sa" ] ; then + jvbsec=$(sed -n ' s/org.jitsi.videobridge.xmpp.user.shard.PASSWORD=\(.*\)/\1/p' /etc/jitsi/videobridge/sip-communicator.properties) +fi + +mkdir -p /etc/ICTM/ +echo "InstDate=$(date "+%d-%B-%Y")" >> /etc/ICTM/JitsiMeet.var +for storeme in domain intip jvbsec jibsec jibrsec; do + declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list +done + + +##-------## +# end # +##-------## + +msg " Done!" diff --git a/Install-JVB.sh b/Install-JVB.sh new file mode 100644 index 0000000..8385b1c --- /dev/null +++ b/Install-JVB.sh @@ -0,0 +1,115 @@ +####################### +# JitsiMeet - JVB # +####################### +if [ ! -f "~/jistiMeet.var" ] ; then echo 'Please put "/etc/ICTM/JitsiMeet.var" from main server in "~/jistiMeet.var"' && exit ; fi + +source ~/jistiMeet.var + +##-----------------## +# Defining Vars # +##-----------------## +OUTPUT='/dev/tty' + + +#PackageManager-config + +dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release") +dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") + +if [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then + PKGM="apt" + PKGI="${PKGM} install -y --no-install-recommends" + PKGLIST="apt" + shortdist=deb10 +else + echo "This os in not supported" + exit +fi + +unset dist_ver dist APTMODE + +#Repo Vars +repo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer +branch=main/JVB +branchtype=branch + +#SelfBuilding Vars +mtype=""$repo"/raw/"$branchtype"/"$branch"" + + +##---------------## +# Functions # +##---------------## + +msg () { +echo "$1" +} + +##--------------------------## +# Installer-Requirements # +##--------------------------## + +msg " Starting installer" 8 78 +$PKGM update > $OUTPUT 2>&1 +$PKGI curl > $OUTPUT 2>&1 + + +##-------------------------## +# Generating APT list # +##-------------------------## +#General aptList +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/generic.pkg.list; then + curl "$mtype"/generic.pkg.list >>/tmp/pkg.list +fi + +##--------------------## +# Pre-Requirements # +##--------------------## + +msg " Preconfiguring" +curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1 +$PKGM update +$PKGM upgrade -y + + +##-------------------## +# Pre-configuring # +##-------------------## + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$mtype"/preconf.sh) +fi + +##-------------## +# Installer # +##-------------## + +$PKGM update +cat /tmp/pkg.list | xargs $PKGI + + +##---------------## +# Configuring # +##---------------## + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$mtype"/conf.sh) +fi + +#storing config +if [ "$jitsipack" = "sa" ] ; then + jvbsec=$(sed -n ' s/org.jitsi.videobridge.xmpp.user.shard.PASSWORD=\(.*\)/\1/p' /etc/jitsi/videobridge/sip-communicator.properties) +fi + +mkdir -p /etc/ICTM/ +echo "InstDate=$(date "+%d-%B-%Y")" >> /etc/ICTM/JitsiMeet.var +for storeme in domain intip jvbsec jibsec jibrsec; do + declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list +done + + +##-------## +# end # +##-------## + +msg " Done!" diff --git a/JIB/conf.sh b/JIB/conf.sh new file mode 100644 index 0000000..4af6b90 --- /dev/null +++ b/JIB/conf.sh @@ -0,0 +1,38 @@ +#module setup +mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer +mbranch=main/JIB + +#config ssh +sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config +systemctl restart sshd > $OUTPUT 2>&1 + +##config ufw +ufw limit 4242/tcp > $OUTPUT 2>&1 +echo "y" | ufw enable > $OUTPUT 2>&1 + +#install ChromeDriver +curl --retry 7 --retry-delay 5 -s http://chromedriver.storage.googleapis.com/"$(curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE)"/chromedriver_linux64.zip -o /tmp/chromedriver.zip +unzip /tmp/chromedriver.zip -d /tmp > $OUTPUT 2>&1 +sudo mv -f /tmp/chromedriver /usr/local/bin/chromedriver > $OUTPUT 2>&1 +sudo chmod 0755 /usr/local/bin/chromedriver > $OUTPUT 2>&1 + +#config chrome +mkdir -p /etc/opt/chrome/policies/managed > $OUTPUT 2>&1 +echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' >>/etc/opt/chrome/policies/managed/managed_policies.json + +#config alsa +echo "snd_aloop" >> /etc/modules > $OUTPUT 2>&1 +modprobe snd_aloop > $OUTPUT 2>&1 + +##config dns +mv /etc/resolve.conf /etc/resolve.conf.bck > $OUTPUT 2>&1 +echo "nameserver $intip" > /etc/resolve.conf + +#config jibri +curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/config.json -o /etc/jitsi/jibri/config.json +sed -i -e 's/DOMAINname/'$domain'/g' -e 's/JIBRIname/'$jibinstid'/g' -e 's/RECsecret/'$jibrsec'/g' -e 's/JIBRIsecret/'$jibsec'/g' /etc/jitsi/jibri/config.json +usermod -aG adm,audio,video,plugdev jibri > $OUTPUT 2>&1 +mkdir /recordings > $OUTPUT 2>&1 +chown jibri:jibri /recordings > $OUTPUT 2>&1 + +sed -i "s=exec java=exec /usr/lib/jvm/adoptopenjdk-8-hotspot-amd64/bin/java=g" /opt/jitsi/jibri/launch.sh diff --git a/JIB/conf/config.json b/JIB/conf/config.json new file mode 100644 index 0000000..5c09963 --- /dev/null +++ b/JIB/conf/config.json @@ -0,0 +1,29 @@ +{ + "recording_directory": "/recordings", + "finalize_recording_script_path": "", + "xmpp_environments": [ + { + "name": "prod environment", + "xmpp_server_hosts": ["DOMAINname"], + "xmpp_domain": "DOMAINname", + "control_login": { + "domain": "auth.DOMAINname", + "username": "jibri", + "password": "JIBRIsecret" + }, + "control_muc": { + "domain": "internal.auth.DOMAINname", + "room_name": "JibriBrewery", + "nickname": "JIBRIname" + }, + "call_login": { + "domain": "recorder.DOMAINname", + "username": "recorder", + "password": "RECsecret" + }, + "room_jid_domain_string_to_strip_from_start": "conference.", + "usage_timeout": "0" + } + ] + } + \ No newline at end of file diff --git a/JIB/generic.pkg.list b/JIB/generic.pkg.list new file mode 100644 index 0000000..5de08f8 --- /dev/null +++ b/JIB/generic.pkg.list @@ -0,0 +1 @@ + jibri google-chrome-stable ffmpeg openjdk-11-jre-headless adoptopenjdk-8-hotspot ufw unzip \ No newline at end of file diff --git a/JIB/preconf.sh b/JIB/preconf.sh new file mode 100644 index 0000000..6ef5d2d --- /dev/null +++ b/JIB/preconf.sh @@ -0,0 +1,12 @@ +#module setup +mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer +mbranch=main/JIB + +#setup repo +curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=jitsi osrel=$shortdist bash > $OUTPUT 2>&1 +curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=GoogleChrome osrel=$shortdist bash > $OUTPUT 2>&1 +curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=adoptopenjdk osrel=$shortdist bash > $OUTPUT 2>&1 + +##preconf jitsi +debconf-set-selections <<< "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string $domain" > $OUTPUT 2>&1 +debconf-set-selections <<< "jitsi-meet-prosody jitsi-videobridge/jvbsecret password $jvbsec" > $OUTPUT 2>&1 \ No newline at end of file diff --git a/JMS/conf.sh b/JMS/conf.sh new file mode 100644 index 0000000..2422cdc --- /dev/null +++ b/JMS/conf.sh @@ -0,0 +1,65 @@ +#module setup +mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer +mbranch=main/JMS + +#config ssh +sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config +systemctl restart sshd > $OUTPUT 2>&1 + +if [ "$lecert" = "1" ] ; then + bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh +fi + +##config ufw +ufw limit 4242/tcp > $OUTPUT 2>&1 +ufw allow 80/tcp > $OUTPUT 2>&1 +ufw allow 443/tcp > $OUTPUT 2>&1 +ufw allow 4443/tcp > $OUTPUT 2>&1 +ufw allow 10000/udp > $OUTPUT 2>&1 + +#allow other server(s) to connect +if [ "$extcon" = "1" ] ; then + ufw allow in on "$innetworkif" to any port 53 + ufw allow in on "$innetworkif" to any port 5222 +fi +echo "y" | ufw enable > $OUTPUT 2>&1 + +#config dnsmasq +if [ "$extcon" = "1" ] ; then + systemctl stop dnsmasq + curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/dnsmasq.conf -o /etc/dnsmasq.d/main.conf + sed -i -e 's/DOMAINname/'$domain'/g' -e 's/HOSTname/'${domain%%.*}'/g' -e 's/INTif/'$innetworkif'/g' -e 's/INTip/''/g' /etc/dnsmasq.d/main.conf +fi + + +#config Prosody +systemctl stop prosody jicofo +compsec=$(sed -n 's/component_secret = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua| head -1| tr -d '"; ') +turnsec=$(sed -n 's/turncredentials_secret = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ') +sslcer=$(sed -n ' s/certificate = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ') +sslkey=$(sed -n ' s/key = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ') +mv /etc/prosody/conf.avail/$domain.cfg.lua /etc/prosody/conf.avail/$domain.cfg.lua.orig +curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/prosody-Unconfigured -o /etc/prosody/conf.avail/$domain.cfg.lua +sed -i -e 's/DOMAINname/'$domain'/g' -e 's/SSLKEY/'$sslcer'/g' -e 's/SSLKEY/'$sslkey'/g' -e 's/TURNSEC/'$turnsec'/g' -e 's/COMPSEC/'$compsec'/g' /etc/prosody/conf.avail/$domain.cfg.lua + +#webappli-config +sed -i -e "/anonymousdomain:/c\anonymousdomain: 'guest.$domain'," -e '/startWithAudioMuted/c\startWithAudioMuted: true,' -e '/startWithVideoMuted/c\startWithVideoMuted: true,' -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: false,' -e '/liveStreamingEnabled/c\liveStreamingEnabled: false,' -e "/^liveStreamingEnabled:.*/a\ hiddenDomain: 'recorder.$domain'," /etc/jitsi/meet/"$domain"-config.js +#Jicofo +echo "org.jitsi.jicofo.auth.URL=XMPP:$domain" >>/etc/jitsi/jicofo/sip-communicator.properties + +## jibri prep +echo "org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.$domain" >>/etc/jitsi/jicofo/sip-communicator.properties +echo "org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90" >>/etc/jitsi/jicofo/sip-communicator.properties + +if [ "$extcon" = "1" ] ; then +echo 'sed -i -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: true,' /etc/jitsi/meet/"$domain"-config.js' > /opt/EnableJitsiRecordButton.sh +echo 'sed -i -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: false,' /etc/jitsi/meet/"$domain"-config.js' > /opt/DisableJitsiRecordButton.sh +fi + +#start services +systemctl enable --now prosody jicofo dnsmasq + +#Create users +prosodyctl register jibri auth.$domain $jibsec +prosodyctl register recorder recorder.$domain $jibrsec +prosodyctl register $jituser $domain $jitpasswd diff --git a/JMS/conf/dnsmasq.conf b/JMS/conf/dnsmasq.conf new file mode 100644 index 0000000..506d256 --- /dev/null +++ b/JMS/conf/dnsmasq.conf @@ -0,0 +1,4 @@ +address=/HOSTname/INTip +address=/DOMAINname/INTip +interface=INTif +no-hosts \ No newline at end of file diff --git a/JMS/conf/prosody-Unconfigured b/JMS/conf/prosody-Unconfigured new file mode 100644 index 0000000..0fab077 --- /dev/null +++ b/JMS/conf/prosody-Unconfigured @@ -0,0 +1,113 @@ +plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } + + +muc_mapper_domain_base = "DOMAINname"; + +turncredentials_secret = "TURNSEC"; + +turncredentials = { + { type = "stun", host = "DOMAINname", port = "3478" }, + { type = "turn", host = "DOMAINname", port = "3478", transport = "udp" }, + { type = "turns", host = "DOMAINname", port = "443", transport = "tcp" } +}; + +cross_domain_bosh = false; +consider_bosh_secure = true; + +ssl = { + protocol = "tlsv1_2+"; + ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" +} + + +VirtualHost "guest.DOMAINname" + authentication = "anonymous" + c2s_require_encryption = false + modules_enabled = { + "muc_lobby_rooms"; + "conference_duration"; + } + + lobby_muc = "lobby.DOMAINname" + main_muc = "conference.DOMAINname" + muc_lobby_whitelist = { "recorder.DOMAINname" } + +VirtualHost "DOMAINname" + ssl = { + key = "SSLKEY"; + certificate = "SSLCERT"; + } + speakerstats_component = "speakerstats.DOMAINname" + conference_duration_component = "conferenceduration.DOMAINname" + -- we need bosh + modules_enabled = { + "bosh"; + "pubsub"; + "ping"; + "speakerstats"; + "turncredentials"; + "conference_duration"; + } + c2s_require_encryption = false + lobby_muc = "lobby.DOMAINname" + main_muc = "conference.DOMAINname" + muc_lobby_whitelist = { "recorder.DOMAINname" } + +Component "conference.DOMAINname" "muc" + storage = "memory" + modules_enabled = { + "muc_meeting_id"; + "muc_domain_mapper"; + } + admins = { "focus@auth.DOMAINname" } + muc_room_locking = false + muc_room_default_public_jids = true + +Component "internal.auth.DOMAINname" "muc" + storage = "memory" + modules_enabled = { + "ping"; + } + admins = { "focus@auth.DOMAINname", "jvb@auth.DOMAINname" } + muc_room_locking = false + muc_room_default_public_jids = true + +VirtualHost "auth.DOMAINname" + ssl = { + key = "SSLKEY"; + certificate = "SSLCERT"; + } + authentication = "internal_plain" + +Component "focus.DOMAINname" + component_secret = "COMPSEC" + +Component "speakerstats.DOMAINname" "speakerstats_component" + muc_component = "conference.DOMAINname" + +Component "conferenceduration.DOMAINname" "conference_duration_component" + muc_component = "conference.DOMAINname" + +Component "lobby.DOMAINname" "muc" + storage = "memory" + restrict_room_creation = true + muc_room_locking = false + muc_room_default_public_jids = true + + Component "internal.auth.DOMAINname" "muc" +modules_enabled = { "muc_mam" } + + +Component "internal.auth.DOMAINname" "muc" + modules_enabled = { + "ping"; + } + storage = "internal" + muc_room_cache_size = 1000 + + +VirtualHost "recorder.DOMAINname" + modules_enabled = { + "ping"; + } + authentication = "internal_plain \ No newline at end of file diff --git a/JMS/generic.pkg.list b/JMS/generic.pkg.list new file mode 100644 index 0000000..45f1309 --- /dev/null +++ b/JMS/generic.pkg.list @@ -0,0 +1 @@ +ufw \ No newline at end of file diff --git a/JMS/preconf.sh b/JMS/preconf.sh new file mode 100644 index 0000000..8c3a3d8 --- /dev/null +++ b/JMS/preconf.sh @@ -0,0 +1,27 @@ +#module setup +mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer +mbranch=main/JMS + +#setup repo +curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=jitsi osrel=$shortdist bash > $OUTPUT 2>&1 + +#preconf jitsi +debconf-set-selections <<< "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string $domain" +debconf-set-selections <<< "jitsi-meet-web-config jitsi-meet/cert-choice select Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)" + +# Package list for Scalable +if [ "$jitsipack" = "sc" ] ; then + jvbsec=${cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 16} + debconf-set-selections <<< "jitsi-meet-prosody jitsi-videobridge/jvbsecret password $jvbsec" + echo "jitsi-meet-web jitsi-meet-web-config jitsi-meet-prosody jicofo jitsi-meet-turnserver prosody" >> /tmp/pkg.list +fi + +# Package list for standalone +if [ "$jitsipack" = "sa" ] ; then + echo "jitsi-meet jitsi-meet-turnserver " >> /tmp/pkg.list +fi + +# Packge list to allow for external connections +if [ "$extcon" = "1" ] ; then + echo "dnsmasq" >> /tmp/pkg.list +fi \ No newline at end of file diff --git a/JVB/conf.sh b/JVB/conf.sh new file mode 100644 index 0000000..cb747c3 --- /dev/null +++ b/JVB/conf.sh @@ -0,0 +1,22 @@ +#module setup +mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer +mbranch=main/JVB + +#config ssh +sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config +systemctl restart sshd > $OUTPUT 2>&1 + +##config ufw +ufw limit 4242/tcp > $OUTPUT 2>&1 +ufw allow 443/tcp > $OUTPUT 2>&1 +ufw allow 10000/udp > $OUTPUT 2>&1 +echo "y" | ufw enable > $OUTPUT 2>&1 + +##config dns +mv /etc/resolve.conf /etc/resolve.conf.bck +echo "nameserver $intip" > /etc/resolve.conf + +##config jitsi +systemctl stop jitsi-videobridge2 > $OUTPUT 2>&1 +sed -i "/org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=/c\org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=$domain" /etc/jitsi/videobridge/sip-communicator.properties +systemctl enable --now jitsi-videobridge2 > $OUTPUT 2>&1 diff --git a/JVB/generic.pkg.list b/JVB/generic.pkg.list new file mode 100644 index 0000000..e470457 --- /dev/null +++ b/JVB/generic.pkg.list @@ -0,0 +1 @@ +jitsi-videobridge2 ufw \ No newline at end of file diff --git a/JVB/preconf.sh b/JVB/preconf.sh new file mode 100644 index 0000000..06f4984 --- /dev/null +++ b/JVB/preconf.sh @@ -0,0 +1,10 @@ +#module setup +mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer +mbranch=main/JVB + +#setup repo +curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=jitsi osrel=$shortdist bash > $OUTPUT 2>&1 + +#preconf jitsi +debconf-set-selections <<< "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string $domain" +debconf-set-selections <<< "jitsi-meet-prosody jitsi-videobridge/jvbsecret password $jvbsec" \ No newline at end of file diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..2c6cae2 --- /dev/null +++ b/readme.md @@ -0,0 +1,89 @@ +# Jitsi Meet server + +jitsi is salable and consists of the following components + * JMS (Jitsi Meet Server) + * JVB (Jitsi Video Bridge) + * JIB (Jitsi Recorder) + + +# Instalation instructions + +# Component explenation + +## JMS +JMS serves the frond end and handles communication between all components + +JMS can be ran in difrent modes +### Scalable + * Requires at least one external JMS to funcion + * supports multiple external JVB/JIB hosts + * Requires internal network for communication between servers + +### Stand alone + * JMS with JVB + * supports multiple external JVB/JIB hosts + * Requires internal network for communication between servers + +### Full stand alone + * Disable support external JVB/JIB hosts + * Does not requires a internal network + * Running a JIB (even locally) requires config changes + + +## JVB + * A meeting is server bound + * Acts as load-balancing not fail-over + * One JVB supports multiple meetings + * Multiple JVB host can be connected to JMS (also if one is running on the JMS) + +## JIB + * One recording per server + * Handles recording from the web UI (by moderator) + * Multiple JIB host can be connected to JMS + * Does not require open firewall ports + * Needs at least 4CPU 4GB/Ram + +# Example layouts + +## Minimal JMS Scalable with recording + + ``` + Public IP Public IP + | | + | | + v v + +--------------+ Int network +-------+ + | JMS-Scalable |<------------------+| JVB | + +--------------+ | +-------+ + | + | +------+ + +--------+| JIB | + +------+ + + ``` + +## Minimal JMS Stand alone with recording + + ``` + Public IP + | + | + v + +-----------------+ Int network +-------+ + | JMS-Stand_alone |<------------------+| JIB | + +-----------------+ +-------+ + + ``` + + ## JMS Full Stand alone without recording + + ``` + Public IP + | + | + v + +----------------------+ + | JMS-Full_stand_alone | + +----------------------+ + + ``` \ No newline at end of file