67 lines
3.1 KiB
Bash
67 lines
3.1 KiB
Bash
#module setup
|
|
mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer
|
|
mbranch=main/JMS
|
|
|
|
#config ssh
|
|
sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
|
systemctl restart sshd > $OUTPUT 2>&1
|
|
|
|
if [ "$lecert" = "1" ] ; then
|
|
bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
|
|
fi
|
|
|
|
##config ufw
|
|
ufw limit 4242/tcp > $OUTPUT 2>&1
|
|
ufw allow 80/tcp > $OUTPUT 2>&1
|
|
ufw allow 443/tcp > $OUTPUT 2>&1
|
|
ufw allow 4443/tcp > $OUTPUT 2>&1
|
|
ufw allow 10000/udp > $OUTPUT 2>&1
|
|
|
|
#allow other server(s) to connect
|
|
if [ "$extcon" = "1" ] ; then
|
|
ufw allow in on "$innetworkif" to any port 53
|
|
ufw allow in on "$innetworkif" to any port 5222
|
|
fi
|
|
echo "y" | ufw enable > $OUTPUT 2>&1
|
|
|
|
#config dnsmasq
|
|
if [ "$extcon" = "1" ] ; then
|
|
systemctl stop dnsmasq
|
|
curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/conf/dnsmasq.conf -o /etc/dnsmasq.d/main.conf
|
|
sed -i -e 's/DOMAINname/'$domain'/g' -e 's/HOSTname/'${domain%%.*}'/g' -e 's/INTif/'$innetworkif'/g' -e 's/INTip/'$intip'/g' /etc/dnsmasq.d/main.conf
|
|
fi
|
|
|
|
|
|
#config Prosody
|
|
systemctl stop prosody jicofo
|
|
compsec=$(sed -n 's/component_secret = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua| head -1| tr -d '"; ')
|
|
turnsec=$(sed -n 's/turncredentials_secret = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ')
|
|
mv /etc/prosody/conf.avail/$domain.cfg.lua /etc/prosody/conf.avail/$domain.cfg.lua.orig
|
|
curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/conf/prosody-Unconfigured -o /etc/prosody/conf.avail/$domain.cfg.lua
|
|
sed -i -e 's/DOMAINname/'$domain'/g' -e 's/TURNSEC/'$turnsec'/g' -e 's/COMPSEC/'$compsec'/g' /etc/prosody/conf.avail/"$domain".cfg.lua
|
|
|
|
#webappli-config
|
|
sed -i -e "/anonymousdomain:/c\anonymousdomain: 'guest.$domain'," -e '/startWithAudioMuted/c\startWithAudioMuted: true,' -e '/startWithVideoMuted/c\startWithVideoMuted: true,' -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: false,' -e '/liveStreamingEnabled/c\liveStreamingEnabled: false,' /etc/jitsi/meet/"$domain"-config.js
|
|
sed -i "/liveStreamingEnabled:.*/a\ hiddenDomain: 'recorder.$domain'," /etc/jitsi/meet/"$domain"-config.js
|
|
#Jicofo
|
|
echo "org.jitsi.jicofo.auth.URL=XMPP:$domain" >>/etc/jitsi/jicofo/sip-communicator.properties
|
|
|
|
## jibri prep
|
|
echo "org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.$domain" >>/etc/jitsi/jicofo/sip-communicator.properties
|
|
echo "org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90" >>/etc/jitsi/jicofo/sip-communicator.properties
|
|
|
|
if [ "$extcon" = "1" ] ; then
|
|
echo "sed -i -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: true,' /etc/jitsi/meet/"$domain"-config.js" > /opt/EnableJitsiRecordButton.sh
|
|
echo "sed -i -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: false,' /etc/jitsi/meet/"$domain"-config.js" > /opt/DisableJitsiRecordButton.sh
|
|
fi
|
|
|
|
#start services
|
|
systemctl enable prosody jicofo dnsmasq
|
|
systemctl start prosody jicofo dnsmasq
|
|
systemctl restart nginx
|
|
|
|
#Create users
|
|
prosodyctl register jibri auth.$domain $jibsec
|
|
prosodyctl register recorder recorder.$domain $jibrsec
|
|
prosodyctl register $jituser $domain $jitpasswd
|