#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Jitsi meet + videobridge # # Instructions: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md # # License # ======= # # Copyright (C) 2016 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS="full full-vim chat" IN_DEFAULT_INSTALL=0 SHOW_ON_ABOUT=1 VIDEOBRIDGE_PORT=5347 JITSI_ONION_PORT=8102 JITSI_VIDEOBRIDGE_ONION_PORT=8103 JITSI_AUTH_ONION_PORT=8104 JITSI_FOCUS_ONION_PORT=8105 JITSI_PORT=5280 # domains JITSI_DOMAIN_NAME= JITSI_CODE= JITSI_ONION_HOSTNAME= JITSI_AUTH_ONION_HOSTNAME= jitsi_variables=(ONION_ONLY JITSI_DOMAIN_NAME JITSI_CODE JITSI_MEET_REPO JITSI_MEET_COMMIT DEFAULT_DOMAIN_NAME JITSI_ONION_HOSTNAME MY_USERNAME) function change_password_jitsi { echo -n '' } function can_install_videobridge { check_architecture=$(uname -a) if [[ "$check_architecture" == *"amd64"* || "$check_architecture" == *"i386"* ]]; then echo "1" else echo "0" fi } function add_jitsi_onion_domain { jitsi_subdomain_name="$1" jitsi_subdomain_port="$2" jitsi_subdomain_onion_port="$3" new_domain=$(add_onion_service "${jitsi_subdomain_name}" ${jitsi_subdomain_port} ${jitsi_subdomain_onion_port}) if ! grep -q "Jitsi ${jitsi_subdomain_name} onion domain" /home/${MY_USERNAME}/README; then echo $"Jitsi ${jitsi_subdomain_name} onion domain: ${new_domain}" >> /home/${MY_USERNAME}/README echo '' >> /home/${MY_USERNAME}/README chown ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/README chmod 600 /home/${MY_USERNAME}/README else if [ -f /home/${MY_USERNAME}/README ]; then sed -i "s|Jitsi ${jitsi_subdomain_name} onion domain.*|Jitsi ${jitsi_subdomain_name} onion domain: ${new_domain}|g" /home/${MY_USERNAME}/README fi fi echo "${new_domain}" } function create_jitsi_subdomains { JITSI_ONION_HOSTNAME=$(add_onion_service jitsi 80 ${JITSI_ONION_PORT}) if ! grep -q "Jitsi onion domain" /home/${MY_USERNAME}/README; then echo $"Jitsi onion domain: ${JITSI_ONION_HOSTNAME}" >> /home/${MY_USERNAME}/README echo '' >> /home/${MY_USERNAME}/README chown ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/README chmod 600 /home/${MY_USERNAME}/README else if [ -f /home/${MY_USERNAME}/README ]; then sed -i "s|Jitsi onion domain.*|Jitsi onion domain: ${JITSI_ONION_HOSTNAME}|g" /home/${MY_USERNAME}/README fi fi #JITSI_VIDEOBRIDGE_ONION_HOSTNAME=$(add_jitsi_onion_domain jitsi-videobridge ${VIDEOBRIDGE_PORT} ${JITSI_VIDEOBRIDGE_ONION_PORT}) #JITSI_AUTH_ONION_HOSTNAME=$(add_jitsi_onion_domain jitsi-auth 5222 ${JITSI_AUTH_ONION_PORT}) #JITSI_FOCUS_ONION_HOSTNAME=$(add_jitsi_onion_domain jitsi-focus 5222 ${JITSI_FOCUS_ONION_PORT}) } function remove_jitsi_subdomains { function_check remove_onion_service remove_onion_service jitsi ${JITSI_ONION_PORT} #remove_onion_service jitsi-videobridge ${JITSI_VIDEOBRIDGE_ONION_PORT} #remove_onion_service jitsi-auth ${JITSI_AUTH_ONION_PORT} #remove_onion_service jitsi-focus ${JITSI_FOCUS_ONION_PORT} } function remove_user_jitsi { remove_username="$1" } function add_user_jitsi { new_username="$1" new_user_password="$2" } function install_interactive_jitsi { if [ ! ${ONION_ONLY} ]; then ONION_ONLY='no' fi if [[ ${ONION_ONLY} != "no" ]]; then JITSI_DOMAIN_NAME='jitsi.local' write_config_param "JITSI_DOMAIN_NAME" "$JITSI_DOMAIN_NAME" else function_check interactive_site_details interactive_site_details "jitsi" "JITSI_DOMAIN_NAME" "JITSI_CODE" fi APP_INSTALLED=1 } function configure_interactive_jitsi { echo -n '' } function reconfigure_jitsi { echo -n '' } function upgrade_jitsi { if [ -f /etc/init.d/jicofo ]; then systemctl stop jicofo sed -i 's|exec $DAEMON|exec /usr/bin/torify $DAEMON|g' /etc/init.d/jicofo systemctl daemon-reload systemctl start jicofo fi } function backup_local_jitsi { echo -n '' } function restore_local_jitsi { echo -n '' } function backup_remote_jitsi { echo -n '' } function restore_remote_jitsi { echo -n '' } function remove_jitsi { read_config_param JITSI_DOMAIN_NAME if [ ${#JITSI_DOMAIN_NAME} -eq 0 ]; then return fi if [ -f /etc/nginx/sites-available/${JITSI_DOMAIN_NAME} ]; then nginx_dissite ${JITSI_DOMAIN_NAME} if [ -d /var/www/${JITSI_DOMAIN_NAME} ]; then rm -rf /var/www/${JITSI_DOMAIN_NAME} fi rm /etc/nginx/sites-available/${JITSI_DOMAIN_NAME} function_check remove_certs remove_certs ${JITSI_DOMAIN_NAME} systemctl reload nginx fi remove_jitsi_subdomains systemctl stop prosody if [ -f /etc/prosody/conf.d/${JITSI_DOMAIN_NAME}.cfg.lua ]; then rm /etc/prosody/conf.d/${JITSI_DOMAIN_NAME}.cfg.lua fi if [ -f /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua ]; then rm /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua fi prosodyctl unregister focus auth.${JITSI_DOMAIN_NAME} systemctl start prosody remove_nodejs jitsi # remove videobridge firewall_remove ${VIDEOBRIDGE_PORT} apt-get -yq remove --purge jitsi-videobridge jicofo jitsi-meet jitsi-meet-prosody if [ -d /etc/jitsi ]; then rm -rf /etc/jitsi fi if [ -d /usr/share/jitsi-videobridge ]; then rm -rf /usr/share/jitsi-videobridge fi if [ -d /usr/share/jitsi-meet ]; then rm -rf /usr/share/jitsi-meet fi if [ -d /etc/jitsi ]; then rm -rf /etc/jitsi fi sed -i "/jitsi/d" /etc/apt/sources.list apt-get update remove_app jitsi remove_completion_param install_jitsi sed -i '/jitsi/d' ${COMPLETION_FILE} sed -i '/Jitsi/d' /home/${MY_USERNAME}/README function_check remove_ddns_domain remove_ddns_domain $JITSI_DOMAIN_NAME } function install_jitsi { if [[ "$(can_install_videobridge)" == "0" ]]; then echo $'jitsi meet/videobridge can only be installed on i386 or amd64 architectures' exit 83562 fi if [ ! ${JITSI_DOMAIN_NAME} ]; then echo $'No domain name was given for jitsi' exit 47682 fi if [ ! -d /etc/prosody ]; then echo $'xmpp must be installed before installing jitsi' exit 62394 fi if [[ "${JITSI_DOMAIN_NAME}" == "${DEFAULT_DOMAIN_NAME}" ]]; then echo $'The jitsi domain name should not be the same as the main domain name' exit 78372 fi # add jitsi repo jitsi_deb_repo=unstable apt-get -yq install wget debconf-utils echo "deb http://download.jitsi.org/nightly/deb ${jitsi_deb_repo}/" >> /etc/apt/sources.list wget -qO - https://download.jitsi.org/nightly/deb/${jitsi_deb_repo}/archive.key | apt-key add - apt-get update # create onion domains create_jitsi_subdomains # videobridge if [[ $ONION_ONLY == 'no' ]]; then debconf-set-selections <<< "jitsi-videobridge jitsi-videobridge/jvb-hostname string ${JITSI_DOMAIN_NAME}" else debconf-set-selections <<< "jitsi-videobridge jitsi-videobridge/jvb-hostname string ${JITSI_ONION_HOSTNAME}" fi apt-get -yq install jitsi-videobridge if [ ! -d /etc/jitsi ]; then echo $'Videobridge package failed to install' exit 63983 fi firewall_add videobridge ${VIDEOBRIDGE_PORT} # meet debconf-set-selections <<< "jitsi-meet jitsi-meet/cert-choice multiselect 1" apt-get -yq install jitsi-meet jitsi-meet-prosody jitsi_nginx_site=/etc/nginx/sites-available/$JITSI_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect nginx_http_redirect $JITSI_DOMAIN_NAME echo 'server {' >> $jitsi_nginx_site echo ' listen 443 ssl;' >> $jitsi_nginx_site echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' # Security' >> $jitsi_nginx_site function_check nginx_ssl nginx_ssl $JITSI_DOMAIN_NAME function_check nginx_disable_sniffing nginx_disable_sniffing $JITSI_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' # Logs' >> $jitsi_nginx_site echo ' access_log off;' >> $jitsi_nginx_site echo ' error_log off;' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' # Root' >> $jitsi_nginx_site echo " root /usr/share/jitsi-meet;" >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' index index.html index.htm;' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' location /config.js {' >> $jitsi_nginx_site echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site echo ' }' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site echo ' }' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' location / {' >> $jitsi_nginx_site function_check nginx_limits nginx_limits $JITSI_DOMAIN_NAME '15m' echo ' }' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' location /http-bind {' >> $jitsi_nginx_site echo " proxy_pass http://localhost:${JITSI_PORT}/http-bind;" >> $jitsi_nginx_site echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site echo ' }' >> $jitsi_nginx_site echo '}' >> $jitsi_nginx_site else echo -n '' > $jitsi_nginx_site fi echo 'server {' >> $jitsi_nginx_site echo " listen 127.0.0.1:$JITSI_ONION_PORT default_server;" >> $jitsi_nginx_site if [[ $ONION_ONLY == 'no' ]]; then echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site else echo " server_name ${JITSI_ONION_HOSTNAME};" >> $jitsi_nginx_site fi echo '' >> $jitsi_nginx_site function_check nginx_disable_sniffing nginx_disable_sniffing $JITSI_DOMAIN_NAME echo '' >> $jitsi_nginx_site echo ' # Logs' >> $jitsi_nginx_site echo ' access_log off;' >> $jitsi_nginx_site echo ' error_log off;' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' # Root' >> $jitsi_nginx_site echo " root /usr/share/jitsi-meet;" >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' index index.html index.htm;' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' location /config.js {' >> $jitsi_nginx_site echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site echo ' }' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site echo ' }' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' location / {' >> $jitsi_nginx_site function_check nginx_limits nginx_limits $JITSI_DOMAIN_NAME '15m' echo ' }' >> $jitsi_nginx_site echo '' >> $jitsi_nginx_site echo ' location /http-bind {' >> $jitsi_nginx_site echo " proxy_pass http://localhost:${JITSI_PORT}/http-bind;" >> $jitsi_nginx_site echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site echo ' }' >> $jitsi_nginx_site echo '}' >> $jitsi_nginx_site if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then function_check create_site_certificate create_site_certificate ${JITSI_DOMAIN_NAME} 'yes' fi if [ -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt ]; then mv /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem fi if [ -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then sed -i "s|.crt|.pem|g" $jitsi_nginx_site sed -i "s|.crt|.pem|g" /etc/prosody/conf.d/${JITSI_DOMAIN_NAME}.cfg.lua fi # ensure that certs are available to prosody with correct permissions cp /etc/ssl/certs/${JITSI_DOMAIN_NAME}.* /etc/prosody/certs cp /etc/ssl/private/${JITSI_DOMAIN_NAME}.key /etc/prosody/certs chown prosody:prosody /etc/prosody/certs/${JITSI_DOMAIN_NAME}.* # remove extraneous nginx config generated by the deb package if [ -f /etc/nginx/sites-available/${JITSI_DOMAIN_NAME}.conf ]; then nginx_dissite ${JITSI_DOMAIN_NAME}.conf rm /etc/nginx/sites-available/${JITSI_DOMAIN_NAME}.conf fi function_check nginx_ensite nginx_ensite ${JITSI_DOMAIN_NAME} set_completion_param "jitsi domain" "$JITSI_DOMAIN_NAME" systemctl restart nginx systemctl restart prosody function_check add_ddns_domain add_ddns_domain $JITSI_DOMAIN_NAME APP_INSTALLED=1 }