#!/bin/bash # _____ _ _ # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ # | __| _| -_| -_| . | . | | . | . | | -_| # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # # Freedom in the Cloud # # Jitsi meet + videobridge # # Instructions: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md # # License # ======= # # Copyright (C) 2016-2018 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS="" IN_DEFAULT_INSTALL=0 SHOW_ON_ABOUT=0 NOT_ON_ONION=1 NOT_ON_ARM=1 VIDEOBRIDGE_PORT=5347 JITSI_ONION_PORT=8102 JITSI_PORT=5280 # domains JITSI_DOMAIN_NAME= JITSI_CODE= JITSI_ONION_HOSTNAME= JITSI_SHORT_DESCRIPTION=$'Video conferencing' JITSI_DESCRIPTION=$'Video conferencing' JITSI_MOBILE_APP_URL= jitsi_variables=(ONION_ONLY JITSI_DOMAIN_NAME JITSI_ONION_HOSTNAME JITSI_CODE DEFAULT_DOMAIN_NAME MY_USERNAME) function logging_on_jitsi { echo -n '' } function logging_off_jitsi { echo -n '' } function jitsi_disable_google_spyware { # Presumably they included Google Analytics for benign reasons, but it's # an obvious security problem. This should disable it. sed -i "s|Google Analytics|Google Spyware deactivated|g" /usr/share/jitsi-meet/analytics.js sed -i "s|www.google-analytics.com|${JITSI_DOMAIN_NAME}|g" /usr/share/jitsi-meet/analytics.js if ! grep -q '//ga(' /usr/share/jitsi-meet/analytics.js; then sed -i 's|ga(|//ga(|g' /usr/share/jitsi-meet/analytics.js fi if ! grep -q '//action +' /usr/share/jitsi-meet/analytics.js; then sed -i 's|action +|//action +|g' /usr/share/jitsi-meet/analytics.js fi sed -i "s|Google Analytics|Google Spyware deactivated|g" /usr/share/jitsi-meet/libs/analytics.js sed -i "s|www.google-analytics.com|${JITSI_DOMAIN_NAME}|g" /usr/share/jitsi-meet/libs/analytics.js if ! grep -q '//ga(' /usr/share/jitsi-meet/libs/analytics.js; then sed -i 's|ga(|//ga(|g' /usr/share/jitsi-meet/libs/analytics.js fi if ! grep -q '//action +' /usr/share/jitsi-meet/libs/analytics.js; then sed -i 's|action +|//action +|g' /usr/share/jitsi-meet/libs/analytics.js fi } function can_install_videobridge { check_architecture=$(uname -a) if [[ "$check_architecture" == *"amd64"* || "$check_architecture" == *"i386"* ]]; then echo "1" else echo "0" fi } function remove_jitsi_subdomains { function_check remove_onion_service remove_onion_service jitsi ${JITSI_ONION_PORT} } function remove_user_jitsi { remove_username="$1" } function add_user_jitsi { new_username="$1" new_user_password="$2" } function install_interactive_jitsi { if [ ! "${ONION_ONLY}" ]; then ONION_ONLY='no' fi if [[ ${ONION_ONLY} != "no" ]]; then JITSI_DOMAIN_NAME='jitsi.local' write_config_param "JITSI_DOMAIN_NAME" "$JITSI_DOMAIN_NAME" else function_check interactive_site_details interactive_site_details "jitsi" "JITSI_DOMAIN_NAME" "JITSI_CODE" fi APP_INSTALLED=1 } function configure_interactive_jitsi { echo -n '' } function reconfigure_jitsi { echo -n '' } function upgrade_jitsi { jitsi_disable_google_spyware } function backup_local_jitsi { echo -n '' } function restore_local_jitsi { echo -n '' } function backup_remote_jitsi { echo -n '' } function restore_remote_jitsi { echo -n '' } function remove_jitsi { read_config_param JITSI_DOMAIN_NAME if [ ${#JITSI_DOMAIN_NAME} -eq 0 ]; then return fi if [ -f /etc/nginx/sites-available/${JITSI_DOMAIN_NAME} ]; then nginx_dissite ${JITSI_DOMAIN_NAME} if [ -d /var/www/${JITSI_DOMAIN_NAME} ]; then rm -rf /var/www/${JITSI_DOMAIN_NAME} fi rm /etc/nginx/sites-available/${JITSI_DOMAIN_NAME} function_check remove_certs remove_certs ${JITSI_DOMAIN_NAME} systemctl reload nginx fi remove_jitsi_subdomains systemctl stop prosody if [ -f /etc/prosody/conf.d/${JITSI_DOMAIN_NAME}.cfg.lua ]; then rm /etc/prosody/conf.d/${JITSI_DOMAIN_NAME}.cfg.lua fi if [ -f /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua ]; then rm /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua fi prosodyctl unregister focus auth.${JITSI_DOMAIN_NAME} systemctl start prosody remove_nodejs jitsi # remove videobridge firewall_remove ${VIDEOBRIDGE_PORT} firewall_remove "10000:20000" apt-get -yq remove --purge jitsi-videobridge jicofo jitsi-meet jitsi-meet-prosody if [ -d /etc/jitsi ]; then rm -rf /etc/jitsi fi if [ -d /usr/share/jitsi-videobridge ]; then rm -rf /usr/share/jitsi-videobridge fi if [ -d /usr/share/jitsi-meet ]; then rm -rf /usr/share/jitsi-meet fi if [ -d /etc/jitsi ]; then rm -rf /etc/jitsi fi sed -i "/jitsi/d" /etc/apt/sources.list rm /etc/apt/sources.list.d/jitsi* apt-get update remove_app jitsi remove_completion_param install_jitsi sed -i '/jitsi/d' "${COMPLETION_FILE}" function_check remove_ddns_domain remove_ddns_domain $JITSI_DOMAIN_NAME } function install_jitsi { if [[ "$(can_install_videobridge)" == "0" ]]; then echo $'jitsi meet/videobridge can only be installed on i386 or amd64 architectures' exit 83562 fi if [ ! ${JITSI_DOMAIN_NAME} ]; then echo $'No domain name was given for jitsi' exit 47682 fi if [ ! -d /etc/prosody ]; then echo $'xmpp must be installed before installing jitsi' exit 62394 fi if [[ "${JITSI_DOMAIN_NAME}" == "${DEFAULT_DOMAIN_NAME}" ]]; then echo $'The jitsi domain name should not be the same as the main domain name' exit 78372 fi # add jitsi repo jitsi_deb_repo=unstable #binary apt-get -yq install wget debconf-utils default-jre install_nodejs jitsi if ! npm install -g browserify@13.1.1; then remove_nodejs jitsi exit 638352 fi if ! grep -q "jitsi" /etc/apt/sources.list; then echo "deb http://download.jitsi.org/nightly/deb ${jitsi_deb_repo}/" >> /etc/apt/sources.list fi wget -qO - https://download.jitsi.org/nightly/deb/${jitsi_deb_repo}/archive.key | apt-key add - apt-get update JITSI_ONION_HOSTNAME=$(add_onion_service jitsi 80 ${JITSI_ONION_PORT}) # videobridge if [[ $ONION_ONLY == 'no' ]]; then debconf-set-selections <<< "jitsi-videobridge jitsi-videobridge/jvb-hostname string ${JITSI_DOMAIN_NAME}" else debconf-set-selections <<< "jitsi-videobridge jitsi-videobridge/jvb-hostname string ${JITSI_ONION_HOSTNAME}" fi apt-get -yq install jitsi-videobridge if [ ! -d /etc/jitsi ]; then echo $'Videobridge package failed to install' exit 63983 fi firewall_add videobridge ${VIDEOBRIDGE_PORT} firewall_add_range jitsi 10000 20000 udp # meet debconf-set-selections <<< "jitsi-meet jitsi-meet/cert-choice multiselect 1" apt-get -yq install jitsi-meet jitsi-meet-prosody jitsi_nginx_site=/etc/nginx/sites-available/${JITSI_DOMAIN_NAME} if [ -f ${jitsi_nginx_site}.conf ]; then rm ${jitsi_nginx_site}.conf fi echo 'server_names_hash_bucket_size 64;' > $jitsi_nginx_site if [[ $ONION_ONLY == "no" ]]; then { echo ''; echo 'server {'; echo ' listen 80;'; echo " server_name ${JITSI_DOMAIN_NAME};"; echo " return 301 https://\$host\$request_uri;"; echo '}'; echo 'server {'; echo ' listen 443 ssl;'; echo ' #listen [::]:443 ssl;'; echo " server_name ${JITSI_DOMAIN_NAME};"; echo ''; } >> $jitsi_nginx_site function_check nginx_ssl nginx_ssl ${JITSI_DOMAIN_NAME} function_check nginx_security_options nginx_security_options ${JITSI_DOMAIN_NAME} { echo ' add_header Strict-Transport-Security max-age=15768000;'; echo ''; echo ' root /usr/share/jitsi-meet;'; echo ' index index.html index.htm;'; echo ''; echo ' location /config.js {'; echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;"; echo ' }'; echo ''; echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {'; echo ' rewrite ^/(.*)$ / break;'; echo ' }'; echo ''; echo ' location / {'; echo ' ssi on;'; echo ' }'; echo ''; echo ' # Backward compatibility'; echo ' location ~ /external_api.* {'; echo ' root /usr/share/jitsi-meet/libs;'; echo ' }'; echo ''; echo ' # Logs'; echo ' access_log /dev/null;'; echo ' error_log /dev/null;'; echo ''; echo ' # BOSH'; echo ' location /http-bind {'; echo ' proxy_pass http://localhost:5280/http-bind;'; echo " proxy_set_header X-Forwarded-For \$remote_addr;"; echo " proxy_set_header Host \$http_host;"; echo ' }'; echo '}'; } >> $jitsi_nginx_site fi { echo ''; echo 'server {'; echo " listen 127.0.0.1:$JITSI_ONION_PORT default_server;"; } >> $jitsi_nginx_site if [[ $ONION_ONLY == 'no' ]]; then echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site else echo " server_name ${JITSI_ONION_HOSTNAME};" >> $jitsi_nginx_site fi { echo ''; echo ' root /usr/share/jitsi-meet;'; echo ' index index.html index.htm;'; echo ''; echo ' location /config.js {'; echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;"; echo ' }'; echo ''; echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {'; echo ' rewrite ^/(.*)$ / break;'; echo ' }'; echo ''; echo ' location / {'; echo ' ssi off;'; echo ' }'; echo ''; echo ' # Backward compatibility'; echo ' location ~ /external_api.* {'; echo ' root /usr/share/jitsi-meet/libs;'; echo ' }'; echo ''; echo ' # Logs'; echo ' access_log /dev/null;'; echo ' error_log /dev/null;'; echo ''; echo ' # BOSH'; echo ' location /http-bind {'; echo ' proxy_pass http://localhost:5280/http-bind;'; echo " proxy_set_header X-Forwarded-For \$remote_addr;"; echo " proxy_set_header Host \$http_host;"; echo ' }'; echo '}'; } >> $jitsi_nginx_site sed -i "s|/var/www/${JITSI_DOMAIN_NAME}/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then if [ -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt ]; then rm /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt fi if [ -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.dhparam ]; then rm /etc/ssl/certs/${JITSI_DOMAIN_NAME}.dhparam fi function_check create_site_certificate create_site_certificate ${JITSI_DOMAIN_NAME} 'yes' if [[ "$ONION_ONLY" == "no" ]]; then if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then exit 678363 fi fi fi if [ -d /etc/letsencrypt ]; then usermod -a -G www-data jitsi usermod -a -G ssl-cert jitsi fi if [ -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then sed -i "s|.crt|.pem|g" /etc/prosody/conf.d/${JITSI_DOMAIN_NAME}.cfg.lua fi sed -i "s|key =.*|key = \"/etc/ssl/private/${JITSI_DOMAIN_NAME}.key\"|g" /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem\"|g" /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua sed -i "s|enableWelcomePage:.*|enableWelcomePage: false,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js sed -i "s|disableStats:.*|disableStats: true,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js sed -i "s|minHDHeight:.*|minHDHeight: 800,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js sed -i "s|clientNode:.*|clientNode: 'https://${JITSI_DOMAIN_NAME}',|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js sed -i "s|navigator.mozGetUserMedia|navigator.mediaDevices.getUserMedia|g" /usr/share/jitsi-meet/libs/lib-jitsi-meet.min.js # generated certs which aren't used if [ -f /usr/lib/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then rm /usr/lib/ssl/certs/${JITSI_DOMAIN_NAME}.pem fi if [ -f /usr/lib/ssl/private/${JITSI_DOMAIN_NAME}.key ]; then rm /usr/lib/ssl/private/${JITSI_DOMAIN_NAME}.key fi if [ -f /usr/lib/ssl/certs/${JITSI_DOMAIN_NAME}.dhparam ]; then rm /usr/lib/ssl/certs/${JITSI_DOMAIN_NAME}.dhparam fi function_check nginx_ensite nginx_ensite ${JITSI_DOMAIN_NAME} set_completion_param "jitsi domain" "$JITSI_DOMAIN_NAME" jitsi_disable_google_spyware systemctl restart nginx systemctl restart prosody function_check add_ddns_domain add_ddns_domain $JITSI_DOMAIN_NAME APP_INSTALLED=1 }