diff --git a/conf/coturn/turnserver.conf b/conf/coturn/turnserver.conf index 7483e7d..da267fb 100644 --- a/conf/coturn/turnserver.conf +++ b/conf/coturn/turnserver.conf @@ -23,6 +23,6 @@ no-multicast-peers no-cli -log-file=/var/log/matrix-__APP__/turnserver.log +log-file=/var/log/__APP__/turnserver.log pidfile=/run/coturn-__APP__/turnserver.pid simple-log diff --git a/conf/ice-servers.json b/conf/ice-servers.json index f121400..498aa3b 100644 --- a/conf/ice-servers.json +++ b/conf/ice-servers.json @@ -1,11 +1,46 @@ [ { "urls": [ - "turn:turn.example.com:443", - "turn:turn.example.com:443?transport=tcp" + "turn:__DOMAIN__:__TLS_PORT__", + "turn:__DOMAIN__:__TLS_PORT__?transport=tcp" ], - "username": "galene", - "credential": "secret", + "username": "__APP__", + "credential": "__TURNPWD__", + "credentialType": "hmac-sha1" + } +] +[ + { + "urls": [ + "turn:__DOMAIN__:__TLS_ALT_PORT__", + "turn:__DOMAIN__:__TLS_ALT_PORT__?transport=tcp" + ], + "username": "__APP__", + "credential": "__TURNPWD__", + "credentialType": "hmac-sha1" + } +] + +[ + { + "urls": [ + "turn:__DOMAIN__:__TLS_PORT__", + "turn:__DOMAIN__:__TLS_PORT__?transport=udp" + ], + "username": "__APP__", + "credential": "__TURNPWD__", + "credentialType": "hmac-sha1" + } +] + +[ + { + "urls": [ + "turn:__DOMAIN__:__TLS_ALT_PORT__", + "turn:__DOMAIN__:__TLS_ALT_PORT__?transport=udp" + ], + "username": "__APP__", + "credential": "__TURNPWD__", "credentialType": "hmac-sha1" } ] \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 94a5224..ebd98fe 100755 --- a/scripts/backup +++ b/scripts/backup @@ -54,11 +54,19 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #ynh_backup --src_path="/etc/logrotate.d/$app" +#================================================= +# BACKUP SYNAPSE LOG +#================================================= + +ynh_backup --src_path="/var/log/$app" + #================================================= # BACKUP SYSTEMD #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" +ynh_backup --src_path="/etc/default/coturn-$app" +ynh_backup --src_path="/etc/systemd/system/coturn-$app.service" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 20a9ff8..f8ad551 100755 --- a/scripts/install +++ b/scripts/install @@ -27,7 +27,9 @@ domain=$YNH_APP_ARG_DOMAIN path_url="/" admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC +ynh_print_OFF password=$YNH_APP_ARG_PASSWORD +ynh_print_ON group_name=$YNH_APP_ARG_GROUP_NAME architecture=$(ynh_detect_arch) @@ -143,13 +145,22 @@ ynh_add_systemd_config --service=coturn-$app --template=coturn-galene.service cp ../conf/passwd $final_path/data/passwd -ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/data/passwd" -ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/data/passwd" +ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/data/passwd" +ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/data/passwd" mv -f $final_path/groups/groupname.json $final_path/groups/$group_name.json -ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/groups/$group_name.json" -ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/groups/$group_name.json" +ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/groups/$group_name.json" +ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/groups/$group_name.json" + +cp ../conf/ice-servers.json $final_path/data/ice-servers.json + +ynh_replace_string --match_string=__DOMAIN__ --replace_string=$admin --target_file="$final_path/data/ice-servers.json" +ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$final_path/data/ice-servers.json" +ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$final_path/data/ice-servers.json" +ynh_print_OFF +ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$final_path/data/ice-servers.json" +ynh_print_ON #================================================= # STORE THE CONFIG FILE CHECKSUM @@ -158,6 +169,7 @@ ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" -- # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$final_path/data/passwd" ynh_store_file_checksum --file="$final_path/groups/$group_name.json" +ynh_store_file_checksum --file="$final_path/data/ice-servers.json" #================================================= # SET COTURN CONFIG @@ -208,7 +220,7 @@ ynh_store_file_checksum --file="$coturn_config_path" #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 -ynh_use_logrotate --logfile "/var/log/$app" +ynh_use_logrotate --origin_path="/etc/logrotate.d/$app" #================================================= # ADD SCRIPT FOR COTURN CRON AND APP SERVICE @@ -229,6 +241,7 @@ ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$ # Set permissions to app files chown -R $app: $final_path chmod -R 755 $final_path +chmod u=rwX,g=rX,o= -R /etc/$app chmod 770 $final_path/Coturn_config_rotate.sh setfacl -R -m user:turnserver:rX /etc/$app setfacl -R -m user:turnserver:rwX /var/log/$app diff --git a/scripts/remove b/scripts/remove index a1ec6fb..60ab37b 100755 --- a/scripts/remove +++ b/scripts/remove @@ -17,22 +17,29 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +port=$(ynh_app_setting_get --app=$app --key=port) +turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) #================================================= # STANDARD REMOVE #================================================= # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= +ynh_script_progression --message="Removing $app service integration..." --weight=1 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then - ynh_script_progression --message="Removing $app service integration..." --weight=1 yunohost service remove $app fi +if ynh_exec_warn_less yunohost service status coturn-$app >/dev/null >/dev/null +then + yunohost service remove coturn-$app +fi + #================================================= # STOP AND REMOVE SERVICE #================================================= @@ -40,14 +47,15 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config +ynh_remove_systemd_config --service=coturn-$app #================================================= # REMOVE DEPENDENCIES #================================================= -#ynh_script_progression --message="Removing dependencies..." --time --weight=1 +ynh_script_progression --message="Removing dependencies..." --time --weight=1 # Remove metapackage and its dependencies -#ynh_remove_app_dependencies +ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR @@ -55,7 +63,9 @@ ynh_remove_systemd_config ynh_script_progression --message="Removing app main directory..." --weight=2 # Remove the app directory securely -ynh_secure_remove --file="$final_path" +ynh_secure_remove --file=$final_path +ynh_secure_remove --file=/var/log/$app +ynh_secure_remove --file=/etc/default/coturn-$app #================================================= # REMOVE NGINX CONFIGURATION @@ -68,20 +78,26 @@ ynh_remove_nginx_config #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= -#ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1 +ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1 # Remove the app-specific logrotate config -#ynh_remove_logrotate +ynh_remove_logrotate #================================================= # CLOSE A PORT #================================================= -# if yunohost firewall list | grep -q "\- $port$" -# then -# ynh_script_progression --message="Closing port $port..." --time --weight=1 -# ynh_exec_warn_less yunohost firewall disallow TCP $port -# fi +closeport() { + local port=$1 + if yunohost firewall list | grep -q "\- $port$" + then + ynh_script_progression --message="Closing port $port" + ynh_exec_warn_less yunohost firewall disallow Both $port + fi +} + +closeport $turnserver_tls_port +closeport $turnserver_alt_tls_port #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index c9b7a75..426eb8d 100755 --- a/scripts/restore +++ b/scripts/restore @@ -31,6 +31,8 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) group_name=$(ynh_app_setting_get --app=$app --key=group_name) +turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -64,6 +66,8 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei # Create the dedicated user (if not existing) ynh_system_user_create --username=$app +adduser $synapse_user ssl-cert +adduser turnserver ssl-cert #================================================= # RESTORE USER RIGHTS @@ -90,6 +94,7 @@ ynh_script_progression --message="Restoring the systemd configuration..." --weig ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet +systemctl enable coturn-$app.service --quiet #================================================= # INTEGRATE SERVICE IN YUNOHOST @@ -105,12 +110,69 @@ yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port ynh_script_progression --message="Starting a systemd service..." --weight=3 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= -#ynh_restore_file --origin_path="/etc/logrotate.d/$app" +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + +#================================================= +# RECONFIGURE THE TURNSERVER +#================================================= +ynh_script_progression --message="Reconfiguring coturn..." --weight=23 + +# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config + +# Retrieve specific settings +turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) +ynh_print_OFF +turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) +ynh_print_ON + +# WARNING : these commands are used in INSTALL, UPGRADE +# For any update do it in all files + +coturn_config_path="/etc/matrix-$app/coturn.conf" + +cp ../settings/conf/turnserver.conf "$coturn_config_path" + +ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path" +ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path" +ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path" +ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path" +ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path" +ynh_print_OFF +ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path" +ynh_print_ON + +# Get public IP and set as external IP for coturn +# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +public_ip4="$(curl ip.yunohost.org)" || true +public_ip6="$(curl ipv6.yunohost.org)" || true + +if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" +then + echo "external-ip=$public_ip4" >> "$coturn_config_path" +fi + +if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" +then + echo "external-ip=$public_ip6" >> "$coturn_config_path" +fi + +ynh_store_file_checksum --file="$coturn_config_path" + +#================================================= +# OPEN THE PORT +#================================================= + +# Ouvre le port dans le firewall +ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port +ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 95f9558..9eae3b4 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -23,6 +23,10 @@ is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) group_name=$(ynh_app_setting_get --app=$app --key=group_name) port=$(ynh_app_setting_get --app=$app --key=port) +turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) +turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) architecture=$(ynh_detect_arch) #================================================= @@ -98,6 +102,91 @@ then popd fi +#================================================= +# MULTINSTANCE SUPPORT +#================================================= + +if [ ! -e /etc/matrix-$app/coturn.conf ] +then + ynh_script_progression --message="Creating an independant service for coturn..." --weight=1 + + #================================================= + # CREATE AN INDEPENDANT SERVICE FOR COTURN + #================================================= + + # Disable default config for turnserver and create a new service + systemctl stop coturn.service + + # Set by default the system config for coturn + echo "" > /etc/turnserver.conf + ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn + + # Set a port for each service in turnserver + turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) + cli_port=$(ynh_find_port --port=5766) + + ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port + ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port + + yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 + + #================================================= + # MAKE A CLEAN LOGROTATE CONFIG + #================================================= + + ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend +fi + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# UPDATE COTURN CONFIG +#================================================= +ynh_script_progression --message="Updating coturn config..." --weight=1 + +# WARNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +coturn_config_path="/etc/matrix-$app/coturn.conf" + +cp ../conf/turnserver.conf "$coturn_config_path" + +ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path" +ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path" +ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path" +ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path" +ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path" +ynh_print_OFF +ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path" +ynh_print_ON + +# Get public IP and set as external IP for coturn +# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +public_ip4="$(curl ip.yunohost.org)" || true +public_ip6="$(curl ipv6.yunohost.org)" || true + +if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" +then + echo "external-ip=$public_ip4" >> "$coturn_config_path" +fi + +if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" +then + echo "external-ip=$public_ip6" >> "$coturn_config_path" +fi + +ynh_store_file_checksum --file="$coturn_config_path" + +#================================================= +# ADD SCRIPT FOR COTURN CRON AND APP SERVICE +#================================================= + +# WARNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +cp ../sources/Coturn_config_rotate.sh $final_path/ +ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh" + #================================================= # NGINX CONFIGURATION #================================================= @@ -138,14 +227,18 @@ ynh_add_systemd_config # Set permissions on app files chown -R $app: $final_path chmod -R 755 $final_path +chmod u=rwX,g=rX,o= -R /etc/$app +chmod 770 $final_path/Coturn_config_rotate.sh +setfacl -R -m user:turnserver:rX /etc/matrix-$app +setfacl -R -m user:turnserver:rwX /var/log/matrix-$app #================================================= # SETUP LOGROTATE #================================================= -# ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 # # Use logrotate to manage app-specific logfile(s) -# ynh_use_logrotate --non-append +ynh_use_logrotate --non-append #================================================= # INTEGRATE SERVICE IN YUNOHOST @@ -160,7 +253,8 @@ yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=coturn-$app.service --action=restart +ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log" #================================================= # RELOAD NGINX