From 3468ffe16ede1d13c9319f88e38625a7efd08c1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 16 Jan 2021 09:51:02 +0100 Subject: [PATCH] Testing (#14) * Update README * Update groupname.json --- README.md | 29 ++++++++++++++++++++++++++++- README_fr.md | 29 ++++++++++++++++++++++++++++- conf/coturn-galene.service | 2 +- conf/groupname.json | 5 ++++- scripts/backup | 2 +- scripts/change_url | 4 ++-- scripts/install | 33 +++++++++++++++++++++++---------- scripts/remove | 11 ++++------- scripts/restore | 21 +++++++++++++++++---- scripts/upgrade | 17 +++++++---------- 10 files changed, 115 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index f1154eb..f13c3c1 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,34 @@ Galène is a videoconferencing server that is easy to deploy (just copy a few fi ## Configuration -To check if the TURN server is up and running, type `/relay-test` in the chat box; if the TURN server is properly configured, you should see a message saying that the relay test has been successful. +### TURN server + +For VoIP and video conferencing a TURN server is also installed and configured. The TURN server listens on two UDP and TCP ports. You can get them with these commands: + +``` +sudo yunohost app setting galene turnserver_tls_port +sudo yunohost app setting galene turnserver_alt_tls_port +``` + +The TURN server will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. + +For security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use Galène server for VoIP or conferencing you will need to open this port range manually. To do this, just run this command: + +``` +sudo yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the TURN server config. By this the TURN server can send its real public IP to the client. For more information see the [Coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L56-L62). So if your IP changes, you could run the script `/opt/yunohost/galene/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content. + +``` +*/15 * * * * root bash /opt/yunohost/galene/Coturn_config_rotate.sh; +``` + +To check if Galène can connect to the TURN server, connect to Galène as operator and type `/relay-test` in the chat box; if the TURN server is properly configured, you should see a message saying that the relay test has been successful. ## Documentation diff --git a/README_fr.md b/README_fr.md index 682d3cc..194c926 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,7 +23,34 @@ Galène est un serveur de visioconférence facile à déployer (il suffit de cop ## Configuration -Pour vérifier si le serveur TURN est opérationnel, tapez `/relay-test` dans la boîte de dialogue; si le serveur TURN est correctement configuré, vous devriez voir un message indiquant que le test du relais a réussi. +### Serveur TURN + +Pour la VoIP et la visioconférence, un serveur TURN est également installé et configuré. Le serveur TURN écoute sur deux ports UDP et TCP. Vous pouvez les obtenir avec ces commandes : + +``` +sudo yunohost app setting galene turnserver_tls_port +sudo yunohost app setting galene turnserver_alt_tls_port +``` + +Le serveur TURN choisira également un port de manière dynamique lors du démarrage d'une nouvelle visioconférence. La plage est comprise entre 49153 et 49193. + +Par sécurité, la plage de ports (49153 - 49193) n'est pas automatiquement ouverte par défaut. Si vous souhaitez utiliser Galène pour la VoIP ou la visioconférence, vous devrez ouvrir cette plage de ports manuellement. Pour ce faire, exécutez simplement cette commande : + +``` +sudo yunohost firewall allow Both 49153:49193 +``` + +Vous devrez peut-être également ouvrir ces ports (si ce n'est pas fait automatiquement) sur votre box. + +Pour éviter la situation où le serveur est derrière un NAT, l'adresse IP publique est écrite dans la configuration du serveur TURN. De cette manière, le serveur TURN peut envoyer sa véritable adresse IP publique au client. Pour plus d'informations, consultez [le fichier de configuration d'exemple Coturn](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L56-L62). Donc, si votre adresse IP change, vous pouvez exécuter le script `/opt/yunohost/galene/Coturn_config_rotate.sh` pour mettre à jour votre configuration. + +Si vous avez une adresse IP dynamique, vous devrez peut-être également mettre à jour cette configuration automatiquement. Pour ce faire, éditez simplement un fichier nommé `/etc/cron.d/coturn_config_rotate` et ajoutez le contenu suivant. + +``` +* / 15 * * * * root bash /opt/yunohost/galene/Coturn_config_rotate.sh; +``` + +Pour vérifier si Galène peut se connecter au serveur TURN, connectez-vous à Galène en tant qu'opérateur et tapez `/relay-test` dans la boîte de dialogue chat; si le serveur TURN est correctement configuré, vous devriez voir un message indiquant que le test du relais a réussi. ## Documentation diff --git a/conf/coturn-galene.service b/conf/coturn-galene.service index 5cf8abb..09d9cc4 100644 --- a/conf/coturn-galene.service +++ b/conf/coturn-galene.service @@ -1,5 +1,5 @@ [Unit] -Description=coturn +Description=Coturn STUN/TURN Server Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) After=syslog.target network.target diff --git a/conf/groupname.json b/conf/groupname.json index 1d9aadf..3582c55 100644 --- a/conf/groupname.json +++ b/conf/groupname.json @@ -4,8 +4,11 @@ {"username": "", "password": ""}, {"username": "", "password": ""} ], + "contact": "username@domain.com", + "comment": "Public Conference", + "description": "a human-readable description of the group; this is displayed on the landing page for public groups.", + "autolock": true, "public": true, - "description": "This is displayed on the landing page for public groups.", "max-clients": 20, "max-history-age": 14400, "allow-recording": true, diff --git a/scripts/backup b/scripts/backup index 6ae700f..c0f1b6d 100755 --- a/scripts/backup +++ b/scripts/backup @@ -81,4 +81,4 @@ ynh_backup --src_path="/etc/systemd/system/coturn-$app.service" # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info --message="Backup script completed for Galène. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 10d80ee..0dbac85 100755 --- a/scripts/change_url +++ b/scripts/change_url @@ -33,7 +33,7 @@ port=$(ynh_app_setting_get --app=$app --key=port) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 +ynh_script_progression --message="Backing up Galène before changing its URL (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -121,4 +121,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression --message="Change of URL completed for Galène" --last diff --git a/scripts/install b/scripts/install index 07a0223..aebe99f 100755 --- a/scripts/install +++ b/scripts/install @@ -66,7 +66,7 @@ ynh_script_progression --message="Creating a dhparam file..." --weight=3 # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files -# Make dh cert for Galène if it doesn't exist +# Make dhparam cert for Galène if it doesn't exist if [ ! -e /etc/ssl/private/dh2048.pem ] then ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam @@ -159,9 +159,9 @@ ynh_add_systemd_config --service=coturn-$app --template=coturn-galene.service #================================================= # SET COTURN CONFIG #================================================= -ynh_script_progression --message="Configuring coturn..." --weight=1 +ynh_script_progression --message="Configuring Coturn..." --weight=1 -# WARNING : theses command are used in INSTALL, UPGRADE +# WARNING: theses command are used in INSTALL, UPGRADE # For any update do it in all files # Find password for turnserver @@ -173,7 +173,6 @@ ynh_print_ON coturn_config_path="/etc/$app/coturn.conf" cp ../conf/coturn/turnserver.conf "$coturn_config_path" - ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path" @@ -184,7 +183,7 @@ ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd - ynh_print_ON # Get public IP and set as external IP for coturn -# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +# note: '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 public_ip4="$(curl ip.yunohost.org)" || true public_ip6="$(curl ipv6.yunohost.org)" || true @@ -205,17 +204,14 @@ ynh_store_file_checksum --file="$coturn_config_path" #================================================= cp ../conf/passwd $final_path/data/passwd - ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/data/passwd" ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/data/passwd" mv ../conf/groupname.json $final_path/groups/$group_name.json - ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/groups/$group_name.json" ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/groups/$group_name.json" cp ../conf/ice-servers.json $final_path/data/ice-servers.json - ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$final_path/data/ice-servers.json" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/data/ice-servers.json" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$final_path/data/ice-servers.json" @@ -247,7 +243,7 @@ ynh_use_logrotate --logfile "/var/log/$app" # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -cp ../sources/Coturn_config_rotate.sh $final_path/ +cp ../sources/Coturn_config_rotate.sh $final_path/Coturn_config_rotate.sh ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh" #================================================= @@ -301,8 +297,25 @@ ynh_script_progression --message="Reloading NGINX web server..." --weight=2 ynh_systemd_action --service_name=nginx --action=reload +#================================================= +# SEND A README FOR THE ADMIN +#================================================= + +# WARNING : theses command are used in INSTALL, RESTORE +# For any update do it in all files + +echo "Galène was successfully installed :) + +Galène is now accesible at this adress: https://$domain + +Galène implements a TURN server (for VoIP), to have this fully functional please read the 'TURN server' section in the README available here: https://github.com/YunoHost-Apps/galene_ynh . + +If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/galene_ynh" > mail_to_send + +ynh_send_readme_to_admin --app_message="mail_to_send" --type="install" + #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression --message="Installation of Galène completed" --last diff --git a/scripts/remove b/scripts/remove index c1c0bc8..66f2e7e 100755 --- a/scripts/remove +++ b/scripts/remove @@ -27,7 +27,7 @@ turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tl #================================================= # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -ynh_script_progression --message="Removing $app service integration..." --weight=1 +ynh_script_progression --message="Removing Galène service integration..." --weight=1 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null @@ -60,7 +60,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." --weight=2 +ynh_script_progression --message="Removing Galène main directory..." --weight=2 # Remove the app directory securely ynh_secure_remove --file=$final_path @@ -89,7 +89,7 @@ ynh_remove_logrotate closeport() { local port=$1 - if yunohost firewall list | grep -q "\- $$turnserver_tls_port$" + if yunohost firewall list | grep -q "\- $turnserver_tls_port$" then ynh_script_progression --message="Closing port $turnserver_tls_port port" ynh_exec_warn_less yunohost firewall disallow Both $turnserver_tls_port @@ -100,9 +100,6 @@ closeport() { fi } -#closeport $turnserver_tls_port -#closeport $turnserver_alt_tls_port - #================================================= # GENERIC FINALIZATION #================================================= @@ -117,4 +114,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression --message="Removal of Galène completed" --last diff --git a/scripts/restore b/scripts/restore index 643b8ed..f67b3ab 100755 --- a/scripts/restore +++ b/scripts/restore @@ -63,7 +63,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=1 +ynh_script_progression --message="Restoring Galène main directory..." --weight=1 ynh_restore_file --origin_path="$final_path" ynh_restore_file --origin_path="/etc/$app" @@ -114,7 +114,7 @@ ynh_script_progression --message="Creating a dhparam file..." --weight=3 # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files -# Make dh cert for synapse if it doesn't exist +# Make dhparam cert for Galène if it doesn't exist if [ ! -e /etc/ssl/private/dh2048.pem ] then ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam @@ -125,7 +125,7 @@ fi #================================================= # RECONFIGURE THE TURNSERVER #================================================= -ynh_script_progression --message="Reconfiguring coturn..." --weight=23 +ynh_script_progression --message="Reconfiguring Coturn..." --weight=23 # To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config @@ -200,6 +200,19 @@ setfacl -R -m user:turnserver:rwX /var/log/$app ynh_restore_file --origin_path="/etc/logrotate.d/$app" +#================================================= +# SEND A README FOR THE ADMIN +#================================================= + +# WARNING : theses command are used in INSTALL, RESTORE +# For any update do it in all files + +echo "Galène also implements a TURN server (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/galene_ynh . + +If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/galene_ynh" > mail_to_send + +ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore" + #================================================= # GENERIC FINALIZATION #================================================= @@ -213,4 +226,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression --message="Restoration completed for Galène" --last diff --git a/scripts/upgrade b/scripts/upgrade index 5504fd3..804b773 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -50,7 +50,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 +ynh_script_progression --message="Backing up Galène before upgrading (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -109,7 +109,7 @@ fi if [ ! -e /etc/$app/coturn.conf ] then - ynh_script_progression --message="Creating an independant service for coturn..." --weight=1 + ynh_script_progression --message="Creating an independant service for Coturn..." --weight=1 #================================================= # CREATE AN INDEPENDANT SERVICE FOR COTURN @@ -146,7 +146,7 @@ ynh_script_progression --message="Creating a dhparam file..." --weight=3 # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files -# Make dh cert for Galène if it doesn't exist +# Make dhparam cert for Galène if it doesn't exist if [ ! -e /etc/ssl/private/dh2048.pem ] then ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam @@ -159,15 +159,14 @@ fi #================================================= # UPDATE COTURN CONFIG #================================================= -ynh_script_progression --message="Updating coturn config..." --weight=1 +ynh_script_progression --message="Updating Coturn config..." --weight=1 # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files coturn_config_path="/etc/$app/coturn.conf" -cp ../conf/coturn/turnserver.conf "$coturn_config_path" - +cp ../conf/coturn/turnserver.conf $coturn_config_path ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path" @@ -201,7 +200,7 @@ ynh_store_file_checksum --file="$coturn_config_path" # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -cp ../sources/Coturn_config_rotate.sh $final_path/ +cp ../sources/Coturn_config_rotate.sh $final_path/Coturn_config_rotate.sh ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh" #================================================= @@ -209,12 +208,10 @@ ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$ #================================================= cp ../conf/passwd $final_path/data/passwd - ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/data/passwd" ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/data/passwd" cp ../conf/ice-servers.json $final_path/data/ice-servers.json - ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$final_path/data/ice-servers.json" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/data/ice-servers.json" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$final_path/data/ice-servers.json" @@ -306,4 +303,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression --message="Upgrade of Galène completed" --last