diff --git a/README.md b/README.md
index 287320d..f1154eb 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,7 @@ Galène is a videoconferencing server that is easy to deploy (just copy a few fi
## Configuration
+To check if the TURN server is up and running, type `/relay-test` in the chat box; if the TURN server is properly configured, you should see a message saying that the relay test has been successful.
## Documentation
diff --git a/README_fr.md b/README_fr.md
index 22f3ab1..682d3cc 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -23,6 +23,8 @@ Galène est un serveur de visioconférence facile à déployer (il suffit de cop
## Configuration
+Pour vérifier si le serveur TURN est opérationnel, tapez `/relay-test` dans la boîte de dialogue; si le serveur TURN est correctement configuré, vous devriez voir un message indiquant que le test du relais a réussi.
+
## Documentation
* Documentation officielle : https://galene.org/
diff --git a/conf/coturn-galene.service b/conf/coturn-galene.service
new file mode 100644
index 0000000..5cf8abb
--- /dev/null
+++ b/conf/coturn-galene.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=coturn
+Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
+After=syslog.target network.target
+
+[Service]
+User=turnserver
+Group=turnserver
+Type=forking
+EnvironmentFile=/etc/default/coturn-__APP__
+PIDFile=/run/coturn-__APP__/turnserver.pid
+RuntimeDirectory=coturn-__APP__
+RuntimeDirectoryMode=0755
+ExecStart=/usr/bin/turnserver -o -c /etc/__APP__/coturn.conf $EXTRA_OPTIONS
+ExecStopPost=/bin/rm -f /run/coturn-__APP__/turnserver.pid
+Restart=on-abort
+
+LimitCORE=infinity
+LimitNOFILE=999999
+LimitNPROC=60000
+LimitRTPRIO=infinity
+LimitRTTIME=7000000
+CPUSchedulingPolicy=other
+UMask=0007
+
+[Install]
+WantedBy=multi-user.target
diff --git a/conf/coturn/default_coturn b/conf/coturn/default_coturn
new file mode 100644
index 0000000..fc87269
--- /dev/null
+++ b/conf/coturn/default_coturn
@@ -0,0 +1,5 @@
+#
+# Uncomment it if you want to have the turnserver running as
+# an automatic system service daemon
+#
+TURNSERVER_ENABLED=1
diff --git a/conf/coturn/turnserver.conf b/conf/coturn/turnserver.conf
new file mode 100644
index 0000000..da267fb
--- /dev/null
+++ b/conf/coturn/turnserver.conf
@@ -0,0 +1,28 @@
+lt-cred-mech
+use-auth-secret
+static-auth-secret=__TURNPWD__
+realm=__DOMAIN__
+
+tls-listening-port=__TLS_PORT__
+alt-tls-listening-port=__TLS_ALT_PORT__
+min-port=49153
+max-port=49193
+cli-port=__CLI_PORT__
+
+cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
+pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
+dh-file=/etc/ssl/private/dh2048.pem
+
+no-sslv2
+no-sslv3
+no-tlsv1
+no-tlsv1_1
+
+no-loopback-peers
+no-multicast-peers
+
+no-cli
+
+log-file=/var/log/__APP__/turnserver.log
+pidfile=/run/coturn-__APP__/turnserver.pid
+simple-log
diff --git a/conf/groupname.json b/conf/groupname.json
index 9751310..4752322 100644
--- a/conf/groupname.json
+++ b/conf/groupname.json
@@ -1,4 +1,16 @@
{
"op": [{"username": "__ADMIN__", "password": "__PASSWORD__"}],
- "presenter": [{}]
+ "presenter": [
+ {"username": "", "password": ""},
+ {"username": "", "password": ""}
+ ],
+ "public": "true",
+ "description": "This is displayed on the landing page for public groups.",
+ "max-clients": 20,
+ "max-history-age": 14400,
+ "allow-recording": "true",
+ "allow-anonymous": "true",
+ "allow-subgroups": "true",
+ "redirect": "",
+ "codecs": ["vp8", "opus"]
}
diff --git a/conf/ice-servers.json b/conf/ice-servers.json
new file mode 100644
index 0000000..320489d
--- /dev/null
+++ b/conf/ice-servers.json
@@ -0,0 +1,15 @@
+[
+ {
+ "urls": [
+ "turn:__DOMAIN__:__TLS_PORT__",
+ "turn:__DOMAIN__:__TLS_ALT_PORT__",
+ "turn:__DOMAIN__:__TLS_PORT__?transport=tcp",
+ "turn:__DOMAIN__:__TLS_ALT_PORT__?transport=tcp",
+ "turn:__DOMAIN__:__TLS_PORT__?transport=udp",
+ "turn:__DOMAIN__:__TLS_ALT_PORT__?transport=udp"
+ ],
+ "username": "__APP__",
+ "credential": "__TURNPWD__",
+ "credentialType": "hmac-sha1"
+ }
+]
diff --git a/manifest.json b/manifest.json
index ee21141..743d823 100644
--- a/manifest.json
+++ b/manifest.json
@@ -48,8 +48,8 @@
"fr": "Définissez le mot de passe administrateur"
},
"help": {
- "en": "Use the help field to add an information for the admin about this question.",
- "fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question."
+ "en": "Set the administrator password (between 8 and 30 characters)",
+ "fr": "Définissez le mot de passe administrateur (entre 8 et 30 caractères)"
},
"example": "Choose a password"
},
@@ -73,6 +73,10 @@
"en": "Choose a name for the group you want to create",
"fr": "Choisissez un nom pour le groupe que vous voulez créer"
},
+ "help": {
+ "en": "The name will be used as filename (do not use space, dots or / in your name group).",
+ "fr": "Le nom sera utilisé comme nom de fichier (n'utilisez pas d'espace, de points ou / dans votre groupe de noms)."
+ },
"default": "public",
"example": "public"
}
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 24e8305..fb6b70c 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -5,7 +5,7 @@
#=================================================
# dependencies used by the app
-pkg_dependencies=""
+pkg_dependencies="coturn acl"
#=================================================
# PERSONAL HELPERS
@@ -15,6 +15,145 @@ pkg_dependencies=""
# EXPERIMENTAL HELPERS
#=================================================
+# Send an email to inform the administrator
+#
+# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
+# | arg: -m --app_message= - The file with the content to send to the administrator.
+# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
+# example: "root admin@domain"
+# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
+# example: "root admin@domain user1 user2"
+# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
+ynh_send_readme_to_admin() {
+ # Declare an array to define the options of this helper.
+ declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
+ local app_message
+ local recipients
+ local type
+ # Manage arguments with getopts
+
+ ynh_handle_getopts_args "$@"
+ app_message="${app_message:-}"
+ recipients="${recipients:-root}"
+ type="${type:-install}"
+
+ # Get the value of admin_mail_html
+ admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
+ admin_mail_html="${admin_mail_html:-0}"
+
+ # Retrieve the email of users
+ find_mails () {
+ local list_mails="$1"
+ local mail
+ local recipients=" "
+ # Read each mail in argument
+ for mail in $list_mails
+ do
+ # Keep root or a real email address as it is
+ if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
+ then
+ recipients="$recipients $mail"
+ else
+ # But replace an user name without a domain after by its email
+ if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
+ then
+ recipients="$recipients $mail"
+ fi
+ fi
+ done
+ echo "$recipients"
+ }
+ recipients=$(find_mails "$recipients")
+
+ # Subject base
+ local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
+
+ # Adapt the subject according to the type of mail required.
+ if [ "$type" = "backup" ]; then
+ mail_subject="$mail_subject has just been backup."
+ elif [ "$type" = "change_url" ]; then
+ mail_subject="$mail_subject has just been moved to a new URL!"
+ elif [ "$type" = "remove" ]; then
+ mail_subject="$mail_subject has just been removed!"
+ elif [ "$type" = "restore" ]; then
+ mail_subject="$mail_subject has just been restored!"
+ elif [ "$type" = "upgrade" ]; then
+ mail_subject="$mail_subject has just been upgraded!"
+ else # install
+ mail_subject="$mail_subject has just been installed!"
+ fi
+
+ local mail_message="This is an automated message from your beloved YunoHost server.
+
+Specific information for the application $app.
+
+$(if [ -n "$app_message" ]
+then
+ cat "$app_message"
+else
+ echo "...No specific information..."
+fi)
+
+---
+Automatic diagnosis data from YunoHost
+
+__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
+
+ # Store the message into a file for further modifications.
+ echo "$mail_message" > mail_to_send
+
+ # If a html email is required. Apply html tags to the message.
+ if [ "$admin_mail_html" -eq 1 ]
+ then
+ # Insert 'br' tags at each ending of lines.
+ ynh_replace_string "$" "
" mail_to_send
+
+ # Insert starting HTML tags
+ sed --in-place '1s@^@\n\n\n\n@' mail_to_send
+
+ # Keep tabulations
+ ynh_replace_string " " "\ \ " mail_to_send
+ ynh_replace_string "\t" "\ \ " mail_to_send
+
+ # Insert url links tags
+ ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "\1" mail_to_send
+
+ # Insert pre tags
+ ynh_replace_string "__PRE_TAG1__" "" mail_to_send
+ ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
+
+ # Insert finishing HTML tags
+ echo -e "\n\n" >> mail_to_send
+
+ # Otherwise, remove tags to keep a plain text.
+ else
+ # Remove URL tags
+ ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
+ ynh_replace_string "__URL_TAG2__" ": " mail_to_send
+
+ # Remove PRE tags
+ ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
+ fi
+
+ # Define binary to use for mail command
+ if [ -e /usr/bin/bsd-mailx ]
+ then
+ local mail_bin=/usr/bin/bsd-mailx
+ else
+ local mail_bin=/usr/bin/mail.mailutils
+ fi
+
+ if [ "$admin_mail_html" -eq 1 ]
+ then
+ content_type="text/html"
+ else
+ content_type="text/plain"
+ fi
+
+ # Send the email to the recipients
+ cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
+}
+
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================
@@ -43,4 +182,4 @@ ynh_detect_arch(){
architecture="unknown"
fi
echo $architecture
-}
\ No newline at end of file
+}
diff --git a/scripts/backup b/scripts/backup
index 94a5224..6ae700f 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -39,6 +39,15 @@ ynh_print_info --message="Declaring files to be backed up..."
#=================================================
ynh_backup --src_path="$final_path"
+ynh_backup --src_path="/etc/$app"
+
+#=================================================
+# BACKUP SYSTEMD
+#=================================================
+
+ynh_backup --src_path="/etc/systemd/system/$app.service"
+ynh_backup --src_path="/etc/default/coturn-$app"
+ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
#=================================================
# BACKUP THE NGINX CONFIGURATION
@@ -52,13 +61,21 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
# BACKUP LOGROTATE
#=================================================
-#ynh_backup --src_path="/etc/logrotate.d/$app"
+ynh_backup --src_path="/etc/logrotate.d/$app"
+
+#=================================================
+# BACKUP GALÈNE LOG
+#=================================================
+
+ynh_backup --src_path="/var/log/$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
+ynh_backup --src_path="/etc/default/coturn-$app"
+ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
#=================================================
# END OF SCRIPT
diff --git a/scripts/install b/scripts/install
index 763b6b6..ab2463f 100755
--- a/scripts/install
+++ b/scripts/install
@@ -27,7 +27,9 @@ domain=$YNH_APP_ARG_DOMAIN
path_url="/"
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
+ynh_print_OFF
password=$YNH_APP_ARG_PASSWORD
+ynh_print_ON
group_name=$YNH_APP_ARG_GROUP_NAME
architecture=$(ynh_detect_arch)
@@ -54,6 +56,23 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=group_name --value=$group_name
+ynh_app_setting_set --app=$app --key=password --value=$password
+
+#=================================================
+# CREATE A DH FILE
+#=================================================
+ynh_script_progression --message="Creating a dhparam file..." --weight=3
+
+# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
+# For any update do it in all files
+
+# Make dh cert for Galène if it doesn't exist
+if [ ! -e /etc/ssl/private/dh2048.pem ]
+then
+ ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
+ chown root:ssl-cert /etc/ssl/private/dh2048.pem
+ chmod 640 /etc/ssl/private/dh2048.pem
+fi
#=================================================
# STANDARD MODIFICATIONS
@@ -64,17 +83,28 @@ ynh_script_progression --message="Finding an available port..." --weight=3
# Find an available port
port=$(ynh_find_port --port=8443)
+turnserver_tls_port=$(ynh_find_port --port=5349)
+turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
+cli_port=$(ynh_find_port --port=5766)
+
ynh_app_setting_set --app=$app --key=port --value=$port
# Open the port
-# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
+ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
+ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
+
+# Store opened ports
+ynh_app_setting_set --app=$app --key=port --value=$port
+ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
+ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
+ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
-#ynh_script_progression --message="Installing dependencies..." --time --weight=1
+ynh_script_progression --message="Installing dependencies..." --weight=5
-#ynh_install_app_dependencies $pkg_dependencies
+ynh_install_app_dependencies $pkg_dependencies
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@@ -110,6 +140,7 @@ ynh_script_progression --message="Configuring system user..." --weight=3
# Create a system user
ynh_system_user_create --username=$app
+adduser turnserver ssl-cert
#=================================================
# SETUP SYSTEMD
@@ -119,19 +150,79 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Create a dedicated systemd config
ynh_add_systemd_config
+mkdir -p /var/log/$app
+mkdir -p /etc/$app
+# Create systemd service for turnserver
+cp ../conf/coturn/default_coturn /etc/default/coturn-$app
+ynh_add_systemd_config --service=coturn-$app --template=coturn-galene.service
+
+#=================================================
+# SET COTURN CONFIG
+#=================================================
+ynh_script_progression --message="Configuring coturn..." --weight=1
+
+# WARNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+# Find password for turnserver
+ynh_print_OFF
+turnserver_pwd=$(ynh_string_random --length=30)
+ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
+ynh_print_ON
+
+coturn_config_path="/etc/$app/coturn.conf"
+
+cp ../conf/coturn/turnserver.conf "$coturn_config_path"
+
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
+ynh_print_OFF
+ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
+ynh_print_ON
+
+# Get public IP and set as external IP for coturn
+# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
+then
+ echo "external-ip=$public_ip4" >> "$coturn_config_path"
+fi
+
+if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
+then
+ echo "external-ip=$public_ip6" >> "$coturn_config_path"
+fi
+
+ynh_store_file_checksum --file="$coturn_config_path"
+
#=================================================
# MODIFY A CONFIG FILE
#=================================================
cp ../conf/passwd $final_path/data/passwd
-ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/data/passwd"
-ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/data/passwd"
+ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/data/passwd"
+ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/data/passwd"
-mv -f $final_path/groups/groupname.json $final_path/groups/$group_name.json
+mv $final_path/groups/groupname.json $final_path/groups/$group_name.json
-ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/groups/$group_name.json"
-ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/groups/$group_name.json"
+ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/groups/$group_name.json"
+ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/groups/$group_name.json"
+
+cp ../conf/ice-servers.json $final_path/data/ice-servers.json
+
+ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$final_path/data/ice-servers.json"
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/data/ice-servers.json"
+ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$final_path/data/ice-servers.json"
+ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$final_path/data/ice-servers.json"
+ynh_print_OFF
+ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$final_path/data/ice-servers.json"
+ynh_print_ON
#=================================================
# STORE THE CONFIG FILE CHECKSUM
@@ -140,6 +231,24 @@ ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$final_path/data/passwd"
ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
+ynh_store_file_checksum --file="$final_path/data/ice-servers.json"
+
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+ynh_script_progression --message="Configuring log rotation..." --weight=1
+
+ynh_use_logrotate --logfile "/var/log/$app"
+
+#=================================================
+# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
+#=================================================
+
+# WARNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+cp ../sources/Coturn_config_rotate.sh $final_path/
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
#=================================================
# GENERIC FINALIZATION
@@ -148,16 +257,14 @@ ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
#=================================================
# Set permissions to app files
-chown -R $app: $final_path
+chown -R $app:root $final_path
chmod -R 755 $final_path
-
-#=================================================
-# SETUP LOGROTATE
-#=================================================
-#ynh_script_progression --message="Configuring log rotation..." --time --weight=1
-
-# Use logrotate to manage application logfile(s)
-#ynh_use_logrotate
+chown -R $app:root /var/log/$app
+chown -R $app:root /etc/$app
+chmod -R u=rwX,g=rX,o= /etc/$app
+chmod 770 $final_path/Coturn_config_rotate.sh
+setfacl -R -m user:turnserver:rX /etc/$app
+setfacl -R -m user:turnserver:rwX /var/log/$app
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
@@ -165,6 +272,7 @@ chmod -R 755 $final_path
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
+yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# START SYSTEMD SERVICE
@@ -172,7 +280,8 @@ yunohost service add $app --description="Videoconferencing server" --log="/var/l
ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=coturn-$app.service --action=restart
#=================================================
# SETUP SSOWAT
diff --git a/scripts/remove b/scripts/remove
index a1ec6fb..c1c0bc8 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -17,22 +17,29 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
-port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+port=$(ynh_app_setting_get --app=$app --key=port)
+turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
+turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
+ynh_script_progression --message="Removing $app service integration..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
- ynh_script_progression --message="Removing $app service integration..." --weight=1
yunohost service remove $app
fi
+if ynh_exec_warn_less yunohost service status coturn-$app >/dev/null
+then
+ yunohost service remove coturn-$app
+fi
+
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
@@ -40,14 +47,15 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
+ynh_remove_systemd_config --service=coturn-$app
#=================================================
# REMOVE DEPENDENCIES
#=================================================
-#ynh_script_progression --message="Removing dependencies..." --time --weight=1
+ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
-#ynh_remove_app_dependencies
+ynh_remove_app_dependencies
#=================================================
# REMOVE APP MAIN DIR
@@ -55,7 +63,9 @@ ynh_remove_systemd_config
ynh_script_progression --message="Removing app main directory..." --weight=2
# Remove the app directory securely
-ynh_secure_remove --file="$final_path"
+ynh_secure_remove --file=$final_path
+ynh_secure_remove --file=/var/log/$app
+ynh_secure_remove --file=/etc/default/coturn-$app
#=================================================
# REMOVE NGINX CONFIGURATION
@@ -68,20 +78,30 @@ ynh_remove_nginx_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
-#ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1
+ynh_script_progression --message="Removing logrotate configuration..." --weight=1
# Remove the app-specific logrotate config
-#ynh_remove_logrotate
+ynh_remove_logrotate
#=================================================
# CLOSE A PORT
#=================================================
-# if yunohost firewall list | grep -q "\- $port$"
-# then
-# ynh_script_progression --message="Closing port $port..." --time --weight=1
-# ynh_exec_warn_less yunohost firewall disallow TCP $port
-# fi
+closeport() {
+ local port=$1
+ if yunohost firewall list | grep -q "\- $$turnserver_tls_port$"
+ then
+ ynh_script_progression --message="Closing port $turnserver_tls_port port"
+ ynh_exec_warn_less yunohost firewall disallow Both $turnserver_tls_port
+ elif yunohost firewall list | grep -q "\- $turnserver_alt_tls_port$"
+ then
+ ynh_script_progression --message="Closing port $turnserver_alt_tls_port port"
+ ynh_exec_warn_less yunohost firewall disallow Both $turnserver_alt_tls_port
+ fi
+}
+
+#closeport $turnserver_tls_port
+#closeport $turnserver_alt_tls_port
#=================================================
# GENERIC FINALIZATION
diff --git a/scripts/restore b/scripts/restore
index 43e1834..643b8ed 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -31,6 +31,8 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
+turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
+turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
@@ -43,7 +45,15 @@ test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
-# STANDARD RESTORATION STEPS
+# SPECIFIC RESTORATION
+#=================================================
+# REINSTALL DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Reinstalling dependencies..." --weight=1
+
+# Define and install dependencies
+ynh_install_app_dependencies $pkg_dependencies
+
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
@@ -56,6 +66,8 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$final_path"
+ynh_restore_file --origin_path="/etc/$app"
+ynh_restore_file --origin_path="/var/log/$app"
#=================================================
# RECREATE THE DEDICATED USER
@@ -64,24 +76,8 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
-
-#=================================================
-# RESTORE USER RIGHTS
-#=================================================
-
-# Restore permissions on app files
-chown -R $app: $final_path
-chmod -R 755 $final_path
-
-#=================================================
-# SPECIFIC RESTORATION
-#=================================================
-# REINSTALL DEPENDENCIES
-#=================================================
-#ynh_script_progression --message="Reinstalling dependencies..." --weight=1
-
-# Define and install dependencies
-#ynh_install_app_dependencies $pkg_dependencies
+ynh_system_user_create --username=turnserver ssl-cert
+#adduser turnserver ssl-cert
#=================================================
# RESTORE SYSTEMD
@@ -89,7 +85,10 @@ chmod -R 755 $final_path
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
+ynh_restore_file --origin_path="/etc/default/coturn-$app"
+ynh_restore_file --origin_path="/etc/systemd/system/coturn-$app.service"
systemctl enable $app.service --quiet
+systemctl enable coturn-$app.service --quiet
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
@@ -97,6 +96,7 @@ systemctl enable $app.service --quiet
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
+yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# START SYSTEMD SERVICE
@@ -104,12 +104,101 @@ yunohost service add $app --description="Videoconferencing server" --log="/var/l
ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
+
+#=================================================
+# CREATE A DH FILE
+#=================================================
+ynh_script_progression --message="Creating a dhparam file..." --weight=3
+
+# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
+# For any update do it in all files
+
+# Make dh cert for synapse if it doesn't exist
+if [ ! -e /etc/ssl/private/dh2048.pem ]
+then
+ ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
+ chown root:ssl-cert /etc/ssl/private/dh2048.pem
+ chmod 640 /etc/ssl/private/dh2048.pem
+fi
+
+#=================================================
+# RECONFIGURE THE TURNSERVER
+#=================================================
+ynh_script_progression --message="Reconfiguring coturn..." --weight=23
+
+# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
+
+# Retrieve specific settings
+turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
+turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
+cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
+ynh_print_OFF
+turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
+ynh_print_ON
+
+# WARNING : these commands are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+coturn_config_path="/etc/$app/coturn.conf"
+
+cp ../settings/conf/coturn/turnserver.conf "$coturn_config_path"
+
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
+ynh_print_OFF
+ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
+ynh_print_ON
+
+# Get public IP and set as external IP for coturn
+# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
+then
+ echo "external-ip=$public_ip4" >> "$coturn_config_path"
+fi
+
+if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
+then
+ echo "external-ip=$public_ip6" >> "$coturn_config_path"
+fi
+
+ynh_store_file_checksum --file="$coturn_config_path"
+
+#=================================================
+# OPEN THE PORT
+#=================================================
+
+# Ouvre le port dans le firewall
+ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
+ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
+
+#=================================================
+# RESTORE USER RIGHTS
+#=================================================
+ynh_script_progression --message="Restoring permissions..." --weight=1
+
+# Restore permissions on app files
+# Set permissions on app files
+chown -R $app:root $final_path
+chmod -R 755 $final_path
+chown -R $app:root /var/log/$app
+chown -R $app:root /etc/$app
+chmod -R u=rwX,g=rX,o= /etc/$app
+chmod 770 $final_path/Coturn_config_rotate.sh
+setfacl -R -m user:turnserver:rX /etc/$app
+setfacl -R -m user:turnserver:rwX /var/log/$app
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
-#ynh_restore_file --origin_path="/etc/logrotate.d/$app"
+ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# GENERIC FINALIZATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 2c849ed..5504fd3 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -21,8 +21,13 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+password=$(ynh_app_setting_get --app=$app --key=password)
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
port=$(ynh_app_setting_get --app=$app --key=port)
+turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
+turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
+cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
+turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
architecture=$(ynh_detect_arch)
#=================================================
@@ -98,6 +103,126 @@ then
popd
fi
+#=================================================
+# MULTINSTANCE SUPPORT
+#=================================================
+
+if [ ! -e /etc/$app/coturn.conf ]
+then
+ ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
+
+ #=================================================
+ # CREATE AN INDEPENDANT SERVICE FOR COTURN
+ #=================================================
+
+ # Disable default config for turnserver and create a new service
+ systemctl stop coturn.service
+
+ # Set by default the system config for coturn
+ echo "" > /etc/turnserver.conf
+ ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
+
+ # Set a port for each service in turnserver
+ turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
+ cli_port=$(ynh_find_port --port=5766)
+
+ ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
+ ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
+
+ yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
+
+ #=================================================
+ # MAKE A CLEAN LOGROTATE CONFIG
+ #=================================================
+
+ ynh_use_logrotate --logfile /var/log/$app --nonappend
+fi
+
+#=================================================
+# CREATE A DH FILE
+#=================================================
+ynh_script_progression --message="Creating a dhparam file..." --weight=3
+
+# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
+# For any update do it in all files
+
+# Make dh cert for Galène if it doesn't exist
+if [ ! -e /etc/ssl/private/dh2048.pem ]
+then
+ ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
+ chown root:ssl-cert /etc/ssl/private/dh2048.pem
+ chmod 640 /etc/ssl/private/dh2048.pem
+fi
+
+#=================================================
+# SPECIFIC UPGRADE
+#=================================================
+# UPDATE COTURN CONFIG
+#=================================================
+ynh_script_progression --message="Updating coturn config..." --weight=1
+
+# WARNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+coturn_config_path="/etc/$app/coturn.conf"
+
+cp ../conf/coturn/turnserver.conf "$coturn_config_path"
+
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
+ynh_print_OFF
+ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
+ynh_print_ON
+
+# Get public IP and set as external IP for coturn
+# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
+then
+ echo "external-ip=$public_ip4" >> "$coturn_config_path"
+fi
+
+if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
+then
+ echo "external-ip=$public_ip6" >> "$coturn_config_path"
+fi
+
+ynh_store_file_checksum --file="$coturn_config_path"
+
+#=================================================
+# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
+#=================================================
+
+# WARNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+cp ../sources/Coturn_config_rotate.sh $final_path/
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
+
+#=================================================
+# MODIFY A CONFIG FILE
+#=================================================
+
+cp ../conf/passwd $final_path/data/passwd
+
+ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/data/passwd"
+ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/data/passwd"
+
+cp ../conf/ice-servers.json $final_path/data/ice-servers.json
+
+ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$final_path/data/ice-servers.json"
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/data/ice-servers.json"
+ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$final_path/data/ice-servers.json"
+ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$final_path/data/ice-servers.json"
+ynh_print_OFF
+ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$final_path/data/ice-servers.json"
+ynh_print_ON
+
#=================================================
# NGINX CONFIGURATION
#=================================================
@@ -109,9 +234,9 @@ ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
-#ynh_script_progression --message="Upgrading dependencies..." --weight=1
+ynh_script_progression --message="Upgrading dependencies..." --weight=1
-#ynh_install_app_dependencies $pkg_dependencies
+ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
@@ -120,6 +245,7 @@ ynh_script_progression --message="Making sure dedicated system user exists..." -
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
+adduser turnserver ssl-cert
#=================================================
# SETUP SYSTEMD
@@ -136,30 +262,38 @@ ynh_add_systemd_config
#=================================================
# Set permissions on app files
-chown -R $app: $final_path
+chown -R $app:root $final_path
chmod -R 755 $final_path
+chown -R $app:root /var/log/$app
+chown -R $app:root /etc/$app
+chmod -R u=rwX,g=rX,o= /etc/$app
+chmod 770 $final_path/Coturn_config_rotate.sh
+setfacl -R -m user:turnserver:rX /etc/$app
+setfacl -R -m user:turnserver:rwX /var/log/$app
#=================================================
# SETUP LOGROTATE
#=================================================
-# ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
# # Use logrotate to manage app-specific logfile(s)
-# ynh_use_logrotate --non-append
+ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
-ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
+yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=coturn-$app.service --action=restart
+ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh
new file mode 100644
index 0000000..7c2d704
--- /dev/null
+++ b/sources/Coturn_config_rotate.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+app_instance=__APP__
+
+source /usr/share/yunohost/helpers
+
+external_IP_line="external-ip=__IPV4__,__IPV6__"
+
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
+then
+ echo "external-ip=$public_ip4" >> "$coturn_config_path"
+fi
+
+if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
+then
+ echo "external-ip=$public_ip6" >> "$coturn_config_path"
+fi
+
+old_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf")
+ynh_replace_string "^external-ip=.*\$" "$external_IP_line" "/etc/matrix-$app_instance/coturn.conf"
+new_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf")
+
+setfacl -R -m user:turnserver:rX /etc/matrix-$app_instance
+
+if [ "$old_config_line" != "$new_config_line" ]
+then
+ systemctl restart coturn-$app_instance.service
+fi
+
+exit 0