YunoHost-Apps/galene_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/galene_ynh.git synced 2024-09-03 18:36:31 +02:00
Code Issues Activity Actions

Upgrade to version 0.3.1 (#26)

Browse source 
* Upgrade to version 0.3.1
This commit is contained in:
Éric Gaspar 2021-03-02 20:49:10 +01:00 committed by GitHub
parent e217504372
commit ad2eab6d60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 101 additions and 319 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore Normal file
View file

@ -0,0 +1,2 @@
.DS_Store
._.DS_Store

11
README.md
View file

@ -11,7 +11,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview
Galène is a videoconferencing server that is easy to deploy (just copy a few files and run the binary) and that requires moderate server resources. It was originally designed for lectures and conferences (where a single speaker streams audio and video to hundreds or thousands of users), but later evolved to be useful for student practicals (where users are divided into many small groups), and meetings (where a few dozen users interact with each other).
**Shipped version:** 0.3
**Shipped version:** 0.3.1
## Screenshots
@ -32,16 +32,15 @@ Groups are defined by files in the `/opt/yunohost/galene/groups` directory. Vari
For VoIP and video conferencing a TURN server is also installed and configured. The TURN server listens on two UDP and TCP ports. You can get them with these commands:
```
sudo yunohost app setting galene turnserver_tls_port
sudo yunohost app setting galene turnserver_alt_tls_port
sudo yunohost app setting galene turnserver_port
```
The TURN server will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
The TURN server will also choose a port dynamically when a new call starts. The range is between 49152 - 65535.
For security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use Galène server for VoIP or conferencing you will need to open this port range manually. To do this, just run this command:
For security reason the ports range (49152 - 65535) isn't automatically open by default. If you want to use Galène server for VoIP or conferencing you will need to open this port range manually. To do this, just run this command:
```
sudo yunohost firewall allow Both 49153:49193
sudo yunohost firewall allow Both 49152:65535
```
You might also need to open these ports (if it is not automatically done) on your ISP box.

11
README_fr.md
View file

@ -11,7 +11,7 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install
## Vue d'ensemble
Galène est un serveur de visioconférence facile à déployer (il suffit de copier quelques fichiers et d'exécuter le binaire) et qui nécessite des ressources serveur modérées. Il a été conçu à l'origine pour les conférences (où un seul orateur diffuse l'audio et la vidéo à des centaines ou des milliers d'utilisateurs), mais a ensuite évolué pour être utile pour les travaux pratiques des étudiants (où les utilisateurs sont divisés en plusieurs petits groupes) et les réunions (où un quelques dizaines d'utilisateurs interagissent les uns avec les autres).
**Version incluse :** 0.3
**Version incluse :** 0.3.1
## Captures d'écran
@ -32,16 +32,15 @@ Les groupes sont définis par des fichiers dans le répertoire `/opt/yunohost/ga
Pour la VoIP et la visioconférence, un serveur TURN est également installé et configuré. Le serveur TURN écoute sur deux ports UDP et TCP. Vous pouvez les obtenir avec ces commandes :
```
sudo yunohost app setting galene turnserver_tls_port
sudo yunohost app setting galene turnserver_alt_tls_port
sudo yunohost app setting galene turnserver_port
```
Le serveur TURN choisira également un port de manière dynamique lors du démarrage d'une nouvelle visioconférence. La plage est comprise entre 49153 et 49193.
Le serveur TURN choisira également un port de manière dynamique lors du démarrage d'une nouvelle visioconférence. La plage est comprise entre 49152 et 65535.
Par sécurité, la plage de ports (49153 - 49193) n'est pas automatiquement ouverte par défaut. Si vous souhaitez utiliser Galène pour la VoIP ou la visioconférence, vous devrez ouvrir cette plage de ports manuellement. Pour ce faire, exécutez simplement cette commande :
Par sécurité, la plage de ports (49152 - 65535) n'est pas automatiquement ouverte par défaut. Si vous souhaitez utiliser Galène pour la VoIP ou la visioconférence, vous devrez ouvrir cette plage de ports manuellement. Pour ce faire, exécutez simplement cette commande :
```
sudo yunohost firewall allow Both 49153:49193
sudo yunohost firewall allow Both 49152:65535
```
Vous devrez peut-être également ouvrir ces ports (si ce n'est pas fait automatiquement) sur votre box.

4
conf/386.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3/galene_0.3_Linux_386.tar.gz
SOURCE_SUM=7264f573bc82185c88def851a70b1fe2b6f22c338ccf1e9c8fd9a80050c4be7e
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.1/galene_0.3.1_Linux_386.tar.gz
SOURCE_SUM=6e09e7b08baa95c695a482fadf2c0e3cd382ebba440bbe003d36acba6e07f7d8
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

4
conf/amd64.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3/galene_0.3_Linux_amd64.tar.gz
SOURCE_SUM=0044483c52c392059463147df3762dd832350a5de6791e1fb4cb067cc39f880b
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.1/galene_0.3.1_Linux_amd64.tar.gz
SOURCE_SUM=6940bd0ffc8ce2f4f28c0e752e90ca1858e3f527a318cd45d65a803fce134d61
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

4
conf/arm6.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3/galene_0.3_Linux_arm6.tar.gz
SOURCE_SUM=230bb8c9649138171f44fa299cbaccac07ecc47e800e61194528e6dd044f37fa
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.1/galene_0.3.1_Linux_arm6.tar.gz
SOURCE_SUM=da5277e10ab825d03b56bc3ef35f06a99ddcd1852b38964fc7be3b2efe4fd3c1
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

4
conf/arm64.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3/galene_0.3_Linux_arm64.tar.gz
SOURCE_SUM=7739c2e507e8a7deb8ea9f4a8de8a945d8ca8630a67c5c29851680a2cb208cc0
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.1/galene_0.3.1_Linux_arm64.tar.gz
SOURCE_SUM=0c3b91ba6305cb8e517aeca3989180f670cd33efd928537303a7d8612be210b6
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

4
conf/arm7.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3/galene_0.3_Linux_arm7.tar.gz
SOURCE_SUM=5f81a71faf9450067eab29e57509258a23540374e3c2eb7ee71e616d87e3a10a
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.1/galene_0.3.1_Linux_arm7.tar.gz
SOURCE_SUM=c7be91c30134bf716562b111f34d5bfe6f8b50f5a298667fa1fec0ebb4fd78c7
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

33
conf/coturn/turnserver.conf
View file

@ -1,28 +1,33 @@
lt-cred-mech
use-auth-secret
static-auth-secret=__TURNSERVER_PWD__
# TURN server name and realm
realm=__DOMAIN__
tls-listening-port=__TURNSERVER_TLS_PORT__
alt-tls-listening-port=__TURNSERVER_ALT_TLS_PORT__
min-port=49153
max-port=49193
cli-port=__CLI_PORT__
# Enable long-term credential mechanism
lt-cred-mech
# Specify the user for the TURN authentification
user=__APP__:__TURNSERVER_PWD__
# Main listening port
listening-port=__TURNSERVER_PORT__
# Further ports that are open for communication
min-port=49152
max-port=65535
# SSL certificates
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
dh-file=/etc/ssl/private/dh2048.pem
# Log file path
log-file=/var/log/__APP__/turnserver.log
pidfile=/run/coturn-__APP__/turnserver.pid
simple-log
no-sslv2
no-sslv3
no-tlsv1
no-tlsv1_1
no-loopback-peers
no-multicast-peers
no-cli
log-file=/var/log/__APP__/turnserver.log
pidfile=/run/coturn-__APP__/turnserver.pid
simple-log

4
conf/groupname.json
View file

@ -3,5 +3,7 @@
"presenter": [{}],
"description": "a human-readable description of the group; this is displayed on the landing page for public groups.",
"public": true,
"allow-anonymous": true
"allow-anonymous": true,
"allow-recording": true,
"allow-subgroups": true
}

12
conf/ice-servers.json
View file

@ -1,15 +1,11 @@
[
{
"urls": [
"turn:__DOMAIN__:__TURNSERVER_TLS_PORT__",
"turn:__DOMAIN__:__TURNSERVER_ALT_TLS_PORT__",
"turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=tcp",
"turn:__DOMAIN__:__TURNSERVER_ALT_TLS_PORT__?transport=tcp",
"turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=udp",
"turn:__DOMAIN__:__TURNSERVER_ALT_TLS_PORT__?transport=udp"
"turn:__DOMAIN__:__TURNSERVER_PORT__",
"turn:__DOMAIN__:__TURNSERVER_PORT__?transport=tcp",
"turn:__DOMAIN__:__TURNSERVER_PORT__?transport=udp"
],
"username": "__APP__",
"credential": "__TURNSERVER_PWD__",
"credentialType": "hmac-sha1"
"credential": "__TURNSERVER_PWD__"
}
]

5
conf/nginx.conf
View file

@ -1,6 +1,5 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
location / {
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;

2
manifest.json
View file

@ -6,7 +6,7 @@
"en": "Videoconferencing server that is easy to deploy",
"fr": "Serveur de visioconférence facile à déployer"
},
"version": "0.3~ynh1",
"version": "0.3.1~ynh1",
"url": "https://galene.org/",
"license": "MIT",
"maintainer": {

139
scripts/_common.sh
View file

@ -15,145 +15,6 @@ pkg_dependencies="coturn acl"
# EXPERIMENTAL HELPERS
#=================================================
# Send an email to inform the administrator
#
# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
# | arg: -m --app_message= - The file with the content to send to the administrator.
# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
# example: "root admin@domain"
# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
# example: "root admin@domain user1 user2"
# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
ynh_send_readme_to_admin() {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
local app_message
local recipients
local type
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
app_message="${app_message:-}"
recipients="${recipients:-root}"
type="${type:-install}"
# Get the value of admin_mail_html
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
admin_mail_html="${admin_mail_html:-0}"
# Retrieve the email of users
find_mails () {
local list_mails="$1"
local mail
local recipients=" "
# Read each mail in argument
for mail in $list_mails
do
# Keep root or a real email address as it is
if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
then
recipients="$recipients $mail"
else
# But replace an user name without a domain after by its email
if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
then
recipients="$recipients $mail"
fi
fi
done
echo "$recipients"
}
recipients=$(find_mails "$recipients")
# Subject base
local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
# Adapt the subject according to the type of mail required.
if [ "$type" = "backup" ]; then
mail_subject="$mail_subject has just been backup."
elif [ "$type" = "change_url" ]; then
mail_subject="$mail_subject has just been moved to a new URL!"
elif [ "$type" = "remove" ]; then
mail_subject="$mail_subject has just been removed!"
elif [ "$type" = "restore" ]; then
mail_subject="$mail_subject has just been restored!"
elif [ "$type" = "upgrade" ]; then
mail_subject="$mail_subject has just been upgraded!"
else # install
mail_subject="$mail_subject has just been installed!"
fi
local mail_message="This is an automated message from your beloved YunoHost server.
Specific information for the application $app.
$(if [ -n "$app_message" ]
then
cat "$app_message"
else
echo "...No specific information..."
fi)
---
Automatic diagnosis data from YunoHost
__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
# Store the message into a file for further modifications.
echo "$mail_message" > mail_to_send
# If a html email is required. Apply html tags to the message.
if [ "$admin_mail_html" -eq 1 ]
then
# Insert 'br' tags at each ending of lines.
ynh_replace_string "$" "<br>" mail_to_send
# Insert starting HTML tags
sed --in-place '1s@^@<!DOCTYPE html>\n<html>\n<head></head>\n<body>\n@' mail_to_send
# Keep tabulations
ynh_replace_string " " "\&#160;\&#160;" mail_to_send
ynh_replace_string "\t" "\&#160;\&#160;" mail_to_send
# Insert url links tags
ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "<a href=\"\2\">\1</a>" mail_to_send
# Insert pre tags
ynh_replace_string "__PRE_TAG1__" "<pre>" mail_to_send
ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
# Insert finishing HTML tags
echo -e "\n</body>\n</html>" >> mail_to_send
# Otherwise, remove tags to keep a plain text.
else
# Remove URL tags
ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
ynh_replace_string "__URL_TAG2__" ": " mail_to_send
# Remove PRE tags
ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
fi
# Define binary to use for mail command
if [ -e /usr/bin/bsd-mailx ]
then
local mail_bin=/usr/bin/bsd-mailx
else
local mail_bin=/usr/bin/mail.mailutils
fi
if [ "$admin_mail_html" -eq 1 ]
then
content_type="text/html"
else
content_type="text/plain"
fi
# Send the email to the recipients
cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
}
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

8
scripts/change_url
View file

@ -70,7 +70,7 @@ fi
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app --action=stop --log_path="/var/log/$app/$app.log"
#=================================================
# MODIFY URL IN NGINX CONF
@ -106,14 +106,14 @@ fi
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --time --weight=3
ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app --action=start --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload

51
scripts/install
View file

@ -27,10 +27,7 @@ domain=$YNH_APP_ARG_DOMAIN
path_url="/"
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
email=$(ynh_user_get_info --username=$admin --key=mail)
ynh_print_OFF
password=$YNH_APP_ARG_PASSWORD
ynh_print_ON
group_name=$YNH_APP_ARG_GROUP_NAME
architecture=$(ynh_detect_arch)
@ -55,7 +52,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=4
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=group_name --value="$group_name"
ynh_app_setting_set --app=$app --key=password --value=$password
@ -67,7 +63,7 @@ ynh_script_progression --message="Creating a dhparam file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dhparam cert for Galène if it doesn't exist
# Make dhparam cert for Coturn if it doesn't exist
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
@ -84,21 +80,15 @@ ynh_script_progression --message="Finding an available port..." --weight=3
# Find an available port
port=$(ynh_find_port --port=8443)
turnserver_tls_port=$(ynh_find_port --port=5349)
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
turnserver_port=$(ynh_find_port --port=1194)
ynh_app_setting_set --app=$app --key=port --value=$port
# Open the port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
# Open the ports
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
# Store opened ports
ynh_app_setting_set --app=$app --key=port --value=$port
ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
ynh_app_setting_set --app=$app --key=turnserver_port --value=$turnserver_port
#=================================================
# INSTALL DEPENDENCIES
@ -187,8 +177,8 @@ ynh_add_config --template="../conf/coturn/turnserver.conf" --destination="$cotur
# Get public IP and set as external IP for coturn
# note: '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl -s ipv6.yunohost.org)" || true
if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" )
then
@ -248,7 +238,7 @@ chown -R $app:$app $final_path
chmod -R 755 $final_path
chown -R $app:root /var/log/$app
chown -R $app:root /etc/$app
chown turnserver:root $coturn_config_path
chown turnserver:root /etc/$app/coturn.conf
chmod -R u=rwX,g=rX,o= /etc/$app
chmod 770 $final_path/Coturn_config_rotate.sh
setfacl -R -m user:turnserver:rX /etc/$app
@ -259,8 +249,8 @@ setfacl -R -m user:turnserver:rwX /var/log/$app
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
#=================================================
# START SYSTEMD SERVICE
@ -269,7 +259,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=coturn-$app.service --action=restart --log_path="/var/log/$app/turnserver.log"
#=================================================
# SETUP SSOWAT
@ -289,23 +279,6 @@ ynh_script_progression --message="Reloading NGINX web server..." --weight=2
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
echo "Galène was successfully installed :)
Galène is now accesible at this adress: https://$domain
Galène implements a TURN server (for VoIP), to have this fully functional please read the 'TURN server' section in the README available here: https://github.com/YunoHost-Apps/galene_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/galene_ynh" > mail_to_send
ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
#=================================================
# END OF SCRIPT
#=================================================

14
scripts/remove
View file

@ -19,8 +19,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
turnserver_port=$(ynh_app_setting_get --app=$app --key=turnserver_port)
#=================================================
# STANDARD REMOVE
@ -86,17 +85,16 @@ ynh_remove_logrotate
#=================================================
# CLOSE A PORT
#=================================================
ynh_script_progression --message="Closing ports..." --weight=1
if yunohost firewall list | grep -q "\- $turnserver_tls_port$"
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $turnserver_tls_port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
if yunohost firewall list | grep -q "\- $turnserver_alt_tls_port$"
if yunohost firewall list | grep -q "\- $turnserver_port$"
then
ynh_script_progression --message="Closing port $turnserver_alt_tls_port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_alt_tls_port
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_port
fi
#=================================================

66
scripts/restore
View file

@ -31,12 +31,9 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
ynh_print_OFF
port=$(ynh_app_setting_get --app=$app --key=port)
turnserver_port=$(ynh_app_setting_get --app=$app --key=turnserver_port)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
ynh_print_ON
#=================================================
# CHECK IF THE APP CAN BE RESTORED
@ -99,8 +96,8 @@ systemctl enable coturn-$app.service --quiet
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
#=================================================
# START SYSTEMD SERVICE
@ -108,7 +105,6 @@ yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_systemd_action --service_name=$app --action=start --log_path="/var/log/$app/$app.log"
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# CREATE A DH FILE
@ -118,7 +114,7 @@ ynh_script_progression --message="Creating a dhparam file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dhparam cert for Galène if it doesn't exist
# Make dhparam cert for Coturn if it doesn't exist
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
@ -126,48 +122,13 @@ then
chmod 640 /etc/ssl/private/dh2048.pem
fi
# #=================================================
# # RECONFIGURE THE TURNSERVER
# #=================================================
# ynh_script_progression --message="Reconfiguring Coturn..." --weight=23
# # To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
# # WARNING : these commands are used in INSTALL, UPGRADE
# # For any update do it in all files
# coturn_config_path="/etc/$app/coturn.conf"
# cp ../settings/conf/coturn/turnserver.conf "$coturn_config_path"
# ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
# ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
# ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
# ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
# ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
# ynh_print_OFF
# ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
# ynh_print_ON
# # Get public IP and set as external IP for coturn
# # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
# public_ip4="$(curl ip.yunohost.org)" || true
# public_ip6="$(curl ipv6.yunohost.org)" || true
# if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" )
# then
# echo "external-ip=${public_ip4}/${public_ip6}" >> "$coturn_config_path"
# fi
# ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# OPEN THE PORT
#=================================================
# Ouvre le port dans le firewall
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
#=================================================
# RESTORE USER RIGHTS
@ -192,19 +153,6 @@ setfacl -R -m user:turnserver:rwX /var/log/$app
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
echo "Galène also implements a TURN server (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/galene_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/galene_ynh" > mail_to_send
ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore"
#=================================================
# GENERIC FINALIZATION
#=================================================

38
scripts/upgrade
View file

@ -19,14 +19,11 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
password=$(ynh_app_setting_get --app=$app --key=password)
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
port=$(ynh_app_setting_get --app=$app --key=port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
turnserver_port=$(ynh_app_setting_get --app=$app --key=turnserver_port)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
architecture=$(ynh_detect_arch)
@ -47,6 +44,12 @@ if [ -z "$final_path" ]; then
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
if [ -z "$turnserver_port" ]; then
turnserver_port=$(ynh_find_port --port=1194)
ynh_app_setting_set --app=$app --key=turnserver_port --value=$turnserver_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
@ -111,8 +114,8 @@ then
# Recreate certificates
pushd "$final_path/data"
ynh_exec_warn_less openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem \
-subj "/C=/ST=/L=/O=/OU=/CN=/emailAddress="
ynh_exec_warn_less openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem \
-subj "/C=/ST=/L=/O=/OU=/CN=/emailAddress="
chmod 640 {key.pem,cert.pem}
popd
fi
@ -137,13 +140,9 @@ then
ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
turnserver_port=$(ynh_find_port --port=1194)
ynh_app_setting_set --app=$app --key=turnserver_port --value=$turnserver_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
@ -160,7 +159,7 @@ ynh_script_progression --message="Creating a dhparam file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dhparam cert for Galène if it doesn't exist
# Make dhparam cert for Coturn if it doesn't exist
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
@ -184,8 +183,8 @@ ynh_add_config --template="../conf/coturn/turnserver.conf" --destination="$cotur
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl -s ipv6.yunohost.org)" || true
if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" )
then
@ -227,6 +226,7 @@ ynh_script_progression --message="Making sure dedicated system user exists..." -
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
ynh_system_user_create --username=turnserver
adduser turnserver ssl-cert
#=================================================
@ -267,15 +267,15 @@ ynh_use_logrotate --non-append
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=coturn-$app.service --action=restart --log_path="/var/log/$app/turnserver.log"
ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
#=================================================

4
sources/Coturn_config_rotate.sh
View file

@ -4,8 +4,8 @@ source /usr/share/yunohost/helpers
external_IP_line="external-ip=__IPV4__/__IPV6__"
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl -s ipv6.yunohost.org)" || true
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then