mirror of
https://github.com/YunoHost-Apps/galene_ynh.git
synced 2024-09-03 18:36:31 +02:00
parent
2c4aa90a45
commit
f0f4fef198
30 changed files with 396 additions and 743 deletions
|
@ -1,2 +0,0 @@
|
|||
.DS_Store
|
||||
._.DS_Store
|
93
README.md
93
README.md
|
@ -1,81 +1,96 @@
|
|||
|
||||
|
||||
---
|
||||
|
||||
<!--
|
||||
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
|
||||
It shall NOT be edited by hand.
|
||||
-->
|
||||
|
||||
# Galene for YunoHost
|
||||
# Galène for YunoHost
|
||||
|
||||
[![Integration level](https://dash.yunohost.org/integration/galene.svg)](https://dash.yunohost.org/appci/app/galene) ![](https://ci-apps.yunohost.org/ci/badges/galene.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/galene.maintain.svg)
|
||||
[![Install galene with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=galene)
|
||||
[![Integration level](https://dash.yunohost.org/integration/galene.svg)](https://dash.yunohost.org/appci/app/galene) ![](https://ci-apps.yunohost.org/ci/badges/galene.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/galene.maintain.svg)
|
||||
[![Install Galène with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=galene)
|
||||
|
||||
*[Lire ce readme en français.](./README_fr.md)*
|
||||
|
||||
> *This package allows you to install galene quickly and simply on a YunoHost server.
|
||||
> *This package allows you to install Galène quickly and simply on a YunoHost server.
|
||||
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
|
||||
|
||||
## Overview
|
||||
|
||||
Videoconferencing server that is easy to deploy
|
||||
Galène is a videoconference server (an “SFU”) that is easy to deploy and that requires moderate server resources. It was originally designed for lectures and conferences (where a single speaker streams audio and video to hundreds or thousands of users), but later evolved to be useful for student practicals (where users are divided into many small groups), and meetings (where a dozen users interact with each other).
|
||||
|
||||
**Shipped version:** 0.3.5~ynh2
|
||||
### Client features:
|
||||
|
||||
- multiparty audio and video
|
||||
- text chat
|
||||
- reasonably good support for mobile (Android and iPhone/iPad)
|
||||
- screen and window sharing, including sharing multiple windows simultaneously (not on mobile)
|
||||
- streaming video and audio from disk
|
||||
- activity detection
|
||||
|
||||
|
||||
**Shipped version:** 0.4.0~ynh1
|
||||
|
||||
**Demo:** https://galene.org:8443/
|
||||
|
||||
|
||||
## Screenshots
|
||||
|
||||
|
||||
![](./doc/screenshots/screenshot.png)
|
||||
|
||||
|
||||
|
||||
![](./doc/screenshots/screenshot.png)
|
||||
|
||||
## Disclaimers / important information
|
||||
|
||||
### How to creat groups
|
||||
### Accessing groups
|
||||
|
||||
Groups are defined by files in the `/opt/yunohost/galene/groups` directory. Various options are available (see https://github.com/YunoHost-Apps/galene_ynh/wiki/Configuration-file)
|
||||
*Galène* meeting rooms are called "groups". Any group is accessible at `https://domain.tld/group/GroupName`, by typing its name in the home page search field, or by selecting it in the public list (if the group is configured as publicly visible, see below).
|
||||
|
||||
### TURN server
|
||||
#### Creating and configuring groups
|
||||
|
||||
For VoIP and video conferencing a TURN server is also installed and configured. The TURN server listens on two UDP and TCP ports. You can get them with these commands:
|
||||
Groups are defined by JSON files located in the folder `/home/yunohost.app/galene/groups`. Each group is represented by a `GroupName.json` file.
|
||||
To create a new group, you need to create a `GroupNameExample.json` file (you can also make subfolder groups, and the groups will be accessible with `https://domain.tld/group/subfolder/GroupName`). Various configuration options are available (see https://github.com/YunoHost-Apps/galene_ynh/wiki/Configuration-file).
|
||||
|
||||
*NB: Spaces are supported in group file names.*
|
||||
|
||||
### Configuring your TURN server
|
||||
|
||||
#### Using *Galène*'s internal TURN server
|
||||
Galène comes with a built-in TURN server that should work out-of-the-box.
|
||||
- If your server is behind NAT, allow incoming traffic to TCP port `8443` (or whatever is configured with the `-http` option in `/etc/systemd/system/galene.service`) and TCP/UDP port `1194` (or whatever is configured with the `-turn` option in `/etc/systemd/system/galene.service`)
|
||||
|
||||
#### Using your own TURN server
|
||||
- Install [coturn_ynh](https://github.com/YunoHost-Apps/coturn_ynh).
|
||||
- Add `/opt/yunohost/galene/data/ice-servers.json` with these lines and change `turn.example.org` and `secret`
|
||||
|
||||
```
|
||||
sudo yunohost app setting galene turnserver_port
|
||||
[
|
||||
{
|
||||
"urls": [
|
||||
"turn:turn.example.org:5349",
|
||||
"turn:turn.example.org:5349?transport=tcp"
|
||||
],
|
||||
"username": "galene",
|
||||
"credential": "secret"
|
||||
}
|
||||
]
|
||||
```
|
||||
- set `/etc/systemd/system/galene.service` `-turn` option to `-turn auto` (or `-turn ""` to disable the built-in TURN server).
|
||||
|
||||
The TURN server will also choose a port dynamically when a new call starts. The range is between 49152 - 65535.
|
||||
To check if the TURN server is up and running, type `/relay-test` in the chat box. If the TURN server is properly configured, you should see a message saying that the relay test has been successful.
|
||||
|
||||
For security reason the ports range (49152 - 65535) isn't automatically open by default. If you want to use Galène server for VoIP or conferencing you will need to open this port range manually. To do this, just run this command:
|
||||
You can also install Galène with an external TURN server with this branch: https://github.com/YunoHost-Apps/galene_ynh/tree/galene+turn
|
||||
|
||||
```
|
||||
sudo yunohost firewall allow Both 49152:65535
|
||||
```
|
||||
### Server Statistics page
|
||||
|
||||
You might also need to open these ports (if it is not automatically done) on your ISP box.
|
||||
Statistics are available under `/var/www/galene/stats.json`, with a human-readable version at `domain.ltd/stats.html`. This is only available to the server administrator.
|
||||
|
||||
To prevent the situation when the server is behind a NAT, the public IP is written in the TURN server config. By this the TURN server can send its real public IP to the client. For more information see the [Coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L56-L62). So if your IP changes, you could run the script `/opt/yunohost/galene/Coturn_config_rotate.sh` to update your config.
|
||||
|
||||
If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content.
|
||||
|
||||
```
|
||||
*/15 * * * * root bash /opt/yunohost/galene/Coturn_config_rotate.sh;
|
||||
```
|
||||
|
||||
To check if Galène can connect to the TURN server, connect to Galène as operator and type `/relay-test` in the chat box; if the TURN server is properly configured, you should see a message saying that the relay test has been successful.
|
||||
### How do I record my lecture?
|
||||
|
||||
Make sure allow-recording is set in your group configuration. Log-in as an operator, then say `/record` before you start your lecture. Don't forget to say `/unrecord` at the end. You will find your recordings under `https://server.example.com/recordings/groupname/`. The video recordings are stored in `/home/yunohost.app/galene/recordings` folder.
|
||||
|
||||
|
||||
## Documentation and resources
|
||||
|
||||
* Official app website: https://galene.org
|
||||
|
||||
* Official app website: https://galene.org/
|
||||
* Official user documentation: https://galene.org/faq.html
|
||||
* Official admin documentation: https://galene.org/
|
||||
* Upstream app code repository: https://github.com/jech/galene
|
||||
* Upstream app code repository: https://github.com/jech/galene
|
||||
* YunoHost documentation for this app: https://yunohost.org/app_galene
|
||||
* Report a bug: https://github.com/YunoHost-Apps/galene_ynh/issues
|
||||
|
||||
|
|
102
README_fr.md
102
README_fr.md
|
@ -1,77 +1,93 @@
|
|||
# Galene pour YunoHost
|
||||
# Galène pour YunoHost
|
||||
|
||||
[![Niveau d'intégration](https://dash.yunohost.org/integration/galene.svg)](https://dash.yunohost.org/appci/app/galene) ![](https://ci-apps.yunohost.org/ci/badges/galene.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/galene.maintain.svg)
|
||||
[![Installer galene avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=galene)
|
||||
[![Niveau d'intégration](https://dash.yunohost.org/integration/galene.svg)](https://dash.yunohost.org/appci/app/galene) ![](https://ci-apps.yunohost.org/ci/badges/galene.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/galene.maintain.svg)
|
||||
[![Installer Galène avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=galene)
|
||||
|
||||
*[Read this readme in english.](./README.md)*
|
||||
*[Lire ce readme en français.](./README_fr.md)*
|
||||
|
||||
> *This package allows you to install galene quickly and simply on a YunoHost server.
|
||||
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
|
||||
> *Ce package vous permet d'installer Galène rapidement et simplement sur un serveur YunoHost.
|
||||
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
|
||||
|
||||
## Vue d'ensemble
|
||||
|
||||
Serveur de visioconférence facile à déployer
|
||||
Galène est un serveur de visioconférence (un « SFU ») facile à déployer et qui nécessite des ressources serveur modérées. Il a été conçu à l'origine pour les cours et les conférences (où un seul orateur diffuse de l'audio et de la vidéo à des centaines ou des milliers d'utilisateurs), mais a évolué par la suite pour être utile pour les travaux pratiques des étudiants (où les utilisateurs sont divisés en plusieurs petits groupes) et les réunions (où un douzaine d'utilisateurs interagissent entre eux).
|
||||
|
||||
**Version incluse:** 0.3.5~ynh2
|
||||
### Fonctionnalités client :
|
||||
|
||||
**Démo:** https://galene.org:8443/
|
||||
- audio et vidéo multipartites
|
||||
- chat textuel
|
||||
- assez bonne prise en charge pour mobile (Android et iPhone/iPad)
|
||||
- partage d'écran et de fenêtre, y compris le partage de plusieurs fenêtres simultanément (pas sur mobile)
|
||||
- streaming vidéo et audio à partir du disque
|
||||
- détection d'activité
|
||||
|
||||
|
||||
**Version incluse :** 0.4.0~ynh1
|
||||
|
||||
**Démo :** https://galene.org:8443/
|
||||
|
||||
## Captures d'écran
|
||||
|
||||
|
||||
![](./doc/screenshots/screenshot.png)
|
||||
|
||||
|
||||
|
||||
![](./doc/screenshots/screenshot.png)
|
||||
|
||||
## Avertissements / informations importantes
|
||||
|
||||
## Configuration
|
||||
### Accéder à des groupes
|
||||
|
||||
### Comment créer des groupes
|
||||
Les salles de réunion *Galène* sont appelées « groupes ». Tout groupe est accessible sur `https://domain.tld/group/GroupName`, en tapant son nom dans le champ de recherche de la page d'accueil, ou en le sélectionnant dans la liste publique (si le groupe est configuré comme visible publiquement, voir ci-dessous).
|
||||
|
||||
Les groupes sont définis par des fichiers dans le répertoire `/opt/yunohost/galene/groups`. Différentes options sont disponibles (voir https://github.com/YunoHost-Apps/galene_ynh/wiki/Configuration-file)
|
||||
#### Ajouter et configurer des groupes
|
||||
|
||||
### Serveur TURN
|
||||
Les groupes sont définis par des fichiers JSON situés dans le dossier `/home/yunohost.app/galene/groups`. Chaque groupe est représenté par un fichier `GroupName.json`.
|
||||
Pour créer un nouveau groupe, vous devez créer un fichier `GroupNameExample.json` (vous pouvez également créer un sous-dossier, et les groupes seront accessibles avec` https://domain.tld/group/subfolder/GroupName`). Différentes options de configurations sont disponibles (voir https://github.com/YunoHost-Apps/galene_ynh/wiki/Configuration-file).
|
||||
|
||||
Pour la VoIP et la visioconférence, un serveur TURN est également installé et configuré. Le serveur TURN écoute sur deux ports UDP et TCP. Vous pouvez les obtenir avec ces commandes :
|
||||
*NB : les espaces sont pris en charge dans les noms de fichiers de groupe.*
|
||||
|
||||
### Configurer votre serveur TURN
|
||||
|
||||
#### Utilisation du serveur TURN de *Galène*
|
||||
Galène est livré avec un serveur TURN intégré qui devrait fonctionner immédiatement.
|
||||
- Si votre serveur est derrière NAT, autorisez le trafic entrant vers le port TCP `8443` (ou tout ce qui est configuré avec l'option `-http` dans `/etc/systemd/system/galene.service`) et le port TCP/UDP `1194` (ou tout ce qui est configuré avec l'option `-turn` dans `/etc/systemd/system/galene.service`)
|
||||
|
||||
#### Utilisation de votre propre serveur TURN
|
||||
- Installez [coturn_ynh](https://github.com/YunoHost-Apps/coturn_ynh).
|
||||
- Ajoutez `/var/www/galene/data/ice-servers.json` avec ces lignes et changez `turn.example.org` et `secret`
|
||||
|
||||
```
|
||||
sudo yunohost app setting galene turnserver_port
|
||||
[
|
||||
{
|
||||
"urls": [
|
||||
"turn:turn.example.org:5349",
|
||||
"turn:turn.example.org:5349?transport=tcp"
|
||||
],
|
||||
"username": "galene",
|
||||
"credential": "secret"
|
||||
}
|
||||
]
|
||||
```
|
||||
- Dans `/etc/systemd/system/galene.service` changer l'option `-turn auto` (ou `-turn ""` pour désactiver le serveur TURN intégré).
|
||||
|
||||
Le serveur TURN choisira également un port de manière dynamique lors du démarrage d'une nouvelle visioconférence. La plage est comprise entre 49152 et 65535.
|
||||
Pour vérifier si le serveur TURN est opérationnel, tapez `/relay-test` dans la boîte de dialogue du chat de *Galène* ; si le serveur TURN est correctement configuré, vous devriez voir un message indiquant que le test du relai a réussi.
|
||||
|
||||
Par sécurité, la plage de ports (49152 - 65535) n'est pas automatiquement ouverte par défaut. Si vous souhaitez utiliser Galène pour la VoIP ou la visioconférence, vous devrez ouvrir cette plage de ports manuellement. Pour ce faire, exécutez simplement cette commande :
|
||||
Vous pouvez également installer *Galène* avec un serveur TURN externe avec cette branch : https://github.com/YunoHost-Apps/galene_ynh/tree/galene+turn
|
||||
|
||||
```
|
||||
sudo yunohost firewall allow Both 49152:65535
|
||||
```
|
||||
### Statistiques du serveur
|
||||
|
||||
Vous devrez peut-être également ouvrir ces ports (si ce n'est pas fait automatiquement) sur votre box.
|
||||
|
||||
Pour éviter la situation où le serveur est derrière un NAT, l'adresse IP publique est écrite dans la configuration du serveur TURN. De cette manière, le serveur TURN peut envoyer sa véritable adresse IP publique au client. Pour plus d'informations, consultez [le fichier de configuration d'exemple Coturn](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L56-L62). Donc, si votre adresse IP change, vous pouvez exécuter le script `/opt/yunohost/galene/Coturn_config_rotate.sh` pour mettre à jour votre configuration.
|
||||
|
||||
Si vous avez une adresse IP dynamique, vous devrez peut-être également mettre à jour cette configuration automatiquement. Pour ce faire, éditez simplement un fichier nommé `/etc/cron.d/coturn_config_rotate` et ajoutez le contenu suivant.
|
||||
|
||||
```
|
||||
* / 15 * * * * root bash /opt/yunohost/galene/Coturn_config_rotate.sh;
|
||||
```
|
||||
|
||||
Pour vérifier si Galène peut se connecter au serveur TURN, connectez-vous à Galène en tant qu'opérateur et tapez `/relay-test` dans la boîte de dialogue chat; si le serveur TURN est correctement configuré, vous devriez voir un message indiquant que le test du relais a réussi.
|
||||
Les statistiques sont disponibles sous `/var/www/galene/stats.json`, avec une version lisible sur `domain.ltd/stats.html`. Cette page n'est disponible que pour l'administrateur du serveur.
|
||||
|
||||
### Comment enregistrer ma conférence ?
|
||||
|
||||
Assurez-vous que l'autorisation d'enregistrement est définie dans la configuration de votre groupe. Connectez-vous en tant qu'opérateur, puis dites `/record` dans la fenêtre de chat avant de commencer la visio. N'oubliez pas de dire `/unrecord` à la fin. Vous trouverez vos enregistrements sous `https://server.example.com/recordings/groupname/`. Les enregistrements vidéo sont stockés dans le dossier `/home/yunohost.app/galene/recordings`.
|
||||
|
||||
## Documentations et ressources
|
||||
|
||||
* Site official de l'app : https://galene.org
|
||||
|
||||
* Documentation officielle de l'admin: https://galene.org/
|
||||
* Dépôt de code officiel de l'app: https://github.com/jech/galene
|
||||
* Documentation YunoHost pour cette app: https://yunohost.org/app_galene
|
||||
* Signaler un bug: https://github.com/YunoHost-Apps/galene_ynh/issues
|
||||
* Site officiel de l'app : https://galene.org/
|
||||
* Documentation officielle utilisateur : https://galene.org/faq.html
|
||||
* Documentation officielle de l'admin : https://galene.org/
|
||||
* Dépôt de code officiel de l'app : https://github.com/jech/galene
|
||||
* Documentation YunoHost pour cette app : https://yunohost.org/app_galene
|
||||
* Signaler un bug : https://github.com/YunoHost-Apps/galene_ynh/issues
|
||||
|
||||
## Informations pour les développeurs
|
||||
|
||||
|
@ -80,8 +96,8 @@ Merci de faire vos pull request sur la [branche testing](https://github.com/Yuno
|
|||
Pour essayer la branche testing, procédez comme suit.
|
||||
```
|
||||
sudo yunohost app install https://github.com/YunoHost-Apps/galene_ynh/tree/testing --debug
|
||||
or
|
||||
ou
|
||||
sudo yunohost app upgrade galene -u https://github.com/YunoHost-Apps/galene_ynh/tree/testing --debug
|
||||
```
|
||||
|
||||
**Plus d'infos sur le packaging d'applications:** https://yunohost.org/packaging_apps
|
||||
**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps
|
|
@ -4,9 +4,9 @@
|
|||
path="/path"
|
||||
admin="john"
|
||||
is_public=1
|
||||
password="pass"
|
||||
group_name="public"
|
||||
group_description="My public group"
|
||||
password="password"
|
||||
group_name="public with space"
|
||||
group_description="My public space"
|
||||
; Checks
|
||||
pkg_linter=1
|
||||
setup_sub_dir=0
|
||||
|
@ -15,7 +15,6 @@
|
|||
setup_private=1
|
||||
setup_public=1
|
||||
upgrade=1
|
||||
upgrade=1 from_commit=c06f6235a93587e16524fa5b124e4d9e138a8109
|
||||
backup_restore=1
|
||||
multi_instance=0
|
||||
change_url=1
|
||||
|
@ -23,6 +22,6 @@
|
|||
Email=
|
||||
Notification=none
|
||||
;;; Upgrade options
|
||||
; commit=c06f6235a93587e16524fa5b124e4d9e138a8109
|
||||
name=Allow naming groups with spaces (#21)
|
||||
; commit=CommitHash
|
||||
name=Name and date of the commit.
|
||||
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.5/galene_0.3.5_Linux_386.tar.gz
|
||||
SOURCE_SUM=3b0df8926284a3aec5eb9b1bffca18e3ffbdb8749a72bfd839b75775fd48f392
|
||||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.4/galene_0.4_Linux_386.tar.gz
|
||||
SOURCE_SUM=ef933459f6564e3533bc8ea0db4f5adddee774f480dce4ba7be086116b46bc52
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
||||
SOURCE_EXTRACT=true
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.5/galene_0.3.5_Linux_amd64.tar.gz
|
||||
SOURCE_SUM=bf98a50ae9d906f6b330844dee298b1b853c9b27f4b5a54bded180a02778b7a6
|
||||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.4/galene_0.4_Linux_amd64.tar.gz
|
||||
SOURCE_SUM=2530187e021a792753c78e3b8449b23b88b0e9349dda263eb815ef46e8d16330
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.5/galene_0.3.5_Linux_arm6.tar.gz
|
||||
SOURCE_SUM=12ff36deab3040587b35c6faab77a42831f6fc0cb79764410a6beb6fa32fd7c9
|
||||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.4/galene_0.4_Linux_arm6.tar.gz
|
||||
SOURCE_SUM=56a7be3fe0210b920f1883dfb054268ffeb21f4e822c4b1f1527c40e95b57952
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.5/galene_0.3.5_Linux_arm64.tar.gz
|
||||
SOURCE_SUM=1dcac2a4f35d1402d4208541773237b46bc9f75d242b763b21c56c5ae1317fff
|
||||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.4/galene_0.4_Linux_arm64.tar.gz
|
||||
SOURCE_SUM=5281e7f0918d9df4de4f61028a15d0c876346a5e202f22849e69ffd3153cd82a
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.3.5/galene_0.3.5_Linux_arm7.tar.gz
|
||||
SOURCE_SUM=819794367ec2abaedb1209839047f7a7749391fd9f12f25c65db4f30a4c34e0f
|
||||
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.4/galene_0.4_Linux_arm7.tar.gz
|
||||
SOURCE_SUM=3af918cf297fbc53d6d109fa0b3d465907af87c93c9da87bf78601ad618fb505
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
[Unit]
|
||||
Description=Coturn STUN/TURN Server
|
||||
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
|
||||
After=syslog.target network.target
|
||||
|
||||
[Service]
|
||||
User=turnserver
|
||||
Group=turnserver
|
||||
Type=forking
|
||||
EnvironmentFile=/etc/default/coturn-__APP__
|
||||
PIDFile=/run/coturn-__APP__/turnserver.pid
|
||||
RuntimeDirectory=coturn-__APP__
|
||||
RuntimeDirectoryMode=0755
|
||||
ExecStart=/usr/bin/turnserver -o -c /etc/__APP__/coturn.conf $EXTRA_OPTIONS
|
||||
ExecStopPost=/bin/rm -f /run/coturn-__APP__/turnserver.pid
|
||||
Restart=on-abort
|
||||
|
||||
LimitCORE=infinity
|
||||
LimitNOFILE=999999
|
||||
LimitNPROC=60000
|
||||
LimitRTPRIO=infinity
|
||||
LimitRTTIME=7000000
|
||||
CPUSchedulingPolicy=other
|
||||
UMask=0007
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,5 +0,0 @@
|
|||
#
|
||||
# Uncomment it if you want to have the turnserver running as
|
||||
# an automatic system service daemon
|
||||
#
|
||||
TURNSERVER_ENABLED=1
|
|
@ -1,33 +0,0 @@
|
|||
# TURN server name and realm
|
||||
realm=__DOMAIN__
|
||||
|
||||
# Enable long-term credential mechanism
|
||||
lt-cred-mech
|
||||
|
||||
# Specify the user for the TURN authentification
|
||||
user=__APP__:__TURNSERVER_PWD__
|
||||
|
||||
# Main listening port
|
||||
listening-port=__TURNSERVER_PORT__
|
||||
|
||||
# Further ports that are open for communication
|
||||
min-port=49152
|
||||
max-port=65535
|
||||
|
||||
# SSL certificates
|
||||
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
|
||||
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
|
||||
dh-file=/etc/ssl/private/dh2048.pem
|
||||
|
||||
# Log file path
|
||||
log-file=/var/log/__APP__/turnserver.log
|
||||
pidfile=/run/coturn-__APP__/turnserver.pid
|
||||
simple-log
|
||||
|
||||
no-sslv2
|
||||
no-sslv3
|
||||
no-tlsv1
|
||||
no-tlsv1_1
|
||||
no-loopback-peers
|
||||
no-multicast-peers
|
||||
no-cli
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"op": [{"username": "__ADMIN__", "password": "__PASSWORD__"}],
|
||||
"presenter": [{}],
|
||||
"description": "__GROUP_DESCRIPTION__",
|
||||
"public": true,
|
||||
"op": [{"username": "__ADMIN__", "password": "__PASSWORD__"}],
|
||||
"presenter": [{}],
|
||||
"description": "__GROUP_DESCRIPTION__",
|
||||
"public": true,
|
||||
"allow-anonymous": true,
|
||||
"allow-recording": true,
|
||||
"allow-subgroups": true
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
[
|
||||
{
|
||||
"urls": [
|
||||
"turn:__DOMAIN__:__TURNSERVER_PORT__",
|
||||
"turn:__DOMAIN__:__TURNSERVER_PORT__?transport=tcp"
|
||||
"turn:turn.example.org:5349",
|
||||
"turn:turn.example.org:5349?transport=tcp"
|
||||
],
|
||||
"username": "__APP__",
|
||||
"credential": "__TURNSERVER_PWD__"
|
||||
"username": "galene",
|
||||
"credential": "secret",
|
||||
"credentialType": "hmac-sha1"
|
||||
}
|
||||
]
|
||||
|
|
|
@ -13,7 +13,6 @@ location / {
|
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
|
||||
# WebSocket support
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
__ADMIN__:__PASSWORD__
|
||||
|
|
@ -8,8 +8,38 @@ Type=simple
|
|||
WorkingDirectory=__FINALPATH__/
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
ExecStart=__FINALPATH__/galene
|
||||
ExecStart=__FINALPATH__/galene -turn __PUBLIC_IP4__:__TURN_PORT__ -udp-range 49152-65535 -groups /home/yunohost.app/__APP__/groups -recordings /home/yunohost.app/__APP__/recordings
|
||||
LimitNOFILE=65536
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Depending on specificities of your service/app, you may need to tweak these
|
||||
# .. but this should be a good baseline
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=full
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
LockPersonality=yes
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||
|
||||
# Denying access to capabilities that should not be relevant for webapps
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
10
doc/DESCRIPTION.md
Normal file
10
doc/DESCRIPTION.md
Normal file
|
@ -0,0 +1,10 @@
|
|||
Galène is a videoconference server (an “SFU”) that is easy to deploy and that requires moderate server resources. It was originally designed for lectures and conferences (where a single speaker streams audio and video to hundreds or thousands of users), but later evolved to be useful for student practicals (where users are divided into many small groups), and meetings (where a dozen users interact with each other).
|
||||
|
||||
### Client features:
|
||||
|
||||
- multiparty audio and video
|
||||
- text chat
|
||||
- reasonably good support for mobile (Android and iPhone/iPad)
|
||||
- screen and window sharing, including sharing multiple windows simultaneously (not on mobile)
|
||||
- streaming video and audio from disk
|
||||
- activity detection
|
10
doc/DESCRIPTION_fr.md
Normal file
10
doc/DESCRIPTION_fr.md
Normal file
|
@ -0,0 +1,10 @@
|
|||
Galène est un serveur de visioconférence (un « SFU ») facile à déployer et qui nécessite des ressources serveur modérées. Il a été conçu à l'origine pour les cours et les conférences (où un seul orateur diffuse de l'audio et de la vidéo à des centaines ou des milliers d'utilisateurs), mais a évolué par la suite pour être utile pour les travaux pratiques des étudiants (où les utilisateurs sont divisés en plusieurs petits groupes) et les réunions (où un douzaine d'utilisateurs interagissent entre eux).
|
||||
|
||||
### Fonctionnalités client :
|
||||
|
||||
- audio et vidéo multipartites
|
||||
- chat textuel
|
||||
- assez bonne prise en charge pour mobile (Android et iPhone/iPad)
|
||||
- partage d'écran et de fenêtre, y compris le partage de plusieurs fenêtres simultanément (pas sur mobile)
|
||||
- streaming vidéo et audio à partir du disque
|
||||
- détection d'activité
|
|
@ -1,31 +1,47 @@
|
|||
### How to creat groups
|
||||
### Accessing groups
|
||||
|
||||
Groups are defined by files in the `/opt/yunohost/galene/groups` directory. Various options are available (see https://github.com/YunoHost-Apps/galene_ynh/wiki/Configuration-file)
|
||||
*Galène* meeting rooms are called "groups". Any group is accessible at `https://domain.tld/group/GroupName`, by typing its name in the home page search field, or by selecting it in the public list (if the group is configured as publicly visible, see below).
|
||||
|
||||
### TURN server
|
||||
#### Creating and configuring groups
|
||||
|
||||
For VoIP and video conferencing a TURN server is also installed and configured. The TURN server listens on two UDP and TCP ports. You can get them with these commands:
|
||||
Groups are defined by JSON files located in the folder `/home/yunohost.app/galene/groups`. Each group is represented by a `GroupName.json` file.
|
||||
To create a new group, you need to create a `GroupNameExample.json` file (you can also make subfolder groups, and the groups will be accessible with `https://domain.tld/group/subfolder/GroupName`). Various configuration options are available (see https://github.com/YunoHost-Apps/galene_ynh/wiki/Configuration-file).
|
||||
|
||||
*NB: Spaces are supported in group file names.*
|
||||
|
||||
### Configuring your TURN server
|
||||
|
||||
#### Using *Galène*'s internal TURN server
|
||||
Galène comes with a built-in TURN server that should work out-of-the-box.
|
||||
- If your server is behind NAT, allow incoming traffic to TCP port `8443` (or whatever is configured with the `-http` option in `/etc/systemd/system/galene.service`) and TCP/UDP port `1194` (or whatever is configured with the `-turn` option in `/etc/systemd/system/galene.service`)
|
||||
|
||||
#### Using your own TURN server
|
||||
- Install [coturn_ynh](https://github.com/YunoHost-Apps/coturn_ynh).
|
||||
- Add `/opt/yunohost/galene/data/ice-servers.json` with these lines and change `turn.example.org` and `secret`
|
||||
|
||||
```
|
||||
sudo yunohost app setting galene turnserver_port
|
||||
[
|
||||
{
|
||||
"urls": [
|
||||
"turn:turn.example.org:5349",
|
||||
"turn:turn.example.org:5349?transport=tcp"
|
||||
],
|
||||
"username": "galene",
|
||||
"credential": "secret"
|
||||
}
|
||||
]
|
||||
```
|
||||
- set `/etc/systemd/system/galene.service` `-turn` option to `-turn auto` (or `-turn ""` to disable the built-in TURN server).
|
||||
|
||||
The TURN server will also choose a port dynamically when a new call starts. The range is between 49152 - 65535.
|
||||
To check if the TURN server is up and running, type `/relay-test` in the chat box. If the TURN server is properly configured, you should see a message saying that the relay test has been successful.
|
||||
|
||||
For security reason the ports range (49152 - 65535) isn't automatically open by default. If you want to use Galène server for VoIP or conferencing you will need to open this port range manually. To do this, just run this command:
|
||||
You can also install Galène with an external TURN server with this branch: https://github.com/YunoHost-Apps/galene_ynh/tree/galene+turn
|
||||
|
||||
```
|
||||
sudo yunohost firewall allow Both 49152:65535
|
||||
```
|
||||
### Server Statistics page
|
||||
|
||||
You might also need to open these ports (if it is not automatically done) on your ISP box.
|
||||
Statistics are available under `/var/www/galene/stats.json`, with a human-readable version at `domain.ltd/stats.html`. This is only available to the server administrator.
|
||||
|
||||
To prevent the situation when the server is behind a NAT, the public IP is written in the TURN server config. By this the TURN server can send its real public IP to the client. For more information see the [Coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L56-L62). So if your IP changes, you could run the script `/opt/yunohost/galene/Coturn_config_rotate.sh` to update your config.
|
||||
### How do I record my lecture?
|
||||
|
||||
If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content.
|
||||
Make sure allow-recording is set in your group configuration. Log-in as an operator, then say `/record` before you start your lecture. Don't forget to say `/unrecord` at the end. You will find your recordings under `https://server.example.com/recordings/groupname/`. The video recordings are stored in `/home/yunohost.app/galene/recordings` folder.
|
||||
|
||||
```
|
||||
*/15 * * * * root bash /opt/yunohost/galene/Coturn_config_rotate.sh;
|
||||
```
|
||||
|
||||
To check if Galène can connect to the TURN server, connect to Galène as operator and type `/relay-test` in the chat box; if the TURN server is properly configured, you should see a message saying that the relay test has been successful.
|
||||
|
|
|
@ -1,33 +1,46 @@
|
|||
## Configuration
|
||||
### Accéder à des groupes
|
||||
|
||||
### Comment créer des groupes
|
||||
Les salles de réunion *Galène* sont appelées « groupes ». Tout groupe est accessible sur `https://domain.tld/group/GroupName`, en tapant son nom dans le champ de recherche de la page d'accueil, ou en le sélectionnant dans la liste publique (si le groupe est configuré comme visible publiquement, voir ci-dessous).
|
||||
|
||||
Les groupes sont définis par des fichiers dans le répertoire `/opt/yunohost/galene/groups`. Différentes options sont disponibles (voir https://github.com/YunoHost-Apps/galene_ynh/wiki/Configuration-file)
|
||||
#### Ajouter et configurer des groupes
|
||||
|
||||
### Serveur TURN
|
||||
Les groupes sont définis par des fichiers JSON situés dans le dossier `/home/yunohost.app/galene/groups`. Chaque groupe est représenté par un fichier `GroupName.json`.
|
||||
Pour créer un nouveau groupe, vous devez créer un fichier `GroupNameExample.json` (vous pouvez également créer un sous-dossier, et les groupes seront accessibles avec` https://domain.tld/group/subfolder/GroupName`). Différentes options de configurations sont disponibles (voir https://github.com/YunoHost-Apps/galene_ynh/wiki/Configuration-file).
|
||||
|
||||
Pour la VoIP et la visioconférence, un serveur TURN est également installé et configuré. Le serveur TURN écoute sur deux ports UDP et TCP. Vous pouvez les obtenir avec ces commandes :
|
||||
*NB : les espaces sont pris en charge dans les noms de fichiers de groupe.*
|
||||
|
||||
### Configurer votre serveur TURN
|
||||
|
||||
#### Utilisation du serveur TURN de *Galène*
|
||||
Galène est livré avec un serveur TURN intégré qui devrait fonctionner immédiatement.
|
||||
- Si votre serveur est derrière NAT, autorisez le trafic entrant vers le port TCP `8443` (ou tout ce qui est configuré avec l'option `-http` dans `/etc/systemd/system/galene.service`) et le port TCP/UDP `1194` (ou tout ce qui est configuré avec l'option `-turn` dans `/etc/systemd/system/galene.service`)
|
||||
|
||||
#### Utilisation de votre propre serveur TURN
|
||||
- Installez [coturn_ynh](https://github.com/YunoHost-Apps/coturn_ynh).
|
||||
- Ajoutez `/var/www/galene/data/ice-servers.json` avec ces lignes et changez `turn.example.org` et `secret`
|
||||
|
||||
```
|
||||
sudo yunohost app setting galene turnserver_port
|
||||
[
|
||||
{
|
||||
"urls": [
|
||||
"turn:turn.example.org:5349",
|
||||
"turn:turn.example.org:5349?transport=tcp"
|
||||
],
|
||||
"username": "galene",
|
||||
"credential": "secret"
|
||||
}
|
||||
]
|
||||
```
|
||||
- Dans `/etc/systemd/system/galene.service` changer l'option `-turn auto` (ou `-turn ""` pour désactiver le serveur TURN intégré).
|
||||
|
||||
Le serveur TURN choisira également un port de manière dynamique lors du démarrage d'une nouvelle visioconférence. La plage est comprise entre 49152 et 65535.
|
||||
Pour vérifier si le serveur TURN est opérationnel, tapez `/relay-test` dans la boîte de dialogue du chat de *Galène* ; si le serveur TURN est correctement configuré, vous devriez voir un message indiquant que le test du relai a réussi.
|
||||
|
||||
Par sécurité, la plage de ports (49152 - 65535) n'est pas automatiquement ouverte par défaut. Si vous souhaitez utiliser Galène pour la VoIP ou la visioconférence, vous devrez ouvrir cette plage de ports manuellement. Pour ce faire, exécutez simplement cette commande :
|
||||
Vous pouvez également installer *Galène* avec un serveur TURN externe avec cette branch : https://github.com/YunoHost-Apps/galene_ynh/tree/galene+turn
|
||||
|
||||
```
|
||||
sudo yunohost firewall allow Both 49152:65535
|
||||
```
|
||||
### Statistiques du serveur
|
||||
|
||||
Vous devrez peut-être également ouvrir ces ports (si ce n'est pas fait automatiquement) sur votre box.
|
||||
Les statistiques sont disponibles sous `/var/www/galene/stats.json`, avec une version lisible sur `domain.ltd/stats.html`. Cette page n'est disponible que pour l'administrateur du serveur.
|
||||
|
||||
Pour éviter la situation où le serveur est derrière un NAT, l'adresse IP publique est écrite dans la configuration du serveur TURN. De cette manière, le serveur TURN peut envoyer sa véritable adresse IP publique au client. Pour plus d'informations, consultez [le fichier de configuration d'exemple Coturn](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L56-L62). Donc, si votre adresse IP change, vous pouvez exécuter le script `/opt/yunohost/galene/Coturn_config_rotate.sh` pour mettre à jour votre configuration.
|
||||
### Comment enregistrer ma conférence ?
|
||||
|
||||
Si vous avez une adresse IP dynamique, vous devrez peut-être également mettre à jour cette configuration automatiquement. Pour ce faire, éditez simplement un fichier nommé `/etc/cron.d/coturn_config_rotate` et ajoutez le contenu suivant.
|
||||
|
||||
```
|
||||
* / 15 * * * * root bash /opt/yunohost/galene/Coturn_config_rotate.sh;
|
||||
```
|
||||
|
||||
Pour vérifier si Galène peut se connecter au serveur TURN, connectez-vous à Galène en tant qu'opérateur et tapez `/relay-test` dans la boîte de dialogue chat; si le serveur TURN est correctement configuré, vous devriez voir un message indiquant que le test du relais a réussi.
|
||||
Assurez-vous que l'autorisation d'enregistrement est définie dans la configuration de votre groupe. Connectez-vous en tant qu'opérateur, puis dites `/record` dans la fenêtre de chat avant de commencer la visio. N'oubliez pas de dire `/unrecord` à la fin. Vous trouverez vos enregistrements sous `https://server.example.com/recordings/groupname/`. Les enregistrements vidéo sont stockés dans le dossier `/home/yunohost.app/galene/recordings`.
|
||||
|
|
|
@ -1,18 +1,19 @@
|
|||
{
|
||||
"name": "Galene",
|
||||
"name": "Galène",
|
||||
"id": "galene",
|
||||
"packaging_format": 1,
|
||||
"description": {
|
||||
"en": "Videoconferencing server that is easy to deploy",
|
||||
"fr": "Serveur de visioconférence facile à déployer"
|
||||
},
|
||||
"version": "0.3.5~ynh2",
|
||||
"url": "https://galene.org",
|
||||
"version": "0.4.0~ynh1",
|
||||
"url": "https://galene.org/",
|
||||
"upstream": {
|
||||
"license": "free",
|
||||
"website": "https://galene.org",
|
||||
"license": "MIT",
|
||||
"website": "https://galene.org/",
|
||||
"demo": "https://galene.org:8443/",
|
||||
"admindoc": "https://galene.org/",
|
||||
"userdoc": "https://galene.org/faq.html",
|
||||
"code": "https://github.com/jech/galene"
|
||||
},
|
||||
"license": "MIT",
|
||||
|
@ -21,7 +22,7 @@
|
|||
"email": ""
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 4.1.7"
|
||||
"yunohost": ">= 4.2.4"
|
||||
},
|
||||
"multi_instance": false,
|
||||
"services": [
|
||||
|
@ -70,6 +71,7 @@
|
|||
{
|
||||
"name": "group_description",
|
||||
"type": "string",
|
||||
"optional": true,
|
||||
"ask": {
|
||||
"en": "Choose a description for the group you want to create",
|
||||
"fr": "Décrivez le groupe que vous souhaitez créer"
|
||||
|
|
|
@ -4,9 +4,6 @@
|
|||
# COMMON VARIABLES
|
||||
#=================================================
|
||||
|
||||
# dependencies used by the app
|
||||
pkg_dependencies="coturn acl"
|
||||
|
||||
#=================================================
|
||||
# PERSONAL HELPERS
|
||||
#=================================================
|
||||
|
|
|
@ -13,9 +13,6 @@ source /usr/share/yunohost/helpers
|
|||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
|
@ -28,6 +25,7 @@ app=$YNH_APP_INSTANCE_NAME
|
|||
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
|
||||
#=================================================
|
||||
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||
|
@ -39,15 +37,12 @@ ynh_print_info --message="Declaring files to be backed up..."
|
|||
#=================================================
|
||||
|
||||
ynh_backup --src_path="$final_path"
|
||||
ynh_backup --src_path="/etc/$app"
|
||||
|
||||
#=================================================
|
||||
# BACKUP SYSTEMD
|
||||
# BACKUP THE DATA DIR
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="/etc/systemd/system/$app.service"
|
||||
ynh_backup --src_path="/etc/default/coturn-$app"
|
||||
ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
|
||||
ynh_backup --src_path="$datadir" --is_big
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE NGINX CONFIGURATION
|
||||
|
@ -55,30 +50,14 @@ ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
|
|||
|
||||
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC BACKUP
|
||||
#=================================================
|
||||
# BACKUP LOGROTATE
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="/etc/logrotate.d/$app"
|
||||
|
||||
#=================================================
|
||||
# BACKUP GALÈNE LOG
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# BACKUP SYSTEMD
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="/etc/systemd/system/$app.service"
|
||||
ynh_backup --src_path="/etc/default/coturn-$app"
|
||||
ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_print_info --message="Backup script completed for Galène. (YunoHost will then actually copy those files to the archive)."
|
||||
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
|
||||
|
|
|
@ -33,7 +33,7 @@ port=$(ynh_app_setting_get --app=$app --key=port)
|
|||
#=================================================
|
||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up Galène before changing its URL (may take a while)..." --weight=1
|
||||
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
|
||||
|
||||
# Backup the current version of the app
|
||||
ynh_backup_before_upgrade
|
||||
|
@ -108,7 +108,7 @@ fi
|
|||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..." --weight=3
|
||||
|
||||
ynh_systemd_action --service_name=$app --action=start --log_path="/var/log/$app/$app.log"
|
||||
ynh_systemd_action --service_name=$app --action=start --log_path="systemd"
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
|
@ -121,4 +121,4 @@ ynh_systemd_action --service_name=nginx --action=reload
|
|||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Change of URL completed for Galène" --last
|
||||
ynh_script_progression --message="Change of URL completed for $app" --last
|
||||
|
|
177
scripts/install
177
scripts/install
|
@ -13,9 +13,6 @@ source /usr/share/yunohost/helpers
|
|||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
|
@ -55,23 +52,6 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url
|
|||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||
ynh_app_setting_set --app=$app --key=group_name --value="$group_name"
|
||||
ynh_app_setting_set --app=$app --key=group_description --value="$group_description"
|
||||
ynh_app_setting_set --app=$app --key=password --value=$password
|
||||
|
||||
#=================================================
|
||||
# CREATE A DH FILE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a dhparam file..." --weight=3
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
||||
# For any update do it in all files
|
||||
|
||||
# Make dhparam cert for Coturn if it doesn't exist
|
||||
if [ ! -e /etc/ssl/private/dh2048.pem ]
|
||||
then
|
||||
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
|
||||
chown root:ssl-cert /etc/ssl/private/dh2048.pem
|
||||
chmod 640 /etc/ssl/private/dh2048.pem
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
|
@ -85,20 +65,24 @@ port=$(ynh_find_port --port=8443)
|
|||
ynh_app_setting_set --app=$app --key=port --value=$port
|
||||
|
||||
# Find an available port for TURN
|
||||
turnserver_port=$(ynh_find_port --port=1194)
|
||||
ynh_app_setting_set --app=$app --key=turnserver_port --value=$turnserver_port
|
||||
turn_port=$(ynh_find_port --port=1194)
|
||||
ynh_app_setting_set --app=$app --key=turn_port --value=$turn_port
|
||||
|
||||
# Open TURN port
|
||||
ynh_script_progression --message="Configuring firewall..." --weight=1
|
||||
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turn_port
|
||||
|
||||
# Reserve UDP Port range 49152:65535
|
||||
ynh_exec_warn_less yunohost firewall allow UDP -4 49152:65535
|
||||
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing dependencies..." --weight=5
|
||||
ynh_script_progression --message="Configuring system user..." --weight=3
|
||||
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
# Create a system user
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
|
@ -109,24 +93,19 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|||
# Download, check integrity, uncompress and patch the source from app.src
|
||||
ynh_setup_source --dest_dir="$final_path" --source_id="$architecture"
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:www-data "$final_path"
|
||||
|
||||
#=================================================
|
||||
# CREATE DATA FOLDER
|
||||
# CREATE DATA AND GROUPS FOLDER
|
||||
#=================================================
|
||||
|
||||
# Define app's data directory
|
||||
data="$final_path/data"
|
||||
# Create data folder
|
||||
mkdir -p "$data"
|
||||
|
||||
#=================================================
|
||||
# CREATE A SERVER CERTIFICATE
|
||||
#=================================================
|
||||
|
||||
pushd "$final_path/data"
|
||||
ynh_exec_warn_less openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem \
|
||||
-subj "/C=/ST=/L=/O=/OU=/CN=/emailAddress="
|
||||
chmod 640 {key.pem,cert.pem}
|
||||
popd
|
||||
mkdir -p "$final_path/data"
|
||||
echo $admin:$password > "$final_path/data/passwd"
|
||||
chmod 400 "$final_path/data/passwd"
|
||||
chown $app: "$final_path/data/passwd"
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
|
@ -137,125 +116,42 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2
|
|||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
# CREATE DATA DIRECTORY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring system user..." --weight=3
|
||||
ynh_script_progression --message="Creating a data directory..." --weight=1
|
||||
|
||||
# Create a system user
|
||||
ynh_system_user_create --username=$app
|
||||
ynh_system_user_create --username=turnserver
|
||||
adduser turnserver ssl-cert
|
||||
datadir=/home/yunohost.app/$app
|
||||
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
|
||||
|
||||
mkdir -p $datadir/{groups,recordings}
|
||||
|
||||
chmod 750 "$datadir"
|
||||
chmod -R o-rwx "$datadir"
|
||||
chown -R $app:www-data "$datadir"
|
||||
|
||||
#=================================================
|
||||
# SETUP SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring a systemd service..." --weight=1
|
||||
|
||||
public_ip4="$(curl -s ip.yunohost.org)" || true
|
||||
|
||||
# Create a dedicated systemd config
|
||||
ynh_add_systemd_config
|
||||
|
||||
mkdir -p /etc/$app
|
||||
# Create systemd service for turnserver
|
||||
cp ../conf/coturn/default_coturn /etc/default/coturn-$app
|
||||
ynh_add_systemd_config --service=coturn-$app --template=coturn-galene.service
|
||||
|
||||
#=================================================
|
||||
# SETUP LOGROTATE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring log rotation..." --weight=1
|
||||
|
||||
# Create log directory
|
||||
mkdir -p /var/log/$app
|
||||
touch /var/log/$app/$app.log
|
||||
chown $app -R /var/log/$app
|
||||
|
||||
# Setup logrotate
|
||||
ynh_use_logrotate --logfile "/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# SET COTURN CONFIG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring Coturn..." --weight=1
|
||||
|
||||
# WARNING: theses command are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
|
||||
# Find password for turnserver
|
||||
ynh_print_OFF
|
||||
turnserver_pwd=$(ynh_string_random --length=30)
|
||||
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
|
||||
ynh_print_ON
|
||||
|
||||
coturn_config_path="/etc/$app/coturn.conf"
|
||||
|
||||
ynh_add_config --template="../conf/coturn/turnserver.conf" --destination="$coturn_config_path"
|
||||
|
||||
# Get public IP and set as external IP for coturn
|
||||
# note: '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
||||
public_ip4="$(curl -s ip.yunohost.org)" || true
|
||||
public_ip6="$(curl -s ipv6.yunohost.org)" || true
|
||||
|
||||
if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" )
|
||||
then
|
||||
echo "external-ip=${public_ip4}/${public_ip6}" >> "$coturn_config_path"
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum --file="$coturn_config_path"
|
||||
|
||||
#=================================================
|
||||
# CREATE GROUPS FOLDER
|
||||
#=================================================
|
||||
|
||||
# Define app's groups directory
|
||||
groups="$final_path/groups"
|
||||
# Create groups folder
|
||||
mkdir -p "$groups"
|
||||
|
||||
#=================================================
|
||||
# MODIFY A CONFIG FILES
|
||||
#=================================================
|
||||
|
||||
ynh_add_config --template="../conf/passwd" --destination="$final_path/data/passwd"
|
||||
|
||||
ynh_add_config --template="../conf/groupname.json" --destination="$final_path/groups/$group_name.json"
|
||||
|
||||
ynh_add_config --template="../conf/ice-servers.json" --destination="$final_path/data/ice-servers.json"
|
||||
|
||||
#=================================================
|
||||
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
|
||||
#=================================================
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
cp ../sources/Coturn_config_rotate.sh $final_path/Coturn_config_rotate.sh
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
|
||||
chmod +x $final_path/Coturn_config_rotate.sh
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SECURE FILES AND DIRECTORIES
|
||||
#=================================================
|
||||
|
||||
# Set permissions to app files
|
||||
chown -R $app: $final_path
|
||||
chmod -R 755 $final_path
|
||||
chown -R $app:root /etc/$app
|
||||
chown turnserver:root /etc/$app/coturn.conf
|
||||
chmod -R u=rwX,g=rX,o= /etc/$app
|
||||
chmod 770 $final_path/Coturn_config_rotate.sh
|
||||
setfacl -R -m user:turnserver:rX /etc/$app
|
||||
setfacl -R -m user:turnserver:rwX /var/log/$app
|
||||
chmod 600 $final_path/data/passwd
|
||||
chmod 600 $final_path/data/ice-servers.json
|
||||
# Create a group name config
|
||||
ynh_add_config --template="../conf/groupname.json" --destination="$datadir/groups/$group_name.json"
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
|
||||
|
||||
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
|
||||
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
|
||||
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports="$turn_port"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
@ -263,8 +159,7 @@ yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/
|
|||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||
|
||||
# Start a systemd service
|
||||
ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
|
||||
ynh_systemd_action --service_name=coturn-$app.service --action=restart --log_path="/var/log/$app/turnserver.log"
|
||||
ynh_systemd_action --service_name=$app --action=start --log_path="systemd"
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
|
@ -288,4 +183,4 @@ ynh_systemd_action --service_name=nginx --action=reload
|
|||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Installation of Galène completed" --last
|
||||
ynh_script_progression --message="Installation of $app completed" --last
|
||||
|
|
|
@ -17,28 +17,24 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
|
|||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
turnserver_port=$(ynh_app_setting_get --app=$app --key=turnserver_port)
|
||||
turn_port=$(ynh_app_setting_get --app=$app --key=turn_port)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
|
||||
#=================================================
|
||||
# STANDARD REMOVE
|
||||
#=================================================
|
||||
# REMOVE SERVICE INTEGRATION IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing Galène service integration..." --weight=1
|
||||
|
||||
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
|
||||
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
||||
then
|
||||
ynh_script_progression --message="Removing $app service integration..." --weight=1
|
||||
yunohost service remove $app
|
||||
fi
|
||||
|
||||
if ynh_exec_warn_less yunohost service status coturn-$app >/dev/null
|
||||
then
|
||||
yunohost service remove coturn-$app
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# STOP AND REMOVE SERVICE
|
||||
#=================================================
|
||||
|
@ -46,25 +42,25 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
|
|||
|
||||
# Remove the dedicated systemd config
|
||||
ynh_remove_systemd_config
|
||||
ynh_remove_systemd_config --service=coturn-$app
|
||||
|
||||
#=================================================
|
||||
# REMOVE DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing dependencies..." --weight=1
|
||||
|
||||
# Remove metapackage and its dependencies
|
||||
ynh_remove_app_dependencies
|
||||
|
||||
#=================================================
|
||||
# REMOVE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing Galène main directory..." --weight=2
|
||||
ynh_script_progression --message="Removing app main directory..." --weight=2
|
||||
|
||||
# Remove the app directory securely
|
||||
ynh_secure_remove --file=$final_path
|
||||
ynh_secure_remove --file=/var/log/$app
|
||||
ynh_secure_remove --file=/etc/default/coturn-$app
|
||||
ynh_secure_remove --file="$final_path"
|
||||
|
||||
#=================================================
|
||||
# REMOVE DATA DIR
|
||||
#=================================================
|
||||
|
||||
# # Remove the app data directory with the command `yunohost app remove --purge`
|
||||
# if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
|
||||
# then
|
||||
# ynh_script_progression --message="Removing $app data directory..." --weight=2
|
||||
# ynh_secure_remove --file="$datadir"
|
||||
# fi
|
||||
|
||||
#=================================================
|
||||
# REMOVE NGINX CONFIGURATION
|
||||
|
@ -74,32 +70,19 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
|
|||
# Remove the dedicated NGINX config
|
||||
ynh_remove_nginx_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE LOGROTATE CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
|
||||
|
||||
# Remove the app-specific logrotate config
|
||||
ynh_remove_logrotate
|
||||
|
||||
#=================================================
|
||||
# REMOVE THE CRON FILE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing the cron file..." --weight=1
|
||||
|
||||
if [[ ! -f "/etc/cron.d/coturn_config_rotate" ]]; then
|
||||
# If a cron job as been add by user, remove it
|
||||
ynh_secure_remove --file="/etc/cron.d/coturn_config_rotate"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# CLOSE A PORT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Closing ports..." --weight=1
|
||||
|
||||
if yunohost firewall list | grep -q "\- $turnserver_port$"
|
||||
if yunohost firewall list | grep -q "\- $turn_port$"
|
||||
then
|
||||
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_port
|
||||
ynh_exec_warn_less yunohost firewall disallow both $turn_port
|
||||
fi
|
||||
|
||||
if yunohost firewall list | grep -q "\- 49152:65535"
|
||||
then
|
||||
ynh_exec_warn_less yunohost firewall disallow UDP 49152:65535
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
|
@ -111,10 +94,9 @@ ynh_script_progression --message="Removing the dedicated system user..." --weigh
|
|||
|
||||
# Delete a system user
|
||||
ynh_system_user_delete --username=$app
|
||||
ynh_system_user_delete --username=turnserver
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Removal of Galène completed" --last
|
||||
ynh_script_progression --message="Removal of $app completed" --last
|
||||
|
|
116
scripts/restore
116
scripts/restore
|
@ -14,9 +14,6 @@ source /usr/share/yunohost/helpers
|
|||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
|
@ -31,54 +28,56 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
turnserver_port=$(ynh_app_setting_get --app=$app --key=turnserver_port)
|
||||
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
||||
turn_port=$(ynh_app_setting_get --app=$app --key=turn_port)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE RESTORED
|
||||
#=================================================
|
||||
ynh_script_progression --message="Validating restoration parameters..." --weight=1
|
||||
|
||||
ynh_webpath_available --domain=$domain --path_url=$path_url \
|
||||
|| ynh_die --message="Path not available: ${domain}${path_url}"
|
||||
test ! -d $final_path \
|
||||
|| ynh_die --message="There is already a directory: $final_path "
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC RESTORATION
|
||||
#=================================================
|
||||
# REINSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reinstalling dependencies..." --weight=1
|
||||
|
||||
# Define and install dependencies
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
|
||||
# STANDARD RESTORATION STEPS
|
||||
#=================================================
|
||||
# RESTORE THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring Galène main directory..." --weight=1
|
||||
|
||||
ynh_restore_file --origin_path="$final_path"
|
||||
ynh_restore_file --origin_path="/etc/$app"
|
||||
ynh_restore_file --origin_path="/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# RECREATE THE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
|
||||
|
||||
# Create the dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$app
|
||||
ynh_system_user_create --username=turnserver
|
||||
adduser turnserver ssl-cert
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the app main directory..." --weight=1
|
||||
|
||||
ynh_restore_file --origin_path="$final_path"
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:www-data "$final_path"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE DATA DIRECTORY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the data directory..." --weight=1
|
||||
|
||||
ynh_restore_file --origin_path="$datadir" --not_mandatory
|
||||
|
||||
mkdir -p $datadir/{groups,recordings}
|
||||
|
||||
chmod 750 "$datadir"
|
||||
chmod -R o-rwx "$datadir"
|
||||
chown -R $app:www-data "$datadir"
|
||||
|
||||
#=================================================
|
||||
# RESTORE SYSTEMD
|
||||
|
@ -86,74 +85,21 @@ adduser turnserver ssl-cert
|
|||
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
|
||||
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
|
||||
ynh_restore_file --origin_path="/etc/default/coturn-$app"
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/coturn-$app.service"
|
||||
systemctl enable $app.service --quiet
|
||||
systemctl enable coturn-$app.service --quiet
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
|
||||
|
||||
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
|
||||
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
|
||||
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports="$turn_port"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..." --weight=3
|
||||
|
||||
ynh_systemd_action --service_name=$app --action=start --log_path="/var/log/$app/$app.log"
|
||||
|
||||
#=================================================
|
||||
# CREATE A DH FILE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a dhparam file..." --weight=3
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
||||
# For any update do it in all files
|
||||
|
||||
# Make dhparam cert for Coturn if it doesn't exist
|
||||
if [ ! -e /etc/ssl/private/dh2048.pem ]
|
||||
then
|
||||
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
|
||||
chown root:ssl-cert /etc/ssl/private/dh2048.pem
|
||||
chmod 640 /etc/ssl/private/dh2048.pem
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# OPEN THE PORT
|
||||
#=================================================
|
||||
|
||||
# Ouvre le port dans le firewall
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
|
||||
|
||||
#=================================================
|
||||
# RESTORE USER RIGHTS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring permissions..." --weight=1
|
||||
|
||||
# Restore permissions on app files
|
||||
# Set permissions on app files
|
||||
chown -R $app:$app $final_path
|
||||
chmod -R 755 $final_path
|
||||
chown -R $app:root /var/log/$app
|
||||
chown -R $app:root /etc/$app
|
||||
chown turnserver:root /etc/$app/coturn.conf
|
||||
chmod -R u=rwX,g=rX,o= /etc/$app
|
||||
chmod 770 $final_path/Coturn_config_rotate.sh
|
||||
setfacl -R -m user:turnserver:rX /etc/$app
|
||||
setfacl -R -m user:turnserver:rwX /var/log/$app
|
||||
# Set permissions on config files
|
||||
chmod 600 $final_path/data/passwd
|
||||
chmod 600 $final_path/data/ice-servers.json
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE LOGROTATE CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
||||
ynh_systemd_action --service_name=$app --action=start --log_path="systemd"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
|
@ -168,4 +114,4 @@ ynh_systemd_action --service_name=nginx --action=reload
|
|||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Restoration completed for Galène" --last
|
||||
ynh_script_progression --message="Restoration completed for $app" --last
|
||||
|
|
217
scripts/upgrade
217
scripts/upgrade
|
@ -20,10 +20,9 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
password=$(ynh_app_setting_get --app=$app --key=password)
|
||||
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
turnserver_port=$(ynh_app_setting_get --app=$app --key=turnserver_port)
|
||||
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
||||
turn_port=$(ynh_app_setting_get --app=$app --key=turn_port)
|
||||
architecture=$(ynh_detect_arch)
|
||||
|
||||
#=================================================
|
||||
|
@ -32,6 +31,20 @@ architecture=$(ynh_detect_arch)
|
|||
|
||||
upgrade_type=$(ynh_check_app_version_changed)
|
||||
|
||||
#=================================================
|
||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
|
||||
|
||||
# Backup the current version of the app
|
||||
ynh_backup_before_upgrade
|
||||
ynh_clean_setup () {
|
||||
# Restore it if the upgrade fails
|
||||
ynh_restore_upgradebackup
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# ENSURE DOWNWARD COMPATIBILITY
|
||||
#=================================================
|
||||
|
@ -49,32 +62,20 @@ if [ -z "$final_path" ]; then
|
|||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||
fi
|
||||
|
||||
if [ -z "$turnserver_port" ]; then
|
||||
turnserver_port=$(ynh_find_port --port=1194)
|
||||
ynh_app_setting_set --app=$app --key=turnserver_port --value=$turnserver_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
|
||||
fi
|
||||
|
||||
# Cleaning legacy permissions
|
||||
if ynh_legacy_permissions_exists; then
|
||||
ynh_legacy_permissions_delete_all
|
||||
ynh_legacy_permissions_delete_all
|
||||
|
||||
ynh_app_setting_delete --app=$app --key=is_public
|
||||
ynh_app_setting_delete --app=$app --key=is_public
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up Galène before upgrading (may take a while)..." --weight=1
|
||||
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
|
||||
|
||||
# Backup the current version of the app
|
||||
ynh_backup_before_upgrade
|
||||
ynh_clean_setup () {
|
||||
# Restore it if the upgrade fails
|
||||
ynh_restore_upgradebackup
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
# Create a dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
|
||||
#=================================================
|
||||
# STANDARD UPGRADE STEPS
|
||||
|
@ -93,125 +94,12 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
|
|||
then
|
||||
ynh_script_progression --message="Upgrading source files..." --weight=2
|
||||
|
||||
# Create a temporary directory
|
||||
tmpdir="$(mktemp -d)"
|
||||
|
||||
# Backup the config file in the temp dir
|
||||
cp -ar "$final_path/groups" "$tmpdir/groups"
|
||||
|
||||
# Remove the app directory securely
|
||||
ynh_secure_remove --file="$final_path"
|
||||
|
||||
ynh_setup_source --dest_dir="$final_path" --source_id="$architecture"
|
||||
|
||||
groups="$final_path/groups"
|
||||
data="$final_path/data"
|
||||
|
||||
mkdir -p "$groups"
|
||||
mkdir -p "$data"
|
||||
|
||||
# Copy the admin saved settings from tmp directory to final path
|
||||
cp -ar "$tmpdir/groups" "$final_path"
|
||||
|
||||
# Remove the tmp directory securely
|
||||
ynh_secure_remove --file="$tmpdir"
|
||||
|
||||
ynh_add_config --template="../conf/passwd" --destination="$final_path/data/passwd"
|
||||
chmod 600 $final_path/data/passwd
|
||||
|
||||
ynh_add_config --template="../conf/ice-servers.json" --destination="$final_path/data/ice-servers.json"
|
||||
chmod 600 $final_path/data/ice-servers.json
|
||||
|
||||
# Recreate certificates
|
||||
pushd "$final_path/data"
|
||||
ynh_exec_warn_less openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem \
|
||||
-subj "/C=/ST=/L=/O=/OU=/CN=/emailAddress="
|
||||
chmod 640 {key.pem,cert.pem}
|
||||
popd
|
||||
ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" --keep="$final_path/data/passwd"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# MULTINSTANCE SUPPORT
|
||||
#=================================================
|
||||
|
||||
if [ ! -e /etc/$app/coturn.conf ]
|
||||
then
|
||||
ynh_script_progression --message="Creating an independant service for Coturn..." --weight=1
|
||||
|
||||
#=================================================
|
||||
# CREATE AN INDEPENDANT SERVICE FOR COTURN
|
||||
#=================================================
|
||||
|
||||
# Disable default config for turnserver and create a new service
|
||||
systemctl stop coturn.service
|
||||
|
||||
# Set by default the system config for coturn
|
||||
echo "" > /etc/turnserver.conf
|
||||
ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
|
||||
|
||||
# Set a port for each service in turnserver
|
||||
turnserver_port=$(ynh_find_port --port=1194)
|
||||
ynh_app_setting_set --app=$app --key=turnserver_port --value=$turnserver_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
|
||||
|
||||
#=================================================
|
||||
# MAKE A CLEAN LOGROTATE CONFIG
|
||||
#=================================================
|
||||
|
||||
ynh_use_logrotate --logfile /var/log/$app --nonappend
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# CREATE A DH FILE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a dhparam file..." --weight=3
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
||||
# For any update do it in all files
|
||||
|
||||
# Make dhparam cert for Coturn if it doesn't exist
|
||||
if [ ! -e /etc/ssl/private/dh2048.pem ]
|
||||
then
|
||||
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
|
||||
chown root:ssl-cert /etc/ssl/private/dh2048.pem
|
||||
chmod 640 /etc/ssl/private/dh2048.pem
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPGRADE
|
||||
#=================================================
|
||||
# UPDATE COTURN CONFIG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Updating Coturn config..." --weight=1
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
|
||||
coturn_config_path="/etc/$app/coturn.conf"
|
||||
|
||||
ynh_add_config --template="../conf/coturn/turnserver.conf" --destination="$coturn_config_path"
|
||||
|
||||
# Get public IP and set as external IP for coturn
|
||||
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
||||
public_ip4="$(curl -s ip.yunohost.org)" || true
|
||||
public_ip6="$(curl -s ipv6.yunohost.org)" || true
|
||||
|
||||
if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" )
|
||||
then
|
||||
echo "external-ip=${public_ip4}/${public_ip6}" >> "$coturn_config_path"
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum --file="$coturn_config_path"
|
||||
|
||||
#=================================================
|
||||
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
|
||||
#=================================================
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
cp ../sources/Coturn_config_rotate.sh $final_path/Coturn_config_rotate.sh
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
|
||||
chmod +x $final_path/Coturn_config_rotate.sh
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:www-data "$final_path"
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
|
@ -221,70 +109,29 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
|
|||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# UPGRADE DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading dependencies..." --weight=1
|
||||
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
|
||||
|
||||
# Create a dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$app
|
||||
ynh_system_user_create --username=turnserver
|
||||
adduser turnserver ssl-cert
|
||||
|
||||
#=================================================
|
||||
# SETUP SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
|
||||
|
||||
public_ip4="$(curl -s ip.yunohost.org)" || true
|
||||
|
||||
# Create a dedicated systemd config
|
||||
ynh_add_systemd_config
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SECURE FILES AND DIRECTORIES
|
||||
#=================================================
|
||||
|
||||
# Set permissions on app files
|
||||
chown -R $app: $final_path
|
||||
chmod -R 755 $final_path
|
||||
chown -R $app:root /etc/$app
|
||||
chown turnserver:root $coturn_config_path
|
||||
chmod -R u=rwX,g=rX,o= /etc/$app
|
||||
chmod 770 $final_path/Coturn_config_rotate.sh
|
||||
setfacl -R -m user:turnserver:rX /etc/$app
|
||||
setfacl -R -m user:turnserver:rwX /var/log/$app
|
||||
|
||||
#=================================================
|
||||
# SETUP LOGROTATE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
|
||||
|
||||
# # Use logrotate to manage app-specific logfile(s)
|
||||
ynh_use_logrotate --non-append
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
|
||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||
|
||||
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
|
||||
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
|
||||
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports="$turn_port"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||
|
||||
ynh_systemd_action --service_name=coturn-$app.service --action=restart --log_path="/var/log/$app/turnserver.log"
|
||||
ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
|
||||
ynh_systemd_action --service_name=$app --action=start --log_path="systemd"
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
|
@ -297,4 +144,4 @@ ynh_systemd_action --service_name=nginx --action=reload
|
|||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Upgrade of Galène completed" --last
|
||||
ynh_script_progression --message="Upgrade of $app completed" --last
|
||||
|
|
|
@ -1,35 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
external_IP_line="external-ip=__IPV4__/__IPV6__"
|
||||
|
||||
public_ip4="$(curl -s ip.yunohost.org)" || true
|
||||
public_ip6="$(curl -s ipv6.yunohost.org)" || true
|
||||
|
||||
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
||||
then
|
||||
external_IP_line="${external_IP_line/'__IPV4__'/$public_ip4}"
|
||||
else
|
||||
external_IP_line="${external_IP_line/'__IPV4__/'/}"
|
||||
fi
|
||||
|
||||
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
||||
then
|
||||
external_IP_line="${external_IP_line/'__IPV6__'/$public_ip6}"
|
||||
else
|
||||
external_IP_line="${external_IP_line/'/__IPV6__'/}"
|
||||
fi
|
||||
|
||||
old_config_line=$(egrep "^external-ip=.*\$" "/etc/__APP__/coturn.conf")
|
||||
ynh_replace_string "^external-ip=.*\$" "$external_IP_line" "/etc/__APP__/coturn.conf"
|
||||
new_config_line=$(egrep "^external-ip=.*\$" "/etc/__APP__/coturn.conf")
|
||||
|
||||
setfacl -R -m user:turnserver:rX /etc/__APP__
|
||||
|
||||
if [ "$old_config_line" != "$new_config_line" ]
|
||||
then
|
||||
systemctl restart coturn-__APP__.service
|
||||
fi
|
||||
|
||||
exit 0
|
Loading…
Reference in a new issue