Upgrade following .deb steps

2024-09-03 19:35:57 +02:00 · 2020-04-15 08:50:39 +02:00 · 2020-04-15 08:50:39 +02:00 · 14fee3be31
commit 14fee3be31
parent c43abb32fc
14 changed files with 124 additions and 58 deletions
--- a/conf/config.js
+++ b/conf/config.js
@ -24,7 +24,7 @@ var config = {
        // focus: 'focus.__DOMAIN__',

        // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
-        muc: 'conference.<!--# echo var="subdomain" default="" -->__DOMAIN__'
+        muc: 'conference.__DOMAIN__'
    },

    // BOSH URL. FIXME: use XEP-0156 to discover it.
@ -44,9 +44,6 @@ var config = {
    //

    testing: {
-        // Enables experimental simulcast support on Firefox.
-        enableFirefoxSimulcast: false,
-
        // P2P test mode disables automatic switching to P2P when there are 2
        // participants in the conference.
        p2pTestMode: false
@ -111,11 +108,10 @@ var config = {
    // w3c spec-compliant video constraints to use for video capture. Currently
    // used by browsers that return true from lib-jitsi-meet's
    // util#browser#usesNewGumFlow. The constraints are independent from
-    // this config's resolution value. Defaults to requesting an ideal aspect
-    // ratio of 16:9 with an ideal resolution of 720.
+    // this config's resolution value. Defaults to requesting an ideal
+    // resolution of 720p.
    // constraints: {
    //     video: {
-    //         aspectRatio: 16 / 9,
    //         height: {
    //             ideal: 720,
    //             max: 720,
@ -343,7 +339,7 @@ var config = {
        // The STUN servers that will be used in the peer to peer connections
        stunServers: [

-            // { urls: 'stun:__DOMAIN__:443' },
+            // { urls: 'stun:__DOMAIN__:4446' },
            { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
        ],

@ -452,6 +448,14 @@ var config = {
    // the menu has option to flip the locally seen video for local presentations
    // disableLocalVideoFlip: false,

+    // Mainly privacy related settings
+
+    // Disables all invite functions from the app (share, invite, dial out...etc)
+    // disableInviteFunctions: true,
+
+    // Disables storing the room name to the recents list
+    // doNotStoreRoom: true,
+
    // Deployment specific URLs.
    // deploymentUrls: {
    //    // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
--- a/conf/jitsi-jicofo.config
+++ b/conf/jitsi-jicofo.config
@ -24,4 +24,4 @@ JICOFO_AUTH_PASSWORD=__FOCUS_PASSWORD__
 JICOFO_OPTS=""

 # adds java system props that are passed to jicofo (default are for home and logging config file)
-JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties"
+JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties"
--- a/conf/jitsi-jicofo.service
+++ b/conf/jitsi-jicofo.service
@ -3,12 +3,11 @@ Description=jitsi-jicofo
 After=network.target

 [Service]
-Type=simple
-User=__APP__
-Group=__APP__
 EnvironmentFile=/etc/__APP__/jicofo/config
+Environment=LOGFILE=/var/log/__APP__/jitsi-jicofo.log
+User=__APP__
 WorkingDirectory=__FINALPATH__/jicofo/
-ExecStart=/bin/bash -c "exec __FINALPATH__/jicofo/jicofo.sh --host=$JICOFO_HOST --domain=$JICOFO_HOSTNAME --port=$JICOFO_PORT --secret=$JICOFO_SECRET --user_name=$JICOFO_AUTH_USER --user_domain=$JICOFO_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD $JICOFO_OPTS"
+ExecStart=/bin/bash -c "exec __FINALPATH__/jicofo/jicofo.sh --host=${JICOFO_HOST} --domain=${JICOFO_HOSTNAME} --port=${JICOFO_PORT} --secret=${JICOFO_SECRET} --user_name=${JICOFO_AUTH_USER} --user_domain=${JICOFO_AUTH_DOMAIN} --user_password=${JICOFO_AUTH_PASSWORD} ${JICOFO_OPTS} < /dev/null >> ${LOGFILE} 2>&1"

 [Install]
 WantedBy=multi-user.target
--- a/conf/jitsi-videobridge-20-jvb-udp-buffers.conf
+++ b/conf/jitsi-videobridge-20-jvb-udp-buffers.conf
@ -0,0 +1,3 @@
+# this sets the max, so that we can bump the JVB UDP single port buffer size.
+net.core.rmem_max=10485760
+net.core.netdev_max_backlog=100000
--- a/conf/jitsi-videobridge-callstats-java-sdk.properties
+++ b/conf/jitsi-videobridge-callstats-java-sdk.properties
@ -0,0 +1,5 @@
+CallStats.BaseURL = https://collector.callstats.io:443
+CallStats.AuthTimeOut = 5000
+CallStats.ConnectionTimeOut = 30000
+CallStats.SOTimeOut = 30000
+CallStats.keepAliveInterval = 1000
--- a/conf/jitsi-videobridge-log4j2.xml
+++ b/conf/jitsi-videobridge-log4j2.xml
@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration>
+    <Properties>
+		<Property name="log-path">/var/log/__APP__</Property>
+	</Properties>
+    <Appenders>
+        <RollingFile name="RollingFile" fileName="${log-path}/cs.log"
+                 filePattern="${log-path}/$${date:yyyy-MM}/cs-%d{MM-dd-yyyy}-%i.log.gz">
+			<PatternLayout pattern="%d %-5p (%F:%L) - %m%n"/>
+      		<Policies>
+        		<TimeBasedTriggeringPolicy />
+        		<SizeBasedTriggeringPolicy size="250 MB"/>
+      		</Policies>
+    	</RollingFile>
+    	<!-- 
+    	<Console name="STDOUT" target="SYSTEM_OUT">
+      		<PatternLayout pattern="%d %-5p (%F:%L) - %m%n"/>
+    	</Console>
+    	 -->
+    </Appenders>
+    <Loggers>
+    	<!--<Logger name="org.apache.log4j.xml" level="debug"/>-->
+    	<Logger name="org.apache.log4j.xml" level="info"/>
+        <Root level="info">
+            <AppenderRef ref="RollingFile"/>
+           <!--  <AppenderRef ref="STDOUT"/>  -->
+        </Root>
+    </Loggers>
+</Configuration>
+
+<!-- 
+-Dlog4j.configurationFile=config/log4j2.xml has to be used in VM args
+ -->
--- a/conf/jitsi-videobridge-sip-communicator.properties
+++ b/conf/jitsi-videobridge-sip-communicator.properties
@ -1,7 +1,3 @@
-org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
-org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__
-org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=__PRIVATE_IPV4__
-org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=__PUBLIC_IPV4__
 org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
 org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
 org.jitsi.videobridge.ENABLE_STATISTICS=true
--- a/conf/jitsi-videobridge.config
+++ b/conf/jitsi-videobridge.config
@ -17,4 +17,4 @@ JVB_OPTS="--apis=,"


 # adds java system props that are passed to jvb (default are for home and logging config file)
-JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties"
+JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties"
--- a/conf/jitsi-videobridge.service
+++ b/conf/jitsi-videobridge.service
@ -1,16 +1,14 @@
 [Unit]
-Description=jitsi-videobridge
+Description=__APP__ Videobridge
 After=network.target

 [Service]
-Type=simple
-User=__APP__
-Group=__APP__
 SuccessExitStatus=143
 # allow bind to 80 and 443
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 EnvironmentFile=/etc/__APP__/videobridge/config
-Environment=LOGFILE=/var/log/jitsi/jvb.log
+Environment=LOGFILE=/var/log/__APP__/jitsi-videobridge.log
+User=__APP__
 RuntimeDirectory=jitsi-videobridge
 RuntimeDirectoryMode=0750
 PIDFile=/var/run/jitsi-videobridge/jitsi-videobridge.pid
@ -20,7 +18,7 @@ TasksMax=65000
 LimitNPROC=65000
 LimitNOFILE=65000
 WorkingDirectory=__FINALPATH__/jitsi-videobridge/
-ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-localhost} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS}"
+ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-localhost} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS} < /dev/null >> ${LOGFILE} 2>&1"
 ExecStartPost=/bin/bash -c "echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridge.pid"

 [Install]
--- a/conf/metronome.cfg.lua
+++ b/conf/metronome.cfg.lua
@ -10,8 +10,8 @@ muc_mapper_domain_base = "__DOMAIN__";
 turncredentials_secret = "__TURN_SECRET__";

 turncredentials = {
-  { type = "stun", host = "__DOMAIN__", port = "443" },
-  { type = "turn", host = "__DOMAIN__", port = "443", transport = "udp" },
+  { type = "stun", host = "__DOMAIN__", port = "4446" },
+  { type = "turn", host = "__DOMAIN__", port = "4446", transport = "udp" },
  { type = "turns", host = "__DOMAIN__", port = "443", transport = "tcp" }
 };

@ -19,20 +19,20 @@ cross_domain_bosh = false;
 consider_bosh_secure = true;

 VirtualHost "__DOMAIN__"
-	-- enabled = false -- Remove this line to enable this host
-	authentication = "anonymous"
+    -- enabled = false -- Remove this line to enable this host
+    authentication = "anonymous"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        --app_id="example_app_id"
        --app_secret="example_app_secret"
-	-- Assign this host a certificate for TLS, otherwise it would use the one
-	-- set in the global section (if any).
-	-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-	-- use the global one.
-	ssl = {
-		key = "/etc/yunohost/certs/__DOMAIN__/key.pem";
-		certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem";
-	}
+    -- Assign this host a certificate for TLS, otherwise it would use the one
+    -- set in the global section (if any).
+    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
+    -- use the global one.
+    ssl = {
+        key = "/etc/yunohost/certs/__DOMAIN__/key.pem";
+        certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem";
+    }
    speakerstats_component = "speakerstats.__DOMAIN__"
    conference_duration_component = "conferenceduration.__DOMAIN__"
    -- we need bosh
@ -64,22 +64,16 @@ Component "internal.auth.__DOMAIN__" "muc"
      "ping";
    }
    admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" }
+    muc_room_locking = false
+    muc_room_default_public_jids = true

 VirtualHost "auth.__DOMAIN__"
-	ssl = {
-		key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem";
-		certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem";
-	}
-	authentication = "ldap2"
-	ldap = {
-		hostname      = "localhost",
-		user = {
-			basedn        = "ou=users,dc=yunohost,dc=org",
-            filter        = "(&(objectClass=posixAccount)(mail=*@auth.__DOMAIN__)(permission=cn=xmpp.main,ou=permission,dc=yunohost,dc=org))",
-			usernamefield = "mail",
-			namefield     = "cn",
-		},
-	}
+    ssl = {
+        key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem";
+        certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem";
+    }
+    storage = "internal"
+    authentication = "internal_plain"

 Component "focus.__DOMAIN__"
    component_secret = "__FOCUS_SECRET__"
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -7,9 +7,8 @@ ssi_types application/x-javascript application/javascript;
 index index.html index.htm;
 error_page 404 /static/404.html;

-
 location = /config.js {
-    alias /etc/__NAME__/meet/config.js;
+    alias /etc/__NAME__/meet/__DOMAIN__-config.js;
 }

 location = /external_api.js {
@ -52,7 +51,8 @@ location ~ ^/([^/?&:'"]+)/config.js$
 {
   set $subdomain "$1.";
   set $subdir "$1/";
-   alias __FINALPATH__/jitsi-meet-web/config.js;
+   
+   alias /etc/__NAME__/meet/__DOMAIN__-config.js;
 }

 #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
--- a/scripts/install
+++ b/scripts/install
@ -167,8 +167,8 @@ ynh_print_info --message="Configuring metronome..."

 # Create focus user
 yunohost domain add auth.$domain
-yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0
-yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0
+# yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0
+# yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0

 # Add Metronome domain conf template
 metronome_conf="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua"
@ -190,6 +190,9 @@ yunohost tools regen-conf metronome --force

 ynh_systemd_action --service_name=metronome --action=restart

+metronomectl adduser $focus_user@auth.$domain $focus_password || true
+metronomectl adduser $videobridge_user@auth.$domain $videobridge_secret || true
+
 #=================================================
 # CONFIGURE JITSI-VIDEOBRIDGE
 #=================================================
@ -220,6 +223,17 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
 jitsi_videobridge_logging_conf="/etc/$app/videobridge/logging.properties"
 cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf"

+jitsi_videobridge_callstats_java_sdk_conf="/etc/$app/videobridge/callstats-java-sdk.properties"
+cp ../conf/jitsi-videobridge-callstats-java-sdk.properties "$jitsi_videobridge_callstats_java_sdk_conf"
+
+jitsi_videobridge_log4j2_conf="/etc/$app/videobridge/log4j2.xml"
+cp ../conf/jitsi-videobridge-log4j2.xml "$jitsi_videobridge_log4j2_conf"
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_log4j2_conf"
+
+jitsi_videobridge_20_jvb_udp_buffers_conf="/etc/sysctl.d/20-jvb-udp-buffers.conf"
+cp ../conf/jitsi-videobridge-20-jvb-udp-buffers.conf "$jitsi_videobridge_20_jvb_udp_buffers_conf"
+sysctl --system || true
+
 #=================================================
 # CONFIGURE JITSI-JICOFO
 #=================================================
@ -250,7 +264,7 @@ ynh_print_info --message="Configuring Jitsi-Meet..."

 mkdir -p "/etc/$app/meet"

-jitsi_meet_conf="/etc/$app/meet/config.js"
+jitsi_meet_conf="/etc/$app/meet/$domain-config.js"
 cp ../conf/config.js "$jitsi_meet_conf"
 ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_meet_conf"

@ -295,6 +309,7 @@ ynh_print_info --message="Securing files and directories..."
 chown -R $app: $final_path
 chown -R $app: /etc/$app
 chown -R $app: /var/log/$app
+chmod -R 770 /var/log/$app

 #=================================================
 # SETUP LOGROTATE
--- a/scripts/remove
+++ b/scripts/remove
@ -117,6 +117,9 @@ fi
 #=================================================
 ynh_print_info --message="Reconfiguring Metronome..."

+metronomectl deluser $focus_user@auth.$domain || true
+metronomectl deluser $videobridge_user@auth.$domain || true
+
 # Remove domain conf template
 ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua"
 ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua"
@ -131,8 +134,8 @@ ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app
 yunohost tools regen-conf metronome --force

 # Delete focus user
-yunohost user delete $focus_user --purge
-yunohost user delete $videobridge_user --purge
+# yunohost user delete $focus_user --purge
+# yunohost user delete $videobridge_user --purge
 yunohost domain remove auth.$domain

 #=================================================
@ -143,6 +146,9 @@ ynh_print_info --message="Removing the config..."
 # Remove the log files
 ynh_secure_remove --file="/etc/$app"

+ynh_secure_remove --file="/etc/sysctl.d/20-jvb-udp-buffers.conf"
+sysctl --system || true
+
 #=================================================
 # REMOVE THE LOG FILES
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -220,6 +220,17 @@ then
 	ynh_backup_if_checksum_is_different --file="$jitsi_videobridge_logging_conf"
 	cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf"
 	ynh_store_file_checksum --file="$jitsi_videobridge_logging_conf"
+
+	jitsi_videobridge_callstats_java_sdk_conf="/etc/$app/videobridge/callstats-java-sdk.properties"
+	cp ../conf/jitsi-videobridge-callstats-java-sdk.properties "$jitsi_videobridge_callstats_java_sdk_conf"
+
+	jitsi_videobridge_log4j2_conf="/etc/$app/videobridge/log4j2.xml"
+	cp ../conf/jitsi-videobridge-log4j2.xml "$jitsi_videobridge_log4j2_conf"
+	ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_log4j2_conf"
+
+	jitsi_videobridge_20_jvb_udp_buffers_conf="/etc/sysctl.d/videobridge/20-jvb-udp-buffers.conf"
+	cp ../conf/jitsi-videobridge-20-jvb-udp-buffers.conf "$jitsi_videobridge_20_jvb_udp_buffers_conf"
+	sysctl --system || true
 fi

 #=================================================
@ -295,6 +306,8 @@ ynh_print_info --message="Securing files and directories..."
 # Set permissions on app files
 chown -R root: $final_path
 chown -R $app: /etc/$app
+chown -R $app: /var/log/$app
+chmod -R 770 /var/log/$app

 #=================================================
 # SETUP SSOWAT