From 14fee3be31496f855151085030266b01384a47cd Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 15 Apr 2020 08:50:39 +0200 Subject: [PATCH] Upgrade following .deb steps --- conf/config.js | 20 ++++---- conf/jitsi-jicofo.config | 2 +- conf/jitsi-jicofo.service | 7 ++- .../jitsi-videobridge-20-jvb-udp-buffers.conf | 3 ++ ...-videobridge-callstats-java-sdk.properties | 5 ++ conf/jitsi-videobridge-log4j2.xml | 33 +++++++++++++ ...si-videobridge-sip-communicator.properties | 4 -- conf/jitsi-videobridge.config | 2 +- conf/jitsi-videobridge.service | 10 ++-- conf/metronome.cfg.lua | 46 ++++++++----------- conf/nginx.conf | 6 +-- scripts/install | 21 +++++++-- scripts/remove | 10 +++- scripts/upgrade | 13 ++++++ 14 files changed, 124 insertions(+), 58 deletions(-) create mode 100644 conf/jitsi-videobridge-20-jvb-udp-buffers.conf create mode 100644 conf/jitsi-videobridge-callstats-java-sdk.properties create mode 100644 conf/jitsi-videobridge-log4j2.xml diff --git a/conf/config.js b/conf/config.js index 347409d..10e04c1 100644 --- a/conf/config.js +++ b/conf/config.js @@ -24,7 +24,7 @@ var config = { // focus: 'focus.__DOMAIN__', // XMPP MUC domain. FIXME: use XEP-0030 to discover it. - muc: 'conference.__DOMAIN__' + muc: 'conference.__DOMAIN__' }, // BOSH URL. FIXME: use XEP-0156 to discover it. @@ -44,9 +44,6 @@ var config = { // testing: { - // Enables experimental simulcast support on Firefox. - enableFirefoxSimulcast: false, - // P2P test mode disables automatic switching to P2P when there are 2 // participants in the conference. p2pTestMode: false @@ -111,11 +108,10 @@ var config = { // w3c spec-compliant video constraints to use for video capture. Currently // used by browsers that return true from lib-jitsi-meet's // util#browser#usesNewGumFlow. The constraints are independent from - // this config's resolution value. Defaults to requesting an ideal aspect - // ratio of 16:9 with an ideal resolution of 720. + // this config's resolution value. Defaults to requesting an ideal + // resolution of 720p. // constraints: { // video: { - // aspectRatio: 16 / 9, // height: { // ideal: 720, // max: 720, @@ -343,7 +339,7 @@ var config = { // The STUN servers that will be used in the peer to peer connections stunServers: [ - // { urls: 'stun:__DOMAIN__:443' }, + // { urls: 'stun:__DOMAIN__:4446' }, { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } ], @@ -452,6 +448,14 @@ var config = { // the menu has option to flip the locally seen video for local presentations // disableLocalVideoFlip: false, + // Mainly privacy related settings + + // Disables all invite functions from the app (share, invite, dial out...etc) + // disableInviteFunctions: true, + + // Disables storing the room name to the recents list + // doNotStoreRoom: true, + // Deployment specific URLs. // deploymentUrls: { // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for diff --git a/conf/jitsi-jicofo.config b/conf/jitsi-jicofo.config index f0c030c..baf16d5 100644 --- a/conf/jitsi-jicofo.config +++ b/conf/jitsi-jicofo.config @@ -24,4 +24,4 @@ JICOFO_AUTH_PASSWORD=__FOCUS_PASSWORD__ JICOFO_OPTS="" # adds java system props that are passed to jicofo (default are for home and logging config file) -JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties" +JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties" diff --git a/conf/jitsi-jicofo.service b/conf/jitsi-jicofo.service index 5346ddc..339d861 100644 --- a/conf/jitsi-jicofo.service +++ b/conf/jitsi-jicofo.service @@ -3,12 +3,11 @@ Description=jitsi-jicofo After=network.target [Service] -Type=simple -User=__APP__ -Group=__APP__ EnvironmentFile=/etc/__APP__/jicofo/config +Environment=LOGFILE=/var/log/__APP__/jitsi-jicofo.log +User=__APP__ WorkingDirectory=__FINALPATH__/jicofo/ -ExecStart=/bin/bash -c "exec __FINALPATH__/jicofo/jicofo.sh --host=$JICOFO_HOST --domain=$JICOFO_HOSTNAME --port=$JICOFO_PORT --secret=$JICOFO_SECRET --user_name=$JICOFO_AUTH_USER --user_domain=$JICOFO_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD $JICOFO_OPTS" +ExecStart=/bin/bash -c "exec __FINALPATH__/jicofo/jicofo.sh --host=${JICOFO_HOST} --domain=${JICOFO_HOSTNAME} --port=${JICOFO_PORT} --secret=${JICOFO_SECRET} --user_name=${JICOFO_AUTH_USER} --user_domain=${JICOFO_AUTH_DOMAIN} --user_password=${JICOFO_AUTH_PASSWORD} ${JICOFO_OPTS} < /dev/null >> ${LOGFILE} 2>&1" [Install] WantedBy=multi-user.target diff --git a/conf/jitsi-videobridge-20-jvb-udp-buffers.conf b/conf/jitsi-videobridge-20-jvb-udp-buffers.conf new file mode 100644 index 0000000..4d8b81f --- /dev/null +++ b/conf/jitsi-videobridge-20-jvb-udp-buffers.conf @@ -0,0 +1,3 @@ +# this sets the max, so that we can bump the JVB UDP single port buffer size. +net.core.rmem_max=10485760 +net.core.netdev_max_backlog=100000 diff --git a/conf/jitsi-videobridge-callstats-java-sdk.properties b/conf/jitsi-videobridge-callstats-java-sdk.properties new file mode 100644 index 0000000..8fe294e --- /dev/null +++ b/conf/jitsi-videobridge-callstats-java-sdk.properties @@ -0,0 +1,5 @@ +CallStats.BaseURL = https://collector.callstats.io:443 +CallStats.AuthTimeOut = 5000 +CallStats.ConnectionTimeOut = 30000 +CallStats.SOTimeOut = 30000 +CallStats.keepAliveInterval = 1000 diff --git a/conf/jitsi-videobridge-log4j2.xml b/conf/jitsi-videobridge-log4j2.xml new file mode 100644 index 0000000..38f6202 --- /dev/null +++ b/conf/jitsi-videobridge-log4j2.xml @@ -0,0 +1,33 @@ + + + + /var/log/__APP__ + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/conf/jitsi-videobridge-sip-communicator.properties b/conf/jitsi-videobridge-sip-communicator.properties index f0041e3..b87feb4 100644 --- a/conf/jitsi-videobridge-sip-communicator.properties +++ b/conf/jitsi-videobridge-sip-communicator.properties @@ -1,7 +1,3 @@ -org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false -org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__ -org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=__PRIVATE_IPV4__ -org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=__PUBLIC_IPV4__ org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 org.jitsi.videobridge.ENABLE_STATISTICS=true diff --git a/conf/jitsi-videobridge.config b/conf/jitsi-videobridge.config index 5b8ffed..8dd4059 100644 --- a/conf/jitsi-videobridge.config +++ b/conf/jitsi-videobridge.config @@ -17,4 +17,4 @@ JVB_OPTS="--apis=," # adds java system props that are passed to jvb (default are for home and logging config file) -JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties" +JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties" diff --git a/conf/jitsi-videobridge.service b/conf/jitsi-videobridge.service index 8f7cb9a..5d64ba7 100644 --- a/conf/jitsi-videobridge.service +++ b/conf/jitsi-videobridge.service @@ -1,16 +1,14 @@ [Unit] -Description=jitsi-videobridge +Description=__APP__ Videobridge After=network.target [Service] -Type=simple -User=__APP__ -Group=__APP__ SuccessExitStatus=143 # allow bind to 80 and 443 AmbientCapabilities=CAP_NET_BIND_SERVICE EnvironmentFile=/etc/__APP__/videobridge/config -Environment=LOGFILE=/var/log/jitsi/jvb.log +Environment=LOGFILE=/var/log/__APP__/jitsi-videobridge.log +User=__APP__ RuntimeDirectory=jitsi-videobridge RuntimeDirectoryMode=0750 PIDFile=/var/run/jitsi-videobridge/jitsi-videobridge.pid @@ -20,7 +18,7 @@ TasksMax=65000 LimitNPROC=65000 LimitNOFILE=65000 WorkingDirectory=__FINALPATH__/jitsi-videobridge/ -ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-localhost} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS}" +ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=$${JVB_HOST:-localhost} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS} < /dev/null >> ${LOGFILE} 2>&1" ExecStartPost=/bin/bash -c "echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridge.pid" [Install] diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 9a2ba23..8f5215c 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -10,8 +10,8 @@ muc_mapper_domain_base = "__DOMAIN__"; turncredentials_secret = "__TURN_SECRET__"; turncredentials = { - { type = "stun", host = "__DOMAIN__", port = "443" }, - { type = "turn", host = "__DOMAIN__", port = "443", transport = "udp" }, + { type = "stun", host = "__DOMAIN__", port = "4446" }, + { type = "turn", host = "__DOMAIN__", port = "4446", transport = "udp" }, { type = "turns", host = "__DOMAIN__", port = "443", transport = "tcp" } }; @@ -19,20 +19,20 @@ cross_domain_bosh = false; consider_bosh_secure = true; VirtualHost "__DOMAIN__" - -- enabled = false -- Remove this line to enable this host - authentication = "anonymous" + -- enabled = false -- Remove this line to enable this host + authentication = "anonymous" -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" --app_id="example_app_id" --app_secret="example_app_secret" - -- Assign this host a certificate for TLS, otherwise it would use the one - -- set in the global section (if any). - -- Note that old-style SSL on port 5223 only supports one certificate, and will always - -- use the global one. - ssl = { - key = "/etc/yunohost/certs/__DOMAIN__/key.pem"; - certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem"; - } + -- Assign this host a certificate for TLS, otherwise it would use the one + -- set in the global section (if any). + -- Note that old-style SSL on port 5223 only supports one certificate, and will always + -- use the global one. + ssl = { + key = "/etc/yunohost/certs/__DOMAIN__/key.pem"; + certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem"; + } speakerstats_component = "speakerstats.__DOMAIN__" conference_duration_component = "conferenceduration.__DOMAIN__" -- we need bosh @@ -64,22 +64,16 @@ Component "internal.auth.__DOMAIN__" "muc" "ping"; } admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" } + muc_room_locking = false + muc_room_default_public_jids = true VirtualHost "auth.__DOMAIN__" - ssl = { - key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem"; - certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem"; - } - authentication = "ldap2" - ldap = { - hostname = "localhost", - user = { - basedn = "ou=users,dc=yunohost,dc=org", - filter = "(&(objectClass=posixAccount)(mail=*@auth.__DOMAIN__)(permission=cn=xmpp.main,ou=permission,dc=yunohost,dc=org))", - usernamefield = "mail", - namefield = "cn", - }, - } + ssl = { + key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem"; + certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem"; + } + storage = "internal" + authentication = "internal_plain" Component "focus.__DOMAIN__" component_secret = "__FOCUS_SECRET__" diff --git a/conf/nginx.conf b/conf/nginx.conf index ad832ab..fc29336 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,9 +7,8 @@ ssi_types application/x-javascript application/javascript; index index.html index.htm; error_page 404 /static/404.html; - location = /config.js { - alias /etc/__NAME__/meet/config.js; + alias /etc/__NAME__/meet/__DOMAIN__-config.js; } location = /external_api.js { @@ -52,7 +51,8 @@ location ~ ^/([^/?&:'"]+)/config.js$ { set $subdomain "$1."; set $subdir "$1/"; - alias __FINALPATH__/jitsi-meet-web/config.js; + + alias /etc/__NAME__/meet/__DOMAIN__-config.js; } #Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / diff --git a/scripts/install b/scripts/install index d895959..78da6da 100644 --- a/scripts/install +++ b/scripts/install @@ -167,8 +167,8 @@ ynh_print_info --message="Configuring metronome..." # Create focus user yunohost domain add auth.$domain -yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 -yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0 +# yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 +# yunohost user create $videobridge_user -f $videobridge_user -l $videobridge_user -m ${videobridge_user}@auth.$domain -p $videobridge_secret -q 0 # Add Metronome domain conf template metronome_conf="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" @@ -190,6 +190,9 @@ yunohost tools regen-conf metronome --force ynh_systemd_action --service_name=metronome --action=restart +metronomectl adduser $focus_user@auth.$domain $focus_password || true +metronomectl adduser $videobridge_user@auth.$domain $videobridge_secret || true + #================================================= # CONFIGURE JITSI-VIDEOBRIDGE #================================================= @@ -220,6 +223,17 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil jitsi_videobridge_logging_conf="/etc/$app/videobridge/logging.properties" cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf" +jitsi_videobridge_callstats_java_sdk_conf="/etc/$app/videobridge/callstats-java-sdk.properties" +cp ../conf/jitsi-videobridge-callstats-java-sdk.properties "$jitsi_videobridge_callstats_java_sdk_conf" + +jitsi_videobridge_log4j2_conf="/etc/$app/videobridge/log4j2.xml" +cp ../conf/jitsi-videobridge-log4j2.xml "$jitsi_videobridge_log4j2_conf" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_log4j2_conf" + +jitsi_videobridge_20_jvb_udp_buffers_conf="/etc/sysctl.d/20-jvb-udp-buffers.conf" +cp ../conf/jitsi-videobridge-20-jvb-udp-buffers.conf "$jitsi_videobridge_20_jvb_udp_buffers_conf" +sysctl --system || true + #================================================= # CONFIGURE JITSI-JICOFO #================================================= @@ -250,7 +264,7 @@ ynh_print_info --message="Configuring Jitsi-Meet..." mkdir -p "/etc/$app/meet" -jitsi_meet_conf="/etc/$app/meet/config.js" +jitsi_meet_conf="/etc/$app/meet/$domain-config.js" cp ../conf/config.js "$jitsi_meet_conf" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$jitsi_meet_conf" @@ -295,6 +309,7 @@ ynh_print_info --message="Securing files and directories..." chown -R $app: $final_path chown -R $app: /etc/$app chown -R $app: /var/log/$app +chmod -R 770 /var/log/$app #================================================= # SETUP LOGROTATE diff --git a/scripts/remove b/scripts/remove index 2573e92..b5ca851 100644 --- a/scripts/remove +++ b/scripts/remove @@ -117,6 +117,9 @@ fi #================================================= ynh_print_info --message="Reconfiguring Metronome..." +metronomectl deluser $focus_user@auth.$domain || true +metronomectl deluser $videobridge_user@auth.$domain || true + # Remove domain conf template ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua" ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" @@ -131,8 +134,8 @@ ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app yunohost tools regen-conf metronome --force # Delete focus user -yunohost user delete $focus_user --purge -yunohost user delete $videobridge_user --purge +# yunohost user delete $focus_user --purge +# yunohost user delete $videobridge_user --purge yunohost domain remove auth.$domain #================================================= @@ -143,6 +146,9 @@ ynh_print_info --message="Removing the config..." # Remove the log files ynh_secure_remove --file="/etc/$app" +ynh_secure_remove --file="/etc/sysctl.d/20-jvb-udp-buffers.conf" +sysctl --system || true + #================================================= # REMOVE THE LOG FILES #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 80d6b4a..11fe459 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -220,6 +220,17 @@ then ynh_backup_if_checksum_is_different --file="$jitsi_videobridge_logging_conf" cp ../conf/jitsi-videobridge-logging.properties "$jitsi_videobridge_logging_conf" ynh_store_file_checksum --file="$jitsi_videobridge_logging_conf" + + jitsi_videobridge_callstats_java_sdk_conf="/etc/$app/videobridge/callstats-java-sdk.properties" + cp ../conf/jitsi-videobridge-callstats-java-sdk.properties "$jitsi_videobridge_callstats_java_sdk_conf" + + jitsi_videobridge_log4j2_conf="/etc/$app/videobridge/log4j2.xml" + cp ../conf/jitsi-videobridge-log4j2.xml "$jitsi_videobridge_log4j2_conf" + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$jitsi_videobridge_log4j2_conf" + + jitsi_videobridge_20_jvb_udp_buffers_conf="/etc/sysctl.d/videobridge/20-jvb-udp-buffers.conf" + cp ../conf/jitsi-videobridge-20-jvb-udp-buffers.conf "$jitsi_videobridge_20_jvb_udp_buffers_conf" + sysctl --system || true fi #================================================= @@ -295,6 +306,8 @@ ynh_print_info --message="Securing files and directories..." # Set permissions on app files chown -R root: $final_path chown -R $app: /etc/$app +chown -R $app: /var/log/$app +chmod -R 770 /var/log/$app #================================================= # SETUP SSOWAT