From 76513fcae2e9e29c4563beb47bf354dd7a0a4544 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 14 Jul 2019 01:17:46 +0200 Subject: [PATCH] fix ports --- README.md | 4 +- conf/jitsi-videobridge.service | 2 +- conf/metronome.cfg.lua | 13 ++++++- conf/nginx.conf | 11 ++++++ scripts/backup | 11 ++++++ scripts/install | 28 ++++++++++---- scripts/remove | 15 ++++++- scripts/restore | 51 ++++++++++++++++++++++++ scripts/upgrade | 71 ++++++++++++++++++++++------------ 9 files changed, 167 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 94848c5..f90b3df 100644 --- a/README.md +++ b/README.md @@ -16,12 +16,12 @@ Jitsi Meet is an open-source (Apache) WebRTC JavaScript application that uses Ji ## Important points to read before installing 1. **Jitsi** require a dedicated **root domain**, eg. jitsi.domain.tld -1. **Jitsi** require your create additionals dns names in your dns that goes to your YunoHost +2. **Jitsi** require your create additionals dns names in your dns that goes to your YunoHost * auth.jitsi.domain.tld * conference.jitsi.domain.tld * jitsi-videobridge.jitsi.domain.tld * focus.jitsi.domain.tld -1. **Jitsi** require the ports TCP/4443 and UDP/10000 been redirected to your YunoHost +3. **Jitsi** require the ports TCP/4443 and UDP/10000 been redirected to your YunoHost ## Screenshots diff --git a/conf/jitsi-videobridge.service b/conf/jitsi-videobridge.service index eff4a51..07bbd1d 100644 --- a/conf/jitsi-videobridge.service +++ b/conf/jitsi-videobridge.service @@ -7,7 +7,7 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/jitsi-videobridge/ -ExecStart=__FINALPATH__/jitsi-videobridge/jvb.sh --host=127.0.0.1 --domain=__DOMAIN__ --port=__PORT_VIDEOBRIDGE__ --secret=__VIDEOBRIDGE_SECRET__ > /var/log/jvb.log 2>&1 +ExecStart=__FINALPATH__/jitsi-videobridge/jvb.sh --host=127.0.0.1 --domain=__DOMAIN__ --port=__PORT_COMPONENT__ --secret=__VIDEOBRIDGE_SECRET__ > /var/log/jvb.log 2>&1 [Install] WantedBy=multi-user.target diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index 8b4a603..84e7901 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -22,7 +22,7 @@ admins = { "focus__APP__@auth.__DOMAIN__" } daemonize = true cross_domain_bosh = true; -component_ports = { __PORT_VIDEOBRIDGE__ } +component_ports = { __PORT_COMPONENT__ } --component_interface = "192.168.0.10" -- Enable use of libevent for better performance under high load @@ -186,7 +186,16 @@ VirtualHost "auth.__DOMAIN__" key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem"; certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem"; } - authentication = "internal_plain" + authentication = "ldap2" + ldap = { + hostname = "localhost", + user = { + basedn = "ou=users,dc=yunohost,dc=org", + filter = "(&(objectClass=posixAccount)(mail=*@auth.__DOMAIN__))", + usernamefield = "mail", + namefield = "cn", + }, + } ------ Components ------ -- You can specify components to add hosts that provide special services, diff --git a/conf/nginx.conf b/conf/nginx.conf index c07285c..fe1efbc 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -19,6 +19,7 @@ location ~ ^/([a-zA-Z0-9=\?]+)$ { rewrite ^/(.*)$ / break; } +# BOSH location __PATH__/http-bind { proxy_pass http://localhost:5290/http-bind; proxy_set_header X-Forwarded-For $remote_addr; @@ -27,3 +28,13 @@ location __PATH__/http-bind { tcp_nodelay on; access_log off; } + +# xmpp websockets +location /xmpp-websocket { + proxy_pass http://localhost:5280/xmpp-websocket; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + tcp_nodelay on; +} diff --git a/scripts/backup b/scripts/backup index c2e9a9d..972487e 100644 --- a/scripts/backup +++ b/scripts/backup @@ -63,6 +63,17 @@ ynh_script_progression --message="Backing up logrotate configuration..." --time ynh_backup --src_path="/etc/logrotate.d/$app" +#================================================= +# BACKUP METRONOME CONFIG +#================================================= +ynh_script_progression --message="Backing up Metronome configuration..." --time --weight=1 + +ynh_backup --src_path="/etc/metronome/conf.d/$domain.cfg.lua" + +ynh_backup --src_path="/usr/lib/metronome/modules/mod_carbons.lua" +ynh_backup --src_path="/usr/lib/metronome/modules/mod_http_altconnect.lua" +# ynh_backup --src_path="/usr/lib/metronome/modules/mod_smacks.lua" + #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/install b/scripts/install index 0166f5a..056d313 100644 --- a/scripts/install +++ b/scripts/install @@ -36,7 +36,7 @@ videobridge_secret=$(ynh_string_random --length=8) #YOURSECRET2 focus_secret=$(ynh_string_random --length=8) -focus_user=${app}focus +focus_user="svc${app}focus" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS @@ -77,11 +77,17 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_app_setting_set --app=$app --key=port --value=$port # Find a free port -port_videobridge=$(ynh_find_port --port=5347) +port_videobridge=$(ynh_find_port --port=10000) # Open this port -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port +ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge ynh_app_setting_set --app=$app --key=port_videobridge --value=$port_videobridge +# Find a free port +port_component=$(ynh_find_port --port=5347) +# Open this port +ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component +ynh_app_setting_set --app=$app --key=port_component --value=$port_component + #================================================= # INSTALL DEPENDENCIES #================================================= @@ -127,6 +133,13 @@ ynh_script_progression --message="Configuring metronome..." --time --weight=1 # Create additional domains #yunohost domain add auth.$domain +#yunohost domain add conference.$domain +#yunohost domain add jitsi-videobridge.$domain +#yunohost domain add focus.$domain +#yunohost domain cert-install auth.$domain +#yunohost domain cert-install conference.$domain +#yunohost domain cert-install jitsi-videobridge.$domain +#yunohost domain cert-install focus.$domain # Create focus user yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 @@ -144,15 +157,13 @@ ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --targ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome" ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome" ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome" -ynh_replace_string --match_string="__PORT_VIDEOBRIDGE__" --replace_string="$port_videobridge" --target_file="$metronome" +ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome" chown -R metronome:metronome "/etc/metronome/conf.d/" cp ../conf/mod_carbons.lua /usr/lib/metronome/modules/mod_carbons.lua cp ../conf/mod_http_altconnect.lua /usr/lib/metronome/modules/mod_http_altconnect.lua #cp ../conf/mod_smacks.lua /usr/lib/metronome/modules/mod_smacks.lua -#metronomectl adduser focusjitsi auth.test31.yh.yalh.net OCL1sd7d - ynh_systemd_action --service_name=metronome --action=restart #================================================= @@ -177,6 +188,8 @@ unzip $final_path/jitsi-jicofo-build/target/jicofo-linux-x64-1.1-SNAPSHOT.zip -d mv $final_path/jicofo-linux-x64-1.1-SNAPSHOT/ $final_path/jitsi-jicofo/ +ynh_secure_remove --file="$final_path/jitsi-jicofo-build" + #================================================= # BUILD JITSI-MEET #================================================= @@ -190,7 +203,6 @@ popd mv "$final_path/jitsi-meet_temp/usr/share/jitsi-meet/" "$final_path/jitsi-meet/" ynh_secure_remove --file="$final_path/jitsi-meet_temp" - config="$final_path/jitsi-meet/config.js" cp ../conf/config.js "$config" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" @@ -203,7 +215,7 @@ ynh_script_progression --message="Configuring a systemd service..." --time --wei # Create a dedicated systemd config ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-videobridge.service" ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="../conf/jitsi-videobridge.service" -ynh_replace_string --match_string="__PORT_VIDEOBRIDGE__" --replace_string="$port_videobridge" --target_file="../conf/jitsi-videobridge.service" +ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-videobridge.service" ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service" diff --git a/scripts/remove b/scripts/remove index 524f4b9..508fd29 100644 --- a/scripts/remove +++ b/scripts/remove @@ -19,6 +19,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) +port_component=$(ynh_app_setting_get --app=$app --key=port_component) final_path=$(ynh_app_setting_get --app=$app --key=final_path) focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) @@ -97,14 +98,21 @@ fi if yunohost firewall list | grep -q "\- $port_videobridge$" then ynh_script_progression --message="Closing port $port_videobridge..." - ynh_exec_warn_less yunohost firewall disallow TCP $port_videobridge + ynh_exec_warn_less yunohost firewall disallow UDP $port_videobridge +fi + +if yunohost firewall list | grep -q "\- $port_component$" +then + ynh_script_progression --message="Closing port $port_component..." + ynh_exec_warn_less yunohost firewall disallow TCP $port_component fi #================================================= # SPECIFIC REMOVE #================================================= -# REMOVE METRONOME +# RECONFIGURE METRONOME #================================================= +ynh_script_progression --message="Reconfiguring Metronome..." --time --weight=1 # Reconfigure metronome ynh_secure_remove --file="/etc/metronome/conf.d/$domain.cfg.lua" @@ -125,6 +133,9 @@ yunohost user delete $focus_user --purge # Removing additional domains #yunohost domain remove auth.$domain +#yunohost domain remove conference.$domain +#yunohost domain remove jitsi-videobridge.$domain +#yunohost domain remove focus.$domain #================================================= # REMOVE THE CRON FILE diff --git a/scripts/restore b/scripts/restore index c3e3075..3ede92a 100644 --- a/scripts/restore +++ b/scripts/restore @@ -31,6 +31,13 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) +focus_password=$(ynh_app_setting_get --app=$app --key=focus_password) + +port=$(ynh_app_setting_get --app=$app --key=port) +port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) +port_component=$(ynh_app_setting_get --app=$app --key=port_component) + #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= @@ -83,6 +90,50 @@ ynh_install_app_dependencies $pkg_dependencies ynh_install_nodejs --nodejs_version=10 +#================================================= +# CONFIGURE FIREWALL +#================================================= +ynh_script_progression --message="Configuring firewall..." --time --weight=1 + +# Open this port +ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port +ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge +ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component + +#================================================= +# CONFIGURE METRONOME +#================================================= +ynh_script_progression --message="Configuring metronome..." --time --weight=1 + +# Create additional domains +#yunohost domain add auth.$domain +#yunohost domain add conference.$domain +#yunohost domain add jitsi-videobridge.$domain +#yunohost domain add focus.$domain +#yunohost domain cert-install auth.$domain +#yunohost domain cert-install conference.$domain +#yunohost domain cert-install jitsi-videobridge.$domain +#yunohost domain cert-install focus.$domain + +# Create focus user +yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0 + +# Configure metronome +mv /etc/metronome/conf.d/$domain.cfg.lua /etc/metronome/conf.d/$domain.cfg.lua.back +mv /etc/metronome/conf.d/auth.$domain.cfg.lua /etc/metronome/conf.d/auth.$domain.cfg.lua.back +mv /etc/metronome/conf.d/conference.$domain.cfg.lua /etc/metronome/conf.d/conference.$domain.cfg.lua.back +mv /etc/metronome/conf.d/jitsi-videobridge.$domain.cfg.lua /etc/metronome/conf.d/jitsi-videobridge.$domain.cfg.lua.back +mv /etc/metronome/conf.d/focus.$domain.cfg.lua /etc/metronome/conf.d/focus.$domain.cfg.lua.back + +ynh_restore_file --origin_path="/etc/metronome/conf.d/$domain.cfg.lua" +chown -R metronome:metronome "/etc/metronome/conf.d/" + +ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_carbons.lua" +ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_http_altconnect.lua" +# ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_smacks.lua" + +ynh_systemd_action --service_name=metronome --action=restart + #================================================= # RESTORE SYSTEMD #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 2dec153..fc52f2d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,10 +20,12 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -focus_password=$(ynh_app_setting_get --app=$app --key=$focus_password) videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret) focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret) -port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) +port_component=$(ynh_app_setting_get --app=$app --key=port_component) + +focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) +focus_password=$(ynh_app_setting_get --app=$app --key=focus_password) #================================================= # CHECK VERSION @@ -76,8 +78,8 @@ then # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path/jitsi-videobridge" --source_id=jitsi-videobridge - ynh_setup_source --dest_dir="$final_path/jitsi-jicofo" --source_id=jitsi-jicofo - ynh_setup_source --dest_dir="$final_path/jitsi-meet" --source_id=jitsi-meet + ynh_setup_source --dest_dir="$final_path/jitsi-jicofo-build" --source_id=jitsi-jicofo + ynh_setup_source --dest_dir="$final_path/jitsi-meet_temp" --source_id=jitsi-meet fi #================================================= @@ -110,40 +112,59 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # BUILD JITSI-VIDEOBRIDGE #================================================= +ynh_script_progression --message="Building Jitsi-Videobridge..." --time --weight=1 -pushd "$final_path/jitsi-videobridge" - mvn compile exec:exec -Dexec.executable=java -Dexec.args="-cp %classpath org.jitsi.videobridge.Main --domain=\"$domain\" --host=\"localhost \" --port=\"$port_videobridge\" --secret=\"$videobridge_secret\" -Djava.library.path=$JVB_HOME/lib/native/linux-64 -Djava.util.logging.config.file=$JVB_HOME/lib/logging.properties -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.jitsi-videobridge " -popd +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + +fi #================================================= # BUILD JITSI-JICOFO #================================================= +ynh_script_progression --message="Building Jitsi-Jicofo..." --time --weight=1 -pushd "$final_path/jitsi-jicofo" - mvn package -DskipTests -Dassembly.skipAssembly=false -popd +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + pushd "$final_path/jitsi-jicofo-build" + mvn package -DskipTests -Dassembly.skipAssembly=false + popd + + unzip $final_path/jitsi-jicofo-build/target/jicofo-linux-x64-1.1-SNAPSHOT.zip -d $final_path + + ynh_secure_remove --file="$final_path/jitsi-jicofo/" + + mv $final_path/jicofo-linux-x64-1.1-SNAPSHOT/ $final_path/jitsi-jicofo/ + + ynh_secure_remove --file="$final_path/jitsi-jicofo-build" +fi #================================================= # BUILD JITSI-MEET #================================================= +ynh_script_progression --message="Building Jitsi-Meet..." --time --weight=1 -pushd "$final_path/jitsi-meet" - ynh_use_nodejs - npm install - make -popd -config="$final_path/jitsi-meet/config.js" -cp ../conf/config.js "$config" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + pushd "$final_path/jitsi-meet_temp" + ar x jitsi-meet-web.deb data.tar.xz + tar xf data.tar.xz + popd -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= + ynh_secure_remove --file="$final_path/jitsi-meet/" -ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE" -# Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="$config" + mv "$final_path/jitsi-meet_temp/usr/share/jitsi-meet/" "$final_path/jitsi-meet/" + ynh_secure_remove --file="$final_path/jitsi-meet_temp" + + config="$final_path/jitsi-meet/config.js" + ynh_backup_if_checksum_is_different --file="$config" + cp ../conf/config.js "$config" + ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" + + # Recalculate and store the checksum of the file for the next upgrade. + ynh_store_file_checksum --file="$config" +fi #================================================= # SETUP LOGROTATE @@ -161,10 +182,12 @@ ynh_script_progression --message="Upgrading systemd configuration..." --time --w # Create a dedicated systemd config ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-videobridge.service" ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="../conf/jitsi-videobridge.service" +ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-videobridge.service" ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service" ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="../conf/jitsi-jicofo.service" +ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="../conf/jitsi-jicofo.service" ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="../conf/jitsi-jicofo.service" ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service"