diff --git a/README.md b/README.md index f798be1..89d0672 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Vi * coturn.jitsi.domain.tld * focus.jitsi.domain.tld * jitsi-videobridge.jitsi.domain.tld -3. **Jitsi** requires the ports UDP/3478 TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) +3. **Jitsi** requires the ports TCP/5349 UDP/5349 TCP/5350 UDP/5350 TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) 4. **Jitsi** for YunoHost for now as some limitations: * Can only be used using Chrome/Chromium * Is limited to two participants diff --git a/conf/config.js b/conf/config.js index 973e95b..58184a3 100644 --- a/conf/config.js +++ b/conf/config.js @@ -350,7 +350,8 @@ var config = { // The STUN servers that will be used in the peer to peer connections stunServers: [ - { urls: 'stun:coturn.__DOMAIN__:__PORT_COTURN__' } + { urls: 'stun:coturn.__DOMAIN__:__PORT_COTURN_TLS__' } + { urls: 'stun:coturn.__DOMAIN__:__PORT_COTURN_ALT_TLS__' } // { urls: 'stun:stun.l.google.com:19302' }, // { urls: 'stun:stun1.l.google.com:19302' }, // { urls: 'stun:stun2.l.google.com:19302' } diff --git a/conf/coturn.conf b/conf/coturn.conf index c89bc27..a1d6dc2 100644 --- a/conf/coturn.conf +++ b/conf/coturn.conf @@ -1,15 +1,13 @@ # jitsi-meet coturn config. Do not modify this line lt-cred-mech use-auth-secret -keep-address-family static-auth-secret=__COTURN_PWD__ realm=__DOMAIN__ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem pkey=/etc/yunohost/certs/__DOMAIN__/key.pem no-tcp -listening-port=__PORT_COTURN__ tls-listening-port=__PORT_COTURN_TLS__ alt-tls-listening-port=__PORT_COTURN_ALT_TLS__ -external-ip=__IPV4__ -external-ip=__IPV6__ +external-ip=__PUBLIC_IPV4____PRIVATE_IPV4__ +external-ip=__PUBLIC_IPV6__ diff --git a/conf/metronome.cfg.lua b/conf/metronome.cfg.lua index eee5688..fa41ef3 100644 --- a/conf/metronome.cfg.lua +++ b/conf/metronome.cfg.lua @@ -230,11 +230,8 @@ Component "focus.__DOMAIN__" ------ COTURN configuration ------ turncredentials_secret = "__CORTURN_PWD__"; -turncredentials_port = __PORT_COTURN__; -turncredentials_ttl = 86400; turncredentials = { - { type = "stun", host = "coturn.__DOMAIN__", port = "__PORT_COTURN__" }, - { type = "turn", host = "coturn.__DOMAIN__", port = "__PORT_COTURN__", transport = "udp" }, - { type = "turns", host = "coturn.__DOMAIN__", port = "__PORT_COTURN__", transport = "tcp" } + { type = "turns", host = "coturn.__DOMAIN__", port = "__PORT_COTURN_TLS__", transport = "tcp" }, + { type = "turns", host = "coturn.__DOMAIN__", port = "__PORT_COTURN_ALT_TLS__", transport = "tcp" } }; diff --git a/scripts/install b/scripts/install index 3b1e1c4..faa5388 100644 --- a/scripts/install +++ b/scripts/install @@ -86,26 +86,18 @@ ynh_app_setting_set --app=$app --key=port_videobridge --value=$port_videobridge # Find an available port port_component=$(ynh_find_port --port=5347) -# Open this port -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component ynh_app_setting_set --app=$app --key=port_component --value=$port_component -# Find an available port -port_coturn=$(ynh_find_port --port=3478) -# Open this port -ynh_exec_warn_less yunohost firewall allow UDP $port_coturn -ynh_app_setting_set --app=$app --key=port_coturn --value=$port_coturn - # Find an available port port_coturn_tls=$(ynh_find_port --port=5349) # Open this port -ynh_exec_warn_less yunohost firewall allow Both $port_coturn_tls +ynh_exec_warn_less yunohost firewall allow TCP $port_coturn_tls ynh_app_setting_set --app=$app --key=port_coturn_tls --value=$port_coturn_tls # Find an available port port_coturn_alt_tls=$(ynh_find_port --port=$((port_coturn_tls+1))) # Open this port -ynh_exec_warn_less yunohost firewall allow Both $port_coturn_alt_tls +ynh_exec_warn_less yunohost firewall allow TCP $port_coturn_alt_tls ynh_app_setting_set --app=$app --key=port_coturn_alt_tls --value=$port_coturn_alt_tls #================================================= @@ -159,28 +151,35 @@ cp ../conf/coturn.conf "$coturn_config" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$coturn_config" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$coturn_config" -ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$coturn_config" ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$coturn_config" ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$coturn_config" ynh_replace_string --match_string="__COTURN_PWD__" --replace_string="$coturn_pwd" --target_file="$coturn_config" -# Get public IP and set as external IP for coturn +# Get public and private IP and set as external IP for coturn # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 public_ipv4="$(curl ip.yunohost.org)" || true public_ip6="$(curl ipv6.yunohost.org)" || true +private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true if [ -n "$public_ipv4" ] && ynh_validate_ip4 --ip_address="$public_ipv4" then - ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ipv4" --target_file="$coturn_config" + ynh_replace_string --match_string='__PUBLIC_IPV4__' --replace_string="$public_ipv4" --target_file="$coturn_config" else - ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config" + ynh_replace_string --match_string='__PUBLIC_IPV4__,' --replace_string="" --target_file="$coturn_config" fi if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" then - ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config" + ynh_replace_string --match_string='__PUBLIC_IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config" else - ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config" + ynh_replace_string --match_string=',__PUBLIC_IPV6__' --replace_string="" --target_file="$coturn_config" +fi + +if [ -n "$private_ipv4" ] && ynh_validate_ip4 --ip_address="$private_ipv4" +then + ynh_replace_string --match_string='__PRIVATE_IPV4__' --replace_string="/$private_ipv4" --target_file="$coturn_config" +else + ynh_replace_string --match_string='__PRIVATE_IPV4__,' --replace_string="" --target_file="$coturn_config" fi ynh_store_file_checksum --file="$coturn_config" @@ -213,7 +212,8 @@ ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$vi ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf" ynh_replace_string --match_string="__CORTURN_PWD__" --replace_string="$coturn_pwd" --target_file="$metronome_conf" -ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$metronome_conf" +ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$metronome_conf" +ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$metronome_conf" touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" touch "/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua" @@ -238,8 +238,6 @@ ynh_systemd_action --service_name=metronome --action=restart #================================================= ynh_print_info --message="Building Jitsi-Videobridge..." -private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true - mkdir -p "$final_path/.sip-communicator" cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties" @@ -278,7 +276,8 @@ ynh_secure_remove --file="$final_path/jitsi-meet_temp" config="$final_path/jitsi-meet/config.js" cp ../conf/config.js "$config" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" -ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$config" +ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$config" +ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$config" #================================================= # SETUP SYSTEMD diff --git a/scripts/restore b/scripts/restore index 817ca00..387a197 100644 --- a/scripts/restore +++ b/scripts/restore @@ -38,6 +38,8 @@ focus_password=$(ynh_app_setting_get --app=$app --key=focus_password) port=$(ynh_app_setting_get --app=$app --key=port) port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) port_component=$(ynh_app_setting_get --app=$app --key=port_component) +port_coturn_tls=$(ynh_app_setting_get --app=$app --key=port_coturn_tls) +port_coturn_alt_tls=$(ynh_app_setting_get --app=$app --key=port_coturn_alt_tls) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -101,7 +103,8 @@ ynh_print_info --message="Configuring firewall..." # Open this port ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component +ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_coturn_tls +ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_coturn_alt_tls #================================================= # CONFIGURE COTURN diff --git a/scripts/upgrade b/scripts/upgrade index 958c520..60423a2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,7 +24,6 @@ videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret) focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret) port=$(ynh_app_setting_get --app=$app --key=port) port_component=$(ynh_app_setting_get --app=$app --key=port_component) -port_coturn=$(ynh_app_setting_get --app=$app --key=port_coturn) port_coturn_tls=$(ynh_app_setting_get --app=$app --key=port_coturn_tls) port_coturn_alt_tls=$(ynh_app_setting_get --app=$app --key=port_coturn_alt_tls) coturn_pwd=$(ynh_app_setting_get --app=$app --key=coturn_pwd) @@ -61,7 +60,8 @@ if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf" ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf" ynh_replace_string --match_string="__CORTURN_PWD__" --replace_string="$coturn_pwd" --target_file="$metronome_conf" - ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$metronome_conf" + ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$metronome_conf" + ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$metronome_conf" touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua" touch "/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua" @@ -154,7 +154,6 @@ cp -f ../conf/coturn.conf "$coturn_config" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$coturn_config" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$coturn_config" -ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$coturn_config" ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$coturn_config" ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$coturn_config" ynh_replace_string --match_string="__COTURN_PWD__" --replace_string="$coturn_pwd" --target_file="$coturn_config"