cleanup

README.md

@@ -20,7 +20,7 @@ Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Vi
   * coturn.jitsi.domain.tld
   * focus.jitsi.domain.tld
   * jitsi-videobridge.jitsi.domain.tld
-3. **Jitsi** requires the ports UDP/3478 TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
+3. **Jitsi** requires the ports TCP/5349 UDP/5349 TCP/5350 UDP/5350 TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
 4. **Jitsi** for YunoHost for now as some limitations:
   * Can only be used using Chrome/Chromium
   * Is limited to two participants

conf/config.js

@@ -350,7 +350,8 @@ var config = {
         // The STUN servers that will be used in the peer to peer connections
         stunServers: [
 
-            { urls: 'stun:coturn.__DOMAIN__:__PORT_COTURN__' }
+            { urls: 'stun:coturn.__DOMAIN__:__PORT_COTURN_TLS__' }
+            { urls: 'stun:coturn.__DOMAIN__:__PORT_COTURN_ALT_TLS__' }
             // { urls: 'stun:stun.l.google.com:19302' },
             // { urls: 'stun:stun1.l.google.com:19302' },
             // { urls: 'stun:stun2.l.google.com:19302' }

conf/coturn.conf

@@ -1,15 +1,13 @@
 # jitsi-meet coturn config. Do not modify this line
 lt-cred-mech
 use-auth-secret
-keep-address-family
 static-auth-secret=__COTURN_PWD__
 realm=__DOMAIN__
 cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
 pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
 
 no-tcp
-listening-port=__PORT_COTURN__
 tls-listening-port=__PORT_COTURN_TLS__
 alt-tls-listening-port=__PORT_COTURN_ALT_TLS__
-external-ip=__IPV4__
+external-ip=__PUBLIC_IPV4____PRIVATE_IPV4__
-external-ip=__IPV6__
+external-ip=__PUBLIC_IPV6__

conf/metronome.cfg.lua

@@ -230,11 +230,8 @@ Component "focus.__DOMAIN__"
 
 ------ COTURN configuration ------
 turncredentials_secret = "__CORTURN_PWD__";
-turncredentials_port = __PORT_COTURN__;
-turncredentials_ttl = 86400;
 turncredentials = {
-  { type = "stun", host = "coturn.__DOMAIN__", port = "__PORT_COTURN__" },
+  { type = "turns", host = "coturn.__DOMAIN__", port = "__PORT_COTURN_TLS__", transport = "tcp" },
-  { type = "turn", host = "coturn.__DOMAIN__", port = "__PORT_COTURN__", transport = "udp" },
+  { type = "turns", host = "coturn.__DOMAIN__", port = "__PORT_COTURN_ALT_TLS__", transport = "tcp" }
-  { type = "turns", host = "coturn.__DOMAIN__", port = "__PORT_COTURN__", transport = "tcp" }
 };
 

scripts/install

@@ -86,26 +86,18 @@ ynh_app_setting_set --app=$app --key=port_videobridge --value=$port_videobridge
 
 # Find an available port
 port_component=$(ynh_find_port --port=5347)
-# Open this port
-ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component
 ynh_app_setting_set --app=$app --key=port_component --value=$port_component
 
-# Find an available port
-port_coturn=$(ynh_find_port --port=3478)
-# Open this port
-ynh_exec_warn_less yunohost firewall allow UDP $port_coturn
-ynh_app_setting_set --app=$app --key=port_coturn --value=$port_coturn
-
 # Find an available port
 port_coturn_tls=$(ynh_find_port --port=5349)
 # Open this port
-ynh_exec_warn_less yunohost firewall allow Both $port_coturn_tls
+ynh_exec_warn_less yunohost firewall allow TCP $port_coturn_tls
 ynh_app_setting_set --app=$app --key=port_coturn_tls --value=$port_coturn_tls
 
 # Find an available port
 port_coturn_alt_tls=$(ynh_find_port --port=$((port_coturn_tls+1)))
 # Open this port
-ynh_exec_warn_less yunohost firewall allow Both $port_coturn_alt_tls
+ynh_exec_warn_less yunohost firewall allow TCP $port_coturn_alt_tls
 ynh_app_setting_set --app=$app --key=port_coturn_alt_tls --value=$port_coturn_alt_tls
 
 #=================================================
@@ -159,28 +151,35 @@ cp ../conf/coturn.conf "$coturn_config"
 
 ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$coturn_config"
 ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$coturn_config"
-ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$coturn_config"
 ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$coturn_config"
 ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$coturn_config"
 ynh_replace_string --match_string="__COTURN_PWD__" --replace_string="$coturn_pwd" --target_file="$coturn_config"
 
-# Get public IP and set as external IP for coturn
+# Get public and private IP and set as external IP for coturn
 # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
 public_ipv4="$(curl ip.yunohost.org)" || true
 public_ip6="$(curl ipv6.yunohost.org)" || true
+private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true
 
 if [ -n "$public_ipv4" ] && ynh_validate_ip4 --ip_address="$public_ipv4"
 then
-    ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ipv4" --target_file="$coturn_config"
+    ynh_replace_string --match_string='__PUBLIC_IPV4__' --replace_string="$public_ipv4" --target_file="$coturn_config"
 else
-    ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config"
+    ynh_replace_string --match_string='__PUBLIC_IPV4__,' --replace_string="" --target_file="$coturn_config"
 fi
 
 if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
 then
-    ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config"
+    ynh_replace_string --match_string='__PUBLIC_IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config"
 else
-    ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config"
+    ynh_replace_string --match_string=',__PUBLIC_IPV6__' --replace_string="" --target_file="$coturn_config"
+fi
+
+if [ -n "$private_ipv4" ] && ynh_validate_ip4 --ip_address="$private_ipv4"
+then
+    ynh_replace_string --match_string='__PRIVATE_IPV4__' --replace_string="/$private_ipv4" --target_file="$coturn_config"
+else
+    ynh_replace_string --match_string='__PRIVATE_IPV4__,' --replace_string="" --target_file="$coturn_config"
 fi
 
 ynh_store_file_checksum --file="$coturn_config"
@@ -213,7 +212,8 @@ ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$vi
 ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf"
 ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf"
 ynh_replace_string --match_string="__CORTURN_PWD__" --replace_string="$coturn_pwd" --target_file="$metronome_conf"
-ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$metronome_conf"
+ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$metronome_conf"
+ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$metronome_conf"
 
 touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua"
 touch "/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua"
@@ -238,8 +238,6 @@ ynh_systemd_action --service_name=metronome --action=restart
 #=================================================
 ynh_print_info --message="Building Jitsi-Videobridge..."
 
-private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true
-
 mkdir -p "$final_path/.sip-communicator"
 cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties"
 ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties"
@@ -278,7 +276,8 @@ ynh_secure_remove --file="$final_path/jitsi-meet_temp"
 config="$final_path/jitsi-meet/config.js"
 cp ../conf/config.js "$config"
 ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
-ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$config"
+ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$config"
+ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$config"
 
 #=================================================
 # SETUP SYSTEMD

scripts/restore

@@ -38,6 +38,8 @@ focus_password=$(ynh_app_setting_get --app=$app --key=focus_password)
 port=$(ynh_app_setting_get --app=$app --key=port)
 port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge)
 port_component=$(ynh_app_setting_get --app=$app --key=port_component)
+port_coturn_tls=$(ynh_app_setting_get --app=$app --key=port_coturn_tls)
+port_coturn_alt_tls=$(ynh_app_setting_get --app=$app --key=port_coturn_alt_tls)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@@ -101,7 +103,8 @@ ynh_print_info --message="Configuring firewall..."
 # Open this port
 ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
 ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge
-ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component
+ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_coturn_tls
+ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_coturn_alt_tls
 
 #=================================================
 # CONFIGURE COTURN

scripts/upgrade

@@ -24,7 +24,6 @@ videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret)
 focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret)
 port=$(ynh_app_setting_get --app=$app --key=port)
 port_component=$(ynh_app_setting_get --app=$app --key=port_component)
-port_coturn=$(ynh_app_setting_get --app=$app --key=port_coturn)
 port_coturn_tls=$(ynh_app_setting_get --app=$app --key=port_coturn_tls)
 port_coturn_alt_tls=$(ynh_app_setting_get --app=$app --key=port_coturn_alt_tls)
 coturn_pwd=$(ynh_app_setting_get --app=$app --key=coturn_pwd)
@@ -61,7 +60,8 @@ if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then
     ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf"
     ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf"
     ynh_replace_string --match_string="__CORTURN_PWD__" --replace_string="$coturn_pwd" --target_file="$metronome_conf"
-    ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$metronome_conf"
+    ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$metronome_conf"
+    ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$metronome_conf"
 
     touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua"
     touch "/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua"
@@ -154,7 +154,6 @@ cp -f ../conf/coturn.conf "$coturn_config"
 
 ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$coturn_config"
 ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$coturn_config"
-ynh_replace_string --match_string="__PORT_COTURN__" --replace_string="$port_coturn" --target_file="$coturn_config"
 ynh_replace_string --match_string="__PORT_COTURN_TLS__" --replace_string="$port_coturn_tls" --target_file="$coturn_config"
 ynh_replace_string --match_string="__PORT_COTURN_ALT_TLS__" --replace_string="$port_coturn_alt_tls" --target_file="$coturn_config"
 ynh_replace_string --match_string="__COTURN_PWD__" --replace_string="$coturn_pwd" --target_file="$coturn_config"