YunoHost-Apps/jitsi_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/jitsi_ynh.git synced 2024-09-03 19:35:57 +02:00
Code Issues Activity Actions

Merge pull request #57 from YunoHost-Apps/without-metronome

Browse source 
Without metronome
This commit is contained in:
yalh76 2022-02-11 01:42:37 +01:00 committed by GitHub
commit b720bf96b5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
45 changed files with 2279 additions and 1651 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
.github/ISSUE_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,55 @@
---
name: Bug report
about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently.
---
**How to post a meaningful bug report**
1. *Read this whole template first.*
2. *Determine if you are on the right place:*
- *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!*
- *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.*
- *When in doubt, post here and we will figure it out together.*
3. *Delete the italic comments as you write over them below, and remove this guide.*
---
### Describe the bug
*A clear and concise description of what the bug is.*
### Context
- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...*
- YunoHost version: x.x.x
- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...*
- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes*
- If yes, please explain:
- Using, or trying to install package version/branch:
- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`*
### Steps to reproduce
- *If you performed a command from the CLI, the command itself is enough. For example:*
```sh
sudo yunohost app install the_app
```
- *If you used the webadmin, please perform the equivalent command from the CLI first.*
- *If the error occurs in your browser, explain what you did:*
1. *Go to '...'*
2. *Click on '...'*
3. *Scroll down to '...'*
4. *See error*
### Expected behavior
*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.*
### Logs
*When an operation fails, YunoHost provides a simple way to share the logs.*
- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.*
- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.*
*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)*
*If applicable and useful, add screenshots to help explain your problem.*

16
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,16 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how do you fix that problem*
## PR Status
- [ ] Code finished and ready to be reviewed/tested
- [ ] The fix/enhancement were manually tested (if applicable)
## Automatic tests
Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)

84
README.md
View file

@ -1,71 +1,51 @@
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
It shall NOT be edited by hand.
-->
# Jitsi Meet for YunoHost
## Disclaimer
**Jitsi** for YunoHost for now as some limitations:
* Can only be used using Chrome/Chromium
* Is limited to two participants
Those limitations come from the packaging of the upstream app. Have to be improved.
[![Integration level](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi)
[![Install Jitsi Meet with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=jitsi)
[![Integration level](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.maintain.svg)
[![Install Jitsi Meet with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=jitsi)
*[Lire ce readme en français.](./README_fr.md)*
> *This package allow you to install Jitsi Meet quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
> *This package allows you to install Jitsi Meet quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
## Overview
Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Videobridge to provide high quality, secure, and scalable video conferences.
**Shipped version:** 1.0.3729
**Shipped version:** 1.0.4466~ynh1
**Demo:** https://meet.jit.si/
## Screenshots
![](./doc/screenshots/screenshot.png)
## Disclaimers / important information
## Important points before installing
1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld
2. **Jitsi** requires you create additionals domains in your DNS and in your YunoHost
* auth.jitsi.domain.tld
* conference.jitsi.domain.tld
* jitsi-videobridge.jitsi.domain.tld
* focus.jitsi.domain.tld
3. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
3. **Jitsi** will stop and disable Metronome XMPP.
4. LDAP authentication is activated, only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain.
## Screenshots
## Documentation and resources
![](https://jitsi.org/wp-content/uploads/2018/08/brady-bunch-stand-up-1024x632.jpg)
* Official app website: https://jitsi.org/
* Official user documentation: https://jitsi.org/user-faq/
* Upstream app code repository: https://github.com/jitsi/jitsi-meet
* YunoHost documentation for this app: https://yunohost.org/app_jitsi
* Report a bug: https://github.com/YunoHost-Apps/jitsi_ynh/issues
## Demo
## Developer info
* [Official demo](https://meet.jit.si/)
## Configuration
How to configure this app: Via the admin panel, a plain file with SSH, or any other way.
## Documentation
* Official documentation: https://jitsi.org/user-faq/
## Specific YunoHost features
#### Supported architectures
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/jitsi/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/jitsi/)
## Links
* Report a bug: https://github.com/YunoHost-Apps/jitsi_ynh/issues
* App website: https://jitsi.org/
* Upstream app repository: https://github.com/jitsi/jitsi-meet
* YunoHost website: https://yunohost.org/
---
Developer info
----------------
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing).
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
@ -73,3 +53,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/jitsi_ynh/tree/testin
or
sudo yunohost app upgrade jitsi -u https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing --debug
```
**More info regarding app packaging:** https://yunohost.org/packaging_apps

76
README_fr.md
View file

@ -1,69 +1,45 @@
# Jitsi Meet pour YunoHost
## Avertissements
**Jitsi-meet** pour YunoHost est limité actuellement :
* Il ne peut être utilisé qu'avec Chrome ou un navigateur basé sur Chromium
* Il est limité à 2 participants par réunion
Ces limitations viennent de la manière dont l'application a été empaquetée pour YunoHost. À améliorer.
[![Niveau d'intégration](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi)
[![Installer Jitsi Meet avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=jitsi)
[![Niveau d'intégration](https://dash.yunohost.org/integration/jitsi.svg)](https://dash.yunohost.org/appci/app/jitsi) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/jitsi.maintain.svg)
[![Installer Jitsi Meet avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=jitsi)
*[Read this readme in english.](./README.md)*
*[Lire ce readme en français.](./README_fr.md)*
> *Ce paquet vous permet d'installer Jistsi Meet rapidement et simplement sur un serveur YunoHost.
> *Ce package vous permet d'installer Jitsi Meet rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
## Vue d'ensemble
Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives.
**Version actuelle :** 1.0.3729
**Version incluse :** 1.0.4466~ynh1
**Démo :** https://meet.jit.si/
## Captures d'écran
![](./doc/screenshots/screenshot.png)
## Avertissements / informations importantes
## Points importants à préparer avant l'installation
1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld
2. **Jitsi** nécessite des domaines supplémentaires au niveau du DNS et de votre YunoHost
* auth.jitsi.domain.tld
* conference.jitsi.domain.tld
* jitsi-videobridge.jitsi.domain.tld
* focus.jitsi.domain.tld
3. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
3. **Jitsi** va arréter et désactiver le service XMPP Metronome.
4. L'authentification LDAP est activée, seuls les utilisateurs authentifiés peuvent créer de nouvelles salles de conférence. Chaque fois qu'une nouvelle salle est sur le point d'être créée, Jitsi Meet vous demandera un nom d'utilisateur et un mot de passe. Une fois la salle créée, d'autres personnes pourront la rejoindre à partir d'un domaine anonyme.
## Captures d'écran
## Documentations et ressources
![](https://jitsi.org/wp-content/uploads/2018/08/brady-bunch-stand-up-1024x632.jpg)
* Site officiel de l'app : https://jitsi.org/
* Documentation officielle utilisateur : https://jitsi.org/user-faq/
* Dépôt de code officiel de l'app : https://github.com/jitsi/jitsi-meet
* Documentation YunoHost pour cette app : https://yunohost.org/app_jitsi
* Signaler un bug : https://github.com/YunoHost-Apps/jitsi_ynh/issues
## Démo
* [Démo officielle](https://meet.jit.si/)
## Configuration
Comment configurer cette application: via le panneau d'administration, un fichier brut en SSH ou tout autre moyen.
## Documentation
* Documentation officielle : https://jitsi.org/user-faq/
## Caractéristiques spécifiques YunoHost
#### Architectures supportées
* x86-64b - [![Status des compilations](https://ci-apps.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/jitsi/)
* ARMv8-A - [![Status des compilations](https://ci-apps-arm.yunohost.org/ci/logs/jitsi%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/jitsi/)
## Liens
* Signaler un bug: https://github.com/YunoHost-Apps/jitsi_ynh/issues
* Site de l'application: https://jitsi.org/
* Dépôt de l'application principale: https://github.com/jitsi/jitsi-meet
* Site web YunoHost: https://yunohost.org/
---
Informations pour les développeurs
----------------
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing).
@ -73,3 +49,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/jitsi_ynh/tree/testin
ou
sudo yunohost app upgrade jitsi -u https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing --debug
```
**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps

19
check_process
View file

@ -1,11 +1,6 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
# Move this file from check_process.default to check_process when you have filled it.
;; Test complet
; Manifest
domain="domain.tld" (DOMAIN)
domain="domain.tld"
; Checks
pkg_linter=1
setup_sub_dir=0
@ -14,20 +9,16 @@
setup_private=0
setup_public=1
upgrade=1
# 1.0.3729~ynh1
# upgrade=1 from_commit=7e81cff25dd5a85a5f9b97299b2dc251f2725d4b
backup_restore=1
multi_instance=0
# This test is no longer necessary since the version 2.7 (PR: https://github.com/YunoHost/yunohost/pull/304), you can still do it if your app could be installed with this version.
# incorrect_path=1
port_already_use=0
change_url=0
;;; Levels
# If the level 5 (Package linter) is forced to 1. Please add justifications here.
Level 5=auto
;;; Options
Email=yalh@yahoo.com
Notification=all
;;; Upgrade options
; commit=CommitHash
name=Name and date of the commit.
; commit=7e81cff25dd5a85a5f9b97299b2dc251f2725d4b
name=1.0.3729~ynh1
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&

12
conf/config.js
View file

@ -1,12 +0,0 @@
var config = {
hosts: {
domain: '__DOMAIN__',
muc: 'conference.__DOMAIN__',
bridge: 'jitsi-videobridge.__DOMAIN__',
focus: 'focus.__DOMAIN__'
},
useNicks: false,
bosh: '//__DOMAIN__/http-bind', // FIXME: use xep-0156 for that
//chromeExtensionId: 'diibjkoicjeejcmhdnailmkgecihlobk', // Id of desktop streamer Chrome extension
//minChromeExtVersion: '0.1' // Required version of Chrome extension
};

21
conf/jitsi-jicofo-config Normal file
View file

@ -0,0 +1,21 @@
# Jitsi Conference Focus settings
# sets the host name of the XMPP server
JICOFO_HOST=127.0.0.1
# sets the XMPP domain (default: none)
JICOFO_HOSTNAME=__DOMAIN__
# sets the XMPP domain name to use for XMPP user logins
JICOFO_AUTH_DOMAIN=auth.__DOMAIN__
# sets the username to use for XMPP user logins
JICOFO_AUTH_USER=__FOCUS_USER__
# sets the password to use for XMPP user logins
JICOFO_AUTH_PASSWORD=__FOCUS_PASSWORD__
# extra options to pass to the jicofo daemon
JICOFO_OPTS=""
# adds java system props that are passed to jicofo (default are for home and logging config file)
JAVA_SYS_PROPS="-Dconfig.file=/etc/__APP__/jicofo/jicofo.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/jicofo/logging.properties"

18
conf/jitsi-jicofo-jicofo.conf Normal file
View file

@ -0,0 +1,18 @@
# Jicofo HOCON configuration. See reference.conf in /usr/share/jicofo/jicofo.jar for
#available options, syntax, and default values.
jicofo {
authentication: {
enabled: true
type: XMPP
login-url: __DOMAIN__
}
xmpp: {
client: {
client-proxy: focus.__DOMAIN__
}
trusted-domains: [ "recorder.__DOMAIN__" ]
}
bridge: {
brewery-jid: "JvbBrewery@internal.auth.__DOMAIN__"
}
}

38
conf/jitsi-jicofo-logging.properties Normal file
View file

@ -0,0 +1,38 @@
handlers= java.util.logging.ConsoleHandler
# Handlers with XMPP debug enabled:
#handlers= java.util.logging.ConsoleHandler, org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler
# Handlers with syslog enabled:
#handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
#handlers= java.util.logging.ConsoleHandler, io.sentry.jul.SentryHandler
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
java.util.logging.ConsoleHandler.filter = org.jitsi.impl.protocol.xmpp.log.ExcludeXmppPackets
org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jicofo
.level=INFO
# To enable XMPP packets logging add XmppPacketsFileHandler to the handlers property
org.jitsi.impl.protocol.xmpp.log.PacketDebugger.level=ALL
org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.pattern=/var/log/jitsi/jicofo-xmpp.log
org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.append=true
org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.limit=200000000
org.jitsi.impl.protocol.xmpp.log.XmppPacketsFileHandler.count=3
# Syslog (uncomment handler to use)
com.agafua.syslog.SyslogHandler.transport = udp
com.agafua.syslog.SyslogHandler.facility = local0
com.agafua.syslog.SyslogHandler.port = 514
com.agafua.syslog.SyslogHandler.hostname = localhost
com.agafua.syslog.SyslogHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
com.agafua.syslog.SyslogHandler.escapeNewlines = false
com.agafua.syslog.SyslogHandler.filter = org.jitsi.impl.protocol.xmpp.log.ExcludeXmppPackets
# Sentry (uncomment handler to use)
io.sentry.jul.SentryHandler.level=WARNING
# uncomment to see how Jicofo talks to the JVB
#org.jitsi.impl.protocol.xmpp.colibri.level=ALL

6
conf/jitsi-jicofo.service
View file

@ -3,11 +3,11 @@ Description=jitsi-jicofo
After=network.target
[Service]
Type=simple
EnvironmentFile=/etc/__APP__/jicofo/config
Environment=LOGFILE=/var/log/__APP__/jitsi-jicofo.log
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/jitsi-jicofo/
ExecStart=__FINALPATH__/jitsi-jicofo/jicofo.sh --host=localhost --domain=__DOMAIN__ --secret=__FOCUS_SECRET__ --user_domain=auth.__DOMAIN__ --user_name=__FOCUS_USER__ --user_password=__FOCUS_PASSWORD__ & >> /var/log/__APP__/__APP__-jitsi-jicofo.log 2>&1
ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-jicofo/jicofo.sh --host=${JICOFO_HOST} --domain=${JICOFO_HOSTNAME} --port=${JICOFO_PORT} --secret=${JICOFO_SECRET} --user_name=${JICOFO_AUTH_USER} --user_domain=${JICOFO_AUTH_DOMAIN} --user_password=${JICOFO_AUTH_PASSWORD} ${JICOFO_OPTS} < /dev/null >> ${LOGFILE} 2>&1"
[Install]
WantedBy=multi-user.target

9
conf/jitsi-jicofo.src
View file

@ -1,6 +1,7 @@
SOURCE_URL=https://github.com/jitsi/jicofo/archive/517.tar.gz
SOURCE_SUM=5239a8a4c8519a9362cabf151a1bb34138ba5083d652bc2c44a397484d6ffe08
SOURCE_URL=https://download.jitsi.org/stable/jicofo_1.0-846-1_all.deb
SOURCE_SUM=aac0143b8c83932d6f934a8b6fca54c75f541613aab8beb9e96ce5b0eb9051bf
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_FORMAT=deb
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_FILENAME=jitsi-jicofo.deb
SOURCE_EXTRACT=false

1264
conf/jitsi-meet-config.js Normal file
View file

File diff suppressed because it is too large Load diff

7
conf/jitsi-meet-prosody.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-prosody_1.0.5818-1_all.deb
SOURCE_SUM=0808e2be09149aec08326a4f49e58d1beaed41e040e5717a1796d5f5c5f000bc
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=deb
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=jitsi-meet-prosody.deb
SOURCE_EXTRACT=false

4
conf/jitsi-meet.src → conf/jitsi-meet-web.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.3729-1_all.deb
SOURCE_SUM=067ff38ef484063db6756a1f06e3e55226a9a01b9ad60f4a2cbe7021423eece4
SOURCE_URL=https://download.jitsi.org/stable/jitsi-meet-web_1.0.5818-1_all.deb
SOURCE_SUM=72e260c0d3f046e94c05d4441de57f3012213cffe360794f09f4d2db6125fcc1
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=deb
SOURCE_IN_SUBDIR=true

5
conf/jitsi-videobridge-callstats-java-sdk.properties Normal file
View file

@ -0,0 +1,5 @@
CallStats.BaseURL = https://collector.callstats.io:443
CallStats.AuthTimeOut = 5000
CallStats.ConnectionTimeOut = 30000
CallStats.SOTimeOut = 30000
CallStats.keepAliveInterval = 1000

12
conf/jitsi-videobridge-jvb.conf Normal file
View file

@ -0,0 +1,12 @@
videobridge {
http-servers {
public {
port = 9090
}
}
websockets {
enabled = true
domain = "__DOMAIN__:443"
tls = true
}
}

34
conf/jitsi-videobridge-logging.properties Normal file
View file

@ -0,0 +1,34 @@
handlers= java.util.logging.ConsoleHandler
#handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
#handlers= java.util.logging.ConsoleHandler, io.sentry.jul.SentryHandler
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
org.jitsi.utils.logging2.JitsiLogFormatter.programname=JVB
.level=INFO
# Syslog (uncomment handler to use)
com.agafua.syslog.SyslogHandler.transport = udp
com.agafua.syslog.SyslogHandler.facility = local0
com.agafua.syslog.SyslogHandler.port = 514
com.agafua.syslog.SyslogHandler.hostname = localhost
com.agafua.syslog.SyslogHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
com.agafua.syslog.SyslogHandler.escapeNewlines = false
# Sentry (uncomment handler to use)
io.sentry.jul.SentryHandler.level=WARNING
# time series logging
java.util.logging.SimpleFormatter.format= %5$s%n
java.util.logging.FileHandler.level = ALL
java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.FileHandler.pattern = /tmp/jvb-series.log
java.util.logging.FileHandler.limit = 200000000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.append = false
timeseries.level=OFF
timeseries.useParentHandlers = false
# time series logging is disabled by default. Uncomment the line below to enable it.
#timeseries.handlers = java.util.logging.FileHandler

10
conf/jitsi-videobridge-sip-communicator.properties Normal file
View file

@ -0,0 +1,10 @@
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=127.0.0.1
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.__DOMAIN__
org.jitsi.videobridge.xmpp.user.shard.USERNAME=__VIDEOBRIDGE_USER__
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=__VIDEOBRIDGE_SECRET__
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.__DOMAIN__
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=__MUC_NICKNAME__

16
conf/jitsi-videobridge.config Normal file
View file

@ -0,0 +1,16 @@
# Jitsi Videobridge settings
# sets the XMPP domain (default: none)
JVB_HOSTNAME=__DOMAIN__
# sets the hostname of the XMPP server (default: domain if set, 127.0.0.1 otherwise)
JVB_HOST=127.0.0.1
# sets the port of the XMPP server (default: 5275)
JVB_PORT=__PORT_COMPONENT__
# sets the shared secret used to authenticate to the XMPP server
JVB_SECRET=__VIDEOBRIDGE_SECRET__
# adds java system props that are passed to jvb (default are for home and logging config file)
JAVA_SYS_PROPS="-Dconfig.file=/etc/__APP__/videobridge/jvb.conf -Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/__APP__ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/__APP__ -Djava.util.logging.config.file=/etc/__APP__/videobridge/logging.properties"

20
conf/jitsi-videobridge.service
View file

@ -1,13 +1,25 @@
[Unit]
Description=jitsi-videobridge
Description=__APP__ Videobridge
After=network.target
[Service]
Type=simple
SuccessExitStatus=143
# allow bind to 80 and 443
AmbientCapabilities=CAP_NET_BIND_SERVICE
EnvironmentFile=/etc/__APP__/videobridge/config
Environment=LOGFILE=/var/log/__APP__/jitsi-videobridge.log
User=__APP__
Group=__APP__
RuntimeDirectory=jitsi-videobridge
RuntimeDirectoryMode=0750
PIDFile=/var/run/jitsi-videobridge/jitsi-videobridge.pid
# more threads for this process
TasksMax=65000
# allow more open files for this process
LimitNPROC=65000
LimitNOFILE=65000
WorkingDirectory=__FINALPATH__/jitsi-videobridge/
ExecStart=__FINALPATH__/jitsi-videobridge/jvb.sh --host=127.0.0.1 --domain=__DOMAIN__ --port=__PORT_COMPONENT__ --secret=__VIDEOBRIDGE_SECRET__ </dev/null >> /var/log/jvb.log 2>&1
ExecStart=/bin/bash -c "exec __FINALPATH__/jitsi-videobridge/jvb.sh --host=${JVB_HOST} --domain=${JVB_HOSTNAME} --port=${JVB_PORT} --secret=${JVB_SECRET} ${JVB_OPTS} < /dev/null >> ${LOGFILE} 2>&1"
ExecStartPost=/bin/bash -c "echo $MAINPID > /var/run/jitsi-videobridge/jitsi-videobridge.pid"
[Install]
WantedBy=multi-user.target

9
conf/jitsi-videobridge.src
View file

@ -1,6 +1,7 @@
SOURCE_URL=https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-1130.zip
SOURCE_SUM=792db05e61e36d8811e7b132581b95b1022a8bf5689189e6206bc05888b54ec4
SOURCE_URL=https://download.jitsi.org/stable/jitsi-videobridge2_2.1-617-ga8b39c3f-1_all.deb
SOURCE_SUM=0bb47e1c96736bd5f3fe595223424cefc7d9a4a1db2be4d4cc87c4206d71df5e
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_FORMAT=deb
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_FILENAME=jitsi-videobridge.deb
SOURCE_EXTRACT=false

225
conf/metronome.cfg.lua
View file

@ -1,225 +0,0 @@
-- Prosody XMPP Server Configuration
--
-- Information on configuring Prosody can be found on our
-- website at http://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running: prosodyctl check config
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- Good luck, and happy Jabbering!
---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts
-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see http://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { "svc__APP__focus@auth.__DOMAIN__" }
daemonize = true
cross_domain_bosh = true;
component_ports = { __PORT_COMPONENT__ }
--component_interface = "192.168.0.10"
-- Enable use of libevent for better performance under high load
-- For more information see: http://prosody.im/doc/libevent
--use_libevent = true
-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation on modules can be found at: http://prosody.im/doc/modules
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- These are commented by default as they have a performance impact
--"privacy"; -- Support privacy lists
"compression"; -- Stream compression (requires the lua-zlib package installed)
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
--"groups"; -- Shared roster support
--"announce"; -- Send announcement to all online users
--"welcome"; -- Welcome users who register accounts
--"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-- jitsi
"stream_management";
"message_carbons";
"mam";
"lastactivity";
"offline";
"pubsub";
"adhoc";
"websocket";
"http_altconnect";
}
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
-- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
}
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
-- ssl = {
-- key = "/etc/prosody/certs/localhost.key";
-- certificate = "/etc/prosody/certs/localhost.crt";
--}
-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.
-- c2s_require_encryption = true
-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see http://prosody.im/doc/s2s#security
-- s2s_secure_auth = false
-- Many servers don't support encryption or have invalid or self-signed
-- certificates. You can list domains here that will not be required to
-- authenticate using certificates. They will be authenticated using DNS.
--s2s_insecure_domains = { "gmail.com" }
-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.
--s2s_secure_domains = { "jabber.org" }
-- Required for init scripts and prosodyctl
-- pidfile = "/var/run/prosody/prosody.pid"
-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.
-- authentication = "internal_plain"
authentication = "internal_hashed"
-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See http://prosody.im/doc/storage for more info.
--storage = "sql" -- Default is "internal"
-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-- Logging configuration
-- For advanced logging see http://prosody.im/doc/logging
-- log = {
-- info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
-- error = "/var/log/prosody/prosody.err";
-- "*syslog";
-- }
----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.
--VirtualHost "localhost"
VirtualHost "__DOMAIN__"
-- enabled = false -- Remove this line to enable this host
authentication = "anonymous"
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "/etc/yunohost/certs/__DOMAIN__/key.pem";
certificate = "/etc/yunohost/certs/__DOMAIN__/crt.pem";
}
c2s_require_encryption = false
VirtualHost "auth.__DOMAIN__"
ssl = {
key = "/etc/yunohost/certs/auth.__DOMAIN__/key.pem";
certificate = "/etc/yunohost/certs/auth.__DOMAIN__/crt.pem";
}
authentication = "ldap2"
ldap = {
hostname = "localhost",
user = {
basedn = "ou=users,dc=yunohost,dc=org",
filter = "(&(objectClass=posixAccount)(mail=*@auth.__DOMAIN__))",
usernamefield = "mail",
namefield = "cn",
},
}
------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see http://prosody.im/doc/components
---Set up a MUC (multi-user chat) room server on conference.example.com:
--Component "conference.example.com" "muc"
-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
--Component "proxy.example.com" "proxy65"
---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: http://prosody.im/doc/components#adding_an_external_component
--
--Component "gateway.example.com"
-- component_secret = "password"
Component "conference.__DOMAIN__" "muc"
Component "jitsi-videobridge.__DOMAIN__"
component_secret = "__VIDEOBRIDGE_SECRET__"
Component "focus.__DOMAIN__"
component_secret = "__FOCUS_SECRET__"

29
conf/metronome_regen_conf.hook
View file

@ -1,29 +0,0 @@
#!/bin/bash
force=${2:-0} # 0/1 --force argument
dryrun=${3:-0} # 0/1 --dry-run argument
pending_conf=$4 # Path of the pending conf file
do_pre_regen() {
# Add specific domain metronome conf
cp -af "/usr/share/yunohost/templates/jitsi/." "${pending_conf}/../metronome/etc/metronome/conf.d/"
}
do_post_regen() {
regen_conf_files=$1
}
case "$1" in
pre)
do_pre_regen
;;
post)
do_post_regen
;;
*)
echo "Hook called with unknown argument \`$1'" >&2
exit 1
;;
esac
exit 0

7
conf/mod_auth_ldap.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua
SOURCE_SUM=49c67ec86ec75ac8de93803be2ac7f907d1e9d3d22cd4c88fd48aaeed7a411e3
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=lua
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=mod_auth_ldap.lua
SOURCE_EXTRACT=false

119
conf/mod_carbons.lua
View file

@ -1,119 +0,0 @@
-- XEP-0280: Message Carbons implementation for Prosody
-- Copyright (C) 2011-2016 Kim Alvefur
--
-- This file is MIT/X11 licensed.
local st = require "util.stanza";
local jid_bare = require "util.jid".bare;
local xmlns_carbons = "urn:xmpp:carbons:2";
local xmlns_forward = "urn:xmpp:forward:0";
local full_sessions, bare_sessions = metronome.full_sessions, metronome.bare_sessions;
local function toggle_carbons(event)
local origin, stanza = event.origin, event.stanza;
local state = stanza.tags[1].name;
module:log("debug", "%s %sd carbons", origin.full_jid, state);
origin.want_carbons = state == "enable" and stanza.tags[1].attr.xmlns;
origin.send(st.reply(stanza));
return true;
end
module:hook("iq-set/self/"..xmlns_carbons..":disable", toggle_carbons);
module:hook("iq-set/self/"..xmlns_carbons..":enable", toggle_carbons);
local function message_handler(event, c2s)
local origin, stanza = event.origin, event.stanza;
local orig_type = stanza.attr.type or "normal";
local orig_from = stanza.attr.from;
local bare_from = jid_bare(orig_from);
local orig_to = stanza.attr.to;
local bare_to = jid_bare(orig_to);
if not(orig_type == "chat" or (orig_type == "normal" and stanza:get_child("body"))) then
return -- Only chat type messages
end
-- Stanza sent by a local client
local bare_jid = bare_from; -- JID of the local user
local target_session = origin;
local top_priority = false;
local user_sessions = bare_sessions[bare_from];
-- Stanza about to be delivered to a local client
if not c2s then
bare_jid = bare_to;
target_session = full_sessions[orig_to];
user_sessions = bare_sessions[bare_jid];
if not target_session and user_sessions then
-- The top resources will already receive this message per normal routing rules,
-- so we are going to skip them in order to avoid sending duplicated messages.
local top_resources = user_sessions.top_resources;
top_priority = top_resources and top_resources[1].priority
end
end
if not user_sessions then
module:log("debug", "Skip carbons for offline user");
return -- No use in sending carbons to an offline user
end
if stanza:get_child("private", xmlns_carbons) then
if not c2s then
stanza:maptags(function(tag)
if not ( tag.attr.xmlns == xmlns_carbons and tag.name == "private" ) then
return tag;
end
end);
end
module:log("debug", "Message tagged private, ignoring");
return
elseif stanza:get_child("no-copy", "urn:xmpp:hints") then
module:log("debug", "Message has no-copy hint, ignoring");
return
elseif not c2s and bare_jid == orig_from and stanza:get_child("x", "http://jabber.org/protocol/muc#user") then
module:log("debug", "MUC PM, ignoring");
return
end
local carbon;
user_sessions = user_sessions and user_sessions.sessions;
for _, session in pairs(user_sessions) do
-- Carbons are sent to resources that have enabled it
if session.want_carbons
-- but not the resource that sent the message, or the one that it's directed to
and session ~= target_session
-- and isn't among the top resources that would receive the message per standard routing rules
and (c2s or session.priority ~= top_priority) then
if not carbon then
-- Create the carbon copy and wrap it as per the Stanza Forwarding XEP
local copy = st.clone(stanza);
if c2s and not orig_to then
stanza.attr.to = bare_from;
end
copy.attr.xmlns = "jabber:client";
carbon = st.message{ from = bare_jid, type = orig_type, }
:tag(c2s and "sent" or "received", { xmlns = xmlns_carbons })
:tag("forwarded", { xmlns = xmlns_forward })
:add_child(copy):reset();
end
carbon.attr.to = session.full_jid;
module:log("debug", "Sending carbon to %s", session.full_jid);
session.send(carbon);
end
end
end
local function c2s_message_handler(event)
return message_handler(event, true)
end
-- Stanzas sent by local clients
module:hook("pre-message/host", c2s_message_handler, -0.5);
module:hook("pre-message/bare", c2s_message_handler, -0.5);
module:hook("pre-message/full", c2s_message_handler, -0.5);
-- Stanzas to local clients
module:hook("message/bare", message_handler, -0.5);
module:hook("message/full", message_handler, -0.5);
module:add_feature(xmlns_carbons);

59
conf/mod_http_altconnect.lua
View file

@ -1,59 +0,0 @@
-- mod_http_altconnect
-- XEP-0156: Discovering Alternative XMPP Connection Methods
module:depends"http";
local mm = require "core.modulemanager";
local json = require"util.json";
local st = require"util.stanza";
local array = require"util.array";
local function get_supported()
local uris = array();
if mm.is_loaded(module.host, "bosh") or mm.is_loaded("*", "bosh") then
uris:push({ rel = "urn:xmpp:alt-connections:xbosh", href = module:http_url("bosh", "/http-bind") });
end
if mm.is_loaded(module.host, "websocket") or mm.is_loaded("*", "websocket") then
uris:push({ rel = "urn:xmpp:alt-connections:websocket", href = module:http_url("websocket", "xmpp-websocket"):gsub("^http", "ws") });
end
return uris;
end
local function GET_xml(event)
local request, response = event.request, event.response;
local xrd = st.stanza("XRD", { xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' });
local uris = get_supported();
for i, method in ipairs(uris) do
xrd:tag("Link", method):up();
end
response.headers.content_type = "application/xrd+xml"
response.headers.access_control_allow_origin = "*";
return '<?xml version="1.0" encoding="UTF-8"?>' .. tostring(xrd);
end
local function GET_json(event)
local request, response = event.request, event.response;
local jrd = { links = get_supported() };
response.headers.content_type = "application/json"
response.headers.access_control_allow_origin = "*";
return json.encode(jrd);
end;
local function GET_either(event)
local accept_type = event.request.headers.accept or "";
if ( accept_type:find("xml") or #accept_type ) < ( accept_type:find("json") or #accept_type+1 ) then
return GET_xml(event);
else
return GET_json(event);
end
end;
module:provides("http", {
default_path = "/.well-known";
route = {
["GET /host-meta"] = GET_either;
-- ["GET /host-meta.xml"] = GET_xml; -- Hmmm
["GET /host-meta.json"] = GET_json;
};
});

613
conf/mod_smacks.lua
View file

@ -1,613 +0,0 @@
-- XEP-0198: Stream Management for Prosody IM
--
-- Copyright (C) 2010-2015 Matthew Wild
-- Copyright (C) 2010 Waqas Hussain
-- Copyright (C) 2012-2015 Kim Alvefur
-- Copyright (C) 2012 Thijs Alkemade
-- Copyright (C) 2014 Florian Zeitz
-- Copyright (C) 2016-2020 Thilo Molitor
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local st = require "util.stanza";
local dep = require "util.dependencies";
local cache = dep.softreq("util.cache"); -- only available in prosody 0.10+
local uuid_generate = require "util.uuid".generate;
local jid = require "util.jid";
local t_insert, t_remove = table.insert, table.remove;
local math_min = math.min;
local math_max = math.max;
local os_time = os.time;
local tonumber, tostring = tonumber, tostring;
local add_filter = require "util.filters".add_filter;
local timer = require "util.timer";
local datetime = require "util.datetime";
local xmlns_sm2 = "urn:xmpp:sm:2";
local xmlns_sm3 = "urn:xmpp:sm:3";
local xmlns_errors = "urn:ietf:params:xml:ns:xmpp-stanzas";
local xmlns_delay = "urn:xmpp:delay";
local sm2_attr = { xmlns = xmlns_sm2 };
local sm3_attr = { xmlns = xmlns_sm3 };
local resume_timeout = module:get_option_number("smacks_hibernation_time", 300);
local s2s_smacks = module:get_option_boolean("smacks_enabled_s2s", false);
local s2s_resend = module:get_option_boolean("smacks_s2s_resend", false);
local max_unacked_stanzas = module:get_option_number("smacks_max_unacked_stanzas", 0);
local delayed_ack_timeout = module:get_option_number("smacks_max_ack_delay", 60);
local max_hibernated_sessions = module:get_option_number("smacks_max_hibernated_sessions", 10);
local max_old_sessions = module:get_option_number("smacks_max_old_sessions", 10);
local core_process_stanza = prosody.core_process_stanza;
local sessionmanager = require"core.sessionmanager";
assert(max_hibernated_sessions > 0, "smacks_max_hibernated_sessions must be greater than 0");
assert(max_old_sessions > 0, "smacks_old_sessions must be greater than 0");
local c2s_sessions = module:shared("/*/c2s/sessions");
local function init_session_cache(max_entries, evict_callback)
-- old prosody version < 0.10 (no limiting at all!)
if not cache then
local store = {};
return {
get = function(user, key)
if not user then return nil; end
if not key then return nil; end
return store[key];
end;
set = function(user, key, value)
if not user then return nil; end
if not key then return nil; end
store[key] = value;
end;
};
end
-- use per user limited cache for prosody >= 0.10
local stores = {};
return {
get = function(user, key)
if not user then return nil; end
if not key then return nil; end
if not stores[user] then
stores[user] = cache.new(max_entries, evict_callback);
end
return stores[user]:get(key);
end;
set = function(user, key, value)
if not user then return nil; end
if not key then return nil; end
if not stores[user] then stores[user] = cache.new(max_entries, evict_callback); end
stores[user]:set(key, value);
-- remove empty caches completely
if not stores[user]:count() then stores[user] = nil; end
end;
};
end
local old_session_registry = init_session_cache(max_old_sessions, nil);
local session_registry = init_session_cache(max_hibernated_sessions, function(resumption_token, session)
if session.destroyed then return true; end -- destroyed session can always be removed from cache
session.log("warn", "User has too much hibernated sessions, removing oldest session (token: %s)", resumption_token);
-- store old session's h values on force delete
-- save only actual h value and username/host (for security)
old_session_registry.set(session.username, resumption_token, {
h = session.handled_stanza_count,
username = session.username,
host = session.host
});
return true; -- allow session to be removed from full cache to make room for new one
end);
local function stoppable_timer(delay, callback)
local stopped = false;
local timer = module:add_timer(delay, function (t)
if stopped then return; end
return callback(t);
end);
if timer and timer.stop then return timer; end -- new prosody api includes stop() function
return {
stop = function () stopped = true end;
timer;
};
end
local function delayed_ack_function(session)
-- fire event only if configured to do so and our session is not already hibernated or destroyed
if delayed_ack_timeout > 0 and session.awaiting_ack
and not session.hibernating and not session.destroyed then
session.log("debug", "Firing event 'smacks-ack-delayed', queue = %d",
session.outgoing_stanza_queue and #session.outgoing_stanza_queue or 0);
module:fire_event("smacks-ack-delayed", {origin = session, queue = session.outgoing_stanza_queue});
end
session.delayed_ack_timer = nil;
end
local function can_do_smacks(session, advertise_only)
if session.smacks then return false, "unexpected-request", "Stream management is already enabled"; end
local session_type = session.type;
if session.username then
if not(advertise_only) and not(session.resource) then -- Fail unless we're only advertising sm
return false, "unexpected-request", "Client must bind a resource before enabling stream management";
end
return true;
elseif s2s_smacks and (session_type == "s2sin" or session_type == "s2sout") then
return true;
end
return false, "service-unavailable", "Stream management is not available for this stream";
end
module:hook("stream-features",
function (event)
if can_do_smacks(event.origin, true) then
event.features:tag("sm", sm2_attr):tag("optional"):up():up();
event.features:tag("sm", sm3_attr):tag("optional"):up():up();
end
end);
module:hook("s2s-stream-features",
function (event)
if can_do_smacks(event.origin, true) then
event.features:tag("sm", sm2_attr):tag("optional"):up():up();
event.features:tag("sm", sm3_attr):tag("optional"):up():up();
end
end);
local function request_ack_if_needed(session, force, reason)
local queue = session.outgoing_stanza_queue;
local expected_h = session.last_acknowledged_stanza + #queue;
-- session.log("debug", "*** SMACKS(1) ***: awaiting_ack=%s, hibernating=%s", tostring(session.awaiting_ack), tostring(session.hibernating));
if session.awaiting_ack == nil and not session.hibernating then
-- this check of last_requested_h prevents ack-loops if missbehaving clients report wrong
-- stanza counts. it is set when an <r> is really sent (e.g. inside timer), preventing any
-- further requests until a higher h-value would be expected.
-- session.log("debug", "*** SMACKS(2) ***: #queue=%s, max_unacked_stanzas=%s, expected_h=%s, last_requested_h=%s", tostring(#queue), tostring(max_unacked_stanzas), tostring(expected_h), tostring(session.last_requested_h));
if (#queue > max_unacked_stanzas and expected_h ~= session.last_requested_h) or force then
session.log("debug", "Queuing <r> (in a moment) from %s - #queue=%d", reason, #queue);
session.awaiting_ack = false;
session.awaiting_ack_timer = stoppable_timer(1e-06, function ()
-- session.log("debug", "*** SMACKS(3) ***: awaiting_ack=%s, hibernating=%s", tostring(session.awaiting_ack), tostring(session.hibernating));
-- only request ack if needed and our session is not already hibernated or destroyed
if not session.awaiting_ack and not session.hibernating and not session.destroyed then
session.log("debug", "Sending <r> (inside timer, before send) from %s - #queue=%d", reason, #queue);
(session.sends2s or session.send)(st.stanza("r", { xmlns = session.smacks }))
session.awaiting_ack = true;
-- expected_h could be lower than this expression e.g. more stanzas added to the queue meanwhile)
session.last_requested_h = session.last_acknowledged_stanza + #queue;
session.log("debug", "Sending <r> (inside timer, after send) from %s - #queue=%d", reason, #queue);
if not session.delayed_ack_timer then
session.delayed_ack_timer = stoppable_timer(delayed_ack_timeout, function()
delayed_ack_function(session);
end);
end
end
end);
end
end
-- Trigger "smacks-ack-delayed"-event if we added new (ackable) stanzas to the outgoing queue
-- and there isn't already a timer for this event running.
-- If we wouldn't do this, stanzas added to the queue after the first "smacks-ack-delayed"-event
-- would not trigger this event (again).
if #queue > max_unacked_stanzas and session.awaiting_ack and session.delayed_ack_timer == nil then
session.log("debug", "Calling delayed_ack_function directly (still waiting for ack)");
delayed_ack_function(session);
end
end
local function outgoing_stanza_filter(stanza, session)
local is_stanza = stanza.attr and not stanza.attr.xmlns and not stanza.name:find":";
if is_stanza and not stanza._cached then -- Stanza in default stream namespace
local queue = session.outgoing_stanza_queue;
local cached_stanza = st.clone(stanza);
cached_stanza._cached = true;
if cached_stanza and cached_stanza.name ~= "iq" and cached_stanza:get_child("delay", xmlns_delay) == nil then
cached_stanza = cached_stanza:tag("delay", {
xmlns = xmlns_delay,
from = jid.bare(session.full_jid or session.host),
stamp = datetime.datetime()
});
end
queue[#queue+1] = cached_stanza;
if session.hibernating then
session.log("debug", "hibernating, stanza queued");
module:fire_event("smacks-hibernation-stanza-queued", {origin = session, queue = queue, stanza = cached_stanza});
return nil;
end
request_ack_if_needed(session, false, "outgoing_stanza_filter");
end
return stanza;
end
local function count_incoming_stanzas(stanza, session)
if not stanza.attr.xmlns then
session.handled_stanza_count = session.handled_stanza_count + 1;
session.log("debug", "Handled %d incoming stanzas", session.handled_stanza_count);
end
return stanza;
end
local function wrap_session_out(session, resume)
if not resume then
session.outgoing_stanza_queue = {};
session.last_acknowledged_stanza = 0;
end
add_filter(session, "stanzas/out", outgoing_stanza_filter, -999);
local session_close = session.close;
function session.close(...)
if session.resumption_token then
session_registry.set(session.username, session.resumption_token, nil);
old_session_registry.set(session.username, session.resumption_token, nil);
session.resumption_token = nil;
end
-- send out last ack as per revision 1.5.2 of XEP-0198
if session.smacks and session.conn then
(session.sends2s or session.send)(st.stanza("a", { xmlns = session.smacks, h = string.format("%d", session.handled_stanza_count) }));
end
return session_close(...);
end
return session;
end
local function wrap_session_in(session, resume)
if not resume then
session.handled_stanza_count = 0;
end
add_filter(session, "stanzas/in", count_incoming_stanzas, 999);
return session;
end
local function wrap_session(session, resume)
wrap_session_out(session, resume);
wrap_session_in(session, resume);
return session;
end
function handle_enable(session, stanza, xmlns_sm)
local ok, err, err_text = can_do_smacks(session);
if not ok then
session.log("warn", "Failed to enable smacks: %s", err_text); -- TODO: XEP doesn't say we can send error text, should it?
(session.sends2s or session.send)(st.stanza("failed", { xmlns = xmlns_sm }):tag(err, { xmlns = xmlns_errors}));
return true;
end
module:log("debug", "Enabling stream management");
session.smacks = xmlns_sm;
wrap_session(session, false);
local resume_token;
local resume = stanza.attr.resume;
if resume == "true" or resume == "1" then
resume_token = uuid_generate();
session_registry.set(session.username, resume_token, session);
session.resumption_token = resume_token;
end
(session.sends2s or session.send)(st.stanza("enabled", { xmlns = xmlns_sm, id = resume_token, resume = resume, max = tostring(resume_timeout) }));
return true;
end
module:hook_stanza(xmlns_sm2, "enable", function (session, stanza) return handle_enable(session, stanza, xmlns_sm2); end, 100);
module:hook_stanza(xmlns_sm3, "enable", function (session, stanza) return handle_enable(session, stanza, xmlns_sm3); end, 100);
module:hook_stanza("http://etherx.jabber.org/streams", "features",
function (session, stanza)
stoppable_timer(1e-6, function ()
if can_do_smacks(session) then
if stanza:get_child("sm", xmlns_sm3) then
session.sends2s(st.stanza("enable", sm3_attr));
session.smacks = xmlns_sm3;
elseif stanza:get_child("sm", xmlns_sm2) then
session.sends2s(st.stanza("enable", sm2_attr));
session.smacks = xmlns_sm2;
else
return;
end
wrap_session_out(session, false);
end
end);
end);
function handle_enabled(session, stanza, xmlns_sm)
module:log("debug", "Enabling stream management");
session.smacks = xmlns_sm;
wrap_session_in(session, false);
-- FIXME Resume?
return true;
end
module:hook_stanza(xmlns_sm2, "enabled", function (session, stanza) return handle_enabled(session, stanza, xmlns_sm2); end, 100);
module:hook_stanza(xmlns_sm3, "enabled", function (session, stanza) return handle_enabled(session, stanza, xmlns_sm3); end, 100);
function handle_r(origin, stanza, xmlns_sm)
if not origin.smacks then
module:log("debug", "Received ack request from non-smack-enabled session");
return;
end
module:log("debug", "Received ack request, acking for %d", origin.handled_stanza_count);
-- Reply with <a>
(origin.sends2s or origin.send)(st.stanza("a", { xmlns = xmlns_sm, h = string.format("%d", origin.handled_stanza_count) }));
-- piggyback our own ack request if needed (see request_ack_if_needed() for explanation of last_requested_h)
local expected_h = origin.last_acknowledged_stanza + #origin.outgoing_stanza_queue;
if #origin.outgoing_stanza_queue > 0 and expected_h ~= origin.last_requested_h then
request_ack_if_needed(origin, true, "piggybacked by handle_r");
end
return true;
end
module:hook_stanza(xmlns_sm2, "r", function (origin, stanza) return handle_r(origin, stanza, xmlns_sm2); end);
module:hook_stanza(xmlns_sm3, "r", function (origin, stanza) return handle_r(origin, stanza, xmlns_sm3); end);
function handle_a(origin, stanza)
if not origin.smacks then return; end
origin.awaiting_ack = nil;
if origin.awaiting_ack_timer then
origin.awaiting_ack_timer:stop();
end
if origin.delayed_ack_timer then
origin.delayed_ack_timer:stop();
origin.delayed_ack_timer = nil;
end
-- Remove handled stanzas from outgoing_stanza_queue
-- origin.log("debug", "ACK: h=%s, last=%s", stanza.attr.h or "", origin.last_acknowledged_stanza or "");
local h = tonumber(stanza.attr.h);
if not h then
origin:close{ condition = "invalid-xml"; text = "Missing or invalid 'h' attribute"; };
return;
end
local handled_stanza_count = h-origin.last_acknowledged_stanza;
local queue = origin.outgoing_stanza_queue;
if handled_stanza_count > #queue then
origin.log("warn", "The client says it handled %d new stanzas, but we only sent %d :)",
handled_stanza_count, #queue);
origin.log("debug", "Client h: %d, our h: %d", tonumber(stanza.attr.h), origin.last_acknowledged_stanza);
for i=1,#queue do
origin.log("debug", "Q item %d: %s", i, tostring(queue[i]));
end
end
for i=1,math_min(handled_stanza_count,#queue) do
local handled_stanza = t_remove(origin.outgoing_stanza_queue, 1);
module:fire_event("delivery/success", { session = origin, stanza = handled_stanza });
end
origin.log("debug", "#queue = %d", #queue);
origin.last_acknowledged_stanza = origin.last_acknowledged_stanza + handled_stanza_count;
request_ack_if_needed(origin, false, "handle_a")
return true;
end
module:hook_stanza(xmlns_sm2, "a", handle_a);
module:hook_stanza(xmlns_sm3, "a", handle_a);
--TODO: Optimise... incoming stanzas should be handled by a per-session
-- function that has a counter as an upvalue (no table indexing for increments,
-- and won't slow non-198 sessions). We can also then remove the .handled flag
-- on stanzas
function handle_unacked_stanzas(session)
local queue = session.outgoing_stanza_queue;
local error_attr = { type = "cancel" };
if #queue > 0 then
session.outgoing_stanza_queue = {};
for i=1,#queue do
if not module:fire_event("delivery/failure", { session = session, stanza = queue[i] }) then
local reply = st.reply(queue[i]);
if reply.attr.to ~= session.full_jid then
reply.attr.type = "error";
reply:tag("error", error_attr)
:tag("recipient-unavailable", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"});
core_process_stanza(session, reply);
end
end
end
end
end
module:hook("pre-resource-unbind", function (event)
local session, err = event.session, event.error;
if session.smacks then
if not session.resumption_token then
local queue = session.outgoing_stanza_queue;
if #queue > 0 then
session.log("debug", "Destroying session with %d unacked stanzas", #queue);
handle_unacked_stanzas(session);
end
else
session.log("debug", "mod_smacks hibernating session for up to %d seconds", resume_timeout);
local hibernate_time = os_time(); -- Track the time we went into hibernation
session.hibernating = hibernate_time;
local resumption_token = session.resumption_token;
module:fire_event("smacks-hibernation-start", {origin = session, queue = session.outgoing_stanza_queue});
timer.add_task(resume_timeout, function ()
session.log("debug", "mod_smacks hibernation timeout reached...");
-- We need to check the current resumption token for this resource
-- matches the smacks session this timer is for in case it changed
-- (for example, the client may have bound a new resource and
-- started a new smacks session, or not be using smacks)
local curr_session = full_sessions[session.full_jid];
if session.destroyed then
session.log("debug", "The session has already been destroyed");
elseif curr_session and curr_session.resumption_token == resumption_token
-- Check the hibernate time still matches what we think it is,
-- otherwise the session resumed and re-hibernated.
and session.hibernating == hibernate_time then
-- wait longer if the timeout isn't reached because push was enabled for this session
-- session.first_hibernated_push is the starting point for hibernation timeouts of those push enabled clients
-- wait for an additional resume_timeout seconds if no push occured since hibernation at all
local current_time = os_time();
local timeout_start = math_max(session.hibernating, session.first_hibernated_push or session.hibernating);
if session.push_identifier ~= nil and not session.first_hibernated_push then
session.log("debug", "No push happened since hibernation started, hibernating session for up to %d extra seconds", resume_timeout);
return resume_timeout;
end
if current_time-timeout_start < resume_timeout and session.push_identifier ~= nil then
session.log("debug", "A push happened since hibernation started, hibernating session for up to %d extra seconds", current_time-timeout_start);
return current_time-timeout_start; -- time left to wait
end
session.log("debug", "Destroying session for hibernating too long");
session_registry.set(session.username, session.resumption_token, nil);
-- save only actual h value and username/host (for security)
old_session_registry.set(session.username, session.resumption_token, {
h = session.handled_stanza_count,
username = session.username,
host = session.host
});
session.resumption_token = nil;
sessionmanager.destroy_session(session);
else
session.log("debug", "Session resumed before hibernation timeout, all is well")
end
end);
return true; -- Postpone destruction for now
end
end
end);
local function handle_s2s_destroyed(event)
local session = event.session;
local queue = session.outgoing_stanza_queue;
if queue and #queue > 0 then
session.log("warn", "Destroying session with %d unacked stanzas", #queue);
if s2s_resend then
for i = 1, #queue do
module:send(queue[i]);
end
session.outgoing_stanza_queue = nil;
else
handle_unacked_stanzas(session);
end
end
end
module:hook("s2sout-destroyed", handle_s2s_destroyed);
module:hook("s2sin-destroyed", handle_s2s_destroyed);
local function get_session_id(session)
return session.id or (tostring(session):match("[a-f0-9]+$"));
end
function handle_resume(session, stanza, xmlns_sm)
if session.full_jid then
session.log("warn", "Tried to resume after resource binding");
session.send(st.stanza("failed", { xmlns = xmlns_sm })
:tag("unexpected-request", { xmlns = xmlns_errors })
);
return true;
end
local id = stanza.attr.previd;
local original_session = session_registry.get(session.username, id);
if not original_session then
session.log("debug", "Tried to resume non-existent session with id %s", id);
local old_session = old_session_registry.get(session.username, id);
if old_session and session.username == old_session.username
and session.host == old_session.host
and old_session.h then
session.send(st.stanza("failed", { xmlns = xmlns_sm, h = string.format("%d", old_session.h) })
:tag("item-not-found", { xmlns = xmlns_errors })
);
else
session.send(st.stanza("failed", { xmlns = xmlns_sm })
:tag("item-not-found", { xmlns = xmlns_errors })
);
end;
elseif session.username == original_session.username
and session.host == original_session.host then
session.log("debug", "mod_smacks resuming existing session %s...", get_session_id(original_session));
original_session.log("debug", "mod_smacks session resumed from %s...", get_session_id(session));
-- TODO: All this should move to sessionmanager (e.g. session:replace(new_session))
if original_session.conn then
original_session.log("debug", "mod_smacks closing an old connection for this session");
local conn = original_session.conn;
c2s_sessions[conn] = nil;
conn:close();
end
original_session.ip = session.ip;
original_session.conn = session.conn;
original_session.send = session.send;
original_session.close = session.close;
original_session.filter = session.filter;
original_session.filter.session = original_session;
original_session.filters = session.filters;
original_session.stream = session.stream;
original_session.secure = session.secure;
original_session.hibernating = nil;
session.log = original_session.log;
session.type = original_session.type;
wrap_session(original_session, true);
-- Inform xmppstream of the new session (passed to its callbacks)
original_session.stream:set_session(original_session);
-- Similar for connlisteners
c2s_sessions[session.conn] = original_session;
original_session.send(st.stanza("resumed", { xmlns = xmlns_sm,
h = string.format("%d", original_session.handled_stanza_count), previd = id }));
-- Fake an <a> with the h of the <resume/> from the client
original_session:dispatch_stanza(st.stanza("a", { xmlns = xmlns_sm,
h = stanza.attr.h }));
-- Ok, we need to re-send any stanzas that the client didn't see
-- ...they are what is now left in the outgoing stanza queue
-- We have to use the send of "session" because we don't want to add our resent stanzas
-- to the outgoing queue again
local queue = original_session.outgoing_stanza_queue;
session.log("debug", "resending all unacked stanzas that are still queued after resume, #queue = %d", #queue);
for i=1,#queue do
session.send(queue[i]);
end
session.log("debug", "all stanzas resent, now disabling send() in this session, #queue = %d", #queue);
function session.send(stanza)
session.log("warn", "Tried to send stanza on old session migrated by smacks resume (maybe there is a bug?): %s", tostring(stanza));
return false;
end
module:fire_event("smacks-hibernation-end", {origin = session, resumed = original_session, queue = queue});
request_ack_if_needed(original_session, true, "handle_resume");
else
module:log("warn", "Client %s@%s[%s] tried to resume stream for %s@%s[%s]",
session.username or "?", session.host or "?", session.type,
original_session.username or "?", original_session.host or "?", original_session.type);
session.send(st.stanza("failed", { xmlns = xmlns_sm })
:tag("not-authorized", { xmlns = xmlns_errors }));
end
return true;
end
module:hook_stanza(xmlns_sm2, "resume", function (session, stanza) return handle_resume(session, stanza, xmlns_sm2); end);
module:hook_stanza(xmlns_sm3, "resume", function (session, stanza) return handle_resume(session, stanza, xmlns_sm3); end);
local function handle_read_timeout(event)
local session = event.session;
if session.smacks then
if session.awaiting_ack then
if session.awaiting_ack_timer then
session.awaiting_ack_timer:stop();
end
if session.delayed_ack_timer then
session.delayed_ack_timer:stop();
session.delayed_ack_timer = nil;
end
return false; -- Kick the session
end
session.log("debug", "Sending <r> (read timeout)");
(session.sends2s or session.send)(st.stanza("r", { xmlns = session.smacks }));
session.awaiting_ack = true;
if not session.delayed_ack_timer then
session.delayed_ack_timer = stoppable_timer(delayed_ack_timeout, function()
delayed_ack_function(session);
end);
end
return true;
end
end
module:hook("s2s-read-timeout", handle_read_timeout);
module:hook("c2s-read-timeout", handle_read_timeout);

103
conf/nginx.conf
View file

@ -1,40 +1,95 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
root __FINALPATH__/jitsi-meet-web;
# Path to source
alias __FINALPATH__/jitsi-meet/ ;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
index index.html;
ssi on;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
index index.html index.htm;
error_page 404 /static/404.html;
location = /config.js {
alias /etc/__NAME__/meet/__DOMAIN__-config.js;
}
location ~ ^/([a-zA-Z0-9=\?]+)$ {
rewrite ^/(.*)$ / break;
location = /external_api.js {
alias __FINALPATH__/jitsi-meet-web/libs/external_api.min.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
more_set_headers "Access-Control-Allow-Origin: *";
alias __FINALPATH__/jitsi-meet-web/$1/$2;
# cache all versioned files
if ($arg_v) {
expires 1y;
}
}
# BOSH
location __PATH__/http-bind {
proxy_pass http://127.0.0.1:5290/http-bind;
location = /http-bind {
proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_buffering off;
tcp_nodelay on;
access_log off;
proxy_set_header Host $http_host;
}
# xmpp websockets
location __PATH__/xmpp-websocket {
proxy_pass http://127.0.0.1:5290/xmpp-websocket;
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Host $http_host;
tcp_nodelay on;
}
# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js$
{
set $subdomain "$1.";
set $subdir "$1/";
alias /etc/__NAME__/meet/__DOMAIN__-config.js;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /xmpp-websocket;
}
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}

137
conf/prosody.cfg.lua Normal file
View file

@ -0,0 +1,137 @@
plugin_paths = { "__FINALPATH__/jitsi-meet-prosody/" }
-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "__DOMAIN__";
external_service_secret = "__TURN_SECRET__";
external_services = {
{ type = "stun", host = "__DOMAIN__", port = 3478 },
{ type = "turn", host = "__DOMAIN__", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
{ type = "turns", host = "__DOMAIN__", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};
cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
protocol = "tlsv1_2+";
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}
unlimited_jids = {
"__FOCUS_USER__@auth.__DOMAIN__",
"__VIDEOBRIDGE_USER__@auth.__DOMAIN__"
}
VirtualHost "__DOMAIN__"
-- enabled = false -- Remove this line to enable this host
authentication = "ldap"
ldap_server = "localhost"
ldap_filter = "(uid=$user)"
ldap_scope = "subtree"
ldap_base = "ou=users,dc=yunohost,dc=org"
ldap_mode = "bind"
-- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token"
--app_id="example_app_id"
--app_secret="example_app_secret"
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "/etc/prosody/certs/__DOMAIN__.key";
certificate = "/etc/prosody/certs/__DOMAIN__.crt";
}
av_moderation_component = "avmoderation.__DOMAIN__"
speakerstats_component = "speakerstats.__DOMAIN__"
conference_duration_component = "conferenceduration.__DOMAIN__"
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
"speakerstats";
"external_services";
"conference_duration";
"muc_lobby_rooms";
"muc_breakout_rooms";
"av_moderation";
}
c2s_require_encryption = false
lobby_muc = "lobby.__DOMAIN__"
breakout_rooms_muc = "breakout.__DOMAIN__"
main_muc = "conference.__DOMAIN__"
-- muc_lobby_whitelist = { "recorder.__DOMAIN__" } -- Here we can whitelist jibri to enter lobby enabled rooms
VirtualHost "guest.__DOMAIN__"
authentication = "anonymous"
c2s_require_encryption = false
Component "conference.__DOMAIN__" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
"polls";
--"token_verification";
"muc_rate_limit";
}
admins = { "__FOCUS_USER__@auth.__DOMAIN__" }
muc_room_locking = false
muc_room_default_public_jids = true
Component "breakout.__DOMAIN__" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
--"token_verification";
"muc_rate_limit";
}
admins = { "__FOCUS_USER__@auth.__DOMAIN__" }
muc_room_locking = false
muc_room_default_public_jids = true
-- internal muc component
Component "internal.auth.__DOMAIN__" "muc"
storage = "memory"
modules_enabled = {
"ping";
}
admins = { "__FOCUS_USER__@auth.__DOMAIN__", "__VIDEOBRIDGE_USER__@auth.__DOMAIN__" }
muc_room_locking = false
muc_room_default_public_jids = true
VirtualHost "auth.__DOMAIN__"
modules_enabled = {
"limits_exception";
}
authentication = "internal_hashed"
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.__DOMAIN__" "client_proxy"
target_address = "__FOCUS_USER__@auth.__DOMAIN__"
Component "speakerstats.__DOMAIN__" "speakerstats_component"
muc_component = "conference.__DOMAIN__"
Component "conferenceduration.__DOMAIN__" "conference_duration_component"
muc_component = "conference.__DOMAIN__"
Component "avmoderation.__DOMAIN__" "av_moderation_component"
muc_component = "conference.__DOMAIN__"
Component "lobby.__DOMAIN__" "muc"
storage = "memory"
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true
modules_enabled = {
"muc_rate_limit";
"polls";
}

2
conf/sip-communicator.properties
View file

@ -1,2 +0,0 @@
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
org.jitsi.videobridge.TCP_HARVESTER_PORT=__PORT__

0
doc/.gitkeep Normal file
View file

1
doc/DESCRIPTION.md Normal file
View file

@ -0,0 +1 @@
Jitsi Meet is a libre software (Apache) WebRTC JavaScript app that uses Jitsi Videobridge to provide high quality, secure, and scalable video conferences.

1
doc/DESCRIPTION_fr.md Normal file
View file

@ -0,0 +1 @@
Jitsi Meet est un logiciel libre (Apache) dont Jitsi Videobridge, avec WebRTC Javascript, propose des vidéos-conférences de haute qualité, sécurisées et évolutives.

6
doc/DISCLAIMER.md Normal file
View file

@ -0,0 +1,6 @@
## Important points before installing
1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld
2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
3. **Jitsi** will stop and disable Metronome XMPP.
4. LDAP authentication is activated, only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain.

6
doc/DISCLAIMER_fr.md Normal file
View file

@ -0,0 +1,6 @@
## Points importants à préparer avant l'installation
1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld
2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
3. **Jitsi** va arréter et désactiver le service XMPP Metronome.
4. L'authentification LDAP est activée, seuls les utilisateurs authentifiés peuvent créer de nouvelles salles de conférence. Chaque fois qu'une nouvelle salle est sur le point d'être créée, Jitsi Meet vous demandera un nom d'utilisateur et un mot de passe. Une fois la salle créée, d'autres personnes pourront la rejoindre à partir d'un domaine anonyme.

0
doc/screenshots/.gitkeep Normal file
View file

BIN
doc/screenshots/screenshot.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 126 KiB

18
manifest.json
View file

@ -6,8 +6,15 @@
"en": "Video conferencing web application",
"fr": "Application web de conférence vidéo"
},
"version": "1.0.3729~ynh1",
"version": "1.0.4466~ynh1",
"url": "https://jitsi.org/Projects/JitMeet",
"upstream": {
"license": "Apache-2.0",
"website": "https://jitsi.org/",
"demo": "https://meet.jit.si/",
"userdoc": "https://jitsi.org/user-faq/",
"code": "https://github.com/jitsi/jitsi-meet"
},
"license": "Apache-2.0",
"maintainer": {
"name": ""
@ -22,7 +29,7 @@
}
],
"requirements": {
"yunohost": ">= 3.6"
"yunohost": ">= 4.3.0"
},
"multi_instance": false,
"services": [
@ -32,12 +39,7 @@
"install" : [
{
"name": "domain",
"type": "domain",
"ask": {
"en": "Choose a domain for Jitsi Meet",
"fr": "Choisissez un domaine pour Jitsi Meet"
},
"example": "domain.org"
"type": "domain"
}
]
}

18
pull_request_template.md
View file

@ -1,18 +0,0 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how do you fix that problem*
## PR Status
- [ ] Code finished.
- [ ] Tested with Package_check.
- [ ] Fix or enhancement tested.
- [ ] Upgrade from last version tested.
- [ ] Can be reviewed and tested.
## Package_check results
---
*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results*
[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/jitsi_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/jitsi_ynh%20PR-NUM-%20(USERNAME)/)

2
scripts/_common.sh
View file

@ -5,7 +5,7 @@
#=================================================
# dependencies used by the app
pkg_dependencies="openjdk-8-jdk|openjdk-11-jdk openjdk-8-jre|openjdk-11-jre maven"
pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime lua-ldap"
#=================================================
# PERSONAL HELPERS

44
scripts/backup
View file

@ -13,7 +13,6 @@ source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_print_info --message="Managing script failure..."
ynh_clean_setup () {
ynh_clean_check_starting
@ -32,75 +31,44 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
#=================================================
# STANDARD BACKUP STEPS
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="stop" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="stop" --log_path="/var/log/$app/$app-jicofo.log"
ynh_print_info --message="Declaring files to be backed up..."
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_print_info --message="Backing up the main app directory..."
ynh_backup --src_path="$final_path"
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Backing up nginx web server configuration..."
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP METRONOME
#=================================================
ynh_print_info --message="Backing up Metronome..."
# Backup Metronome domain conf template
ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua"
ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua"
ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua"
ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua"
ynh_backup --src_path="/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua"
# Backup Metronome Hook
ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app"
# Backup Metronome Module
ynh_backup --src_path="/usr/lib/metronome/modules/mod_carbons.lua"
ynh_backup --src_path="/usr/lib/metronome/modules/mod_http_altconnect.lua"
ynh_backup --src_path="/usr/lib/metronome/modules/mod_smacks.lua"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_print_info --message="Backing up logrotate configuration..."
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_print_info --message="Backing up systemd configuration..."
ynh_backup --src_path="/etc/systemd/system/$app-videobridge.service"
ynh_backup --src_path="/etc/systemd/system/$app-jicofo.service"
#=================================================
# START SYSTEMD SERVICE
# BACKUP VARIOUS FILES
#=================================================
ynh_print_info --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log"
ynh_backup --src_path="/etc/$app/"
ynh_backup --src_path="/etc/prosody/conf.avail/$domain.cfg.lua"
#=================================================
# END OF SCRIPT

265
scripts/install
View file

@ -12,7 +12,6 @@ source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_print_info --message="Managing script failure..."
ynh_clean_setup () {
ynh_clean_check_starting
@ -23,7 +22,6 @@ ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
ynh_print_info --message="Retrieving arguments from the manifest..."
domain=$YNH_APP_ARG_DOMAIN
path_url="/"
@ -37,12 +35,17 @@ videobridge_secret=$(ynh_string_random --length=8)
#YOURSECRET2
focus_secret=$(ynh_string_random --length=8)
focus_user="svc${app}focus"
#OTHER SECRET
turn_secret=$(ynh_string_random --length=8)
focus_user="focus"
videobridge_user="jvb"
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_print_info --message="Validating installation parameters..."
ynh_script_progression --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@ -53,202 +56,218 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_print_info --message="Storing installation settings..."
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password
ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_secret
ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret
ynh_app_setting_set --app=$app --key=focus_user --value=$focus_user
ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password
ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret
ynh_app_setting_set --app=$app --key=videobridge_user --value=$videobridge_user
ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_secret
ynh_app_setting_set --app=$app --key=turn_secret --value=$turn_secret
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_print_info --message="Configuring firewall..."
ynh_script_progression --message="Finding an available port..."
# Find an available port
port=$(ynh_find_port --port=4443)
port=4443
# Open this port
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
ynh_app_setting_set --app=$app --key=port --value=$port
# Find an available port
port_videobridge=$(ynh_find_port --port=10000)
port_videobridge=10000
# Open this port
ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge
ynh_app_setting_set --app=$app --key=port_videobridge --value=$port_videobridge
# Find an available port
port_component=$(ynh_find_port --port=5347)
# Open this port
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component
port_component=5347
ynh_app_setting_set --app=$app --key=port_component --value=$port_component
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info --message="Installing dependencies..."
ynh_script_progression --message="Installing dependencies..."
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=10
if ! yunohost app list | grep -q "prosody"
then
yunohost tools update
yunohost app install prosody
else
yunohost tools update
yunohost app upgrade prosody
fi
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path/jitsi-videobridge" --source_id=jitsi-videobridge
ynh_setup_source --dest_dir="$final_path/jitsi-jicofo-build" --source_id=jitsi-jicofo
ynh_setup_source --dest_dir="$final_path/jitsi-meet_temp" --source_id=jitsi-meet
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Configuring nginx web server..."
# Create a dedicated nginx config
ynh_add_nginx_config
ynh_app_setting_set --app=$app --key=require_prosody --value="1"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info --message="Configuring system user..."
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir=$final_path
ynh_system_user_create --username=$app --home_dir="$final_path"
gpasswd --add prosody $app
gpasswd --add www-data $app
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
declare -A packages
packages[jitsi-jicofo]="jicofo"
packages[jitsi-meet-prosody]="jitsi-meet/prosody-plugins"
packages[jitsi-meet-web]="jitsi-meet"
packages[jitsi-videobridge]="jitsi-videobridge"
for package in "${!packages[@]}"
do
ynh_setup_source --dest_dir="$final_path/${package}_temp" --source_id=$package
pushd "$final_path/${package}_temp"
ar x $package.deb data.tar.xz
tar xf data.tar.xz
popd
mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/"
ynh_secure_remove --file="$final_path/${package}_temp"
done
ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..."
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# CONFIGURE METRONOME
# CONFIGURE PROSODY
#=================================================
ynh_print_info --message="Configuring metronome..."
ynh_script_progression --message="Configuring prosody..."
# Create additional domains
if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
ynh_print_info --message="Creating additional domains for package_check..."
yunohost domain add auth.$domain
yunohost domain add conference.$domain
yunohost domain add jitsi-videobridge.$domain
yunohost domain add focus.$domain
fi
ynh_add_config --template="../conf/prosody.cfg.lua" --destination="/etc/prosody/conf.avail/$domain.cfg.lua"
chmod 644 "/etc/prosody/conf.avail/$domain.cfg.lua"
ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua"
# Create focus user
yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0
echo | prosodyctl cert generate $domain
ln -sf "/var/lib/prosody/$domain.key" "/etc/prosody/certs/$domain.key"
ln -sf "/var/lib/prosody/$domain.crt" "/etc/prosody/certs/$domain.crt"
ln -sf "/var/lib/prosody/$domain.crt" "/usr/local/share/ca-certificates/$domain.crt"
# Add Metronome domain conf template
metronome_conf="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua"
mkdir -p /usr/share/yunohost/templates/jitsi/
cp ../conf/metronome.cfg.lua $metronome_conf
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$metronome_conf"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome_conf"
ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome_conf"
ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf"
ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf"
echo | prosodyctl cert generate "auth.$domain"
ln -sf "/var/lib/prosody/auth.$domain.key" "/etc/prosody/certs/auth.$domain.key"
ln -sf "/var/lib/prosody/auth.$domain.crt" "/etc/prosody/certs/auth.$domain.crt"
ln -sf "/var/lib/prosody/auth.$domain.crt" "/usr/local/share/ca-certificates/auth.$domain.crt"
touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua"
touch "/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua"
touch "/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua"
touch "/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua"
update-ca-certificates -f
# Add Metronome hook
cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app
yunohost tools regen-conf metronome
ynh_systemd_action --service_name="prosody" --action="restart"
# Add Metronome modules
cp ../conf/mod_carbons.lua /usr/lib/metronome/modules/mod_carbons.lua
cp ../conf/mod_http_altconnect.lua /usr/lib/metronome/modules/mod_http_altconnect.lua
cp ../conf/mod_smacks.lua /usr/lib/metronome/modules/mod_smacks.lua
prosodyctl register "$focus_user" "auth.$domain" "$focus_password"
ynh_systemd_action --service_name=metronome --action=restart
prosodyctl register "$videobridge_user" "auth.$domain" "$videobridge_secret"
prosodyctl mod_roster_command subscribe $focus_user.$domain $focus_user@auth.$domain
#=================================================
# BUILD JITSI-VIDEOBRIDGE
# CONFIGURE JITSI-VIDEOBRIDGE
#=================================================
ynh_print_info --message="Building Jitsi-Videobridge..."
ynh_script_progression --message="Configuring Jitsi-Videobridge..."
mkdir -p "$final_path/.sip-communicator"
cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties"
chown -R $app: $final_path
public_ipv4="$(curl ip.yunohost.org)" || true
private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true
muc_nickname=$(uuidgen)
ynh_app_setting_set --app=$app --key=muc_nickname --value=$muc_nickname
mkdir -p "/etc/$app/videobridge"
ynh_add_config --template="../conf/jitsi-videobridge-callstats-java-sdk.properties" --destination="/etc/$app/videobridge/callstats-java-sdk.properties"
ynh_add_config --template="../conf/jitsi-videobridge-jvb.conf" --destination="/etc/$app/videobridge/jvb.conf"
ynh_add_config --template="../conf/jitsi-videobridge-logging.properties" --destination="/etc/$app/videobridge/logging.properties"
ynh_add_config --template="../conf/jitsi-videobridge-sip-communicator.properties" --destination="/etc/$app/videobridge/sip-communicator.properties"
ynh_add_config --template="../conf/jitsi-videobridge.config" --destination="/etc/$app/videobridge/config"
#=================================================
# BUILD JITSI-JICOFO
# CONFIGURE JITSI-JICOFO
#=================================================
ynh_print_info --message="Building Jitsi-Jicofo..."
ynh_script_progression --message="Configuring Jitsi-Jicofo..."
pushd "$final_path/jitsi-jicofo-build"
mvn package -DskipTests -Dassembly.skipAssembly=false
popd
mkdir -p "/etc/$app/jicofo"
unzip $final_path/jitsi-jicofo-build/target/jicofo-linux-x64-1.1-SNAPSHOT.zip -d $final_path
ynh_add_config --template="../conf/jitsi-jicofo-config" --destination="/etc/$app/jicofo/config"
mv $final_path/jicofo-linux-x64-1.1-SNAPSHOT/ $final_path/jitsi-jicofo/
ynh_add_config --template="../conf/jitsi-jicofo-jicofo.conf" --destination="/etc/$app/jicofo/jicofo.conf"
ynh_secure_remove --file="$final_path/jitsi-jicofo-build"
ynh_add_config --template="../conf/jitsi-jicofo-logging.properties" --destination="/etc/$app/jicofo/logging.properties"
#=================================================
# BUILD JITSI-MEET
# CONFIGURE JITSI-MEET
#=================================================
ynh_print_info --message="Building Jitsi-Meet..."
ynh_script_progression --message="Configuring Jitsi-Meet..."
pushd "$final_path/jitsi-meet_temp"
ar x jitsi-meet-web.deb data.tar.xz
tar xf data.tar.xz
popd
mkdir -p "/etc/$app/meet"
mv "$final_path/jitsi-meet_temp/usr/share/jitsi-meet/" "$final_path/jitsi-meet/"
ynh_secure_remove --file="$final_path/jitsi-meet_temp"
ynh_add_config --template="../conf/jitsi-meet-config.js" --destination="/etc/$app/meet/$domain-config.js"
chmod 644 "/etc/$app/meet/$domain-config.js"
config="$final_path/jitsi-meet/config.js"
cp ../conf/config.js "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
#=================================================
# CREATE LOG DIR
#=================================================
ynh_script_progression --message="Creating log dir..."
mkdir -p "/var/log/$app"
chown -R $app: /var/log/$app
chmod -R 770 /var/log/$app
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_print_info --message="Configuring a systemd service..."
ynh_script_progression --message="Configuring a systemd service..."
# Create a dedicated systemd config
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-videobridge.service"
ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="../conf/jitsi-videobridge.service"
ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-videobridge.service"
ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="../conf/jitsi-jicofo.service"
ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service"
#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
ynh_print_info --message="Storing the config file checksum..."
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$config"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_print_info --message="Securing files and directories..."
ynh_script_progression --message="Securing files and directories..."
# Set permissions to app files
chown -R $app: $final_path
chown -R $app: /etc/$app
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_print_info --message="Configuring log rotation..."
ynh_script_progression --message="Configuring log rotation..."
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
@ -256,32 +275,32 @@ ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_print_info --message="Integrating service in YunoHost..."
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app-videobridge --description "$app jitsi-videobridge for jitsi" --log "/var/log/$app/$app-videobridge.log"
yunohost service add $app-jicofo --description "$app jitsi-jicofo for jitsi" --log "/var/log/$app/$app-jicofo.log"
yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log" --needs_exposed_ports $port $port_videobridge
yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Starting a systemd service..."
ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log"
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_print_info --message="Configuring SSOwat..."
ynh_script_progression --message="Configuring permissions..."
# Make app public
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
ynh_permission_update --permission="main" --add="visitors"
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info --message="Reloading nginx web server..."
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
@ -289,4 +308,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_print_info --message="Installation of $app completed"
ynh_script_progression --message="Installation of $app completed"

148
scripts/remove
View file

@ -12,60 +12,85 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge)
port_component=$(ynh_app_setting_get --app=$app --key=port_component)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
focus_user=$(ynh_app_setting_get --app=$app --key=focus_user)
videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
ynh_print_info --message="Removing service integration in YunoHost..."
# Remove the service from the list of services known by Yunohost (added from `yunohost service add`)
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app-videobridge >/dev/null
then
ynh_print_info --message="Removing $app-videobridge service..."
ynh_script_progression --message="Removing $app-videobridge service..."
yunohost service remove $app-videobridge
fi
if ynh_exec_warn_less yunohost service status $app-jicofo >/dev/null
then
ynh_print_info --message="Removing $app-jicofo service..."
ynh_script_progression --message="Removing $app-jicofo service..."
yunohost service remove $app-jicofo
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_print_info --message="Stopping and removing the systemd service..."
ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config --service=$app-videobridge
ynh_remove_systemd_config --service=$app-jicofo
#=================================================
# REMOVE DEPENDENCIES
# RECONFIGURE PROSODY
#=================================================
ynh_print_info --message="Removing dependencies..."
ynh_script_progression --message="Reconfiguring Prosody..."
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
prosodyctl deluser $focus_user@auth.$domain || true
prosodyctl deluser $videobridge_user@auth.$domain || true
ynh_remove_nodejs
# Remove domain conf template
ynh_secure_remove --file="/etc/prosody/conf.d/$domain.cfg.lua"
ynh_secure_remove --file="/etc/prosody/conf.avail/$domain.cfg.lua"
ynh_secure_remove --file="/etc/prosody/certs/$domain.key"
ynh_secure_remove --file="/etc/prosody/certs/$domain.crt"
ynh_secure_remove --file="/var/lib/prosody/$domain.key"
ynh_secure_remove --file="/var/lib/prosody/$domain.crt"
ynh_secure_remove --file="/var/lib/prosody/$domain.cnf"
ynh_secure_remove --file="/etc/prosody/certs/auth.$domain.key"
ynh_secure_remove --file="/etc/prosody/certs/auth.$domain.crt"
ynh_secure_remove --file="/var/lib/prosody/auth.$domain.key"
ynh_secure_remove --file="/var/lib/prosody/auth.$domain.crt"
ynh_secure_remove --file="/var/lib/prosody/auth.$domain.cnf"
ynh_secure_remove --file="/usr/local/share/ca-certificates/auth.$domain.crt"
update-ca-certificates -f
ynh_systemd_action --service_name=prosody --action=restart
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_print_info --message="Removing app main directory..."
ynh_script_progression --message="Removing app main directory..."
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
@ -73,86 +98,70 @@ ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Removing nginx web server configuration..."
ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated nginx config
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
# REMOVE DEPENDENCIES
#=================================================
ynh_print_info --message="Removing logrotate configuration..."
ynh_script_progression --message="Removing dependencies..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
# Remove Prosody
ynh_app_setting_delete --app=$app --key=require_prosody
gpasswd --delete prosody $app
# List apps requiring Prosody
installed_apps=$(yunohost app list | grep -oP 'id: \K.*$')
required_by=""
installed_app_required_by=""
for installed_app in $installed_apps
do
installed_app_required_by=$(ynh_app_setting_get --app=$installed_app --key="require_prosody")
if [[ $installed_app_required_by ]]
then
required_by="${installed_app_required_by}"
fi
installed_app_required_by=""
done
# If Prosody is no more required
if [[ ! $required_by ]]
then
# Remove Prosody
ynh_print_info --message="Removing of Prosody"
yunohost app remove prosody --purge
fi
#=================================================
# CLOSE A PORT
#=================================================
ynh_print_info --message="Closing a port..."
if yunohost firewall list | grep -q "\- $port$"
then
ynh_print_info --message="Closing port $port..."
ynh_script_progression --message="Closing port $port..."
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
if yunohost firewall list | grep -q "\- $port_videobridge$"
then
ynh_print_info --message="Closing port $port_videobridge..."
ynh_script_progression --message="Closing port $port_videobridge..."
ynh_exec_warn_less yunohost firewall disallow UDP $port_videobridge
fi
if yunohost firewall list | grep -q "\- $port_component$"
then
ynh_print_info --message="Closing port $port_component..."
ynh_exec_warn_less yunohost firewall disallow TCP $port_component
fi
#=================================================
# SPECIFIC REMOVE
#=================================================
# RECONFIGURE METRONOME
# REMOVE VARIOUS FILES
#=================================================
ynh_print_info --message="Reconfiguring Metronome..."
ynh_script_progression --message="Removing various files..."
# Remove Metronome modules
ynh_secure_remove --file="/usr/lib/metronome/modules/mod_carbons.lua"
ynh_secure_remove --file="/usr/lib/metronome/modules/mod_http_altconnect.lua"
ynh_secure_remove --file="/usr/lib/metronome/modules/mod_smacks.lua"
ynh_systemd_action --service_name=metronome --action=restart
# Remove domain conf template
ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua"
ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua"
ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua"
ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua"
ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua"
# Remove Jitsi template directory
if [ -z "$(ls -A /usr/share/yunohost/templates/jitsi)" ]; then
ynh_secure_remove --file="/usr/share/yunohost/templates/jitsi"
fi
# Remove Metronome Hook
ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app"
yunohost tools regen-conf metronome
# Delete focus user
yunohost user delete $focus_user --purge
# Removing additional domains
if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
yunohost domain remove auth.$domain
yunohost domain remove conference.$domain
yunohost domain remove jitsi-videobridge.$domain
yunohost domain remove focus.$domain
fi
#=================================================
# REMOVE THE LOG FILES
#=================================================
# Remove a directory securely
ynh_secure_remove --file="/etc/$app"
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
@ -162,8 +171,9 @@ ynh_secure_remove --file="/var/log/$app"
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_print_info --message="Removing the dedicated system user..."
ynh_script_progression --message="Removing the dedicated system user..."
gpasswd --delete www-data $app
# Delete a system user
ynh_system_user_delete --username=$app
@ -171,4 +181,4 @@ ynh_system_user_delete --username=$app
# END OF SCRIPT
#=================================================
ynh_print_info --message="Removal of $app completed"
ynh_script_progression --message="Removal of $app completed"

150
scripts/restore
View file

@ -13,7 +13,6 @@ source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_print_info --message="Managing script failure..."
ynh_clean_setup () {
ynh_clean_check_starting
@ -24,7 +23,7 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading settings..."
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
@ -34,6 +33,10 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
focus_user=$(ynh_app_setting_get --app=$app --key=focus_user)
focus_password=$(ynh_app_setting_get --app=$app --key=focus_password)
focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret)
videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user)
videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret)
port=$(ynh_app_setting_get --app=$app --key=port)
port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge)
@ -42,10 +45,8 @@ port_component=$(ynh_app_setting_get --app=$app --key=port_component)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_print_info --message="Validating restoration parameters..."
ynh_script_progression --message="Validating restoration parameters..."
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
@ -54,128 +55,143 @@ test ! -d $final_path \
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Restoring the nginx configuration..."
ynh_script_progression --message="Restoring the NGINX web server configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
gpasswd --add www-data $app
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_print_info --message="Restoring the app main directory..."
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# RESTORE USER RIGHTS
#=================================================
ynh_print_info --message="Restoring user rights..."
# Restore permissions on app files
chown -R root: $final_path
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_print_info --message="Reinstalling dependencies..."
ynh_script_progression --message="Reinstalling dependencies..."
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=10
if ! yunohost app list | grep -q "prosody"
then
yunohost tools update
yunohost app install prosody
else
yunohost tools update
yunohost app upgrade prosody
fi
ynh_app_setting_set --app=$app --key=require_prosody --value="1"
gpasswd --add prosody $app
#=================================================
# CONFIGURE FIREWALL
#=================================================
ynh_print_info --message="Configuring firewall..."
ynh_script_progression --message="Configuring firewall..."
# Open this port
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_component
#=================================================
# CONFIGURE METRONOME
# CONFIGURE PROSODY
#=================================================
ynh_print_info --message="Configuring metronome..."
ynh_script_progression --message="Configuring prosody..."
# Create additional domains
if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
yunohost domain add auth.$domain
yunohost domain add conference.$domain
yunohost domain add jitsi-videobridge.$domain
yunohost domain add focus.$domain
fi
ynh_restore_file --origin_path="/etc/prosody/conf.avail/$domain.cfg.lua"
chmod 644 "/etc/prosody/conf.avail/$domain.cfg.lua"
ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua"
# Create focus user
yunohost user create $focus_user -f $focus_user -l $focus_user -m ${focus_user}@auth.$domain -p $focus_password -q 0
ln -sf /var/lib/prosody/$domain.key /etc/prosody/certs/$domain.key
ln -sf /var/lib/prosody/$domain.crt /etc/prosody/certs/$domain.crt
# Restore Metronome domain conf template
mkdir -p /usr/share/yunohost/templates/jitsi/
ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua"
ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua"
ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua"
ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua"
ynh_restore_file --origin_path="/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua"
ln -sf "/var/lib/prosody/auth.$domain.key" "/etc/prosody/certs/auth.$domain.key"
ln -sf "/var/lib/prosody/auth.$domain.crt" "/etc/prosody/certs/auth.$domain.crt"
ln -sf "/var/lib/prosody/auth.$domain.crt" "/usr/local/share/ca-certificates/auth.$domain.crt"
# Restore Metronome Hook
ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/50-metronome_$app"
yunohost tools regen-conf metronome
update-ca-certificates -f
# Restore Metronome modules
ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_carbons.lua"
ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_http_altconnect.lua"
ynh_restore_file --origin_path="/usr/lib/metronome/modules/mod_smacks.lua"
ynh_systemd_action --service_name="prosody" --action="restart"
ynh_systemd_action --service_name=metronome --action=restart
prosodyctl register "$focus_user" "auth.$domain" "$focus_password"
prosodyctl register "$videobridge_user" "auth.$domain" "$videobridge_secret"
prosodyctl mod_roster_command subscribe $focus_user.$domain $focus_user@auth.$domain
#=================================================
# RESTORE THE APP CONFIG
#=================================================
ynh_script_progression --message="Restoring the app config..."
ynh_restore_file --origin_path="/etc/$app"
chmod 644 "/etc/$app/meet/$domain-config.js"
#=================================================
# CREATE LOG DIR
#=================================================
ynh_script_progression --message="Creating log dir..."
mkdir -p "/var/log/$app"
chown -R $app: /var/log/$app
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_print_info --message="Restoring the systemd configuration..."
ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/systemd/system/$app-videobridge.service"
systemctl enable $app-videobridge.service
systemctl enable $app-videobridge.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-jicofo.service"
systemctl enable $app-jicofo.service
systemctl enable $app-jicofo.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_print_info --message="Integrating service in YunoHost..."
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log"
yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log" --needs_exposed_ports $port $port_videobridge
yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Starting a systemd service..."
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log"
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_print_info --message="Reloading nginx web server and php-fpm..."
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
@ -183,4 +199,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_print_info --message="Restoration completed for $app"
ynh_script_progression --message="Restoration completed for $app"

242
scripts/upgrade
View file

@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
@ -20,64 +20,39 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret)
focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret)
port=$(ynh_app_setting_get --app=$app --key=port)
port_component=$(ynh_app_setting_get --app=$app --key=port_component)
focus_user=$(ynh_app_setting_get --app=$app --key=focus_user)
focus_password=$(ynh_app_setting_get --app=$app --key=focus_password)
focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret)
videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user)
videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret)
turn_secret=$(ynh_app_setting_get --app=$app --key=turn_secret)
muc_nickname=$(ynh_app_setting_get --app=$app --key=muc_nickname)
port=$(ynh_app_setting_get --app=$app --key=port)
port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge)
port_component=$(ynh_app_setting_get --app=$app --key=port_component)
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
current_version=$(ynh_read_manifest --manifest="/etc/yunohost/apps/$app/manifest.json" --manifest_key="version" || echo 1.0)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_print_info --message="Ensuring downward compatibility..."
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
if ynh_version_gt "1.0.3387~ynh2" "${current_version}" ; then
# Add Metronome domain conf template
metronome_conf="/usr/share/yunohost/templates/jitsi/$domain.cfg.lua"
mkdir -p /usr/share/yunohost/templates/jitsi/
cp ../conf/metronome.cfg.lua $metronome_conf
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$metronome_conf"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$metronome_conf"
ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="$metronome_conf"
ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="$metronome_conf"
ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="$metronome_conf"
touch "/usr/share/yunohost/templates/jitsi/auth.$domain.cfg.lua"
touch "/usr/share/yunohost/templates/jitsi/conference.$domain.cfg.lua"
touch "/usr/share/yunohost/templates/jitsi/jitsi-videobridge.$domain.cfg.lua"
touch "/usr/share/yunohost/templates/jitsi/focus.$domain.cfg.lua"
# Add Metronome hook
cp -R ../conf/metronome_regen_conf.hook /usr/share/yunohost/hooks/conf_regen/50-metronome_$app
yunohost tools regen-conf metronome
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_print_info --message="Backing up the app before upgrading (may take a while)..."
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -87,135 +62,168 @@ ynh_abort_if_errors
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Stopping a systemd service..."
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="stop" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="stop" --log_path="/var/log/$app/$app-jicofo.log"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
gpasswd --add www-data $app
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_print_info --message="Upgrading source files..."
ynh_script_progression --message="Upgrading source files..."
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path/jitsi-videobridge" --source_id=jitsi-videobridge
ynh_setup_source --dest_dir="$final_path/jitsi-jicofo-build" --source_id=jitsi-jicofo
ynh_setup_source --dest_dir="$final_path/jitsi-meet_temp" --source_id=jitsi-meet
declare -A packages
packages[jitsi-jicofo]="jicofo"
packages[jitsi-meet-prosody]="jitsi-meet/prosody-plugins"
packages[jitsi-meet-web]="jitsi-meet"
packages[jitsi-videobridge]="jitsi-videobridge"
for package in "${!packages[@]}"
do
ynh_secure_remove --file="$final_path/${package}"
ynh_setup_source --dest_dir="$final_path/${package}_temp" --source_id=$package
pushd "$final_path/${package}_temp"
ar x $package.deb data.tar.xz
tar xf data.tar.xz
popd
mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/"
ynh_secure_remove --file="$final_path/${package}_temp"
done
ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Upgrading nginx web server configuration..."
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated nginx config
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_print_info --message="Upgrading dependencies..."
ynh_script_progression --message="Upgrading dependencies..."
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=10
if ! yunohost app list | grep -q "prosody"
then
yunohost tools update
yunohost app install prosody
else
yunohost tools update
yunohost app upgrade prosody
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
ynh_app_setting_set --app=$app --key=require_prosody --value="1"
gpasswd --add prosody $app
#=================================================
# SPECIFIC UPGRADE
#=================================================
# BUILD JITSI-VIDEOBRIDGE
# CONFIGURE PROSODY
#=================================================
ynh_print_info --message="Building Jitsi-Videobridge..."
ynh_script_progression --message="Configuring Prosody..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
mkdir -p "$final_path/.sip-communicator"
cp ../conf/sip-communicator.properties "$final_path/.sip-communicator/sip-communicator.properties"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/.sip-communicator/sip-communicator.properties"
chown -R $app: $final_path
ynh_add_config --template="../conf/prosody.cfg.lua" --destination="/etc/prosody/conf.avail/$domain.cfg.lua"
chmod 644 "/etc/prosody/conf.avail/$domain.cfg.lua"
fi
#=================================================
# BUILD JITSI-JICOFO
# CONFIGURE JITSI-VIDEOBRIDGE
#=================================================
ynh_print_info --message="Building Jitsi-Jicofo..."
ynh_script_progression --message="Configuring Jitsi-Videobridge..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
pushd "$final_path/jitsi-jicofo-build"
mvn package -DskipTests -Dassembly.skipAssembly=false
popd
public_ipv4="$(curl ip.yunohost.org)" || true
private_ipv4="$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')" || true
unzip $final_path/jitsi-jicofo-build/target/jicofo-linux-x64-1.1-SNAPSHOT.zip -d $final_path
ynh_add_config --template="../conf/jitsi-videobridge-callstats-java-sdk.properties" --destination="/etc/$app/videobridge/callstats-java-sdk.properties"
ynh_secure_remove --file="$final_path/jitsi-jicofo"
ynh_add_config --template="../conf/jitsi-videobridge-jvb.conf" --destination="/etc/$app/videobridge/jvb.conf"
mv $final_path/jicofo-linux-x64-1.1-SNAPSHOT/ $final_path/jitsi-jicofo/
ynh_add_config --template="../conf/jitsi-videobridge-logging.properties" --destination="/etc/$app/videobridge/logging.properties"
ynh_secure_remove --file="$final_path/jitsi-jicofo-build"
ynh_add_config --template="../conf/jitsi-videobridge-sip-communicator.properties" --destination="/etc/$app/videobridge/sip-communicator.properties"
ynh_add_config --template="../conf/jitsi-videobridge.config" --destination="/etc/$app/videobridge/config"
fi
#=================================================
# BUILD JITSI-MEET
# CONFIGURE JITSI-JICOFO
#=================================================
ynh_print_info --message="Building Jitsi-Meet..."
ynh_script_progression --message="configuring Jitsi-Jicofo..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
pushd "$final_path/jitsi-meet_temp"
ar x jitsi-meet-web.deb data.tar.xz
tar xf data.tar.xz
popd
ynh_add_config --template="../conf/jitsi-jicofo-config" --destination="/etc/$app/jicofo/config"
config="$final_path/jitsi-meet/config.js"
ynh_backup_if_checksum_is_different --file="$config"
ynh_add_config --template="../conf/jitsi-jicofo-jicofo.conf" --destination="/etc/$app/jicofo/jicofo.conf"
ynh_secure_remove --file="$final_path/jitsi-meet"
mv "$final_path/jitsi-meet_temp/usr/share/jitsi-meet/" "$final_path/jitsi-meet/"
ynh_secure_remove --file="$final_path/jitsi-meet_temp"
cp ../conf/config.js "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$config"
ynh_add_config --template="../conf/jitsi-jicofo-logging.properties" --destination="/etc/$app/jicofo/logging.properties"
fi
#=================================================
# SETUP LOGROTATE
# CONFIGURE JITSI-MEET
#=================================================
ynh_print_info --message="Upgrading logrotate configuration..."
ynh_script_progression --message="Configuring Jitsi-Meet..."
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_add_config --template="../conf/jitsi-meet-config.js" --destination="/etc/$app/meet/$domain-config.js"
chmod 644 "/etc/$app/meet/$domain-config.js"
fi
#=================================================
# CREATE LOG DIR
#=================================================
ynh_script_progression --message="Creating log dir..."
mkdir -p "/var/log/$app"
chown -R $app: /var/log/$app
chmod -R 770 /var/log/$app
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_print_info --message="Upgrading systemd configuration..."
ynh_script_progression --message="Upgrading systemd configuration..."
# Create a dedicated systemd config
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-videobridge.service"
ynh_replace_string --match_string="__VIDEOBRIDGE_SECRET__" --replace_string="$videobridge_secret" --target_file="../conf/jitsi-videobridge.service"
ynh_replace_string --match_string="__PORT_COMPONENT__" --replace_string="$port_component" --target_file="../conf/jitsi-videobridge.service"
ynh_add_systemd_config --service=$app-videobridge --template="jitsi-videobridge.service"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_SECRET__" --replace_string="$focus_secret" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_USER__" --replace_string="$focus_user" --target_file="../conf/jitsi-jicofo.service"
ynh_replace_string --match_string="__FOCUS_PASSWORD__" --replace_string="$focus_password" --target_file="../conf/jitsi-jicofo.service"
ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service"
#=================================================
@ -223,31 +231,39 @@ ynh_add_systemd_config --service=$app-jicofo --template="jitsi-jicofo.service"
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_print_info --message="Securing files and directories..."
ynh_script_progression --message="Securing files and directories..."
# Set permissions on app files
chown -R root: $final_path
chown -R $app: /etc/$app
#=================================================
# SETUP SSOWAT
# SETUP LOGROTATE
#=================================================
ynh_print_info --message="Upgrading SSOwat configuration..."
ynh_script_progression --message="Upgrading logrotate configuration..."
# Make app public
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app-videobridge --log "/var/log/$app/$app-videobridge.log" --needs_exposed_ports $port $port_videobridge
yunohost service add $app-jicofo --log "/var/log/$app/$app-jicofo.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Starting a systemd service..."
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log"
ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log"
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info --message="Reloading nginx web server..."
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
@ -255,4 +271,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_print_info --message="Upgrade of $app completed"
ynh_script_progression --message="Upgrade of $app completed"