1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Merge pull request #58 from YunoHost-Apps/testing

Testing
This commit is contained in:
Josue-T 2018-08-02 07:30:54 +02:00 committed by GitHub
commit cfa692217b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 195 additions and 42 deletions

View file

@ -16,7 +16,7 @@ Instant messaging server matrix network.
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
**Shipped version:** 0.31.1
**Shipped version:** 0.33.0
Configuration
-------------
@ -57,7 +57,23 @@ yunohost app setting synapse turnserver_tls_port
yunohost app setting synapse turnserver_alt_tls_port
```
To have a fully functional turnserver you need to open these ports (if it is not automatically done) on your ISP box.
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command:
```
yunohost firewall allow Both 49153:49193
```
You might also need to open these ports (if it is not automatically done) on your ISP box.
To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config.
If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`).
```
*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh;
```
### Important Security Note

View file

@ -11,7 +11,7 @@
setup_private=0
setup_public=1
upgrade=1
upgrade=1 from_commit=a907e39c738997b0e30e9637a5b150bfecf06b18
upgrade=1 from_commit=db374d2bff981d2660ebdac52ee77c684383c00d
backup_restore=1
multi_instance=1
incorrect_path=0
@ -30,5 +30,5 @@
Level 9=0
Level 10=0
;;; Upgrade options
; commit=a907e39c738997b0e30e9637a5b150bfecf06b18
name=Before multi_instance
; commit=db374d2bff981d2660ebdac52ee77c684383c00d
name=Fix postgresql helper from old_version_for_CI_2 branch

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.1/matrix-synapse_0.31.1-jessie-bin1_armv7l.tar.gz
SOURCE_SUM=77b12b4135e99da518e0c7910e3f929daf9200cea83ed5853f7712c77435a5bc
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.33.0/matrix-synapse_0.33.0-jessie-bin1_armv7l.tar.gz
SOURCE_SUM=64a68f2988b8fad7d07c163b1f097beeedbb7d7411baafd2f8595c0291862f20
# (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256
SOURCE_SUM_PRG=sha256sum

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.1/matrix-synapse_0.31.1-stretch-bin1_armv7l.tar.gz
SOURCE_SUM=bed38a43b7e770234f5c3278066316fa261486a885913248c0750088309d87fd
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.33.0/matrix-synapse_0.33.0-stretch-bin1_armv7l.tar.gz
SOURCE_SUM=e7a766f6eda0b704620d29c4633dfadea1572d8730fde4ec31b79f2d65a0f8eb
# (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256
SOURCE_SUM_PRG=sha256sum

View file

@ -1,2 +1,2 @@
SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.31.1.tar.gz
SOURCE_SUM=0408b9f4fc91a90e138c19f0bf9851dcd30c970bd7d6c0bc7a0f498f39b12ac9
SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.33.0.tar.gz
SOURCE_SUM=5d134216f6efa2ba170d56bc7fe4c3fcaa8dbd7e651a155e729a979bafbfbc7a

View file

@ -2,10 +2,11 @@ lt-cred-mech
use-auth-secret
static-auth-secret=__TURNPWD__
realm=__DOMAIN__
no-stun
tls-listening-port=__TLS_PORT__
alt-tls-listening-port=__TLS_ALT_PORT__
min-port=49153
max-port=49193
cli-port=__CLI_PORT__
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
@ -14,8 +15,14 @@ dh-file=/etc/matrix-__APP__/dh.pem
no-sslv2
no-sslv3
no-udp
no-tcp
no-tlsv1
no-loopback-peers
no-multicast-peers
log-file=/var/log/matrix-__APP__/turnserver.log
pidfile="/var/run/coturn-__APP__/turnserver.pid"
pidfile=/var/run/coturn-__APP__/turnserver.pid
simple-log
external-ip=__IPV4__,__IPV6__

View file

@ -9,7 +9,7 @@
"en": "Instant messaging server who use matrix",
"fr": "Un serveur de messagerie instantané basé sur matrix"
},
"version": "0.31.1~ynh1",
"version": "0.33.0~ynh1",
"url": "http://matrix.org",
"license": "Apache-2.0",
"maintainer": {

View file

@ -47,13 +47,6 @@ ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
ynh_backup "/etc/matrix-$app"
#=================================================
# BACKUP COTURN CONFIG
#=================================================
ynh_backup "/etc/turnserver.conf"
ynh_backup "/etc/default/coturn"
#=================================================
# BACKUP SYSTEMD
#=================================================

View file

@ -250,6 +250,25 @@ ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
fi
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
fi
ynh_store_file_checksum "$coturn_config_path"
#=================================================
@ -258,6 +277,16 @@ ynh_store_file_checksum "$coturn_config_path"
ynh_use_logrotate /var/log/matrix-$app
#=================================================
# ADD SCRIPT FOR COTURN CRON
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -303,13 +332,16 @@ ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/m
# SEND A README FOR THE ADMIN
#=================================================
# WARRNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
message="To federate this app you need to add this line in your DNS configuration:
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port and $turnserver_alt_tls_port (if it's not automatically done).
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh"

View file

@ -70,6 +70,53 @@ ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# RECONFIGURE THE TURNSERVER
#=================================================
# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
# Retrieve specific settings
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../settings/conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
fi
if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6"
then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
fi
ynh_store_file_checksum "$coturn_config_path"
#=================================================
# SPECIFIC RESTORATION
#=================================================
@ -123,7 +170,7 @@ ynh_use_logrotate /var/log/matrix-$app
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# WARNING : these commands are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
@ -153,13 +200,16 @@ ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/m
# SEND A README FOR THE ADMIN
#=================================================
# WARRNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
message="To federate this app you need to add this line in your DNS configuration:
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port and $turnserver_alt_tls_port (if it's not automatically done).
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh"

View file

@ -77,7 +77,7 @@ fi
# Install/upgrade synapse in virtualenv
# WARRNING : theses command are used in INSTALL, UPGRADE
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
@ -221,8 +221,6 @@ ynh_add_nginx_config
coturn_config_path="/etc/matrix-$app/coturn.conf"
ynh_backup_if_checksum_is_different "$coturn_config_path"
cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
@ -232,8 +230,37 @@ ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
fi
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
fi
ynh_store_file_checksum "$coturn_config_path"
#=================================================
# ADD SCRIPT FOR COTURN CRON
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
#=================================================
# GENERIC FINALIZATION
#=================================================

View file

@ -0,0 +1,28 @@
#!/bin/bash
app_instance=__APP__
source /usr/share/yunohost/helpers
external_IP_line="external-ip=__IPV4__,__IPV6__"
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip 4 "$public_ip4"
then
external_IP_line="${external_IP_line/'__IPV4__'/$public_ip4}"
else
external_IP_line="${external_IP_line/'__IPV4__,'/}"
fi
if [[ -n "$public_ip6" ]] && ynh_validate_ip 6 "$public_ip6"
then
external_IP_line="${external_IP_line/'__IPV6__'/$public_ip6}"
else
external_IP_line="${external_IP_line/',__IPV6__'/}"
fi
ynh_replace_string "^external-ip=.*\$" "$external_IP_line" "/etc/matrix-$app_instance/coturn.conf"
exit 0