-
Notifications
You must be signed in to change notification settings - Fork 14
/
jitsi_setup.sh
executable file
·2432 lines (1991 loc) · 75.5 KB
/
jitsi_setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/bin/bash
#set -x
# TODO: separate jitsi-meet, videobridge, jigasi, jibri installations
PRODUCT_NAME=jitsi
SCRIPT_NAME="${PRODUCT_NAME}_setup.sh"
SCRIPT_VERSION=1.0
CURRENT_USER=$(whoami)
CURRENT_WORKING_DIR=$(pwd)
CONFIG_FILE="$CURRENT_WORKING_DIR/${PRODUCT_NAME}_config_file"
LOCKFILE="/tmp/${PRODUCT_NAME}_setup.lock"
DATE=$(date +%d-%b-%Y-%H-%M-%S)
LOGDIR="$HOME/$PRODUCT_NAME"
LOGFILE="$LOGDIR/${SCRIPT_NAME}_$DATE.log"
# Operating System Details
OS_DISTRO=$(lsb_release -is)
OS_RELEASE=$(lsb_release -rs)
OS_CODENAME=$(lsb_release -cs)
# Directories to be removed(of older install) during UNINSTALL
TO_REMOVE_DIRS="
/etc/jitsi
/etc/nginx
/etc/prosody
/etc/init.d/prosody
/etc/init.d/nginx
/usr/share/jitsi*
/usr/share/nginx
/usr/share/jicofo
/usr/share/jigasi
/var/lib/jigasi
/var/lib/prosody
/var/lib/nginx"
# Log to $LOGFILE besides showing on the Terminal
# For empty line, simply use logit
# NOTE: Simply use echo if you have more than 1 parameter to echo
logit()
{
if [ "$2" = "nostdout" ]
then
echo "$1" >> "$LOGFILE"
else
echo "$1"|tee -a "$LOGFILE"
fi
}
show_start_time()
{
logit "Start Time: $(date)"
logit
}
show_end_time()
{
logit
logit "End Time: $(date)"
logit
logit "Logs for this run are saved in \"$LOGFILE\""
logit
release_lock
}
remove_old_directories()
{
logit
logit "Removing directories..."
logit
for dir in $TO_REMOVE_DIRS
do
sudo rm -rf "$dir" && logit "Removed $dir"
done
}
post_install_tasks()
{
logit
logit "***** Few Post Install Tasks for you *****"
logit
logit "0. Check the status of services in the log file(or scroll up)...All installed services should show (running)..."
logit "1. Check /etc/hosts file for any duplicates entries and remove them..."
logit "2. If you want Google's Transcription (Speech-To-Text) and forgot to set credentials, copy google credentials(service account, with 'Cloud Speech-to-Text' API enabled) file to $ACTUAL_GOOGLE_CREDS_PATH and restart Jigasi..."
logit "3. If you want Vosk's Transcription (Speech-To-Text), you may run it as a docker on localhost using \"docker run -d -p 2700:2700 alphacep/kaldi-en:latest\""
logit "4. Check log file of this run for these strings: NOTE, WARNING, ERROR, RECOMMENDED"
logit
}
# Compares versions of format a.b.c
# Returns 0 if firstArg < secondArg (making condition is static)
# Rerurns 1 if not less than or equal to
version_compare() {
version1=$1 version2=$2 condition='<'
local IFS=.
v1_array=($version1)
v2_array=($version2)
v1=$((v1_array[0] * 100 + v1_array[1] * 10 + v1_array[2]))
v2=$((v2_array[0] * 100 + v2_array[1] * 10 + v2_array[2]))
diff=$((v2 - v1))
[[ $condition = '=' ]] && ((diff == 0)) && return 0
[[ $condition = '!=' ]] && ((diff != 0)) && return 0
[[ $condition = '<' ]] && ((diff > 0)) && return 0
[[ $condition = '<=' ]] && ((diff >= 0)) && return 0
[[ $condition = '>' ]] && ((diff < 0)) && return 0
[[ $condition = '>=' ]] && ((diff <= 0)) && return 0
return 1
}
install_aliases()
{
ALIASES_VERSION=1.0
ALIASES_FILE="/etc/jitsi/aliases_$PRODUCT_NAME"
logit; logit "Installing $PRODUCT_NAME aliases (version $ALIASES_VERSION) to $ALIASES_FILE"
sudo sh -c "cat > $ALIASES_FILE << EOF
# $PRODUCT_NAME: aliases version: $ALIASES_VERSION
# All start with prefix 'gd' (Don't ask why)
# Except the change directory ones, which start with 'cd'
alias gdopenaliases='vi $ALIASES_FILE'
alias gdreloadaliases='. $ALIASES_FILE'
alias ll='ls -lrt'
# Change directory
alias cdjigasi='cd /etc/jitsi/jigasi'
alias cdjicofo='cd /etc/jitsi/jicofo'
alias cdprosody='cd /etc/prosody/conf.d'
alias cdvideobridge='cd /etc/jitsi/videobridge'
alias cdjitsimeet='cd /etc/jitsi/meet'
alias cdjibri='cd /etc/jitsi/jibri'
alias cdnginx='cd /etc/nginx/sites-enabled'
alias cdlogsjitsi='cd /var/log/jitsi'
alias cdlogsprosody='cd /var/log/prosody'
alias cdlogsnginx='cd /var/log/nginx'
alias cdlogsjibri='cd /var/log/jitsi/jibri'
alias cdtranscripts='cd $JIGASI_TRANSCRIPTS_DIR'
alias cdrecordings='cd $JIBRI_RECORDINGS_DIR'
alias gdstatus-jigasi='/etc/init.d/jigasi status'
alias gdstart-jigasi='/etc/init.d/jigasi start'
alias gdstop-jigasi='/etc/init.d/jigasi stop'
alias gdrestart-jigasi='/etc/init.d/jigasi restart'
alias gdstatus-jibri='systemctl status jibri'
alias gdstart-jibri='systemctl start jibri'
alias gdstop-jibri='systemctl stop jibri'
alias gdrestart-jibri='systemctl restart jibri'
alias gdstatus-nginx='/etc/init.d/nginx status'
alias gdstart-nginx='/etc/init.d/nginx start'
alias gdstop-nginx='/etc/init.d/nginx stop'
alias gdrestart-nginx='/etc/init.d/nginx restart'
alias gdstatus-jicofo='/etc/init.d/jicofo status'
alias gdstart-jicofo='/etc/init.d/jicofo start'
alias gdstop-jicofo='/etc/init.d/jicofo stop'
alias gdrestart-jicofo='/etc/init.d/jicofo restart'
alias gdstatus-prosody='/etc/init.d/prosody status'
alias gdstart-prosody='/etc/init.d/prosody start'
alias gdstop-prosody='/etc/init.d/prosody stop'
alias gdrestart-prosody='/etc/init.d/prosody restart'
alias gdstatus-videobridge='/etc/init.d/jitsi-videobridge2 status'
alias gdstart-videobridge='/etc/init.d/jitsi-videobridge2 start'
alias gdstop-videobridge='/etc/init.d/jitsi-videobridge2 stop'
alias gdrestart-videobridge='/etc/init.d/jitsi-videobridge2 restart'
alias gdstart-all='gdstart-nginx; sleep 2; gdstart-prosody; sleep 2; gdstart-jigasi; sleep 2; gdstart-videobridge; sleep 2; gdstart-jibri; sleep 2; gdstart-jicofo'
alias gdstop-all='gdstop-videobridge; gdstop-jicofo; gdstop-jigasi; gdstop-jibri; gdstop-prosody; gdstop-nginx'
alias gdstatus-all='echo -n "nginx:"; gdstatus-nginx|grep Active; echo -n "videobridge:"; gdstatus-videobridge|grep Active; echo -n "jicofo:"; gdstatus-jicofo|grep Active; echo -n "prosody:"; gdstatus-prosody|grep Active; echo -n "jigasi:"; gdstatus-jigasi|grep Active; echo -n "jibri:"; gdstatus-jibri|grep Active'
alias gdrestart-all='echo; echo ***STOPPING***; gdstop-all; echo; echo ***STARTING***; sleep 2;gdstart-all; echo; echo ***STATUS***; sleep 2; gdstatus-all'
# open log files
alias gdopenlog-jigasi='vi /var/log/jitsi/jigasi.log'
alias gdopenlog-jicofo='vi /var/log/jitsi/jicofo.log'
alias gdopenlog-videobridge='vi /var/log/jitsi/jvb.log'
alias gdopenlog-prosody='vi /var/log/prosody/prosody.log'
alias gdopenlog-prosody-err='vi /var/log/prosody/prosody.err'
alias gdopenlog-nginx='vi /var/log/nginx/access.log'
alias gdopenlog-nginx-err='vi /var/log/nginx/error.log'
alias gdopenlog-jibri='vi /var/log/jitsi/jibri/log.0.txt'
# tail log files
alias gdtaillog-jigasi='tail -f /var/log/jitsi/jigasi.log'
alias gdtaillog-jicofo='tail -f /var/log/jitsi/jicofo.log'
alias gdtaillog-videobridge='tail -f /var/log/jitsi/jvb.log'
alias gdtaillog-prosody='tail -f /var/log/prosody/prosody.log'
alias gdtaillog-prosody-err='tail -f /var/log/prosody/prosody.err'
alias gdtaillog-nginx='tail -f /var/log/nginx/access.log'
alias gdtaillog-nginx-err='tail -f /var/log/nginx/error.log'
alias gdtaillog-jibri='tail -f /var/log/jitsi/jibri/log.0.txt'
EOF
"
logit "Installing $PRODUCT_NAME aliases (version $ALIASES_VERSION) to $ALIASES_FILE: COMPLETE..."
logit
logit "You may load them to your current session using: source $ALIASES_FILE"
logit
}
show_service_status()
{
logit
logit "****** Current status of services *****"
echo -n "nginx:"|tee -a "$LOGFILE"; systemctl status nginx|grep Active|tee -a "$LOGFILE"
echo -n "prosody:"|tee -a "$LOGFILE"; systemctl status prosody|grep Active|tee -a "$LOGFILE"
echo -n "jitsi-videobridge2:"|tee -a "$LOGFILE"; systemctl status jitsi-videobridge2|grep Active|tee -a "$LOGFILE"
echo -n "jicofo:"|tee -a "$LOGFILE"; systemctl status jicofo|grep Active|tee -a "$LOGFILE"
echo -n "jigasi:"|tee -a "$LOGFILE"
if is_jigasi_installed
then
systemctl status jigasi|grep Active|tee -a "$LOGFILE"
else
logit " *** jigasi is not installed... ***"
fi
echo -n "jibri:"|tee -a "$LOGFILE";
if is_jibri_installed
then
systemctl status jicofo|grep Active|tee -a "$LOGFILE"
else
logit " *** jibri is not installed... ***"
fi
}
stop_services()
{
logit
logit "STOPPING services..."
sudo systemctl stop jitsi-videobridge2
sudo systemctl stop jicofo
is_jigasi_installed && sudo systemctl stop jigasi
sudo systemctl stop prosody
is_jibri_installed && sudo systemctl stop jibri
sudo systemctl stop nginx
#Wait for few seconds so that services are all stopped
sleep 5
logit "STOPPING services: COMPLETE..."
logit
}
start_services()
{
logit
logit "STARTING services..."
sudo systemctl start nginx
sudo systemctl start prosody
is_jigasi_installed && sudo systemctl start jigasi
sudo systemctl start jitsi-videobridge2
is_jibri_installed && sudo systemctl start jibri
sudo systemctl start jicofo
#Wait for few seconds so that services are all started
sleep 5
logit "STARTING services: COMPLETE..."
logit
}
restart_services()
{
logit
logit "Restarting services..."
stop_services
sleep 5
start_services
logit "Restarting services: COMPLETE..."
logit
}
show_installed_versions()
{
logit
logit "$(date): Currently Installed Versions:"
logit "************************************************************"
dpkg -l|grep "nginx-full"|tee -a "$LOGFILE"
dpkg -l|grep "jitsi"|tee -a "$LOGFILE"
dpkg -l|grep "prosody"|tee -a "$LOGFILE"
dpkg -l|grep "jigasi"|tee -a "$LOGFILE"
dpkg -l|grep "jibri"|tee -a "$LOGFILE"
logit "************************************************************"
logit
}
kill_lingering_processes()
{
logit "Checking if any services are still alive...If so kill them..."
#To be safe, kill any unstopped ones
sudo pgrep -f jitsi-videobridge2 > /dev/null && sudo pkill -f jitsi-videobridge2
sudo pgrep -f jicofo > /dev/null && sudo pkill -f jicofo
sudo pgrep -f jigasi > /dev/null && sudo pkill -f jigasi
sudo pgrep -f prosody > /dev/null && sudo pkill -f prosody
sudo pgrep -f nginx > /dev/null && sudo pkill -f nginx
}
configure_firewall()
{
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 10000/udp
sudo ufw allow 22/tcp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
sudo ufw allow 5222/tcp
#start the firewall
echo y|sudo ufw enable
}
modify_systemd_limits()
{
if [[ ! $(systemctl show --property DefaultLimitNOFILE) =~ .*65000$ ]]
then
logit "DefaultLimitNOFILE=65000"|sudo tee -a /etc/systemd/system.conf > /dev/null
fi
if [[ ! $(systemctl show --property DefaultLimitNPROC) =~ .*65000$ ]]
then
echo "DefaultLimitNPROC=65000"|sudo tee -a /etc/systemd/system.conf > /dev/null
fi
if [[ ! $(systemctl show --property DefaultTasksMax) =~ .*65000$ ]]
then
echo "DefaultTasksMax=65000"|sudo tee -a /etc/systemd/system.conf > /dev/null
fi
sudo systemctl daemon-reload
}
configure_advanced_options()
{
logit
logit "Configuring advanced options..."
if [ "$BEHIND_NAT" = "yes" ]
then
echo "org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS="$PRIVATE_IP""|sudo tee -a /etc/jitsi/videobridge/sip-communicator.properties > /dev/null
echo "org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS="$PUBLIC_IP""|sudo tee -a /etc/jitsi/videobridge/sip-communicator.properties > /dev/null
sudo sed -i 's/.*org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES/# org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES/' /etc/jitsi/videobridge/sip-communicator.properties
fi
modify_systemd_limits
logit "Configuring advanced options: COMPLETE..."
logit
}
secure_domain_register_users()
{
logit
logit "Registering users in prosody..."
logit "These accounts can be used to join a meeting as a host..."
logit
#check if accounts were added in config file
num_users=0
if [ -n "$SECURE_USERS" ] && [ -n "$SECURE_PASSWORDS" ]
then
#user/password details found in config file
for user in $SECURE_USERS
do
users+=($user)
done
logit "For Secure Domain - Number of users in config file: ${#users[@]}"
for password in $SECURE_PASSWORDS
do
passwords+=($password)
done
logit "For Secure Domain - Number of passwords in config file: ${#passwords[@]}"
if [ "${#users[@]}" -lt "${#passwords[@]}" ]
then
num_users="${#users[@]}"
else
num_users="${#passwords[@]}"
fi
logit; logit "For Secure Domain - Will register $num_users user(s) in prosody..."; logit
fi
i=0
while true
do
if [ $i -lt $num_users ]
then
read username password dump < <(echo ${users[$i]} ${passwords[$i]})
((i++))
if [ $i -eq $num_users ]
then
logit "For Secure Domain - All $num_users user(s) configured in prosody..."
break
fi
else
#Not using logit because we have -n here
echo -n "Choose an account name: "|tee -a "$LOGFILE"
read -r username
logit
echo -n "Choose password for $username: "|tee -a "$LOGFILE"
while true; do
read -N 1 -s character
[ "${character}" == $'\n' ] && break
echo -n "*" >&2|tee -a "$LOGFILE"
password="${password}${character}"
done
logit
logit
fi
logit "Registering $username in prosody now..."
sudo prosodyctl register "$username" "$SERVER_FQDN" "$password"
[ $? = 0 ] && logit "Registered user '$username'...You may use this for starting a meeting..." ||
logit "*** ERROR ***: prosodyctl - Error registering user '$user' to $SERVER_FQDN"
logit
if [ $num_users -eq 0 ]
then
logit "Do you want to add another account?"
select yn in "Yes" "No"; do
logit "You chose: \"$REPLY\""
case $REPLY in
1|[yY]|[Yy][Ee][Ss]) logit
logit "OK. Let's add one more account..."
password=""
logit
break;;
2|[nN]|[Nn][Oo]) logit
logit "OK. No more accounts...got it...";
logit
break 2;;
*) logit
logit "Invalid option...Choose one from given options..."; ;;
esac
done #select end
fi
done #while end
}
# With this setup, the host will need to authenticate to join in a meeting.
# Guest users can join anonymously
configure_secure_domain()
{
logit
logit "Configuring Secure Domain..."
logit
PROSODY_FILE=/etc/prosody/conf.avail/"$SERVER_FQDN".cfg.lua
#Modify to internal_hashed if needed
sudo sed -i 's/authentication = "anonymous"/authentication = "internal_plain"/' "$PROSODY_FILE"
sudo sed -i "/VirtualHost \"auth.$SERVER_FQDN\"/i VirtualHost \"guest.$SERVER_FQDN\"\n\tauthentication = \"anonymous\"\n\tc2s_require_encryption = false\n" "$PROSODY_FILE"
JITSI_MEET_CONFIG=/etc/jitsi/meet/"$SERVER_FQDN"-config.js
sudo sed -i "s/.*anonymousdomain.*/\tanonymousdomain: \'guest.$SERVER_FQDN\',/" /etc/jitsi/meet/*js "$JITSI_MEET_CONFIG"
echo "org.jitsi.jicofo.auth.URL=XMPP:$SERVER_FQDN" | sudo tee -a /etc/jitsi/jicofo/sip-communicator.properties > /dev/null
secure_domain_register_users
SECURE_DOMAIN_CONFIGURED=1
logit
logit "Configuring Secure Domain: COMPLETE..."
logit
}
check_configure_secure_domain()
{
case "$ENABLE_SECURE_DOMAIN" in
"yes")
logit "Found ENABLE_SECURE_DOMAIN=yes in config file..."
logit "Proceeding to configure secure domain..."
configure_secure_domain
return
;;
"no")
logit "Found ENABLE_SECURE_DOMAIN=no in config file..."
logit "SKIPPING secure domain..."
return
;;
*) logit "ENABLE_SECURE_DOMAIN not found in config...will prompt now..."; logit
;;
esac
logit
logit "Secure Domain: Once configured, the host has to authenticate using username/password for joining a meeting..."
logit "It is RECOMMENDED as a security measure..."
logit
logit "Do you want to configure secure domain?"
logit
select yn in "Yes" "No"; do
logit "You chose: \"$REPLY\""
case $REPLY in
1|[yY]|[Yy][Ee][Ss]) logit
logit "OK. Proceeding to configure secure domain..."
configure_secure_domain
break;;
2|[nN]|[Nn][Oo]) logit
logit "OK. SKIPPING secure domain..."; break;;
*) logit
logit "Invalid option...Choose one from given options..."; ;;
esac
done
}
generate_letsencrypt_certs()
{
if [ -z "$LETSENCRYPT_EMAIL" ]
then
sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
else
echo "$LETSENCRYPT_EMAIL" | sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
fi
logit
logit "*********************************************************************"
logit "Certificate generation SUCCESS...Good...OR..."
logit
logit "OR...Let's Encrypt certificate generation FAILED?"
logit "Do not worry, self-signed certificates will be used instead..."
logit "Proceeding with install..."
logit "*********************************************************************"
logit
}
check_generate_letsencrypt_certs()
{
case "$GENERATE_LETSENCRYPT_CERTS" in
"yes")
logit; logit "Found GENERATE_LETSENCRYPT_CERTS=yes in config file..."
logit "Proceeding to generate Let's Encrypt certificates..."
generate_letsencrypt_certs
return
;;
"no")
logit; logit "Found GENERATE_LETSENCRYPT_CERTS=no in config file..."
logit "SKIPPING Let's Encrypt certificates... self-signed certificates will be used..."
return
;;
*) logit
logit "GENERATE_LETSENCRYPT_CERTS not found in config...will prompt now..."; logit
;;
esac
logit
logit "For encryption, Let's Encrypt certificates are RECOMMENDED than self-signed certificates..."
logit
logit "Do you want to generate Let's Encrypt certificates?"
logit
select yn in "Yes" "No"; do
logit "You chose: \"$REPLY\""
case $REPLY in
1|[yY]|[Yy][Ee][Ss]) logit
logit "OK. Proceeding to generate Let's Encrypt certificates..."
logit
generate_letsencrypt_certs
break;;
2|[nN]|[Nn][Oo]) logit
logit "OK. SKIPPING Let's Encrypt certificates... self-signed certificates will be used instead..."
break;;
*) logit
logit "Invalid option...Choose one from given options..."; ;;
esac
done
}
install_jitsi_meet()
{
logit
logit "Installing jitsi-meet..."
sudo apt install wget curl -y
install_latest_prosody
configure_firewall
sudo apt-get update
sudo apt install gnupg2 -y
sudo apt install nginx-full -y
sudo apt update
sudo apt install apt-transport-https -y
if [ "$OS_DISTRO" = "Ubuntu" ]
then
sudo apt-add-repository universe -y
sudo apt update
fi
sudo apt install openjdk-8-jdk -y
#set hostname
sudo hostnamectl set-hostname "$HOST_NAME"
#insert domain in /etc/hosts
sudo sed -i "1i $LOCALHOST $SERVER_FQDN $HOST_NAME" /etc/hosts
curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
# update all package sources
sudo apt update
# jitsi-meet installation
echo "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string $SERVER_FQDN" | sudo debconf-set-selections
echo "jitsi-meet-web-config jitsi-meet/cert-choice select 'Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)'" | sudo debconf-set-selections
#sudo apt-get --option=Dpkg::Options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet install jitsi-meet
sudo apt install jitsi-meet -y
JITSI_MEET_INSTALLED=1
logit
logit "jitsi-meet Installation: COMPLETE..."
}
# TODO: check if this should be mandatory when secure domain is configured
enable_jigasi_authentication()
{
logit
logit "Enabling Authentication for jigasi..."
JIGASI_SIP_COMM_FILE=/etc/jitsi/jigasi/sip-communicator.properties
#JIGASI_USER=$(< /dev/urandom tr -dc a-z0-9 | head -c10)
JIGASI_USER="transcriber"
JIGASI_PASSWORD=$(< /dev/urandom tr -dc a-z0-9 | head -c10)
#Add a new domain in prodosy
#Modify to internal_hashed if needed
echo -e "\nVirtualHost \"$HIDDEN_DOMAIN\"\n\tauthentication = \"internal_plain\"\n\tc2s_require_encryption = false"|sudo tee -a /etc/prosody/conf.d/"$SERVER_FQDN".cfg.lua > /dev/null
#Register this domain so that transcriber joins hidden
sudo prosodyctl register "$JIGASI_USER" "$HIDDEN_DOMAIN" "$JIGASI_PASSWORD"
[ $? = 0 ] && logit "Registered user '$JIGASI_USER'..." ||
logit "*** ERROR ***: prosodyctl - Error registering user '$JIGASI_USER' to $HIDDEN_DOMAIN"
sudo sed -i "s/^#.*org.jitsi.jigasi.xmpp.acc.USER_ID=.*/org.jitsi.jigasi.xmpp.acc.USER_ID="$JIGASI_USER"@"$HIDDEN_DOMAIN"/" "$JIGASI_SIP_COMM_FILE"
sudo sed -i "s/^#.*org.jitsi.jigasi.xmpp.acc.PASS=.*/org.jitsi.jigasi.xmpp.acc.PASS="$JIGASI_PASSWORD"/" "$JIGASI_SIP_COMM_FILE"
sudo sed -i 's/^#.*org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=.*/org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false/' "$JIGASI_SIP_COMM_FILE"
#Also allow non secure connections to xmpp(for self-signed certs, I think)
sudo sed -i '/org.jitsi.jigasi.xmpp.acc.USER_ID=/i org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true' "$JIGASI_SIP_COMM_FILE"
logit "Enabling Authentication for jigasi: COMPLETE..."
logit
}
check_enable_jigasi_authentication()
{
case "$ENABLE_JIGASI_AUTHENTICATION" in
"yes")
logit "Found ENABLE_JIGASI_AUTHENTICATION=yes in config file..."
logit "Proceeding with Jigasi Authentication..."
enable_jigasi_authentication
return
;;
"no")
logit "Found ENABLE_JIGASI_AUTHENTICATION=no in config file..."
logit "SKIPPING Jigasi Authentication..."
return
;;
*) logit "ENABLE_JIGASI_AUTHENTICATION not found in config...will prompt now...";
logit
;;
esac
logit "Jigasi Authentication is RECOMMENDED, so that transcriber (Speech-To-Text) joins in hidden mode..."
logit
logit "Do you want to configure authentication for jigasi?"
select yn in "Yes" "No"; do
logit "You chose: \"$REPLY\""
case $REPLY in
1|[yY]|[Yy][Ee][Ss]) logit
logit "OK. Proceeding with Jigasi Authentication...";
enable_jigasi_authentication
break
;;
2|[nN]|[Nn][Oo]) logit
logit "OK. SKIPPING Jigasi Authentication...";
break
;;
*) logit
logit "Invalid option...Choose one from given options..."
;;
esac
done
}
use_google_transcription()
{
logit
logit "Configuring \"Google\" Transcription (Speech-To-Text) Engine..."
logit
#Changes in Jigasi
sudo touch "$ACTUAL_GOOGLE_CREDS_PATH"
sudo chown jigasi:jitsi "$ACTUAL_GOOGLE_CREDS_PATH"
if [ -r "$GOOGLE_APPLICATION_CREDENTIALS" ]
then
logit "Copying Google Credentials from "$GOOGLE_APPLICATION_CREDENTIALS" to "$ACTUAL_GOOGLE_CREDS_PATH""
sudo cp "$GOOGLE_APPLICATION_CREDENTIALS" "$ACTUAL_GOOGLE_CREDS_PATH"
fi
echo "GOOGLE_APPLICATION_CREDENTIALS=$ACTUAL_GOOGLE_CREDS_PATH"|sudo tee -a /etc/jitsi/jigasi/config > /dev/null
logit
logit "Configuring \"Google\" Transcription (Speech-To-Text) Engine: COMPLETE..."
logit
}
use_vosk_transcription()
{
logit
logit "Configuring \"Vosk\" Transcription (Speech-To-Text) Engine..."
logit
JIGASI_SIP_COMM_FILE=/etc/jitsi/jigasi/sip-communicator.properties
sudo sed -i 's/^#.*org.jitsi.jigasi.transcription.customService=/org.jitsi.jigasi.transcription.customService=/' $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*org.jitsi.jigasi.transcription.vosk.websocket_url=/org.jitsi.jigasi.transcription.vosk.websocket_url=/' $JIGASI_SIP_COMM_FILE
logit "Configuring \"Vosk\" Transcription (Speech-To-Text) Engine: COMPLETE..."
logit
logit "*** You may choose a different webocket URL instead of localhost... If you choose to, modify \"org.jitsi.jigasi.transcription.vosk.websocket_url\" in $JIGASI_SIP_COMM_FILE ***"
logit
}
# TODO: Handle case insensitive TRANSCRIPTION_ENGINE from config file
choose_transcription_engine()
{
logit
logit "Now that you have basic settings in place, choose a Transcription (Speech-To-Text) Engine..."
#selected in config file?
if [ -n "$TRANSCRIPTION_ENGINE" ]
then
logit; logit "TRANSCRIPTION_ENGINE found in config file: \"$TRANSCRIPTION_ENGINE\""
case "$TRANSCRIPTION_ENGINE" in
"google")
logit
logit "OK. Proceeding to configure Google's Transcription (Speech-To-Text) Engine...";
use_google_transcription
return
;;
"vosk")
logit
logit "OK. Proceeding to configure Vosk's Transcription (Speech-To-Text) Engine...";
use_vosk_transcription
return
;;
*)
logit
logit "*** WARNING ***: Invalid TRANSCRIPTION_ENGINE \"$TRANSCRIPTION_ENGINE\" in config file..."
logit
;;
esac
fi
select engine in "Google" "Vosk"; do
logit "You chose: \"$REPLY. $engine\""
case $REPLY in
1) logit
logit "OK. Proceeding to configure Google's Transcription (Speech-To-Text) Engine...";
use_google_transcription
break
;;
2) logit
logit "OK. Proceeding to configure Vosk's Transcription (Speech-To-Text) Engine...";
use_vosk_transcription
break
;;
*) logit
logit "Invalid option...Choose one from given options..."
;;
esac
done
}
configure_transcription()
{
logit
logit "Configuring Transcription (Speech-To-Text)..."
logit
INTERFACE_CONFIG="/usr/share/jitsi-meet/interface_config.js"
#This should be by default. Adding to be safer.
sudo sed -i "s/.*DISABLE_TRANSCRIPTION_SUBTITLES:.*/ DISABLE_TRANSCRIPTION_SUBTITLES: false,/" $INTERFACE_CONFIG
#Make sure 'closedcaptions' is present in TOOLBAR_BUTTONS in "/usr/share/jitsi-meet/interface_config.js"
#This is present by default. Added here to check to make sure in case of any issues.
#Changes in jitsi-meet
sudo sed -i "s/.*\/\/.*transcribingEnabled: .*/\ttranscribingEnabled: true,\n\thiddenDomain: '$HIDDEN_DOMAIN',/" /etc/jitsi/meet/"$SERVER_FQDN"-config.js
PROSODY_FILE=/etc/prosody/conf.avail/"$SERVER_FQDN".cfg.lua
#whitelist transcriber to join lobby
sudo sed -i "s/.*muc_lobby_whitelist = {/ muc_lobby_whitelist = { \"$HIDDEN_DOMAIN\",/" "$PROSODY_FILE"
JIGASI_SIP_COMM_FILE=/etc/jitsi/jigasi/sip-communicator.properties
sudo sed -i 's/^#.*org.jitsi.jigasi.ENABLE_TRANSCRIPTION=.*/org.jitsi.jigasi.ENABLE_TRANSCRIPTION=true/' $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*org.jitsi.jigasi.ENABLE_SIP=.*/org.jitsi.jigasi.ENABLE_SIP=true/' $JIGASI_SIP_COMM_FILE
[ ! -d "$JIGASI_TRANSCRIPTS_DIR" ] &&
sudo mkdir -p "$JIGASI_TRANSCRIPTS_DIR" &&
logit "Created Jigasi Transcripts Directory $JIGASI_TRANSCRIPTS_DIR" ||
logit "Jigasi Transcripts Directory $JIGASI_TRANSCRIPTS_DIR: Already exists..."
sudo chown jigasi:jitsi "$JIGASI_TRANSCRIPTS_DIR"
#Different separator(|) as the directory $JIGASI_TRANSCRIPTS_DIR may contain a '/'
sudo sed -i "s|^#.*org.jitsi.jigasi.transcription.DIRECTORY=.*|org.jitsi.jigasi.transcription.DIRECTORY=$JIGASI_TRANSCRIPTS_DIR|" $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*org.jitsi.jigasi.transcription.BASE_URL=/org.jitsi.jigasi.transcription.BASE_URL=/' $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*org.jitsi.jigasi.transcription.jetty.port=/org.jitsi.jigasi.transcription.jetty.port=/' $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*org.jitsi.jigasi.transcription.ADVERTISE_URL=.*/org.jitsi.jigasi.transcription.ADVERTISE_URL=false/' $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=.*/net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true/' $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*org.jitsi.jigasi.transcription.SAVE_JSON=.*/org.jitsi.jigasi.transcription.SAVE_JSON=false/' $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*org.jitsi.jigasi.transcription.SAVE_TXT=.*/org.jitsi.jigasi.transcription.SAVE_TXT=true/' $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*org.jitsi.jigasi.transcription.SEND_JSON=.*/org.jitsi.jigasi.transcription.SEND_JSON=true/' $JIGASI_SIP_COMM_FILE
sudo sed -i 's/^#.*org.jitsi.jigasi.transcription.SEND_TXT=.*/org.jitsi.jigasi.transcription.SEND_TXT=false/' $JIGASI_SIP_COMM_FILE
logit
logit "Configuring Transcription (Speech-To-Text): Basic configuration COMPLETE..."
logit
choose_transcription_engine
}
check_configure_transcription()
{
case "$ENABLE_TRANSCRIPTION" in
"yes")
logit "Found ENABLE_TRANSCRIPTION=yes in config file..."
logit "Proceeding to configure Transcription (Speech-To-Text)..."
configure_transcription
return
;;
"no")
logit "Found ENABLE_TRANSCRIPTION=no in config file..."
logit "SKIPPING Transcription (Speech-To-Text)..."
return
;;
*)
logit "ENABLE_TRANSCRIPTION not found in config...will prompt now..."; logit
;;
esac
logit
logit "Do you want to configure Transcription (Speech-To-Text)?"
select yn in "Yes" "No"; do
logit "You chose: \"$REPLY\""
case $REPLY in
1|[yY]|[Yy][Ee][Ss]) logit
logit "OK. Proceeding to configure Transcription (Speech-To-Text)...";
configure_transcription
break
;;
2|[nN]|[Nn][Oo]) logit
logit "OK. SKIPPING Transcription (Speech-To-Text)...";
break
;;
*) logit
logit "Invalid option...Choose one from given options..."
;;
esac
done
}
configure_jibri_conf()
{
logit
logit "Configuring jibri.conf now..."
JIBRI_CONF="/etc/jitsi/jibri/jibri.conf"
#TODO: Add variables for certs(like self-signed/letsencrypt/use existing certificate)
SELF_SIGNED_CERTS="yes"
if [ "$SELF_SIGNED_CERTS" = "yes" ]
then
IGNORE_CERTIFICATE_ERRORS="\"--ignore-certificate-errors\","
fi
MY_JIBRI_ID=$(< /dev/urandom tr -dc a-zA-Z | head -c10)
sudo sh -c "cat > $JIBRI_CONF << EOF
jibri {
// A unique identifier for this Jibri
// TODO: eventually this will be required with no default
id = \"jibri-$MY_JIBRI_ID\"
// Whether or not Jibri should return to idle state after handling
// (successfully or unsuccessfully) a request. A value of 'true'
// here means that a Jibri will NOT return back to the IDLE state
// and will need to be restarted in order to be used again.
single-use-mode = false
api {
http {
external-api-port = 2222
internal-api-port = 3333
}
xmpp {
// See example_xmpp_envs.conf for an example of what is expected here
environments = [
{
// A user-friendly name for this environment
name = \"xmpp environment\"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [ \"$SERVER_FQDN\" ]
// The base XMPP domain
xmpp-domain = \"$SERVER_FQDN\"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = \"internal.auth.$SERVER_FQDN\"
room-name = \"JibriBrewery\"
nickname = \"jibri\"
}
// The login information for the control MUC
control-login {
domain = \"auth.$SERVER_FQDN\"
username = \"jibri\"
password = \"$JIBRI_AUTH_PASSWORD\"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
// sip-control-muc {
// domain = "domain"
// room-name = "room-name"
// nickname = "nickname"
// }
// The login information the selenium web client will use
call-login {
domain = \"$HIDDEN_DOMAIN\"
username = \"recorder\"
password = \"$JIBRI_RECORDER_PASSWORD\"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = \"conference.\"
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = \"1 hour\"