Skip to content

Instantly share code, notes, and snippets.

@francoisTemasys

francoisTemasys/installJitsiTMS.sh

Last active December 14, 2018 16:38
Show Gist options
  • Save francoisTemasys/a17f5874bf104f0a2684 to your computer and use it in GitHub Desktop.
Save francoisTemasys/a17f5874bf104f0a2684 to your computer and use it in GitHub Desktop.
Download ZIP
This script will deploy a jitsi.meet webserver (running on nginx) and a jitsi.videobridge XMPP component (running on Prosody). No TURN server is installed and no NAT server configuration is created.
Raw
installJitsiTMS.sh
#/bin/bash
#(c) Copyright 2014 Temasys Communication, Pte Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
usage()
{
cat << EOF
usage: $0 options
This script install jitsi meet configured with the jitsi videobridge
OPTIONS:
-h Show this message
-d Domain (Required)
-p Password 1 (Default:mypassword1)
EOF
}
PASSWORD1="mypassword1"
while getopts “hd:p:” OPTION
do
case $OPTION in
h)
usage
exit 1
;;
d)
DOMAIN=$OPTARG
;;
p)
PASSWORD1=$OPTARG
;;
?)
usage
exit
;;
esac
done
if [[ -z $DOMAIN ]]
then
usage
exit 1
else
echo "!!!Installation of Jitsi.meet on $DOMAIN!!!"
cd ~
echo "#################"
echo "Configure prosody"
echo "#################"
sleep 2
##Download prosody and otalk
echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list
wget --no-check-certificate https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install prosody-trunk
sudo apt-get install git lua-zlib lua-dbi-sqlite3 liblua5.1-bitop-dev liblua5.1-bitop0
sudo apt-get install lua-sec-prosody
git clone https://github.com/andyet/otalk-server.git
cd otalk-server
sudo cp -r mod* /usr/lib/prosody/modules
##Change default encryption
sudo sed -i "s/c2s_require_encryption =/-- c2s_require_encryption =/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/s2s_secure_auth =/-- s2s_secure_auth =/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/authentication = \"internal_plain\"/authentication = \"internal_hashed\"/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/admins = { }/admins = { }\ndaemonize = true\ncross_domain_bosh = true;\ncomponent_ports = { 5347 }\n/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/--\"compression\";/\"compression\";/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/--\"bosh\"/\"bosh\"/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/--\"legacyauth\"; -- Legacy authentication. Only used by some old clients and bots./--\"legacyauth\"; -- Legacy authentication. Only used by some old clients and bots.\n\t-- jitmeet\n\t\t\"smacks\";\n\t\t\"carbons\";\n\t\t\"mam\";\n\t\t\"lastactivity\";\n\t\t\"offline\";\n\t\t\"pubsub\";\n\t\t\"adhoc\";\n\t\t\"websocket\";\n\t\t\"http_altconnect\";\n/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/--sql = { driver = \"PostgreSQL\", database = \"prosody\", username = \"prosody\", password = \"secret\", host = \"localhost\" }/storage = {archive2 = \"sql2\"}\nsql = { driver = \"SQLite3\", database = \"prosody.sqlite\" }\ndefault_archive_policy = \"roster\"/gi" "/etc/prosody/prosody.cfg.lua"
#Add VirtualHost
sudo sed -i "s/VirtualHost \"example.com\"/VirtualHost \"$DOMAIN\"\n\tauthentication = \"anonymous\"/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/enabled = false -- Remove this line to enable this host/-- enabled = false -- Remove this line to enable this host/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/key = \"\/etc\/prosody\/certs\/example.com.key\";/key = \"\/var\/lib\/prosody\/$DOMAIN.key\";/gi" "/etc/prosody/prosody.cfg.lua"
sudo sed -i "s/certificate = \"\/etc\/prosody\/certs\/example.com.crt\";/certificate = \"\/var\/lib\/prosody\/$DOMAIN.crt\";/gi" "/etc/prosody/prosody.cfg.lua"
#Add Component
echo "Component \"conference.$DOMAIN\" \"muc\"
Component \"jitsi-videobridge.$DOMAIN\"
component_secret = \"$PASSWORD1\"" | sudo tee -a "/etc/prosody/prosody.cfg.lua"
#Generate keys and restart
#prosodyctl cert generate $DOMAIN
sudo openssl genrsa -out /var/lib/prosody/$DOMAIN.key 2048
sudo openssl req -new -x509 -key /var/lib/prosody/$DOMAIN.key -out /var/lib/prosody/$DOMAIN.crt -days 1095
sudo service prosody restart
echo "###############"
echo "Configure nginx"
echo "###############"
sleep 2
cd ~
sudo apt-get install nginx
sudo sed -i "s/# tcp_nopush on;/tcp_nopush on;/gi" "/etc/nginx/nginx.conf"
sudo sed -i "s/# types_hash_max_size 2048;/types_hash_max_size 2048;/gi" "/etc/nginx/nginx.conf"
sudo sed -i "s/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/gi" "/etc/nginx/nginx.conf"
sudo touch /etc/nginx/sites-available/$DOMAIN
echo "server {
listen 80;
server_name $DOMAIN;
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl;
server_name $DOMAIN;
ssl_certificate /var/lib/prosody/$DOMAIN.crt;
ssl_certificate_key /var/lib/prosody/$DOMAIN.key;
root /srv/$DOMAIN;
index index.html index.htm;
location ~ ^/([a-zA-Z0-9]+)$ {
rewrite ^/(.*)$ / break;
}
# BOSH
location /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header Host \$http_host;
}
# xmpp websockets
location /xmpp-websocket {
proxy_pass http://localhost:5280;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \"upgrade\";
proxy_set_header Host \$host;
tcp_nodelay on;
}
}
" | sudo tee -a "/etc/nginx/sites-available/$DOMAIN"
cd /etc/nginx/sites-enabled
sudo ln -s /etc/nginx/sites-available/$DOMAIN $DOMAIN
echo "############"
echo "Fix firewall"
echo "############"
sleep 2
cd ~
sudo ufw allow 80
sudo ufw allow 5222
echo "###################"
echo "Install VideoBridge"
echo "###################"
sleep 2
cd ~
#Download Image
JVBversion="jitsi-videobridge-linux-x64-128"
wget http://download.jitsi.org/jitsi-videobridge/linux/$JVBversion.zip
sudo apt-get install unzip
unzip $JVBversion.zip
#Install JRE
sudo apt-get install default-jre
mkdir ~/.sip-communicator
touch ~/.sip-communicator/sip-communicator.properties
echo "org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false" > ~/.sip-communicator/sip-communicator.properties
~/$JVBversion/jvb.sh --host=localhost --domain=$DOMAIN --port=5347 --secret=$PASSWORD1 &
echo "/bin/bash ~/$JVBversion/jvb.sh --host=localhost --domain=$DOMAIN --port=5347 --secret=$PASSWORD1 </dev/null >> /var/log/jvb.log 2>&1" | sudo tee -a "/etc/rc.local"
echo "###############"
echo "Install Jitmeet"
echo "###############"
sleep 2
cd /srv
sudo git clone https://github.com/jitsi/jitsi-meet.git
sudo mv jitsi-meet $DOMAIN
sudo sed -i "s/domain: 'guest.jit.si',/domain: '$DOMAIN',/gi" "/srv/$DOMAIN/config.js"
sudo sed -i "s/muc: 'meet.jit.si',/muc: 'conference.$DOMAIN',/gi" "/srv/$DOMAIN/config.js"
sudo sed -i "s/bridge: 'jitsi-videobridge.lambada.jitsi.net'/bridge: 'jitsi-videobridge.$DOMAIN'/gi" "/srv/$DOMAIN/config.js"
sudo sed -i "s/bosh: '\/\/lambada.jitsi.net\/http-bind',/bosh: '\/\/$DOMAIN\/http-bind',/gi" "/srv/$DOMAIN/config.js"
#sudo invoke-rc.d nginx restart
sudo service nginx restart
echo "###############"
echo "------END------"
echo "###############"
fi
@jungle-boogie
Copy link

Nice work! This will save folks a lot of time!

Is there anyway to have it pull down the most recent JVB?
Right now it's:
wget http://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-101.zip
Incidentally, I rename the jitsi-videobridge-linux-x64-101 directory just to something like jitsivideo so you don't have to updated the /etc/rc.local directory with every JVB update.

Personally, I like to use a more recent version of nginx since Ubuntu 14.04 seems to have nginx 1.4.6, but that's only from March 2014.
You can get more recent nginx by reviewing this:
http://nginx.org/en/linux_packages.html#stable

Also, config.js has desktopSharing: 'ext', but you should consider change that to webRTC in light of my recent discovery:
http://lists.jitsi.org/pipermail/dev/2014-May/020880.html

I prefer my nginx site configurations to go in /etc/nginx/conf.d/ and you have yours going to sites-available.

@francoisTemasys
Copy link
Author

I agree with lots of your points. The script can be easily improved. For the most recent JVB, I don't really as for now. If I don't rename the JVB to a "standard" name is to be keep tracking of what version have we installed. In both case it's not a big deal.

Nginx: repos are so less troublesome I will think about change that.

Yes the installation of Jitsi meet is a little too standard, especially about the desktop sharing.

@ManuelB
Copy link

ManuelB commented Dec 11, 2014

Nice work!

Unfortunately the newest version will require jicofo https://github.com/jitsi/jicofo

Unfortunately the given script will not configure nor install the focus server (jicofo). I just wanted to add this for everybody who uses it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment