Created
April 23, 2019 15:54
-
-
Save sloan58/689fd64ee67e2fb51ca78c9a8ded70ee to your computer and use it in GitHub Desktop.
Jitsi Meet AWS User Data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| DOMAIN="" # Your Route53 TLD (ex: mydomain.com) | |
| SUBDOMAIN="" # The meeting subdomain (ex: meet (for meet.mydomain.com)) | |
| CONFIGURE_AUTH=true # Boolean to configure internal_plain auth or not | |
| PROSODY_USER="" # If you're configuring auth, the user account name (will login as ${PROSODY_USER}@${SUBDOMAIN}.${DOMAIN} ) | |
| PROSODY_PASS="" # If you're configuring auth, the user password (escape special characters) | |
| AWS_ACCESS_KEY="" # Your AWS Access Key | |
| AWS_SECRET_KEY="" # Your AWS Secret Key | |
| LETS_ENCRYPT_EMAIL="" # Email address to use for Let's Encrypt certificate | |
| # Install AWS CLI and update Route53 DNS record for the Jitsi service | |
| snap install aws-cli --classic | |
| mkdir -p /root/.aws | |
| touch /root/.aws/credentials | |
| echo "[default] | |
| aws_access_key_id = ${AWS_ACCESS_KEY} | |
| aws_secret_access_key = ${AWS_SECRET_KEY} | |
| region = us-east-1" > /root/.aws/credentials | |
| echo '{ | |
| "Comment": "Update the A record set", | |
| "Changes": [ | |
| { | |
| "Action": "UPSERT", | |
| "ResourceRecordSet": { | |
| "Name": "'${SUBDOMAIN}'.'${DOMAIN}'", | |
| "Type": "A", | |
| "TTL": 60, | |
| "ResourceRecords": [ | |
| { | |
| "Value": "127.0.0.1" | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| }' > /root/update-route53-A.json | |
| IP=$( curl -s http://169.254.169.254/latest/meta-data/public-ipv4 ) | |
| HOSTED_ZONE_ID=$( /snap/bin/aws route53 list-hosted-zones-by-name | grep -B 1 -e "${DOMAIN}" | sed 's/.*hostedzone\/\([A-Za-z0-9]*\)\".*/\1/' | head -n 1 ) | |
| sed -i "s/127\.0\.0\.1/$IP/" /root/update-route53-A.json | |
| JSON_FILE=$(</root/update-route53-A.json) | |
| /snap/bin/aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --cli-input-json "{ \"ChangeBatch\": $JSON_FILE }" | |
| rm /root/.aws/credentials | |
| # Install Jitsi Meet | |
| apt-get update -y | |
| apt install -y nginx | |
| wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - | |
| sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list" | |
| apt-get -y update | |
| echo "jitsi-videobridge jitsi-videobridge/jvb-hostname string ${SUBDOMAIN}.${DOMAIN}" | debconf-set-selections | |
| echo "jitsi-meet jitsi-meet/cert-choice select Self-signed certificate will be generated" | debconf-set-selections | |
| apt-get -y install jitsi-meet | |
| cd /usr/share/jitsi-meet/scripts/ | |
| echo "${LETS_ENCRYPT_EMAIL}" | ./install-letsencrypt-cert.sh | |
| if [[ "$CONFIGURE_AUTH" = true ]] ; then | |
| # Configure Jitsi Meet for internal_plain auth | |
| sed -z -i 's/authentication = "anonymous"/authentication = "internal_plain"/' /etc/prosody/conf.avail/${SUBDOMAIN}.${DOMAIN}.cfg.lua | |
| echo 'VirtualHost "guest.'${SUBDOMAIN}'.'${DOMAIN}'" | |
| authentication = "anonymous" | |
| c2s_require_encryption = false' >> /etc/prosody/conf.avail/${SUBDOMAIN}.${DOMAIN}.cfg.lua | |
| sed -i "s|// anonymousdomain: 'guest.jitsi-meet.example.com' |anonymousdomain: '${SUBDOMAIN}.${DOMAIN}'|" /etc/jitsi/meet/${SUBDOMAIN}.${DOMAIN}-config.js | |
| echo "org.jitsi.jicofo.auth.URL=XMPP:${SUBDOMAIN}.${DOMAIN}" >> /etc/jitsi/jicofo/sip-communicator.properties | |
| prosodyctl register ${PROSODY_USER} ${SUBDOMAIN}.${DOMAIN} ${PROSODY_PASS} | |
| service jicofo restart | |
| service jitsi-videobridge restart | |
| prosodyctl restart | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment