#!/bin/bash # # BlueButton open source conferencing system - https://www.bigbluebutton.org/ # # Copyright (c) 2020 BigBlueButton Inc. and by respective authors (see below). # # This program is free software; you can redistribute it and/or modify it under the # terms of the GNU Lesser General Public License as published by the Free Software # Foundation; either version 3.0 of the License, or (at your option) any later # version. # # BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License along # with BigBlueButton; if not, see . # # Author(s): # Fred Dixon # Sebastian Schneider # Ghazi Triki # # Changelog: # 2009-10-18 FFD Initial Version # 2009-11-05 FFD Updated for 0.62 # 2009-12-09 FFD Updated for 0.63 # 2009-12-11 FFD Added ability to switch conference servers # 2009-12-12 FFD Added cleaning and watching of log files # 2010-01-05 FFD Added zipping of log files # 2010-01-18 FFD Added resetting of environment back to using packages # 2010-03-02 JRT Added trunk checkout options / fixed bbb-apps instructions # 2010-04-02 FFD Updated for 0.64 # 2010-06-21 SEB Cleaned up some code / Updated for 0.70 # 2010-06-25 SEB Added ability to change the security secret # 2010-06-30 SEB Added some extra error checking # 2010-07-06 SEB Added more error checking and report messages # 2010-09-15 FFD Updates for 0.71-dev # 2010-10-16 FFD Updates for 0.71-beta # 2010-11-06 FFD Added logic to ensure red5 shuts down # 2010-12-12 FFD Fixed bug #778 # 2010-12-12 FFD Added support for Intalio VM # 2010-02-28 FFD Fixed #834 # 2011-06-26 FFD Updates for 0.8 # 2012-01-14 FFD Testing the development environment for 0.8 # 2012-02-22 FFD Updates to development environment # 2012-04-27 FFD Added sum of version numbers in --check # 2013-02-03 FFD Updated for changes to parameters for 0.81 in bigbluebutton-sip.properties # 2013-11-07 FFD Finished 0.81 # 2014-01-13 FFD Working on updates for 0.9.0 # 2014-03-10 GUG Enable WebRTC # 2015-03-12 FFD Added start/stop of HTML5 server # 2016-01-13 FFD Updates for 1.0 # 2016-02-28 FFD Updates to support HTTPS configuration # 2016-05-28 FFD Initial updates for 1.1-dev # 2016-08-15 GTR Archive more logs with zip option and show more applications with status # 2016-10-17 GTR Added redis to checked server components & added ownership check for video and freeswitch recording directories # 2017-04-08 FFD Cleanup for 1.1-beta # 2018-11-22 MNE Dynamically detect if sudo is needed # 2018-12-09 GTR More logs cleanup # 2019-02-08 GTR Updates for 2.2 after extracting bbb-web to a standalone server application # 2019-03-14 FFD Refactoring and cleanup for 2.2 # 2019-05-14 FFD Added more checks for configuration issues # 2019-07-08 GTR Set IP for all recording formats # 2019-10-31 GTR Set IP and shared secret for bbb-webhooks # 2019-11-09 GTR Keep HTML5 client logs permissions when cleaning logs # 2020-05-20 NJH Add port 443 to --Network and clean up tmp file. # 2020-06-23 JFS Remove defaultGuestPolicy warning for HTML5 client # 2020-10-22 AGG Removing Flash/Red5 related code (yay!) # 2021-07-16 JFS Add defaultMeetingLayout information #set -x #set -e PATH=$PATH:/sbin if [[ "$(id -u)" != "0" ]]; then if [[ -x "$(which sudo)" ]]; then SUDO="$(which sudo)" else echo "bbb-conf must be ran as root!" && exit 1 fi fi if [[ ! -f /etc/bigbluebutton/bigbluebutton-release ]]; then echo echo "# BigBlueButton does not appear to be installed. Could not" echo "# locate: /etc/bigbluebutton/bigbluebutton-release" echo exit 1 fi # Load the content of the file as variables source /etc/bigbluebutton/bigbluebutton-release # # Figure out our environment (Debian vs. CentOS) # if [ -f /etc/centos-release ] || [ -f /etc/system-release ]; then DISTRIB_ID=centos TOMCAT_USER=tomcat TOMCAT_DIR=/var/lib/$TOMCAT_USER SERVLET_LOGS=/usr/share/tomcat/logs REDIS_SERVICE=redis.service else . /etc/lsb-release # Get value for DISTRIB_ID if [ "$DISTRIB_CODENAME" == "bionic" ]; then TOMCAT_USER=tomcat8 fi if [ "$DISTRIB_CODENAME" == "xenial" ]; then TOMCAT_USER=tomcat7 fi TOMCAT_DIR=/var/lib/$TOMCAT_USER SERVLET_LOGS=$TOMCAT_DIR/logs REDIS_SERVICE=redis-server fi # Common to Ubuntu and CentOS FREESWITCH_VARS=/opt/freeswitch/etc/freeswitch/vars.xml FREESWITCH_EXTERNAL=/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml FREESWITCH_PID=/opt/freeswitch/var/run/freeswitch/freeswitch.pid FREESWITCH_EVENT_SOCKET=/opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml LTI_DIR=/usr/share/bbb-lti if [ -f /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties ]; then SERVLET_DIR=/usr/share/bbb-web else SERVLET_DIR=/var/lib/tomcat7/webapps/bigbluebutton fi get_properties_value() { key="$1" file="$2" if [[ -f $file ]]; then val=$(grep "^$key" "$file"| cut -d = -f 2-) echo "$val" return 0 fi return 1 } get_bbb_web_config_value() { key="$1" val="$(get_properties_value "$key" "$BBB_WEB_ETC_CONFIG")" if [[ -n $val ]]; then echo "$val" return 0 fi val="$(get_properties_value "$key" "$BBB_WEB_CONFIG")" if [[ -n $val ]]; then echo "$val" return 0 fi return 1 } RECORD_CONFIG=/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml HTML5_CONFIG_OLD=/usr/share/meteor/bundle/programs/server/assets/app/config/settings-production.json HTML5_DEFAULT_CONFIG=/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml HTML5_ETC_CONFIG=/etc/bigbluebutton/bbb-html5.yml if [ -f $HTML5_ETC_CONFIG ]; then HTML5_CONFIG=$(yq m -x $HTML5_DEFAULT_CONFIG $HTML5_ETC_CONFIG) else HTML5_CONFIG=$(yq r $HTML5_DEFAULT_CONFIG) fi KURENTO_DEFAULT_CONFIG=/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml KURENTO_ETC_CONFIG=/etc/bigbluebutton/bbb-webrtc-sfu/production.yml if [ -f $KURENTO_ETC_CONFIG ]; then KURENTO_CONFIG=$(yq m -x $KURENTO_DEFAULT_CONFIG $KURENTO_ETC_CONFIG) else KURENTO_CONFIG=$(yq r $KURENTO_DEFAULT_CONFIG) fi BBB_WEB_CONFIG="$SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties" BBB_WEB_ETC_CONFIG="/etc/bigbluebutton/bbb-web.properties" NGINX_IP=$(cat /etc/nginx/sites-available/bigbluebutton | grep -v '#' | sed -n '/server_name/{s/.*server_name[ ]*//;s/;//;p}' | cut -d' ' -f1 | head -n 1) SIP_CONFIG=/etc/bigbluebutton/nginx/sip.nginx SIP_NGINX_IP=$(cat $SIP_CONFIG | grep -v '#' | sed -n '/proxy_pass/{s/.*proxy_pass http[s]*:\/\///;s/:.*//;p}' | head -n 1) NCPU=$(nproc --all) BBB_USER=bigbluebutton TURN=$SERVLET_DIR/WEB-INF/classes/spring/turn-stun-servers.xml TURN_ETC_CONFIG=/etc/bigbluebutton/turn-stun-servers.xml if [ -f "$TURN_ETC_CONFIG" ]; then TURN=$TURN_ETC_CONFIG fi STUN="$(xmlstarlet sel -N x="http://www.springframework.org/schema/beans" -t -m '_:beans/_:bean[@class="org.bigbluebutton.web.services.turn.StunTurnService"]/_:property[@name="stunServers"]/_:set/_:ref' -v @bean -nl $TURN)" PROTOCOL=http if [ -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; then SERVER_URL=$(get_bbb_web_config_value bigbluebutton.web.serverURL | sed -n '{s/.*\///;p}') if get_bbb_web_config_value bigbluebutton.web.serverURL | grep -q https; then PROTOCOL=https fi fi # # We're going to give ^bigbluebutton.web.logoutURL a default value (if undefined) so bbb-conf does not give a warning # if [ -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; then if [ -z "$(get_bbb_web_config_value bigbluebutton.web.logoutURL)" ]; then echo "bigbluebutton.web.logoutURL=default" >> $BBB_WEB_ETC_CONFIG fi fi # # Determine IP so it works on multilingual installations # if LANG=c ifconfig | grep -q 'venet0:0'; then IP=$(ifconfig | grep -v '127.0.0.1' | grep -E "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" | tail -1 | cut -d: -f2 | awk '{ print $1}') else IP=$(ifconfig $(route | grep ^default | head -1 | sed "s/.* //") | awk '/inet /{ print $2}' | cut -d: -f2) fi if [ -z "$IP" ]; then if [ $DISTRIB_ID == "centos" ]; then IP=$(hostname -I | sed 's/ .*//g') fi fi # # Calculate total memory on this server # MEM=$(grep MemTotal /proc/meminfo | awk '{print $2}') MEM=$((MEM/1000)) # # Check if the function has a value and, if not, print an error message # $1 -- name of value # $2 -- location of value # $3 -- value to check # check_no_value() { if [ -z $3 ]; then echo "# Tried to check $1 in" echo "# $2" echo "# but value is empty." exit 1 fi } check_file() { if [ ! -f $1 ]; then echo "# File does not exist: $1" fi } print_header() { if [ ! $HEADER ]; then echo echo "# Potential problems described below" HEADER=1 fi } need_root() { if [ $EUID != 0 ]; then echo "Need to be root to run this option" exit 1 fi } usage() { echo "BigBlueButton Configuration Utility - Version $BIGBLUEBUTTON_RELEASE" echo echo " bbb-conf [options]" echo echo "Configuration:" echo " --version Display BigBlueButton version (packages)" echo " --setip Set IP/hostname for BigBlueButton" echo " --setsecret Change the shared secret in bigbluebutton.properties" echo echo "Monitoring:" echo " --check Check configuration files and processes for problems" echo " --debug Scan the log files for error messages" echo " --watch Scan the log files for error messages every 2 seconds" echo " --network View network connections on 80, 443 and 1935 by IP address. 1935 is deprecated. You will need to modify bbb-conf if you have custom ports." echo " --secret View the URL and shared secret for the server" echo " --lti View the URL and secret for LTI (if installed)" echo echo "Administration:" echo " --restart Restart BigBlueButton" echo " --stop Stop BigBlueButton" echo " --start Start BigBlueButton" echo " --clean Restart and clean all log files" echo " --status Display running status of components" echo " --zip Zip up log files for reporting an error" echo } # utility function to make a copy of the conf file check_and_backup () { # can we write to the configuration file? if [ ! -w $1 ]; then echo "Cannot write to $1!" exit 1 fi # let's see if we need a copy if [ "$TO_BACKUP" = "Y" ]; then cp $1 $1.bak TO_BACKUP="N" fi } # 3 paramenter: the file, the variable name, the new value change_var_value () { check_and_backup $1 sed -i "s<^[[:blank:]#]*\(${2}\).*<\1=${3}<" $1 } # same as change_var_value but with quotes change_var_salt() { check_and_backup $1 sed -i "s<^[[:blank:]#]*\(${2}\).*<\1="${3}"<" $1 } # comment lines matching $2 ($1 is the file) comment () { check_and_backup $1 sed -i "s<^[[:blank:]]*\(${2}.*\)<#\1<" $1 } change_yml_value () { sed -i "s<^\([[:blank:]#]*\)\(${2}\): .*<\1\2: ${3}<" $1 } # comment lines matching $2 ($1 is the file) uncomment () { check_and_backup $1 sed -i "s<^[#[:blank:]]*\(${2}.*\)<\1<" $1 } stop_bigbluebutton () { echo "Stopping BigBlueButton" if [ -f /usr/lib/systemd/system/bbb-html5.service ]; then HTML5="mongod bbb-html5 bbb-webrtc-sfu kurento-media-server" fi if [ -f /usr/lib/systemd/system/bbb-webhooks.service ]; then WEBHOOKS=bbb-webhooks fi if [ -f /usr/share/etherpad-lite/settings.json ]; then ETHERPAD=etherpad fi if [ -f /lib/systemd/system/bbb-web.service ]; then BBB_WEB=bbb-web fi if [ -f /usr/share/bbb-lti/WEB-INF/classes/lti-config.properties ]; then BBB_LTI=bbb-lti fi if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then TOMCAT_SERVICE=$TOMCAT_USER fi systemctl stop $TOMCAT_SERVICE nginx freeswitch $REDIS_SERVICE bbb-apps-akka bbb-fsesl-akka bbb-rap-resque-worker.service bbb-rap-starter.service bbb-rap-caption-inbox.service $HTML5 $WEBHOOKS $ETHERPAD $BBB_WEB $BBB_LTI } start_bigbluebutton () { # # Apply any local configuration options (if exists) # if [ -x /etc/bigbluebutton/bbb-conf/apply-config.sh ]; then echo echo "Applying updates in /etc/bigbluebutton/bbb-conf/apply-config.sh: " /etc/bigbluebutton/bbb-conf/apply-config.sh echo fi if [ -f /opt/freeswitch/var/log/freeswitch/freeswitch.log ]; then if grep -q "Failure to connect to CORE_DB sofia_reg_external" /opt/freeswitch/var/log/freeswitch/freeswitch.log; then # See: https://docs.bigbluebutton.org/install/install.html#freeswitch-fails-to-bind-to-ipv4 echo "Clearing the FreeSWITCH database." rm -rf /opt/freeswitch/var/lib/freeswitch/db/* fi fi echo "Starting BigBlueButton" if [ -f /usr/lib/systemd/system/bbb-html5.service ]; then HTML5="mongod bbb-html5 bbb-webrtc-sfu kurento-media-server" fi if [ -f /usr/lib/systemd/system/bbb-webhooks.service ]; then WEBHOOKS=bbb-webhooks fi if [ -f /usr/share/etherpad-lite/settings.json ]; then ETHERPAD=etherpad fi if [ -f /lib/systemd/system/bbb-web.service ]; then BBB_WEB=bbb-web fi if [ -f /usr/share/bbb-lti/WEB-INF/classes/lti-config.properties ]; then BBB_LTI=bbb-lti fi if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then TOMCAT_SERVICE=$TOMCAT_USER fi systemctl start $TOMCAT_SERVICE nginx freeswitch $REDIS_SERVICE bbb-apps-akka bbb-fsesl-akka bbb-rap-resque-worker bbb-rap-starter.service bbb-rap-caption-inbox.service $HTML5 $WEBHOOKS $ETHERPAD $BBB_WEB $BBB_LTI if [ -f /usr/lib/systemd/system/bbb-html5.service ]; then systemctl start mongod sleep 3 systemctl start bbb-html5 fi } display_bigbluebutton_status () { units="nginx freeswitch $REDIS_SERVICE bbb-apps-akka bbb-fsesl-akka" if [ -d $TOMCAT_DIR ]; then units="$units $TOMCAT_USER" fi if [ -f /usr/lib/systemd/system/bbb-html5.service ]; then units="$units mongod bbb-html5 bbb-webrtc-sfu kurento-media-server" for i in `seq 8888 8890`; do # check if multi-kurento setup is configured if [ -f /usr/lib/systemd/system/kurento-media-server-${i}.service ]; then if systemctl is-enabled kurento-media-server-${i}.service > /dev/null; then units="$units kurento-media-server-${i}" fi fi done source /usr/share/meteor/bundle/bbb-html5-with-roles.conf if [ -f /etc/bigbluebutton/bbb-html5-with-roles.conf ]; then source /etc/bigbluebutton/bbb-html5-with-roles.conf fi for ((i = 1 ; i <= $NUMBER_OF_BACKEND_NODEJS_PROCESSES; i++)); do units="$units bbb-html5-backend@$i" done for ((i = 1; i <= $NUMBER_OF_FRONTEND_NODEJS_PROCESSES; i++)); do units="$units bbb-html5-frontend@$i" done fi if [ -f /usr/share/etherpad-lite/settings.json ]; then units="$units etherpad" fi if [ -f /lib/systemd/system/bbb-web.service ]; then units="$units bbb-web" fi if [ -f /usr/lib/systemd/system/bbb-webhooks.service ]; then units="$units bbb-webhooks" fi if [ -f /lib/systemd/system/bbb-lti.service ]; then units="$units bbb-lti" fi if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then TOMCAT_SERVICE=$TOMCAT_USER fi line='——————————————————————►' for unit in $units; do status=$(systemctl is-active "$unit") if [ "$status" = "active" ]; then printf "%s %s [✔ - $status]\n" $unit "${line:${#unit}}" else printf "%s %s [✘ - $status]\n" $unit "${line:${#unit}}" fi done } if [ $# -eq 0 ]; then usage exit 1 fi # Parse the parameters while [ $# -gt 0 ]; do if [ "$1" = "-stop" -o "$1" = "--stop" ]; then need_root stop_bigbluebutton exit 0 fi if [ "$1" = "-start" -o "$1" = "--start" ]; then need_root start_bigbluebutton exit 0 fi if [ "$1" = "-check" -o "$1" = "--check" -o "$1" = "-c" ]; then CHECK=1 shift;shift continue fi if [ "$1" = "--version" -o "$1" = "-version" -o "$1" = "-v" ]; then VERSION=1 shift continue fi if [ "$1" = "--debug" -o "$1" = "-debug" -o "$1" = "-d" ]; then DEBUG=1 shift continue fi if [ "$1" = "--clean" -o "$1" = "-clean" ]; then CLEAN=1 shift continue fi if [ "$1" = "--watch" -o "$1" = "-watch" -o "$1" = "-w" ]; then WATCH=1 shift continue fi if [ "$1" = "--network" -o "$1" = "-network" -o "$1" = "-n" ]; then NETWORK=1 shift continue fi if [ "$1" = "--zip" -o "$1" = "-zip" -o "$1" = "-z" ]; then ZIP=1 shift continue fi if [ "$1" = "--status" -o "$1" = "-status" ]; then display_bigbluebutton_status exit 0 fi if [ "$1" = "--restart" -o "$1" = "-restart" ]; then RESTART=1 shift continue fi # # all other parameters requires at least 1 argument # if [ "$1" = "-setip" -o "$1" = "--setip" ]; then HOST="${2}" if [ -z "$HOST" ]; then echo "HOST IP=$IP" fi if echo $HOST|grep -q ":"; then HOST=$(echo ${2}|cut -d: -f1) fi shift; shift continue fi if [ "$1" = "--salt" -o "$1" = "-salt" -o "$1" = "--setsalt" -o "$1" = "--secret" -o "$1" = "-secret" -o "$1" = "--setsecret" ]; then SECRET="${2}" if [ -z "$SECRET" ]; then BBB_WEB_URL=$(get_bbb_web_config_value bigbluebutton.web.serverURL) SECRET=$(get_bbb_web_config_value securitySalt) echo echo " URL: $BBB_WEB_URL/bigbluebutton/" echo " Secret: $SECRET" echo echo " Link to the API-Mate:" echo " https://mconf.github.io/api-mate/#server=$BBB_WEB_URL/bigbluebutton/&sharedSecret=$SECRET" echo exit 0 fi shift; shift continue fi if [ "$1" = "--lti" -o "$1" = "-lti" ]; then if [ -z "$SECRET" ]; then if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then LTI_URL="${PROTOCOL}://"$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiEndPoint/{s/^.*=//;p}')'/lti/tool' CUSTOMER=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiConsumer/{s/^.*=//;s/:.*//p}') SECRET=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiConsumer/{s/^[^:]*://;p}') echo echo " URL: $LTI_URL" echo " Customer: $CUSTOMER" echo " Secret: $SECRET" echo ICON_URL=$( echo $LTI_URL | sed 's/tool/images\/icon.ico/') echo " Icon URL: $ICON_URL" echo echo exit 0 fi fi shift; shift continue fi usage exit 1 done print_bigbluebutton_version() { echo if [ $DISTRIB_ID == "centos" ]; then echo "BigBlueButton Server $BIGBLUEBUTTON_RELEASE ($(rpm -qa | grep bbb | grep -v bbb-demo | grep -v bbb-lti | grep -v bbb-redis | grep -v bbb-tomcat | grep -v freeswitch | sed 's/.*[0-9].[0-9].[0-9]-//g' | sed 's/\..*//g' | awk '{ sum+=$1} END {print sum}'))" else echo "BigBlueButton Server $BIGBLUEBUTTON_RELEASE ($(dpkg -l | grep bbb | grep -v bbb-demo | grep -v bbb-lti | sed -n '/[0-9].[0-9].[0-9]-/{s/.*[0-9].[0-9].[0-9]-//;s/;//;p}' | awk '{ sum+=$1} END {print sum}'))" fi } # # Version # if [[ $VERSION ]]; then print_bigbluebutton_version echo dpkg -l | grep bbb exit 0 fi # # Set Shared Secret # if [[ $SECRET ]]; then need_root if get_properties_value securitySalt "$BBB_WEB_ETC_CONFIG" > /dev/null ; then change_var_salt "$BBB_WEB_ETC_CONFIG" securitySalt "$SECRET" else echo "securitySalt=$SECRET" >> "$BBB_WEB_ETC_CONFIG" fi if [ -f /usr/local/bigbluebutton/bbb-webhooks/config/default.yml ]; then change_yml_value /usr/local/bigbluebutton/bbb-webhooks/config/default.yml sharedSecret $SECRET fi if [ -f /usr/local/bigbluebutton/bbb-webhooks/extra/post_catcher.js ]; then sed -i "s|\(^[ \t]*var shared_secret[ =]*\)[^;]*|\1\"$SECRET\"|g" /usr/local/bigbluebutton/bbb-webhooks/extra/post_catcher.js fi if [ -f /etc/bigbluebutton/bbb-apps-akka.conf ]; then sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" /etc/bigbluebutton/bbb-apps-akka.conf fi if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then sed -i "s/bigbluebuttonSalt=.*/bigbluebuttonSalt=$SECRET/g" ${LTI_DIR}/WEB-INF/classes/lti-config.properties fi echo echo "BigBlueButton's shared secret is now $SECRET" echo echo "You must restart BigBlueButton for the changes to take effect" echo echo " $SUDO bbb-conf --restart" echo echo fi check_configuration() { # # Check that freeswtich ESL matches the value in bigbluebutton.properties # if [ -f $FREESWITCH_EVENT_SOCKET ]; then FREESWITCH_ESL_IP=$(cat $FREESWITCH_EVENT_SOCKET | grep 'name="listen-ip"' | cut -d\" -f4 | awk '{print $1}') check_no_value event_socket $FREESWITCH_EVENT_SOCKET $FREESWITCH_ESL_IP fi # # Check if BigBlueButton is defined in Nginx # if [ ! -L /etc/nginx/sites-enabled/bigbluebutton ]; then echo "# Nginx: BigBlueButton appears to be disabled" echo " - no symbolic link in /etc/nginx/sites-enabled/bigbluebutton to /etc/nginx/sites-available/bigbluebutton " fi # # Look for properties with no values set # CONFIG_FILES="$SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties" for file in $CONFIG_FILES ; do if [ ! -f $file ]; then echo "# Error: File not found: $file" else if cat $file | grep -v redis.pass | grep -v redisPassword | grep -q "^[^=]*=[ ]*$"; then echo "# The following properties in $file have no value:" echo "# $(grep '^[^=#]*=[ ]*$' $file | grep -v redis.pass | grep -v redisPassword | sed 's/=//g')" fi fi done VARFolder="$(get_bbb_web_config_value imageMagickDir)" if [ ! -x $VARFolder/convert ]; then echo "# ImageMagick's convert is not installed in $VARFolder" fi # # Check if the IP resolves to a different host # check_no_value server_name /etc/nginx/sites-available/bigbluebutton $NGINX_IP if which host > /dev/null 2>&1; then HOSTS=$(which host) if [ $HOSTS ]; then HOSTS=$($HOSTS $NGINX_IP | awk '{ print $4 }' | head -n 1) fi fi BBB_SECRET="$(get_bbb_web_config_value securitySalt)" if [ -f /var/lib/$TOMCAT_USER/webapps/demo/bbb_api_conf.jsp ]; then # # Make sure the shared secret for the API matches the server # SECRET_DEMO=$(cat ${TOMCAT_DIR}/webapps/demo/bbb_api_conf.jsp | grep -v '^//' | tr -d '\r' | sed -n '/salt[ ]*=/{s/.*=[ ]*"//;s/".*//g;p}') if [ "$BBB_SECRET" != "$SECRET_DEMO" ]; then echo "#" echo "# Warning: API Shared Secret mismatch: " echo "#" echo "# $BBB_WEB_ETC_CONFIG = $BBB_SECRET" echo "# /var/lib/$TOMCAT_USER/webapps/demo/bbb_api_conf.jsp = $SECRET_DEMO" echo "#" echo "# You need to edit bbb_api_conf.jsp to have the same shared secret defined in bigbluebutton.properties" echo "#" echo fi if ! grep -q https ${TOMCAT_DIR}/webapps/demo/bbb_api_conf.jsp; then echo echo "# Warning: Did not detect https for API demos in " echo "#" echo "# ${TOMCAT_DIR}/webapps/demo/bbb_api_conf.jsp" echo "#" echo fi fi if [ -f /usr/lib/systemd/system/bbb-webhooks.service ]; then WEBHOOKS_CONF=/usr/local/bigbluebutton/bbb-webhooks/config/default.yml WEBHOOKS_SECRET=$(yq r $WEBHOOKS_CONF bbb.sharedSecret) if [ "$BBB_SECRET" != "$WEBHOOKS_SECRET" ]; then echo "# Warning: Webhooks API Shared Secret mismatch: " echo "# ${SERVLET_DIR}/WEB-INF/classes/bigbluebutton.properties = $BBB_SECRET" echo "# $WEBHOOKS_CONF = $WEBHOOKS_SECRET" echo fi WEBHOOKS_PROXY_PORT=$(cat /etc/bigbluebutton/nginx/webhooks.nginx | grep -v '#' | grep '^[ \t]*proxy_pass[ \t]*' | sed 's|.*http[s]\?://[^:]*:\([^;]*\);.*|\1|g') WEBHOOKS_APP_PORT=$(yq r $WEBHOOKS_CONF server.port) if [ "$WEBHOOKS_PROXY_PORT" != "$WEBHOOKS_APP_PORT" ]; then echo "# Warning: Webhooks port mismatch: " echo "# /etc/bigbluebutton/nginx/webhooks.nginx = $WEBHOOKS_PROXY_PORT" echo "# $WEBHOOKS_CONF = $WEBHOOKS_APP_PORT" echo fi fi if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then LTI_SECRET=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | tr -d '\r' | sed -n '/^bigbluebuttonSalt/{s/.*=//;p}') if [ "$LTI_SECRET" != "$BBB_SECRET" ]; then echo "# Warning: LTI shared secret mismatch:" echo "# ${LTI_DIR}/WEB-INF/classes/lti-config.properties = $LTI_SECRET" echo "# ${SERVLET_DIR}/WEB-INF/classes/bigbluebutton.properties = $BBB_SECRET" echo fi fi SIP_PROTOCOL=$(cat /etc/bigbluebutton/nginx/sip.nginx | grep -v \# | sed -n '/proxy_pass/{s/.*proxy_pass [ ]*//;s/:.*//;p}' | head -n 1) if [[ $SIP_PROTOCOL == "https" ]]; then if ! grep wss-binding $FREESWITCH_EXTERNAL > /dev/null; then echo "# Warning: Websockets is using HTTPS in /etc/bigbluebutton/nginx/sip.nginx" echo "# but no definition for wss-binding found in " echo "#" echo "# $FREESWITCH_EXTERNAL" echo fi if [ -f $HTML5_CONFIG_OLD ]; then if grep \"enableListenOnly\".*true $HTML5_CONFIG_OLD > /dev/null; then if ! grep -q ws-binding $FREESWITCH_EXTERNAL ; then echo "# Warning: You have enabled listen-only audio via Kurento" echo "# but FreeSWITCH is not listening on port 5066. You should edit " echo "#" echo "# $FREESWITCH_EXTERNAL" echo "#" echo "# and add a line that enables ws-binding on port 5066." echo fi fi fi fi if [ "$(ls -ld /var/freeswitch/meetings | cut -d' ' -f3)" != "freeswitch" ]; then echo "# Warning: Detected the directory" echo "# /var/freeswitch/meetings" echo "# is not owned by freeswitch" fi if [ "$(ls -ld /var/bigbluebutton | cut -d' ' -f3)" != $BBB_USER ]; then echo "# Warning: Detected the directory" echo "# /var/bigbluebutton" echo "# is not owned by $BBB_USER" fi if [ -n "$HTML5_CONFIG" ]; then SVG_IMAGES_REQUIRED=$(cat $BBB_WEB_CONFIG | grep -v '#' | sed -n '/^svgImagesRequired/{s/.*=//;p}') if [ "$SVG_IMAGES_REQUIRED" != "true" ]; then echo echo "# Warning: You have the HTML5 client installed but in" echo "#" echo "# $BBB_WEB_CONFIG" echo "#" echo "# the setting for svgImagesRequired is false. To fix, run the commnad" echo "#" echo "# sed -i 's/^svgImagesRequired=.*/svgImagesRequired=true/' $BBB_WEB_CONFIG " echo "#" fi fi CHECK_STUN=$(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]' -v @data $FREESWITCH_VARS | sed 's/external_rtp_ip=stun://g') if [ "$CHECK_STUN" == "stun.freeswitch.org" ]; then echo echo "# Warning: Detected FreeSWITCH is using default stun.freeswitch.org server. See" echo "#" echo "# https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-using-default-stun-server" echo "#" echo fi if ! which ufw > /dev/null 2>&1; then echo echo "# Warning: No firewall detected. Recommend using setting up a firewall for your server" echo "#" echo "# https://docs.bigbluebutton.org/admin/customize.html#setup-a-firewall" echo "#" echo fi } update_gstreamer() { # due to a change in the kurento packages naming convention, gstreamer packages don't naturally upgrade # this snippet checks if the installed gstreamer packages are the same as the one available in the repository # if they are not, it will update (possibly downgrade) # TODO remove it on 2.3 or above if [ "$DISTRIB_CODENAME" == "xenial" ]; then DOWNGRADE_LIST="" for PACKAGE in $(dpkg -l | grep gst | tr -s ' ' | cut -d' ' -f2 | cut -d':' -f1); do RIGHT_VERSION=$(apt-cache policy $PACKAGE | grep -B1 ubuntu.bigbluebutton.org | head -n1 | tr -s ' ' | cut -d' ' -f2) if [[ $RIGHT_VERSION != "***" ]] && [[ $RIGHT_VERSION != "" ]]; then echo "Force $PACKAGE to version $RIGHT_VERSION" DOWNGRADE_LIST="$PACKAGE=$RIGHT_VERSION $DOWNGRADE_LIST" fi done if [[ $DOWNGRADE_LIST != "" ]]; then apt-get -y --allow-downgrades install $DOWNGRADE_LIST > /dev/null fi fi } check_state() { echo print_header check_configuration # # Check for potential problems in the BigBlueButton configuration # RUNNING_APPS="" NOT_RUNNING_APPS="" if [[ -a $FREESWITCH_PID ]]; then if ! ps aux | grep -v grep | grep '[/]opt/freeswitch/bin/freeswitch' > /dev/null; then print_header NOT_RUNNING_APPS="${NOT_RUNNING_APPS} freeswitch" else RUNNING_APPS="${RUNNING_APPS} freeswitch" fi fi if ! ps aux | grep -v grep | grep '[/]usr/sbin/nginx' > /dev/null; then print_header NOT_RUNNING_APPS="${NOT_RUNNING_APPS} Nginx" else RUNNING_APPS="${RUNNING_APPS} Nginx" fi if ! netstat -ant | grep '8090' > /dev/null; then print_header NOT_RUNNING_APPS="${NOT_RUNNING_APPS} ${TOMCAT_USER} or grails" else if ps aux | ps -aef | grep -v grep | grep grails | grep run-app > /dev/null; then print_header RUNNING_APPS="${RUNNING_APPS} Grails" echo "# ${TOMCAT_USER}: noticed you are running grails run-app instead of ${TOMCAT_USER}" else RUNNING_APPS="${RUNNING_APPS} ${TOMCAT_USER}" fi fi if ! ps aux | grep -v grep | grep '[/]usr/[s]*bin/redis-server' > /dev/null; then print_header NOT_RUNNING_APPS="${NOT_RUNNING_APPS} redis-server" else RUNNING_APPS="${RUNNING_APPS} redis-server" fi if [ "$NOT_RUNNING_APPS" != "" ]; then echo "# Not running: ${NOT_RUNNING_APPS}" fi # # Check if running development environment # if ! grep 8090 /etc/bigbluebutton/nginx/web.nginx > /dev/null; then echo "# Warning: nginx is not serving BigBlueButton's web application" echo "# from port 8090" echo "#" echo "# (This is OK if you have setup a development environment.) " echo fi # # Check FreeSWITCH # if grep -q "Thread ended for mod_event_socket" /opt/freeswitch/var/log/freeswitch/freeswitch.log; then echo echo "# Error: Found text in freeswitch.log:" echo "#" echo "# Thread ended for mod_event_socket" echo "#" echo "# FreeSWITCH may not be responding to requests on port 8021 (event socket layer)" echo "# and users may have errors joining audio." echo "#" fi # # Check FreeSWITCH # ESL_PASSWORD=$(xmlstarlet sel -t -m 'configuration/settings/param[@name="password"]' -v @value /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml) if ! echo "/quit" | /opt/freeswitch/bin/fs_cli -p $ESL_PASSWORD - > /dev/null 2>&1; then echo echo "#" echo "# Error: Unable to connect to the FreeSWITCH Event Socket Layer on port 8021" echo "#" fi # # Check for required external commands # COMMANDS="ruby gem pdftocairo" for cmd in $COMMANDS ; do if ! which $cmd > /dev/null 2>&1; then echo "# $cmd command not found" fi done # # Check if ffmpeg is installed, and whether it is a supported version # FFMPEG_VERSION=$(ffmpeg -version 2>/dev/null | grep ffmpeg | cut -d ' ' -f3 | sed 's/--.*//g' | tr -d '\n') case "$FFMPEG_VERSION" in 4.*.*) # This is the current supported version; OK. ;; '') echo "# Warning: No ffmpeg version was found on the system" echo "# Recording processing will not function" echo ;; *) echo "# Warning: The installed ffmpeg version '${FFMPEG_VERSION}' is not recommended." echo "# Recommend you update to the 4.0.x version of ffmpeg. To upgrade, do the following" echo "#" echo "# $SUDO apt-get install software-properties-common" echo "# $SUDO add-apt-repository ppa:jonathonf/ffmpeg-4" echo "# $SUDO apt-get update" echo "# $SUDO apt-get dist-upgrade" echo "#" echo ;; esac # # Check that the servlet container has started properly and has created log files # if [ -d $TOMCAT_DIR ]; then if [ -z "$(ls -A $SERVLET_LOGS)" ]; then echo "# empty directory: $SERVLET_LOGS contains no logs" fi fi # # Check if the user is running their own bbb-web # if grep -q 8888 /etc/bigbluebutton/nginx/web.nginx; then if ! netstat -ant | grep '8888' > /dev/null; then echo "# Warning: There is no application server listening to port 8888." echo fi fi # # Check if the local server can access the API. This is a common problem when setting up BigBlueButton behind # a firewall # BBB_WEB="$(get_bbb_web_config_value bigbluebutton.web.serverURL|sed -n '{s/.*\///;p}')" check_no_value server_name /etc/nginx/sites-available/bigbluebutton $BBB_WEB COUNT=0 while [ $COUNT -lt 80 ]; do let COUNT=COUNT+1 timeout 1s curl -sS $PROTOCOL://$BBB_WEB/bigbluebutton/api | grep -q SUCCESS if [ $? -eq 0 ]; then let COUNT=80 else echo -n "." sleep 1 fi done echo if ! curl -sS $PROTOCOL://$BBB_WEB/bigbluebutton/api | grep -q SUCCESS; then echo "# Error: Could not connect to the configured hostname/IP address" echo "#" echo "# $PROTOCOL://$BBB_WEB/" echo "#" echo "# If your BigBlueButton server is behind a firewall, see FAQ." echo fi VARS_IP=$(cat $FREESWITCH_VARS | sed -n '/"local_ip_v4/{s/.*local_ip_v4=//;s/".*//;p}') if [[ "$VARS_IP" != "127.0.0.1" ]] && [[ "$VARS_IP" != "auto" ]]; then if [ "$VARS_IP" != $IP ]; then echo "# Warning: The setting of $VARS_IP for local_ip_v4 in" echo "#" echo "# $FREESWITCH_VARS" echo "#" echo "# does not match the local IP address ($IP)." echo "# (This is OK if you've manually changed the values)" echo fi fi if [ -d ${TOMCAT_DIR}/webapps/demo ]; then if test ${TOMCAT_DIR}/webapps/demo.war -nt ${TOMCAT_DIR}/webapps/demo; then echo "# Error: The updated demo.war did not deploy. To manually deploy:" echo "#" echo "# $SUDO touch ${SERVLET_DIR}/demo.war" echo "#" echo fi fi if (( $MEM < 3940 )); then echo "# Warning: You are running BigBlueButton on a server with less than 4G of memory. Your" echo "# performance may suffer." echo fi BBB_WEB="$(get_bbb_web_config_value bigbluebutton.web.serverURL)" if [ -f ${TOMCAT_DIR}/webapps/demo/demo1.jsp ]; then echo "# Warning: The API demos are installed and accessible from:" echo "#" echo "# $BBB_WEB" echo "#" echo "# and" echo "#" echo "# $BBB_WEB/demo/demo1.jsp" echo "#" echo "# These API demos allow anyone to access your server without authentication" echo "# to create/manage meetings and recordings. They are for testing purposes only." echo "# If you are running a production system, remove them by running:" echo "#" echo "# $SUDO apt-get purge bbb-demo" echo fi if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then LTI_URL="${PROTOCOL}://"$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiEndPoint/{s/^.*=//;p}')'/lti/tool' echo "# Warning: The IMS Learning Tools Integration (LTI) is accessible from:" echo "#" echo "# $LTI_URL" echo "#" echo "# To get the access parameters for LTI, run the command" echo "#" echo "# bbb-conf --lti" echo fi DEFAULT_PDF="$(get_bbb_web_config_value beans.presentationService.defaultUploadedPresentation)" if echo $DEFAULT_PDF | grep -q "bigbluebutton.web.serverURL"; then if ! echo "$BBB_WEB$(echo $DEFAULT_PDF | sed 's/${bigbluebutton.web.serverURL}//g')" | xargs curl -sS >/dev/null; then echo "# Error: Unable to reach default URL for presentation:" echo "#" echo "# $BBB_WEB$(echo $DEFAULT_PDF | sed 's/${bigbluebutton.web.serverURL}//g')" echo "#" echo "# Check value for beans.presentationService.defaultUploadedPresentation in" echo "# $BBB_WEB_CONFIG and $BBB_WEB_ETC_CONFIG" fi else if ! echo "$DEFAULT_PDF" | xargs curl -sS >/dev/null; then echo "# Error: Unable to reach default URL for presentation" echo "#" echo "# $DEFAULT_PDF" echo "#" echo "# Check value for beans.presentationService.defaultUploadedPresentation in" echo "# $BBB_WEB_CONFIG and $BBB_WEB_ETC_CONFIG" fi fi if [ "$(cat /etc/bigbluebutton/bbb-apps-akka.conf | sed -n '/sharedSecret.*/{s/[^"]*"//;s/".*//;p}')" == "changeme" ]; then BBB_WEB_IP="$(get_bbb_web_config_value bigbluebutton.web.serverURL|sed -n '{s/.*\///;p}')" echo "# Error: Detected that /etc/bigbluebutton/bbb-apps-akka.conf has the default" echo "# configuration values. To update, run" echo "#" echo "# $SUDO bbb-conf --setip $BBB_WEB_IP" echo "#" fi if bbb-conf --status | grep -q inactive; then echo "# Error: Detected some processes have not started correctly" echo "#" echo "# $(bbb-conf --status | grep inactive)" echo "#" fi if systemctl status freeswitch | grep -q SETSCHEDULER; then echo "# Error: FreeSWITCH failed to start with SETSCHEDULER error, see" echo "#" echo "# https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-fails-to-start-with-a-setscheduler-error" echo "#" fi NCPU=$(nproc --all) if [ "$NCPU" -lt "4" ]; then echo "# Warning: found only $NCPU cores, whereas this server should have (at least) 4 CPU cores" echo "# to run BigBlueButton in production." echo "#" echo "# https://docs.bigbluebutton.org/install/install.html#minimum-server-requirements" echo "#" fi if [ "$(echo "$HTML5_CONFIG" | yq r - public.media.sipjsHackViaWs)" != "true" ]; then if [ "$PROTOCOL" == "https" ]; then if ! cat $SIP_CONFIG | grep -v '#' | grep proxy_pass | head -n 1 | grep -q https; then echo "# Warning: You have this server defined for https, but in" echo "#" echo "# $SIP_CONFIG" echo "#" echo "# did not find the use of https in definition for proxy_pass" echo "#" echo "# $(cat $SIP_CONFIG | grep -v '#' | grep proxy_pass | head -n 1)" echo "#" fi if [ "$SIP_NGINX_IP" != $IP ]; then if [ "$SIP_NGINX_IP" != "\$freeswitch_addr" ]; then echo "# Warning: The setting of $SIP_NGINX_IP for proxy_pass in" echo "#" echo "# /etc/bigbluebutton/nginx/sip.nginx" echo "#" echo "# does not match the local IP address ($IP)." echo "# (This is OK if you've manually changed the values)" echo fi fi if ! cat $SIP_CONFIG | grep -v '#' | grep proxy_pass | head -n 1 | grep -q 7443; then echo echo "# Warning: You have this server defined for https, but in" echo "#" echo "# $SIP_CONFIG" echo "#" echo "# did not find the use of port 7443 in definition for proxy_pass" echo "#" echo "# $(cat $SIP_CONFIG | grep -v '#' | grep proxy_pass | head -n 1)" echo "#" fi fi fi CHECK="$(get_bbb_web_config_value securitySalt|sha1sum |cut -d' ' -f1)" if [ "$CHECK" == "55b727b294158a877212570c3c0524c2b902a62c" ]; then echo echo "#" echo "# Warning: Detected you have the default shared secret. You MUST change your shared" echo "# secret NOW for BigBlueButton to finish starting up. Do either" echo "#" echo "# sudo bbb-conf --setsecret " echo "#" echo "# or, to have openssl generate a strong secret for you (recommended)" echo "#" echo "# sudo bbb-conf --setsecret \$(openssl rand -base64 32 | sed 's/=//g' | sed 's/+//g' | sed 's/\///g')" echo "#" echo "# Be sure to update any integrations with the new shared secret." echo "#" systemctl stop bbb-web exit 1 fi if ! systemctl show-environment | grep LANG= | grep -q UTF-8; then echo echo "#" echo "# Warning: Detected that systemctl does not define a UTF-8 language." echo "#" echo "# To temporarily correct, run the command " echo "#" echo "# sudo systemctl set-environment LANG=en_US.UTF-8" echo "#" echo "# See https://docs.bigbluebutton.org/2.2/install.html#pre-installation-checks" echo "#" fi if [ "$(stat -c "%U %G" /var/bigbluebutton)" != "bigbluebutton bigbluebutton" ]; then echo echo "#" echo "# Warning: The directory" echo "#" echo "# /var/bigbluebutton" echo "#" echo "# is not owned by bigbluebutton:bigbluebutton. To fix, run the command" echo "#" echo "# sudo chown -R bigbluebutton:bigbluebutton /var/bigbluebutton" echo "#" fi FREESWITCH_SIP=$(netstat -anlt | grep :5066 | grep -v tcp6 | grep LISTEN | sed 's/ [ ]*/ /g' | cut -d' ' -f4 | sed 's/:5066//g') KURENTO_SIP=$(echo "$KURENTO_CONFIG" | yq r - freeswitch.sip_ip) if [ ! -z "$FREESWITCH_SIP" ]; then if [ "$FREESWITCH_SIP" != "$KURENTO_SIP" ]; then echo echo "#" echo "# Kurento will try to connect to $KURENTO_SIP but FreeSWITCH is listening on $FREESWITCH_SIP for port 5066" echo "#" echo "# To fix, run the commands" echo "#" echo "# sudo yq w -i /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml freeswitch.sip_ip $FREESWITCH_SIP" echo "# sudo chown bigbluebutton:bigbluebutton /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml" echo "#" fi fi if [ ! -z "$STUN" ]; then for i in $STUN; do STUN_SERVER="$(xmlstarlet sel -N x="http://www.springframework.org/schema/beans" -t -m "_:beans/_:bean[@id=\"$i\"]/_:constructor-arg[@index=\"0\"]" -v @value $TURN | sed 's/stun://g')" if echo $STUN_SERVER | grep -q ':'; then STUN_SERVER="$(echo $STUN_SERVER | sed 's/:.*//g') $(echo $STUN_SERVER | sed 's/.*://g')" else STUN_SERVER="$STUN_SERVER 3478" fi if which stunclient > /dev/null 2>&1; then if stunclient --mode full --localport 30000 $STUN_SERVER | grep -q "fail\|Unable\ to\ resolve"; then echo echo "#" echo "# Warning: Failed to verify STUN server at $STUN_SERVER with command" echo "#" echo "# stunclient --mode full --localport 30000 $STUN_SERVER" echo "#" fi fi done fi stunServerAddress=$(cat /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini | sed -n '/^stunServerAddress/{s/.*=//;p}') stunServerPort=$(cat /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini | sed -n '/^stunServerPort/{s/.*=//;p}') if [ ! -z "$stunServerAddress" ]; then if stunclient --mode full --localport 30000 $stunServerAddress $stunServerPort | grep -q "fail\|Unable\ to\ resolve"; then echo echo "#" echo "# Warning: Failed to verify STUN server at $stunServerAddress:$stunServerPort with command" echo "#" echo "# stunclient --mode full --localport 30000 $stunServerAddress $stunServerPort" echo "#" fi fi exit 0 } # # Print out the status of the current setup and look for configuration issues # if [ $CHECK ]; then need_root print_bigbluebutton_version echo " Kernel version:" $(uname -r) if [ $DISTRIB_ID == "centos" ]; then echo -n " Distribution: $(cat /etc/centos-release)" else source /etc/lsb-release echo -n " Distribution: $DISTRIB_DESCRIPTION " fi if [ $(uname -m) == "x86_64" ]; then echo "(64-bit)" elif [ $(uname -m) == "i686" ]; then echo "(32-bit)" fi echo " Memory: $MEM MB" echo " CPU cores: $NCPU" echo echo "$BBB_WEB_ETC_CONFIG (override for bbb-web)" echo "$BBB_WEB_CONFIG (bbb-web)" echo " bigbluebutton.web.serverURL: $(get_bbb_web_config_value bigbluebutton.web.serverURL)" echo " defaultGuestPolicy: $(get_bbb_web_config_value defaultGuestPolicy)" echo " svgImagesRequired: $(get_bbb_web_config_value svgImagesRequired)" echo " defaultMeetingLayout: $(get_bbb_web_config_value defaultMeetingLayout)" echo echo "/etc/nginx/sites-available/bigbluebutton (nginx)" echo " server_name: $NGINX_IP" PORT=$(cat /etc/nginx/sites-available/bigbluebutton | grep -v '#' | sed -n '/listen/{s/.*listen[ ]*//;s/;//;p}' | grep -v ssl | tr --delete '\n' | sed 's/\[/, \[/g' | sed 's/0$/0\n/g') echo " port: $PORT" if cat /etc/nginx/sites-available/bigbluebutton | grep -v '#' | sed -n '/listen/{s/.*listen[ ]*//;s/;//;p}' | grep ssl > /dev/null; then echo " port: 443 ssl" fi echo echo "$FREESWITCH_VARS (FreeSWITCH)" echo " local_ip_v4: $(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "local_ip_v4=")]' -v @data $FREESWITCH_VARS | sed 's/local_ip_v4=//g')" echo " external_rtp_ip: $(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]' -v @data $FREESWITCH_VARS | sed 's/external_rtp_ip=//g')" echo " external_sip_ip: $(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_sip_ip=")]' -v @data $FREESWITCH_VARS | sed 's/external_sip_ip=//g')" echo echo "$FREESWITCH_EXTERNAL (FreeSWITCH)" echo " ext-rtp-ip: $(xmlstarlet sel -t -m 'profile/settings/param[@name="ext-rtp-ip"]' -v @value $FREESWITCH_EXTERNAL)" echo " ext-sip-ip: $(xmlstarlet sel -t -m 'profile/settings/param[@name="ext-sip-ip"]' -v @value $FREESWITCH_EXTERNAL)" echo " ws-binding: $(xmlstarlet sel -t -m 'profile/settings/param[@name="ws-binding"]' -v @value $FREESWITCH_EXTERNAL)" echo " wss-binding: $(xmlstarlet sel -t -m 'profile/settings/param[@name="wss-binding"]' -v @value $FREESWITCH_EXTERNAL)" if [ -f ${SERVLET_DIR}/demo/bbb_api_conf.jsp ]; then BBB_WEB_URL=$(cat ${SERVLET_DIR}//WEB-INF/classes/bigbluebutton.properties | grep -v '#' | sed -n '/^bigbluebutton.web.serverURL/{s/.*\///;p}') echo echo "${SERVLET_DIR}/demo/bbb_api_conf.jsp (API demos)" echo " url: $BBB_WEB_URL" fi # if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then # LTI_URL=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^bigbluebuttonURL/{s/.*http[s]:\/\///;s/\/.*//;p}' | tr -d '\015') # echo # echo "${LTI_DIR}/WEB-INF/classes/lti-config.properties (LTI integration)" # echo " api url: $LTI_URL" # fi if [ -f $RECORD_CONFIG ]; then echo echo "$RECORD_CONFIG (record and playback)" echo " playback_host: $(yq r $RECORD_CONFIG playback_host)" echo " playback_protocol: $(yq r $RECORD_CONFIG playback_protocol)" echo " ffmpeg: $(ffmpeg -version 2>/dev/null | grep ffmpeg | cut -d ' ' -f3 | sed 's/--.*//g' | tr -d '\n')" fi if [ -f $SIP_CONFIG ]; then echo echo "$SIP_CONFIG (sip.nginx)" echo " proxy_pass: $SIP_NGINX_IP" echo " protocol: $(cat /etc/bigbluebutton/nginx/sip.nginx | grep -v \# | sed -n '/proxy_pass/{s/.*proxy_pass [ ]*//;s/:.*//;p}' | head -n 1)" fi if [ -n "$KURENTO_CONFIG" ]; then echo echo "/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU)" echo "/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (Kurento SFU - override)" echo " kurento.ip: $(echo "$KURENTO_CONFIG" | yq r - kurento[0].ip)" echo " kurento.url: $(echo "$KURENTO_CONFIG" | yq r - kurento[0].url)" echo " kurento.sip_ip: $(echo "$KURENTO_CONFIG" | yq r - freeswitch.sip_ip)" echo " recordScreenSharing: $(echo "$KURENTO_CONFIG" | yq r - recordScreenSharing)" echo " recordWebcams: $(echo "$KURENTO_CONFIG" | yq r - recordWebcams)" echo " codec_video_main: $(echo "$KURENTO_CONFIG" | yq r - conference-media-specs.codec_video_main)" echo " codec_video_content: $(echo "$KURENTO_CONFIG" | yq r - conference-media-specs.codec_video_content)" fi if [ -n "$HTML5_CONFIG" ]; then echo echo "/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)" echo "/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)" echo " build: $(echo "$HTML5_CONFIG" | yq r - public.app.html5ClientBuild)" echo " kurentoUrl: $(echo "$HTML5_CONFIG" | yq r - public.kurento.wsUrl)" echo " enableListenOnly: $(echo "$HTML5_CONFIG" | yq r - public.kurento.enableListenOnly)" echo " sipjsHackViaWs: $(echo "$HTML5_CONFIG" | yq r - public.media.sipjsHackViaWs)" fi if [ ! -z "$STUN" ]; then for i in $STUN; do echo echo "$TURN (STUN Server)" echo " stun: $(xmlstarlet sel -N x="http://www.springframework.org/schema/beans" -t -m "_:beans/_:bean[@id=\"$i\"]/_:constructor-arg[@index=\"0\"]" -v @value $TURN | sed 's/stun://g')" done fi stunServerAddress=$(cat /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini | sed -n '/^stunServerAddress/{s/.*=//;p}') stunServerPort=$(cat /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini | sed -n '/^stunServerPort/{s/.*=//;p}') if [ ! -z "$stunServerAddress" ]; then echo echo "/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini (STUN Server)" echo " stun: $stunServerAddress:$stunServerPort" fi if [ "$DISTRIB_CODENAME" == "xenial" ]; then if ! java -version 2>&1 | grep -q "1.8.0"; then echo echo "# Warning: Did not detect Java 8 as default version" echo echo " sudo apt-get install openjdk-8-jdk" echo " update-alternatives --config java" echo " bbb-conf --restart" fi fi check_state echo exit 0 fi # # Zip log files # if [ $ZIP ]; then need_root LOG_FILE="$(date +'%Y%m%d')-$(date +%H).tar" TMP_LOG_FILE="/tmp/$LOG_FILE" # # Check log files # rm -f "$LOG_FILE.gz" rm -f /tmp/a touch /tmp/empty tar cf $TMP_LOG_FILE /tmp/empty > /dev/null 2>&1 tar rfh $TMP_LOG_FILE $SERVLET_LOGS > /dev/null 2>&1 tar rf $TMP_LOG_FILE /var/log/bigbluebutton/* > /dev/null 2>&1 tar rf $TMP_LOG_FILE /var/log/bbb-apps-akka > /dev/null 2>&1 tar rf $TMP_LOG_FILE /var/log/bbb-fsesl-akka > /dev/null 2>&1 tar rf $TMP_LOG_FILE /var/log/bbb-webrtc-sfu > /dev/null 2>&1 tar rf $TMP_LOG_FILE /var/log/kurento-media-server > /dev/null 2>&1 tar rf $TMP_LOG_FILE /var/log/mongodb > /dev/null 2>&1 tar rf $TMP_LOG_FILE /var/log/redis > /dev/null 2>&1 tar rf $TMP_LOG_FILE /var/log/nginx/error.log* > /dev/null 2>&1 tar rf $TMP_LOG_FILE /var/log/nginx/bigbluebutton.access.log* > /dev/null 2>&1 tar rfh $TMP_LOG_FILE /opt/freeswitch/var/log/freeswitch/ > /dev/null 2>&1 if [ -f /var/log/nginx/html5-client.log ]; then tar rf $TMP_LOG_FILE /var/log/nginx/html5-client.log* > /dev/null 2>&1 fi if [ -f /var/log/syslog ]; then tar rf $TMP_LOG_FILE /var/log/syslog* > /dev/null 2>&1 fi tar tf $TMP_LOG_FILE gzip $TMP_LOG_FILE $SUDO mv $TMP_LOG_FILE.gz /root/$LOG_FILE.gz echo echo " Created: /root/$LOG_FILE.gz" echo fi # # Check current setup # if [ $DEBUG ]; then need_root # # Check log files # rm -rf /tmp/t grep --directories=skip ERROR /var/log/bigbluebutton/* > /tmp/t if [ -s /tmp/t ]; then echo " -- ERRORS found in /var/log/bigbluebutton/* -- " cat /tmp/t echo fi rm -rf /tmp/t grep --directories=skip Exception /var/log/bigbluebutton/* | grep -v CacheExceptionHandlerFactory > /tmp/t if [ -s /tmp/t ]; then echo " -- ERRORS found in /var/log/bigbluebutton/* -- " cat /tmp/t echo fi if [ -d $SERVLET_LOGS ]; then rm -rf /tmp/t $SUDO grep --directories=skip Exception $SERVLET_LOGS/* | grep -v CacheExceptionHandlerFactory > /tmp/t if [ -s /tmp/t ]; then echo " -- Exceptions found in $SERVLET_LOGS/ -- " cat /tmp/t echo fi fi rm -rf /tmp/t if [ -s /var/log/nginx/error.log ]; then cat /var/log/nginx/error.log | grep -v "/fcs/ident2" > /tmp/t if [ -s /tmp/t ]; then echo " -- Errors found in /var/log/nginx/error.log -- " cat /tmp/t echo fi fi if [ $DISTRIB_ID == "Ubuntu" ]; then rm -rf /tmp/t $SUDO grep --directories=skip -i exception /var/log/syslog > /tmp/t if [ -s /tmp/t ]; then echo " -- Errors found in /var/log/syslog -- " cat /tmp/t echo fi fi rm -rf /tmp/t if [ -d /var/log/bigbluebutton ]; then $SUDO grep --directories=skip ERROR /var/log/bigbluebutton/* > /tmp/t if [ -s /tmp/t ]; then echo " -- Errors found in /var/log/bigbluebutton -- " cat /tmp/t echo fi fi rm -rf /tmp/t if [ -d /var/log/bigbluebutton ]; then $SUDO grep --directories=skip -i exception /var/log/bigbluebutton/* > /tmp/t if [ -s /tmp/t ]; then echo " -- Exceptions found in /var/log/bigbluebutton -- " cat /tmp/t echo fi fi # # Additional checks for record and playback # if [ -f /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml ]; then bbb-record --check fi exit 0 fi # if asked to print the version that's all we do if [ -n "$HOST" ]; then need_root # # Update configuration for BigBlueButton web app # echo "Assigning $HOST for web application URL in $BBB_WEB_ETC_CONFIG" if [ -f "$BBB_WEB_ETC_CONFIG" ] && grep "bigbluebutton.web.serverURL" "$BBB_WEB_ETC_CONFIG" > /dev/null ; then change_var_value "$BBB_WEB_ETC_CONFIG" bigbluebutton.web.serverURL "$PROTOCOL://$HOST" else echo "bigbluebutton.web.serverURL=$PROTOCOL://$HOST" > "$BBB_WEB_ETC_CONFIG" fi if ! grep -q server_names_hash_bucket_size /etc/nginx/nginx.conf; then $SUDO sed -i "s/gzip on;/gzip on;\n server_names_hash_bucket_size 64;/g" /etc/nginx/nginx.conf fi # # Update bbb-apps-akka # echo "Assigning $HOST for web application URL in /etc/bigbluebutton/bbb-apps-akka.conf" if [ -f /etc/bigbluebutton/bbb-apps-akka.conf ]; then sed -i "s/bbbWebAPI[ ]*=[ ]*\"[^\"]*\"/bbbWebAPI=\"${PROTOCOL}:\/\/$HOST\/bigbluebutton\/api\"/g" \ /etc/bigbluebutton/bbb-apps-akka.conf # Fix to ensure bbb-apps-akka.conf has the latest shared secret SECRET=$(get_bbb_web_config_value securitySalt) sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" \ /etc/bigbluebutton/bbb-apps-akka.conf fi # # Update api demos # if [ -f ${TOMCAT_DIR}/webapps/demo/bbb_api_conf.jsp ]; then echo "Assigning $HOST for api demos in ${TOMCAT_DIR}/webapps/demo/bbb_api_conf.jsp" $SUDO sed -i "s/BigBlueButtonURL = \"http[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/BigBlueButtonURL = \"$PROTOCOL:\/\/$HOST\2/g" \ ${TOMCAT_DIR}/webapps/demo/bbb_api_conf.jsp fi if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then echo "Assigning $HOST for LTI integration in ${LTI_DIR}/WEB-INF/classes/lti-config.properties" # We don't wat to guess on http/https as the lti endpoint may be a different BigBlueButton server sed -i "s/bigbluebuttonURL=http:\/\/.*/bigbluebuttonURL=http:\/\/$HOST\/bigbluebutton/g" \ ${LTI_DIR}/WEB-INF/classes/lti-config.properties sed -i "s/bigbluebuttonURL=https:\/\/.*/bigbluebuttonURL=https:\/\/$HOST\/bigbluebutton/g" \ ${LTI_DIR}/WEB-INF/classes/lti-config.properties sed -i "s/ltiEndPoint=.*/ltiEndPoint=$HOST/g" \ ${LTI_DIR}/WEB-INF/classes/lti-config.properties fi if [ -f /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml ]; then echo "Assigning $HOST for record and playback in /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml" change_yml_value /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml playback_host $HOST fi if [ -f /usr/local/bigbluebutton/bbb-webhooks/config/default.yml ]; then echo "Assigning $HOST for webhooks in /usr/local/bigbluebutton/bbb-webhooks/config/default.yml" change_yml_value /usr/local/bigbluebutton/bbb-webhooks/config/default.yml serverDomain $HOST fi echo -n "Assigning $HOST for playback of recordings: " for metadata in $(find /var/bigbluebutton/published /var/bigbluebutton/unpublished -name metadata.xml); do echo -n "." # Ensure we update both types of URLs sed -i "//{s/http:\/\/\([^\"\/]*\)\/playback\/$type\([^<]\)/http:\/\/$HOST\/playback\/$type\2/g}" $metadata sed -i "//{s/https:\/\/\([^\"\/]*\)\/playback\/$type\([^<]\)/https:\/\/$HOST\/playback\/$type\2/g}" $metadata sed -i "//{s/http:\/\/\([^\"\/]*\)\/playback\/$type\([^<]\)/http:\/\/$HOST\/playback\/$type\2/g}" $metadata sed -i "//{s/https:\/\/\([^\"\/]*\)\/playback\/$type\([^<]\)/https:\/\/$HOST\/playback\/$type\2/g}" $metadata sed -i "//{s/http:\/\/\([^\"\/]*\)\/podcast\/$type\([^<]\)/http:\/\/$HOST\/podcast\/$type\2/g}" $metadata sed -i "//{s/https:\/\/\([^\"\/]*\)\/podcast\/$type\([^<]\)/https:\/\/$HOST\/podcast\/$type\2/g}" $metadata sed -i "//{s/http:\/\/\([^\"\/]*\)\/notes\/$type\([^<]\)/http:\/\/$HOST\/notes\/$type\2/g}" $metadata sed -i "//{s/https:\/\/\([^\"\/]*\)\/notes\/$type\([^<]\)/https:\/\/$HOST\/notes\/$type\2/g}" $metadata sed -i "//{s/http:\/\/\([^\"\/]*\)\/recording\/$type\([^<]\)/htts:\/\/$HOST\/recording\/$type\2/g}" $metadata sed -i "//{s/https:\/\/\([^\"\/]*\)\/recording\/$type\([^<]\)/https:\/\/$HOST\/recording\/$type\2/g}" $metadata # # Update thumbnail links # sed -i "s/\"\([^\"]*\)\"\(http[s]*\):\/\/[^\/]*\/\(.*\)/\"\3\"\4:\/\/$HOST\/\5/g" $metadata done echo # # Update HTML5 client # if [ -f $HTML5_CONFIG_OLD ]; then WS=$(cat $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties | grep -v '#' | sed -n '/^bigbluebutton.web.serverURL/{s/.*=//;p}' | sed 's/https/wss/g' | sed s'/http/ws/g') sed -i "s|\"wsUrl.*|\"wsUrl\": \"$WS/bbb-webrtc-sfu\",|g" $HTML5_CONFIG_OLD fi if [ -f $HTML5_DEFAULT_CONFIG ]; then yq w -i $HTML5_DEFAULT_CONFIG public.kurento.wsUrl "wss://$HOST/bbb-webrtc-sfu" yq w -i $HTML5_DEFAULT_CONFIG public.note.url "$PROTOCOL://$HOST/pad" chown meteor:meteor $HTML5_DEFAULT_CONFIG #if [ -f $KURENTO_CONFIG ]; then # yq w -i $KURENTO_CONFIG kurento[0].url "ws://$HOST:8888/kurento" # chown bigbluebutton:bigbluebutton $KURENTO_CONFIG #fi fi # # Update ESL passwords in three configuration files # ESL_PASSWORD=$(cat /etc/bigbluebutton/bbb-fsesl-akka.conf | grep password | head -n 1 | sed 's/.*="//g' | sed 's/"//g') if [ "$ESL_PASSWORD" == "ClueCon" ]; then ESL_PASSWORD=$(openssl rand -hex 8) sudo sed -i "s/ClueCon/$ESL_PASSWORD/g" /etc/bigbluebutton/bbb-fsesl-akka.conf fi sudo yq w -i /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml freeswitch.esl_password "$ESL_PASSWORD" sudo xmlstarlet edit --inplace --update 'configuration/settings//param[@name="password"]/@value' --value $ESL_PASSWORD /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml echo "Restarting the BigBlueButton $BIGBLUEBUTTON_RELEASE ..." stop_bigbluebutton update_gstreamer echo start_bigbluebutton exit 0 fi if [ $RESTART ]; then need_root check_configuration echo "Restarting BigBlueButton $BIGBLUEBUTTON_RELEASE ..." stop_bigbluebutton update_gstreamer start_bigbluebutton check_state fi if [ $CLEAN ]; then need_root check_configuration echo "Restarting BigBlueButton $BIGBLUEBUTTON_RELEASE (and cleaning out all log files) ..." stop_bigbluebutton update_gstreamer # # Clean log files # echo " ... cleaning log files" rm -f /var/log/bigbluebutton/*.log rm -f /opt/freeswitch/var/log/freeswitch/*.log rm -f /opt/freeswitch/var/log/freeswitch/*.log.* # # Clean out the log files for record and playback # rm -f /var/log/bigbluebutton/bbb-rap-worker.log* rm -f /var/log/bigbluebutton/bbb-rap-resque.log* rm -f /var/log/bigbluebutton/archive.log* if [ -d /var/log/bigbluebutton/html5 ]; then rm -f /var/log/bigbluebutton/html5/* fi if [ -d /var/log/bigbluebutton/podcast ]; then rm -f /var/log/bigbluebutton/podcast/* fi if [ -d /var/log/bigbluebutton/presentation ]; then rm -f /var/log/bigbluebutton/presentation/* fi if [[ $SERVLET_LOGS ]]; then rm -rf $SERVLET_LOGS/* fi # Check if we are storing HTML5 logs in the server HTML5_SERVER_LOG=0 if [[ -f /var/log/nginx/html5-client.log ]]; then HTML5_SERVER_LOG=1 fi rm -rf /var/log/nginx/* # Revert HTML5 client logs to their original permissions if [ $HTML5_SERVER_LOG ]; then touch /var/log/nginx/html5-client.log chown www-data:adm /var/log/nginx/html5-client.log chmod 640 /var/log/nginx/html5-client.log fi if [ -d /var/log/bbb-fsesl-akka ]; then rm -f /var/log/bbb-fsesl-akka/* fi if [ -d /var/log/bbb-apps-akka ]; then rm -f /var/log/bbb-apps-akka/* fi if [ -d /var/log/bbb-webrtc-sfu ]; then rm -f /var/log/bbb-webrtc-sfu/* fi if [ -d /var/log/redis ]; then rm -f /var/log/redis/* fi if [ -d /var/log/mongodb ]; then rm -f /var/log/mongodb/* fi if [ -d /var/log/kurento-media-server ]; then rm -f /var/log/kurento-media-server/* fi start_bigbluebutton check_state fi if [ $NETWORK ]; then netstat -ant | egrep ":80|:443\ " | egrep -v ":::|0.0.0.0" > /tmp/t_net REMOTE=$(cat /tmp/t_net | cut -c 45-68 | cut -d ":" -f1 | sort | uniq) if [ "$REMOTE" != "" ]; then echo -e "netstat\t\t\t80\t443" for IP in $REMOTE ; do PORT_80=$(cat /tmp/t_net | grep :80 | cut -c 45-68 | cut -d ":" -f1 | grep $IP | wc -l ) PORT_443=$(cat /tmp/t_net | grep :443 | cut -c 45-68 | cut -d ":" -f1 | grep $IP | wc -l ) echo -e "$IP\t\t$PORT_80\t$PORT_443" done fi rm /tmp/t_net fi if [ $WATCH ]; then need_root watch -n 2 "top -n 1 -b | head -n 5; echo; bbb-conf --network; bbb-conf --debug" fi