#!/bin/bash
#
# BlueButton open source conferencing system - https://www.bigbluebutton.org/
#
# Copyright (c) 2020 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see .
#
# Author(s):
# Fred Dixon
# Sebastian Schneider
# Ghazi Triki
#
# Changelog:
# 2009-10-18 FFD Initial Version
# 2009-11-05 FFD Updated for 0.62
# 2009-12-09 FFD Updated for 0.63
# 2009-12-11 FFD Added ability to switch conference servers
# 2009-12-12 FFD Added cleaning and watching of log files
# 2010-01-05 FFD Added zipping of log files
# 2010-01-18 FFD Added resetting of environment back to using packages
# 2010-03-02 JRT Added trunk checkout options / fixed bbb-apps instructions
# 2010-04-02 FFD Updated for 0.64
# 2010-06-21 SEB Cleaned up some code / Updated for 0.70
# 2010-06-25 SEB Added ability to change the security secret
# 2010-06-30 SEB Added some extra error checking
# 2010-07-06 SEB Added more error checking and report messages
# 2010-09-15 FFD Updates for 0.71-dev
# 2010-10-16 FFD Updates for 0.71-beta
# 2010-11-06 FFD Added logic to ensure red5 shuts down
# 2010-12-12 FFD Fixed bug #778
# 2010-12-12 FFD Added support for Intalio VM
# 2010-02-28 FFD Fixed #834
# 2011-06-26 FFD Updates for 0.8
# 2012-01-14 FFD Testing the development environment for 0.8
# 2012-02-22 FFD Updates to development environment
# 2012-04-27 FFD Added sum of version numbers in --check
# 2013-02-03 FFD Updated for changes to parameters for 0.81 in bigbluebutton-sip.properties
# 2013-11-07 FFD Finished 0.81
# 2014-01-13 FFD Working on updates for 0.9.0
# 2014-03-10 GUG Enable WebRTC
# 2015-03-12 FFD Added start/stop of HTML5 server
# 2016-01-13 FFD Updates for 1.0
# 2016-02-28 FFD Updates to support HTTPS configuration
# 2016-05-28 FFD Initial updates for 1.1-dev
# 2016-08-15 GTR Archive more logs with zip option and show more applications with status
# 2016-10-17 GTR Added redis to checked server components & added ownership check for video and freeswitch recording directories
# 2017-04-08 FFD Cleanup for 1.1-beta
# 2018-11-22 MNE Dynamically detect if sudo is needed
# 2018-12-09 GTR More logs cleanup
# 2019-02-08 GTR Updates for 2.2 after extracting bbb-web to a standalone server application
# 2019-03-14 FFD Refactoring and cleanup for 2.2
# 2019-05-14 FFD Added more checks for configuration issues
# 2019-07-08 GTR Set IP for all recording formats
# 2019-10-31 GTR Set IP and shared secret for bbb-webhooks
# 2019-11-09 GTR Keep HTML5 client logs permissions when cleaning logs
# 2020-05-20 NJH Add port 443 to --Network and clean up tmp file.
# 2020-06-23 JFS Remove defaultGuestPolicy warning for HTML5 client
# 2020-10-22 AGG Removing Flash/Red5 related code (yay!)
# 2021-07-16 JFS Add defaultMeetingLayout information
#set -x
#set -e
PATH=$PATH:/sbin
if [[ "$(id -u)" != "0" ]]; then
if [[ -x "$(which sudo)" ]]; then
SUDO="$(which sudo)"
else
echo "bbb-conf must be ran as root!" && exit 1
fi
fi
if [[ ! -f /etc/bigbluebutton/bigbluebutton-release ]]; then
echo
echo "# BigBlueButton does not appear to be installed. Could not"
echo "# locate: /etc/bigbluebutton/bigbluebutton-release"
echo
exit 1
fi
# Load the content of the file as variables
source /etc/bigbluebutton/bigbluebutton-release
#
# Figure out our environment (Debian vs. CentOS)
#
if [ -f /etc/centos-release ] || [ -f /etc/system-release ]; then
DISTRIB_ID=centos
TOMCAT_USER=tomcat
TOMCAT_DIR=/var/lib/$TOMCAT_USER
SERVLET_LOGS=/usr/share/tomcat/logs
REDIS_SERVICE=redis.service
else
. /etc/lsb-release # Get value for DISTRIB_ID
if [ "$DISTRIB_CODENAME" == "focal" ]; then
TOMCAT_USER=tomcat9
fi
TOMCAT_DIR=/var/lib/$TOMCAT_USER
SERVLET_LOGS=$TOMCAT_DIR/logs
REDIS_SERVICE=redis-server
fi
# Common to Ubuntu and CentOS
FREESWITCH_VARS=/opt/freeswitch/etc/freeswitch/vars.xml
FREESWITCH_EXTERNAL=/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml
FREESWITCH_PID=/opt/freeswitch/var/run/freeswitch/freeswitch.pid
FREESWITCH_EVENT_SOCKET=/opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
FREESWITCH_SWITCH_CONF=/opt/freeswitch/etc/freeswitch/autoload_configs/switch.conf.xml
LTI_DIR=/usr/share/bbb-lti
if [ -f /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties ]; then
SERVLET_DIR=/usr/share/bbb-web
fi
get_properties_value() {
key="$1"
file="$2"
if [[ -f $file ]]; then
val=$(grep "^$key" "$file"| cut -d = -f 2-)
echo "$val"
return 0
fi
return 1
}
get_bbb_web_config_value() {
key="$1"
val="$(get_properties_value "$key" "$BBB_WEB_ETC_CONFIG")"
if [[ -n $val ]]; then
echo "$val"
return 0
fi
val="$(get_properties_value "$key" "$BBB_WEB_CONFIG")"
if [[ -n $val ]]; then
echo "$val"
return 0
fi
return 1
}
RECORD_CONFIG=/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml
HTML5_DEFAULT_CONFIG=/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
HTML5_ETC_CONFIG=/etc/bigbluebutton/bbb-html5.yml
if [ -f $HTML5_ETC_CONFIG ]; then
HTML5_CONFIG=$(yq m -x $HTML5_DEFAULT_CONFIG $HTML5_ETC_CONFIG)
else
HTML5_CONFIG=$(yq r $HTML5_DEFAULT_CONFIG)
fi
WEBRTC_SFU_DEFAULT_CONFIG=/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml
WEBRTC_SFU_ETC_CONFIG=/etc/bigbluebutton/bbb-webrtc-sfu/production.yml
if [ -f $WEBRTC_SFU_ETC_CONFIG ]; then
# -a overwrite: merges arrays by replacement (yq 3.4+, like the override)
WEBRTC_SFU_CONFIG=$(yq m -a overwrite -x $WEBRTC_SFU_DEFAULT_CONFIG $WEBRTC_SFU_ETC_CONFIG)
else
WEBRTC_SFU_CONFIG=$(yq r $WEBRTC_SFU_DEFAULT_CONFIG)
fi
BBB_WEB_CONFIG="$SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties"
BBB_WEB_ETC_CONFIG="/etc/bigbluebutton/bbb-web.properties"
NGINX_IP=$(cat /etc/nginx/sites-available/bigbluebutton | grep -v '#' | sed -n '/server_name/{s/.*server_name[ ]*//;s/;//;p}' | cut -d' ' -f1 | head -n 1)
SIP_CONFIG=/usr/share/bigbluebutton/nginx/sip.nginx
SIP_NGINX_IP=$(cat $SIP_CONFIG | grep -v '#' | sed -n '/proxy_pass/{s/.*proxy_pass http[s]*:\/\///;s/:.*//;p}' | head -n 1)
NCPU=$(nproc --all)
BBB_USER=bigbluebutton
if [ $EUID == 0 ]; then
TURN=$SERVLET_DIR/WEB-INF/classes/spring/turn-stun-servers.xml
TURN_ETC_CONFIG=/etc/bigbluebutton/turn-stun-servers.xml
if [ -f "$TURN_ETC_CONFIG" ]; then
TURN=$TURN_ETC_CONFIG
fi
STUN="$(xmlstarlet sel -N x="http://www.springframework.org/schema/beans" -t -m '_:beans/_:bean[@class="org.bigbluebutton.web.services.turn.StunTurnService"]/_:property[@name="stunServers"]/_:set/_:ref' -v @bean -nl $TURN)"
fi
PROTOCOL=http
if [ -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; then
SERVER_URL=$(get_bbb_web_config_value bigbluebutton.web.serverURL | sed -n '{s/.*\///;p}')
if get_bbb_web_config_value bigbluebutton.web.serverURL | grep -q https; then
PROTOCOL=https
fi
fi
#
# We're going to give ^bigbluebutton.web.logoutURL a default value (if undefined) so bbb-conf does not give a warning
#
if [ -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; then
if [ -z "$(get_bbb_web_config_value bigbluebutton.web.logoutURL)" ]; then
echo "bigbluebutton.web.logoutURL=default" >> $BBB_WEB_ETC_CONFIG
fi
fi
#
# Determine IP so it works on multilingual installations
#
### duplicated code: see deb-helper.sh and apply-lib.sh
if [ -e "/sys/class/net/venet0:0" ]; then
# IP detection for OpenVZ environment
_dev="venet0:0"
else
_dev=$(awk '$2 == 00000000 { print $1 }' /proc/net/route | head -1)
fi
_ips=$(LANG=C ip -4 -br address show dev "$_dev" | awk '{ $1=$2=""; print $0 }')
_ips=${_ips/127.0.0.1\/8/}
read -r IP _ <<< "$_ips"
IP=${IP/\/*} # strip subnet provided by ip address
if [ -z "$IP" ]; then
read -r IP _ <<< "$(hostname -I)"
fi
#
# Calculate total memory on this server
#
MEM=$(grep MemTotal /proc/meminfo | awk '{print $2}')
MEM=$((MEM/1000))
#
# Check if the function has a value and, if not, print an error message
# $1 -- name of value
# $2 -- location of value
# $3 -- value to check
#
check_no_value() {
if [ -z $3 ]; then
echo "# Tried to check $1 in"
echo "# $2"
echo "# but value is empty."
exit 1
fi
}
check_file() {
if [ ! -f $1 ]; then
echo "# File does not exist: $1"
fi
}
print_header() {
if [ ! $HEADER ]; then
echo
echo "# Potential problems described below"
HEADER=1
fi
}
need_root() {
if [ $EUID != 0 ]; then
echo "Need to be root to run this option"
exit 1
fi
}
usage() {
echo "BigBlueButton Configuration Utility - Version $BIGBLUEBUTTON_RELEASE"
echo
echo " bbb-conf [options]"
echo
echo "Configuration:"
echo " --version Display BigBlueButton version (packages)"
echo " --setip Set IP/hostname for BigBlueButton"
echo " --setsecret Change the shared secret in /etc/bigbluebutton/bbb-web.properties"
echo " --set-port-range MIN-MAX Change UDP port range used for audio/video/screenshare"
echo
echo "Monitoring:"
echo " --check Check configuration files and processes for problems"
echo " --debug Scan the log files for error messages"
echo " --watch Scan the log files for error messages every 2 seconds"
echo " --network View network connections on 80, 443 and 1935 by IP address. 1935 is deprecated. You will need to modify bbb-conf if you have custom ports."
echo " --secret View the URL and shared secret for the server"
echo " --lti View the URL and secret for LTI (if installed)"
echo
echo "Administration:"
echo " --restart Restart BigBlueButton"
echo " --stop Stop BigBlueButton"
echo " --start Start BigBlueButton"
echo " --clean Restart and clean all log files"
echo " --status Display running status of components"
echo " --zip Zip up log files for reporting an error"
echo
}
# utility function to make a copy of the conf file
check_and_backup () {
# can we write to the configuration file?
if [ ! -w $1 ]; then
echo "Cannot write to $1!"
exit 1
fi
# let's see if we need a copy
if [ "$TO_BACKUP" = "Y" ]; then
cp $1 $1.bak
TO_BACKUP="N"
fi
}
# 3 paramenter: the file, the variable name, the new value
change_var_value () {
check_and_backup $1
sed -i "s<^[[:blank:]#]*\(${2}\).*<\1=${3}<" $1
}
# same as change_var_value but with quotes
change_var_salt() {
check_and_backup $1
sed -i "s<^[[:blank:]#]*\(${2}\).*<\1="${3}"<" $1
}
# comment lines matching $2 ($1 is the file)
comment () {
check_and_backup $1
sed -i "s<^[[:blank:]]*\(${2}.*\)<#\1<" $1
}
change_yml_value () {
sed -i "s<^\([[:blank:]#]*\)\(${2}\): .*<\1\2: ${3}<" $1
}
# comment lines matching $2 ($1 is the file)
uncomment () {
check_and_backup $1
sed -i "s<^[#[:blank:]]*\(${2}.*\)<\1<" $1
}
stop_bigbluebutton () {
echo "Stopping BigBlueButton"
if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then
TOMCAT_SERVICE=$TOMCAT_USER
systemctl stop $TOMCAT_SERVICE
fi
systemctl stop bigbluebutton.target
}
start_bigbluebutton () {
#
# Apply any local configuration options (if exists)
#
if [ -x /etc/bigbluebutton/bbb-conf/apply-config.sh ]; then
echo
echo "Applying updates in /etc/bigbluebutton/bbb-conf/apply-config.sh: "
/etc/bigbluebutton/bbb-conf/apply-config.sh
echo
fi
if [ -f /opt/freeswitch/var/log/freeswitch/freeswitch.log ]; then
if grep -q "Failure to connect to CORE_DB sofia_reg_external" /opt/freeswitch/var/log/freeswitch/freeswitch.log; then
# See: https://docs.bigbluebutton.org/install/install.html#freeswitch-fails-to-bind-to-ipv4
echo "Clearing the FreeSWITCH database."
rm -rf /opt/freeswitch/var/lib/freeswitch/db/*
fi
fi
echo "Reloading NginX configuration"
systemctl reload nginx
echo "Starting BigBlueButton"
if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then
TOMCAT_SERVICE=$TOMCAT_USER
[ -z "$TOMCAT_SERVICE" ] || systemctl start $TOMCAT_SERVICE || {
echo
echo "# Warning: $TOMCAT_SERVICE could not be started. Please, check BBB-LTI."
echo "# Run the command:"
echo "# sudo journalctl -u $TOMCAT_SERVICE"
echo "# To better understand the ERROR"
}
fi
systemctl restart bigbluebutton.target
if [ -f /usr/lib/systemd/system/bbb-html5.service ]; then
systemctl start mongod
sleep 3
systemctl start bbb-html5
fi
}
display_bigbluebutton_status () {
units="nginx freeswitch $REDIS_SERVICE bbb-apps-akka bbb-fsesl-akka"
if [ -d $TOMCAT_DIR ]; then
units="$units $TOMCAT_USER"
fi
if [ -f /usr/lib/systemd/system/bbb-html5.service ]; then
units="$units mongod bbb-html5 bbb-webrtc-sfu kurento-media-server"
for i in `seq 8888 8890`; do
# check if multi-kurento setup is configured
if [ -f /usr/lib/systemd/system/kurento-media-server-${i}.service ]; then
if systemctl is-enabled kurento-media-server-${i}.service > /dev/null; then
units="$units kurento-media-server-${i}"
fi
fi
done
source /usr/share/meteor/bundle/bbb-html5-with-roles.conf
if [ -f /etc/bigbluebutton/bbb-html5-with-roles.conf ]; then
source /etc/bigbluebutton/bbb-html5-with-roles.conf
fi
for ((i = 1 ; i <= $NUMBER_OF_BACKEND_NODEJS_PROCESSES; i++)); do
units="$units bbb-html5-backend@$i"
done
for ((i = 1; i <= $NUMBER_OF_FRONTEND_NODEJS_PROCESSES; i++)); do
units="$units bbb-html5-frontend@$i"
done
fi
if [ -f /usr/share/etherpad-lite/settings.json ]; then
units="$units etherpad"
fi
if [ -f /usr/lib/systemd/system/bbb-web.service ]; then
units="$units bbb-web"
fi
if [ -f /usr/lib/systemd/system/bbb-webhooks.service ]; then
units="$units bbb-webhooks"
fi
if [ -f /usr/lib/systemd/system/bbb-lti.service ]; then
units="$units bbb-lti"
fi
if [ -f /usr/lib/systemd/system/bbb-pads.service ]; then
units="$units bbb-pads"
fi
if [ -f /usr/lib/systemd/system/bbb-export-annotations.service ]; then
units="$units bbb-export-annotations"
fi
if [ -f /usr/lib/systemd/system/bbb-rap-caption-inbox.service ]; then
units="$units bbb-rap-caption-inbox"
fi
if [ -f /usr/lib/systemd/system/bbb-rap-resque-worker.service ]; then
units="$units bbb-rap-resque-worker"
fi
if [ -f /usr/lib/systemd/system/bbb-rap-starter.service ]; then
units="$units bbb-rap-starter"
fi
if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then
TOMCAT_SERVICE=$TOMCAT_USER
fi
line='——————————————————————►'
for unit in $units; do
status=$(systemctl is-active "$unit")
if [ "$status" = "active" ]; then
printf "%s %s [✔ - $status]\n" $unit "${line:${#unit}}"
else
printf "%s %s [✘ - $status]\n" $unit "${line:${#unit}}"
fi
done
}
if [ $# -eq 0 ]; then
usage
exit 1
fi
# Parse the parameters
while [ $# -gt 0 ]; do
if [ "$1" = "-stop" -o "$1" = "--stop" ]; then
need_root
stop_bigbluebutton
exit 0
fi
if [ "$1" = "-start" -o "$1" = "--start" ]; then
need_root
start_bigbluebutton
exit 0
fi
if [ "$1" = "-check" -o "$1" = "--check" -o "$1" = "-c" ]; then
CHECK=1
shift;shift
continue
fi
if [ "$1" = "--version" -o "$1" = "-version" -o "$1" = "-v" ]; then
VERSION=1
shift
continue
fi
if [ "$1" = "--debug" -o "$1" = "-debug" -o "$1" = "-d" ]; then
DEBUG=1
shift
continue
fi
if [ "$1" = "--clean" -o "$1" = "-clean" ]; then
CLEAN=1
shift
continue
fi
if [ "$1" = "--watch" -o "$1" = "-watch" -o "$1" = "-w" ]; then
WATCH=1
shift
continue
fi
if [ "$1" = "--network" -o "$1" = "-network" -o "$1" = "-n" ]; then
NETWORK=1
shift
continue
fi
if [ "$1" = "--zip" -o "$1" = "-zip" -o "$1" = "-z" ]; then
ZIP=1
shift
continue
fi
if [ "$1" = "--status" -o "$1" = "-status" ]; then
display_bigbluebutton_status
exit 0
fi
if [ "$1" = "--restart" -o "$1" = "-restart" ]; then
RESTART=1
shift
continue
fi
#
# all other parameters requires at least 1 argument
#
if [ "$1" = "-setip" -o "$1" = "--setip" ]; then
HOST="${2}"
if [ -z "$HOST" ]; then
echo "HOST IP=$IP"
fi
if echo $HOST|grep -q ":"; then
HOST=$(echo ${2}|cut -d: -f1)
fi
shift; shift
continue
fi
if [ "$1" = "--set-port-range" ]; then
PORT_RANGE="${2}"
shift; shift
continue
fi
if [ "$1" = "--salt" -o "$1" = "-salt" -o "$1" = "--setsalt" -o "$1" = "--secret" -o "$1" = "-secret" -o "$1" = "--setsecret" ]; then
SECRET="${2}"
if [ -z "$SECRET" ]; then
BBB_WEB_URL=$(get_bbb_web_config_value bigbluebutton.web.serverURL)
SECRET=$(get_bbb_web_config_value securitySalt)
echo
echo " URL: $BBB_WEB_URL/bigbluebutton/"
echo " Secret: $SECRET"
echo
echo " Link to the API-Mate:"
echo " https://mconf.github.io/api-mate/#server=$BBB_WEB_URL/bigbluebutton/&sharedSecret=$SECRET"
echo
exit 0
fi
shift; shift
continue
fi
if [ "$1" = "--lti" -o "$1" = "-lti" ]; then
if [ -z "$SECRET" ]; then
if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
LTI_URL="${PROTOCOL}://"$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiEndPoint/{s/^.*=//;p}')'/lti/tool'
CUSTOMER=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiConsumer/{s/^.*=//;s/:.*//p}')
SECRET=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiConsumer/{s/^[^:]*://;p}')
echo
echo " URL: $LTI_URL"
echo " Customer: $CUSTOMER"
echo " Secret: $SECRET"
echo
ICON_URL=$( echo $LTI_URL | sed 's/tool/images\/icon.ico/')
echo " Icon URL: $ICON_URL"
echo
echo
exit 0
fi
fi
shift; shift
continue
fi
usage
exit 1
done
print_bigbluebutton_version() {
echo
if [ $DISTRIB_ID == "centos" ]; then
echo "BigBlueButton Server $BIGBLUEBUTTON_RELEASE ($(rpm -qa | grep bbb | grep -v bbb-lti | grep -v bbb-redis | grep -v bbb-tomcat | grep -v freeswitch | sed 's/.*[0-9].[0-9].[0-9]-//g' | sed 's/\..*//g' | awk '{ sum+=$1} END {print sum}'))"
else
echo "BigBlueButton Server $BIGBLUEBUTTON_RELEASE ($(dpkg -l | grep bbb | grep -v bbb-lti | sed -n '/[0-9].[0-9].[0-9]-/{s/.*[0-9].[0-9].[0-9]-//;s/;//;p}' | awk '{ sum+=$1} END {print sum}'))"
fi
}
#
# Version
#
if [[ $VERSION ]]; then
print_bigbluebutton_version
echo
dpkg -l | grep bbb
exit 0
fi
#
# Set Shared Secret
#
if [[ $SECRET ]]; then
need_root
echo "Assigning secret in $BBB_WEB_ETC_CONFIG"
if [ -f "$BBB_WEB_ETC_CONFIG" ] && grep "^securitySalt" "$BBB_WEB_ETC_CONFIG" > /dev/null ; then
change_var_value "$BBB_WEB_ETC_CONFIG" securitySalt "$SECRET"
else
echo "securitySalt=$SECRET" >> "$BBB_WEB_ETC_CONFIG"
fi
if [ -f /usr/local/bigbluebutton/bbb-webhooks/config/default.yml ]; then
change_yml_value /usr/local/bigbluebutton/bbb-webhooks/config/default.yml sharedSecret $SECRET
fi
if [ -f /usr/local/bigbluebutton/bbb-webhooks/extra/post_catcher.js ]; then
sed -i "s|\(^[ \t]*var shared_secret[ =]*\)[^;]*|\1\"$SECRET\"|g" /usr/local/bigbluebutton/bbb-webhooks/extra/post_catcher.js
fi
if [ -f /etc/bigbluebutton/bbb-apps-akka.conf ]; then
sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" /etc/bigbluebutton/bbb-apps-akka.conf
fi
if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
sed -i "s/bigbluebuttonSalt=.*/bigbluebuttonSalt=$SECRET/g" ${LTI_DIR}/WEB-INF/classes/lti-config.properties
fi
echo
echo "BigBlueButton's shared secret is now $SECRET"
echo
echo "You must restart BigBlueButton for the changes to take effect"
echo
echo " $SUDO bbb-conf --restart"
echo
echo
fi
#
# Set Port Range
#
if [[ $PORT_RANGE ]]; then
if [[ "$PORT_RANGE" =~ ^([[:digit:]]+)-([[:digit:]]+)$ ]]; then
START_PORT=${BASH_REMATCH[1]}
END_PORT=${BASH_REMATCH[2]}
need_root
xmlstarlet edit --inplace --update '/configuration/settings/param[@name="rtp-start-port"]/@value' --value $START_PORT $FREESWITCH_SWITCH_CONF
xmlstarlet edit --inplace --update '/configuration/settings/param[@name="rtp-end-port"]/@value' --value $END_PORT $FREESWITCH_SWITCH_CONF
sed -i "s/minPort=.*/minPort=$START_PORT/" /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini
sed -i "s/maxPort=.*/maxPort=$END_PORT/" /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini
mkdir -p $(dirname $WEBRTC_SFU_ETC_CONFIG)
touch $WEBRTC_SFU_ETC_CONFIG
yq w -i $WEBRTC_SFU_ETC_CONFIG mediasoup.worker.rtcMinPort $START_PORT
yq w -i $WEBRTC_SFU_ETC_CONFIG mediasoup.worker.rtcMaxPort $END_PORT
echo
echo "BigBlueButton's UDP port range is now $START_PORT-$END_PORT"
echo
echo "You must restart BigBlueButton for the changes to take effect"
echo
echo " $SUDO bbb-conf --restart"
echo
echo
else
echo
echo "Warning: --set-port-range requires a numerical port range (default is 16384-32768)"
echo
echo "Port range remains unchanged"
echo
fi
fi
check_configuration() {
#
# Check that freeswtich ESL matches the value in bigbluebutton.properties
#
if [ -f $FREESWITCH_EVENT_SOCKET ]; then
FREESWITCH_ESL_IP=$(cat $FREESWITCH_EVENT_SOCKET | grep 'name="listen-ip"' | cut -d\" -f4 | awk '{print $1}')
check_no_value event_socket $FREESWITCH_EVENT_SOCKET $FREESWITCH_ESL_IP
fi
#
# Check if BigBlueButton is defined in Nginx
#
if [ ! -L /etc/nginx/sites-enabled/bigbluebutton ]; then
echo "# Nginx: BigBlueButton appears to be disabled"
echo " - no symbolic link in /etc/nginx/sites-enabled/bigbluebutton to /etc/nginx/sites-available/bigbluebutton "
fi
#
# Look for properties with no values set
#
CONFIG_FILES="$SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties"
ignore_configs_args=()
ignore_configs_args+=(-e "redis.pass")
ignore_configs_args+=(-e "redisPassword")
ignore_configs_args+=(-e "disabledFeatures")
for file in $CONFIG_FILES ; do
if [ ! -f $file ]; then
echo "# Error: File not found: $file"
else
if cat $file | grep -v "${ignore_configs_args[@]}" | grep -v ^# | grep -q "^[^=]*=[ ]*$"; then
echo "# The following properties in $file have no value:"
echo "# $(grep '^[^=#]*=[ ]*$' $file | grep -v "${ignore_configs_args[@]}" | sed 's/=//g')"
fi
fi
done
VARFolder="$(get_bbb_web_config_value imageMagickDir)"
if [ ! -x $VARFolder/convert ]; then
echo "# ImageMagick's convert is not installed in $VARFolder"
fi
#
# Check if the IP resolves to a different host
#
check_no_value server_name /etc/nginx/sites-available/bigbluebutton $NGINX_IP
if which host > /dev/null 2>&1; then
HOSTS=$(which host)
if [ $HOSTS ]; then
HOSTS=$($HOSTS $NGINX_IP | awk '{ print $4 }' | head -n 1)
fi
fi
BBB_SECRET="$(get_bbb_web_config_value securitySalt)"
if [ -f /usr/lib/systemd/system/bbb-webhooks.service ]; then
WEBHOOKS_CONF=/usr/local/bigbluebutton/bbb-webhooks/config/default.yml
WEBHOOKS_SECRET=$(yq r $WEBHOOKS_CONF bbb.sharedSecret)
if [ "$BBB_SECRET" != "$WEBHOOKS_SECRET" ]; then
echo "# Warning: Webhooks API Shared Secret mismatch: "
echo "# ${SERVLET_DIR}/WEB-INF/classes/bigbluebutton.properties = $BBB_SECRET"
echo "# $WEBHOOKS_CONF = $WEBHOOKS_SECRET"
echo
fi
WEBHOOKS_PROXY_PORT=$(cat /usr/share/bigbluebutton/nginx/webhooks.nginx | grep -v '#' | grep '^[ \t]*proxy_pass[ \t]*' | sed 's|.*http[s]\?://[^:]*:\([^;]*\);.*|\1|g')
WEBHOOKS_APP_PORT=$(yq r $WEBHOOKS_CONF server.port)
if [ "$WEBHOOKS_PROXY_PORT" != "$WEBHOOKS_APP_PORT" ]; then
echo "# Warning: Webhooks port mismatch: "
echo "# /usr/share/bigbluebutton/nginx/webhooks.nginx = $WEBHOOKS_PROXY_PORT"
echo "# $WEBHOOKS_CONF = $WEBHOOKS_APP_PORT"
echo
fi
fi
if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
LTI_SECRET=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | tr -d '\r' | sed -n '/^bigbluebuttonSalt/{s/.*=//;p}')
if [ "$LTI_SECRET" != "$BBB_SECRET" ]; then
echo "# Warning: LTI shared secret mismatch:"
echo "# ${LTI_DIR}/WEB-INF/classes/lti-config.properties = $LTI_SECRET"
echo "# ${SERVLET_DIR}/WEB-INF/classes/bigbluebutton.properties = $BBB_SECRET"
echo
fi
fi
SIP_PROTOCOL=$(cat /usr/share/bigbluebutton/nginx/sip.nginx | grep -v \# | sed -n '/proxy_pass/{s/.*proxy_pass [ ]*//;s/:.*//;p}' | head -n 1)
if [[ $SIP_PROTOCOL == "https" ]]; then
if ! grep wss-binding $FREESWITCH_EXTERNAL > /dev/null; then
echo "# Warning: Websockets is using HTTPS in /usr/share/bigbluebutton/nginx/sip.nginx"
echo "# but no definition for wss-binding found in "
echo "#"
echo "# $FREESWITCH_EXTERNAL"
echo
fi
fi
if [ "$(ls -ld /var/freeswitch/meetings | cut -d' ' -f3)" != "freeswitch" ]; then
echo "# Warning: Detected the directory"
echo "# /var/freeswitch/meetings"
echo "# is not owned by freeswitch"
fi
if [ "$(ls -ld /var/bigbluebutton | cut -d' ' -f3)" != $BBB_USER ]; then
echo "# Warning: Detected the directory"
echo "# /var/bigbluebutton"
echo "# is not owned by $BBB_USER"
fi
CHECK_STUN=$(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]' -v @data $FREESWITCH_VARS | sed 's/external_rtp_ip=stun://g')
if [ "$CHECK_STUN" == "stun.freeswitch.org" ]; then
echo
echo "# Warning: Detected FreeSWITCH is using default stun.freeswitch.org server. See"
echo "#"
echo "# https://docs.bigbluebutton.org/support/troubleshooting#freeswitch-using-default-stun-server"
echo "#"
echo
fi
if ! which ufw > /dev/null 2>&1; then
echo
echo "# Warning: No firewall detected. Recommend using setting up a firewall for your server"
echo "#"
echo "# https://docs.bigbluebutton.org/administration/firewall-configuration"
echo "#"
echo
fi
}
check_state() {
echo
print_header
check_configuration
#
# Check for potential problems in the BigBlueButton configuration
#
RUNNING_APPS=""
NOT_RUNNING_APPS=""
if [[ -a $FREESWITCH_PID ]]; then
if ! ps aux | grep -v grep | grep '[/]opt/freeswitch/bin/freeswitch' > /dev/null; then
print_header
NOT_RUNNING_APPS="${NOT_RUNNING_APPS} freeswitch"
else
RUNNING_APPS="${RUNNING_APPS} freeswitch"
fi
fi
if ! ps aux | grep -v grep | grep '[/]usr/sbin/nginx' > /dev/null; then
print_header
NOT_RUNNING_APPS="${NOT_RUNNING_APPS} Nginx"
else
RUNNING_APPS="${RUNNING_APPS} Nginx"
fi
if ! ss -ant | grep '8090' > /dev/null; then
print_header
if [ ! -z "$TOMCAT_SERVICE" ]; then
NOT_RUNNING_APPS="${NOT_RUNNING_APPS} ${TOMCAT_USER} or grails"
fi
else
if ps aux | ps -aef | grep -v grep | grep grails | grep run-app > /dev/null; then
print_header
RUNNING_APPS="${RUNNING_APPS} Grails"
echo "# ${TOMCAT_USER}: noticed you are running grails run-app instead of ${TOMCAT_USER}"
else
if [ ! -z "$TOMCAT_SERVICE" ]; then
RUNNING_APPS="${RUNNING_APPS} ${TOMCAT_USER}"
fi
fi
fi
if ! ps aux | grep -v grep | grep '[/]usr/[s]*bin/redis-server' > /dev/null; then
print_header
NOT_RUNNING_APPS="${NOT_RUNNING_APPS} redis-server"
else
RUNNING_APPS="${RUNNING_APPS} redis-server"
fi
if [ "$NOT_RUNNING_APPS" != "" ]; then
echo "# Not running: ${NOT_RUNNING_APPS}"
fi
#
# Check if running development environment
#
if ! grep 8090 /usr/share/bigbluebutton/nginx/web.nginx > /dev/null; then
echo "# Warning: nginx is not serving BigBlueButton's web application"
echo "# from port 8090"
echo "#"
echo "# (This is OK if you have setup a development environment.) "
echo
fi
#
# Check FreeSWITCH
#
if grep -q "Thread ended for mod_event_socket" /opt/freeswitch/var/log/freeswitch/freeswitch.log; then
echo
echo "# Error: Found text in freeswitch.log:"
echo "#"
echo "# Thread ended for mod_event_socket"
echo "#"
echo "# FreeSWITCH may not be responding to requests on port 8021 (event socket layer)"
echo "# and users may have errors joining audio."
echo "#"
fi
#
# Check FreeSWITCH
#
ESL_PASSWORD=$(xmlstarlet sel -t -m 'configuration/settings/param[@name="password"]' -v @value /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml)
if ! echo "/quit" | /opt/freeswitch/bin/fs_cli -p $ESL_PASSWORD - > /dev/null 2>&1; then
echo
echo "#"
echo "# Error: Unable to connect to the FreeSWITCH Event Socket Layer on port 8021"
echo "#"
fi
#
# Check for required external commands
#
COMMANDS="ruby gem pdftocairo"
for cmd in $COMMANDS ; do
if ! which $cmd > /dev/null 2>&1; then
echo "# $cmd command not found"
fi
done
#
# Check if ffmpeg is installed, and whether it is a supported version
#
FFMPEG_VERSION=$(ffmpeg -version 2>/dev/null | grep ffmpeg | cut -d ' ' -f3 | sed 's/--.*//g' | tr -d '\n')
case "$FFMPEG_VERSION" in
4.*.*)
# This is the current supported version; OK.
;;
'')
echo "# Warning: No ffmpeg version was found on the system"
echo "# Recording processing will not function"
echo
;;
*)
echo "# Warning: The installed ffmpeg version '${FFMPEG_VERSION}' is not recommended."
echo "# Recommend you update to the 4.0.x version of ffmpeg. To upgrade, do the following"
echo "#"
echo "# $SUDO apt-get install software-properties-common"
echo "# $SUDO add-apt-repository ppa:jonathonf/ffmpeg-4"
echo "# $SUDO apt-get update"
echo "# $SUDO apt-get dist-upgrade"
echo "#"
echo
;;
esac
#
# Check that the servlet container has started properly and has created log files
#
if [ -d $TOMCAT_DIR ]; then
if [ -z "$(ls -A $SERVLET_LOGS)" ]; then
echo "# empty directory: $SERVLET_LOGS contains no logs"
fi
fi
#
# Check if the user is running their own bbb-web
#
if grep -q 8888 /usr/share/bigbluebutton/nginx/web.nginx; then
if ! ss -ant | grep '8888' > /dev/null; then
echo "# Warning: There is no application server listening to port 8888."
echo
fi
fi
#
# Check if the local server can access the API. This is a common problem when setting up BigBlueButton behind
# a firewall
#
BBB_WEB="$(get_bbb_web_config_value bigbluebutton.web.serverURL|sed -n '{s/.*\///;p}')"
check_no_value server_name /etc/nginx/sites-available/bigbluebutton $BBB_WEB
COUNT=0
while [ $COUNT -lt 80 ]; do
let COUNT=COUNT+1
timeout 1s curl -sS $PROTOCOL://$BBB_WEB/bigbluebutton/api | grep -q SUCCESS
if [ $? -eq 0 ]; then
let COUNT=80
else
echo -n "."
sleep 1
fi
done
echo
if ! curl -sS $PROTOCOL://$BBB_WEB/bigbluebutton/api | grep -q SUCCESS; then
echo "# Error: Could not connect to the configured hostname/IP address"
echo "#"
echo "# $PROTOCOL://$BBB_WEB/"
echo "#"
echo "# If your BigBlueButton server is behind a firewall, see FAQ."
echo
fi
VARS_IP=$(cat $FREESWITCH_VARS | sed -n '/"local_ip_v4/{s/.*local_ip_v4=//;s/".*//;p}')
if [[ "$VARS_IP" != "127.0.0.1" ]] && [[ "$VARS_IP" != "auto" ]]; then
if [ "$VARS_IP" != $IP ]; then
echo "# Warning: The setting of $VARS_IP for local_ip_v4 in"
echo "#"
echo "# $FREESWITCH_VARS"
echo "#"
echo "# does not match the local IP address ($IP)."
echo "# (This is OK if you've manually changed the values)"
echo
fi
fi
if (( $MEM < 3940 )); then
echo "# Warning: You are running BigBlueButton on a server with less than 4G of memory. Your"
echo "# performance may suffer."
echo
fi
BBB_WEB="$(get_bbb_web_config_value bigbluebutton.web.serverURL)"
if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
LTI_URL="${PROTOCOL}://"$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiEndPoint/{s/^.*=//;p}')'/lti/tool'
echo "# Warning: The IMS Learning Tools Integration (LTI) is accessible from:"
echo "#"
echo "# $LTI_URL"
echo "#"
echo "# To get the access parameters for LTI, run the command"
echo "#"
echo "# bbb-conf --lti"
echo
fi
DEFAULT_PDF="$(get_bbb_web_config_value beans.presentationService.defaultUploadedPresentation)"
if echo $DEFAULT_PDF | grep -q "bigbluebutton.web.serverURL"; then
if ! echo "$BBB_WEB$(echo $DEFAULT_PDF | sed 's/${bigbluebutton.web.serverURL}//g')" | xargs curl -sS >/dev/null; then
echo "# Error: Unable to reach default URL for presentation:"
echo "#"
echo "# $BBB_WEB$(echo $DEFAULT_PDF | sed 's/${bigbluebutton.web.serverURL}//g')"
echo "#"
echo "# Check value for beans.presentationService.defaultUploadedPresentation in"
echo "# $BBB_WEB_CONFIG and $BBB_WEB_ETC_CONFIG"
fi
else
if ! echo "$DEFAULT_PDF" | xargs curl -sS >/dev/null; then
echo "# Error: Unable to reach default URL for presentation"
echo "#"
echo "# $DEFAULT_PDF"
echo "#"
echo "# Check value for beans.presentationService.defaultUploadedPresentation in"
echo "# $BBB_WEB_CONFIG and $BBB_WEB_ETC_CONFIG"
fi
fi
if [ "$(cat /etc/bigbluebutton/bbb-apps-akka.conf | sed -n '/sharedSecret.*/{s/[^"]*"//;s/".*//;p}')" == "changeme" ]; then
BBB_WEB_IP="$(get_bbb_web_config_value bigbluebutton.web.serverURL|sed -n '{s/.*\///;p}')"
echo "# Error: Detected that /etc/bigbluebutton/bbb-apps-akka.conf has the default"
echo "# configuration values. To update, run"
echo "#"
echo "# $SUDO bbb-conf --setip $BBB_WEB_IP"
echo "#"
fi
if bbb-conf --status | grep -q inactive; then
if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then
TOMCAT_SERVICE=$TOMCAT_USER
if bbb-conf --status | grep -q inactive | grep -q $TOMCAT_SERVICE; then
echo "# Warning: $TOMCAT_SERVICE is not started correctly"
echo "#"
fi
fi
if bbb-conf --status | grep inactive; then
echo "# Error: Detected some processes have not started correctly"
echo "#"
echo "# $(bbb-conf --status | grep inactive)"
echo "#"
fi
fi
if systemctl status freeswitch | grep -q SETSCHEDULER; then
echo "# Error: FreeSWITCH failed to start with SETSCHEDULER error, see"
echo "#"
echo "# https://docs.bigbluebutton.org/support/troubleshooting#freeswitch-fails-to-start-with-a-setscheduler-error"
echo "#"
fi
NCPU=$(nproc --all)
if [ "$NCPU" -lt "4" ]; then
echo "# Warning: found only $NCPU cores, whereas this server should have (at least) 4 CPU cores"
echo "# to run BigBlueButton in production."
echo "#"
echo "# https://docs.bigbluebutton.org/administration/install#minimum-server-requirements"
echo "#"
fi
if [ "$(echo "$HTML5_CONFIG" | yq r - public.media.sipjsHackViaWs)" != "true" ]; then
if [ "$PROTOCOL" == "https" ]; then
if ! cat $SIP_CONFIG | grep -v '#' | grep proxy_pass | head -n 1 | grep -q https; then
echo "# Warning: You have this server defined for https, but in"
echo "#"
echo "# $SIP_CONFIG"
echo "#"
echo "# did not find the use of https in definition for proxy_pass"
echo "#"
echo "# $(cat $SIP_CONFIG | grep -v '#' | grep proxy_pass | head -n 1)"
echo "#"
fi
if [ "$SIP_NGINX_IP" != $IP ]; then
if [ "$SIP_NGINX_IP" != "\$freeswitch_addr" ]; then
echo "# Warning: The setting of $SIP_NGINX_IP for proxy_pass in"
echo "#"
echo "# /usr/share/bigbluebutton/nginx/sip.nginx"
echo "#"
echo "# does not match the local IP address ($IP)."
echo "# (This is OK if you've manually changed the values)"
echo
fi
fi
if ! cat $SIP_CONFIG | grep -v '#' | grep proxy_pass | head -n 1 | grep -q 7443; then
echo
echo "# Warning: You have this server defined for https, but in"
echo "#"
echo "# $SIP_CONFIG"
echo "#"
echo "# did not find the use of port 7443 in definition for proxy_pass"
echo "#"
echo "# $(cat $SIP_CONFIG | grep -v '#' | grep proxy_pass | head -n 1)"
echo "#"
fi
fi
fi
CHECK="$(get_bbb_web_config_value securitySalt|sha1sum |cut -d' ' -f1)"
if [ "$CHECK" == "55b727b294158a877212570c3c0524c2b902a62c" ]; then
echo
echo "#"
echo "# Warning: Detected you have the default shared secret. You MUST change your shared"
echo "# secret NOW for BigBlueButton to finish starting up. Do either"
echo "#"
echo "# sudo bbb-conf --setsecret "
echo "#"
echo "# or, to have openssl generate a strong secret for you (recommended)"
echo "#"
echo "# sudo bbb-conf --setsecret \$(openssl rand -base64 32 | sed 's/=//g' | sed 's/+//g' | sed 's/\///g')"
echo "#"
echo "# Be sure to update any integrations with the new shared secret."
echo "#"
systemctl stop bbb-web
exit 1
fi
if ! systemctl show-environment | grep LANG= | grep -q UTF-8; then
echo
echo "#"
echo "# Warning: Detected that systemctl does not define a UTF-8 language."
echo "#"
echo "# To temporarily correct, run the command "
echo "#"
echo "# sudo systemctl set-environment LANG=en_US.UTF-8"
echo "#"
echo "# See https://docs.bigbluebutton.org/administration/install#pre-installation-checks"
echo "#"
fi
if [ "$(stat -c "%U %G" /var/bigbluebutton)" != "bigbluebutton bigbluebutton" ]; then
echo
echo "#"
echo "# Warning: The directory"
echo "#"
echo "# /var/bigbluebutton"
echo "#"
echo "# is not owned by bigbluebutton:bigbluebutton. To fix, run the command"
echo "#"
echo "# sudo chown -R bigbluebutton:bigbluebutton /var/bigbluebutton"
echo "#"
fi
FREESWITCH_SIP=$(ss -anlt4 | grep :5066 | grep -v tcp6 | grep LISTEN | sed 's/ [ ]*/ /g' | cut -d' ' -f4 | sed 's/:5066//g')
WEBRTC_SFU_SIP_IP=$(echo "$WEBRTC_SFU_CONFIG" | yq r - freeswitch.sip_ip)
if [ ! -z "$FREESWITCH_SIP" ]; then
if [ "$FREESWITCH_SIP" != "$WEBRTC_SFU_SIP_IP" ]; then
echo
echo "#"
echo "# bbb-webrtc-sfu will try to connect to $WEBRTC_SFU_SIP_IP but FreeSWITCH is listening on $FREESWITCH_SIP for port 5066"
echo "#"
echo "# To fix, run the commands"
echo "#"
echo "# sudo yq w -i /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml freeswitch.sip_ip $FREESWITCH_SIP"
echo "# sudo chown bigbluebutton:bigbluebutton /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml"
echo "#"
fi
fi
if [ ! -z "$STUN" ]; then
for i in $STUN; do
STUN_SERVER="$(xmlstarlet sel -N x="http://www.springframework.org/schema/beans" -t -m "_:beans/_:bean[@id=\"$i\"]/_:constructor-arg[@index=\"0\"]" -v @value $TURN | sed 's/stun://g')"
# stun is from the stun-client package, which is available on both bionic and focal
# stunclient is from the stuntman-client package, which is available on bionic but was removed from focal
if which stun > /dev/null 2>&1; then
# stun return codes, from its client.cxx
# low nibble: open (0), various STUN combinations (2-9), firewall (a), blocked (c), unknown (e), error (f)
# high nibble: hairpin (1)
stun $STUN_SERVER > /dev/null
if (( ($? & 0xf) > 9 )); then
echo
echo "#"
echo "# Warning: Failed to verify STUN server at $STUN_SERVER with command"
echo "#"
echo "# stun $STUN_SERVER"
echo "#"
fi
elif which stunclient > /dev/null 2>&1; then
if echo $STUN_SERVER | grep -q ':'; then
STUN_SERVER="$(echo $STUN_SERVER | sed 's/:.*//g') $(echo $STUN_SERVER | sed 's/.*://g')"
else
STUN_SERVER="$STUN_SERVER 3478"
fi
if stunclient $STUN_SERVER | grep -q "fail\|Unable\ to\ resolve"; then
echo
echo "#"
echo "# Warning: Failed to verify STUN server at $STUN_SERVER with command"
echo "#"
echo "# stunclient $STUN_SERVER"
echo "#"
fi
fi
done
fi
BBB_LOG="/var/log/bigbluebutton"
if [ "$(stat -c "%U %G" $BBB_LOG)" != "bigbluebutton bigbluebutton" ]; then
echo
echo "#"
echo "# Warning: The directory"
echo "#"
echo "# $BBB_LOG"
echo "#"
echo "# is not owned by bigbluebutton:bigbluebutton. To fix, run the command"
echo "#"
echo "# sudo chown bigbluebutton:bigbluebutton $BBB_LOG"
echo "#"
fi
BBB_LOG_FILES="$BBB_LOG/bbb-rap-worker.log $BBB_LOG/bbb-web.log $BBB_LOG/post_publish.log $BBB_LOG/sanity.log"
for log_file in $BBB_LOG_FILES; do
if [ -f "$log_file" ] && [ "$(stat -c "%U %G" $log_file)" != "bigbluebutton bigbluebutton" ]; then
echo
echo "#"
echo "# Warning: The file"
echo "#"
echo "# $log_file"
echo "#"
echo "# is not owned by bigbluebutton:bigbluebutton. To fix, run the command"
echo "#"
echo "# sudo chown bigbluebutton:bigbluebutton $log_file"
echo "#"
fi
done
if [ -d /var/lib/gems/2.5.0/cache ]; then
for gem_file in /var/lib/gems/2.5.0/cache/*; do
if [ ! -s $gem_file ]; then
echo "#"
echo "# Warning: Found a zero byte size gem file"
echo "#"
echo "# $gem_file"
echo "#"
fi
done
fi
if journalctl -u bbb-rap-* | grep -q 'Nil'; then
echo
echo "#"
echo "# Warning: found 'Nil' message in recording processing logs. Possible GEM errors"
echo "#"
echo "# https://github.com/bigbluebutton/bigbluebutton/issues/14287"
echo "#"
fi
exit 0
}
#
# Print out the status of the current setup and look for configuration issues
#
if [ $CHECK ]; then
need_root
print_bigbluebutton_version
echo " Kernel version:" $(uname -r)
if [ $DISTRIB_ID == "centos" ]; then
echo -n " Distribution: $(cat /etc/centos-release)"
else
source /etc/lsb-release
echo -n " Distribution: $DISTRIB_DESCRIPTION "
fi
if [ $(uname -m) == "x86_64" ]; then
echo "(64-bit)"
elif [ $(uname -m) == "i686" ]; then
echo "(32-bit)"
fi
echo " Memory: $MEM MB"
echo " CPU cores: $NCPU"
echo
echo "$BBB_WEB_ETC_CONFIG (override for bbb-web)"
echo "$BBB_WEB_CONFIG (bbb-web)"
echo " bigbluebutton.web.serverURL: $(get_bbb_web_config_value bigbluebutton.web.serverURL)"
echo " defaultGuestPolicy: $(get_bbb_web_config_value defaultGuestPolicy)"
echo " defaultMeetingLayout: $(get_bbb_web_config_value defaultMeetingLayout)"
echo
echo "/etc/nginx/sites-available/bigbluebutton (nginx)"
echo " server_name: $NGINX_IP"
PORT=$(cat /etc/nginx/sites-available/bigbluebutton | grep -v '#' | sed -n '/listen/{s/.*listen[ ]*//;s/;//;p}' | grep -v ssl | tr --delete '\n' | sed 's/\[/, \[/g' | sed 's/0$/0\n/g')
echo " port: $PORT"
if cat /etc/nginx/sites-available/bigbluebutton | grep -v '#' | sed -n '/listen/{s/.*listen[ ]*//;s/;//;p}' | grep ssl > /dev/null; then
echo " port: 443 ssl"
fi
echo
echo "$FREESWITCH_VARS (FreeSWITCH)"
echo " local_ip_v4: $(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "local_ip_v4=")]' -v @data $FREESWITCH_VARS | sed 's/local_ip_v4=//g')"
echo " external_rtp_ip: $(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]' -v @data $FREESWITCH_VARS | sed 's/external_rtp_ip=//g')"
echo " external_sip_ip: $(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_sip_ip=")]' -v @data $FREESWITCH_VARS | sed 's/external_sip_ip=//g')"
echo
echo "$FREESWITCH_EXTERNAL (FreeSWITCH)"
echo " ext-rtp-ip: $(xmlstarlet sel -t -m 'profile/settings/param[@name="ext-rtp-ip"]' -v @value $FREESWITCH_EXTERNAL)"
echo " ext-sip-ip: $(xmlstarlet sel -t -m 'profile/settings/param[@name="ext-sip-ip"]' -v @value $FREESWITCH_EXTERNAL)"
echo " ws-binding: $(xmlstarlet sel -t -m 'profile/settings/param[@name="ws-binding"]' -v @value $FREESWITCH_EXTERNAL)"
echo " wss-binding: $(xmlstarlet sel -t -m 'profile/settings/param[@name="wss-binding"]' -v @value $FREESWITCH_EXTERNAL)"
# awk script from https://stackoverflow.com/a/14527886/1493790
# open issue: a tool like crudini (https://stackoverflow.com/a/25513632/1493790)
# would be better for parsing ini files
echo
echo "UDP port ranges"
echo
echo " FreeSWITCH: $(xmlstarlet sel -t -m './configuration/settings/param[@name="rtp-start-port"]' -v @value $FREESWITCH_SWITCH_CONF)-$(xmlstarlet sel -t -m './configuration/settings/param[@name="rtp-end-port"]' -v @value $FREESWITCH_SWITCH_CONF)"
echo " kurento: $(awk -F '=' '{if (! ($0 ~ /^;/) && $0 ~ /minPort/) print $2}' /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini)-$(awk -F '=' '{if (! ($0 ~ /^;/) && $0 ~ /maxPort/) print $2}' /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini)"
echo " bbb-webrtc-sfu: $(echo "$WEBRTC_SFU_CONFIG" | yq r - mediasoup.worker.rtcMinPort)-$(echo "$WEBRTC_SFU_CONFIG" | yq r - mediasoup.worker.rtcMaxPort)"
# if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
# LTI_URL=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^bigbluebuttonURL/{s/.*http[s]:\/\///;s/\/.*//;p}' | tr -d '\015')
# echo
# echo "${LTI_DIR}/WEB-INF/classes/lti-config.properties (LTI integration)"
# echo " api url: $LTI_URL"
# fi
if [ -f $RECORD_CONFIG ]; then
echo
echo "$RECORD_CONFIG (record and playback)"
echo " playback_host: $(yq r $RECORD_CONFIG playback_host)"
echo " playback_protocol: $(yq r $RECORD_CONFIG playback_protocol)"
echo " ffmpeg: $(ffmpeg -version 2>/dev/null | grep ffmpeg | cut -d ' ' -f3 | sed 's/--.*//g' | tr -d '\n')"
fi
if [ -f $SIP_CONFIG ]; then
echo
echo "$SIP_CONFIG (sip.nginx)"
echo " proxy_pass: $SIP_NGINX_IP"
echo " protocol: $(cat /usr/share/bigbluebutton/nginx/sip.nginx | grep -v \# | sed -n '/proxy_pass/{s/.*proxy_pass [ ]*//;s/:.*//;p}' | head -n 1)"
fi
if [ -n "$WEBRTC_SFU_CONFIG" ]; then
MEDIASOUP_WEBRTC_IPS=$(echo "$WEBRTC_SFU_CONFIG" | yq r --printMode v - mediasoup.webrtc.listenIps.*.announcedIp)
echo
echo "/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (bbb-webrtc-sfu)"
echo "/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (bbb-webrtc-sfu - override)"
echo " mediasoup.webrtc.*.announcedIp: $(echo "$MEDIASOUP_WEBRTC_IPS" | awk -v ORS=", " '{ print $1 }' | sed 's/, $//')"
echo " mediasoup.plainRtp.*.announcedIp: $(echo "$WEBRTC_SFU_CONFIG" | yq r --printMode v - mediasoup.plainRtp.*.announcedIp)"
echo " kurento.ip: $(echo "$WEBRTC_SFU_CONFIG" | yq r - kurento[0].ip)"
echo " kurento.url: $(echo "$WEBRTC_SFU_CONFIG" | yq r - kurento[0].url)"
echo " freeswitch.sip_ip: $(echo "$WEBRTC_SFU_CONFIG" | yq r - freeswitch.sip_ip)"
echo " recordScreenSharing: $(echo "$WEBRTC_SFU_CONFIG" | yq r - recordScreenSharing)"
echo " recordWebcams: $(echo "$WEBRTC_SFU_CONFIG" | yq r - recordWebcams)"
echo " codec_video_main: $(echo "$WEBRTC_SFU_CONFIG" | yq r - conference-media-specs.codec_video_main)"
echo " codec_video_content: $(echo "$WEBRTC_SFU_CONFIG" | yq r - conference-media-specs.codec_video_content)"
fi
if [ -n "$HTML5_CONFIG" ]; then
echo
echo "/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)"
echo "/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)"
echo " build: $(echo "$HTML5_CONFIG" | yq r - public.app.html5ClientBuild)"
echo " kurentoUrl: $(echo "$HTML5_CONFIG" | yq r - public.kurento.wsUrl)"
echo " defaultFullAudioBridge: $(echo "$HTML5_CONFIG" | yq r - public.media.audio.defaultFullAudioBridge)"
echo " defaultListenOnlyBridge: $(echo "$HTML5_CONFIG" | yq r - public.media.audio.defaultListenOnlyBridge)"
echo " sipjsHackViaWs: $(echo "$HTML5_CONFIG" | yq r - public.media.sipjsHackViaWs)"
fi
if [ ! -z "$STUN" ]; then
for i in $STUN; do
echo
echo "$TURN (STUN Server)"
echo " stun: $(xmlstarlet sel -N x="http://www.springframework.org/schema/beans" -t -m "_:beans/_:bean[@id=\"$i\"]/_:constructor-arg[@index=\"0\"]" -v @value $TURN | sed 's/stun://g')"
done
fi
check_state
echo
exit 0
fi
#
# Zip log files
#
if [ $ZIP ]; then
need_root
LOG_FILE="$(date +'%Y%m%d')-$(date +%H).tar"
TMP_LOG_FILE="/tmp/$LOG_FILE"
#
# Check log files
#
rm -f "$LOG_FILE.gz"
rm -f /tmp/a
touch /tmp/empty
tar cf $TMP_LOG_FILE /tmp/empty > /dev/null 2>&1
tar rfh $TMP_LOG_FILE $SERVLET_LOGS > /dev/null 2>&1
tar rf $TMP_LOG_FILE /var/log/bigbluebutton/* > /dev/null 2>&1
tar rf $TMP_LOG_FILE /var/log/bbb-apps-akka > /dev/null 2>&1
tar rf $TMP_LOG_FILE /var/log/bbb-fsesl-akka > /dev/null 2>&1
tar rf $TMP_LOG_FILE /var/log/bbb-webrtc-sfu > /dev/null 2>&1
tar rf $TMP_LOG_FILE /var/log/kurento-media-server > /dev/null 2>&1
tar rf $TMP_LOG_FILE /var/log/mongodb > /dev/null 2>&1
tar rf $TMP_LOG_FILE /var/log/redis > /dev/null 2>&1
tar rf $TMP_LOG_FILE /var/log/nginx/error.log* > /dev/null 2>&1
tar rf $TMP_LOG_FILE /var/log/nginx/bigbluebutton.access.log* > /dev/null 2>&1
tar rfh $TMP_LOG_FILE /opt/freeswitch/var/log/freeswitch/ > /dev/null 2>&1
if [ -f /var/log/nginx/html5-client.log ]; then
tar rf $TMP_LOG_FILE /var/log/nginx/html5-client.log* > /dev/null 2>&1
fi
if [ -f /var/log/syslog ]; then
tar rf $TMP_LOG_FILE /var/log/syslog* > /dev/null 2>&1
fi
tar tf $TMP_LOG_FILE
gzip $TMP_LOG_FILE
$SUDO mv $TMP_LOG_FILE.gz /root/$LOG_FILE.gz
echo
echo " Created: /root/$LOG_FILE.gz"
echo
fi
#
# Check current setup
#
if [ $DEBUG ]; then
need_root
#
# Check log files
#
rm -rf /tmp/t
grep --directories=skip ERROR /var/log/bigbluebutton/* > /tmp/t
if [ -s /tmp/t ]; then
echo " -- ERRORS found in /var/log/bigbluebutton/* -- "
cat /tmp/t
echo
fi
rm -rf /tmp/t
grep --directories=skip Exception /var/log/bigbluebutton/* | grep -v CacheExceptionHandlerFactory > /tmp/t
if [ -s /tmp/t ]; then
echo " -- ERRORS found in /var/log/bigbluebutton/* -- "
cat /tmp/t
echo
fi
if [ -d $SERVLET_LOGS ]; then
rm -rf /tmp/t
$SUDO grep --directories=skip Exception $SERVLET_LOGS/* | grep -v CacheExceptionHandlerFactory > /tmp/t
if [ -s /tmp/t ]; then
echo " -- Exceptions found in $SERVLET_LOGS/ -- "
cat /tmp/t
echo
fi
fi
rm -rf /tmp/t
if [ -s /var/log/nginx/error.log ]; then
cat /var/log/nginx/error.log | grep -v "/fcs/ident2" > /tmp/t
if [ -s /tmp/t ]; then
echo " -- Errors found in /var/log/nginx/error.log -- "
cat /tmp/t
echo
fi
fi
if [ $DISTRIB_ID == "Ubuntu" ]; then
rm -rf /tmp/t
$SUDO grep --directories=skip -i exception /var/log/syslog > /tmp/t
if [ -s /tmp/t ]; then
echo " -- Errors found in /var/log/syslog -- "
cat /tmp/t
echo
fi
fi
rm -rf /tmp/t
if [ -d /var/log/bigbluebutton ]; then
$SUDO grep --directories=skip ERROR /var/log/bigbluebutton/* > /tmp/t
if [ -s /tmp/t ]; then
echo " -- Errors found in /var/log/bigbluebutton -- "
cat /tmp/t
echo
fi
fi
rm -rf /tmp/t
if [ -d /var/log/bigbluebutton ]; then
$SUDO grep --directories=skip -i exception /var/log/bigbluebutton/* > /tmp/t
if [ -s /tmp/t ]; then
echo " -- Exceptions found in /var/log/bigbluebutton -- "
cat /tmp/t
echo
fi
fi
#
# Additional checks for record and playback
#
if [ -f /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml ]; then
bbb-record --check
fi
exit 0
fi
# if asked to print the version that's all we do
if [ -n "$HOST" ]; then
need_root
#
# Update configuration for BigBlueButton web app
#
echo "Assigning $HOST for web application URL in $BBB_WEB_ETC_CONFIG"
if [ -f "$BBB_WEB_ETC_CONFIG" ] && grep "bigbluebutton.web.serverURL" "$BBB_WEB_ETC_CONFIG" > /dev/null ; then
change_var_value "$BBB_WEB_ETC_CONFIG" bigbluebutton.web.serverURL "$PROTOCOL://$HOST"
else
echo "bigbluebutton.web.serverURL=$PROTOCOL://$HOST" >> "$BBB_WEB_ETC_CONFIG"
fi
# Populate /etc/bigbluebutton/bbb-web.properites with the shared secret
if ! grep -q "^securitySalt" "$BBB_WEB_ETC_CONFIG"; then
echo "securitySalt=$(get_bbb_web_config_value securitySalt)" >> "$BBB_WEB_ETC_CONFIG"
fi
if ! grep -q server_names_hash_bucket_size /etc/nginx/nginx.conf; then
$SUDO sed -i "s/gzip on;/gzip on;\n server_names_hash_bucket_size 64;/g" /etc/nginx/nginx.conf
fi
#
# Update bbb-apps-akka
#
echo "Assigning $HOST for web application URL in /etc/bigbluebutton/bbb-apps-akka.conf"
if [ -f /etc/bigbluebutton/bbb-apps-akka.conf ]; then
sed -i "s/bbbWebAPI[ ]*=[ ]*\"[^\"]*\"/bbbWebAPI=\"${PROTOCOL}:\/\/$HOST\/bigbluebutton\/api\"/g" \
/etc/bigbluebutton/bbb-apps-akka.conf
# Fix to ensure bbb-apps-akka.conf has the latest shared secret
SECRET=$(get_bbb_web_config_value securitySalt)
sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" \
/etc/bigbluebutton/bbb-apps-akka.conf
fi
if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
echo "Assigning $HOST for LTI integration in ${LTI_DIR}/WEB-INF/classes/lti-config.properties"
# We don't wat to guess on http/https as the lti endpoint may be a different BigBlueButton server
sed -i "s/bigbluebuttonURL=http:\/\/.*/bigbluebuttonURL=http:\/\/$HOST\/bigbluebutton/g" \
${LTI_DIR}/WEB-INF/classes/lti-config.properties
sed -i "s/bigbluebuttonURL=https:\/\/.*/bigbluebuttonURL=https:\/\/$HOST\/bigbluebutton/g" \
${LTI_DIR}/WEB-INF/classes/lti-config.properties
sed -i "s/ltiEndPoint=.*/ltiEndPoint=$HOST/g" \
${LTI_DIR}/WEB-INF/classes/lti-config.properties
fi
if [ -f /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml ]; then
echo "Assigning $HOST for record and playback in /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml"
change_yml_value /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml playback_host $HOST
fi
if [ -f /usr/local/bigbluebutton/bbb-webhooks/config/default.yml ]; then
echo "Assigning $HOST for webhooks in /usr/local/bigbluebutton/bbb-webhooks/config/default.yml"
change_yml_value /usr/local/bigbluebutton/bbb-webhooks/config/default.yml serverDomain $HOST
fi
echo -n "Assigning $HOST for playback of recordings: "
for metadata in $(find -L /var/bigbluebutton/published /var/bigbluebutton/unpublished -name metadata.xml); do
echo -n "."
# Ensure we update both types of URLs
xmlstarlet edit --inplace --update '//link[starts-with(normalize-space(), "https://")]' --expr "concat(\"https://\", \"$HOST/\", substring-after(substring-after(., \"https://\"),\"/\"))" $metadata
xmlstarlet edit --inplace --update '//link[starts-with(normalize-space(), "http://")]' --expr "concat(\"http://\", \"$HOST/\", substring-after(substring-after(., \"http://\"),\"/\"))" $metadata
#
# Update thumbnail links
#
xmlstarlet edit --inplace --update '//images/image[starts-with(normalize-space(), "https://")]' --expr "concat(\"https://\", \"$HOST/\", substring-after(substring-after(., \"https://\"),\"/\"))" $metadata
xmlstarlet edit --inplace --update '//images/image[starts-with(normalize-space(), "http://")]' --expr "concat(\"http://\", \"$HOST/\", substring-after(substring-after(., \"http://\"),\"/\"))" $metadata
done
echo
#
# Update HTML5 client
#
if [ -f $HTML5_DEFAULT_CONFIG ]; then
yq w -i $HTML5_DEFAULT_CONFIG public.kurento.wsUrl "wss://$HOST/bbb-webrtc-sfu"
yq w -i $HTML5_DEFAULT_CONFIG public.pads.url "$PROTOCOL://$HOST/pad"
chown meteor:meteor $HTML5_DEFAULT_CONFIG
fi
#
# Update ESL passwords in three configuration files
#
ESL_PASSWORD=$(cat /etc/bigbluebutton/bbb-fsesl-akka.conf | grep password | head -n 1 | sed 's/.*="//g' | sed 's/"//g')
if [ "$ESL_PASSWORD" == "ClueCon" ]; then
ESL_PASSWORD=$(openssl rand -hex 8)
sudo sed -i "s/ClueCon/$ESL_PASSWORD/g" /etc/bigbluebutton/bbb-fsesl-akka.conf
fi
sudo yq w -i /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml freeswitch.esl_password "$ESL_PASSWORD"
sudo xmlstarlet edit --inplace --update 'configuration/settings//param[@name="password"]/@value' --value $ESL_PASSWORD /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
echo "Restarting BigBlueButton $BIGBLUEBUTTON_RELEASE ..."
stop_bigbluebutton
start_bigbluebutton
exit 0
fi
if [ $RESTART ]; then
need_root
check_configuration
echo "Restarting BigBlueButton $BIGBLUEBUTTON_RELEASE ..."
stop_bigbluebutton
start_bigbluebutton
check_state
fi
if [ $CLEAN ]; then
need_root
check_configuration
echo "Restarting BigBlueButton $BIGBLUEBUTTON_RELEASE (and cleaning out all log files) ..."
stop_bigbluebutton
#
# Clean log files
#
echo " ... cleaning log files"
rm -f /var/log/bigbluebutton/*.log
rm -f /opt/freeswitch/var/log/freeswitch/*.log
rm -f /opt/freeswitch/var/log/freeswitch/*.log.*
#
# Clean out the log files for record and playback
#
rm -f /var/log/bigbluebutton/bbb-rap-worker.log*
rm -f /var/log/bigbluebutton/bbb-rap-resque.log*
rm -f /var/log/bigbluebutton/archive.log*
if [ -d /var/log/bigbluebutton/html5 ]; then
rm -f /var/log/bigbluebutton/html5/*
fi
if [ -d /var/log/bigbluebutton/podcast ]; then
rm -f /var/log/bigbluebutton/podcast/*
fi
if [ -d /var/log/bigbluebutton/presentation ]; then
rm -f /var/log/bigbluebutton/presentation/*
fi
if [[ $SERVLET_LOGS ]]; then
rm -rf $SERVLET_LOGS/*
fi
# Check if we are storing HTML5 logs in the server
HTML5_SERVER_LOG=0
if [[ -f /var/log/nginx/html5-client.log ]]; then
HTML5_SERVER_LOG=1
fi
rm -rf /var/log/nginx/*
# Revert HTML5 client logs to their original permissions
if [ $HTML5_SERVER_LOG ]; then
touch /var/log/nginx/html5-client.log
chown www-data:adm /var/log/nginx/html5-client.log
chmod 640 /var/log/nginx/html5-client.log
fi
if [ -d /var/log/bbb-fsesl-akka ]; then
rm -f /var/log/bbb-fsesl-akka/*
fi
if [ -d /var/log/bbb-apps-akka ]; then
rm -f /var/log/bbb-apps-akka/*
fi
if [ -d /var/log/bbb-webrtc-sfu ]; then
rm -f /var/log/bbb-webrtc-sfu/*
fi
if [ -d /var/log/redis ]; then
rm -f /var/log/redis/*
fi
if [ -d /var/log/mongodb ]; then
rm -f /var/log/mongodb/*
fi
if [ -d /var/log/kurento-media-server ]; then
rm -f /var/log/kurento-media-server/*
fi
start_bigbluebutton
check_state
fi
if [ $NETWORK ]; then
ss -ant | egrep ":80|:443\ " | egrep -v ":::|0.0.0.0" > /tmp/t_net
REMOTE=$(cat /tmp/t_net | cut -c 45-68 | cut -d ":" -f1 | sort | uniq)
if [ "$REMOTE" != "" ]; then
echo -e "ss\t\t\t80\t443"
for IP in $REMOTE ; do
PORT_80=$(cat /tmp/t_net | grep :80 | cut -c 45-68 | cut -d ":" -f1 | grep $IP | wc -l )
PORT_443=$(cat /tmp/t_net | grep :443 | cut -c 45-68 | cut -d ":" -f1 | grep $IP | wc -l )
echo -e "$IP\t\t$PORT_80\t$PORT_443"
done
fi
rm /tmp/t_net
fi
if [ $WATCH ]; then
need_root
watch -n 2 "top -n 1 -b | head -n 5; echo; bbb-conf --network; bbb-conf --debug"
fi