Enable support for Jibri

.gitignore

@@ -5,3 +5,4 @@ terraform.tfstate.backup
 *.swo
 terraform.tfvars
 *.auto.tfvars
+.DS_Store

aws/install_jibri.tpl

@@ -0,0 +1,76 @@
+echo "Starting to install Jibri" >> /debug.txt
+export JIBRI_AUTH_PASSWORD="${jibri_auth_password}"
+export JIBRI_RECORDER_PASSWORD="${jibri_recorder_password}"
+echo "Jibri password: $JIBRI_AUTH_PASSWORD $JIBRI_RECORDER_PASSWORD" >> /debug.txt
+
+# Install generic linux packages for sound
+apt install -y linux-generic >> /debug.txt
+
+# Configure ALSA Module
+echo "options snd-aloop enable=1,1,1,1,1 index=0,1,2,3,4" > /etc/modprobe.d/alsa-loopback.conf
+echo "snd-aloop" >> /etc/modules
+
+# Install Chrome
+curl -sS -o - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add >> /debug.txt
+echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list
+apt-get -y update >> /debug.txt
+apt-get -y install google-chrome-stable >> /debug.txt
+mkdir -p /etc/opt/chrome/policies/managed
+echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' >>/etc/opt/chrome/policies/managed/managed_policies.json
+
+# Install ChromeDriver
+CHROME_DRIVER_VERSION="$(curl -4LS chromedriver.storage.googleapis.com/LATEST_RELEASE)"
+wget -N http://chromedriver.storage.googleapis.com/$CHROME_DRIVER_VERSION/chromedriver_linux64.zip -P ~/ >> /debug.txt
+apt install -y unzip >> /debug.txt
+unzip ~/chromedriver_linux64.zip -d ~/ >> /debug.txt
+rm ~/chromedriver_linux64.zip
+mv -f ~/chromedriver /usr/local/bin/chromedriver
+chown root:root /usr/local/bin/chromedriver
+chmod 0755 /usr/local/bin/chromedriver
+
+# Install miscellaneous required tools
+apt install -y ffmpeg curl alsa-utils icewm xdotool xserver-xorg-input-void xserver-xorg-video-dummy >> /debug.txt
+
+# Install Jibri
+apt install -y jibri >> /debug.txt
+systemctl enable jibri
+usermod -aG adm,audio,video,plugdev jibri
+
+# Configure Jicofo for Jibri
+cat <<~SIP >> /etc/jitsi/jicofo/sip-communicator.properties
+org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
+[email protected].$HOSTNAME
+~SIP
+
+# Configure Jitsi Meet to enable streaming and recording controls
+sed -e 's/\/\/ liveStreamingEnabled: .*,/liveStreamingEnabled: true,/' -e "s/\/\/ fileRecordingsEnabled: .*,/fileRecordingsEnabled: true, hiddenDomain: 'recording.$HOSTNAME',/" -i /etc/jitsi/meet/$HOSTNAME-config.js
+
+# Configure Jibri
+sed -e '/"username".*$/d' -e '/"password".*$/d' -e "s/prod.xmpp.host.net/$HOSTNAME/g" -e "s/\"auth.xmpp.domain\",/\"auth.$HOSTNAME\", \"username\": \"jibri\", \"password\": \"$JIBRI_AUTH_PASSWORD\"/g" -e "s/internal.auth.xmpp.domain/internal.auth.$HOSTNAME/g" -e "s/\"recorder.xmpp.domain\",/\"recorder.$HOSTNAME\", \"username\": \"recorder\", \"password\": \"$JIBRI_RECORDER_PASSWORD\"/g" -e 's/\/path\/to\/finalize_recording.sh/\/usr\/share\/jitsi-meet\/scripts\/finalize_recording.sh/g' -e "s/\"xmpp\.domain\"/\"$HOSTNAME\"/" -i /etc/jitsi/jibri/config.json
+
+# Set up a finalize script
+echo "#!/bin/bash" > /usr/share/jitsi-meet/scripts/finalize_recording.sh
+chmod +x /usr/share/jitsi-meet/scripts/finalize_recording.sh
+
+# Set GRUB to load linux-generic at boot
+sed -e 's/GRUB_DEFAULT=0/GRUB_DEFAULT="1>2"/' -i /etc/default/grub
+update-grub
+
+# Configure prosody
+echo "Configuring prosody for Jibri" >> /debug.txt
+PROSODY_CONF_FILE="/etc/prosody/conf.d/$HOSTNAME.cfg.lua"
+echo "Prosody Config: $PROSODY_CONF_FILE" >> /debug.txt
+cat <<~ENDOFVHOST >> $PROSODY_CONF_FILE
+
+VirtualHost "recorder.$HOSTNAME"
+    modules_enabled = {
+        "ping";
+    }
+    authentication = "internal_plain"
+~ENDOFVHOST
+sed -e "s/Component \"internal.auth.$HOSTNAME\" \"muc\"/&\n    muc_room_cache_size = 1000/" -i $PROSODY_CONF_FILE
+
+echo "Setting Jibri users" >> /debug.txt
+prosodyctl --config /etc/prosody/prosody.cfg.lua register jibri auth.$HOSTNAME $JIBRI_AUTH_PASSWORD >> /debug.txt
+prosodyctl --config /etc/prosody/prosody.cfg.lua register recorder recorder.$HOSTNAME $JIBRI_RECORDER_PASSWORD >> /debug.txt
+

aws/install_jitsi.tpl

@@ -38,9 +38,9 @@ cat /etc/resolv.conf >> /debug.txt
 whoami >> /debug.txt
 cat /etc/hosts >> /debug.txt
 # Install Jitsi
-apt install -y jitsi-meet &>> /debug.txt
+apt install -y jitsi-meet >> /debug.txt
 # letsencrypt
-echo $EMAIL | /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh &>> /debug.txt
+echo $EMAIL | /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh >> /debug.txt
 
 PROSODY_CONF_FILE=/etc/prosody/conf.d/$HOSTNAME.cfg.lua
 sed -e 's/authentication \= "anonymous"/authentication \= "internal_plain"/' -i $PROSODY_CONF_FILE
@@ -54,11 +54,14 @@ sed -e "s/\/\/ anonymousdomain: .*$/anonymousdomain: 'guest.$HOSTNAME',/" -i /et
 
 echo "org.jitsi.jicofo.auth.URL=XMPP:$HOSTNAME" >> /etc/jitsi/jicofo/sip-communicator.properties
 
+# Enable local STUN server
+sed -e "s/org\.ice4j\.ice\.harvest\.STUN_MAPPING_HARVESTER_ADDRESSES=.*/org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=$HOSTNAME:4446/" -i /etc/jitsi/videobridge/sip-communicator.properties
+
 echo "Enabling Moderator credentials for $ADMIN_USER" >> /debug.txt
 prosodyctl --config /etc/prosody/prosody.cfg.lua register $ADMIN_USER $HOSTNAME $ADMIN_PASSWORD
 
-prosodyctl restart &>> /debug.txt
-/etc/init.d/jitsi-videobridge2 restart &>> /debug.txt
-/etc/init.d/jicofo restart &>> /debug.txt
+${jibri_installation_script}
 
 echo "Setup completed" >> /debug.txt
+echo "Rebooting..." >> /debug.txt
+reboot

aws/main.tf

@@ -3,13 +3,22 @@ provider "aws" {
   region  = var.aws_region
 }
 
+data "template_file" "install_jibri" {
+  template = "${file("install_jibri.tpl")}"
+  vars = {
+    jibri_auth_password     = random_id.jibriauthpass.hex
+    jibri_recorder_password = random_id.jibrirecorderpass.hex
+  }
+}
+
 data "template_file" "install_script" {
   template = "${file("install_jitsi.tpl")}"
   vars = {
-    email_address  = "${var.email_address}"
-    admin_username = "${var.admin_username}"
-    admin_password = "${var.admin_password}"
-    domain_name    = "${random_id.server_id.hex}.${var.parent_subdomain}"
+    email_address             = "${var.email_address}"
+    admin_username            = "${var.admin_username}"
+    admin_password            = "${var.admin_password}"
+    domain_name               = "${random_id.server_id.hex}.${var.parent_subdomain}"
+    jibri_installation_script = var.enable_recording_streaming ? data.template_file.install_jibri.rendered : "echo \"Jibri installation is disabled\" >> /debug.txt"
   }
 }
 
@@ -45,6 +54,12 @@ resource "aws_instance" "jitsi" {
   }
 }
 
+resource "random_id" "jibriauthpass" {
+  byte_length = 8
+}
+resource "random_id" "jibrirecorderpass" {
+  byte_length = 8
+}
 resource "random_id" "server_id" {
   byte_length = 4
 }
@@ -109,6 +124,29 @@ resource "aws_security_group" "allow_connections_jitsi-meet" {
     protocol    = "udp"
     cidr_blocks = ["0.0.0.0/0"]
   }
+  ingress {
+    from_port   = 4446
+    to_port     = 4446
+    protocol    = "udp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 4446
+    to_port     = 4446
+    protocol    = "udp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  dynamic "egress" {
+    for_each = var.enable_recording_streaming ? [1] : []
+    content {
+      from_port   = 1935
+      to_port     = 1935
+      protocol    = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+    }
+  }
+
   tags = {
     Name = "allow_connections_jitsi-meet"
   }

aws/variables.tf

@@ -43,3 +43,9 @@ variable "parent_subdomain" {
   description = "Parent domain/subdomain. Server will be hosted at https://<UUIDv4>.parent_subdomain"
   type        = string
 }
+
+variable "enable_recording_streaming" {
+  description = "Enables recording and streaming capability with Jibri"
+  type        = bool
+  default     = false
+}