Table des matières

VROOM

This page is obsolete. Please see the new documentation page instead here: https://vroom.fws.fr/documentation

Intro

VROOM (short for Video ROOM) is a simple to use and opensource (MIT licence) video conferencing application. It's based on several other softwares, most notably the super SimpleWebRTC lib.

Description

VROOM uses the latest WebRTC technologies to allow video conferencing through a web browser without any plugin. There are several more or less similar hosted solutions available (like talky.io, appear.in, vLine.com, most of them are even quite better and more polished than VROOM, but I've found none entirely opensource, so I started this project.

The two main goals of VROOM are:

I'm in no way a developper. VROOM is the first lines of HTML/CSS/JS I ever wrote, so you might see horrors in it's code. In such a case, please, send a pull request :-)

Features

VROOM implements the following features:

VROOM is translated in french and english (but my english is approximative :-))

Demo

Better than a few screenshots, you can try it: https://vroom.fws.fr/ (no registration needed). The administration page isn't accessible on the demo, so here are a few screenshots:

The admin page lists all existing rooms

For each room, you can adjust configuration, reset passwords etc...

You can also manually delete rooms

Compatibility/Requirement

No plugin needed, you just need a modern web browser which implements WebRTC. Mozilla Firefox (tested on Linux, Windows and Android), Google Chrome (tested on Linux, Windows and Android) or Opera (only tested on Windows) should work.

Google Chrome is for now the one which will provide the best experience (and the only one able to share your screen), but Mozilla Firefox also works great (and so does Opera as it uses the same engine as Google Chrome), so just use the one you prefer

Known issues

Roadmap

Here's a list of things I'd like to add:

For a more up to date list (or if you want to add suggestions), take a look here

I want to contribute!

And you're welcome to ;-)

Just fork VROOM on Github and start hacking, then, send pull request as usual.

One area where you can easily contribute is translation. VROOM is only available in french and english for now. If you want to translate it in another language, look at the directory lib/Vroom/I18N/. You'll find one file per language. Copy one of them, eg:

cd lib/Vroom/I18N
cp -a en.pm it.pm

Then, translate all the strings, and send the resulting file (either make a PR on github, or open a bug with the new file attached)

Installation

Installation is not really straight forward for now, but this guide will help you doing so on a CentOS 7 x86_64 box. If you're using another system, you'll have to adapt the instructions.

I haven't started work on SELinux policies. For now, you need to disable SELinux for VROOM to work correctly, so edit /etc/selinux/config and set SELINUX=permissive

Get dependencies

You'll need to configure our repo to get some dependencies

cat <<'_EOF' > /etc/yum.repos.d/fws.repo
[fws]
enabled=1
baseurl=http://repo.firewall-services.com/centos/$releasever/
name=Firewall Services
gpgcheck=1
gpgkey=http://repo.firewall-services.com/RPM-GPG-KEY
enablegroups=0
 
[fws-testing]
enabled=0
baseurl=http://repo.firewall-services.com/centos-testing/$releasever/
name=Firewall Services Testing
gpgcheck=1
gpgkey=http://repo.firewall-services.com/RPM-GPG-KEY
enablegroups=0
_EOF
yum install epel-release
yum install git tar wget httpd mod_ssl openssl mariadb-server \
           'perl(Mojolicious)' 'perl(Mojolicious::Plugin::I18N)' 'perl(Mojolicious::Plugin::Mail)' \
           'perl(Crypt::SaltedHash)' 'perl(Etherpad::API)' 'perl(LWP::Protocol::https)' \
           'perl(Sesion::Token)' 'perl(Mojolicious::Plugin::Database)' 'perl(Email::Valid)' \
           'perl(Config::Simple)' 'perl(Session::Token)' 'perl(URI)'

Clone the repo

VROOM will be installed in /opt/vroom, so, let's go

cd /opt
git clone https://github.com/dani/vroom.git

Configure

Setup MySQL/MariaDB

A database will be used to store rooms configuration, we must enable the server.

systemctl enable mariadb.service
systemctl start mariadb.service

Now, lets create a new database for VROOM

mysql -uroot
CREATE DATABASE `vroom` CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON `vroom`.* TO 'vroom'@'localhost' IDENTIFIED BY 'MySuperPassw0rd';
FLUSH PRIVILEGES;

Now that we have our MySQL database (and the credentials needed to access it), lets create the tables:

mysql -uroot vroom < /opt/vroom/docs/database/schema.mysql

Setup rfc5766-turn-server

The rfc-5766-turn-server will be used both as a STUN and a TURN server. If you intend to use VROOM only from your internal network, you do not need this, but if you want your instance to be reachable (and working ;-)) from anywhere, no matter which crazy firewalls are between your peers, you need to install it.

cd /tmp
wget http://turnserver.open-sys.org/downloads/v3.2.5.5/turnserver-3.2.5.5-CentOS7-x86_64.tar.gz
tar xvzf turnserver-3.2.5.5-CentOS7-x86_64.tar.gz
yum localinstall turnserver-*/turnserver-*.rpm

this turnserver will use our database to check client credentials, so lets go:

mv /etc/turnserver/turnserver.conf /etc/turnserver/turnserver.conf.default
cat <<'EOF' > /etc/turnserver/turnserver.conf
mysql-userdb "host=localhost dbname=vroom user=vroom password=MySuperPassw0rd connect_timeout=5"
verbose
syslog
fingerprint
lt-cred-mech
no-sslv2
no-sslv3
no-tcp
no-udp
tls-listening-port 5349
alt-tls-listening-port 3478
no-loopback-peers
no-multicast-peers
realm vroom
cert /etc/turnserver/cert.pem
pkey /etc/turnserver/key.pem
proc-user turnserver
proc-group turnserver
EOF
  • An SSL certificate is needed for everything to work correctly and securely (/etc/turnserver/cert.pem and /etc/turnserver/key.pem in this example)
  • Both key and certificate must be readable by turnserver user and/or group
  • You can comment no-tcp, no-udp and alt-tls-listening-port if you want to test without encryption
  • If you have intermediate(s) CA, you have to put them in the cert.pem file, but after your certificate

Now, lets start and enable it

systemctl enable turnserver
systemctl start turnserver

You can check it's working with

journalctl -fl -u turnserver.service
Configuration of your firewall is out of scope for this doc, but you have to ensure the following ports are open:
  • TCP 3478, 3479, 5349, 5350 and 49152 to 65535
  • UDP 3478, 3479, 5349, 5350 and 49152 to 65535

A quick note on how to open the correct port with firewalld:

firewall-cmd --add-port 80/tcp \
             --add-port 443/tcp \
             --add-port 3478/tcp \
             --add-port 3479/tcp \
             --add-port 5349/tcp \
             --add-port 5350/tcp \
             --add-port 49152-65535/tcp
firewall-cmd --add-port 3478/udp \
             --add-port 3479/udp \
             --add-port 5349/udp \
             --add-port 5350/udp \
             --add-port 49152-65535/udp
firewall-cmd --permanent \
             --add-port 80/tcp \
             --add-port 443/tcp \
             --add-port 3478/tcp \
             --add-port 3479/tcp \
             --add-port 5349/tcp \
             --add-port 5350/tcp \
             --add-port 49152-65535/tcp
firewall-cmd --permanent \
             --add-port 3478/udp \
             --add-port 3479/udp \
             --add-port 5349/udp \
             --add-port 5350/udp \
             --add-port 49152-65535/udp

Setup Apache

Two sample apache config are provided in the conf directory:

Copy the config you want in /etc/httpd/conf.d/

cp /opt/vroom/conf/httpd_alias.conf /etc/httpd/conf.d/vroom.conf
You'll probably want to check this configuration and adapt it to your need

We also need to enable mod_proxy_ws:

echo "LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so" \
 > /etc/httpd/conf.modules.d/00-proxy_ws.conf

Once everything is OK, you just have to enable and start apache:

systemctl enable httpd
systemctl start httpd

Setup VROOM

Now, we just need to configure vroom itself. Just copy the sample conf file:

cp /opt/vroom/conf/settings.ini.dist /opt/vroom/conf/settings.ini

And adapt it to your need. This file is quite small and contains comments, so you should find your way ;-)

The realm key in [turn] section of the config file must match the realm setting in /etc/turnserver/turnserver.conf

Then, enable and start vroom daemon

cp /opt/vroom/docs/systemd/vroom.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable vroom
systemctl start vroom

Admin Interface

The admin interface is available on /admin. There's no internal authentication: you must configure apache to restrict access to this location if you don't want everyone to be able to manage your rooms. The default sample configuration will just restrict it to localhost, without auth. You can, and should configure a basic auth or similar (I use LemonLDAP::NG for this on the demo instance)

Etherpad-Lite integration

You don't have to run etherpad-lite on the same server as VROOM itself. The only requirement is that vroom can reach etherpad API. Here're the steps needed if you want to deploy etherpad-lite on the same box:

yum groupinstall "Development Tools"
useradd etherpad
cd /opt
git clone https://github.com/ether/etherpad-lite.git
chown -R etherpad:etherpad ./etherpad-lite
cp -a etherpad-lite/settings.json.template etherpad-lite/settings.json
Adapt /opt/etherpad-lite/settings.jhson to your need
mysql
CREATE DATABASE etherpad;
GRANT ALL PRIVILEGES ON etherpad.* TO 'etherpad'@'localhost' IDENTIFIED BY 'ThisIsMySQLPassw0rd';
FLUSH PRIVILEGES;

Then edit /opt/etherpad-lite/settings.json and adapt it to your need, especially the DB settings.

Now, create a systemd unit:

cat <<'_EOF' > /etc/systemd/system/etherpad.service
[Unit]
Description=Run Etherpad-lite, the collaborative editor.
After=syslog.target network.target
 
[Service]
Type=simple
ExecStart=/opt/etherpad-lite/bin/run.sh 2>$1 < /dev/null
Restart=on-failure
StandardOutput=syslog
SyslogIdentifier=Etherpad-Lite
User=etherpad
Group=etherpad
 
[Install]
WantedBy=multi-user.target
_EOF
systemctl daemon-reload
systemctl enable etherpad
systemctl start etherpad

And uncomment the corresponding lines in your httpd configuration

1)
only available in Google Chrome for now