Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente Prochaine révision Les deux révisions suivantes | ||
projets:vroom [12/02/2015 11:48] dani [Setup SignalMaster] |
projets:vroom [09/03/2015 18:34] dani [Setup SignalMaster] |
||
---|---|---|---|
Ligne 50: | Ligne 50: | ||
* VROOM appearence isn't very polished. Please, contribute if you can | * VROOM appearence isn't very polished. Please, contribute if you can | ||
- | * Google Chrome is the only browser able to share your screen. | + | * <del>Google Chrome is the only browser able to share your screen.</ |
* Not all browsers are supported, including Internet Explorer and Safari. You'll have to wait for them to add WebRTC support | * Not all browsers are supported, including Internet Explorer and Safari. You'll have to wait for them to add WebRTC support | ||
* iOS won't work, because Apple hasn't implemented WebRTC support and forbid alternative web engine on their market | * iOS won't work, because Apple hasn't implemented WebRTC support and forbid alternative web engine on their market | ||
Ligne 63: | Ligne 63: | ||
Here's a list of things I'd like to add: | Here's a list of things I'd like to add: | ||
* Enhance the general look' | * Enhance the general look' | ||
- | * More robust text chat | + | * <del>More robust text chat</ |
* < | * < | ||
* < | * < | ||
Ligne 117: | Ligne 117: | ||
<code bash> | <code bash> | ||
- | yum install git nodejs npm tar wget httpd mod_ssl openssl | + | yum install git tar wget httpd mod_ssl openssl mariadb-server \ |
' | ' | ||
' | ' | ||
- | ' | + | ' |
+ | ' | ||
</ | </ | ||
==== Clone the repo ==== | ==== Clone the repo ==== | ||
Ligne 135: | Ligne 136: | ||
=== Setup MySQL/ | === Setup MySQL/ | ||
- | A database will be used to share informations between | + | A database will be used to store rooms configuration, |
<code bash> | <code bash> | ||
systemctl enable mariadb.service | systemctl enable mariadb.service | ||
Ligne 178: | Ligne 178: | ||
mysql-userdb " | mysql-userdb " | ||
verbose | verbose | ||
+ | syslog | ||
fingerprint | fingerprint | ||
lt-cred-mech | lt-cred-mech | ||
no-sslv2 | no-sslv2 | ||
+ | no-sslv3 | ||
+ | no-tcp | ||
+ | no-udp | ||
+ | tls-listening-port 5349 | ||
+ | alt-tls-listening-port 3478 | ||
no-loopback-peers | no-loopback-peers | ||
- | realm firewall-services.com | + | no-multicast-peers |
- | cert /etc/pki/tls/ | + | realm vroom |
- | pkey /etc/pki/tls/ | + | cert /etc/turnserver/cert.pem |
+ | pkey /etc/turnserver/key.pem | ||
proc-user turnserver | proc-user turnserver | ||
proc-group turnserver | proc-group turnserver | ||
Ligne 191: | Ligne 198: | ||
<note important> | <note important> | ||
- | An SSL certificate is needed for everything to work correctly (**/etc/pki/tls/ | + | * An SSL certificate is needed for everything to work correctly |
+ | * Both key and certificate must be readable by turnserver user and/or group | ||
+ | * You can comment no-tcp, no-udp and alt-tls-listening-port if you want to test without encryption | ||
+ | * If you have intermediate(s) CA, you have to put them in the cert.pem file, but **after** your certificate | ||
</ | </ | ||
Ligne 211: | Ligne 221: | ||
* TCP 3478, 3479, 5349, 5350 and 49152 to 65535 | * TCP 3478, 3479, 5349, 5350 and 49152 to 65535 | ||
* UDP 3478, 3479, 5349, 5350 and 49152 to 65535 | * UDP 3478, 3479, 5349, 5350 and 49152 to 65535 | ||
- | </ | ||
- | === Setup SignalMaster === | + | A quick note on how to open the correct port with firewalld: |
- | + | ||
- | This daemon is a slightly modified version of [[https:// | + | |
<code bash> | <code bash> | ||
- | cd /opt/vroom/signalmaster | + | firewall-cmd --add-port 80/tcp \ |
- | npm install | + | |
- | </code> | + | |
- | + | --add-port 3479/tcp \ | |
- | Ok, now lets create a user to run this | + | --add-port 5349/tcp \ |
- | <code bash> | + | --add-port 5350/tcp \ |
- | useradd | + | --add-port 49152-65535/ |
- | </code> | + | firewall-cmd --add-port 3478/udp \ |
- | + | | |
- | Lets configure signalmaster: | + | --add-port 5349/udp \ |
- | <code bash> | + | --add-port 5350/udp \ |
- | cat <<' | + | --add-port 49152-65535/ |
- | { | + | firewall-cmd --permanent \ |
- | " | + | --add-port 80/tcp \ |
- | " | + | |
- | "port": 8888 | + | |
- | }, | + | |
- | " | + | --add-port 5349/tcp \ |
- | " | + | --add-port 5350/tcp \ |
- | " | + | --add-port 49152-65535/ |
- | " | + | firewall-cmd --permanent \ |
- | " | + | --add-port 3478/udp \ |
- | } | + | --add-port 3479/udp \ |
- | } | + | --add-port 5349/udp \ |
- | EOF | + | |
- | </code> | + | --add-port 49152-65535/ |
- | + | ||
- | Now, lets add our unit file so systemd will be able to manage this daemon: | + | |
- | <code bash> | + | |
- | cp / | + | |
- | systemctl daemon-reload | + | |
- | systemctl enable signalmaster | + | |
- | systemctl start signalmaster | + | |
</ | </ | ||
+ | </ | ||
- | <note important> | ||
=== Setup Apache === | === Setup Apache === | ||
Ligne 265: | Ligne 265: | ||
cp / | cp / | ||
</ | </ | ||
+ | |||
+ | <note important> | ||
We also need to enable mod_proxy_ws: | We also need to enable mod_proxy_ws: | ||
Ligne 274: | Ligne 276: | ||
Once everything is OK, you just have to enable and start apache: | Once everything is OK, you just have to enable and start apache: | ||
<code bash> | <code bash> | ||
- | systemctl enable httpd.service | + | systemctl enable httpd |
- | systemctl start httpd.service | + | systemctl start httpd |
</ | </ | ||
Ligne 282: | Ligne 284: | ||
<code bash> | <code bash> | ||
- | cp / | + | cp / |
</ | </ | ||
And adapt it to your need. This file is quite small and contains comments, so you should find your way ;-) | And adapt it to your need. This file is quite small and contains comments, so you should find your way ;-) | ||
+ | <note important> | ||
+ | The **realm** key in **[turn]** section of the config file must match the realm setting in **/ | ||
+ | </ | ||
+ | |||
+ | Then, enable and start vroom daemon | ||
+ | |||
+ | <code bash> | ||
+ | cp / | ||
+ | systemctl daemon-reload | ||
+ | systemctl enable vroom | ||
+ | systemctl start vroom | ||
+ | </ | ||
==== Admin Interface ==== | ==== Admin Interface ==== | ||
The admin interface is available on /admin. There' | The admin interface is available on /admin. There' | ||
- | ==== ETherpad-Lite integration ==== | + | ==== Etherpad-Lite integration ==== |
You don't have to run etherpad-lite on the same server as VROOM itself. The only requirement is that vroom can reach etherpad API. Here' | You don't have to run etherpad-lite on the same server as VROOM itself. The only requirement is that vroom can reach etherpad API. Here' | ||
Ligne 303: | Ligne 317: | ||
cp -a etherpad-lite/ | cp -a etherpad-lite/ | ||
</ | </ | ||
+ | |||
+ | <note important> | ||
+ | |||
<code bash> | <code bash> | ||
mysql | mysql | ||
Ligne 334: | Ligne 351: | ||
_EOF | _EOF | ||
systemctl daemon-reload | systemctl daemon-reload | ||
- | systemctl enable | + | systemctl enable |
- | systemctl start etherpad.service | + | systemctl start etherpad |
</ | </ | ||
And uncomment the corresponding lines in your httpd configuration | And uncomment the corresponding lines in your httpd configuration |