projets:vroom

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Prochaine révision
Révision précédente
projets:vroom [12/02/2015 12:06]
dani [Get dependencies]
projets:vroom [31/05/2017 15:08] (Version actuelle)
dani [Demo]
Ligne 1: Ligne 1:
 ====== VROOM ====== ====== VROOM ======
 +{{odt>template:template_fws.odt}}
 +
 +<note important>This page is obsolete. Please see the new documentation page instead here: https://vroom.fws.fr/documentation</note>
  
 ===== Intro ===== ===== Intro =====
Ligne 34: Ligne 37:
 ===== Demo ===== ===== Demo =====
  
-Better than a few screenshots, you can try it: https://vroom.im/ (no registration needed). The administration page isn't accessible on the demo, so here are a few screenshots:+Better than a few screenshots, you can try it: https://vroom.fws.fr/ (no registration needed). The administration page isn't accessible on the demo, so here are a few screenshots:
  
 {{ :projets:vroom_admin_list.png |The admin page lists all existing rooms}} {{ :projets:vroom_admin_list.png |The admin page lists all existing rooms}}
Ligne 50: Ligne 53:
  
   * VROOM appearence isn't very polished. Please, contribute if you can   * VROOM appearence isn't very polished. Please, contribute if you can
-  * Google Chrome is the only browser able to share your screen.+  * <del>Google Chrome is the only browser able to share your screen.</del>
   * Not all browsers are supported, including Internet Explorer and Safari. You'll have to wait for them to add WebRTC support   * Not all browsers are supported, including Internet Explorer and Safari. You'll have to wait for them to add WebRTC support
   * iOS won't work, because Apple hasn't implemented WebRTC support and forbid alternative web engine on their market   * iOS won't work, because Apple hasn't implemented WebRTC support and forbid alternative web engine on their market
Ligne 63: Ligne 66:
 Here's a list of things I'd like to add: Here's a list of things I'd like to add:
   * Enhance the general look'n'feel   * Enhance the general look'n'feel
-  * More robust text chat+  * <del>More robust text chat</del> (Looks like browsers have a better dataChannel support now, add no issue for some time)
   * <del>Find a way to send chat history to new peers (as it's totally peer to peer without any central storage, we need a way to elect one of the peer and ask him the history. Maybe the one having the longuest history ?)</del>   * <del>Find a way to send chat history to new peers (as it's totally peer to peer without any central storage, we need a way to elect one of the peer and ask him the history. Maybe the one having the longuest history ?)</del>
   * <del>Display a nice message for unsupported browser explaining why it will not work</del>   * <del>Display a nice message for unsupported browser explaining why it will not work</del>
Ligne 117: Ligne 120:
  
 <code bash> <code bash>
-yum install git nodejs npm tar wget httpd mod_ssl openssl telnet mariadb-server \+yum install git tar wget httpd mod_ssl openssl mariadb-server \
            'perl(Mojolicious)' 'perl(Mojolicious::Plugin::I18N)' 'perl(Mojolicious::Plugin::Mail)' \            'perl(Mojolicious)' 'perl(Mojolicious::Plugin::I18N)' 'perl(Mojolicious::Plugin::Mail)' \
            'perl(Crypt::SaltedHash)' 'perl(Etherpad::API)' 'perl(LWP::Protocol::https)' \            'perl(Crypt::SaltedHash)' 'perl(Etherpad::API)' 'perl(LWP::Protocol::https)' \
            'perl(Sesion::Token)' 'perl(Mojolicious::Plugin::Database)' 'perl(Email::Valid)' \            'perl(Sesion::Token)' 'perl(Mojolicious::Plugin::Database)' 'perl(Email::Valid)' \
-           'perl(Config::Simple)' 'perl(Session::Token)'+           'perl(Config::Simple)' 'perl(Session::Token)' 'perl(URI)'
 </code> </code>
 ==== Clone the repo ==== ==== Clone the repo ====
Ligne 136: Ligne 139:
 === Setup MySQL/MariaDB === === Setup MySQL/MariaDB ===
  
-A database will be used to share informations between the various componentsWill configure it first. +A database will be used to store rooms configuration, we must enable the server.
 <code bash> <code bash>
 systemctl enable mariadb.service systemctl enable mariadb.service
Ligne 179: Ligne 181:
 mysql-userdb "host=localhost dbname=vroom user=vroom password=MySuperPassw0rd connect_timeout=5" mysql-userdb "host=localhost dbname=vroom user=vroom password=MySuperPassw0rd connect_timeout=5"
 verbose verbose
 +syslog
 fingerprint fingerprint
 lt-cred-mech lt-cred-mech
 no-sslv2 no-sslv2
 +no-sslv3
 +no-tcp
 +no-udp
 +tls-listening-port 5349
 +alt-tls-listening-port 3478
 no-loopback-peers no-loopback-peers
-realm firewall-services.com +no-multicast-peers 
-cert /etc/pki/tls/certs/xxx.firewall-services.com.crt +realm vroom 
-pkey /etc/pki/tls/private/xxx.firewall-services.com.key+cert /etc/turnserver/cert.pem 
 +pkey /etc/turnserver/key.pem
 proc-user turnserver proc-user turnserver
 proc-group turnserver proc-group turnserver
Ligne 192: Ligne 201:
  
 <note important> <note important>
-An SSL certificate is needed for everything to work correctly (**/etc/pki/tls/certs/xxx.firewall-services.com.crt** and **/etc/pki/tls/private/xxx.firewall-services.com.key** in this example). For personal use or testing, you can use a self signed certificate. Both key and certificate must be readable by turnserver user and/or group+  * An SSL certificate is needed for everything to work correctly and securely (**/etc/turnserver/cert.pem** and **/etc/turnserver/key.pem** in this example) 
 +  * Both key and certificate must be readable by turnserver user and/or group 
 +  * You can comment no-tcp, no-udp and alt-tls-listening-port if you want to test without encryption 
 +  * If you have intermediate(s) CA, you have to put them in the cert.pem file, but **after** your certificate
 </note> </note>
  
Ligne 212: Ligne 224:
   * TCP 3478, 3479, 5349, 5350 and 49152 to 65535   * TCP 3478, 3479, 5349, 5350 and 49152 to 65535
   * UDP 3478, 3479, 5349, 5350 and 49152 to 65535   * UDP 3478, 3479, 5349, 5350 and 49152 to 65535
-</note> 
  
-=== Setup SignalMaster === +A quick note on how to open the correct port with firewalld:
- +
-This daemon is a slightly modified version of [[https://github.com/andyet/signalmaster|SignalMaster]] from &yet (the only modification is to check client auth before the handshake). To install it:+
  
 <code bash> <code bash>
-cd /opt/vroom/signalmaster +firewall-cmd --add-port 80/tcp \ 
-npm install +             --add-port 443/tcp \ 
-</code> +             --add-port 3478/tcp \ 
- +             --add-port 3479/tcp \ 
-Ok, now lets create a user to run this +             --add-port 5349/tcp \ 
-<code bash> +             --add-port 5350/tcp \ 
-useradd -r signalmaster +             --add-port 49152-65535/tcp 
-</code> +firewall-cmd --add-port 3478/udp \ 
- +             --add-port 3479/udp \ 
-Lets configure signalmaster: +             --add-port 5349/udp \ 
-<code bash> +             --add-port 5350/udp \ 
-cat <<'EOF'/opt/vroom/signalmaster/dev_config.json +             --add-port 49152-65535/udp 
-{ +firewall-cmd --permanent \ 
-    "isDev": false, +             --add-port 80/tcp \ 
-    "server":+             --add-port 443/tcp \ 
-        "port": 8888 +             --add-port 3478/tcp \ 
-    }, +             --add-port 3479/tcp \ 
-    "mysql":+             --add-port 5349/tcp \ 
-        "server": "localhost", +             --add-port 5350/tcp \ 
-        "database": "vroom", +             --add-port 49152-65535/tcp 
-        "user": "vroom", +firewall-cmd --permanent \ 
-        "password": "MySuperPassw0rd" +             --add-port 3478/udp \ 
-    } +             --add-port 3479/udp \ 
-+             --add-port 5349/udp \ 
-EOF +             --add-port 5350/udp \ 
-</code> +             --add-port 49152-65535/udp
- +
-Now, lets add our unit file so systemd will be able to manage this daemon: +
-<code bash> +
-cp /opt/vroom/conf/signalmaster.service /etc/systemd/system+
-systemctl daemon-reload +
-systemctl enable signalmaster +
-systemctl start signalmaster+
 </code> </code>
 +</note>
  
-<note important>In this how-to, the signaling server will be accessible only through Apache which will act as a proxy, so it's recommanded **not** to open the port 8888 from the outside</note> 
  
 === Setup Apache === === Setup Apache ===
Ligne 289: Ligne 291:
  
 And adapt it to your need. This file is quite small and contains comments, so you should find your way ;-) And adapt it to your need. This file is quite small and contains comments, so you should find your way ;-)
 +
 +<note important>
 +The **realm** key in **[turn]** section of the config file must match the realm setting in **/etc/turnserver/turnserver.conf**
 +</note>
  
 Then, enable and start vroom daemon Then, enable and start vroom daemon
Ligne 301: Ligne 307:
 The admin interface is available on /admin. There's no internal authentication: you must configure apache to restrict access to this location if you don't want everyone to be able to manage your rooms. The default sample configuration will just restrict it to localhost, without auth. You can, and should configure a basic auth or similar (I use LemonLDAP::NG for this on the demo instance) The admin interface is available on /admin. There's no internal authentication: you must configure apache to restrict access to this location if you don't want everyone to be able to manage your rooms. The default sample configuration will just restrict it to localhost, without auth. You can, and should configure a basic auth or similar (I use LemonLDAP::NG for this on the demo instance)
  
-==== ETherpad-Lite integration ====+==== Etherpad-Lite integration ====
 You don't have to run etherpad-lite on the same server as VROOM itself. The only requirement is that vroom can reach etherpad API. Here're the steps needed if you want to deploy etherpad-lite on the same box: You don't have to run etherpad-lite on the same server as VROOM itself. The only requirement is that vroom can reach etherpad API. Here're the steps needed if you want to deploy etherpad-lite on the same box:
  
Ligne 314: Ligne 320:
 cp -a etherpad-lite/settings.json.template etherpad-lite/settings.json cp -a etherpad-lite/settings.json.template etherpad-lite/settings.json
 </code> </code>
 +
 +<note important>Adapt /opt/etherpad-lite/settings.jhson to your need</note>
 +
 <code bash> <code bash>
 mysql mysql
Ligne 345: Ligne 354:
 _EOF _EOF
 systemctl daemon-reload systemctl daemon-reload
-systemctl enable etherpd.service +systemctl enable etherpad 
-systemctl start etherpad.service+systemctl start etherpad
 </code> </code>
  
 And uncomment the corresponding lines in your httpd configuration And uncomment the corresponding lines in your httpd configuration
  • projets/vroom.1423739176.txt.gz
  • Dernière modification: 12/02/2015 12:06
  • de dani