Video conf based on SimpleWebRTC https://vroom.fws.fr/documentation
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1299 lines
42 KiB

% title l('DOCUMENTATION');
%= include 'header'
%= include 'public_toolbar'
<div class="container-fluid">
<div class="row-fluid">
<div class="hidden-xs col-sm-3">
<div id="toc">
</div>
</div>
<div class="col-sm-9"
id="doc-content">
<h1 id="intro">
Introduction
</h1>
<p>
VROOM (short for <strong>V</strong>ideo <strong>ROOM</strong>) is a simple to use,
web-based and opensource (MIT licence) video conferencing application.
</p>
<p>
VROOM uses the latest WebRTC technologies to allow video conferencing through a web
browser without any plugin.
There are several more or less similar hosted solutions available (like
<a href="https://talky.io/"
target="_blank">
talky.io
</a>,
<a href="https://appear.in/"
target="_blank">
appear.in
</a>,
<a href="https://vline.com/"
target="_blank">
vLine.com
</a>
for example).
Most of them are more polished than VROOM, but I've found none entirely opensource,
so I started this project.
</p>
<p>
You can get the source, and follow the development of VROOM on the
<a href="https://github.com/dani/vroom"
target="_blank">
github page
</a>
of the project.
</p>
<h1 id="features">
Features
</h1>
<p>
VROOM implements the following features:
<ul>
<li>
P2P Audio/Video conversations (no limit on the number of peers per room)
</li>
<li>
P2P text chat
</li>
<li>
Screen or single windows sharing
</li>
<li>
Send invitations by email
</li>
<li>
Be notified when someone joins one of your rooms
</li>
<li>
Persistent/reserved rooms
</li>
<li>
Chairman functionnalities (mute/pause/kick other peers)
</li>
<li>
Grant chairman role to other peers
</li>
<li>
Password protected rooms (different passwords for access and chairman)
</li>
<li>
Music on hold (when you're alone in a room)
</li>
<li>
Can be optionaly integrated with
<a href="https://github.com/ether/etherpad-lite"
target="_blank">
Etherpad-Lite
</a>
</li>
</ul>
</p>
<p>
VROOM is available in french and english.
You're welcome to submit patches or pull requests to enhance existing localizations,
or add new ones.
</p>
<h1 id="how_it_works">
How it works
</h1>
<p>
<a href="http://www.webrtc.org/"
taget="_blank">
WebRTC
</a>
allows browsers to browsers direct connections. This provides the best latency
as it avoids round trip through a server, which is important with real time communications.
But it also ensures the privacy of your communications. VROOM takes advantage of those
new technologies, and does the following:
<ul>
<li>
When a client joins a room, it establishes a
<a href="https://en.wikipedia.org/wiki/WebSocket"
target="_blank">
websocket
</a>
connection to VROOM server.
This is called the signaling channel.
With this, all peers are able to exchange small messages with each other.
But messages sent through this channels are routed through VROOM server,
so it's not peer to peer yet
</li>
<li>
When a second peer joins the same room, he gets informations about how
to connect directly to the other one(s) through this signaling channel.
</li>
<li>
Now, both peer exchange their video and audio stream directly
</li>
<li>
The signaling channel stays open and is used to transmit non sensitive informations
(peer colors synchronization, notification of muting/kicking etc...)
</li>
<li>
Everything else (audio/video/text chat) is sent directly between peers through data channels
</li>
</ul>
</p>
<div class="alert alert-warning">
As long as possible, data channels and audio/video streams are established directly between peers,
but in some situations, this is not possible (NAT, restrictive firewalls etc...). In those cases
data streams are relayed through a
<a href="https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT"
target="_blank">
TURN
</a>
server
</div>
<h1 id="technologies">
Technologies
</h1>
VROOM is composed of two distincts
<ul>
<li>
The client side: written in Javascript, it's the code executed on the browsers. This is where
webcam streams are captured and sent to other peers. The biggest part is
<a href="http://simplewebrtc.com/"
target="_blank">
SimpleWebRTC
</a>
</li>
<li>
The server side: mainly written in Perl using the fabulous
<a href="http://mojolicio.us/"
target="_blank">
Mojolicious
</a>
framework. This is where room are created and their configuration stored, and where permissions
are managed. The backend uses an SQL (MySQL is the only supported engine for now) to store configurations
</li>
</ul>
<h1 id="install_your_own">
Install your own VROOM instance
</h1>
The following guide will help you installing VROOM on your own server
<h2 id="requirements">
Requirements
</h2>
<p>
If you want to run your own VROOM instance, you'll need the following components
<ul>
<li>
A MySQL compatible server (MySQL or MariaDB)
</li>
<li>
A webserver supporting HTTPS and reverse proxying, including websocket reverse
proxying (Apache can do this with mod_proxy_wstunnel)
</li>
<li>
The following perl modules
<ul>
<li>
DBI
</li>
<li>
DBD::mysql
</li>
<li>
Mojolicious
</li>
<li>
Mojolicious::Plugin::I18N
</li>
<li>
Mojolicious::Plugin::Mail
</li>
<li>
Mojolicious::Plugin::Database
</li>
<li>
Mojolicious::Plugin::StaticCompressor
</li>
<li>
Mojo::Redis2
</li>
<li>
Crypt::SaltedHash
</li>
<li>
MIME::Base64
</li>
<li>
Session::Token
</li>
<li>
Config::Simple
</li>
<li>
Email::Valid
</li>
<li>
Protocol::SocketIO::Handshake
</li>
<li>
Protocol::SocketIO::Message
</li>
<li>
Data::Dumper
</li>
<li>
DateTime
</li>
<li>
Array::Diff
</li>
<li>
Locale::Maketext::Lexicon
</li>
</ul>
</li>
<li>
The following perl modules are optional
<ul>
<li>
For Etherpad-Lite support:
<ul>
<li>
Etherpad
</li>
</ul>
</li>
<li>
To export events in a XLSX file
<ul>
<li>
Mojolicious::Plugin::RenderFile
</li>
<li>
File::Temp
</li>
<li>
Excel::Writer::XLSX
</li>
</ul>
</li>
</ul>
</li>
</ul>
It's also advised to run VROOM on a systemd powered distribution (simply because that's what
I use and I include service units for VROOM).
For the same reasons, I recommend running Apache as webserver (others like Nginx probably work too,
but I provide configuration sample only for Apache)
</p>
<div class="alert alert-warning">
VROOM can probably work with other database engines (like PostgreSQL) with minor modifications.
If you're interrested in adding support, you're welcome to help
</div>
<div class="alert alert-warning">
While VROOM should run on any distro, it's only tested on CentOS 7 x86_64,
so it's the recommended platform.
Also, all dependencies are available as RPM in
<a href="http://repo.firewall-services.com/centos/"
target="_blank">
Firewall Services'
</a>
repository, so installation will be easier on CentOS 7.
If you have it running on another system, please send me your notes so I can update this documentation.
</div>
<h2 id="install_on_c7">
Install on CentOS 7 x86_64
</h2>
<div class="alert alert-warning">
This guide assumes that you have installed a minimal CentOS 7 x86_64 system
</div>
<div class="alert alert-danger">
For now, VROOM requires SELinux to be disabled, or permissive.
You can set this in <strong>/etc/selinux/config</strong>
</div>
<h3 id="c7_repo">
Configure the required repositories
</h3>
<p>
You need to configure both EPEL and FWS repo
<br>
<pre>
cat <<'_EOF' > /etc/yum.repos.d/fws.repo
[fws]
enabled=1
baseurl=http://repo.firewall-services.com/centos/$releasever/
name=Firewall Services
gpgcheck=1
gpgkey=http://repo.firewall-services.com/RPM-GPG-KEY
enablegroups=0
[fws-testing]
enabled=0
baseurl=http://repo.firewall-services.com/centos-testing/$releasever/
name=Firewall Services Testing
gpgcheck=1
gpgkey=http://repo.firewall-services.com/RPM-GPG-KEY
enablegroups=0
_EOF
yum install epel-release</pre>
</p>
<h3 id="c7_dependencies">
Install dependencies
</h3>
<p>
The following command will install everything required to run VROOM
<pre>
yum install git tar wget httpd mod_ssl openssl mariadb-server redis \\
'perl(DBI)' \\
'perl(DBD::mysql)' \\
'perl(Array::Diff)' \\
'perl(Mojolicious)' \\
'perl(Mojolicious::Plugin::I18N)' \\
'perl(Mojolicious::Plugin::Mail)' \\
'perl(Mojolicious::Plugin::Database)' \\
'perl(Mojolicious::Plugin::StaticCompressor)' \\
'perl(Mojolicious::Plugin::RenderFile)' \\
'perl(Protocol::SocketIO)' \\
'perl(Mojo::Redis2)' \\
'perl(Crypt::SaltedHash)' \\
'perl(Etherpad)' \\
'perl(Sesion::Token)' \\
'perl(Digest::HMAC)' \\
'perl(Digest::SHA1)' \\
'perl(Email::Valid)' \\
'perl(File::Temp)' \\
'perl(Excel::Writer::XLSX)' \\
'perl(Locale::Maketext::Lexicon)' \\
'perl(Config::Simple)' \\
'perl(Session::Token)' \\
'perl(DateTime)' \\
'perl(Data::Dumper)'</pre>
</p>
<h3 id="c7_clone_git">
Clone the repository
</h3>
<p>
Lets install VROOM in <strong>/opt/vroom</strong>
<pre>
cd /opt
git clone https://github.com/dani/vroom.git</pre>
</p>
<h3 id="c7_database">
Database
</h3>
<p>
A database will be used to store rooms configuration, you must enable the server.
<pre>
systemctl enable mariadb.service
systemctl start mariadb.service</pre>
Now, create a new database for VROOM
<pre>
mysql -uroot</pre>
<pre>
CREATE DATABASE `vroom` CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON `vroom`.* TO 'vroom'@'localhost' IDENTIFIED BY 'MySuperPassw0rd';
FLUSH PRIVILEGES;</pre>
</p>
<div class="alert alert-warning">
It's better to generate a long, random password here.
Just write it somewhere, you'll need it later
</div>
<p>
Now that we have our MySQL database, we can create the tables
<pre>
mysql -uroot vroom < /opt/vroom/docs/database/schema.mysql</pre>
</p>
<h3 id="c7_redis">
Setup Redis
</h3>
<p>
Redis is used to share data between the various workers (when running with hypnotoad) and
pass messages between peers connected on different workers. It doesn't require very specific settings.
You can use this sample configuration:
<pre>
cp -a /etc/redis.conf /etc/redis.conf.default
cat <<'_EOF' > /etc/redis.conf
daemonize no
bind 127.0.0.1
timeout 0
loglevel notice
logfile ""
databases 16
save 900 1
save 300 10
save 60 10000
dir /var/lib/redis/
_EOF
systemctl start redis
systemctl enable redis</pre>
</p>
<h3 id="c7_apache">
Setup Apache
</h3>
<p>
Two sample apache configurations are provided in the <strong>doc/httpd</strong>
directory
<ul>
<li>
<strong>httpd_alias.conf</strong> should work out of the box, VROOM will be available at
<em>
https://yourservername/vroom
</em>
</li>
<li>
<strong>httpd_vhost.conf</strong> is an alternative which you can use if you prefer
working with named virtualhosts (but will require additional config adjustments,
especially in ssl.conf, which is out of scope for this guide)
</li>
</ul>
Copy the config you want in /etc/httpd/conf.d/
</p>
<div class="alert alert-warning">
In either case, you might want to adjust the apache configuration
</div>
<div class="alert alert-danger">
The admin interface of VROOM will be available on /vroom/admin (alias) or
/admin (vhost) and <strong>must</strong> be protected by your web server.
VROOM provides <strong>no authentication at all</strong>.
In the sample configuration, the access is restricted to localhost,
but you can change this to anything you want
</div>
<p>
You also have to make sure the <strong>mod_proxy_wstunnel</strong>
module is enabled, which is not the case by default on CentOS 7
<pre>
echo "LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so" \\
> /etc/httpd/conf.modules.d/00-proxy_wstunnel.conf</pre>
</p>
<h3 id="c7_dir_perm">
Set permissions on the cache and tmp directories
</h3>
<p>
The <strong>data</strong> directory must be writeable for the user running the VROOM daemon,
which is <strong>vroom</strong> in the provided systemd unit
<pre>
useradd -r -d /dev/null -s /sbin/nologin vroom
chown -R vroom ./data/
chmod 700 ./data/</pre>
</p>
<h3 id="c7_systemd_unit">
Setup systemd units
</h3>
<p>
Here, we'll copy the sample vroom.service unit so that systemd picks it up
<pre>
cp /opt/vroom/docs/systemd/vroom.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable vroom</pre>
</p>
<h2 id="config_vroom">
Configure VROOM
</h2>
<p>
Now, we just need to configure vroom itself. Just copy the sample conf file
<pre>
cp /opt/vroom/conf/settings.ini.dist /opt/vroom/conf/settings.ini</pre>
And edit it to your need. settings.ini has plenty of comments,
but here's an explanation of the different sections and settings
</p>
<h3 id="settings_database">
database
</h3>
<p>
This section is where you define access to the database used by VROOM.
The following settings are available
<ul>
<li>
<strong>dsn</strong>: The <strong>D</strong>ata <strong>S</strong>ource <strong>N</strong>ame for your database.
For example <kbd>dsn = 'DBI:mysql:database=vroom;host=localhost'</kbd>.
See perl DBI documentation if you want more information
</li>
<li>
<strong>user</strong>: This is the username for your database
</li>
<li>
<strong>password</strong>: The password for your database
</li>
<li>
<strong>redis</strong>: The URI to reach your redis server. Exemple <kbd>redis://127.0.0.1:6379/0</kbd>
</li>
<div class="alert alert-danger">
Be sure to specify the loopback address as <strong>127.0.0.1</strong> and not <strong>localhost</strong>
as perl(EV) has an issue when a host is defined for both IPv4 and IPv6 in /etc/hosts (which is the case by default)
</div>
</ul>
</p>
<h3 id="settings_turn">
turn
</h3>
<p>
This section defines which
<a href="http://en.wikipedia.org/wiki/STUN"
target="_blank">
STUN
</a>
and
<a href="http://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT"
target="_blank">
TURN
</a>
servers will be used by the
<a href="http://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment"
target="_blank">
ICE
</a>
process. If you plan to use VROOM only on a local network, where each peer can connect to
each others, you can just omit this part. But if you want VROOM to work from anywhere,
you'll need to use STUN and most likely TURN too.
<ul>
<li>
<strong>stun_server</strong>: The STUN server(s) to use. For example
<kbd>stun_server = 'stun:stun.l.google.com:19302','stun:vroom.example.net:3478'</kbd>.
This must be a comma separated list of full STUN URI as defined by
<a href="https://tools.ietf.org/html/rfc7064"
target="_blank">
rfc7064
</a>
</li>
<li>
<strong>turn_server</strong>: The TURN server(s) to use. For example
<kbd>turn_server = 'turns:vroom.example.net:5349','turns:vroom.example.net:5349?transport=tcp'</kbd>.
This must be a comma separated list of full STUN URI as defined by
<a href="https://tools.ietf.org/html/rfc7065"
target="_blank">
rfc7065
</a>
</li>
<li>
<strong>credentials</strong>: This defines what TURN credentials are sent to clients.
It can take two values:
<ul>
<li>
<strong>static</strong>: With this mode, you're using a single set of credentials
(defined in <strong>turn_user</strong> and <strong>turn_password</strong>) and they
will be used by every peer in every room
</li>
<li>
<strong>rest</strong>: In this mode, VROOM will generate
<a href="https://tools.ietf.org/html/draft-uberti-rtcweb-turn-rest-00"
target="_blank">
TURN REST API
</a>
compatible credentials for each room. Each credentials set will be valid only
for 5 minutes. You must set <strong>secret_key</strong> to the same secret key
set in your TURN server. This is of course the prefered method.
</li>
</ul>
</li>
<li>
<strong>turn_user</strong> and <strong>turn_password</strong>: To use your TURN server,
you'll most likely require credentials. If using static credentials, you must set this to
the username and password the clients will use
</li>
<li>
<strong>secret_key</strong>: When using the <strong>rest</strong> credentials method,
set this to the secret key shared with the turn server
</li>
</ul>
</p>
<h3 id="settings_video">
video
</h3>
<p>
This section is for video quality settings. the available settings are
<ul>
<li>
<strong>frame_rate</strong>: Number of frames per second for webcam streams.
A bigger number will provide a better quality stream but will also require more
bandwidth and CPU on each peer. The default is 15 fps
</li>
</ul>
</p>
<h3 id="settings_email">
email
</h3>
<p>
This section is for emails sent by VROOM (invitations, notifications, feedback form etc...).
The available settings are
<ul>
<li>
<strong>from</strong>: The address used in the From field of emails sent by VROOM.
</li>
<li>
<strong>contact</strong>: The email address which will get feedback form submissions.
</li>
<li>
<strong>sendmail</strong>: The path to the sendmail compatible binary to use (default is
/usr/bin/sendmail and will probably won't need to be changed)
</li>
</ul>
</p>
<h3 id="settings_interface">
interface
</h3>
<p>
This section controls the web interface. The available settings are
<ul>
<li>
<strong>powered_by</strong>: will be displayed in the footer. You can put HTML code here.
</li>
<li>
<strong>template</strong>: The name of the template to use. Must be a directory under <strong>templates</strong>.
The default, and only template provided is called <strong>default</strong>.
But you can copy it and customize it to your needs
</li>
<li>
<strong>chrome_extension_id</strong>: This is the ID of the Chrome extension proposed to
clients when trying to share screen for the first time (obviously, only for Chrome users).
The reason this is configurable is because the extension requires the allowed websites to be listed.
Two extensions are provided, the default (ecicdpoejfllflombfanbhfpgcimjddn) will work everywhere
but allows screen capture on any website, which can be a security risk.
The other extension (lfkdfilifapafomlhaaihfdglamkmdme) only works on
<a href="https://vroom.fws.fr"
target="_blank">
https://vroom.fws.fr
</a>.
You can create your own extension which will only work for your site, and submit it to Google Chrome Store
if you want.
</li>
<li>
<strong>demo</strong>: If enabled, a few more pages and elements will be displayed,
like the documentation you're reading right now.
</li>
</ul>
</p>
<h3 id="settings_rooms">
rooms
</h3>
<p>
This section controls rooms behavior. The available settings are
<ul>
<li>
<strong>inactivity_timeout</strong>: The time (in minutes) after which a room without activity will be deleted
</li>
<li>
<strong>reserved_inactivity_timeout</strong>: The same, but for rooms which have been reserved (owner password set).
You can set it to 0 if you do not want reserved room to expire
</li>
<li>
<strong>common_names</strong>: a comma separated list of names you don't want anyone to be able to reserve.
Rooms with those names can be created, but not reserved. This is to prevent cybersquatting
</li>
<li>
<strong>max_members</strong>: This is the maximum number of peers able to be in a room at the same time.
You can define a limit per room if you want. But the limit set here cannot be exceeded.
</li>
</ul>
</p>
<h3 id="settings_ertherpad">
etherpad
</h3>
<p>
Controls
<a href="https://github.com/ether/etherpad-lite"
target="_blank">
Etherpad-Lite
</a>
integration. The following settings are available
<ul>
<li>
<strong>uri</strong>: The URI to reach your Etherpad Lite instance.
This instance must share the same base domain as VROOM because
of the way sessions are created (Etherpad Lite sessions are created by VROOM
directly and sent as a cookie to the clients)
</li>
<li>
<strong>api_key</strong>: The API key of your Etherpad Lite instance.
You can find it in the file <strong>APIKEY.txt</strong> at the root of your Etherpad Lite
installation
</li>
<li><strong>base_domain</strong>: This is the common part of your domain between VROOM and Etherpad Lite.
For example, if you have VROOM running on https://vroom.example.net/ and Etherpad-Lite as
https://pads.example.net, you'd put <kbd>base_domain = 'example.net'</kbd> here
</li>
</ul>
</p>
<h3 id="settings_directories">
directories
</h3>
<p>
Controls where to find some specific directories
<ul>
<li>
<strong>cache</strong>: This is where VROOM will store its cache (including auto generated and
compressed assets like JS and CSS bundles)
</li>
<li>
<strong>tmp</strong>: This is where VROOM will store temp data like XLSX files when exporting events
</li>
</ul>
</p>
<h3 id="settings_daemon">
daemon
</h3>
<p>
Controls how VROOM daemon behaves. The following settings are available
<ul>
<li>
<strong>listen_ip</strong>: This is the IP the daemon will listen on. Most of the time, you'll let
<strong>127.0.0.1</strong> here as VROOM will be accessed through a reverse proxy
</li>
<li>
<strong>listen_port</strong>: The port VROOM daemon will bind to. Default is <strong>8090</strong>.
Just be sure to adjust your reverse proxy configuration if you change this.
</li>
<li>
<strong>backend</strong>: The backend used to run VROOM. Can be either
<a href="http://mojolicio.us/perldoc/Mojo/Server/Morbo"
target="_blank">
<strong>morbo</strong>
</a>
(recommended for developments) or
<a href="http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad"
target="_blank">
<strong>hypnotoad</strong>
</a>
(recommanded for production).
</li>
<li>
<strong>log_level</strong>: Set the logging level. Can be one of <strong>debug</strong>,
<strong>info</strong>, <strong>warn</strong>, <strong>error</strong> or <strong>fatal</strong>
</li>
<li>
<strong>pid_file</strong>: Where to store the PID file of VROOM daemon (has no effect when using
the morbo backend)
</li>
</ul>
</p>
<h1 id="turn_server">
Setup coturn or rfc5766-turn-server
</h1>
<p>
You can run any TURN server you want, but VROOM has only been tested with
<a href="https://code.google.com/p/rfc5766-turn-server/"
target="_blank">
rfc5766-turn-server
</a>
and
<a href="https://code.google.com/p/coturn/"
target="_blank">
coturn
</a>
(which are very similar).
The reference instance https://vroom.fws.fr is using coturn.
To make use of it, follow those steps
</p>
<h2 id="turn_install">
Install the RPMS
</h2>
<p>
You can now install the extracted RPMS
<pre>
yum --enablerepo=fws install turnserver turnserver-utils</pre>
</p>
<h2 id="turn_configure">
Configure turnserver
</h2>
<p>
Here's a sample configuration:
<pre>
mv /etc/turnserver/turnserver.conf /etc/turnserver/turnserver.conf.default
cat <<'EOF' > /etc/turnserver/turnserver.conf
verbose
fingerprint
lt-cred-mech
syslog
no-sslv2
no-sslv3
no-tcp
no-udp
tls-listening-port 5349
alt-tls-listening-port 3478
no-loopback-peers
no-multicast-peers
realm vroom
cert /etc/turnserver/cert.pem
pkey /etc/turnserver/key.pem
proc-user turnserver
proc-group turnserver
use-auth-secret
static-auth-secret SuperSecretPassword
EOF</pre>
</p>
<div class="alert alert-warning">
<ul>
<li>
An SSL certificate is needed for everything to work correctly and securely
(<strong>/etc/turnserver/cert.pem</strong> and <strong>/etc/turnserver/key.pem</strong>
in this example)
</li>
<li>
Both key and certificate must be readable by turnserver user and/or group
</li>
<li>
You can comment no-tcp, no-udp and alt-tls-listening-port if you want to test without encryption
</li>
<li>
If you have intermediate(s) CA, you have to put them in the cert.pem file, but after your certificate
</li>
<li>
In this example, the turn server will use TURN REST API compatible authentication, so you must set
<kbd>credentials='rest'</kbd> and <kbd>secret_key='SuperSecretPassword'</kbd> in the <strong>turn</strong>
section of VROOM's <strong>settings.ini</strong>
</li>
</ul>
</div>
<h2 id="turn_start">
Enable and start turnserver
</h2>
<p>
You can now start and enable turnserver
<pre>
systemctl enable turnserver
systemctl start turnserver</pre>
</p>
<p>
You can check it's working with
<pre>
journalctl -fl -u turnserver.service</pre>
</p>
<div class="alert alert-warning">
Configuration of your firewall is out of scope for this doc, but you have to ensure the following ports are open:
<ul>
<li>
TCP 3478, 3479, 5349, 5350 and 49152 to 65535
</li>
<li>
UDP 3478, 3479, 5349, 5350 and 49152 to 65535
</li>
</ul>
If you use <strong>firewalld</strong> you can open the correct ports with the following commands
<pre>
firewall-cmd --add-port 80/tcp \\
--add-port 443/tcp \\
--add-port 3478/tcp \\
--add-port 3479/tcp \\
--add-port 5349/tcp \\
--add-port 5350/tcp \\
--add-port 49152-65535/tcp
firewall-cmd --add-port 3478/udp \\
--add-port 3479/udp \\
--add-port 5349/udp \\
--add-port 5350/udp \\
--add-port 49152-65535/udp
firewall-cmd --permanent \\
--add-port 80/tcp \\
--add-port 443/tcp \\
--add-port 3478/tcp \\
--add-port 3479/tcp \\
--add-port 5349/tcp \\
--add-port 5350/tcp \\
--add-port 49152-65535/tcp
firewall-cmd --permanent \\
--add-port 3478/udp \\
--add-port 3479/udp \\
--add-port 5349/udp \\
--add-port 5350/udp \\
--add-port 49152-65535/udp</pre>
</div>
<h1 id="etherpad">
Etherpad-Lite integration
</h1>
<p>
If you want to integrate VROOM with Etherpad-Lite, you'll have to get your instance running.
First, install the dependencies
<pre>
yum install nodejs npm</pre>
<pre>
yum groupinstall "Development Tools"</pre>
Then, Create a user, clone the repository and prepare the config
<pre>
useradd etherpad
cd /opt
git clone https://github.com/ether/etherpad-lite.git
chown -R etherpad:etherpad ./etherpad-lite
cp -a etherpad-lite/settings.json.template etherpad-lite/settings.json</pre>
</p>
<div class="alert alert-warning">
Adapt /opt/etherpad-lite/settings.json to your need. The important settings are
<ul>
<li>
<kbd>"requireSession" : true</kbd>
</li>
<li>
<kbd>"editOnly" : true</kbd>
</li>
<li>
<kbd>"requireAuthentication": false</kbd>
</li>
</ul>
</div>
<p>
You can start etherpad manually the first time and check all its dependencies get installed
<pre>
sudo -u etherpad /opt/etherpad-lite/bin/run.sh</pre>
Once you know it's ok, stop it with <kbd>ctrl+C</kbd> and create a systemd unit
<pre>
cat <<'_EOF' > /etc/systemd/system/etherpad.service
[Unit]
Description=Run Etherpad-lite, the collaborative editor.
After=syslog.target network.target
[Service]
Type=simple
ExecStart=/opt/etherpad-lite/bin/run.sh 2>$1 < /dev/null
Restart=on-failure
StandardOutput=syslog
SyslogIdentifier=Etherpad-Lite
User=etherpad
Group=etherpad
[Install]
WantedBy=multi-user.target
_EOF
systemctl daemon-reload
systemctl enable etherpad
systemctl start etherpad</pre>
And uncomment the corresponding lines in your httpd configuration
(/etc/httpd/conf.d/vroom_alias.conf or /etc/httpd/conf.d/vroom_vhost.conf)
</p>
<h1 id="customize">
Customize
</h1>
<h2 id="moh">
Music on hold
</h2>
<p>
VROOM includes 5 different songs available as music on hold. If you want to add more,
just drop your files in <strong>public/snd/moh</strong>. When joining a room, VROOM will
randomly choose one file from this directory
</p>
<h2 id="appearence">
Appearence
</h2>
<p>
If you want to customize the look and feel of VROOM, you can create your own templates.
To do so, just copy the existing ones
<pre>
cp -a /opt/vroom/templates/default /opt/vroom/templates/my_template</pre>
Then edit <strong>/opt/vroom/conf/settings.ini</strong> and set <kbd>template = 'my_template'</kbd>
Restart VROOM so the configuration change is applied
<pre>
systemctl restart vroom.service</pre>
And you can start modifying your templates.
<div class="alert alert-danger">
As VROOM is still in early development, you'll have to closely follow how the default templates
evolve and merge the changes in your own template
</div>
<div class="alert alert-warning">
While working on your new template, it's recommanded to switch to the
<strong>morbo</strong> backend as templates will be reloaded automatically after each modification
</div>
</p>
<h1 id="admin_area">
Admin area
</h1>
<p>
The admin area is available on /vroom/admin or /admin
(depending on how you have configured your web server).
<div class="alert alert-danger">
Once again: There's no builtin auth mechanism, your web server must protect this URI
</div>
This page gives access to several sub menus to manage your VROOM instance
</p>
<h2 id="room_management">
Room Management
</h2>
<p>
This page lists all the existing rooms wih some important informations
(creation date, last activity, number of participants) and three buttons to manage each room
(join, configure, delete)
</p>
<h2 id="audit">
Audit
</h2>
<p>
This page is to consult audit logs. Every important event in VROOM is logged
<ul>
<li>
On stdout (ideally captured by systemd's Journal or similar)
</li>
<li>
In the audit table
</li>
</ul>
Each event is composed of the following:
<ul>
<li>
<strong>ID</strong>: It's just a unique ID for each event
</li>
<li>
<strong>Date</strong>: the date and time of the event
</li>
<li>
<strong>IP Address</strong>: The IP address of the user
</li>
<li>
<strong>Event</strong>: The type of event (see below)
</li>
<li>
<strong>User</strong>: The login of the user
</li>
<li>
<strong>Message</strong>: A human readable information describing the event
</li>
</ul>
<div class="alert alert-warning">
As all other dates, event dates are stored in the database in UTC and converted in local time when displayed.
If you access directly the database to check the events, you'll have to do the conversion yourself. The dates
also are in UTC in the XLSX exports of events
</div>
<h3 id="event_types">
Event types and their meanings
</h3>
<table class="table">
<thead>
<tr>
<th>
Event type
</th>
<th>
Signification
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
session_create
</td>
<td>
A new cookie based session is created
</td>
</tr>
<tr>
<td>
session_destroy
</td>
<td>
A session is destroyed. Usually the user explicitely quit a room
</td>
</tr>
<tr>
<td>
room_create
</td>
<td>
A new room is created
</td>
</tr>
<tr>
<td>
room_modify
</td>
<td>
Room configuration is modified
</td>
</tr>
<tr>
<td>
peer_role
</td>
<td>
The role of a peer is changing (after authentication or being promoted to an owner of a room)
</td>
</tr>
<tr>
<td>
room_expire
</td>
<td>
A room is being deleted because it showed no activity for too long
</td>
</tr>
<tr>
<td>
room_delete
</td>
<td>
A room is being deleted by a user action
</td>
</tr>
<tr>
<td>
email_notification_change
</td>
<td>
The list of email being notified when someone joins a room has been updated
</td>
</tr>
<tr>
<td>
send_invitation
</td>
<td>
An email invitation to join the room is being sent
</td>
</tr>
<tr>
<td>
invitation_response
</td>
<td>
Response to an invitation received
</td>
</tr>
<tr>
<td>
invalidate_invitation
</td>
<td>
An invitation has been used, so is marked as invalide (invitations are only usable once)
</td>
</tr>
<tr>
<td>
pad_create
</td>
<td>
A pad (Etherpad-Lite) is created
</td>
</tr>
<tr>
<td>
admin_key
</td>
<td>
An API Key aquires admin privileges.
Usually this happens when a user access /admin for the first time with this session
</td>
</tr>
<tr>
<td>
peer_id_mismatch
</td>
<td>
Connection to the signaling channel attempted with a wrong peer ID
</td>
</tr>
<tr>
<td>
no_role
</td>
<td>
Someone tried to join a room but has no valid role, so access is denied
</td>
</tr>
<tr>
<td>
member_off_limit
</td>
<td>
A peer is being denied because member limit is already reached
</td>
</tr>
<tr>
<td>
room_join
</td>
<td>
A peer joins a room
</td>
</tr>
<tr>
<td>
room_leave
</td>
<td>
A peer leaves a room
</td>
</tr>
<tr>
<td>
api_action_denied
</td>
<td>
An API action has been denied
</td>
</tr>
<tr>
<td>
api_action_allowed
</td>
<td>
An API action was allowed
</td>
</tr>
<tr>
<td>
join_notification
</td>
<td>
An email notification was sent because someone joined a room
</td>
</tr>
</tbody>
</table>
</p>
</div>
</div>
</div>
%= include 'js_common'
<script>
$(document).ready(function() {
initDoc();
});
</script>
%= include 'footer'