#!/bin/bash
#
# BlueButton open source conferencing system - https://www.bigbluebutton.org/
#
# Copyright (c) 2020 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <https://www.gnu.org/licenses/>.
#
# Author(s):
#   Fred Dixon <ffdixon@bigbluebutton.org>
#   Sebastian Schneider <seb.sschneider@gmail.com>
#   Ghazi Triki <ghazi.nocturne@gmail.com>
#
# Changelog:
#   2009-10-18 FFD  Initial Version
#   2009-11-05 FFD  Updated for 0.62
#   2009-12-09 FFD  Updated for 0.63
#   2009-12-11 FFD  Added ability to switch conference servers
#   2009-12-12 FFD  Added cleaning and watching of log files
#   2010-01-05 FFD  Added zipping of log files
#   2010-01-18 FFD  Added resetting of environment back to using packages
#   2010-03-02 JRT  Added trunk checkout options / fixed bbb-apps instructions
#   2010-04-02 FFD  Updated for 0.64
#   2010-06-21 SEB  Cleaned up some code / Updated for 0.70
#   2010-06-25 SEB  Added ability to change the security secret
#   2010-06-30 SEB  Added some extra error checking
#   2010-07-06 SEB  Added more error checking and report messages
#   2010-09-15 FFD  Updates for 0.71-dev
#   2010-10-16 FFD  Updates for 0.71-beta
#   2010-11-06 FFD  Added logic to ensure red5 shuts down
#   2010-12-12 FFD  Fixed bug #778
#   2010-12-12 FFD  Added support for Intalio VM
#   2010-02-28 FFD  Fixed #834
#   2011-06-26 FFD  Updates for 0.8
#   2012-01-14 FFD  Testing the development environment for 0.8
#   2012-02-22 FFD  Updates to development environment
#   2012-04-27 FFD  Added sum of version numbers in --check
#   2013-02-03 FFD  Updated for changes to parameters for 0.81 in bigbluebutton-sip.properties
#   2013-11-07 FFD  Finished 0.81
#   2014-01-13 FFD  Working on updates for 0.9.0
#   2014-03-10 GUG  Enable WebRTC
#   2015-03-12 FFD  Added start/stop of HTML5 server
#   2016-01-13 FFD  Updates for 1.0
#   2016-02-28 FFD  Updates to support HTTPS configuration
#   2016-05-28 FFD  Initial updates for 1.1-dev
#   2016-08-15 GTR  Archive more logs with zip option and show more applications with status
#   2016-10-17 GTR  Added redis to checked server components & added ownership check for video and freeswitch recording directories
#   2017-04-08 FFD  Cleanup for 1.1-beta
#   2018-11-22 MNE  Dynamically detect if sudo is needed
#   2018-12-09 GTR  More logs cleanup
#   2019-02-08 GTR  Updates for 2.2 after extracting bbb-web to a standalone server application
#   2019-03-14 FFD  Refactoring and cleanup for 2.2
#   2019-05-14 FFD  Added more checks for configuration issues
#   2019-07-08 GTR  Set IP for all recording formats
#   2019-10-31 GTR  Set IP and shared secret for bbb-webhooks
#   2019-11-09 GTR  Keep HTML5 client logs permissions when cleaning logs
#   2020-05-20 NJH  Add port 443 to --Network and clean up tmp file.
#   2020-06-23 JFS  Remove defaultGuestPolicy warning for HTML5 client
#   2020-10-22 AGG  Removing Flash/Red5 related code (yay!)
#   2021-07-16 JFS  Add defaultMeetingLayout information

#set -x
#set -e

PATH=$PATH:/sbin

if [[ "$(id -u)" != "0" ]]; then
    if [[ -x "$(which sudo)" ]]; then
        SUDO="$(which sudo)"
    else
        echo "bbb-conf must be ran as root!" && exit 1
    fi
fi

if [[ ! -f /etc/bigbluebutton/bigbluebutton-release ]]; then
    echo
    echo "# BigBlueButton does not appear to be installed.  Could not"
    echo "# locate: /etc/bigbluebutton/bigbluebutton-release"
    echo
    exit 1
fi

# Load the content of the file as variables
source /etc/bigbluebutton/bigbluebutton-release

#
# Figure out our environment (Debian vs. CentOS)
#

if [ -f /etc/centos-release ] || [ -f /etc/system-release ]; then
    DISTRIB_ID=centos
    TOMCAT_USER=tomcat
    TOMCAT_DIR=/var/lib/$TOMCAT_USER
    SERVLET_LOGS=/usr/share/tomcat/logs
    REDIS_SERVICE=redis.service
else
    . /etc/lsb-release    # Get value for DISTRIB_ID
    if [ "$DISTRIB_CODENAME" == "focal" ]; then
      TOMCAT_USER=tomcat9
    fi
    TOMCAT_DIR=/var/lib/$TOMCAT_USER
    SERVLET_LOGS=$TOMCAT_DIR/logs
    REDIS_SERVICE=redis-server
fi

# Common to Ubuntu and CentOS
FREESWITCH_VARS=/opt/freeswitch/etc/freeswitch/vars.xml
FREESWITCH_EXTERNAL=/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml
FREESWITCH_PID=/opt/freeswitch/var/run/freeswitch/freeswitch.pid
FREESWITCH_EVENT_SOCKET=/opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
FREESWITCH_SWITCH_CONF=/opt/freeswitch/etc/freeswitch/autoload_configs/switch.conf.xml

LTI_DIR=/usr/share/bbb-lti

if [ -f /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties ]; then
    SERVLET_DIR=/usr/share/bbb-web
fi


get_properties_value() {
    key="$1"
    file="$2"
    if [[ -f $file ]]; then
        val=$(grep "^$key" "$file"| cut -d = -f 2-)
        echo "$val"
        return 0
    fi
    return 1
}
get_bbb_web_config_value() {
    key="$1"
    val="$(get_properties_value "$key" "$BBB_WEB_ETC_CONFIG")"
    if [[ -n $val ]]; then
        echo "$val"
        return 0
    fi
    val="$(get_properties_value "$key" "$BBB_WEB_CONFIG")"
    if [[ -n $val ]]; then
        echo "$val"
        return 0
    fi
    return 1
}

RECORD_CONFIG=/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml

HTML5_DEFAULT_CONFIG=/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
HTML5_ETC_CONFIG=/etc/bigbluebutton/bbb-html5.yml
if [ -f $HTML5_ETC_CONFIG ]; then
    HTML5_CONFIG=$(yq m -x $HTML5_DEFAULT_CONFIG $HTML5_ETC_CONFIG)
else
    HTML5_CONFIG=$(yq r $HTML5_DEFAULT_CONFIG)
fi

WEBRTC_SFU_DEFAULT_CONFIG=/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml
WEBRTC_SFU_ETC_CONFIG=/etc/bigbluebutton/bbb-webrtc-sfu/production.yml
if [ -f $WEBRTC_SFU_ETC_CONFIG ]; then
    # -a overwrite: merges arrays by replacement (yq 3.4+, like the override)
    WEBRTC_SFU_CONFIG=$(yq m -a overwrite -x $WEBRTC_SFU_DEFAULT_CONFIG $WEBRTC_SFU_ETC_CONFIG)
else
    WEBRTC_SFU_CONFIG=$(yq r $WEBRTC_SFU_DEFAULT_CONFIG)
fi

BBB_WEB_CONFIG="$SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties"
BBB_WEB_ETC_CONFIG="/etc/bigbluebutton/bbb-web.properties"
NGINX_IP=$(cat /etc/nginx/sites-available/bigbluebutton | grep -v '#' | sed -n '/server_name/{s/.*server_name[ ]*//;s/;//;p}' | cut -d' ' -f1 | head -n 1)
SIP_CONFIG=/usr/share/bigbluebutton/nginx/sip.nginx
SIP_NGINX_IP=$(cat $SIP_CONFIG |  grep -v '#' | sed -n '/proxy_pass/{s/.*proxy_pass http[s]*:\/\///;s/:.*//;p}' | head -n 1)

NCPU=$(nproc --all)

BBB_USER=bigbluebutton

if [ $EUID == 0 ]; then
  TURN=$SERVLET_DIR/WEB-INF/classes/spring/turn-stun-servers.xml
  TURN_ETC_CONFIG=/etc/bigbluebutton/turn-stun-servers.xml
  if [ -f "$TURN_ETC_CONFIG" ]; then
    TURN=$TURN_ETC_CONFIG
  fi
  STUN="$(xmlstarlet sel -N x="http://www.springframework.org/schema/beans" -t -m '_:beans/_:bean[@class="org.bigbluebutton.web.services.turn.StunTurnService"]/_:property[@name="stunServers"]/_:set/_:ref' -v @bean -nl $TURN)"
fi

PROTOCOL=http
if [ -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; then
    SERVER_URL=$(get_bbb_web_config_value bigbluebutton.web.serverURL | sed -n '{s/.*\///;p}')
    if get_bbb_web_config_value bigbluebutton.web.serverURL | grep -q https; then
        PROTOCOL=https
    fi
fi

#
# We're going to give ^bigbluebutton.web.logoutURL a default value (if undefined) so bbb-conf does not give a warning
#
if [ -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; then
    if [ -z "$(get_bbb_web_config_value bigbluebutton.web.logoutURL)" ]; then
        echo "bigbluebutton.web.logoutURL=default" >> $BBB_WEB_ETC_CONFIG
    fi
fi

#
# Determine IP so it works on multilingual installations
#

### duplicated code: see deb-helper.sh and apply-lib.sh
if [ -e "/sys/class/net/venet0:0" ]; then
    # IP detection for OpenVZ environment
    _dev="venet0:0"
else
    _dev=$(awk '$2 == 00000000 { print $1 }' /proc/net/route | head -1)
fi
_ips=$(LANG=C ip -4 -br address show dev "$_dev" | awk '{ $1=$2=""; print $0 }')
_ips=${_ips/127.0.0.1\/8/}
read -r IP _ <<< "$_ips"
IP=${IP/\/*} # strip subnet provided by ip address
if [ -z "$IP" ]; then
  read -r IP _ <<< "$(hostname -I)"
fi

#
# Calculate total memory on this server
#
MEM=$(grep MemTotal /proc/meminfo | awk '{print $2}')
MEM=$((MEM/1000))

#
# Check if the function has a value and, if not, print an error message
# $1 -- name of value
# $2 -- location of value
# $3 -- value to check
#
check_no_value() {
    if [ -z $3 ]; then
        echo "# Tried to check $1 in"
        echo "#    $2"
        echo "# but value is empty."
        exit 1
    fi
}

check_file() {
    if [ ! -f $1 ]; then
        echo "# File does not exist: $1"
    fi
}

print_header() {
    if [ ! $HEADER ]; then
        echo
        echo "# Potential problems described below"
        HEADER=1
    fi
}

need_root() {
    if [ $EUID != 0 ]; then
        echo "Need to be root to run this option"
        exit 1
    fi
}



usage() {
    echo "BigBlueButton Configuration Utility - Version $BIGBLUEBUTTON_RELEASE"
    echo
    echo "   bbb-conf [options]"
    echo
    echo "Configuration:"
    echo "   --version                        Display BigBlueButton version (packages)"
    echo "   --setip <IP/hostname>            Set IP/hostname for BigBlueButton"
    echo "   --setsecret <secret>             Change the shared secret in /etc/bigbluebutton/bbb-web.properties"
    echo "   --set-port-range MIN-MAX         Change UDP port range used for audio/video/screenshare"
    echo
    echo "Monitoring:"
    echo "   --check                          Check configuration files and processes for problems"
    echo "   --debug                          Scan the log files for error messages"
    echo "   --watch                          Scan the log files for error messages every 2 seconds"
    echo "   --network                        View network connections on 80, 443 and 1935 by IP address. 1935 is deprecated. You will need to modify bbb-conf if you have custom ports."
    echo "   --secret                         View the URL and shared secret for the server"
    echo "   --lti                            View the URL and secret for LTI (if installed)"
    echo
    echo "Administration:"
    echo "   --restart                        Restart BigBlueButton"
    echo "   --stop                           Stop BigBlueButton"
    echo "   --start                          Start BigBlueButton"
    echo "   --clean                          Restart and clean all log files"
    echo "   --status                         Display running status of components"
    echo "   --zip                            Zip up log files for reporting an error"
    echo
}

# utility function to make a copy of the conf file
check_and_backup () {
    # can we write to the configuration file?
    if [ ! -w $1 ]; then
        echo "Cannot write to $1!"
        exit 1
    fi

    # let's see if we need a copy
    if [ "$TO_BACKUP" = "Y" ]; then
        cp $1 $1.bak
        TO_BACKUP="N"
    fi
}

# 3 paramenter: the file, the variable name, the new value
change_var_value () {
    check_and_backup $1
    sed -i "s<^[[:blank:]#]*\(${2}\).*<\1=${3}<" $1
}

# same as change_var_value but with quotes
change_var_salt() {
    check_and_backup $1
    sed -i "s<^[[:blank:]#]*\(${2}\).*<\1="${3}"<" $1
}

# comment lines matching $2 ($1 is the file)
comment () {
    check_and_backup $1
    sed -i "s<^[[:blank:]]*\(${2}.*\)<#\1<" $1
}

change_yml_value () {
    sed -i "s<^\([[:blank:]#]*\)\(${2}\): .*<\1\2: ${3}<" $1
}


# comment lines matching $2 ($1 is the file)
uncomment () {
    check_and_backup $1
    sed -i "s<^[#[:blank:]]*\(${2}.*\)<\1<" $1
}

stop_bigbluebutton () {
    echo "Stopping BigBlueButton"

    if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then
      TOMCAT_SERVICE=$TOMCAT_USER
      systemctl stop $TOMCAT_SERVICE
    fi

    systemctl stop bigbluebutton.target
}

start_bigbluebutton () {
    #
    # Apply any local configuration options (if exists)
    #
    if [ -x /etc/bigbluebutton/bbb-conf/apply-config.sh ]; then
        echo
        echo "Applying updates in /etc/bigbluebutton/bbb-conf/apply-config.sh: "
        /etc/bigbluebutton/bbb-conf/apply-config.sh
        echo
    fi

    if [ -f /opt/freeswitch/var/log/freeswitch/freeswitch.log ]; then
        if grep -q "Failure to connect to CORE_DB sofia_reg_external" /opt/freeswitch/var/log/freeswitch/freeswitch.log; then
            # See: https://docs.bigbluebutton.org/install/install.html#freeswitch-fails-to-bind-to-ipv4
            echo "Clearing the FreeSWITCH database."
            rm -rf /opt/freeswitch/var/lib/freeswitch/db/*
        fi
    fi

    echo "Reloading NginX configuration"
    systemctl reload nginx

    echo "Starting BigBlueButton"

    if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then
        TOMCAT_SERVICE=$TOMCAT_USER

        [ -z "$TOMCAT_SERVICE" ] || systemctl start $TOMCAT_SERVICE || {
            echo
            echo "# Warning: $TOMCAT_SERVICE could not be started. Please, check BBB-LTI."
            echo "#     Run the command:"
            echo "#       sudo journalctl -u $TOMCAT_SERVICE"
            echo "#     To better understand the ERROR"
        }
    fi

    systemctl restart bigbluebutton.target

    if [ -f /usr/lib/systemd/system/bbb-html5.service ]; then
        systemctl start mongod
        sleep 3
        systemctl start bbb-html5
    fi
}

display_bigbluebutton_status () {
    units="nginx freeswitch $REDIS_SERVICE bbb-apps-akka bbb-fsesl-akka"

    if [ -d $TOMCAT_DIR ]; then
        units="$units $TOMCAT_USER"
    fi

    if [ -f /usr/lib/systemd/system/bbb-html5.service ]; then
        units="$units mongod bbb-html5 bbb-webrtc-sfu kurento-media-server"

        for i in `seq 8888 8890`; do
            # check if multi-kurento setup is configured
            if [ -f /usr/lib/systemd/system/kurento-media-server-${i}.service ]; then
                if systemctl is-enabled kurento-media-server-${i}.service > /dev/null; then
                    units="$units kurento-media-server-${i}"
                fi
            fi
        done

        source /usr/share/meteor/bundle/bbb-html5-with-roles.conf

        if [ -f /etc/bigbluebutton/bbb-html5-with-roles.conf ]; then
          source /etc/bigbluebutton/bbb-html5-with-roles.conf
        fi

        for ((i = 1 ; i <= $NUMBER_OF_BACKEND_NODEJS_PROCESSES; i++)); do
          units="$units bbb-html5-backend@$i"
        done

        for ((i = 1; i <= $NUMBER_OF_FRONTEND_NODEJS_PROCESSES; i++)); do
          units="$units bbb-html5-frontend@$i"
        done
    fi

    if [ -f /usr/share/etherpad-lite/settings.json ]; then
        units="$units etherpad"
    fi

    if [ -f /usr/lib/systemd/system/bbb-web.service ]; then
        units="$units bbb-web"
    fi

    if [ -f /usr/lib/systemd/system/bbb-webhooks.service ]; then
        units="$units bbb-webhooks"
    fi

    if [ -f /usr/lib/systemd/system/bbb-lti.service ]; then
        units="$units bbb-lti"
    fi

    if [ -f /usr/lib/systemd/system/bbb-pads.service ]; then
        units="$units bbb-pads"
    fi

    if [ -f /usr/lib/systemd/system/bbb-export-annotations.service ]; then
        units="$units bbb-export-annotations"
    fi

    if [ -f /usr/lib/systemd/system/bbb-rap-caption-inbox.service ]; then
        units="$units bbb-rap-caption-inbox"
    fi

    if [ -f /usr/lib/systemd/system/bbb-rap-resque-worker.service ]; then
        units="$units bbb-rap-resque-worker"
    fi

    if [ -f /usr/lib/systemd/system/bbb-rap-starter.service ]; then
        units="$units bbb-rap-starter"
    fi

    if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then
      TOMCAT_SERVICE=$TOMCAT_USER
    fi

    line='——————————————————————►'
    for unit in $units; do
        status=$(systemctl is-active "$unit")
        if [ "$status" = "active" ]; then
            printf "%s %s [✔ - $status]\n" $unit "${line:${#unit}}"
        else
            printf "%s %s [✘ - $status]\n" $unit "${line:${#unit}}"
        fi
    done
}

if [ $# -eq 0 ]; then
    usage
    exit 1
fi

# Parse the parameters
while [ $# -gt 0 ]; do
    if [ "$1" = "-stop" -o "$1" = "--stop" ]; then
        need_root
        stop_bigbluebutton
        exit 0
    fi

    if [ "$1" = "-start" -o "$1" = "--start" ]; then
        need_root
        start_bigbluebutton
        exit 0
    fi

    if [ "$1" = "-check" -o "$1" = "--check" -o "$1" = "-c" ]; then
        CHECK=1
        shift;shift
        continue
    fi

    if [ "$1" = "--version" -o "$1" = "-version" -o "$1" = "-v" ]; then
        VERSION=1
        shift
        continue
    fi

    if [ "$1" = "--debug" -o "$1" = "-debug" -o "$1" = "-d" ]; then
        DEBUG=1
        shift
        continue
    fi

    if [ "$1" = "--clean" -o "$1" = "-clean" ]; then
        CLEAN=1
        shift
        continue
    fi

    if [ "$1" = "--watch" -o "$1" = "-watch" -o "$1" = "-w" ]; then
        WATCH=1
        shift
        continue
    fi

    if [ "$1" = "--network" -o "$1" = "-network" -o "$1" = "-n" ]; then
        NETWORK=1
        shift
        continue
    fi

    if [ "$1" = "--zip" -o "$1" = "-zip" -o "$1" = "-z" ]; then
        ZIP=1
        shift
        continue
    fi

    if [ "$1" = "--status" -o "$1" = "-status" ]; then
        display_bigbluebutton_status
        exit 0
    fi

    if [ "$1" = "--restart" -o "$1" = "-restart" ]; then
        RESTART=1
        shift
        continue
    fi

    #
    # all other parameters requires at least 1 argument
    #

    if [ "$1" = "-setip" -o "$1" = "--setip" ]; then
        HOST="${2}"
        if [ -z "$HOST" ]; then
            echo "HOST IP=$IP"
        fi

        if echo $HOST|grep -q ":"; then
            HOST=$(echo ${2}|cut -d: -f1)
        fi
        shift; shift
        continue
    fi

    if [ "$1" = "--set-port-range" ]; then
        PORT_RANGE="${2}"
        shift; shift
        continue
    fi

    if [ "$1" = "--salt" -o "$1" = "-salt" -o "$1" = "--setsalt" -o "$1" = "--secret" -o "$1" = "-secret"  -o "$1" = "--setsecret" ]; then
        SECRET="${2}"
        if [ -z "$SECRET" ]; then
            BBB_WEB_URL=$(get_bbb_web_config_value bigbluebutton.web.serverURL)
            SECRET=$(get_bbb_web_config_value securitySalt)
            echo
            echo "    URL: $BBB_WEB_URL/bigbluebutton/"
            echo "    Secret: $SECRET"
            echo
            echo "    Link to the API-Mate:"
            echo "    https://mconf.github.io/api-mate/#server=$BBB_WEB_URL/bigbluebutton/&sharedSecret=$SECRET"
            echo
            exit 0
        fi
        shift; shift
        continue
    fi

    if [ "$1" = "--lti" -o "$1" = "-lti" ]; then
        if [ -z "$SECRET" ]; then
            if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
                LTI_URL="${PROTOCOL}://"$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiEndPoint/{s/^.*=//;p}')'/lti/tool'
                CUSTOMER=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiConsumer/{s/^.*=//;s/:.*//p}')
                SECRET=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiConsumer/{s/^[^:]*://;p}')
                echo
                echo "       URL: $LTI_URL"
                echo "  Customer: $CUSTOMER"
                echo "    Secret: $SECRET"
                echo
                ICON_URL=$( echo $LTI_URL | sed 's/tool/images\/icon.ico/')
                echo "  Icon URL: $ICON_URL"
                echo
                echo
                exit 0
            fi
        fi
        shift; shift
        continue
    fi

    usage
    exit 1
done

print_bigbluebutton_version() {
    echo
    if [ $DISTRIB_ID == "centos" ]; then
        echo "BigBlueButton Server $BIGBLUEBUTTON_RELEASE ($(rpm -qa | grep bbb | grep -v bbb-lti | grep -v bbb-redis | grep -v bbb-tomcat | grep -v freeswitch | sed 's/.*[0-9].[0-9].[0-9]-//g' | sed 's/\..*//g' | awk '{ sum+=$1} END {print sum}'))"
    else
        echo "BigBlueButton Server $BIGBLUEBUTTON_RELEASE ($(dpkg -l | grep bbb | grep -v bbb-lti | sed -n '/[0-9].[0-9].[0-9]-/{s/.*[0-9].[0-9].[0-9]-//;s/;//;p}' | awk '{ sum+=$1} END {print sum}'))"
    fi
}


#
# Version
#
if [[ $VERSION ]]; then
    print_bigbluebutton_version
    echo
    dpkg -l | grep bbb
    exit 0
fi


#
# Set Shared Secret
#

if [[ $SECRET ]]; then
    need_root

    echo "Assigning secret in $BBB_WEB_ETC_CONFIG"
    if [ -f "$BBB_WEB_ETC_CONFIG" ] && grep "^securitySalt" "$BBB_WEB_ETC_CONFIG" > /dev/null ; then
        change_var_value "$BBB_WEB_ETC_CONFIG" securitySalt "$SECRET"
    else
        echo "securitySalt=$SECRET" >> "$BBB_WEB_ETC_CONFIG"
    fi

    if [ -f /usr/local/bigbluebutton/bbb-webhooks/config/default.yml ]; then
        change_yml_value /usr/local/bigbluebutton/bbb-webhooks/config/default.yml sharedSecret $SECRET
    fi

    if [ -f /usr/local/bigbluebutton/bbb-webhooks/extra/post_catcher.js ]; then
        sed -i "s|\(^[ \t]*var shared_secret[ =]*\)[^;]*|\1\"$SECRET\"|g" /usr/local/bigbluebutton/bbb-webhooks/extra/post_catcher.js
    fi

    if [ -f /etc/bigbluebutton/bbb-apps-akka.conf ]; then
        sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" /etc/bigbluebutton/bbb-apps-akka.conf
    fi

    if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
        sed -i "s/bigbluebuttonSalt=.*/bigbluebuttonSalt=$SECRET/g" ${LTI_DIR}/WEB-INF/classes/lti-config.properties
    fi

    echo
    echo "BigBlueButton's shared secret is now $SECRET"
    echo
    echo "You must restart BigBlueButton for the changes to take effect"
    echo
    echo "  $SUDO bbb-conf --restart"
    echo
    echo
fi

#
# Set Port Range
#

if [[ $PORT_RANGE ]]; then
    if [[ "$PORT_RANGE" =~ ^([[:digit:]]+)-([[:digit:]]+)$ ]]; then
        START_PORT=${BASH_REMATCH[1]}
        END_PORT=${BASH_REMATCH[2]}

        need_root

        xmlstarlet edit --inplace --update '/configuration/settings/param[@name="rtp-start-port"]/@value' --value $START_PORT $FREESWITCH_SWITCH_CONF
        xmlstarlet edit --inplace --update '/configuration/settings/param[@name="rtp-end-port"]/@value' --value $END_PORT $FREESWITCH_SWITCH_CONF

        sed -i "s/minPort=.*/minPort=$START_PORT/" /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini
        sed -i "s/maxPort=.*/maxPort=$END_PORT/" /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini

        mkdir -p $(dirname $WEBRTC_SFU_ETC_CONFIG)
        touch $WEBRTC_SFU_ETC_CONFIG
        yq w -i $WEBRTC_SFU_ETC_CONFIG mediasoup.worker.rtcMinPort $START_PORT
        yq w -i $WEBRTC_SFU_ETC_CONFIG mediasoup.worker.rtcMaxPort $END_PORT

        echo
        echo "BigBlueButton's UDP port range is now $START_PORT-$END_PORT"
        echo
        echo "You must restart BigBlueButton for the changes to take effect"
        echo
        echo "  $SUDO bbb-conf --restart"
        echo
        echo
    else
        echo
        echo "Warning: --set-port-range requires a numerical port range (default is 16384-32768)"
        echo
        echo "Port range remains unchanged"
        echo
    fi
fi

check_configuration() {
    #
    # Check that freeswtich ESL matches the value in bigbluebutton.properties
    #
    if [ -f $FREESWITCH_EVENT_SOCKET ]; then
        FREESWITCH_ESL_IP=$(cat $FREESWITCH_EVENT_SOCKET | grep 'name="listen-ip"' | cut -d\" -f4  | awk '{print $1}')
        check_no_value event_socket $FREESWITCH_EVENT_SOCKET $FREESWITCH_ESL_IP
    fi

    #
    # Check if BigBlueButton is defined in Nginx
    #
    if [ ! -L /etc/nginx/sites-enabled/bigbluebutton ]; then
        echo "# Nginx: BigBlueButton appears to be disabled"
        echo "         - no symbolic link in /etc/nginx/sites-enabled/bigbluebutton to /etc/nginx/sites-available/bigbluebutton "
    fi

    #
    # Look for properties with no values set
    #
    CONFIG_FILES="$SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties"

    for file in $CONFIG_FILES ; do
        if [ ! -f $file ]; then
            echo "# Error: File not found: $file"
        else
            if cat $file | grep -v redis.pass | grep -v redisPassword  | grep -v ^# | grep -q "^[^=]*=[ ]*$"; then
                echo "# The following properties in $file have no value:"
                echo "#     $(grep '^[^=#]*=[ ]*$' $file | grep -v redis.pass | grep -v redisPassword | sed 's/=//g')"
            fi
        fi
    done

    VARFolder="$(get_bbb_web_config_value imageMagickDir)"
    if [ ! -x $VARFolder/convert ]; then
        echo "# ImageMagick's convert is not installed in $VARFolder"
    fi

    #
    # Check if the IP resolves to a different host
    #
    check_no_value server_name /etc/nginx/sites-available/bigbluebutton $NGINX_IP

    if which host > /dev/null 2>&1; then
        HOSTS=$(which host)
        if [ $HOSTS ]; then
            HOSTS=$($HOSTS $NGINX_IP | awk '{ print $4 }' | head -n 1)
        fi
    fi


    BBB_SECRET="$(get_bbb_web_config_value securitySalt)"


    if [ -f /usr/lib/systemd/system/bbb-webhooks.service ]; then
        WEBHOOKS_CONF=/usr/local/bigbluebutton/bbb-webhooks/config/default.yml
        WEBHOOKS_SECRET=$(yq r $WEBHOOKS_CONF bbb.sharedSecret)

        if [ "$BBB_SECRET" != "$WEBHOOKS_SECRET" ]; then
            echo "# Warning: Webhooks API Shared Secret mismatch: "
            echo "#  ${SERVLET_DIR}/WEB-INF/classes/bigbluebutton.properties = $BBB_SECRET"
            echo "#  $WEBHOOKS_CONF                       = $WEBHOOKS_SECRET"
            echo
        fi

        WEBHOOKS_PROXY_PORT=$(cat /usr/share/bigbluebutton/nginx/webhooks.nginx | grep -v '#' | grep '^[ \t]*proxy_pass[ \t]*' | sed 's|.*http[s]\?://[^:]*:\([^;]*\);.*|\1|g')
        WEBHOOKS_APP_PORT=$(yq r $WEBHOOKS_CONF server.port)

        if [ "$WEBHOOKS_PROXY_PORT" != "$WEBHOOKS_APP_PORT" ]; then
            echo "# Warning: Webhooks port mismatch: "
            echo "#  /usr/share/bigbluebutton/nginx/webhooks.nginx                   = $WEBHOOKS_PROXY_PORT"
            echo "#  $WEBHOOKS_CONF = $WEBHOOKS_APP_PORT"
            echo
        fi
    fi


    if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
        LTI_SECRET=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | tr -d '\r' | sed -n '/^bigbluebuttonSalt/{s/.*=//;p}')

        if [ "$LTI_SECRET" != "$BBB_SECRET" ]; then
            echo "# Warning: LTI shared secret mismatch:"
            echo "#  ${LTI_DIR}/WEB-INF/classes/lti-config.properties                      = $LTI_SECRET"
            echo "#  ${SERVLET_DIR}/WEB-INF/classes/bigbluebutton.properties  = $BBB_SECRET"
            echo
        fi
    fi

    SIP_PROTOCOL=$(cat /usr/share/bigbluebutton/nginx/sip.nginx | grep -v \# | sed -n '/proxy_pass/{s/.*proxy_pass [ ]*//;s/:.*//;p}' | head -n 1)
    if [[ $SIP_PROTOCOL == "https" ]]; then
        if ! grep wss-binding $FREESWITCH_EXTERNAL > /dev/null; then
            echo "# Warning: Websockets is using HTTPS in /usr/share/bigbluebutton/nginx/sip.nginx"
            echo "# but no definition for wss-binding found in "
            echo "#"
            echo "#    $FREESWITCH_EXTERNAL"
            echo
        fi
    fi

    if [ "$(ls -ld /var/freeswitch/meetings | cut -d' ' -f3)" != "freeswitch" ]; then
        echo "# Warning: Detected the directory"
        echo "#    /var/freeswitch/meetings"
        echo "# is not owned by freeswitch"
    fi

    if [ "$(ls -ld /var/bigbluebutton | cut -d' ' -f3)" != $BBB_USER ]; then
        echo "# Warning: Detected the directory"
        echo "#    /var/bigbluebutton"
        echo "# is not owned by $BBB_USER"
    fi

    CHECK_STUN=$(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]' -v @data $FREESWITCH_VARS | sed 's/external_rtp_ip=stun://g')
    if [ "$CHECK_STUN" == "stun.freeswitch.org" ]; then
       echo
       echo "# Warning: Detected FreeSWITCH is using default stun.freeswitch.org server.  See"
       echo "#"
       echo "#     https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-using-default-stun-server"
       echo "#"
       echo
    fi

    if ! which ufw > /dev/null 2>&1; then
       echo
       echo "# Warning: No firewall detected.  Recommend using setting up a firewall for your server"
       echo "#"
       echo "#     https://docs.bigbluebutton.org/admin/customize.html#setup-a-firewall"
       echo "#"
       echo
    fi

}

check_state() {
    echo
    print_header
    check_configuration

    #
    # Check for potential problems in the BigBlueButton configuration
    #

    RUNNING_APPS=""
    NOT_RUNNING_APPS=""

    if [[ -a $FREESWITCH_PID ]]; then
        if ! ps aux | grep -v grep | grep '[/]opt/freeswitch/bin/freeswitch' > /dev/null; then
            print_header
            NOT_RUNNING_APPS="${NOT_RUNNING_APPS} freeswitch"
        else
            RUNNING_APPS="${RUNNING_APPS} freeswitch"
        fi
    fi

    if ! ps aux | grep -v grep | grep '[/]usr/sbin/nginx' > /dev/null; then
        print_header
        NOT_RUNNING_APPS="${NOT_RUNNING_APPS} Nginx"
    else
        RUNNING_APPS="${RUNNING_APPS} Nginx"
    fi

    if ! ss -ant | grep '8090' > /dev/null; then
        print_header
        if [ ! -z "$TOMCAT_SERVICE" ]; then
            NOT_RUNNING_APPS="${NOT_RUNNING_APPS} ${TOMCAT_USER} or grails"
        fi
    else
        if ps aux |  ps -aef | grep -v grep | grep grails | grep run-app > /dev/null; then
        print_header
        RUNNING_APPS="${RUNNING_APPS} Grails"
        echo "#   ${TOMCAT_USER}:      noticed you are running grails run-app instead of ${TOMCAT_USER}"
        else
            if [ ! -z "$TOMCAT_SERVICE" ]; then
                RUNNING_APPS="${RUNNING_APPS} ${TOMCAT_USER}"
            fi
        fi
    fi

    if ! ps aux | grep -v grep | grep '[/]usr/[s]*bin/redis-server' > /dev/null; then
        print_header
        NOT_RUNNING_APPS="${NOT_RUNNING_APPS} redis-server"
    else
        RUNNING_APPS="${RUNNING_APPS} redis-server"
    fi

    if [ "$NOT_RUNNING_APPS" != "" ]; then
        echo "# Not running: ${NOT_RUNNING_APPS}"
    fi


    #
    # Check if running development environment
    #
    if ! grep 8090 /usr/share/bigbluebutton/nginx/web.nginx > /dev/null; then
        echo "# Warning: nginx is not serving BigBlueButton's web application"
        echo "# from port 8090"
        echo "#"
        echo "# (This is OK if you have setup a development environment.) "
        echo
    fi


    #
    # Check FreeSWITCH
    #
    if grep -q "Thread ended for mod_event_socket" /opt/freeswitch/var/log/freeswitch/freeswitch.log; then
        echo
        echo "# Error: Found text in freeswitch.log:"
        echo "#"
        echo "#    Thread ended for mod_event_socket"
        echo "#"
        echo "# FreeSWITCH may not be responding to requests on port 8021 (event socket layer)"
        echo "# and users may have errors joining audio."
        echo "#"
    fi

    #
    # Check FreeSWITCH
    #

    ESL_PASSWORD=$(xmlstarlet sel -t -m 'configuration/settings/param[@name="password"]' -v @value /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml)
    if ! echo "/quit" | /opt/freeswitch/bin/fs_cli -p $ESL_PASSWORD - > /dev/null 2>&1; then
        echo
        echo "#"
        echo "# Error: Unable to connect to the FreeSWITCH Event Socket Layer on port 8021"
        echo "#"
    fi

    #
    # Check for required external commands
    #
    COMMANDS="ruby gem pdftocairo"
    for cmd in $COMMANDS ; do
        if ! which $cmd > /dev/null 2>&1; then
            echo "#    $cmd command not found"
        fi
    done

    #
    # Check if ffmpeg is installed, and whether it is a supported version
    #
    FFMPEG_VERSION=$(ffmpeg -version 2>/dev/null | grep ffmpeg | cut -d ' ' -f3 | sed 's/--.*//g' | tr -d '\n')
    case "$FFMPEG_VERSION" in
        4.*.*)
            # This is the current supported version; OK.
            ;;
        '')
            echo "# Warning: No ffmpeg version was found on the system"
            echo "#          Recording processing will not function"
            echo
            ;;
        *)
            echo "# Warning: The installed ffmpeg version '${FFMPEG_VERSION}' is not recommended."
            echo "# Recommend you update to the 4.0.x version of ffmpeg.  To upgrade, do the following"
            echo "#"
            echo "#       $SUDO apt-get install software-properties-common"
            echo "#       $SUDO add-apt-repository ppa:jonathonf/ffmpeg-4"
            echo "#       $SUDO apt-get update"
            echo "#       $SUDO apt-get dist-upgrade"
            echo "#"
            echo
            ;;
    esac


    #
    # Check that the servlet container has started properly and has created log files
    #
    if [ -d $TOMCAT_DIR ]; then
      if [ -z "$(ls -A $SERVLET_LOGS)" ]; then
        echo "#                     empty directory: $SERVLET_LOGS contains no logs"
      fi
    fi

    #
    # Check if the user is running their own bbb-web
    #
    if grep -q 8888 /usr/share/bigbluebutton/nginx/web.nginx; then
        if ! ss -ant | grep '8888' > /dev/null; then
            echo "# Warning: There is no application server listening to port 8888."
            echo
        fi
    fi


    #
    # Check if the local server can access the API.  This is a common problem when setting up BigBlueButton behind
    # a firewall
    #
    BBB_WEB="$(get_bbb_web_config_value bigbluebutton.web.serverURL|sed -n '{s/.*\///;p}')"
    check_no_value server_name /etc/nginx/sites-available/bigbluebutton $BBB_WEB

    COUNT=0
    while [ $COUNT -lt 80 ]; do
        let COUNT=COUNT+1
        timeout 1s curl -sS $PROTOCOL://$BBB_WEB/bigbluebutton/api | grep -q SUCCESS
        if [ $? -eq 0 ]; then
            let COUNT=80
        else
            echo -n "."
            sleep 1
        fi
    done
    echo

    if ! curl -sS $PROTOCOL://$BBB_WEB/bigbluebutton/api | grep -q SUCCESS; then
        echo "# Error: Could not connect to the configured hostname/IP address"
        echo "#"
        echo "#    $PROTOCOL://$BBB_WEB/"
        echo "#"
        echo "# If your BigBlueButton server is behind a firewall, see FAQ."
        echo
    fi

    VARS_IP=$(cat $FREESWITCH_VARS | sed -n '/"local_ip_v4/{s/.*local_ip_v4=//;s/".*//;p}')
    if [[ "$VARS_IP" != "127.0.0.1" ]] && [[ "$VARS_IP" != "auto" ]]; then
        if [ "$VARS_IP" != $IP ]; then
            echo "# Warning: The setting of $VARS_IP for local_ip_v4 in"
            echo "#"
            echo "#    $FREESWITCH_VARS"
            echo "#"
            echo "# does not match the local IP address ($IP)."
            echo "# (This is OK if you've manually changed the values)"
            echo
        fi
    fi

    if (( $MEM < 3940 )); then
        echo "# Warning: You are running BigBlueButton on a server with less than 4G of memory.  Your"
        echo "# performance may suffer."
        echo
    fi

    BBB_WEB="$(get_bbb_web_config_value bigbluebutton.web.serverURL)"

    if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
        LTI_URL="${PROTOCOL}://"$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^ltiEndPoint/{s/^.*=//;p}')'/lti/tool'
        echo "# Warning: The IMS Learning Tools Integration (LTI) is accessible from:"
        echo "#"
        echo "#    $LTI_URL"
        echo "#"
        echo "# To get the access parameters for LTI, run the command"
        echo "#"
        echo "#    bbb-conf --lti"
        echo
    fi

    DEFAULT_PDF="$(get_bbb_web_config_value beans.presentationService.defaultUploadedPresentation)"
    if echo $DEFAULT_PDF | grep -q "bigbluebutton.web.serverURL"; then
        if ! echo "$BBB_WEB$(echo $DEFAULT_PDF | sed 's/${bigbluebutton.web.serverURL}//g')" | xargs curl -sS >/dev/null; then
            echo "# Error: Unable to reach default URL for presentation:"
            echo "#"
            echo "#    $BBB_WEB$(echo $DEFAULT_PDF | sed 's/${bigbluebutton.web.serverURL}//g')"
            echo "#"
            echo "# Check value for beans.presentationService.defaultUploadedPresentation in"
            echo "#   $BBB_WEB_CONFIG and $BBB_WEB_ETC_CONFIG"
        fi
    else
        if ! echo "$DEFAULT_PDF" | xargs curl -sS >/dev/null; then
            echo "# Error: Unable to reach default URL for presentation"
            echo "#"
            echo "#    $DEFAULT_PDF"
            echo "#"
            echo "# Check value for beans.presentationService.defaultUploadedPresentation in"
            echo "#   $BBB_WEB_CONFIG and $BBB_WEB_ETC_CONFIG"
        fi
    fi

    if [ "$(cat /etc/bigbluebutton/bbb-apps-akka.conf | sed -n '/sharedSecret.*/{s/[^"]*"//;s/".*//;p}')" == "changeme" ]; then
        BBB_WEB_IP="$(get_bbb_web_config_value bigbluebutton.web.serverURL|sed -n '{s/.*\///;p}')"
        echo "# Error: Detected that /etc/bigbluebutton/bbb-apps-akka.conf has the default"
        echo "# configuration values.  To update, run"
        echo "#"
        echo "#   $SUDO bbb-conf --setip $BBB_WEB_IP"
        echo "#"
    fi

    if bbb-conf --status | grep -q inactive; then
        if systemctl list-units --full -all | grep -q $TOMCAT_USER.service; then
            TOMCAT_SERVICE=$TOMCAT_USER

            if bbb-conf --status | grep -q inactive | grep -q $TOMCAT_SERVICE; then
                echo "# Warning: $TOMCAT_SERVICE is not started correctly"
                echo "#"
            fi
        fi
        if bbb-conf --status | grep inactive; then
            echo "# Error: Detected some processes have not started correctly"
            echo "#"
            echo "#   $(bbb-conf --status | grep inactive)"
            echo "#"
        fi
    fi

    if systemctl status freeswitch | grep -q SETSCHEDULER; then
        echo "# Error: FreeSWITCH failed to start with SETSCHEDULER error, see"
        echo "#"
        echo "#   https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-fails-to-start-with-a-setscheduler-error"
        echo "#"
    fi

    NCPU=$(nproc --all)
    if [ "$NCPU" -lt "4" ]; then
        echo "# Warning: found only $NCPU cores, whereas this server should have (at least) 4 CPU cores"
        echo "# to run BigBlueButton in production."
        echo "#"
        echo "#   https://docs.bigbluebutton.org/install/install.html#minimum-server-requirements"
        echo "#"
    fi

    if [ "$(echo "$HTML5_CONFIG" | yq r - public.media.sipjsHackViaWs)" != "true" ]; then
      if [ "$PROTOCOL" == "https" ]; then
        if ! cat $SIP_CONFIG |  grep -v '#' | grep proxy_pass | head -n 1 | grep -q https; then
          echo "# Warning: You have this server defined for https, but in"
          echo "#"
          echo "#   $SIP_CONFIG"
          echo "#"
          echo "#  did not find the use of https in definition for proxy_pass"
          echo "#"
          echo "#    $(cat $SIP_CONFIG |  grep -v '#' | grep proxy_pass | head -n 1)"
          echo "#"
        fi

      if [ "$SIP_NGINX_IP" != $IP ]; then
        if [ "$SIP_NGINX_IP" != "\$freeswitch_addr" ]; then
          echo "# Warning: The setting of $SIP_NGINX_IP for proxy_pass in"
          echo "#"
          echo "#    /usr/share/bigbluebutton/nginx/sip.nginx"
          echo "#"
          echo "# does not match the local IP address ($IP)."
          echo "# (This is OK if you've manually changed the values)"
          echo
        fi
      fi

        if ! cat $SIP_CONFIG |  grep -v '#' | grep proxy_pass | head -n 1 | grep -q 7443; then
          echo
          echo "# Warning: You have this server defined for https, but in"
          echo "#"
          echo "#   $SIP_CONFIG"
          echo "#"
          echo "#  did not find the use of port 7443 in definition for proxy_pass"
          echo "#"
          echo "#    $(cat $SIP_CONFIG |  grep -v '#' | grep proxy_pass | head -n 1)"
          echo "#"
        fi
      fi
    fi

    CHECK="$(get_bbb_web_config_value securitySalt|sha1sum |cut -d' ' -f1)"
    if [ "$CHECK" == "55b727b294158a877212570c3c0524c2b902a62c" ]; then
      echo
      echo "#"
      echo "# Warning: Detected you have the default shared secret.  You MUST change your shared"
      echo "# secret NOW for BigBlueButton to finish starting up. Do either"
      echo "#"
      echo "#   sudo bbb-conf --setsecret <secret>"
      echo "#"
      echo "# or, to have openssl generate a strong secret for you (recommended)"
      echo "#"
      echo "#   sudo bbb-conf --setsecret \$(openssl rand -base64 32 | sed 's/=//g' | sed 's/+//g' | sed 's/\///g')"
      echo "#"
      echo "# Be sure to update any integrations with the new shared secret."
      echo "#"
      systemctl stop bbb-web
      exit 1
    fi

    if ! systemctl show-environment | grep LANG= | grep -q UTF-8; then
      echo
      echo "#"
      echo "# Warning: Detected that systemctl does not define a UTF-8 language."
      echo "#"
      echo "# To temporarily correct, run the command "
      echo "#"
      echo "#   sudo systemctl set-environment LANG=en_US.UTF-8"
      echo "#"
      echo "# See https://docs.bigbluebutton.org/2.2/install.html#pre-installation-checks"
      echo "#"
    fi

    if [ "$(stat -c "%U %G" /var/bigbluebutton)" != "bigbluebutton bigbluebutton" ]; then
      echo
      echo "#"
      echo "# Warning: The directory"
      echo "#"
      echo "#  /var/bigbluebutton"
      echo "#"
      echo "# is not owned by bigbluebutton:bigbluebutton.  To fix, run the command"
      echo "#"
      echo "#   sudo chown -R bigbluebutton:bigbluebutton /var/bigbluebutton"
      echo "#"
    fi

    FREESWITCH_SIP=$(ss -anlt4 | grep :5066 | grep -v tcp6 | grep LISTEN | sed 's/ [ ]*/ /g' | cut -d' ' -f4 | sed 's/:5066//g')
    WEBRTC_SFU_SIP_IP=$(echo "$WEBRTC_SFU_CONFIG" | yq r - freeswitch.sip_ip)

    if [ ! -z "$FREESWITCH_SIP" ]; then
      if [ "$FREESWITCH_SIP" != "$WEBRTC_SFU_SIP_IP" ]; then
        echo
        echo "#"
        echo "# bbb-webrtc-sfu will try to connect to $WEBRTC_SFU_SIP_IP but FreeSWITCH is listening on $FREESWITCH_SIP for port 5066"
        echo "#"
        echo "# To fix, run the commands"
        echo "#"
        echo "# sudo yq w -i /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml freeswitch.sip_ip $FREESWITCH_SIP"
        echo "# sudo chown bigbluebutton:bigbluebutton /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml"
        echo "#"
      fi
    fi

    if [ ! -z "$STUN" ]; then
      for i in $STUN; do
        STUN_SERVER="$(xmlstarlet sel -N x="http://www.springframework.org/schema/beans" -t -m "_:beans/_:bean[@id=\"$i\"]/_:constructor-arg[@index=\"0\"]" -v @value $TURN | sed 's/stun://g')"

	# stun is from the stun-client package, which is available on both bionic and focal
	# stunclient is from the stuntman-client package, which is available on bionic but was removed from focal
	if which stun > /dev/null 2>&1; then
	  # stun return codes, from its client.cxx
	  # low nibble: open (0), various STUN combinations (2-9), firewall (a), blocked (c), unknown (e), error (f)
	  # high nibble: hairpin (1)
	  stun $STUN_SERVER > /dev/null
          if (( ($? & 0xf) > 9 )); then
            echo
            echo "#"
            echo "# Warning: Failed to verify STUN server at $STUN_SERVER with command"
            echo "#"
            echo "#    stun $STUN_SERVER"
            echo "#"
          fi
        elif which stunclient > /dev/null 2>&1; then
          if echo $STUN_SERVER | grep -q ':'; then
            STUN_SERVER="$(echo $STUN_SERVER | sed 's/:.*//g') $(echo $STUN_SERVER | sed 's/.*://g')"
          else
            STUN_SERVER="$STUN_SERVER 3478"
          fi
          if stunclient $STUN_SERVER | grep -q "fail\|Unable\ to\ resolve"; then
            echo
            echo "#"
            echo "# Warning: Failed to verify STUN server at $STUN_SERVER with command"
            echo "#"
            echo "#    stunclient $STUN_SERVER"
            echo "#"
          fi
        fi
      done
    fi

    BBB_LOG="/var/log/bigbluebutton"
    if [ "$(stat -c "%U %G" $BBB_LOG)" != "bigbluebutton bigbluebutton" ]; then
      echo
      echo "#"
      echo "# Warning: The directory"
      echo "#"
      echo "#  $BBB_LOG"
      echo "#"
      echo "# is not owned by bigbluebutton:bigbluebutton.  To fix, run the command"
      echo "#"
      echo "#   sudo chown bigbluebutton:bigbluebutton $BBB_LOG"
      echo "#"
    fi

    BBB_LOG_FILES="$BBB_LOG/bbb-rap-worker.log $BBB_LOG/bbb-web.log $BBB_LOG/post_publish.log  $BBB_LOG/sanity.log"
    for log_file in $BBB_LOG_FILES; do
      if [ -f "$log_file" ] && [ "$(stat -c "%U %G" $log_file)" != "bigbluebutton bigbluebutton" ]; then
        echo
        echo "#"
        echo "# Warning: The file"
        echo "#"
        echo "#  $log_file"
        echo "#"
        echo "# is not owned by bigbluebutton:bigbluebutton.  To fix, run the command"
        echo "#"
        echo "#   sudo chown bigbluebutton:bigbluebutton $log_file"
        echo "#"
      fi
    done

    if [ -d /var/lib/gems/2.5.0/cache ]; then
      for gem_file in /var/lib/gems/2.5.0/cache/*; do
        if [ ! -s $gem_file ]; then
          echo "#"
          echo "# Warning: Found a zero byte size gem file"
          echo "#"
          echo "#  $gem_file"
          echo "#"
        fi
      done
    fi

		if journalctl -u bbb-rap-* | grep -q 'Nil'; then
			echo
			echo "#"
			echo "# Warning: found 'Nil' message in recording processing logs.  Possible GEM errors"
			echo "#"
			echo "#  https://github.com/bigbluebutton/bigbluebutton/issues/14287"
			echo "#"
		fi


    exit 0
}


#
# Print out the status of the current setup and look for configuration issues
#
if [ $CHECK ]; then
    need_root

    print_bigbluebutton_version

    echo "                    Kernel version:" $(uname -r)

    if [ $DISTRIB_ID == "centos" ]; then
        echo -n "                      Distribution: $(cat /etc/centos-release)"
    else
        source /etc/lsb-release
        echo -n "                      Distribution: $DISTRIB_DESCRIPTION "
    fi

    if [ $(uname -m) == "x86_64" ]; then
        echo "(64-bit)"
    elif [ $(uname -m) == "i686" ]; then
        echo "(32-bit)"
    fi

    echo "                            Memory: $MEM MB"
    echo "                         CPU cores: $NCPU"

    echo
    echo "$BBB_WEB_ETC_CONFIG (override for bbb-web)"
    echo "$BBB_WEB_CONFIG (bbb-web)"
    echo "       bigbluebutton.web.serverURL: $(get_bbb_web_config_value bigbluebutton.web.serverURL)"
    echo "                defaultGuestPolicy: $(get_bbb_web_config_value defaultGuestPolicy)"
    echo "              defaultMeetingLayout: $(get_bbb_web_config_value defaultMeetingLayout)"

    echo
    echo "/etc/nginx/sites-available/bigbluebutton (nginx)"
    echo "                       server_name: $NGINX_IP"

    PORT=$(cat /etc/nginx/sites-available/bigbluebutton | grep -v '#' | sed -n '/listen/{s/.*listen[ ]*//;s/;//;p}' | grep -v ssl | tr --delete '\n' | sed 's/\[/, \[/g' | sed 's/0$/0\n/g')
    echo "                              port: $PORT"
    if cat /etc/nginx/sites-available/bigbluebutton | grep -v '#' | sed -n '/listen/{s/.*listen[ ]*//;s/;//;p}' | grep ssl > /dev/null; then
        echo "                              port: 443 ssl"
    fi

    echo
    echo "$FREESWITCH_VARS (FreeSWITCH)"
    echo "                       local_ip_v4: $(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "local_ip_v4=")]' -v @data $FREESWITCH_VARS | sed 's/local_ip_v4=//g')"
    echo "                   external_rtp_ip: $(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]' -v @data $FREESWITCH_VARS | sed 's/external_rtp_ip=//g')"
    echo "                   external_sip_ip: $(xmlstarlet sel -t -m '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_sip_ip=")]' -v @data $FREESWITCH_VARS | sed 's/external_sip_ip=//g')"

    echo
    echo "$FREESWITCH_EXTERNAL (FreeSWITCH)"
    echo "                        ext-rtp-ip: $(xmlstarlet sel -t -m 'profile/settings/param[@name="ext-rtp-ip"]' -v @value $FREESWITCH_EXTERNAL)"
    echo "                        ext-sip-ip: $(xmlstarlet sel -t -m 'profile/settings/param[@name="ext-sip-ip"]' -v @value $FREESWITCH_EXTERNAL)"
    echo "                        ws-binding: $(xmlstarlet sel -t -m 'profile/settings/param[@name="ws-binding"]' -v @value $FREESWITCH_EXTERNAL)"
    echo "                       wss-binding: $(xmlstarlet sel -t -m 'profile/settings/param[@name="wss-binding"]' -v @value $FREESWITCH_EXTERNAL)"

    # awk script from https://stackoverflow.com/a/14527886/1493790
    # open issue: a tool like crudini (https://stackoverflow.com/a/25513632/1493790)
    #     would be better for parsing ini files

    echo
    echo "UDP port ranges"
    echo
    echo "                        FreeSWITCH: $(xmlstarlet sel -t -m './configuration/settings/param[@name="rtp-start-port"]' -v @value $FREESWITCH_SWITCH_CONF)-$(xmlstarlet sel -t -m './configuration/settings/param[@name="rtp-end-port"]' -v @value $FREESWITCH_SWITCH_CONF)"
    echo "                           kurento: $(awk -F '=' '{if (! ($0 ~ /^;/) && $0 ~ /minPort/) print $2}' /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini)-$(awk -F '=' '{if (! ($0 ~ /^;/) && $0 ~ /maxPort/) print $2}' /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini)"

    echo "                    bbb-webrtc-sfu: $(echo "$WEBRTC_SFU_CONFIG" | yq r - mediasoup.worker.rtcMinPort)-$(echo "$WEBRTC_SFU_CONFIG" | yq r - mediasoup.worker.rtcMaxPort)"


#     if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
#          LTI_URL=$(cat ${LTI_DIR}/WEB-INF/classes/lti-config.properties | grep -v '#' | sed -n '/^bigbluebuttonURL/{s/.*http[s]:\/\///;s/\/.*//;p}' | tr -d '\015')
#          echo
#          echo "${LTI_DIR}/WEB-INF/classes/lti-config.properties (LTI integration)"
#          echo "                           api url: $LTI_URL"
#     fi

    if [ -f $RECORD_CONFIG ]; then
        echo
        echo "$RECORD_CONFIG (record and playback)"
        echo "                     playback_host: $(yq r $RECORD_CONFIG playback_host)"
        echo "                 playback_protocol: $(yq r $RECORD_CONFIG playback_protocol)"
        echo "                            ffmpeg: $(ffmpeg -version 2>/dev/null | grep ffmpeg | cut -d ' ' -f3 | sed 's/--.*//g' | tr -d '\n')"
    fi

    if [ -f $SIP_CONFIG ]; then
        echo
        echo "$SIP_CONFIG (sip.nginx)"
        echo "                        proxy_pass: $SIP_NGINX_IP"
        echo "                          protocol: $(cat /usr/share/bigbluebutton/nginx/sip.nginx | grep -v \# | sed -n '/proxy_pass/{s/.*proxy_pass [ ]*//;s/:.*//;p}' | head -n 1)"
    fi

    if [ -n "$WEBRTC_SFU_CONFIG" ]; then
        MEDIASOUP_WEBRTC_IPS=$(echo "$WEBRTC_SFU_CONFIG" | yq r --printMode v - mediasoup.webrtc.listenIps.*.announcedIp)
        echo
        echo "/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (bbb-webrtc-sfu)"
        echo "/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (bbb-webrtc-sfu - override)"
        echo "    mediasoup.webrtc.*.announcedIp: $(echo "$MEDIASOUP_WEBRTC_IPS" | awk -v ORS=", " '{ print $1 }' | sed 's/, $//')"
        echo "  mediasoup.plainRtp.*.announcedIp: $(echo "$WEBRTC_SFU_CONFIG" | yq r --printMode v - mediasoup.plainRtp.*.announcedIp)"
        echo "                        kurento.ip: $(echo "$WEBRTC_SFU_CONFIG" | yq r - kurento[0].ip)"
        echo "                       kurento.url: $(echo "$WEBRTC_SFU_CONFIG" | yq r - kurento[0].url)"
        echo "                 freeswitch.sip_ip: $(echo "$WEBRTC_SFU_CONFIG" | yq r - freeswitch.sip_ip)"
        echo "               recordScreenSharing: $(echo "$WEBRTC_SFU_CONFIG" | yq r - recordScreenSharing)"
        echo "                     recordWebcams: $(echo "$WEBRTC_SFU_CONFIG" | yq r - recordWebcams)"
        echo "                  codec_video_main: $(echo "$WEBRTC_SFU_CONFIG" | yq r - conference-media-specs.codec_video_main)"
        echo "               codec_video_content: $(echo "$WEBRTC_SFU_CONFIG" | yq r - conference-media-specs.codec_video_content)"
    fi

    if [ -n "$HTML5_CONFIG" ]; then
    echo
    echo "/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)"
    echo "/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)"
    echo "                             build: $(echo "$HTML5_CONFIG" | yq r - public.app.html5ClientBuild)"
    echo "                        kurentoUrl: $(echo "$HTML5_CONFIG" | yq r - public.kurento.wsUrl)"
    echo "            defaultFullAudioBridge: $(echo "$HTML5_CONFIG" | yq r - public.media.audio.defaultFullAudioBridge)"
    echo "           defaultListenOnlyBridge: $(echo "$HTML5_CONFIG" | yq r - public.media.audio.defaultListenOnlyBridge)"
    echo "                    sipjsHackViaWs: $(echo "$HTML5_CONFIG" | yq r - public.media.sipjsHackViaWs)"
    fi

    if [ ! -z "$STUN" ]; then
    for i in $STUN; do
        echo
        echo "$TURN (STUN Server)"
        echo "                              stun: $(xmlstarlet sel -N x="http://www.springframework.org/schema/beans" -t -m "_:beans/_:bean[@id=\"$i\"]/_:constructor-arg[@index=\"0\"]" -v @value $TURN | sed 's/stun://g')"
    done
    fi

    check_state
    echo

    exit 0
fi

#
# Zip log files
#
if [ $ZIP ]; then
    need_root

    LOG_FILE="$(date +'%Y%m%d')-$(date +%H).tar"
    TMP_LOG_FILE="/tmp/$LOG_FILE"
    #
    # Check log files
    #
    rm -f "$LOG_FILE.gz"
    rm -f /tmp/a

    touch /tmp/empty
    tar cf  $TMP_LOG_FILE /tmp/empty               > /dev/null 2>&1
    tar rfh $TMP_LOG_FILE $SERVLET_LOGS            > /dev/null 2>&1
    tar rf  $TMP_LOG_FILE /var/log/bigbluebutton/* > /dev/null 2>&1
    tar rf  $TMP_LOG_FILE /var/log/bbb-apps-akka   > /dev/null 2>&1
    tar rf  $TMP_LOG_FILE /var/log/bbb-fsesl-akka         > /dev/null 2>&1
    tar rf  $TMP_LOG_FILE /var/log/bbb-webrtc-sfu         > /dev/null 2>&1
    tar rf  $TMP_LOG_FILE /var/log/kurento-media-server > /dev/null 2>&1
    tar rf  $TMP_LOG_FILE /var/log/mongodb              > /dev/null 2>&1
    tar rf  $TMP_LOG_FILE /var/log/redis                > /dev/null 2>&1
    tar rf  $TMP_LOG_FILE /var/log/nginx/error.log*     > /dev/null 2>&1
    tar rf  $TMP_LOG_FILE /var/log/nginx/bigbluebutton.access.log*    > /dev/null 2>&1
    tar rfh $TMP_LOG_FILE /opt/freeswitch/var/log/freeswitch/         > /dev/null 2>&1

    if [ -f /var/log/nginx/html5-client.log ]; then
        tar rf $TMP_LOG_FILE /var/log/nginx/html5-client.log* > /dev/null 2>&1
    fi

    if [ -f /var/log/syslog ]; then
        tar rf $TMP_LOG_FILE /var/log/syslog* > /dev/null 2>&1
    fi

    tar tf $TMP_LOG_FILE
    gzip $TMP_LOG_FILE
    $SUDO mv $TMP_LOG_FILE.gz /root/$LOG_FILE.gz
    echo
    echo "  Created: /root/$LOG_FILE.gz"
    echo
fi

#
# Check current setup
#
if [ $DEBUG ]; then
    need_root
    #
    # Check log files
    #

    rm -rf /tmp/t
    grep --directories=skip ERROR /var/log/bigbluebutton/* > /tmp/t
    if [ -s /tmp/t ]; then
        echo "  -- ERRORS found in /var/log/bigbluebutton/* -- "
        cat /tmp/t
        echo
    fi

    rm -rf /tmp/t
    grep --directories=skip Exception /var/log/bigbluebutton/* | grep -v CacheExceptionHandlerFactory > /tmp/t
    if [ -s /tmp/t ]; then
        echo "  -- ERRORS found in /var/log/bigbluebutton/* -- "
        cat /tmp/t
        echo
    fi

    if [ -d $SERVLET_LOGS ]; then
      rm -rf /tmp/t
      $SUDO grep --directories=skip Exception $SERVLET_LOGS/* | grep -v CacheExceptionHandlerFactory > /tmp/t
      if [ -s /tmp/t ]; then
        echo "   -- Exceptions found in $SERVLET_LOGS/ -- "
        cat /tmp/t
        echo
      fi
    fi

    rm -rf /tmp/t
    if [ -s /var/log/nginx/error.log ]; then
        cat /var/log/nginx/error.log | grep -v "/fcs/ident2" > /tmp/t
        if [ -s /tmp/t ]; then
            echo "   -- Errors found in /var/log/nginx/error.log -- "
            cat /tmp/t
            echo
        fi
    fi

    if [ $DISTRIB_ID == "Ubuntu" ]; then
        rm -rf /tmp/t
        $SUDO grep --directories=skip -i exception /var/log/syslog > /tmp/t
        if [ -s /tmp/t ]; then
            echo "   -- Errors found in /var/log/syslog -- "
            cat /tmp/t
            echo
        fi
    fi

    rm -rf /tmp/t
    if [ -d /var/log/bigbluebutton ]; then
        $SUDO grep --directories=skip ERROR /var/log/bigbluebutton/* > /tmp/t
        if [ -s /tmp/t ]; then
            echo "   -- Errors found in /var/log/bigbluebutton -- "
            cat /tmp/t
            echo
        fi
    fi

    rm -rf /tmp/t
    if [ -d /var/log/bigbluebutton ]; then
        $SUDO grep --directories=skip -i exception /var/log/bigbluebutton/* > /tmp/t
        if [ -s /tmp/t ]; then
            echo "   -- Exceptions found in /var/log/bigbluebutton -- "
            cat /tmp/t
            echo
        fi
    fi

    #
    # Additional checks for record and playback
    #

    if [ -f /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml ]; then
        bbb-record --check
    fi

    exit 0
fi



# if asked to print the version that's all we do
if [ -n "$HOST" ]; then
    need_root

    #
    # Update configuration for BigBlueButton web app
    #
    echo "Assigning $HOST for web application URL in $BBB_WEB_ETC_CONFIG"
    if [ -f "$BBB_WEB_ETC_CONFIG" ] && grep "bigbluebutton.web.serverURL" "$BBB_WEB_ETC_CONFIG" > /dev/null ; then
        change_var_value "$BBB_WEB_ETC_CONFIG" bigbluebutton.web.serverURL "$PROTOCOL://$HOST"
    else
        echo "bigbluebutton.web.serverURL=$PROTOCOL://$HOST" >> "$BBB_WEB_ETC_CONFIG"
    fi

    # Populate /etc/bigbluebutton/bbb-web.properites with the shared secret
    if ! grep -q "^securitySalt" "$BBB_WEB_ETC_CONFIG"; then
        echo "securitySalt=$(get_bbb_web_config_value securitySalt)" >> "$BBB_WEB_ETC_CONFIG"
    fi


    if ! grep -q server_names_hash_bucket_size /etc/nginx/nginx.conf; then
        $SUDO sed -i "s/gzip  on;/gzip  on;\n    server_names_hash_bucket_size  64;/g" /etc/nginx/nginx.conf
    fi

    #
    # Update bbb-apps-akka
    #
    echo "Assigning $HOST for web application URL in /etc/bigbluebutton/bbb-apps-akka.conf"

    if [ -f /etc/bigbluebutton/bbb-apps-akka.conf ]; then
        sed -i  "s/bbbWebAPI[ ]*=[ ]*\"[^\"]*\"/bbbWebAPI=\"${PROTOCOL}:\/\/$HOST\/bigbluebutton\/api\"/g" \
                /etc/bigbluebutton/bbb-apps-akka.conf
        # Fix to ensure bbb-apps-akka.conf has the latest shared secret
        SECRET=$(get_bbb_web_config_value securitySalt)
        sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" \
                /etc/bigbluebutton/bbb-apps-akka.conf
    fi

    if [ -f ${LTI_DIR}/WEB-INF/classes/lti-config.properties ]; then
        echo "Assigning $HOST for LTI integration in ${LTI_DIR}/WEB-INF/classes/lti-config.properties"
        # We don't wat to guess on http/https as the lti endpoint may be a different BigBlueButton server
        sed -i "s/bigbluebuttonURL=http:\/\/.*/bigbluebuttonURL=http:\/\/$HOST\/bigbluebutton/g" \
                ${LTI_DIR}/WEB-INF/classes/lti-config.properties
        sed -i "s/bigbluebuttonURL=https:\/\/.*/bigbluebuttonURL=https:\/\/$HOST\/bigbluebutton/g" \
                ${LTI_DIR}/WEB-INF/classes/lti-config.properties
        sed -i "s/ltiEndPoint=.*/ltiEndPoint=$HOST/g" \
                ${LTI_DIR}/WEB-INF/classes/lti-config.properties
    fi


    if [ -f /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml ]; then
        echo "Assigning $HOST for record and playback in /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml"
        change_yml_value /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml playback_host $HOST
    fi

    if [ -f /usr/local/bigbluebutton/bbb-webhooks/config/default.yml ]; then
        echo "Assigning $HOST for webhooks in /usr/local/bigbluebutton/bbb-webhooks/config/default.yml"
        change_yml_value /usr/local/bigbluebutton/bbb-webhooks/config/default.yml serverDomain $HOST
    fi

    echo -n "Assigning $HOST for playback of recordings: "
    for metadata in $(find -L /var/bigbluebutton/published /var/bigbluebutton/unpublished -name metadata.xml); do
        echo -n "."
        # Ensure we update both types of URLs
        xmlstarlet edit --inplace --update '//link[starts-with(normalize-space(), "https://")]' --expr "concat(\"https://\", \"$HOST/\", substring-after(substring-after(., \"https://\"),\"/\"))" $metadata
        xmlstarlet edit --inplace --update '//link[starts-with(normalize-space(), "http://")]' --expr "concat(\"http://\", \"$HOST/\", substring-after(substring-after(., \"http://\"),\"/\"))" $metadata

        #
        # Update thumbnail links
        #
        xmlstarlet edit --inplace --update '//images/image[starts-with(normalize-space(), "https://")]' --expr "concat(\"https://\", \"$HOST/\", substring-after(substring-after(., \"https://\"),\"/\"))" $metadata
        xmlstarlet edit --inplace --update '//images/image[starts-with(normalize-space(), "http://")]' --expr "concat(\"http://\", \"$HOST/\", substring-after(substring-after(., \"http://\"),\"/\"))" $metadata
    done
    echo

    #
    # Update HTML5 client
    #
    if [ -f $HTML5_DEFAULT_CONFIG ]; then
        yq w -i $HTML5_DEFAULT_CONFIG public.kurento.wsUrl "wss://$HOST/bbb-webrtc-sfu"
        yq w -i $HTML5_DEFAULT_CONFIG public.pads.url      "$PROTOCOL://$HOST/pad"
        chown meteor:meteor $HTML5_DEFAULT_CONFIG
    fi

    #
    # Update ESL passwords in three configuration files
    #
    ESL_PASSWORD=$(cat /etc/bigbluebutton/bbb-fsesl-akka.conf | grep password | head -n 1 | sed 's/.*="//g' | sed 's/"//g')
    if [ "$ESL_PASSWORD" == "ClueCon" ]; then
        ESL_PASSWORD=$(openssl rand -hex 8)
        sudo sed -i "s/ClueCon/$ESL_PASSWORD/g" /etc/bigbluebutton/bbb-fsesl-akka.conf
    fi

    sudo yq w -i /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml freeswitch.esl_password "$ESL_PASSWORD"
    sudo xmlstarlet edit --inplace --update 'configuration/settings//param[@name="password"]/@value' --value $ESL_PASSWORD /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml


    echo "Restarting BigBlueButton $BIGBLUEBUTTON_RELEASE ..."
    stop_bigbluebutton
    start_bigbluebutton

    exit 0
fi


if [ $RESTART ]; then
    need_root
    check_configuration

    echo "Restarting BigBlueButton $BIGBLUEBUTTON_RELEASE ..."

    stop_bigbluebutton
    start_bigbluebutton
    check_state
fi

if [ $CLEAN ]; then
    need_root
    check_configuration

    echo "Restarting BigBlueButton $BIGBLUEBUTTON_RELEASE (and cleaning out all log files) ..."

    stop_bigbluebutton

    #
    # Clean log files
    #

    echo " ... cleaning log files"
    rm -f /var/log/bigbluebutton/*.log

    rm -f /opt/freeswitch/var/log/freeswitch/*.log
    rm -f /opt/freeswitch/var/log/freeswitch/*.log.*

    #
    # Clean out the log files for record and playback
    #
    rm -f /var/log/bigbluebutton/bbb-rap-worker.log*
    rm -f /var/log/bigbluebutton/bbb-rap-resque.log*
    rm -f /var/log/bigbluebutton/archive.log*
    if [ -d /var/log/bigbluebutton/html5 ]; then
        rm -f /var/log/bigbluebutton/html5/*
    fi

    if [ -d /var/log/bigbluebutton/podcast ]; then
        rm -f /var/log/bigbluebutton/podcast/*
    fi

    if [ -d /var/log/bigbluebutton/presentation ]; then
        rm -f /var/log/bigbluebutton/presentation/*
    fi

    if [[ $SERVLET_LOGS ]]; then
        rm -rf $SERVLET_LOGS/*
    fi

    # Check if we are storing HTML5 logs in the server
    HTML5_SERVER_LOG=0
    if [[ -f /var/log/nginx/html5-client.log ]]; then
        HTML5_SERVER_LOG=1
    fi

    rm -rf /var/log/nginx/*

    # Revert HTML5 client logs to their original permissions
    if [ $HTML5_SERVER_LOG ]; then
        touch /var/log/nginx/html5-client.log
        chown www-data:adm /var/log/nginx/html5-client.log
        chmod 640 /var/log/nginx/html5-client.log
    fi

    if [ -d /var/log/bbb-fsesl-akka ]; then
        rm -f /var/log/bbb-fsesl-akka/*
    fi

  if [ -d /var/log/bbb-apps-akka ]; then
        rm -f /var/log/bbb-apps-akka/*
    fi

    if [ -d /var/log/bbb-webrtc-sfu ]; then
        rm -f /var/log/bbb-webrtc-sfu/*
    fi

    if [ -d /var/log/redis ]; then
        rm -f /var/log/redis/*
    fi

    if [ -d /var/log/mongodb ]; then
        rm -f /var/log/mongodb/*
    fi

    if [ -d /var/log/kurento-media-server ]; then
        rm -f /var/log/kurento-media-server/*
    fi

    start_bigbluebutton
    check_state
fi

if [ $NETWORK ]; then
    ss -ant | egrep ":80|:443\ " | egrep -v ":::|0.0.0.0" > /tmp/t_net
    REMOTE=$(cat /tmp/t_net | cut -c 45-68 | cut -d ":" -f1 | sort | uniq)

    if [ "$REMOTE" != "" ]; then
        echo -e "ss\t\t\t80\t443"
        for IP in $REMOTE ; do
            PORT_80=$(cat /tmp/t_net | grep :80 | cut -c 45-68 | cut -d ":" -f1 | grep $IP | wc -l )
            PORT_443=$(cat /tmp/t_net | grep :443 | cut -c 45-68 | cut -d ":" -f1 | grep $IP | wc -l )

            echo -e "$IP\t\t$PORT_80\t$PORT_443"
        done
    fi
    rm /tmp/t_net
fi

if [ $WATCH ]; then
    need_root
    watch -n 2 "top -n 1 -b | head -n 5; echo; bbb-conf --network; bbb-conf --debug"
fi
