I did change the OwnCloudConfig.js â OWNCLOUD_ORIGIN: ââ â to reflect the original state of the $SPREEDDOMAIN variable in the script, and after restarting spreed-webrtc and apache2 still ran into the same âFailed to load app!â error.
webrtc.conf
; Spreed WebRTC server example configuration
[http]
; HTTP listener in format ip:port.
listen = 10.10.105.158:8080
; Full path to directory where to find the server web assets.
root = /usr/share/spreed-webrtc-server/www
; HTTP socket read timeout in seconds.
;readtimeout = 10
; HTTP socket write timeout in seconds.
;writetimeout = 10
; Use basePath if the server does not run on the root path (/) of your server.
basePath = /webrtc/
; Set maximum number of open files (only works when run as root).
;maxfd = 32768
; Enable stats API /api/v1/stats for debugging (not for production use!).
;stats = false
; Enable HTTP listener for golang pprof module. See
; http://golang.org/pkg/net/http/pprof/ for details.
;pprofListen = 127.0.0.1:6060
[https]
; Native HTTPS listener in format ip:port.
;listen = 10.10.105.158:8443
; Full path to PEM encoded certificate chain.
;certificate = server.crt
; Full path to PEM encoded private key.
;key = server.key
; Mimimal supported encryption standard (SSLv3, TLSv1, TLSv1.1 or TLSv1.2).
;minVersion = SSLv3
; HTTPS socket read timeout in seconds.
;readtimeout = 10
; HTTPS socket write timeout in seconds.
;writetimeout = 10
[app]
; HTML page title
;title = Spreed WebRTC
; Version string to use for static resources. This defaults to the server
; version and should only be changed when you use your own way to invalidate
; long cached static resources.
;ver = 1234
; STUN server URIs in format host:port. You can provide multiple seperated by
; space. If you do not have one use a public one like stun.spreed.me:443. If
; you have a TURN server you do not need to set an STUN server as the TURN
; server will provide STUN services.
;stunURIs = stun:stun.spreed.me:443
; TURN server URIs in format host:port?transport=udp|tcp. You can provide
; multiple seperated by space. If you do not have at least one TURN server then
; some users will not be able to use the server as the peer to peer connection
; cannot be established without a TURN server due to firewall reasons. An open
; source TURN server which is fully supported can be found at
; https://code.google.com/p/rfc5766-turn-server/.
;turnURIs = turn:turnserver:port?transport=udp
; Shared secret authentication for TURN user generation if the TURN server is
; protected (which it should be).
; See http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 for details.
; A supported TURN server is https://code.google.com/p/rfc5766-turn-server/.
;turnSecret = the-default-turn-shared-secret-do-not-keep
; Enable renegotiation support. Set to true to tell clients that they can
; renegotiate peer connections when required. Firefox support is not complete,
; so do not enable if you want compatibility with Firefox clients.
;renegotiation = false
; Session secret to use for session id generator. 32 or 64 bytes of random data
; are recommented (hex encoded). A warning will be logged if hex decode fails.
; You can generate a secret easily with âxxd -ps -l 32 -c 32 /dev/randomâ.
sessionSecret = REDACTED
; Encryption secret protecting the data in generated server side tokens. Use
; 16, 24, or 32 bytes (hex encoded) to select AES-128, AES-192, or AES-256.
; When you change the encryption secret, stored authentications, sessions and
; contacts become invalid. A warning will be logged if hex decode fails. You
; can generate a secret easily with âxxd -ps -l 32 -c 32 /dev/randomâ.
encryptionSecret = REDACTED
; Full path to a text file containig client tokens which a user needs to enter
; when accessing the web client. Each line in this file represents a valid
; token.
;tokenFile = tokens.txt
; The name of a global room. If enabled it should be kept secret. Users in that
; room are visible in all other rooms.
;globalRoom = global
; The default room is the room at the root URL of the servers base address and
; all users will join this room if enabled. If it is disabled then a room join
; form will be shown instead.
;defaultRoomEnabled = true
; Whether a user account is required to join a room. This only has an effect
; if user accounts are enabled. Optional, defaults to false.
authorizeRoomJoin = true
; Whether a user account is required to create a room. This only has an effect
; if user accounts are enabled. Optional, defaults to false.
;authorizeRoomCreation = false
; Wether the pipelines API should be enabled. Optional, defaults to false.
;pipelinesEnabled = false
; Server token is a public random string which is used to enhance security of
; server generated security tokens. When the serverToken is changed all existing
; nonces become invalid. Use 32 or 64 characters (eg. 16 or 32 byte hex).
serverToken = REDACTED
; The server realm is part of the validation chain of tokens and nonces and is
; added as suffix to server created user ids if user creation is enabled. When
; the realm is changed, all existing tokens and nonces become invalid.
serverRealm = local
; Full path to an extra templates directory. Templates in this directory ending
; with .html will be parsed on startup and can be used to fill the supported
; extra-* template slots. If the extra folder has a sub folder âstaticâ, the
; resources in this static folder will be available as /extra/static/âŠ
; relative to your servers base URL.
extra = /var/www/nextcloud/apps/spreedme/extra
; Full path to an extra.d directory. Subfolders in this directory will be
; searched for head.html and body.html on startup. If found, those templates
; will be automatically included for the web client. In addition,
; sub-folder/static will be made available by URL at /extra.d/static//âŠ
; relative to your servers base URL.
; URL relative to the servers base path for a plugin javascript file which is
; automatically loaded on web client start for all users. You can put your
; plugin in the extra/static folder (see above) or provide another folder using
; a front end webserver. Check the doc folder for more info about plugins and
; examples.
;extra.d = /usr/share/spreed-webrtc-server/extra.d
plugin = /var/www/nextcloud/apps/spreedme/extra/static/owncloud.js
; Content-Security-Policy HTTP response header value.
; Spreed WebRTC requires inline styles, WebSocket connection to itself and
; data: URL for images.
; The currently recommended CSP is:
; default-src âselfâ;
; frame-src âselfâ blob:;
; style-src âselfâ âunsafe-inlineâ;
; img-src âselfâ data: blob:;
; connect-src âselfâ wss://server:port/ws blob:;
; font-src âselfâ data: blob:;
; media-src âselfâ blob:;
;contentSecurityPolicy =
; Content-Security-Policy-Report-Only HTTP response header value. Use this
; to test your CSP before putting it into production.
;contentSecurityPolicyReportOnly =
[modules]
; Modules provide optional functionality. Modules are enabled by default and
; can be disabled by setting false to their corresponding configuration.
;screensharing = true
;youtube = true
;presentation = true
;contacts = true
[log]
logfile = /var/log/spreed-webrtc-server.log
[users]
; Set to true to enable user functionality.
enabled = true
; Set users authorization mode.
; sharedsecret:
; Validates the userid with a HMAC authentication secret.
; The format goes like this:
; BASE64(HMAC-SHA-256(secret, expirationTimestampInSeconds:userid))
; httpheader:
; The userid is provided as an HTTP header. The server does not do any
; validation. This usually only makes sense with a front end HTTPS proxy which
; does the authentication and injects the user id as HTTP header for sessions
; REST requests. In mode httpheader, allowRegistration should be false.
; certificate:
; The userid is provided as CommonName with a certificate provided with TLS
; client authentication. When you use this with a front end proxy for TLS
; termination, that proxy has to validate the certificate and inject certain
; headers into the proxy connection. While certificate mode offers the highest
; security it is currently considered experimental and the user experience
; varies between browsers and platforms.
mode = sharedsecret
; The shared secred for HMAC validation in âsharedsecretâ mode. Best use 32 or
; 64 bytes of random data.
sharedsecret_secret = REDACTED
; The HTTP header name where to find the userid in âhttpheaderâ mode.
;httpheader_header = x-userid
; Full path to PEM encoded private key to use for user creation in âcertificateâ
; mode. Keep this commented if you do not want the server to sign certificate
; requests.
;certificate_key = userskey.key
; Full path to PEM encoded certificate to use for user validation in
; âcertificateâ mode. When allowRegistration is true and certificate_key is also
; set then the server will act as a CA and sign incoming user registrations and
; return certificates to users as registration.
;certificate_certificate = usersca.crt
; The HTTP header name where to find if the TLS client authentication was
; successfull. The value of this header is matched to
; certificate_verifiedHeaderValue and only if there is a match, the proxy
; handled TLS client authentication is accepted as success. Make sure to secure
; these headers with your front end proxy (always set them). Do not use these
; settings when not using a front end proxy.
;certificate_verifiedHeader = x-verified
;certificate_verifiedHeaderValue = SUCCESS
; The HTTP header name where to find the PEM encoded certificate authenticated
; by a front end proxy. With Nginx the required value is in $ssl_client_cert.
;certificate_certificateHeader = x-certificate
; The valid duration of generated certificates created in certificate mode when
; allowRegistration is enabled.
;certificate_validForDays = 365
; Organization to set into the created user certificates. Use a readable public
; name to make the certificate easily recognizable as certificate for your
; server so users can choose the correct certificate when prompted.
;certificate_organization= = My Spreed Server
; If enabled the server can create new userids. Set allowRegistration to true to
; enable userid creation/registration. Users are created according the settings
; of the currently configured mode (see above).
;allowRegistration = false
[nats]
; Set to true, to enable triggering channelling events via NATS
;channelling_trigger = false
;channelling_trigger_subject = channelling.trigger
; NATS server URL
;url = nats://127.0.0.1:4222
; NATS connect establish timeout in seconds
;establishTimeout = 60
; Use client_id to distinguish between multipe servers. The value is sent
; together with every NATS request. Defaults to empty.
;client_id =
[roomtypes]
; You can define room types that should be used for given room names instead of
; the default type âRoomâ. Use format âRegularExpression = RoomTypeâ and make
; sure the regular expression doesnât contain any â=â or â:â.
;
; Available room types:
; âConferenceâ
; All participants joining the room automatically call each other and are in
; a conference.
;
; Example (all rooms below âconference/â are conference rooms):
;^conference/.+ = Conference
;
apps/spreedme/config/config.php
<?php
/**
* Nextcloud - spreedme
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Leon
* @copyright struktur AG 2016
*/
namespace OCA\SpreedME\Config;
class Config {
// Domain of your Spreed WebRTC server (including protocol and optional port number), examples:
//const SPREED_WEBRTC_ORIGIN = 'https://mynextcloudserver.com';
//const SPREED_WEBRTC_ORIGIN = 'https://webrtc.mynextcloudserver.com:8080';
// If this is empty or only includes a port (e.g. :8080), host will automatically be determined (current host)
const SPREED_WEBRTC_ORIGIN = '';
// This has to be the same `basePath`
// you already set in the [http] section of the `server.conf` file from Spreed WebRTC server
const SPREED_WEBRTC_BASEPATH = '/webrtc/';
// This has to be the same `sharedsecret_secret` (64-character HEX string)
// you already set in the [users] section of the `server.conf` file from Spreed WebRTC server
const SPREED_WEBRTC_SHAREDSECRET = 'shared_secret_generated_in_original_script_from_https://gist.github.com/ezraholm50/cecf009f5576428507cbdd92a050c9b7#file-install_spreedme_webrtc-sh-L77';
// Set to true if at least one another Nextcloud instance uses the same Spreed WebRTC server
const SPREED_WEBRTC_IS_SHARED_INSTANCE = false;
// Set to true if you want to allow access to this app + spreed-webrtc for non-registered users who received a temporary password by an Nextcloud admin.
// You can generate such a temporary password at: /index.php/apps/spreedme/admin/tp (Nextcloud admin user account required)
const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED = false;
// If 'OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED' is set to true, you also have to provide a signing key here (64-character HEX string)
// Generate it using `xxd -ps -l 32 -c 32 /dev/random` (better) or `openssl rand -hex 32`
const OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY = 'f20e1b84781d80570fef6e2969f61ba91ccb56922398a45eXXXXXXXXXXXXXXXX';
private function __construct() {
}
}
----------
**apps/spreedme/extra/static/config/OwnCloudConfig.js**
/**
* Nextcloud - spreedme
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Leon
* @copyright struktur AG 2016
*/
// This file is loaded in WebRTC context
(function(window) {
var OwnCloudConfig = function() {
return {
// Domain of your Nextcloud server (including protocol and optional port number), examples:
//OWNCLOUD_ORIGIN: 'https://mynextcloudserver.com',
//OWNCLOUD_ORIGIN: 'https://nextcloud.myserver.com:8443',
// If this is empty or only includes a port (e.g. :8443), host will automatically be determined (current host)
OWNCLOUD_ORIGIN: 'SPREEDDOMAIN',
};
};
if (typeof define === "function" && define.amd) {
define(OwnCloudConfig);
} else {
window.OwnCloudConfig = OwnCloudConfig();
}
})(window);