free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Fixing jitsi meet

Bob Mottram 7 years ago
parent
ce071bcc7b
commit
267ff1f8a2
2 changed files with 33 additions and 31 deletions
Split View Show Diff Stats
  1. 31
    31
      src/freedombone-app-jitsi
  2. 2
    0
      src/freedombone-app-matrix

+ 31
- 31
src/freedombone-app-jitsi View File 

@@ -15,7 +15,7 @@
15 15 
 # License
16 16 
 # =======
17 17 
 #
18 
-# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
18 
+# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
19 19 
 #
20 20 
 # This program is free software: you can redistribute it and/or modify
21 21 
 # it under the terms of the GNU Affero General Public License as published by
 
@@ -146,11 +146,11 @@ function remove_jitsi {
146 146 
     fi
147 147
148 148 
     if [ -f /etc/nginx/sites-available/${JITSI_DOMAIN_NAME} ]; then
149 
-        nginx_dissite ${JITSI_DOMAIN_NAME}.conf
149 
+        nginx_dissite ${JITSI_DOMAIN_NAME}
150 150 
         if [ -d /var/www/${JITSI_DOMAIN_NAME} ]; then
151 151 
             rm -rf /var/www/${JITSI_DOMAIN_NAME}
152 152 
         fi
153 
-        rm /etc/nginx/sites-available/${JITSI_DOMAIN_NAME}.conf
153 
+        rm /etc/nginx/sites-available/${JITSI_DOMAIN_NAME}
154 154
155 155 
         function_check remove_certs
156 156 
         remove_certs ${JITSI_DOMAIN_NAME}
 
@@ -255,7 +255,7 @@ function install_jitsi {
255 255 
     debconf-set-selections <<< "jitsi-meet jitsi-meet/cert-choice multiselect 1"
256 256 
     apt-get -yq install jitsi-meet jitsi-meet-prosody
257 257
258 
-    jitsi_nginx_site=/etc/nginx/sites-available/${JITSI_DOMAIN_NAME}.conf
258 
+    jitsi_nginx_site=/etc/nginx/sites-available/${JITSI_DOMAIN_NAME}
259 259 
     echo 'server_names_hash_bucket_size 64;' > $jitsi_nginx_site
260 260 
     if [[ $ONION_ONLY == "no" ]]; then
261 261 
         echo '' >> $jitsi_nginx_site
 
@@ -269,15 +269,14 @@ function install_jitsi {
269 269 
         echo '    listen [::]:443 ssl;' >> $jitsi_nginx_site
270 270 
         echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
271 271 
         echo '' >> $jitsi_nginx_site
272 
-        echo '    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' >> $jitsi_nginx_site
273 
-        echo '    ssl_prefer_server_ciphers on;' >> $jitsi_nginx_site
274 
-        echo '    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";' >> $jitsi_nginx_site
275 
-        echo '' >> $jitsi_nginx_site
276 
-        echo '    add_header Strict-Transport-Security "max-age=31536000";' >> $jitsi_nginx_site
277 
-        echo '' >> $jitsi_nginx_site
278 
-        echo "    ssl_certificate /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt;" >> $jitsi_nginx_site
279 
-        echo "    ssl_certificate_key /etc/ssl/private/${JITSI_DOMAIN_NAME}.key;" >> $jitsi_nginx_site
280 
-        echo "    ssl_dhparam /etc/ssl/certs/${JITSI_DOMAIN_NAME}.dhparam;" >> $jitsi_nginx_site
272 
+
273 
+        function_check nginx_ssl
274 
+        nginx_ssl ${JITSI_DOMAIN_NAME}
275 
+
276 
+        function_check nginx_disable_sniffing
277 
+        nginx_disable_sniffing ${JITSI_DOMAIN_NAME}
278 
+
279 
+        echo '    add_header Strict-Transport-Security max-age=15768000;' >> $jitsi_nginx_site
281 280 
         echo '' >> $jitsi_nginx_site
282 281 
         echo '    root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
283 282 
         echo '    index index.html index.htm;' >> $jitsi_nginx_site
 
@@ -352,35 +351,35 @@ function install_jitsi {
352 351 
     echo '    }' >> $jitsi_nginx_site
353 352 
     echo '}' >> $jitsi_nginx_site
354 353
355 
-    sed -i "s|server_name ${JITSI_DOMAIN_NAME}.conf|server_name ${JITSI_DOMAIN_NAME}|g" $jitsi_nginx_site
356 
-    sed -i "s|/var/www/${JITSI_DOMAIN_NAME}.conf/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site
354 
+    sed -i "s|/var/www/${JITSI_DOMAIN_NAME}/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site
357 355
358 356 
     if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
357 
+        if [ -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt ]; then
358 
+            rm /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt
359 
+        fi
360 
+        if [ -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.dhparam ]; then
361 
+            rm /etc/ssl/certs/${JITSI_DOMAIN_NAME}.dhparam
362 
+        fi
359 363 
         function_check create_site_certificate
360 364 
         create_site_certificate ${JITSI_DOMAIN_NAME} 'yes'
365 
+        if [[ $ONION_ONLY == "no" ]]; then
366 
+            if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
367 
+                exit 678363
368 
+            fi
369 
+        fi
361 370 
     fi
362 371
363 
-    if [ -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt ]; then
364 
-        mv /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem
372 
+    if [ -d /etc/letsencrypt ]; then
373 
+        usermod -a -G www-data jitsi
374 
+        usermod -a -G ssl-cert jitsi
365 375 
     fi
366 376
367 
-    # ensure that certs are available to prosody with correct permissions
368 
-    cp /etc/ssl/certs/${JITSI_DOMAIN_NAME}.* /etc/prosody/certs
369 
-    cp /etc/ssl/private/${JITSI_DOMAIN_NAME}.key /etc/prosody/certs
370 
-    chown prosody:prosody /etc/prosody/certs/${JITSI_DOMAIN_NAME}.*
371 
-
372 377 
     if [ -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
373 
-        sed -i "s|.crt|.pem|g" $jitsi_nginx_site
374 378 
         sed -i "s|.crt|.pem|g" /etc/prosody/conf.d/${JITSI_DOMAIN_NAME}.cfg.lua
375 379 
     fi
376 380
377 
-    sed -i "s|key =.*|key = \"/etc/prosody/certs/${JITSI_DOMAIN_NAME}.key\"|g" /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua
378 
-    sed -i "s|certificate =.*|certificate = \"/etc/prosody/certs/${JITSI_DOMAIN_NAME}.pem\"|g" /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua
379 
-
380 
-    sed -i "s|.conf.crt|.crt|g" /etc/nginx/sites-available/${JITSI_DOMAIN_NAME}.conf
381 
-    sed -i "s|.conf.pem|.pem|g" /etc/nginx/sites-available/${JITSI_DOMAIN_NAME}.conf
382 
-    sed -i "s|.conf.key|.key|g" /etc/nginx/sites-available/${JITSI_DOMAIN_NAME}.conf
383 
-    sed -i "s|.conf.dhparam|.dhparam|g" /etc/nginx/sites-available/${JITSI_DOMAIN_NAME}.conf
381 
+    sed -i "s|key =.*|key = \"/etc/ssl/private/${JITSI_DOMAIN_NAME}.key\"|g" /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua
382 
+    sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem\"|g" /etc/prosody/conf.avail/${JITSI_DOMAIN_NAME}.cfg.lua
384 383
385 384 
     sed -i "s|enableWelcomePage:.*|enableWelcomePage: false,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
386 385 
     sed -i "s|disableStats:.*|disableStats: true,|g" /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js
 
@@ -389,6 +388,7 @@ function install_jitsi {
389 388
390 389 
     sed -i "s|navigator.mozGetUserMedia|navigator.mediaDevices.getUserMedia|g" /usr/share/jitsi-meet/libs/lib-jitsi-meet.min.js
391 390
391 
+    # generated certs which aren't used
392 392 
     if [ -f /usr/lib/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
393 393 
         rm /usr/lib/ssl/certs/${JITSI_DOMAIN_NAME}.pem
394 394 
     fi
 
@@ -400,7 +400,7 @@ function install_jitsi {
400 400 
     fi
401 401
402 402 
     function_check nginx_ensite
403 
-    nginx_ensite ${JITSI_DOMAIN_NAME}.conf
403 
+    nginx_ensite ${JITSI_DOMAIN_NAME}
404 404
405 405 
     set_completion_param "jitsi domain" "$JITSI_DOMAIN_NAME"
406 406

+ 2
- 0
src/freedombone-app-matrix View File 

@@ -669,5 +669,7 @@ function install_matrix {
669 669 
         exit 879352
670 670 
     fi
671 671
672 
+    set_completion_param "matrix domain" "$MATRIX_DOMAIN_NAME"
673 
+
672 674 
     APP_INSTALLED=1
673 675 
 }