|
|
@@ -251,55 +251,54 @@ function install_jitsi {
|
|
251
|
251
|
apt-get -yq install jitsi-meet jitsi-meet-prosody
|
|
252
|
252
|
|
|
253
|
253
|
jitsi_nginx_site=/etc/nginx/sites-available/${JITSI_DOMAIN_NAME}.conf
|
|
254
|
|
- if [ -f $jitsi_nginx_site ]; then
|
|
255
|
|
- rm $jitsi_nginx_site
|
|
256
|
|
- fi
|
|
257
|
254
|
if [[ $ONION_ONLY == "no" ]]; then
|
|
258
|
|
- function_check nginx_http_redirect
|
|
259
|
|
- nginx_http_redirect ${JITSI_DOMAIN_NAME}.conf
|
|
260
|
|
- echo '' >> $jitsi_nginx_site
|
|
261
|
|
- echo 'server_names_hash_bucket_size 64;' >> $jitsi_nginx_site
|
|
|
255
|
+ echo 'server_names_hash_bucket_size 64;' > $jitsi_nginx_site
|
|
262
|
256
|
echo '' >> $jitsi_nginx_site
|
|
263
|
257
|
echo 'server {' >> $jitsi_nginx_site
|
|
264
|
|
- echo ' listen 443 ssl;' >> $jitsi_nginx_site
|
|
265
|
|
- echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
|
|
|
258
|
+ echo ' listen 80;' >> $jitsi_nginx_site
|
|
|
259
|
+ echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
|
|
|
260
|
+ echo ' return 301 https://$host$request_uri;' >> $jitsi_nginx_site
|
|
|
261
|
+ echo '}' >> $jitsi_nginx_site
|
|
|
262
|
+ echo 'server {' >> $jitsi_nginx_site
|
|
|
263
|
+ echo ' listen 443 ssl;' >> $jitsi_nginx_site
|
|
|
264
|
+ echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
|
|
266
|
265
|
echo '' >> $jitsi_nginx_site
|
|
267
|
|
- echo ' # Security' >> $jitsi_nginx_site
|
|
268
|
|
- function_check nginx_ssl
|
|
269
|
|
- nginx_ssl ${JITSI_DOMAIN_NAME}.conf
|
|
270
|
|
-
|
|
271
|
|
- function_check nginx_disable_sniffing
|
|
272
|
|
- nginx_disable_sniffing ${JITSI_DOMAIN_NAME}.conf
|
|
273
|
|
-
|
|
274
|
|
- echo ' add_header Strict-Transport-Security max-age=15768000;' >> $jitsi_nginx_site
|
|
|
266
|
+ echo ' ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' >> $jitsi_nginx_site
|
|
|
267
|
+ echo ' ssl_prefer_server_ciphers on;' >> $jitsi_nginx_site
|
|
|
268
|
+ echo ' ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";' >> $jitsi_nginx_site
|
|
|
269
|
+ echo '' >> $jitsi_nginx_site
|
|
|
270
|
+ echo ' add_header Strict-Transport-Security "max-age=31536000";' >> $jitsi_nginx_site
|
|
275
|
271
|
echo '' >> $jitsi_nginx_site
|
|
276
|
|
- echo ' # Logs' >> $jitsi_nginx_site
|
|
277
|
|
- echo ' access_log off;' >> $jitsi_nginx_site
|
|
278
|
|
- echo ' error_log off;' >> $jitsi_nginx_site
|
|
|
272
|
+ echo " ssl_certificate /etc/ssl/certs/${JITSI_DOMAIN_NAME}.crt;" >> $jitsi_nginx_site
|
|
|
273
|
+ echo " ssl_certificate_key /etc/ssl/private/${JITSI_DOMAIN_NAME}.key;" >> $jitsi_nginx_site
|
|
|
274
|
+ echo " ssl_dhparam /etc/ssl/certs/${JITSI_DOMAIN_NAME}.dhparam;" >> $jitsi_nginx_site
|
|
279
|
275
|
echo '' >> $jitsi_nginx_site
|
|
280
|
|
- echo ' # Root' >> $jitsi_nginx_site
|
|
281
|
|
- echo " root /usr/share/jitsi-meet;" >> $jitsi_nginx_site
|
|
|
276
|
+ echo ' root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
|
|
|
277
|
+ echo ' index index.html index.htm;' >> $jitsi_nginx_site
|
|
282
|
278
|
echo '' >> $jitsi_nginx_site
|
|
283
|
|
- echo ' index index.html index.htm;' >> $jitsi_nginx_site
|
|
|
279
|
+ echo ' location /config.js {' >> $jitsi_nginx_site
|
|
|
280
|
+ echo ' alias /etc/jitsi/meet/jitsi.freedombone.net-config.js;' >> $jitsi_nginx_site
|
|
|
281
|
+ echo ' }' >> $jitsi_nginx_site
|
|
284
|
282
|
echo '' >> $jitsi_nginx_site
|
|
285
|
|
- echo ' location /config.js {' >> $jitsi_nginx_site
|
|
286
|
|
- echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
|
|
287
|
|
- echo ' }' >> $jitsi_nginx_site
|
|
|
283
|
+ echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
|
|
|
284
|
+ echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
|
|
|
285
|
+ echo ' }' >> $jitsi_nginx_site
|
|
288
|
286
|
echo '' >> $jitsi_nginx_site
|
|
289
|
|
- echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
|
|
290
|
|
- echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
|
|
291
|
|
- echo ' }' >> $jitsi_nginx_site
|
|
|
287
|
+ echo ' location / {' >> $jitsi_nginx_site
|
|
|
288
|
+ echo ' ssi on;' >> $jitsi_nginx_site
|
|
|
289
|
+ echo ' }' >> $jitsi_nginx_site
|
|
292
|
290
|
echo '' >> $jitsi_nginx_site
|
|
293
|
|
- echo ' location / {' >> $jitsi_nginx_site
|
|
294
|
|
- function_check nginx_limits
|
|
295
|
|
- nginx_limits ${JITSI_DOMAIN_NAME}.conf '15m'
|
|
296
|
|
- echo ' }' >> $jitsi_nginx_site
|
|
|
291
|
+ echo ' # Backward compatibility' >> $jitsi_nginx_site
|
|
|
292
|
+ echo ' location ~ /external_api.* {' >> $jitsi_nginx_site
|
|
|
293
|
+ echo ' root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
|
|
|
294
|
+ echo ' }' >> $jitsi_nginx_site
|
|
297
|
295
|
echo '' >> $jitsi_nginx_site
|
|
298
|
|
- echo ' location /http-bind {' >> $jitsi_nginx_site
|
|
299
|
|
- echo " proxy_pass http://localhost:${JITSI_PORT}/http-bind;" >> $jitsi_nginx_site
|
|
300
|
|
- echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
|
|
301
|
|
- echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site
|
|
302
|
|
- echo ' }' >> $jitsi_nginx_site
|
|
|
296
|
+ echo ' # BOSH' >> $jitsi_nginx_site
|
|
|
297
|
+ echo ' location /http-bind {' >> $jitsi_nginx_site
|
|
|
298
|
+ echo ' proxy_pass http://localhost:5280/http-bind;' >> $jitsi_nginx_site
|
|
|
299
|
+ echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
|
|
|
300
|
+ echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site
|
|
|
301
|
+ echo ' }' >> $jitsi_nginx_site
|
|
303
|
302
|
echo '}' >> $jitsi_nginx_site
|
|
304
|
303
|
else
|
|
305
|
304
|
echo -n '' > $jitsi_nginx_site
|
|
|
@@ -312,38 +311,37 @@ function install_jitsi {
|
|
312
|
311
|
echo " server_name ${JITSI_ONION_HOSTNAME};" >> $jitsi_nginx_site
|
|
313
|
312
|
fi
|
|
314
|
313
|
echo '' >> $jitsi_nginx_site
|
|
315
|
|
- function_check nginx_disable_sniffing
|
|
316
|
|
- nginx_disable_sniffing ${JITSI_DOMAIN_NAME}.conf
|
|
|
314
|
+ echo ' root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
|
|
|
315
|
+ echo ' index index.html index.htm;' >> $jitsi_nginx_site
|
|
317
|
316
|
echo '' >> $jitsi_nginx_site
|
|
318
|
|
- echo ' # Logs' >> $jitsi_nginx_site
|
|
319
|
|
- echo ' access_log off;' >> $jitsi_nginx_site
|
|
320
|
|
- echo ' error_log off;' >> $jitsi_nginx_site
|
|
|
317
|
+ echo ' location /config.js {' >> $jitsi_nginx_site
|
|
|
318
|
+ echo ' alias /etc/jitsi/meet/jitsi.freedombone.net-config.js;' >> $jitsi_nginx_site
|
|
|
319
|
+ echo ' }' >> $jitsi_nginx_site
|
|
321
|
320
|
echo '' >> $jitsi_nginx_site
|
|
322
|
|
- echo ' # Root' >> $jitsi_nginx_site
|
|
323
|
|
- echo " root /usr/share/jitsi-meet;" >> $jitsi_nginx_site
|
|
|
321
|
+ echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
|
|
|
322
|
+ echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
|
|
|
323
|
+ echo ' }' >> $jitsi_nginx_site
|
|
324
|
324
|
echo '' >> $jitsi_nginx_site
|
|
325
|
|
- echo ' index index.html index.htm;' >> $jitsi_nginx_site
|
|
|
325
|
+ echo ' location / {' >> $jitsi_nginx_site
|
|
|
326
|
+ echo ' ssi off;' >> $jitsi_nginx_site
|
|
|
327
|
+ echo ' }' >> $jitsi_nginx_site
|
|
326
|
328
|
echo '' >> $jitsi_nginx_site
|
|
327
|
|
- echo ' location /config.js {' >> $jitsi_nginx_site
|
|
328
|
|
- echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
|
|
329
|
|
- echo ' }' >> $jitsi_nginx_site
|
|
|
329
|
+ echo ' # Backward compatibility' >> $jitsi_nginx_site
|
|
|
330
|
+ echo ' location ~ /external_api.* {' >> $jitsi_nginx_site
|
|
|
331
|
+ echo ' root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
|
|
|
332
|
+ echo ' }' >> $jitsi_nginx_site
|
|
330
|
333
|
echo '' >> $jitsi_nginx_site
|
|
331
|
|
- echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
|
|
332
|
|
- echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
|
|
333
|
|
- echo ' }' >> $jitsi_nginx_site
|
|
334
|
|
- echo '' >> $jitsi_nginx_site
|
|
335
|
|
- echo ' location / {' >> $jitsi_nginx_site
|
|
336
|
|
- function_check nginx_limits
|
|
337
|
|
- nginx_limits ${JITSI_DOMAIN_NAME}.conf '15m'
|
|
338
|
|
- echo ' }' >> $jitsi_nginx_site
|
|
339
|
|
- echo '' >> $jitsi_nginx_site
|
|
340
|
|
- echo ' location /http-bind {' >> $jitsi_nginx_site
|
|
341
|
|
- echo " proxy_pass http://localhost:${JITSI_PORT}/http-bind;" >> $jitsi_nginx_site
|
|
342
|
|
- echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
|
|
343
|
|
- echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site
|
|
344
|
|
- echo ' }' >> $jitsi_nginx_site
|
|
|
334
|
+ echo ' # BOSH' >> $jitsi_nginx_site
|
|
|
335
|
+ echo ' location /http-bind {' >> $jitsi_nginx_site
|
|
|
336
|
+ echo ' proxy_pass http://localhost:5280/http-bind;' >> $jitsi_nginx_site
|
|
|
337
|
+ echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
|
|
|
338
|
+ echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site
|
|
|
339
|
+ echo ' }' >> $jitsi_nginx_site
|
|
345
|
340
|
echo '}' >> $jitsi_nginx_site
|
|
346
|
341
|
|
|
|
342
|
+ sed -i "s|server_name ${JITSI_DOMAIN_NAME}.conf|server_name ${JITSI_DOMAIN_NAME}|g" $jitsi_nginx_site
|
|
|
343
|
+ sed -i "s|/var/www/${JITSI_DOMAIN_NAME}.conf/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site
|
|
|
344
|
+
|
|
347
|
345
|
if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
|
|
348
|
346
|
function_check create_site_certificate
|
|
349
|
347
|
create_site_certificate ${JITSI_DOMAIN_NAME} 'yes'
|
Bob Mottram
9 年前