jiti-meet/resources/coturn-le-update.sh

#!/bin/sh

set -e

# This script is updating the Let's Encrypt certificates on renew or when installing
# The only param it gets is the domain and expects the certificates to use are updated
# in /etc/jitsi/meet folder.
DOMAIN=$1

if [ -z "$DOMAIN" ] ; then
  echo "You need to pass the domain as parameter."
  exit 10;
fi

COTURN_CERT_DIR="/etc/coturn/certs"
TURN_CONFIG="/etc/turnserver.conf"

# Execute only if turnconfig exist and is one managed by jitsi-meet
if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
    # create a directory to store certs if it does not exists
    if [ ! -d "$COTURN_CERT_DIR" ]; then
        mkdir -p $COTURN_CERT_DIR
        chown -R turnserver:turnserver /etc/coturn/
        chmod -R 700 /etc/coturn/
    fi

    # Make sure the certificate and private key files are
    # never world readable, even just for an instant while
    # we're copying them into daemon_cert_root.
    umask 077

    cp "/etc/jitsi/meet/${DOMAIN}.crt" "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem"
    cp "/etc/jitsi/meet/${DOMAIN}.key" "$COTURN_CERT_DIR/${DOMAIN}.privkey.pem"

    # Apply the proper file ownership and permissions for
    # the daemon to read its certificate and key.
    chown turnserver "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem" \
            "$COTURN_CERT_DIR/${DOMAIN}.privkey.pem"
    chmod 400 "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem" \
            "$COTURN_CERT_DIR/${DOMAIN}.privkey.pem"

    echo "Configuring turnserver"
    sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${DOMAIN}.fullchain.pem" $TURN_CONFIG
    sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${DOMAIN}.privkey.pem" $TURN_CONFIG

    service coturn restart
fi
feat: Adds LE choice when installing debian package. (#12154) * feat: Adds LE choice when installing debian package. * Update debian/jitsi-meet-web-config.templates Co-authored-by: raluca8x8 <raluca.tocmag@8x8.com> * squash: Print in the console the JaaS link everytime. * squash: Note that JaaS does not support self-signed certs. * squash: Fix message. * squash: Moves acme.sh stuff into a script, so it is easy to re-run. Co-authored-by: raluca8x8 <raluca.tocmag@8x8.com> 2022-09-13 12:55:00 +00:00			`#!/bin/sh`

			`set -e`

			`# This script is updating the Let's Encrypt certificates on renew or when installing`
			`# The only param it gets is the domain and expects the certificates to use are updated`
			`# in /etc/jitsi/meet folder.`
			`DOMAIN=$1`

			`if [ -z "$DOMAIN" ] ; then`
			`echo "You need to pass the domain as parameter."`
			`exit 10;`
			`fi`

			`COTURN_CERT_DIR="/etc/coturn/certs"`
			`TURN_CONFIG="/etc/turnserver.conf"`

			`# Execute only if turnconfig exist and is one managed by jitsi-meet`
			`if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then`
			`# create a directory to store certs if it does not exists`
			`if [ ! -d "$COTURN_CERT_DIR" ]; then`
			`mkdir -p $COTURN_CERT_DIR`
			`chown -R turnserver:turnserver /etc/coturn/`
			`chmod -R 700 /etc/coturn/`
			`fi`

			`# Make sure the certificate and private key files are`
			`# never world readable, even just for an instant while`
			`# we're copying them into daemon_cert_root.`
			`umask 077`

			`cp "/etc/jitsi/meet/${DOMAIN}.crt" "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem"`
			`cp "/etc/jitsi/meet/${DOMAIN}.key" "$COTURN_CERT_DIR/${DOMAIN}.privkey.pem"`

			`# Apply the proper file ownership and permissions for`
			`# the daemon to read its certificate and key.`
			`chown turnserver "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem" \`
			`"$COTURN_CERT_DIR/${DOMAIN}.privkey.pem"`
			`chmod 400 "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem" \`
			`"$COTURN_CERT_DIR/${DOMAIN}.privkey.pem"`

			`echo "Configuring turnserver"`
			`sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${DOMAIN}.fullchain.pem" $TURN_CONFIG`
			`sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${DOMAIN}.privkey.pem" $TURN_CONFIG`

			`service coturn restart`
			`fi`