46 lines
1.8 KiB
Bash
46 lines
1.8 KiB
Bash
|
#!/bin/sh
|
||
|
|
|
||
|
|
set -e
|
||
|
|
|
||
|
|
COTURN_CERT_DIR="/etc/coturn/certs"
|
||
|
|
TURN_CONFIG="/etc/turnserver.conf"
|
||
|
|
|
||
|
|
# create a directory to store certs if it does not exists
|
||
|
|
if [ ! -d "$COTURN_CERT_DIR" ]; then
|
||
|
|
mkdir -p $COTURN_CERT_DIR
|
||
|
|
chown -R turnserver:turnserver /etc/coturn/
|
||
|
|
chmod -R 700 /etc/coturn/
|
||
|
|
fi
|
||
|
|
|
||
|
|
# This is a template and when copied to /etc/letsencrypt/renewal-hooks/deploy/
|
||
|
|
# during creating the Let's encrypt certs script
|
||
|
|
# jitsi-meet.example.com will be replaced with the real domain of deployment
|
||
|
|
for domain in $RENEWED_DOMAINS; do
|
||
|
|
case $domain in
|
||
|
|
jitsi-meet.example.com)
|
||
|
|
# Make sure the certificate and private key files are
|
||
|
|
# never world readable, even just for an instant while
|
||
|
|
# we're copying them into daemon_cert_root.
|
||
|
|
umask 077
|
||
|
|
|
||
|
|
cp "$RENEWED_LINEAGE/fullchain.pem" "$COTURN_CERT_DIR/$domain.fullchain.pem"
|
||
|
|
cp "$RENEWED_LINEAGE/privkey.pem" "$COTURN_CERT_DIR/$domain.privkey.pem"
|
||
|
|
|
||
|
|
# Apply the proper file ownership and permissions for
|
||
|
|
# the daemon to read its certificate and key.
|
||
|
|
chown turnserver "$COTURN_CERT_DIR/$domain.fullchain.pem" \
|
||
|
|
"$COTURN_CERT_DIR/$domain.privkey.pem"
|
||
|
|
chmod 400 "$COTURN_CERT_DIR/$domain.fullchain.pem" \
|
||
|
|
"$COTURN_CERT_DIR/$domain.privkey.pem"
|
||
|
|
|
||
|
|
if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
|
||
|
|
echo "Configuring turnserver"
|
||
|
|
sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${domain}.fullchain.pem" $TURN_CONFIG
|
||
|
|
sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${domain}.privkey.pem" $TURN_CONFIG
|
||
|
|
fi
|
||
|
|
service coturn restart
|
||
|
|
;;
|
||
|
|
esac
|
||
|
|
done
|
||
|
|
|