haskal
/
jiti-meet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Adds LE choice when installing debian package. (#12154) 

* feat: Adds LE choice when installing debian package.

* Update debian/jitsi-meet-web-config.templates

Co-authored-by: raluca8x8 <raluca.tocmag@8x8.com>

* squash: Print in the console the JaaS link everytime.

* squash: Note that JaaS does not support self-signed certs.

* squash: Fix message.

* squash: Moves acme.sh stuff into a script, so it is easy to re-run.

Co-authored-by: raluca8x8 <raluca.tocmag@8x8.com>
This commit is contained in:
Дамян Минков 2022-09-13 07:55:00 -05:00 committed by GitHub
parent 139884fbe7
commit 079a2a505d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 167 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@ -20,7 +20,7 @@ Description: WebRTC JavaScript video conferences
Package: jitsi-meet-web-config
Architecture: all
Depends: openssl, nginx | nginx-full | nginx-extras | apache2
Depends: openssl, nginx | nginx-full | nginx-extras | apache2, curl
Description: Configuration for web serving of Jitsi Meet
Jitsi Meet is a WebRTC JavaScript application that uses Jitsi
Videobridge to provide high quality, scalable video conferences.

1
debian/jitsi-meet-turnserver.install vendored
View File

@ -1,3 +1,2 @@
doc/debian/jitsi-meet-turn/turnserver.conf /usr/share/jitsi-meet-turnserver/
doc/debian/jitsi-meet/jitsi-meet.conf /usr/share/jitsi-meet-turnserver/
doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh /usr/share/jitsi-meet-turnserver/

17
debian/jitsi-meet-turnserver.postinst vendored
View File

@ -107,7 +107,9 @@ denied-peer-ip=240.0.0.0-255.255.255.255" >> $TURN_CONFIG
db_get jitsi-meet/cert-choice
CERT_CHOICE="$RET"
if [ "$CERT_CHOICE" = "I want to use my own certificate" ] ; then
UPLOADED_CERT_CHOICE="I want to use my own certificate"
LE_CERT_CHOICE="Let's Encrypt certificates"
if [ "$CERT_CHOICE" = "$UPLOADED_CERT_CHOICE" ]; then
db_get jitsi-meet/cert-path-key
CERT_KEY="$RET"
db_get jitsi-meet/cert-path-crt
@ -120,22 +122,13 @@ denied-peer-ip=240.0.0.0-255.255.255.255" >> $TURN_CONFIG
CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
sed -i "s/cert=\/etc\/jitsi\/meet\/.*crt/cert=$CERT_CRT_ESC/g" $TURN_CONFIG
elif [ "$CERT_CHOICE" = "$LE_CERT_CHOICE" ]; then
/usr/share/jitsi-meet/scripts/coturn-le-update.sh ${JVB_HOSTNAME}
fi
sed -i "s/#TURNSERVER_ENABLED/TURNSERVER_ENABLED/g" /etc/default/coturn
invoke-rc.d coturn restart || true
NGINX_STREAM_CONFIG="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
if [ -f $NGINX_STREAM_CONFIG ] ; then
echo "------------------------------------------------"
echo ""
echo "You have multiplexing enabled, it is recommended to disable it and migrate to using websockets for the bridge channel."
echo "The support for sctp data channels is deprecated and will be dropped at some point."
echo "How to do it at: https://jitsi.org/multiplexing-to-bridge-ws-howto"
echo ""
echo "------------------------------------------------"
fi
# and we're done with debconf
db_stop
;;

64
debian/jitsi-meet-web-config.postinst vendored
View File

@ -75,6 +75,7 @@ case "$1" in
JAAS_INPUT="$RET"
UPLOADED_CERT_CHOICE="I want to use my own certificate"
LE_CERT_CHOICE="Let's Encrypt certificates"
# if first time config ask for certs, or if we are reconfiguring
if [ -z "$JVB_HOSTNAME_OLD" ] || [ "$RECONFIGURING" = "true" ] ; then
RET=""
@ -83,7 +84,7 @@ case "$1" in
db_get jitsi-meet/cert-choice
CERT_CHOICE="$RET"
if [ "$CERT_CHOICE" = "$UPLOADED_CERT_CHOICE" ] ; then
if [ "$CERT_CHOICE" = "$UPLOADED_CERT_CHOICE" ]; then
RET=""
db_get jitsi-meet/cert-path-key
if [ -z "$RET" ] ; then
@ -103,7 +104,7 @@ case "$1" in
fi
CERT_CRT="$RET"
else
# create self-signed certs
# create self-signed certs (we also need them for the case of LE so we can start nginx)
CERT_KEY="/etc/jitsi/meet/$JVB_HOSTNAME.key"
CERT_CRT="/etc/jitsi/meet/$JVB_HOSTNAME.crt"
HOST="$( (hostname -s; echo localhost) | head -n 1)"
@ -116,6 +117,17 @@ case "$1" in
-extensions SAN \
-config <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=DNS:localhost,DNS:$JVB_HOSTNAME"))
if [ "$CERT_CHOICE" = "$LE_CERT_CHOICE" ]; then
db_subst jitsi-meet/email domain "${JVB_HOSTNAME}"
db_input critical jitsi-meet/email || true
db_go
db_get jitsi-meet/email
EMAIL="$RET"
if [ ! -z "$EMAIL" ] ; then
ISSUE_LE_CERT="true"
fi
fi
fi
fi
@ -208,36 +220,38 @@ case "$1" in
invoke-rc.d apache2 reload || true
fi
echo "----------------"
echo ""
echo "You can now switch to a Lets Encrypt certificate. To do so, execute:"
echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh"
echo ""
echo "----------------"
if [ "$ISSUE_LE_CERT" = "true" ] ; then
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME
fi
echo ""
echo ""
echo " ;dOocd;"
echo " .dNMM0dKO."
echo " lNMMMKd0K,"
echo " .xMMMMNxkNc"
echo " dMMMMMkxXc"
echo " cNMMMNl.."
if [ "${JAAS_INPUT}" != "true" ]; then
echo ""
echo ""
echo " ;dOocd;"
echo " .dNMM0dKO."
echo " lNMMMKd0K,"
echo " .xMMMMNxkNc"
echo " dMMMMMkxXc"
echo " cNMMMNl.."
echo " .kMMMX; Interested in adding telephony to your Jitsi meetings?"
echo " ;XMMMO'"
echo " lNMMWO' Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
echo " lNMMM0, and follow the guide in the dev console."
echo " lXMMMK:."
echo " ;KMMMNKd. 'oo,"
echo " 'xNMMMMXkkkkOKOl'"
echo " :0WMMMMMMNOkk0Kk,"
echo " .cdOWMMMMMWXOkOl"
echo " .;dKWMMMMMXc."
echo " .,:cll:'"
echo ""
echo ""
else
echo " .kMMMX;"
echo " ;XMMMO' Don't forget to sign up on"
echo " lNMMWO' https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
echo " lNMMM0, in order to add telephony to your Jitsi meetings!"
fi
echo " lXMMMK:."
echo " ;KMMMNKd. 'oo,"
echo " 'xNMMMMXkkkkOKOl'"
echo " :0WMMMMMMNOkk0Kk,"
echo " .cdOWMMMMMWXOkOl"
echo " .;dKWMMMMMXc."
echo " .,:cll:'"
echo ""
echo ""
# and we're done with debconf
db_stop

22
debian/jitsi-meet-web-config.templates vendored
View File

@ -1,14 +1,16 @@
Template: jitsi-meet/cert-choice
Type: select
__Choices: Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate), I want to use my own certificate
__Choices: Generate a new self-signed certificate, Let's Encrypt certificates, I want to use my own certificate
_Description: SSL certificate for the Jitsi Meet instance
.
Jitsi Meet is best to be set up with an SSL certificate.
.
Having no certificate, a self-signed one will be generated.
By choosing self-signed you will later have a chance to install Lets Encrypt certificates.
In the case of using a self-signed certificate, only the web app will be available with some warnings, the mobile app will not connect.
Having a certificate signed by a recognised CA, it can be uploaded on the server
and point its location. The default filenames will be /etc/ssl/--domain.name--.key
for the key and /etc/ssl/--domain.name--.crt for the certificate.
Self-signed certificates are not supported by JaaS (Jitsi as a Service).
.
Having a certificate signed by a recognised CA, it can be uploaded on the server and point its location.
The default filenames will be /etc/ssl/--domain.name--.key for the key and /etc/ssl/--domain.name--.crt for the certificate.
Template: jitsi-meet/cert-path-key
Type: string
@ -39,3 +41,13 @@ _Description: Interested in adding telephony to your Jitsi meetings?
You need to:
- have a certificate signed by a recognised CA or Lets Encrypt on your deployment
- sign in for JaaS at https://jaas.8x8.vc/components?host=${domain}
Template: jitsi-meet/email
Type: string
_Description: Enter your email:
To successfully issue Let's Encrypt certificates:
.
You need a working DNS record pointing to this machine(for hostname ${domain})"
.
You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
by providing an email address for important account notifications

2
debian/po/templates.pot vendored
View File

@ -20,7 +20,7 @@ msgstr ""
#. Type: select
#. Choices
#: ../jitsi-meet-web-config.templates:1001
msgid "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
msgid "Generate a new self-signed certificate"
msgstr ""
#. Type: select

45
doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh
View File

@ -1,45 +0,0 @@
#!/bin/sh
set -e
COTURN_CERT_DIR="/etc/coturn/certs"
TURN_CONFIG="/etc/turnserver.conf"
# create a directory to store certs if it does not exists
if [ ! -d "$COTURN_CERT_DIR" ]; then
mkdir -p $COTURN_CERT_DIR
chown -R turnserver:turnserver /etc/coturn/
chmod -R 700 /etc/coturn/
fi
# This is a template and when copied to /etc/letsencrypt/renewal-hooks/deploy/
# during creating the Let's encrypt certs script
# jitsi-meet.example.com will be replaced with the real domain of deployment
for domain in $RENEWED_DOMAINS; do
case $domain in
jitsi-meet.example.com)
# Make sure the certificate and private key files are
# never world readable, even just for an instant while
# we're copying them into daemon_cert_root.
umask 077
cp "$RENEWED_LINEAGE/fullchain.pem" "$COTURN_CERT_DIR/$domain.fullchain.pem"
cp "$RENEWED_LINEAGE/privkey.pem" "$COTURN_CERT_DIR/$domain.privkey.pem"
# Apply the proper file ownership and permissions for
# the daemon to read its certificate and key.
chown turnserver "$COTURN_CERT_DIR/$domain.fullchain.pem" \
"$COTURN_CERT_DIR/$domain.privkey.pem"
chmod 400 "$COTURN_CERT_DIR/$domain.fullchain.pem" \
"$COTURN_CERT_DIR/$domain.privkey.pem"
if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
echo "Configuring turnserver"
sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${domain}.fullchain.pem" $TURN_CONFIG
sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${domain}.privkey.pem" $TURN_CONFIG
fi
service coturn restart
;;
esac
done

2
doc/debian/jitsi-meet-turn/turnserver.conf
View File

@ -16,6 +16,8 @@ no-tlsv1
no-tlsv1_1
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
# without it there are errors when running on Ubuntu 20.04
dh2066
# jitsi-meet coturn relay disable config. Do not modify this line
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255

47
resources/coturn-le-update.sh Executable file
View File

@ -0,0 +1,47 @@
#!/bin/sh
set -e
# This script is updating the Let's Encrypt certificates on renew or when installing
# The only param it gets is the domain and expects the certificates to use are updated
# in /etc/jitsi/meet folder.
DOMAIN=$1
if [ -z "$DOMAIN" ] ; then
echo "You need to pass the domain as parameter."
exit 10;
fi
COTURN_CERT_DIR="/etc/coturn/certs"
TURN_CONFIG="/etc/turnserver.conf"
# Execute only if turnconfig exist and is one managed by jitsi-meet
if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
# create a directory to store certs if it does not exists
if [ ! -d "$COTURN_CERT_DIR" ]; then
mkdir -p $COTURN_CERT_DIR
chown -R turnserver:turnserver /etc/coturn/
chmod -R 700 /etc/coturn/
fi
# Make sure the certificate and private key files are
# never world readable, even just for an instant while
# we're copying them into daemon_cert_root.
umask 077
cp "/etc/jitsi/meet/${DOMAIN}.crt" "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem"
cp "/etc/jitsi/meet/${DOMAIN}.key" "$COTURN_CERT_DIR/${DOMAIN}.privkey.pem"
# Apply the proper file ownership and permissions for
# the daemon to read its certificate and key.
chown turnserver "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem" \
"$COTURN_CERT_DIR/${DOMAIN}.privkey.pem"
chmod 400 "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem" \
"$COTURN_CERT_DIR/${DOMAIN}.privkey.pem"
echo "Configuring turnserver"
sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${DOMAIN}.fullchain.pem" $TURN_CONFIG
sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${DOMAIN}.privkey.pem" $TURN_CONFIG
service coturn restart
fi

174
resources/install-letsencrypt-cert.sh
View File

@ -2,134 +2,64 @@
set -e
DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname`
DOMAIN="${DEB_CONF_RESULT##*:}"
echo "-------------------------------------------------------------------------"
echo "This script will:"
echo "- Need a working DNS record pointing to this machine(for hostname ${DOMAIN})"
echo "- Install additional dependencies in order to request Lets Encrypt certificate (acme.sh)"
echo "- Configure and reload nginx or apache2, whichever is used"
echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"
echo "- Configure renew of certificate"
echo ""
EMAIL=$1
if [ -z "$EMAIL" ]; then
echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "
echo "by providing an email address for important account notifications"
echo -n "Enter your email and press [ENTER]: "
read EMAIL
fi
DOMAIN=$2
if [ -z "$DOMAIN" ]; then
DEB_CONF_RESULT=$(debconf-show jitsi-meet-web-config | grep jitsi-meet/jvb-hostname)
DOMAIN="${DEB_CONF_RESULT##*:}"
fi
# remove whitespace
DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"
echo "-------------------------------------------------------------------------"
echo "This script will:"
echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"
echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"
echo "- Install additional dependencies in order to request Lets Encrypt certificate"
echo "- Configure and reload nginx or apache2, whichever is used"
echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"
echo "- Add command in weekly cron job to renew certificates regularly"
echo ""
echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "
echo "by providing an email address for important account notifications"
echo -n "Enter your email and press [ENTER]: "
read EMAIL
export HOME=/opt/acmesh
curl https://get.acme.sh | sh -s email=$EMAIL
CERTBOT="$(command -v certbot || true)"
if [ ! -x "$CERTBOT" ] ; then
DISTRO=$(lsb_release -is)
DISTRO_VERSION=$(lsb_release -rs)
# Checks whether nginx or apache is installed
NGINX_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx' 2>/dev/null | awk '{print $3}' || true)"
NGINX_FULL_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-full' 2>/dev/null | awk '{print $3}' || true)"
NGINX_EXTRAS_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-extras' 2>/dev/null | awk '{print $3}' || true)"
APACHE_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'apache2' 2>/dev/null | awk '{print $3}' || true)"
if [ "$DISTRO" != "Debian" ] && [ "$DISTRO" != "Ubuntu" ]; then
echo "$DISTRO $DISTRO_VERSION is not supported"
echo "Only Debian and Ubuntu 18.04+ are supported"
exit 1
fi
if [ "$DISTRO" = "Ubuntu" ]; then
apt-get update
apt-get -y install software-properties-common
add-apt-repository -y universe
if [ "$DISTRO_VERSION" = "18.04" ]; then
add-apt-repository -y ppa:certbot/certbot
fi
fi
apt-get update
apt-get -y install certbot
CERTBOT="$(command -v certbot)"
RELOAD_CMD=""
if [ "$NGINX_INSTALL_CHECK" = "installed" ] || [ "$NGINX_INSTALL_CHECK" = "unpacked" ] \
|| [ "$NGINX_FULL_INSTALL_CHECK" = "installed" ] || [ "$NGINX_FULL_INSTALL_CHECK" = "unpacked" ] \
|| [ "$NGINX_EXTRAS_INSTALL_CHECK" = "installed" ] || [ "$NGINX_EXTRAS_INSTALL_CHECK" = "unpacked" ]; then
RELOAD_CMD="systemctl force-reload nginx.service"
elif [ "$APACHE_INSTALL_CHECK" = "installed" ] || [ "$APACHE_INSTALL_CHECK" = "unpacked" ] ; then
RELOAD_CMD="systemctl force-reload apache2.service"
else
RELOAD_CMD="echo 'No webserver found'"
fi
CRON_FILE="/etc/cron.weekly/letsencrypt-renew"
if [ ! -d "/etc/cron.weekly" ] ; then
mkdir "/etc/cron.weekly"
RELOAD_CMD+=" && /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${DOMAIN}"
ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED="true"
INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
if [ "$ISSUE_FAILED" = "true" ] ; then
echo "Issuing the certificate from Let's Encrypt failed, continuing ..."
echo "You can retry later by executing:"
echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL"
else
eval "$INSTALL_CERT_CMD"
fi
echo "#!/bin/bash" > $CRON_FILE
echo "$CERTBOT renew >> /var/log/le-renew.log" >> $CRON_FILE
CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
TURN_CONFIG="/etc/turnserver.conf"
TURN_HOOK=/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
mkdir -p $(dirname $TURN_HOOK)
cp /usr/share/jitsi-meet-turnserver/coturn-certbot-deploy.sh $TURN_HOOK
chmod u+x $TURN_HOOK
sed -i "s/jitsi-meet.example.com/$DOMAIN/g" $TURN_HOOK
$CERTBOT certonly --noninteractive \
--webroot --webroot-path /usr/share/jitsi-meet \
-d $DOMAIN \
--agree-tos --email $EMAIL \
--deploy-hook $TURN_HOOK
else
$CERTBOT certonly --noninteractive \
--webroot --webroot-path /usr/share/jitsi-meet \
-d $DOMAIN \
--agree-tos --email $EMAIL
fi
echo "Configuring nginx"
CONF_FILE="/etc/nginx/sites-available/$DOMAIN.conf"
CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \
$CONF_FILE
CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \
$CONF_FILE
if type service >/dev/null 2>&1
then
service nginx reload
echo "service nginx reload" >> $CRON_FILE
else
systemctl reload nginx.service
echo "systemctl reload nginx.service" >> $CRON_FILE
fi
elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
$CERTBOT certonly --noninteractive \
--webroot --webroot-path /usr/share/jitsi-meet \
-d $DOMAIN \
--agree-tos --email $EMAIL
echo "Configuring apache2"
CONF_FILE="/etc/apache2/sites-available/$DOMAIN.conf"
CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \
$CONF_FILE
CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \
$CONF_FILE
if type service >/dev/null 2>&1
then
service apache2 reload
echo "service apache2 reload" >> $CRON_FILE
else
systemctl reload apache2.service
echo "systemctl reload apache2.service" >> $CRON_FILE
fi
fi
# the cron file that will renew certificates
chmod a+x $CRON_FILE

2
resources/prosody-plugins/mod_muc_size.lua
View File

@ -1,5 +1,5 @@
-- Prosody IM
-- Copyright (C) 2017 Atlassian
-- Copyright (C) 2021-present 8x8, Inc.
--
local jid = require "util.jid";

2
resources/prosody-plugins/mod_token_verification.lua
View File

@ -1,5 +1,5 @@
-- Token authentication
-- Copyright (C) 2015 Atlassian
-- Copyright (C) 2021-present 8x8, Inc.
local log = module._log;
local host = module.host;

2
resources/prosody-plugins/token/util.lib.lua
View File

@ -1,5 +1,5 @@
-- Token authentication
-- Copyright (C) 2015 Atlassian
-- Copyright (C) 2021-present 8x8, Inc.
local basexx = require "basexx";
local have_async, async = pcall(require, "util.async");