diff --git a/debian/control b/debian/control index 8ac4c15f0..6f0a63031 100644 --- a/debian/control +++ b/debian/control @@ -20,7 +20,7 @@ Description: WebRTC JavaScript video conferences Package: jitsi-meet-web-config Architecture: all -Depends: openssl, nginx | nginx-full | nginx-extras | apache2 +Depends: openssl, nginx | nginx-full | nginx-extras | apache2, curl Description: Configuration for web serving of Jitsi Meet Jitsi Meet is a WebRTC JavaScript application that uses Jitsi Videobridge to provide high quality, scalable video conferences. diff --git a/debian/jitsi-meet-turnserver.install b/debian/jitsi-meet-turnserver.install index 9d8098b2b..6bf8fb60a 100644 --- a/debian/jitsi-meet-turnserver.install +++ b/debian/jitsi-meet-turnserver.install @@ -1,3 +1,2 @@ doc/debian/jitsi-meet-turn/turnserver.conf /usr/share/jitsi-meet-turnserver/ doc/debian/jitsi-meet/jitsi-meet.conf /usr/share/jitsi-meet-turnserver/ -doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh /usr/share/jitsi-meet-turnserver/ diff --git a/debian/jitsi-meet-turnserver.postinst b/debian/jitsi-meet-turnserver.postinst index 1293ad67a..57f9b01b2 100644 --- a/debian/jitsi-meet-turnserver.postinst +++ b/debian/jitsi-meet-turnserver.postinst @@ -107,7 +107,9 @@ denied-peer-ip=240.0.0.0-255.255.255.255" >> $TURN_CONFIG db_get jitsi-meet/cert-choice CERT_CHOICE="$RET" - if [ "$CERT_CHOICE" = "I want to use my own certificate" ] ; then + UPLOADED_CERT_CHOICE="I want to use my own certificate" + LE_CERT_CHOICE="Let's Encrypt certificates" + if [ "$CERT_CHOICE" = "$UPLOADED_CERT_CHOICE" ]; then db_get jitsi-meet/cert-path-key CERT_KEY="$RET" db_get jitsi-meet/cert-path-crt @@ -120,22 +122,13 @@ denied-peer-ip=240.0.0.0-255.255.255.255" >> $TURN_CONFIG CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g') CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g') sed -i "s/cert=\/etc\/jitsi\/meet\/.*crt/cert=$CERT_CRT_ESC/g" $TURN_CONFIG + elif [ "$CERT_CHOICE" = "$LE_CERT_CHOICE" ]; then + /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${JVB_HOSTNAME} fi sed -i "s/#TURNSERVER_ENABLED/TURNSERVER_ENABLED/g" /etc/default/coturn invoke-rc.d coturn restart || true - NGINX_STREAM_CONFIG="/etc/nginx/modules-enabled/60-jitsi-meet.conf" - if [ -f $NGINX_STREAM_CONFIG ] ; then - echo "------------------------------------------------" - echo "" - echo "You have multiplexing enabled, it is recommended to disable it and migrate to using websockets for the bridge channel." - echo "The support for sctp data channels is deprecated and will be dropped at some point." - echo "How to do it at: https://jitsi.org/multiplexing-to-bridge-ws-howto" - echo "" - echo "------------------------------------------------" - fi - # and we're done with debconf db_stop ;; diff --git a/debian/jitsi-meet-web-config.postinst b/debian/jitsi-meet-web-config.postinst index be13be9ec..30041a7e6 100644 --- a/debian/jitsi-meet-web-config.postinst +++ b/debian/jitsi-meet-web-config.postinst @@ -75,6 +75,7 @@ case "$1" in JAAS_INPUT="$RET" UPLOADED_CERT_CHOICE="I want to use my own certificate" + LE_CERT_CHOICE="Let's Encrypt certificates" # if first time config ask for certs, or if we are reconfiguring if [ -z "$JVB_HOSTNAME_OLD" ] || [ "$RECONFIGURING" = "true" ] ; then RET="" @@ -83,7 +84,7 @@ case "$1" in db_get jitsi-meet/cert-choice CERT_CHOICE="$RET" - if [ "$CERT_CHOICE" = "$UPLOADED_CERT_CHOICE" ] ; then + if [ "$CERT_CHOICE" = "$UPLOADED_CERT_CHOICE" ]; then RET="" db_get jitsi-meet/cert-path-key if [ -z "$RET" ] ; then @@ -103,7 +104,7 @@ case "$1" in fi CERT_CRT="$RET" else - # create self-signed certs + # create self-signed certs (we also need them for the case of LE so we can start nginx) CERT_KEY="/etc/jitsi/meet/$JVB_HOSTNAME.key" CERT_CRT="/etc/jitsi/meet/$JVB_HOSTNAME.crt" HOST="$( (hostname -s; echo localhost) | head -n 1)" @@ -116,6 +117,17 @@ case "$1" in -extensions SAN \ -config <(cat /etc/ssl/openssl.cnf \ <(printf "[SAN]\nsubjectAltName=DNS:localhost,DNS:$JVB_HOSTNAME")) + + if [ "$CERT_CHOICE" = "$LE_CERT_CHOICE" ]; then + db_subst jitsi-meet/email domain "${JVB_HOSTNAME}" + db_input critical jitsi-meet/email || true + db_go + db_get jitsi-meet/email + EMAIL="$RET" + if [ ! -z "$EMAIL" ] ; then + ISSUE_LE_CERT="true" + fi + fi fi fi @@ -208,36 +220,38 @@ case "$1" in invoke-rc.d apache2 reload || true fi - echo "----------------" - echo "" - echo "You can now switch to a Let’s Encrypt certificate. To do so, execute:" - echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh" - echo "" - echo "----------------" + if [ "$ISSUE_LE_CERT" = "true" ] ; then + /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME + fi + echo "" + echo "" + echo " ;dOocd;" + echo " .dNMM0dKO." + echo " lNMMMKd0K," + echo " .xMMMMNxkNc" + echo " dMMMMMkxXc" + echo " cNMMMNl.." if [ "${JAAS_INPUT}" != "true" ]; then - echo "" - echo "" - echo " ;dOocd;" - echo " .dNMM0dKO." - echo " lNMMMKd0K," - echo " .xMMMMNxkNc" - echo " dMMMMMkxXc" - echo " cNMMMNl.." echo " .kMMMX; Interested in adding telephony to your Jitsi meetings?" echo " ;XMMMO'" echo " lNMMWO' Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}" echo " lNMMM0, and follow the guide in the dev console." - echo " lXMMMK:." - echo " ;KMMMNKd. 'oo," - echo " 'xNMMMMXkkkkOKOl'" - echo " :0WMMMMMMNOkk0Kk," - echo " .cdOWMMMMMWXOkOl" - echo " .;dKWMMMMMXc." - echo " .,:cll:'" - echo "" - echo "" + else + echo " .kMMMX;" + echo " ;XMMMO' Don't forget to sign up on" + echo " lNMMWO' https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}" + echo " lNMMM0, in order to add telephony to your Jitsi meetings!" fi + echo " lXMMMK:." + echo " ;KMMMNKd. 'oo," + echo " 'xNMMMMXkkkkOKOl'" + echo " :0WMMMMMMNOkk0Kk," + echo " .cdOWMMMMMWXOkOl" + echo " .;dKWMMMMMXc." + echo " .,:cll:'" + echo "" + echo "" # and we're done with debconf db_stop diff --git a/debian/jitsi-meet-web-config.templates b/debian/jitsi-meet-web-config.templates index 2d4db2fea..6baf3b5c9 100644 --- a/debian/jitsi-meet-web-config.templates +++ b/debian/jitsi-meet-web-config.templates @@ -1,14 +1,16 @@ Template: jitsi-meet/cert-choice Type: select -__Choices: Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate), I want to use my own certificate +__Choices: Generate a new self-signed certificate, Let's Encrypt certificates, I want to use my own certificate _Description: SSL certificate for the Jitsi Meet instance + . Jitsi Meet is best to be set up with an SSL certificate. + . Having no certificate, a self-signed one will be generated. - By choosing self-signed you will later have a chance to install Let’s Encrypt certificates. In the case of using a self-signed certificate, only the web app will be available with some warnings, the mobile app will not connect. - Having a certificate signed by a recognised CA, it can be uploaded on the server - and point its location. The default filenames will be /etc/ssl/--domain.name--.key - for the key and /etc/ssl/--domain.name--.crt for the certificate. + Self-signed certificates are not supported by JaaS (Jitsi as a Service). + . + Having a certificate signed by a recognised CA, it can be uploaded on the server and point its location. + The default filenames will be /etc/ssl/--domain.name--.key for the key and /etc/ssl/--domain.name--.crt for the certificate. Template: jitsi-meet/cert-path-key Type: string @@ -39,3 +41,13 @@ _Description: Interested in adding telephony to your Jitsi meetings? You need to: - have a certificate signed by a recognised CA or Let’s Encrypt on your deployment - sign in for JaaS at https://jaas.8x8.vc/components?host=${domain} + +Template: jitsi-meet/email +Type: string +_Description: Enter your email: + To successfully issue Let's Encrypt certificates: + . + You need a working DNS record pointing to this machine(for hostname ${domain})" + . + You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) + by providing an email address for important account notifications diff --git a/debian/po/templates.pot b/debian/po/templates.pot index 6687d11a4..f74a7ac0f 100644 --- a/debian/po/templates.pot +++ b/debian/po/templates.pot @@ -20,7 +20,7 @@ msgstr "" #. Type: select #. Choices #: ../jitsi-meet-web-config.templates:1001 -msgid "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)" +msgid "Generate a new self-signed certificate" msgstr "" #. Type: select diff --git a/doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh b/doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh deleted file mode 100644 index 6bc9f55dd..000000000 --- a/doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -set -e - -COTURN_CERT_DIR="/etc/coturn/certs" -TURN_CONFIG="/etc/turnserver.conf" - -# create a directory to store certs if it does not exists -if [ ! -d "$COTURN_CERT_DIR" ]; then - mkdir -p $COTURN_CERT_DIR - chown -R turnserver:turnserver /etc/coturn/ - chmod -R 700 /etc/coturn/ -fi - -# This is a template and when copied to /etc/letsencrypt/renewal-hooks/deploy/ -# during creating the Let's encrypt certs script -# jitsi-meet.example.com will be replaced with the real domain of deployment -for domain in $RENEWED_DOMAINS; do - case $domain in - jitsi-meet.example.com) - # Make sure the certificate and private key files are - # never world readable, even just for an instant while - # we're copying them into daemon_cert_root. - umask 077 - - cp "$RENEWED_LINEAGE/fullchain.pem" "$COTURN_CERT_DIR/$domain.fullchain.pem" - cp "$RENEWED_LINEAGE/privkey.pem" "$COTURN_CERT_DIR/$domain.privkey.pem" - - # Apply the proper file ownership and permissions for - # the daemon to read its certificate and key. - chown turnserver "$COTURN_CERT_DIR/$domain.fullchain.pem" \ - "$COTURN_CERT_DIR/$domain.privkey.pem" - chmod 400 "$COTURN_CERT_DIR/$domain.fullchain.pem" \ - "$COTURN_CERT_DIR/$domain.privkey.pem" - - if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then - echo "Configuring turnserver" - sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${domain}.fullchain.pem" $TURN_CONFIG - sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${domain}.privkey.pem" $TURN_CONFIG - fi - service coturn restart - ;; - esac -done - diff --git a/doc/debian/jitsi-meet-turn/turnserver.conf b/doc/debian/jitsi-meet-turn/turnserver.conf index dd898ab9f..843f32050 100644 --- a/doc/debian/jitsi-meet-turn/turnserver.conf +++ b/doc/debian/jitsi-meet-turn/turnserver.conf @@ -16,6 +16,8 @@ no-tlsv1 no-tlsv1_1 # https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4 cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 +# without it there are errors when running on Ubuntu 20.04 +dh2066 # jitsi-meet coturn relay disable config. Do not modify this line denied-peer-ip=0.0.0.0-0.255.255.255 denied-peer-ip=10.0.0.0-10.255.255.255 diff --git a/resources/coturn-le-update.sh b/resources/coturn-le-update.sh new file mode 100755 index 000000000..a06a9d26c --- /dev/null +++ b/resources/coturn-le-update.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +set -e + +# This script is updating the Let's Encrypt certificates on renew or when installing +# The only param it gets is the domain and expects the certificates to use are updated +# in /etc/jitsi/meet folder. +DOMAIN=$1 + +if [ -z "$DOMAIN" ] ; then + echo "You need to pass the domain as parameter." + exit 10; +fi + +COTURN_CERT_DIR="/etc/coturn/certs" +TURN_CONFIG="/etc/turnserver.conf" + +# Execute only if turnconfig exist and is one managed by jitsi-meet +if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then + # create a directory to store certs if it does not exists + if [ ! -d "$COTURN_CERT_DIR" ]; then + mkdir -p $COTURN_CERT_DIR + chown -R turnserver:turnserver /etc/coturn/ + chmod -R 700 /etc/coturn/ + fi + + # Make sure the certificate and private key files are + # never world readable, even just for an instant while + # we're copying them into daemon_cert_root. + umask 077 + + cp "/etc/jitsi/meet/${DOMAIN}.crt" "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem" + cp "/etc/jitsi/meet/${DOMAIN}.key" "$COTURN_CERT_DIR/${DOMAIN}.privkey.pem" + + # Apply the proper file ownership and permissions for + # the daemon to read its certificate and key. + chown turnserver "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem" \ + "$COTURN_CERT_DIR/${DOMAIN}.privkey.pem" + chmod 400 "$COTURN_CERT_DIR/${DOMAIN}.fullchain.pem" \ + "$COTURN_CERT_DIR/${DOMAIN}.privkey.pem" + + echo "Configuring turnserver" + sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${DOMAIN}.fullchain.pem" $TURN_CONFIG + sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${DOMAIN}.privkey.pem" $TURN_CONFIG + + service coturn restart +fi diff --git a/resources/install-letsencrypt-cert.sh b/resources/install-letsencrypt-cert.sh index 3e8ea5cde..7ee6ea811 100755 --- a/resources/install-letsencrypt-cert.sh +++ b/resources/install-letsencrypt-cert.sh @@ -2,134 +2,64 @@ set -e -DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname` -DOMAIN="${DEB_CONF_RESULT##*:}" +echo "-------------------------------------------------------------------------" +echo "This script will:" +echo "- Need a working DNS record pointing to this machine(for hostname ${DOMAIN})" +echo "- Install additional dependencies in order to request Let’s Encrypt certificate (acme.sh)" +echo "- Configure and reload nginx or apache2, whichever is used" +echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks" +echo "- Configure renew of certificate" +echo "" + +EMAIL=$1 + +if [ -z "$EMAIL" ]; then + echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) " + echo "by providing an email address for important account notifications" + + echo -n "Enter your email and press [ENTER]: " + read EMAIL +fi + +DOMAIN=$2 +if [ -z "$DOMAIN" ]; then + DEB_CONF_RESULT=$(debconf-show jitsi-meet-web-config | grep jitsi-meet/jvb-hostname) + DOMAIN="${DEB_CONF_RESULT##*:}" +fi # remove whitespace DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')" -echo "-------------------------------------------------------------------------" -echo "This script will:" -echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})" -echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin" -echo "- Install additional dependencies in order to request Let’s Encrypt certificate" -echo "- Configure and reload nginx or apache2, whichever is used" -echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks" -echo "- Add command in weekly cron job to renew certificates regularly" -echo "" -echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) " -echo "by providing an email address for important account notifications" -echo -n "Enter your email and press [ENTER]: " -read EMAIL +export HOME=/opt/acmesh +curl https://get.acme.sh | sh -s email=$EMAIL -CERTBOT="$(command -v certbot || true)" -if [ ! -x "$CERTBOT" ] ; then - DISTRO=$(lsb_release -is) - DISTRO_VERSION=$(lsb_release -rs) +# Checks whether nginx or apache is installed +NGINX_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx' 2>/dev/null | awk '{print $3}' || true)" +NGINX_FULL_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-full' 2>/dev/null | awk '{print $3}' || true)" +NGINX_EXTRAS_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-extras' 2>/dev/null | awk '{print $3}' || true)" +APACHE_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'apache2' 2>/dev/null | awk '{print $3}' || true)" - if [ "$DISTRO" != "Debian" ] && [ "$DISTRO" != "Ubuntu" ]; then - echo "$DISTRO $DISTRO_VERSION is not supported" - echo "Only Debian and Ubuntu 18.04+ are supported" - exit 1 - fi - - if [ "$DISTRO" = "Ubuntu" ]; then - apt-get update - apt-get -y install software-properties-common - add-apt-repository -y universe - if [ "$DISTRO_VERSION" = "18.04" ]; then - add-apt-repository -y ppa:certbot/certbot - fi - fi - - apt-get update - apt-get -y install certbot - - CERTBOT="$(command -v certbot)" +RELOAD_CMD="" +if [ "$NGINX_INSTALL_CHECK" = "installed" ] || [ "$NGINX_INSTALL_CHECK" = "unpacked" ] \ + || [ "$NGINX_FULL_INSTALL_CHECK" = "installed" ] || [ "$NGINX_FULL_INSTALL_CHECK" = "unpacked" ] \ + || [ "$NGINX_EXTRAS_INSTALL_CHECK" = "installed" ] || [ "$NGINX_EXTRAS_INSTALL_CHECK" = "unpacked" ]; then + RELOAD_CMD="systemctl force-reload nginx.service" +elif [ "$APACHE_INSTALL_CHECK" = "installed" ] || [ "$APACHE_INSTALL_CHECK" = "unpacked" ] ; then + RELOAD_CMD="systemctl force-reload apache2.service" +else + RELOAD_CMD="echo 'No webserver found'" fi -CRON_FILE="/etc/cron.weekly/letsencrypt-renew" -if [ ! -d "/etc/cron.weekly" ] ; then - mkdir "/etc/cron.weekly" +RELOAD_CMD+=" && /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${DOMAIN}" + +ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt" +eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED="true" + +INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\"" +if [ "$ISSUE_FAILED" = "true" ] ; then + echo "Issuing the certificate from Let's Encrypt failed, continuing ..." + echo "You can retry later by executing:" + echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL" +else + eval "$INSTALL_CERT_CMD" fi -echo "#!/bin/bash" > $CRON_FILE -echo "$CERTBOT renew >> /var/log/le-renew.log" >> $CRON_FILE - -CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem" -CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem" - -if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then - - TURN_CONFIG="/etc/turnserver.conf" - TURN_HOOK=/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh - if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then - mkdir -p $(dirname $TURN_HOOK) - - cp /usr/share/jitsi-meet-turnserver/coturn-certbot-deploy.sh $TURN_HOOK - chmod u+x $TURN_HOOK - sed -i "s/jitsi-meet.example.com/$DOMAIN/g" $TURN_HOOK - - $CERTBOT certonly --noninteractive \ - --webroot --webroot-path /usr/share/jitsi-meet \ - -d $DOMAIN \ - --agree-tos --email $EMAIL \ - --deploy-hook $TURN_HOOK - else - $CERTBOT certonly --noninteractive \ - --webroot --webroot-path /usr/share/jitsi-meet \ - -d $DOMAIN \ - --agree-tos --email $EMAIL - fi - - echo "Configuring nginx" - - CONF_FILE="/etc/nginx/sites-available/$DOMAIN.conf" - CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g') - CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g') - sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \ - $CONF_FILE - CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g') - CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g') - sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \ - $CONF_FILE - - if type service >/dev/null 2>&1 - then - service nginx reload - echo "service nginx reload" >> $CRON_FILE - else - systemctl reload nginx.service - echo "systemctl reload nginx.service" >> $CRON_FILE - fi - -elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then - - $CERTBOT certonly --noninteractive \ - --webroot --webroot-path /usr/share/jitsi-meet \ - -d $DOMAIN \ - --agree-tos --email $EMAIL - - echo "Configuring apache2" - - CONF_FILE="/etc/apache2/sites-available/$DOMAIN.conf" - CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g') - CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g') - sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \ - $CONF_FILE - CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g') - CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g') - sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \ - $CONF_FILE - - if type service >/dev/null 2>&1 - then - service apache2 reload - echo "service apache2 reload" >> $CRON_FILE - else - systemctl reload apache2.service - echo "systemctl reload apache2.service" >> $CRON_FILE - fi -fi - -# the cron file that will renew certificates -chmod a+x $CRON_FILE diff --git a/resources/prosody-plugins/mod_muc_size.lua b/resources/prosody-plugins/mod_muc_size.lua index ff5f6980c..7143e77c6 100644 --- a/resources/prosody-plugins/mod_muc_size.lua +++ b/resources/prosody-plugins/mod_muc_size.lua @@ -1,5 +1,5 @@ -- Prosody IM --- Copyright (C) 2017 Atlassian +-- Copyright (C) 2021-present 8x8, Inc. -- local jid = require "util.jid"; diff --git a/resources/prosody-plugins/mod_token_verification.lua b/resources/prosody-plugins/mod_token_verification.lua index 6f0b4f600..387407cb3 100644 --- a/resources/prosody-plugins/mod_token_verification.lua +++ b/resources/prosody-plugins/mod_token_verification.lua @@ -1,5 +1,5 @@ -- Token authentication --- Copyright (C) 2015 Atlassian +-- Copyright (C) 2021-present 8x8, Inc. local log = module._log; local host = module.host; diff --git a/resources/prosody-plugins/token/util.lib.lua b/resources/prosody-plugins/token/util.lib.lua index 7a1661c71..816c26b40 100644 --- a/resources/prosody-plugins/token/util.lib.lua +++ b/resources/prosody-plugins/token/util.lib.lua @@ -1,5 +1,5 @@ -- Token authentication --- Copyright (C) 2015 Atlassian +-- Copyright (C) 2021-present 8x8, Inc. local basexx = require "basexx"; local have_async, async = pcall(require, "util.async");