feat: Adds LE choice when installing debian package. (#12154)

* feat: Adds LE choice when installing debian package. * Update debian/jitsi-meet-web-config.templates Co-authored-by: raluca8x8 <raluca.tocmag@8x8.com> * squash: Print in the console the JaaS link everytime. * squash: Note that JaaS does not support self-signed certs. * squash: Fix message. * squash: Moves acme.sh stuff into a script, so it is easy to re-run. Co-authored-by: raluca8x8 <raluca.tocmag@8x8.com>
2025-12-30 11:22:31 +00:00 · 2022-09-13 07:55:00 -05:00
parent 139884fbe7
commit 079a2a505d
13 changed files with 167 additions and 215 deletions
--- a/doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh
+++ b/doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh
@@ -1,45 +0,0 @@
-#!/bin/sh
-
-set -e
-
-COTURN_CERT_DIR="/etc/coturn/certs"
-TURN_CONFIG="/etc/turnserver.conf"
-
-# create a directory to store certs if it does not exists
-if [ ! -d "$COTURN_CERT_DIR" ]; then
-    mkdir -p $COTURN_CERT_DIR
-    chown -R turnserver:turnserver /etc/coturn/
-    chmod -R 700 /etc/coturn/
-fi
-
-# This is a template and when copied to /etc/letsencrypt/renewal-hooks/deploy/
-# during creating the Let's encrypt certs script
-# jitsi-meet.example.com will be replaced with the real domain of deployment
-for domain in $RENEWED_DOMAINS; do
-        case $domain in
-        jitsi-meet.example.com)
-                # Make sure the certificate and private key files are
-                # never world readable, even just for an instant while
-                # we're copying them into daemon_cert_root.
-                umask 077
-
-                cp "$RENEWED_LINEAGE/fullchain.pem" "$COTURN_CERT_DIR/$domain.fullchain.pem"
-                cp "$RENEWED_LINEAGE/privkey.pem" "$COTURN_CERT_DIR/$domain.privkey.pem"
-
-                # Apply the proper file ownership and permissions for
-                # the daemon to read its certificate and key.
-                chown turnserver "$COTURN_CERT_DIR/$domain.fullchain.pem" \
-                        "$COTURN_CERT_DIR/$domain.privkey.pem"
-                chmod 400 "$COTURN_CERT_DIR/$domain.fullchain.pem" \
-                        "$COTURN_CERT_DIR/$domain.privkey.pem"
-
-                if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
-                    echo "Configuring turnserver"
-                    sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${domain}.fullchain.pem" $TURN_CONFIG
-                    sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${domain}.privkey.pem" $TURN_CONFIG
-                fi
-                service coturn restart
-                ;;
-        esac
-done
-
--- a/doc/debian/jitsi-meet-turn/turnserver.conf
+++ b/doc/debian/jitsi-meet-turn/turnserver.conf
@@ -16,6 +16,8 @@ no-tlsv1
 no-tlsv1_1
 # https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
 cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+# without it there are errors when running on Ubuntu 20.04
+dh2066
 # jitsi-meet coturn relay disable config. Do not modify this line
 denied-peer-ip=0.0.0.0-0.255.255.255
 denied-peer-ip=10.0.0.0-10.255.255.255