Update installation documentation.
This commit is contained in:
parent
84d313c1fb
commit
2b0289307e
165
README.install
165
README.install
@ -175,7 +175,7 @@ echo "$FQND_HOSTNAME" > /var/lib/dehydrated/domains.txt
|
||||
# 10. Install cronjob to adjust certificates at directory '/etc/ssl'
|
||||
#---
|
||||
|
||||
# Prepare cnfiguration file
|
||||
# Prepare configuration file for check coTURN service
|
||||
#
|
||||
cp /root/bin/monitoring/conf/check_cert_for_service.conf.sample \
|
||||
/root/bin/monitoring/conf/check_cert_for_service.conf
|
||||
@ -265,6 +265,101 @@ crontab "$_crontab_tmp_file"
|
||||
rm -f "$_crontab_tmp_file"
|
||||
|
||||
|
||||
# Prepare configuration file for check certificates for prosody service
|
||||
#
|
||||
cp /root/bin/monitoring/conf/check_cert_for_prosody.conf.sample \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
|
||||
# Prepare configuration file for 'service_name'
|
||||
#
|
||||
if ! $(grep -q -E "^\s*service_domain=\"${FQND_HOSTNAME}\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
||||
perl -i -n -p -e "s/^(#service_domain.*)/#\1\nservice_domain=\"${FQND_HOSTNAME}\"/" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
fi
|
||||
|
||||
if ! $(grep -q -E "^\s*service_name=\"Prosody\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
||||
perl -i -n -p -e "s/^(#service_name.*)/#\1\nservice_name=\"Prosody\"/" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
fi
|
||||
|
||||
# Prepare configuration file for 'check_string_ps'
|
||||
#
|
||||
if ! $(grep -q -E "^\s*check_string_ps=\"[[:digit:]]\\ lua[[:digit:]].[[:digit:]] /usr/bin/prosody\"" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
||||
perl -i -n -p -e "s/^(#check_string_ps.*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ lua[[:digit:]].[[:digit:]] \/usr\/bin\/prosody\"/" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
fi
|
||||
|
||||
# Prepare configuration file for 'service_user'
|
||||
#
|
||||
if ! $(grep -q -E "^\s*service_user=\"prosody\"" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
||||
perl -i -n -p -e "s/^(#service_user.*)/#\1\nservice_user=\"prosody\"/" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
fi
|
||||
|
||||
# Prepare configuration file for 'service_group'
|
||||
#
|
||||
if ! $(grep -q -E "^\s*service_group=\"prosody\"" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
||||
perl -i -n -p -e "s/^(#service_group.*)/#\1\nservice_group=\"prosody\"/" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
fi
|
||||
|
||||
# Prepare configuration file for 'cert_installed'
|
||||
#
|
||||
if ! $(grep -q -E "^\s*cert_installed=\"/etc/prosody/certs/${FQND_HOSTNAME}.crt\"" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
||||
perl -i -n -p -e "s/^(#cert_installed.*)/#\1\ncert_installed=\"\/etc\/prosody\/certs\/${FQND_HOSTNAME}.crt\"/" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
fi
|
||||
|
||||
# Prepare configuration file for 'key_installed'
|
||||
#
|
||||
if ! $(grep -q -E "^\s*key_installed=\"/etc/prosody/certs/${FQND_HOSTNAME}.key\"" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
||||
perl -i -n -p -e "s/^(#key_installed.*)/#\1\nkey_installed=\"\/etc\/prosody\/certs\/${FQND_HOSTNAME}.key\"/" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
fi
|
||||
|
||||
# Prepare configuration file for 'cert_newest'
|
||||
#
|
||||
if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/fullchain.pem\"" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
||||
perl -i -n -p -e \
|
||||
"s/^(#cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/fullchain.pem\"/" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
fi
|
||||
|
||||
# Prepare configuration file for 'key_newest'
|
||||
#
|
||||
if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/privkey.pem\"" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then
|
||||
perl -i -n -p -e \
|
||||
"s/^(#key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/privkey.pem\"/" \
|
||||
/root/bin/monitoring/conf/check_cert_for_prosody.conf
|
||||
fi
|
||||
|
||||
# Initial
|
||||
/root/bin/monitoring//check_cert_for_prosody.sh
|
||||
|
||||
# Add Cronjob for checcking if certificate/key is up to date
|
||||
#
|
||||
_crontab_tmp_file=/tmp/crontab_root.$$
|
||||
crontab -l > "$_crontab_tmp_file" 2> /dev/null
|
||||
|
||||
if ! $(grep -q "/root/bin/monitoring/check_cert_for_prosody.sh" "$_crontab_tmp_file" 2>/dev/null) ; then
|
||||
cat <<EOF >> "$_crontab_tmp_file"
|
||||
|
||||
# - Check if cert(s) for prosody service are up-to-date
|
||||
# -
|
||||
13 05 * * * /root/bin/monitoring/check_cert_for_prosody.sh
|
||||
EOF
|
||||
fi
|
||||
crontab "$_crontab_tmp_file"
|
||||
rm -f "$_crontab_tmp_file"
|
||||
|
||||
|
||||
# ---
|
||||
# 11.) Configure Jitsi Meet
|
||||
# ---
|
||||
@ -323,6 +418,74 @@ EOF
|
||||
vim /etc/jitsi/meet/${FQND_HOSTNAME}-config.js
|
||||
|
||||
|
||||
# ---
|
||||
# 12.) Configure Prosody (avoid error message "portmanager error Error binding encrypted port for https.."
|
||||
# ---
|
||||
|
||||
# Edit file /etc/prosody/conf.d/${FQND_HOSTNAME}.cfg.lua
|
||||
#
|
||||
# after line (the location this is important)
|
||||
# consider_bosh_secure = true;
|
||||
#
|
||||
# add the following lines:
|
||||
# bosh_ports = {
|
||||
# {
|
||||
# port = 5280;
|
||||
# path = "http-bind";
|
||||
# },
|
||||
# {
|
||||
# port = 5281;
|
||||
# path = "http-bind";
|
||||
# ssl = {
|
||||
# certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt";
|
||||
# key = "/etc/prosody/certs/${FQND_HOSTNAME}.key";
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# http_ports = { 5280 }
|
||||
# http_interfaces = { "localhost" }
|
||||
#
|
||||
# https_ports = { 5281 }
|
||||
# https_interfaces = { "localhost" }
|
||||
#
|
||||
# https_ssl = {
|
||||
# certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt";
|
||||
# key = "/etc/prosody/certs/${FQND_HOSTNAME}.key";
|
||||
# }
|
||||
#
|
||||
cat <<EOF >> /etc/prosody/conf.d/${FQND_HOSTNAME}.cfg.lua
|
||||
|
||||
bosh_ports = {
|
||||
{
|
||||
port = 5280;
|
||||
path = "http-bind";
|
||||
},
|
||||
{
|
||||
port = 5281;
|
||||
path = "http-bind";
|
||||
ssl = {
|
||||
certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt";
|
||||
key = "/etc/prosody/certs/${FQND_HOSTNAME}.key";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
http_ports = { 5280 }
|
||||
http_interfaces = { "localhost" }
|
||||
|
||||
https_ports = { 5281 }
|
||||
https_interfaces = { "localhost" }
|
||||
|
||||
https_ssl = {
|
||||
certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt";
|
||||
key = "/etc/prosody/certs/${FQND_HOSTNAME}.key";
|
||||
}
|
||||
EOF
|
||||
|
||||
#
|
||||
vim /etc/prosody/conf.d/${FQND_HOSTNAME}.cfg.lua
|
||||
|
||||
# ===============================
|
||||
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R "meet.oopen.de"
|
||||
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R ""159.69.74.155
|
||||
|
||||
Loading…
Reference in New Issue
Block a user