From facfa877e3d5fb397e3b2428d784d5c6640c961c Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 2 May 2020 00:20:32 +0200 Subject: [PATCH] Adjust 'README.install'. --- README.install | 558 +++++++------------------------------------------ 1 file changed, 72 insertions(+), 486 deletions(-) diff --git a/README.install b/README.install index a6f09ed..00fbe73 100644 --- a/README.install +++ b/README.install @@ -1,4 +1,5 @@ # =========================================================================== +# # Git Repository Jitsi Meet Service # https://github.com/jitsi/jitsi-meet # @@ -9,6 +10,12 @@ # # Self-hosted Jitsi server with authentication # - https://dev.to/noandrea/self-hosted-jitsi-server-with-authentication-ie7 +# +# Requirements: +# +# - webserver nginx is installed +# - lets encrypt certificates available for $FQDN_HOSTNAME + # ============================================================================= FQND_HOSTNAME="meet.oopen.de" @@ -16,538 +23,117 @@ FQND_HOSTNAME="meet2.oopen.de" FQND_HOSTNAME="meet.faire-mobilitaet.de" FQND_HOSTNAME="video.faire-mobilitaet.de" +# --- +# 0.) Requirements +# --- + +# ---------- +# # 0.) Create new LX Container # # /root/bin/LXC/create-lx-container.sh # ... - - +# # 1.) Assign(Adjust user root # # lxc-attach -n meet # add_new_user.sh root - -# 2.) Base Install via ansible +# +# Base Install via ansible # # cd /home/chris/devel/git/git.oopen.de/ansible/oopen-server # ansible-playbook --limit meet.oopen.de ansible-dependencies.yml # ansible-playbook --limit meet.oopen.de common.yml # ansible-playbook --limit meet.oopen.de scripts/install-ulogd.yml # ansible-playbook --limit meet.oopen.de firewall.yml - -# 3.) Install Postfix SMTP Service (base) # -# cd /usr/local/src/mailsystem -# ./install_postfix_base.sh +# ---------- -# 4.) Install NGINX Web Service +# Adjust Firewall # -# cd /usr/local/src/nginx -# ./install_nginx.sh +cd /etc/ipt-firewall +... -# 5.) Install 'dehydrated-cron' (Let's Encrypt Certificates) +# Install Postfix SMTP Service (base) # -# Install Let's Encrypt Certificate -# -/usr/local/src/dehydrated-cron/install_dehydrated.sh +cd /usr/local/src/mailsystem +./install_postfix_base.sh +# Install Nginx Webserver +# +cd /usr/local/src/nginx +./install_nginx.sh + +# Install update mechanism for lets encrypt certificates +# +cd /usr/local/src/dehydrated-cron +./install_dehydrated.sh + +# Create certificate(s) +# # Adjust '/var/lib/dehydrated/domains.txt' # +# vim /var/lib/dehydrated/domains.txt +# cat <> /var/lib/dehydrated/domains.txt $FQND_HOSTNAME EOF - - -# Generate Certificate -# /var/lib/dehydrated/cron/dehydrated_cron.sh -Adjust 'DefaultLimitNOFILE' file /etc/systemd/system.conf -if ! $(grep -q -E "^\s*DefaultLimitNOFILE=" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^(\s*#DefaultLimitNOFILE=.*)/\1\nDefaultLimitNOFILE=1048576/" \ - /etc/systemd/system.conf -elif ! $(grep -q -E "^\s*DefaultLimitNOFILE=1048576" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^\s*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=1048576/" \ - /etc/systemd/system.conf -fi - -Adjust 'DefaultLimitNPROC' file /etc/systemd/system.conf -if ! $(grep -q -E "^\s*DefaultLimitNPROC=" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^(\s*#DefaultLimitNPROC=.*)/\1\nDefaultLimitNPROC=1048576/" \ - /etc/systemd/system.conf -elif ! $(grep -q -E "^\s*DefaultLimitNPROC=1048576" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^\s*DefaultLimitNPROC=.*/DefaultLimitNPROC=1048576/" \ - /etc/systemd/system.conf -fi - -Adjust 'DefaultTasksMax' file /etc/systemd/system.conf -if ! $(grep -q -E "^\s*DefaultTasksMax=" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^(\s*#DefaultTasksMax=.*)/\1\nDefaultTasksMax=1048576/" \ - /etc/systemd/system.conf -elif ! $(grep -q -E "^\s*DefaultTasksMax=1048576" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^\s*DefaultTasksMax=.*/DefaultTasksMax=1048576/" \ - /etc/systemd/system.conf -fi - -Adjust 'DefaultLimitRTPRIO' file /etc/systemd/system.conf -if ! $(grep -q -E "^\s*DefaultLimitRTPRIO=" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^(\s*#DefaultLimitRTPRIO=.*)/\1\nDefaultLimitRTPRIO=infinity/" \ - /etc/systemd/system.conf -elif ! $(grep -q -E "^\s*DefaultLimitRTPRIO=infinity" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^\s*DefaultLimitRTPRIO=.*/DefaultLimitRTPRIO=infinity/" \ - /etc/systemd/system.conf -fi - -Adjust 'DefaultLimitRTTIME' file /etc/systemd/system.conf -if ! $(grep -q -E "^\s*DefaultLimitRTTIME=" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^(\s*#DefaultLimitRTTIME=.*)/\1\nDefaultLimitRTTIME=infinity/" \ - /etc/systemd/system.conf -elif ! $(grep -q -E "^\s*DefaultLimitRTTIME=infinity" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^\s*DefaultLimitRTTIME=.*/DefaultLimitRTTIME=infinity/" \ - /etc/systemd/system.conf -fi - -Adjust 'DefaultLimitCORE' file /etc/systemd/system.conf -if ! $(grep -q -E "^\s*DefaultLimitCORE=" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^(\s*#DefaultLimitCORE=.*)/\1\nDefaultLimitCORE=infinity/" \ - /etc/systemd/system.conf -elif ! $(grep -q -E "^\s*DefaultLimitCORE=infinity" /etc/systemd/system.conf 2> /dev/null); then - perl -i -n -p -e "s/^\s*DefaultLimitCORE=.*/DefaultLimitCORE=infinity/" \ - /etc/systemd/system.conf -fi -systemctl daemon-reload +# --- +# 1.) Run script 'jitsi-pre-install.sh' +# --- + +/usr/local/src/jitsi/jitsi-pre-install.sh +# --- +# 2.) Install Jitsi Meet Service +# --- -# 6.) Install iptable firewall (optinal) -# -# cd /usr/local/src/ipt-server -# see: README.install - - -# 7.) -# -# - crontab -# - /etc/ssl - -cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/fullchain.pem -chmod 644 /etc/ssl/fullchain.pem - -cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/privkey.pem -chmod 644 /etc/ssl/privkey.pem - -ln -s fullchain.pem /etc/ssl/${FQND_HOSTNAME}.crt -ln -s privkey.pem /etc/ssl/${FQND_HOSTNAME}.key - -# 8.) Adjust -# -# - /etc/hostname (must contain this FQDN "meet.oopen.de") -# - /etc/hosts (127.0.0.1 localhost meet.example.org) -# - /etc/ssl - -# /etc/hostname -cat < /etc/hostname -$FQND_HOSTNAME -EOF - -# 9.) Install jitsi meet -# -# see: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md - -echo 'deb https://download.jitsi.org unstable/' > /etc/apt/sources.list.d/jitsi-unstable.list -wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add - -apt-get update - -# Install Jitsi Meet Service -# apt-get install jitsi-meet # !! Adjust nginx configuration !! - -# Maybe reinstall of 'jitsi-meet-turnserver' is needed.. +# ---------- # -# Note: not needed if 'unstable' packages are installed. +# # Maybe reinstall of 'jitsi-meet-turnserver' is needed.. +# # +# # Note: not needed if 'unstable' packages are installed. +# # +# #if [[ ! -h "/etc/nginx/modules-enabled/60-jitsi-meet.conf" ]] ; then +# # apt-get install --reinstall jitsi-meet-turnserver +# #fi # -#if [[ ! -h "/etc/nginx/modules-enabled/60-jitsi-meet.conf" ]] ; then -# apt-get install --reinstall jitsi-meet-turnserver -#fi - -cd /etc/nginx/modules-enabled - -# for streamin at leas module 'ngx_stream_module.so' is needed -# load_module modules/ngx_stream_module.so; +# cd /etc/nginx/modules-enabled # -# if [[ ! -h /etc/nginx/modules-enabled/50-mod-stream.conf ]] ; then -# ln -s /usr/share/nginx/modules-available/mod-stream.conf 50-mod-stream.conf -# fi +# # for streaming at leas module 'ngx_stream_module.so' is needed +# # load_module modules/ngx_stream_module.so; +# # +# # if [[ ! -h /etc/nginx/modules-enabled/50-mod-stream.conf ]] ; then +# # ln -s /usr/share/nginx/modules-available/mod-stream.conf 50-mod-stream.conf +# # fi +# # +# # But we will load all available modules: +# # +# for _file in $(ls /usr/share/nginx/modules-available/) ; do +# [[ -d "/usr/share/nginx/modules-available/${_file}" ]] && continue +# [[ -h "/etc/nginx/modules-enabled/50-${_file}" ]] && continue +# ln -s "/usr/share/nginx/modules-available/${_file}" "/etc/nginx/modules-enabled/50-${_file}" +# echo $_file +# done # -# But we will load all available modules: -# -for _file in $(ls /usr/share/nginx/modules-available/) ; do - [[ -d "/usr/share/nginx/modules-available/${_file}" ]] && continue - [[ -h "/etc/nginx/modules-enabled/50-${_file}" ]] && continue - ln -s "/usr/share/nginx/modules-available/${_file}" "/etc/nginx/modules-enabled/50-${_file}" - echo $_file -done - - -# Addjust file nginx vhost congiguration '/etc/nginx/sites-enabled/${FQND_HOSTNAME}.conf' -# -# -# At section 'server' (configuration for port 80) replace -# -# location ^~ /.well-known/acme-challenge/ { -# default_type "text/plain"; -# root /usr/share/jitsi-meet; -# } -# location = /.well-known/acme-challenge/ { -# return 404; -# } -# -# with -# -# # - Needed for (automated) updating certificate -# # - -# include snippets/letsencrypt-acme-challenge.conf; -# -vim /etc/nginx/sites-enabled/${FQND_HOSTNAME}.conf - -# Add FQND hostname to /var/lib/dehydrated/domains.txt -# -echo "$FQND_HOSTNAME" > /var/lib/dehydrated/domains.txt - -# Create Certificate -# -/var/lib/dehydrated/cron/dehydrated_cron.sh - -# Change directives 'ssl_certificate'and 'ssl_certificate_key' to -# meet the new certificate/key locations -# -/var/lib/dehydrated/tools/change_ssl_directives.sh +# ---------- # --- -# 10. Install cronjob to adjust certificates at directory '/etc/ssl' -#--- - -# Prepare configuration file for check coTURN service -# -cp /root/bin/monitoring/conf/check_cert_for_service.conf.sample \ - /root/bin/monitoring/conf/check_cert_for_service.conf - -# Prepare configuration file for 'service_name' -# -if ! $(grep -q -E "^\s*service_name=\"coTURN\"" /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#service_name.*)/#\1\nservice_name=\"coTURN\"/" \ - /root/bin/monitoring/conf/check_cert_for_service.conf -fi - -# Prepare configuration file for 'check_string_ps' -# -if ! $(grep -q -E "^\s*check_string_ps=\"\[\[:digit:\]\]\\\ /usr/bin/turnserver\"" \ - /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#check_string_ps*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ \/usr\/bin\/turnserver\"/" \ - /root/bin/monitoring/conf/check_cert_for_service.conf -fi - -# Prepare configuration file for 'service_user' -# -if ! $(grep -q -E "^\s*service_user=\"turnserver\"" \ - /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#service_user.*)/#\1\nservice_user=\"turnserver\"/" \ - /root/bin/monitoring/conf/check_cert_for_service.conf -fi - -# Prepare configuration file for 'service_group' -# -if ! $(grep -q -E "^\s*service_group=\"turnserver\"" \ - /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#service_group.*)/#\1\nservice_group=\"turnserver\"/" \ - /root/bin/monitoring/conf/check_cert_for_service.conf -fi - -# Prepare configuration file for 'cert_installed' -# -if ! $(grep -q -E "^\s*cert_installed=\"/etc/ssl/fullchain.pem\"" \ - /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#cert_installed.*)/#\1\ncert_installed=\"\/etc\/ssl\/fullchain.pem\"/" \ - /root/bin/monitoring/conf/check_cert_for_service.conf -fi - -# Prepare configuration file for 'key_installed' -# -if ! $(grep -q -E "^\s*key_installed=\"/etc/ssl/privkey.pem\"" \ - /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#key_installed.*)/#\1\nkey_installed=\"\/etc\/ssl\/privkey.pem\"/" \ - /root/bin/monitoring/conf/check_cert_for_service.conf -fi - -# Prepare configuration file for 'cert_newest' -# -if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/fullchain.pem\"" \ - /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then - perl -i -n -p -e \ - "s/^(#cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/fullchain.pem\"/" \ - /root/bin/monitoring/conf/check_cert_for_service.conf -fi - -# Prepare configuration file for 'key_newest' -# -if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/privkey.pem\"" \ - /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then - perl -i -n -p -e \ - "s/^(#key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/privkey.pem\"/" \ - /root/bin/monitoring/conf/check_cert_for_service.conf -fi - -# Initial -/root/bin/monitoring//check_cert_for_service.sh - -# Add Cronjob for checcking if certificate/key is up to date -# -_crontab_tmp_file=/tmp/crontab_root.$$ -crontab -l > "$_crontab_tmp_file" 2> /dev/null - -if ! $(grep -q "/root/bin/monitoring/check_cert_for_service.sh" "$_crontab_tmp_file" 2>/dev/null) ; then - cat <> "$_crontab_tmp_file" - -# - Check if cert for coTURN service is -# - -39 05 * * * /root/bin/monitoring/check_cert_for_service.sh -EOF -fi -crontab "$_crontab_tmp_file" -rm -f "$_crontab_tmp_file" - - -# Prepare configuration file for check certificates for prosody service -# -cp /root/bin/monitoring/conf/check_cert_for_prosody.conf.sample \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf - -# Prepare configuration file for 'service_name' -# -if ! $(grep -q -E "^\s*service_domain=\"${FQND_HOSTNAME}\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#service_domain.*)/#\1\nservice_domain=\"${FQND_HOSTNAME}\"/" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf -fi - -if ! $(grep -q -E "^\s*service_name=\"Prosody\"" /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#service_name.*)/#\1\nservice_name=\"Prosody\"/" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf -fi - -# Prepare configuration file for 'check_string_ps' -# -if ! $(grep -q -E "^\s*check_string_ps=\"[[:digit:]]\\ lua[[:digit:]].[[:digit:]] /usr/bin/prosody\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#check_string_ps.*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ lua[[:digit:]].[[:digit:]] \/usr\/bin\/prosody\"/" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf -fi - -# Prepare configuration file for 'service_user' -# -if ! $(grep -q -E "^\s*service_user=\"prosody\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#service_user.*)/#\1\nservice_user=\"prosody\"/" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf -fi - -# Prepare configuration file for 'service_group' -# -if ! $(grep -q -E "^\s*service_group=\"prosody\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#service_group.*)/#\1\nservice_group=\"prosody\"/" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf -fi - -# Prepare configuration file for 'cert_installed' -# -if ! $(grep -q -E "^\s*cert_installed=\"/etc/prosody/certs/${FQND_HOSTNAME}.crt\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#cert_installed.*)/#\1\ncert_installed=\"\/etc\/prosody\/certs\/${FQND_HOSTNAME}.crt\"/" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf -fi - -# Prepare configuration file for 'key_installed' -# -if ! $(grep -q -E "^\s*key_installed=\"/etc/prosody/certs/${FQND_HOSTNAME}.key\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then - perl -i -n -p -e "s/^(#key_installed.*)/#\1\nkey_installed=\"\/etc\/prosody\/certs\/${FQND_HOSTNAME}.key\"/" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf -fi - -# Prepare configuration file for 'cert_newest' -# -if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/fullchain.pem\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then - perl -i -n -p -e \ - "s/^(#cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/fullchain.pem\"/" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf -fi - -# Prepare configuration file for 'key_newest' -# -if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/privkey.pem\"" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf 2> /dev/null) ; then - perl -i -n -p -e \ - "s/^(#key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/privkey.pem\"/" \ - /root/bin/monitoring/conf/check_cert_for_prosody.conf -fi - -# Initial -/root/bin/monitoring//check_cert_for_prosody.sh - -# Add Cronjob for checcking if certificate/key is up to date -# -_crontab_tmp_file=/tmp/crontab_root.$$ -crontab -l > "$_crontab_tmp_file" 2> /dev/null - -if ! $(grep -q "/root/bin/monitoring/check_cert_for_prosody.sh" "$_crontab_tmp_file" 2>/dev/null) ; then - cat <> "$_crontab_tmp_file" - -# - Check if cert(s) for prosody service are up-to-date -# - -13 05 * * * /root/bin/monitoring/check_cert_for_prosody.sh -EOF -fi -crontab "$_crontab_tmp_file" -rm -f "$_crontab_tmp_file" - - -# --- -# 11.) Configure Jitsi Meet +# 3.) Run script 'jitsi-post-install.sh' # --- -# First of all we configure the videobridge. -# -# Open /etc/jitsi/videobridge/sip-communicator.properties and add: -# -# # disable the built-in webserver (required) -# org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true -# # sometimes the above setting does not work, therefore we change the port too (required) -# org.jitsi.videobridge.TCP_HARVESTER_PORT=4443 -# # sometimes the above setting does not work, therefore we change the port too (required) -# org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443 -# # disable statistics to third parties (optional) -## org.jitsi.videobridge.ENABLE_STATISTICS=false -# cat <> /etc/jitsi/videobridge/sip-communicator.properties +/usr/local/src/jitsi/jitsi-post-install.sh -# -# It is important to remove the comments (# comment)! Otherwise they will not work! - -cat <> /etc/jitsi/videobridge/sip-communicator.properties - -# disable the built-in webserver (required) -org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true -# sometimes the above setting does not work, therefore we change the port too (required) -org.jitsi.videobridge.TCP_HARVESTER_PORT=4443 -# sometimes the above setting does not work, therefore we change the port too (required) -org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=443 -# disable statistics to third parties (optional) -# DOES NOT WORK -#org.jitsi.videobridge.ENABLE_STATISTICS=false -EOF - - -# Open /etc/jitsi/meet/${FQND_HOSTNAME}-config.js: -# -# Uncomment and change // disableThirdPartyRequests: false to true -# -# !! DOES NOT WORK !! -# -#if ! $(grep -q -E "^\s*disableThirdPartyRequests:\s+true" /etc/jitsi/meet/${FQND_HOSTNAME}-config.js) ; then -# perl -i -n -p -e "s#^(\s*)(//\s*disableThirdPartyRequests.*)#\1\2\n\1disableThirdPartyRequests: true#" \ -# /etc/jitsi/meet/${FQND_HOSTNAME}-config.js -#fi - - -# Replace the google stun servers under stunServers: with other more privacy -# respecting ones. There is a list available on this GitHub gist. I can -# recommend you to use the following: -# -# { urls: 'stun.nextcloud.com:443' }, -# { urls: 'stun.stunprotocol.org:3478' }, -# { urls: 'stun.services.mozilla.com:3478' } -# -vim /etc/jitsi/meet/${FQND_HOSTNAME}-config.js - - -# --- -# 12.) Configure Prosody (avoid error message "portmanager error Error binding encrypted port for https.." -# --- - -# Edit file /etc/prosody/conf.d/${FQND_HOSTNAME}.cfg.lua -# -# after line (the location this is important) -# consider_bosh_secure = true; -# -# add the following lines: -# bosh_ports = { -# { -# port = 5280; -# path = "http-bind"; -# }, -# { -# port = 5281; -# path = "http-bind"; -# ssl = { -# certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt"; -# key = "/etc/prosody/certs/${FQND_HOSTNAME}.key"; -# } -# } -# } -# -# http_ports = { 5280 } -# http_interfaces = { "localhost" } -# -# https_ports = { 5281 } -# https_interfaces = { "localhost" } -# -# https_ssl = { -# certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt"; -# key = "/etc/prosody/certs/${FQND_HOSTNAME}.key"; -# } -# -cat <> /etc/prosody/conf.d/${FQND_HOSTNAME}.cfg.lua - -bosh_ports = { - { - port = 5280; - path = "http-bind"; - }, - { - port = 5281; - path = "http-bind"; - ssl = { - certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt"; - key = "/etc/prosody/certs/${FQND_HOSTNAME}.key"; - } - } -} - -http_ports = { 5280 } -http_interfaces = { "localhost" } - -https_ports = { 5281 } -https_interfaces = { "localhost" } - -https_ssl = { - certificate = "/etc/prosody/certs/${FQND_HOSTNAME}.crt"; - key = "/etc/prosody/certs/${FQND_HOSTNAME}.key"; -} -EOF - -# -vim /etc/prosody/conf.d/${FQND_HOSTNAME}.cfg.lua - -# =============================== -# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R "meet.oopen.de" -# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R ""159.69.74.155 -# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R "2a01:4f8:231:19a7::155"