install/jitsi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
780ddea798
jitsi/README.install
Christoph 780ddea798 Initial commit
2020-04-05 02:31:13 +02:00

249 lines
7.7 KiB
Plaintext
Raw Blame History

# ===========================================================================
# Git Repository Jitsi Meet Service
# https://github.com/jitsi/jitsi-meet
#
# see:
# - https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md
#
# - https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md
#
# Self-hosted Jitsi server with authentication
# - https://dev.to/noandrea/self-hosted-jitsi-server-with-authentication-ie7
# =============================================================================
FQND_HOSTNAME="meet.oopen.de"
FQND_HOSTNAME="meet.faire-mobilitaet.de"
# 0.) Create new LX Container
#
# /root/bin/LXC/create-lx-container.sh
# ...
# 1.) Assign(Adjust user root
#
# lxc-attach -n meet
# add_new_user.sh root
# 2.) Base Install via ansible
#
# cd /home/chris/devel/git/git.oopen.de/ansible/oopen-server
# ansible-playbook --limit meet.oopen.de ansible-dependencies.yml
# ansible-playbook --limit meet.oopen.de common.yml
# ansible-playbook --limit meet.oopen.de scripts/install-ulogd.yml
# 3.) Install Postfix SMTP Service (base)
#
# cd /usr/local/src/mailsystem
# ./install_postfix_base.sh
# 4.) Install iptable firewall (optinal)
#
# cd /usr/local/src/ipt-server
# see: README.install
# 5.)
#
# - crontab
# - /etc/ssl
cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/fullchain.pem
chmod 644 /etc/ssl/fullchain.pem
cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/privkey.pem
chmod 644 /etc/ssl/privkey.pem
ln -s fullchain.pem /etc/ssl/${FQND_HOSTNAME}.crt
ln -s privkey.pem /etc/ssl/${FQND_HOSTNAME}.key
# 5.) Adjust
#
# - /etc/hostname (must contain this FQDN "meet.oopen.de")
# - /etc/hosts (127.0.0.1 localhost meet.example.org)
# - /etc/ssl
# - /var/lib/dehydrated
# /etc/hostname
cat <<EOF > /etc/hostname
$FQND_HOSTNAME
EOF
# 6.) Install jitsi meet
#
# see: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md
echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
apt-get update
# Install Jitsi Meet Service
#
apt-get install jitsi-meet
# Maybe reinstall of 'jitsi-meet-turnserver' is needed..
#
if [[ ! -h "/etc/nginx/modules-enabled/60-jitsi-meet.conf" ]] ; then
apt-get install --reinstall jitsi-meet-turnserver
fi
cd /etc/nginx/modules-enabled
# for streamin at leas module 'ngx_stream_module.so' is needed
# load_module modules/ngx_stream_module.so;
#
# if [[ ! -h /etc/nginx/modules-enabled/50-mod-stream.conf ]] ; then
# ln -s /usr/share/nginx/modules-available/mod-stream.conf 50-mod-stream.conf
# fi
#
# But we will load all available modules:
#
for _file in $(ls /usr/share/nginx/modules-available/) ; do
[[ -d "/usr/share/nginx/modules-available/${_file}" ]] && continue
[[ -h "/etc/nginx/modules-enabled/50-${_file}" ]] && continue
ln -s "/usr/share/nginx/modules-available/${_file}" "/etc/nginx/modules-enabled/50-${_file}"
echo $_file
done
# Install Let's Encrypt Certificate
#
/usr/local/src/dehydrated-cron/install_dehydrated.sh
# Addjust file nginx vhost congiguration '/etc/nginx/sites-enabled/${FQND_HOSTNAME}.conf'
#
#
# At section 'server' (configuration for port 80) replace
#
# location ^~ /.well-known/acme-challenge/ {
# default_type "text/plain";
# root /usr/share/jitsi-meet;
# }
# location = /.well-known/acme-challenge/ {
# return 404;
# }
#
# with
#
# # - Needed for (automated) updating certificate
# # -
# include snippets/letsencrypt-acme-challenge.conf;
#
vim /etc/nginx/sites-enabled/${FQND_HOSTNAME}.conf
# Add FQND hostname to /var/lib/dehydrated/domains.txt
#
echo "$FQND_HOSTNAME" > /var/lib/dehydrated/domains.txt
# Create Certificate
#
/var/lib/dehydrated/cron/dehydrated_cron.sh
# Change directives 'ssl_certificate'and 'ssl_certificate_key' to
# meet the new certificate/key locations
#
/var/lib/dehydrated/tools/change_ssl_directives.sh
# ---
# 7. Install cronjob to adjust certificates at directory '/etc/ssl'
#---
# Prepare cnfiguration file
#
cp /root/bin/monitoring/conf/check_cert_for_service.conf.sample \
/root/bin/monitoring/conf/check_cert_for_service.conf
# Prepare configuration file for 'service_name'
#
if ! $(grep -q -E "^\s*service_name=\"coTURN\"" /root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
perl -i -n -p -e "s/^(#service_name.*)/#\1\nservice_name=\"coTURN\"/" \
/root/bin/monitoring/conf/check_cert_for_service.conf
fi
# Prepare configuration file for 'check_string_ps'
#
if ! $(grep -q -E "^\s*check_string_ps=\"[[:digit:]]\\ /usr/bin/turnserver\"" \
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
perl -i -n -p -e "s/^(#check_string_ps*)/#\1\ncheck_string_ps=\"[[:digit:]]\\\ \/usr\/bin\/turnserver\"/" \
/root/bin/monitoring/conf/check_cert_for_service.conf
fi
# Prepare configuration file for 'service_user'
#
if ! $(grep -q -E "^\s*service_user=\"turnserver\"" \
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
perl -i -n -p -e "s/^(#service_user.*)/#\1\nservice_user=\"turnserver\"/" \
/root/bin/monitoring/conf/check_cert_for_service.conf
fi
# Prepare configuration file for 'service_group'
#
if ! $(grep -q -E "^\s*service_group=\"turnserver\"" \
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
perl -i -n -p -e "s/^(#service_group.*)/#\1\nservice_group=\"turnserver\"/" \
/root/bin/monitoring/conf/check_cert_for_service.conf
fi
# Prepare configuration file for 'cert_installed'
#
if ! $(grep -q -E "^\s*cert_installed=\"/etc/ssl/fullchain.pem\"" \
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
perl -i -n -p -e "s/^(#cert_installed.*)/#\1\ncert_installed=\"\/etc\/ssl\/fullchain.pem\"/" \
/root/bin/monitoring/conf/check_cert_for_service.conf
fi
# Prepare configuration file for 'key_installed'
#
if ! $(grep -q -E "^\s*key_installed=\"/etc/ssl/privkey.pem\"" \
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
perl -i -n -p -e "s/^(#key_installed.*)/#\1\nkey_installed=\"\/etc\/ssl\/privkey.pem\"/" \
/root/bin/monitoring/conf/check_cert_for_service.conf
fi
# Prepare configuration file for 'cert_newest'
#
if ! $(grep -q -E "^\s*cert_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/fullchain.pem\"" \
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
perl -i -n -p -e \
"s/^(#cert_newest.*)/#\1\ncert_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/fullchain.pem\"/" \
/root/bin/monitoring/conf/check_cert_for_service.conf
fi
# Prepare configuration file for 'key_newest'
#
if ! $(grep -q -E "^\s*key_newest=\"/var/lib/dehydrated/certs/${FQND_HOSTNAME}/privkey.pem\"" \
/root/bin/monitoring/conf/check_cert_for_service.conf 2> /dev/null) ; then
perl -i -n -p -e \
"s/^(#key_newest.*)/#\1\nkey_newest=\"\\/var\/lib\/dehydrated\/certs\/${FQND_HOSTNAME}\/privkey.pem\"/" \
/root/bin/monitoring/conf/check_cert_for_service.conf
fi
# Initial
/root/bin/monitoring//check_cert_for_service.sh
# Add Cronjob for checcking if certificate/key is up to date
#
_crontab_tmp_file=/tmp/crontab_root.$$
crontab -l > "$_crontab_tmp_file" 2> /dev/null
if ! $(grep -q "/root/bin/monitoring/check_cert_for_service.sh" "$_crontab_tmp_file" 2>/dev/null) ; then
cat <<EOF >> "$_crontab_tmp_file"
# - Check if cert for coTURN service is
# -
39 05 * * * /root/bin/monitoring/check_cert_for_service.sh
EOF
fi
crontab "$_crontab_tmp_file"
rm -f "$_crontab_tmp_file"
# ===============================
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R "meet.oopen.de"
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R ""159.69.74.155
# ssh-keygen -f "/home/chris/.ssh/known_hosts" -R "2a01:4f8:231:19a7::155"
Reference in New Issue View Git Blame Copy Permalink