Commit a030e89a authored by pedrolab's avatar pedrolab

jitsi: update

parent 683d8712
......@@ -5,7 +5,7 @@
- [Quick install instructions](#quick-install-instructions)
- [Alternate installers](#alternate-installers)
- [Extra configurations](#extra-configurations)
- [Suggested config file for nginx](#suggested-config-file-for-nginx)
- [Config file for webserver nginx or apache](#config-file-for-webserver-nginx-or-apache)
- [Ways to change default welcome page and watermark logo](#ways-to-change-default-welcome-page-and-watermark-logo)
- [Maintaining config.json file](#maintaining-configjson-file)
- [Disable audio levels](#disable-audio-levels)
......@@ -13,7 +13,7 @@
- [Adjust channelLastN](#adjust-channellastn)
- [Start video muted parameter](#start-video-muted-parameter)
- [Localise your jitsi instance](#localise-your-jitsi-instance)
- [Authentication to room creationg](#authentication-to-room-creationg)
- [Authentication to room creation](#authentication-to-room-creation)
- [Privacy](#privacy)
- [Disable third party stuff](#disable-third-party-stuff)
- [Stun turn server (optional)](#stun-turn-server-optional)
......@@ -62,99 +62,24 @@ You need *good* HTTPS to use jitsi meet. check this guide to use them with nginx
*from now on assuming domain `jitsi.example.com`*
## Suggested config file for nginx
## Config file for webserver nginx or apache
so I see that default configs I found in internet are not working (tested during 10 minutes) so I am sharing mine that works in production since long time ago in debian9 suggested place `/etc/nginx/sites-enabled/jitsi.example.com`
and here looks like this is the most updated nginx config file provided by jitsi `/usr/share/jitsi-meet-web-config/jitsi-meet.example` in the same directory there is another file for apache named `jitsi-meet.example-apache`
I recommend using nginx, if this is not automatically done by *jitsi quick install*
```
server_names_hash_bucket_size 64;
server {
listen 80;
listen [::]:80;
server_name jitsi.example.com;
location /.well-known {
default_type "text/plain";
allow all;
root /var/www/html;
}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jitsi.example.com;
# good security tips ON - check yours: https://www.ssllabs.com/ssltest/analyze.html?d=matrix.example.com&latest
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
# Ciphers based on the Mozilla SSL Configuration Generator
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# this is important thing to have good rating in https://www.ssllabs.com/ssltest/
# run: `openssl dhparam -out /etc/ssl/dhparams2048.pem 2048` src https://weakdh.org/sysadmin.html extra src https://gist.github.com/plentz/6737338
#ssl_dhparam /etc/ssl/dhparams2048.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
# enable session resumption to improve https performance
# http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# good security tips OFF
ssl_certificate /etc/letsencrypt/live/jitsi.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jitsi.example.com/privkey.pem;
root /usr/share/jitsi-meet;
index index.html index.htm;
error_page 404 /static/404.html;
location /config.js {
alias /etc/jitsi/meet/jitsi.example.com-config.js;
}
# allow more variety of characters for jitsi rooms (tested, works) -> src https://github.com/jitsi/jitsi-meet/issues/312#issuecomment-354418529
#location ~ ^/([a-zA-Z0-9=\?]+)$ {
# rewrite ^/(.*)$ / break;
#}
location / {
ssi on;
try_files $uri /index.html;
}
# suggested by jitsi-meet-electron -> src https://github.com/jitsi/jitsi-meet-electron/blob/master/README.md#using-it-with-your-own-jitsi-meet-installation
location /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
## Backward compatibility
#location ~ /external_api.* {
# root /usr/share/jitsi-meet/libs;
#}
cp /usr/share/jitsi-meet-web-config/jitsi-meet.example /etc/nginx/sites-available/jitsi.example.com
ln -s /etc/nginx/sites-available/jitsi.example.com /etc/nginx/sites-enabled/jitsi.example.com
nginx -t
systemctl reload nginx
```
# BOSH
location /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
In case you use apache2's case: here is the config file `/usr/share/jitsi-meet-web-config/jitsi-meet.example-apache`
location /.well-known {
default_type "text/plain";
allow all;
root /var/www/html;
}
}
```
cp /usr/share/jitsi-meet-web-config/jitsi-meet.example-apache /etc/apache2/sites-available/jitsi.example.com
a2ensite jitsi.example.com
apache2ctl configtest
systemctl reload apache2
```
## Ways to change default welcome page and watermark logo
......@@ -285,13 +210,11 @@ In file `/etc/jitsi/meet/jitsi.example.com-config.js`
uncomment default language and put one of the possibilities: https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json
### Authentication to room creationg
TODO: testing and better documentation
### Authentication to room creation
Meanwhile, use this guide https://guides.lw1.at/books/how-to-install-jitsi-meet-on-debian-or-ubuntu/page/adding-authentification-to-room-creation
Works https://guides.lw1.at/books/how-to-install-jitsi-meet-on-debian-or-ubuntu/page/adding-authentification-to-room-creation
and here is puppet config for lua-ldap https://gitlab.com/MaadiX/jitsi-meet / https://gitlab.com/MaadiX/jitsi-meet/-/blob/master/manifests/jitsi.pp
TODO test ldap config with lua-ldap https://gitlab.com/MaadiX/jitsi-meet / https://gitlab.com/MaadiX/jitsi-meet/-/blob/master/manifests/jitsi.pp
### Privacy
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment