jfinn
/
jitsi_corner8
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Updates prosody config to have certificates for the auth. domain. 

The certificates are generated on new install or upgrade and added to the current configuration and also to the trusted certificates on the local machine.
j8
damencho 8 years ago
parent
d4d2cb4aad
commit
3e1cd6151d
1 changed files with 26 additions and 23 deletions
Unified View Show Diff Stats
  1. 26
    23
      debian/jitsi-meet-prosody.postinst

+ 26
- 23
debian/jitsi-meet-prosody.postinst View File

103 
                 echo -e "\nInclude \"conf.d/*.cfg.lua\"" >> $PROSODY_CONFIG_OLD
 103 
                 echo -e "\nInclude \"conf.d/*.cfg.lua\"" >> $PROSODY_CONFIG_OLD
104 
             fi
 104 
             fi
105 
         fi
 105 
         fi
106 
-        # UPGRADE to server side focus check if focus is configured
107 
-        if [ -f $PROSODY_HOST_CONFIG ] && ! grep -q "VirtualHost \"$JICOFO_AUTH_DOMAIN\"" $PROSODY_HOST_CONFIG; then
108 
-            echo -e "\nVirtualHost \"$JICOFO_AUTH_DOMAIN\"" >> $PROSODY_HOST_CONFIG
109 
-            echo -e "        authentication = \"internal_plain\"\n" >> $PROSODY_HOST_CONFIG
110 
-            sed -i "s/Component \"conference.$JVB_HOSTNAME\" \"muc\"/Component \"conference.$JVB_HOSTNAME\" \"muc\"\nadmins = { \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\" }\n/g" $PROSODY_HOST_CONFIG
111 
-            echo -e "Component \"focus.$JVB_HOSTNAME\"" >> $PROSODY_HOST_CONFIG
112 
-            echo -e "    component_secret=\"$JICOFO_SECRET\"\n" >> $PROSODY_HOST_CONFIG
113 
-            PROSODY_CREATE_JICOFO_USER="true"
114 
-        # UPGRADE to server side focus on old config(/etc/prosody/prosody.cfg.lua)
115 
-        elif [ ! -f $PROSODY_HOST_CONFIG ] && ! grep -q "VirtualHost \"$JICOFO_AUTH_DOMAIN\"" $PROSODY_CONFIG_OLD; then
116 
-            echo -e "\nVirtualHost \"$JICOFO_AUTH_DOMAIN\"" >> $PROSODY_CONFIG_OLD
117 
-            echo -e "        authentication = \"internal_plain\"\n" >> $PROSODY_CONFIG_OLD
118 
-            if ! grep -q "admins = { }" $PROSODY_CONFIG_OLD; then
119 
-                echo -e "admins = { \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\" }\n" >> $PROSODY_CONFIG_OLD
120 
-            else
121 
-                sed -i "s/admins = { }/admins = { \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\" }\n/g" $PROSODY_CONFIG_OLD
122 
-            fi
123 
-            echo -e "Component \"focus.$JVB_HOSTNAME\"" >> $PROSODY_CONFIG_OLD
124 
-            echo -e "    component_secret=\"$JICOFO_SECRET\"\n" >> $PROSODY_CONFIG_OLD
125 
-            PROSODY_CREATE_JICOFO_USER="true"
126 
-        fi
127
106
128 
         if [ "$PROSODY_CREATE_JICOFO_USER" = "true" ]; then
 107 
         if [ "$PROSODY_CREATE_JICOFO_USER" = "true" ]; then
129 
             # create 'focus@auth.domain' prosody user
 108 
             # create 'focus@auth.domain' prosody user
139 
                 "/O=$DOMAIN/OU=$HOST/CN=$JVB_HOSTNAME/emailAddress=webmaster@$HOST.$DOMAIN" \
 118 
                 "/O=$DOMAIN/OU=$HOST/CN=$JVB_HOSTNAME/emailAddress=webmaster@$HOST.$DOMAIN" \
140 
                 -keyout /var/lib/prosody/$JVB_HOSTNAME.key \
 119 
                 -keyout /var/lib/prosody/$JVB_HOSTNAME.key \
141 
                 -out /var/lib/prosody/$JVB_HOSTNAME.crt
 120 
                 -out /var/lib/prosody/$JVB_HOSTNAME.crt
121 
+            ln -sf /var/lib/prosody/$JVB_HOSTNAME.key /etc/prosody/certs/$JVB_HOSTNAME.key
122 
+            ln -sf /var/lib/prosody/$JVB_HOSTNAME.crt /etc/prosody/certs/$JVB_HOSTNAME.crt
123 
+        fi
124 
+
125 
+        if [ ! -f /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt ]; then
126 
+            HOST="$( (hostname -s; echo localhost) | head -n 1)"
127 
+            DOMAIN="$( (hostname -d; echo localdomain) | head -n 1)"
128 
+            openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj \
129 
+                "/O=$DOMAIN/OU=$HOST/CN=$JICOFO_AUTH_DOMAIN/emailAddress=webmaster@$HOST.$DOMAIN" \
130 
+                -keyout /var/lib/prosody/$JICOFO_AUTH_DOMAIN.key \
131 
+                -out /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt
132 
+
133 
+            AUTH_KEY_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.key"
134 
+            AUTH_CRT_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.crt"
135 
+
136 
+            ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.key $AUTH_KEY_FILE
137 
+            ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt $AUTH_CRT_FILE
138 
+            ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.crt
139 
+
140 
+            update-ca-certificates
141 
+
142 
+            # now let's add the ssl cert for the auth. domain (we use # as a sed delimiter cause filepaths are confused with default / delimiter)
143 
+            sed -i "s#VirtualHost \"$JICOFO_AUTH_DOMAIN\"#VirtualHost \"$JICOFO_AUTH_DOMAIN\"\n    ssl = {\n        key = \"$AUTH_KEY_FILE\";\n        certificate = \"$AUTH_CRT_FILE\";\n    \}#g" $PROSODY_HOST_CONFIG
144 
+
145 
+            # trigger a restart
146 
+            PROSODY_CONFIG_PRESENT="false"
142 
         fi
 147 
         fi
143 
-        ln -sf /var/lib/prosody/$JVB_HOSTNAME.key /etc/prosody/certs/$JVB_HOSTNAME.key
144 
-        ln -sf /var/lib/prosody/$JVB_HOSTNAME.crt /etc/prosody/certs/$JVB_HOSTNAME.crt
145
148
146 
         if [ "$PROSODY_CONFIG_PRESENT" = "false" ]; then
 149 
         if [ "$PROSODY_CONFIG_PRESENT" = "false" ]; then
147 
             invoke-rc.d prosody restart
 150 
             invoke-rc.d prosody restart

Write Preview
Loading…
Cancel
Save