jfinn
/
jitsi_mod
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3611 Commits
2 Branches
Tree: 33c92a31bf
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '33c92a31bf'
${ noResults }
jitsi_mod/resources/install-letsencrypt-cert.sh

install-letsencrypt-cert.sh 3.6KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 
  1. #!/bin/bash

  2. 

  3. set -e

  4. 

  5. DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname`

  6. DOMAIN="${DEB_CONF_RESULT##*:}"

  7. # remove whitespace

  8. DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"

  9. 

  10. echo "-------------------------------------------------------------------------"

  11. echo "This script will:"

  12. echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"

  13. echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"

  14. echo "- Install additional dependencies in order to request Let’s Encrypt certificate"

  15. echo "- If running with jetty serving web content, will stop Jitsi Videobridge"

  16. echo "- Configure and reload nginx or apache2, whichever is used"

  17. echo ""

  18. echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "

  19. echo "by providing an email address for important account notifications"

  20. 

  21. echo -n "Enter your email and press [ENTER]: "

  22. read EMAIL

  23. 

  24. cd /usr/local/sbin

  25. 

  26. if [ ! -f certbot-auto ] ; then

  27.   wget https://dl.eff.org/certbot-auto

  28.   chmod a+x ./certbot-auto

  29. fi

  30. 

  31. CRON_FILE="/etc/cron.weekly/letsencrypt-renew"

  32. echo "#!/bin/bash" > $CRON_FILE

  33. echo "/usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log" >> $CRON_FILE

  34. 

  35. CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"

  36. CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"

  37. 

  38. if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then

  39. 

  40.     ./certbot-auto certonly --noninteractive \

  41.     --webroot --webroot-path /usr/share/jitsi-meet \

  42.     -d $DOMAIN \

  43.     --agree-tos --email $EMAIL

  44. 

  45.     echo "Configuring nginx"

  46. 

  47.     CONF_FILE="/etc/nginx/sites-available/$DOMAIN.conf"

  48.     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')

  49.     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')

  50.     sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \

  51.         $CONF_FILE

  52.     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')

  53.     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')

  54.     sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \

  55.         $CONF_FILE

  56. 

  57.     echo "service nginx reload" >> $CRON_FILE

  58.     service nginx reload

  59. 

  60. elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then

  61. 

  62.     ./certbot-auto certonly --noninteractive \

  63.     --webroot --webroot-path /usr/share/jitsi-meet \

  64.     -d $DOMAIN \

  65.     --agree-tos --email $EMAIL

  66. 

  67.     echo "Configuring apache2"

  68. 

  69.     CONF_FILE="/etc/apache2/sites-available/$DOMAIN.conf"

  70.     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')

  71.     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')

  72.     sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \

  73.         $CONF_FILE

  74.     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')

  75.     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')

  76.     sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \

  77.         $CONF_FILE

  78. 

  79.     echo "service apache2 reload" >> $CRON_FILE

  80.     service apache2 reload

  81. else

  82.     service jitsi-videobridge stop

  83. 

  84.     ./certbot-auto certonly --noninteractive \

  85.     --standalone \

  86.     -d $DOMAIN \

  87.     --agree-tos --email $EMAIL

  88. 

  89.     echo "Configuring jetty"

  90. 

  91.     CERT_P12="/etc/jitsi/videobridge/$DOMAIN.p12"

  92.     CERT_JKS="/etc/jitsi/videobridge/$DOMAIN.jks"

  93.     # create jks from  certs

  94.     openssl pkcs12 -export \

  95.         -in $CERT_CRT -inkey $CERT_KEY -passout pass:changeit > $CERT_P12

  96.     keytool -importkeystore -destkeystore $CERT_JKS \

  97.         -srckeystore $CERT_P12 -srcstoretype pkcs12 \

  98.         -noprompt -storepass changeit -srcstorepass changeit

  99. 

  100.     service jitsi-videobridge start

  101. 

  102. fi

  103. 

  104. # the cron file that will renew certificates

  105. chmod a+x $CRON_FILE