jfinn
/
jitsi_mod
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7119 Commits
2 Branches
Tree: ceeea7314c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ceeea7314c'
${ noResults }
jitsi_mod/resources/install-letsencrypt-cert.sh

install-letsencrypt-cert.sh 4.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117 
  1. #!/bin/bash

  2. 

  3. set -e

  4. 

  5. DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname`

  6. DOMAIN="${DEB_CONF_RESULT##*:}"

  7. # remove whitespace

  8. DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"

  9. 

  10. echo "-------------------------------------------------------------------------"

  11. echo "This script will:"

  12. echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"

  13. echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"

  14. echo "- Install additional dependencies in order to request Let’s Encrypt certificate"

  15. echo "- If running with jetty serving web content, will stop Jitsi Videobridge"

  16. echo "- Configure and reload nginx or apache2, whichever is used"

  17. echo ""

  18. echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "

  19. echo "by providing an email address for important account notifications"

  20. 

  21. echo -n "Enter your email and press [ENTER]: "

  22. read EMAIL

  23. 

  24. cd /usr/local/sbin

  25. 

  26. if [ ! -f certbot-auto ] ; then

  27.   wget https://dl.eff.org/certbot-auto

  28.   chmod a+x ./certbot-auto

  29. fi

  30. 

  31. CRON_FILE="/etc/cron.weekly/letsencrypt-renew"

  32. if [ ! -d "/etc/cron.weekly" ] ; then

  33.     mkdir "/etc/cron.weekly"

  34. fi

  35. echo "#!/bin/bash" > $CRON_FILE

  36. echo "/usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log" >> $CRON_FILE

  37. 

  38. CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"

  39. CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"

  40. 

  41. if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then

  42. 

  43.     ./certbot-auto certonly --noninteractive \

  44.     --webroot --webroot-path /usr/share/jitsi-meet \

  45.     -d $DOMAIN \

  46.     --agree-tos --email $EMAIL

  47. 

  48.     echo "Configuring nginx"

  49. 

  50.     CONF_FILE="/etc/nginx/sites-available/$DOMAIN.conf"

  51.     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')

  52.     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')

  53.     sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \

  54.         $CONF_FILE

  55.     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')

  56.     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')

  57.     sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \

  58.         $CONF_FILE

  59. 

  60.     echo "service nginx reload" >> $CRON_FILE

  61.     service nginx reload

  62. 

  63.     TURN_CONFIG="/etc/turnserver.conf"

  64.     if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then

  65.         echo "Configuring turnserver"

  66.         sed -i "s/cert=\/etc\/jitsi\/meet\/.*crt/cert=$CERT_CRT_ESC/g" $TURN_CONFIG

  67.         sed -i "s/pkey=\/etc\/jitsi\/meet\/.*key/pkey=$CERT_KEY_ESC/g" $TURN_CONFIG

  68. 

  69.         echo "service coturn restart" >> $CRON_FILE

  70.         service coturn restart

  71.     fi

  72. elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then

  73. 

  74.     ./certbot-auto certonly --noninteractive \

  75.     --webroot --webroot-path /usr/share/jitsi-meet \

  76.     -d $DOMAIN \

  77.     --agree-tos --email $EMAIL

  78. 

  79.     echo "Configuring apache2"

  80. 

  81.     CONF_FILE="/etc/apache2/sites-available/$DOMAIN.conf"

  82.     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')

  83.     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')

  84.     sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \

  85.         $CONF_FILE

  86.     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')

  87.     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')

  88.     sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \

  89.         $CONF_FILE

  90. 

  91.     echo "service apache2 reload" >> $CRON_FILE

  92.     service apache2 reload

  93. else

  94.     service jitsi-videobridge stop

  95. 

  96.     ./certbot-auto certonly --noninteractive \

  97.     --standalone \

  98.     -d $DOMAIN \

  99.     --agree-tos --email $EMAIL

  100. 

  101.     echo "Configuring jetty"

  102. 

  103.     CERT_P12="/etc/jitsi/videobridge/$DOMAIN.p12"

  104.     CERT_JKS="/etc/jitsi/videobridge/$DOMAIN.jks"

  105.     # create jks from  certs

  106.     openssl pkcs12 -export \

  107.         -in $CERT_CRT -inkey $CERT_KEY -passout pass:changeit > $CERT_P12

  108.     keytool -importkeystore -destkeystore $CERT_JKS \

  109.         -srckeystore $CERT_P12 -srcstoretype pkcs12 \

  110.         -noprompt -storepass changeit -srcstorepass changeit

  111. 

  112.     service jitsi-videobridge start

  113. 

  114. fi

  115. 

  116. # the cron file that will renew certificates

  117. chmod a+x $CRON_FILE