Permalink
Switch branches/tags
stable/jitsi-meet_3383 stable/jitsi-meet_3344 stable/jitsi-meet_3229 stable/jitsi-meet_3135 stable/jitsi-meet_2988 jitsi-meet_3389 jitsi-meet_3388 jitsi-meet_3387 jitsi-meet_3386 jitsi-meet_3385 jitsi-meet_3384 jitsi-meet_3383 jitsi-meet_3382 jitsi-meet_3381 jitsi-meet_3380 jitsi-meet_3379 jitsi-meet_3378 jitsi-meet_3377 jitsi-meet_3376 jitsi-meet_3375 jitsi-meet_3374 jitsi-meet_3373 jitsi-meet_3372 jitsi-meet_3371 jitsi-meet_3370 jitsi-meet_3369 jitsi-meet_3368 jitsi-meet_3367 jitsi-meet_3366 jitsi-meet_3365 jitsi-meet_3364 jitsi-meet_3363 jitsi-meet_3362 jitsi-meet_3361 jitsi-meet_3360 jitsi-meet_3359 jitsi-meet_3358 jitsi-meet_3357 jitsi-meet_3356 jitsi-meet_3355 jitsi-meet_3354 jitsi-meet_3353 jitsi-meet_3352 jitsi-meet_3351 jitsi-meet_3350 jitsi-meet_3349 jitsi-meet_3348 jitsi-meet_3347 jitsi-meet_3346 jitsi-meet_3345 jitsi-meet_3344 jitsi-meet_3343 jitsi-meet_3342 jitsi-meet_3341 jitsi-meet_3340 jitsi-meet_3339 jitsi-meet_3338 jitsi-meet_3337 jitsi-meet_3336 jitsi-meet_3335 jitsi-meet_3334 jitsi-meet_3333 jitsi-meet_3332 jitsi-meet_3331 jitsi-meet_3330 jitsi-meet_3329 jitsi-meet_3328 jitsi-meet_3327 jitsi-meet_3326 jitsi-meet_3325 jitsi-meet_3324 jitsi-meet_3323 jitsi-meet_3322 jitsi-meet_3321 jitsi-meet_3320 jitsi-meet_3319 jitsi-meet_3318 jitsi-meet_3317 jitsi-meet_3316 jitsi-meet_3315 jitsi-meet_3314 jitsi-meet_3313 jitsi-meet_3312 jitsi-meet_3311 jitsi-meet_3310 jitsi-meet_3309 jitsi-meet_3308 jitsi-meet_3307 jitsi-meet_3306 jitsi-meet_3305 jitsi-meet_3304 jitsi-meet_3303 jitsi-meet_3302 jitsi-meet_3301 jitsi-meet_3300 jitsi-meet_3299 jitsi-meet_3298 jitsi-meet_3297 jitsi-meet_3296 jitsi-meet_3295
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 106 lines (81 sloc) 3.64 KB
#!/bin/bash
set -e
DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname`
DOMAIN="${DEB_CONF_RESULT##*:}"
# remove whitespace
DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"
echo "-------------------------------------------------------------------------"
echo "This script will:"
echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"
echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"
echo "- Install additional dependencies in order to request Let’s Encrypt certificate"
echo "- If running with jetty serving web content, will stop Jitsi Videobridge"
echo "- Configure and reload nginx or apache2, whichever is used"
echo ""
echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "
echo "by providing an email address for important account notifications"
echo -n "Enter your email and press [ENTER]: "
read EMAIL
cd /usr/local/sbin
if [ ! -f certbot-auto ] ; then
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
fi
CRON_FILE="/etc/cron.weekly/letsencrypt-renew"
echo "#!/bin/bash" > $CRON_FILE
echo "/usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log" >> $CRON_FILE
CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
./certbot-auto certonly --noninteractive \
--webroot --webroot-path /usr/share/jitsi-meet \
-d $DOMAIN \
--agree-tos --email $EMAIL
echo "Configuring nginx"
CONF_FILE="/etc/nginx/sites-available/$DOMAIN.conf"
CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \
$CONF_FILE
CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \
$CONF_FILE
echo "service nginx reload" >> $CRON_FILE
service nginx reload
elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
./certbot-auto certonly --noninteractive \
--webroot --webroot-path /usr/share/jitsi-meet \
-d $DOMAIN \
--agree-tos --email $EMAIL
echo "Configuring apache2"
CONF_FILE="/etc/apache2/sites-available/$DOMAIN.conf"
CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \
$CONF_FILE
CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \
$CONF_FILE
echo "service apache2 reload" >> $CRON_FILE
service apache2 reload
else
service jitsi-videobridge stop
./certbot-auto certonly --noninteractive \
--standalone \
-d $DOMAIN \
--agree-tos --email $EMAIL
echo "Configuring jetty"
CERT_P12="/etc/jitsi/videobridge/$DOMAIN.p12"
CERT_JKS="/etc/jitsi/videobridge/$DOMAIN.jks"
# create jks from certs
openssl pkcs12 -export \
-in $CERT_CRT -inkey $CERT_KEY -passout pass:changeit > $CERT_P12
keytool -importkeystore -destkeystore $CERT_JKS \
-srckeystore $CERT_P12 -srcstoretype pkcs12 \
-noprompt -storepass changeit -srcstorepass changeit
service jitsi-videobridge start
fi
# the cron file that will renew certificates
chmod a+x $CRON_FILE