Interanet/jitsi-meet-deployment
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
acaea22233708d9367a1f882bd608941c551cb19
jitsi-meet-deployment/web/rootfs/etc/cont-init.d/10-config
HighwayStar 8fd3d5952b web: Added LETSENCRYPT_ACME_SERVER environment variable 
You can set it when default zerossl doesnt work for you.
For example your server located in the country blocked by ZeroSSL.
2025-03-06 10:35:28 +01:00

143 lines
5.4 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/with-contenv bash
# make our folders
mkdir -p \
/config/{nginx/site-confs,keys} \
/run \
/var/lib/nginx/tmp/client_body \
/var/tmp/nginx
# generate keys (maybe)
if [[ $DISABLE_HTTPS -ne 1 ]]; then
if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
mkdir -p /config/acme.sh
pushd /opt
sh ./acme.sh --install --home /config/acme.sh --accountemail $LETSENCRYPT_EMAIL
popd
STAGING=""
if [[ $LETSENCRYPT_USE_STAGING -eq 1 ]]; then
STAGING="--staging"
fi
ACME_SERVER=""
if [[ ! -z $LETSENCRYPT_ACME_SERVER ]]; then
ACME_SERVER="--set-default-ca --server $LETSENCRYPT_ACME_SERVER"
echo "Using custom ACME server: $LETSENCRYPT_ACME_SERVER"
fi
export LE_WORKING_DIR="/config/acme.sh"
# TODO: move away from standalone mode to webroot mode.
/config/acme.sh/acme.sh \
$STAGING \
$ACME_SERVER \
--issue \
--standalone \
--pre-hook "if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -d /var/run/s6/services/nginx; fi" \
--post-hook "if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -u /var/run/s6/services/nginx; fi" \
-d $LETSENCRYPT_DOMAIN
rc=$?
if [[ $rc -eq 1 ]]; then
echo "Failed to obtain a certificate from the Let's Encrypt CA."
# this tries to get the user's attention and to spare the
# authority's rate limit:
sleep 15
echo "Exiting."
exit 1
fi
if [[ $rc -eq 0 ]]; then
mkdir -p /config/acme-certs/$LETSENCRYPT_DOMAIN
if ! /config/acme.sh/acme.sh \
--install-cert -d $LETSENCRYPT_DOMAIN \
--key-file /config/acme-certs/$LETSENCRYPT_DOMAIN/key.pem \
--fullchain-file /config/acme-certs/$LETSENCRYPT_DOMAIN/fullchain.pem ; then
echo "Failed to install certificate."
# this tries to get the user's attention and to spare the
# authority's rate limit:
sleep 15
echo "Exiting."
exit 1
fi
fi
else
# use self-signed certs
if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
echo "using keys found in /config/keys"
else
echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required"
SUBJECT="/C=US/ST=TX/L=Austin/O=jitsi.org/OU=Jitsi Server/CN=*"
openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
fi
fi
fi
# Detect nameserver for Nginx, if not specified.
if [[ -z "$NGINX_RESOLVER" ]]; then
IP_LIST=""
# Parse IPs in /etc/resolv.conf, taking into account IPv6 addresses need to be
# enclosed in square brackets for the Nginx config file.
while read -r line; do
if [[ $line =~ ^nameserver.* ]]; then
IP=$(echo $line | cut -d" " -f2)
COLONS=$(echo $IP | tr -dc ":" | awk '{ print length '})
if [[ $COLONS -ge 2 ]]; then
IP="[$IP]"
fi
if [[ ! "$IP_LIST" = "" ]]; then
IP_LIST+=" "
fi
IP_LIST+="$IP"
fi
done < <(cat /etc/resolv.conf)
export NGINX_RESOLVER=$IP_LIST
fi
echo "Using Nginx resolver: =$NGINX_RESOLVER="
# colibri-ws settings
COLIBRI_WEBSOCKET_UNSAFE_REGEX="[a-zA-Z0-9-\._]+"
# use custom websocket regex if provided
if [ -z "$COLIBRI_WEBSOCKET_REGEX" ]; then
# default to the previous unsafe behavior only if flag is set
if [[ "$ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX" == "1" ]]; then
export COLIBRI_WEBSOCKET_REGEX="$COLIBRI_WEBSOCKET_UNSAFE_REGEX"
else
# default value to the JVB IP, works in compose and anywhere a dns lookup of the JVB reveals the correct IP for proxying
[ -z "$COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME" ] && export COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME="jvb"
if [[ "$DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP" == "1" ]]; then
# otherwise value default to the static value in the template 'jvb'
echo "WARNING: DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP is set and no value for COLIBRI_WEBSOCKET_REGEX was provided, using static value 'jvb' for COLIBRI_WEBSOCKET_REGEX"
else
export COLIBRI_WEBSOCKET_REGEX="$(dig +short +search $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME)"
fi
fi
fi
# maintain backward compatibility with older variable
[ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
# copy config files
tpl /defaults/nginx.conf > /config/nginx/nginx.conf
tpl /defaults/meet.conf > /config/nginx/meet.conf
if [[ -f /config/nginx/custom-meet.conf ]]; then
cat /config/nginx/custom-meet.conf >> /config/nginx/meet.conf
fi
tpl /defaults/ssl.conf > /config/nginx/ssl.conf
tpl /defaults/default > /config/nginx/site-confs/default
tpl /defaults/system-config.js > /config/config.js
tpl /defaults/settings-config.js >> /config/config.js
if [[ -f /config/custom-config.js ]]; then
cat /config/custom-config.js >> /config/config.js
fi
cp /defaults/interface_config.js /config/interface_config.js
if [[ -f /config/custom-interface_config.js ]]; then
cat /config/custom-interface_config.js >> /config/interface_config.js
fi
Reference in New Issue View Git Blame Copy Permalink