mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-10-24 00:53:23 +00:00
Merge pull request #444 from teutat3s/jitsi_security_update
Jitsi security update
This commit is contained in:
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,4 +1,5 @@
|
||||
/inventory/*
|
||||
!/inventory/.gitkeep
|
||||
!/inventory/host_vars/.gitkeep
|
||||
!/inventory/scripts
|
||||
/roles/*/files/scratchpad
|
||||
|
@@ -25,6 +25,17 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||
matrix_jitsi_enabled: true
|
||||
```
|
||||
|
||||
## Securing your Jitsi instance with strong passwords
|
||||
|
||||
Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance.
|
||||
Execute the following commands in your terminal from the root of this repo:
|
||||
```bash
|
||||
cd inventory/scripts
|
||||
bash generate-jitsi-passwords.sh
|
||||
```
|
||||
|
||||
The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration.
|
||||
|
||||
## (Optional) configure internal Jitsi authentication and guests mode
|
||||
|
||||
By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration.
|
||||
|
50
inventory/scripts/generate-jitsi-passwords.sh
Executable file
50
inventory/scripts/generate-jitsi-passwords.sh
Executable file
@@ -0,0 +1,50 @@
|
||||
#!/usr/bin/env bash
|
||||
# This is a bash script for generating strong passwords for the Jitsi role in this ansible project:
|
||||
# https://github.com/spantaleev/matrix-docker-ansible-deploy
|
||||
|
||||
# This script assumes that you followed the documentation at https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md and created a folder in the source code's directory like this: 'mkdir inventory/host_vars/matrix.<your-domain>'
|
||||
# it will put the generated passwords for Jitsi at the end of the vars.yml file in that directory
|
||||
|
||||
function generatePassword() {
|
||||
openssl rand -hex 16
|
||||
}
|
||||
|
||||
# helper function to get the matrix domain in the host_vars directory
|
||||
function get_domain_dir() {
|
||||
counter=0
|
||||
|
||||
for f in *; do
|
||||
counter=$(( counter + 1 ))
|
||||
if [ ! -d "$f" ]; then
|
||||
echo "Error: could not find directory 'matrix.your.domain'"
|
||||
echo "Did you create it already? Please first setup your matrix homeserver before running this script."
|
||||
echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md"
|
||||
exit 1
|
||||
elif [[ "$counter" -gt 1 ]]; then
|
||||
echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected."
|
||||
echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook."
|
||||
echo "Cannot continue script, exiting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Will not set domain if zero or multiple directories are detected
|
||||
domain=$f
|
||||
done
|
||||
}
|
||||
|
||||
cd ../host_vars
|
||||
get_domain_dir
|
||||
|
||||
JICOFO_COMPONENT_SECRET=$(generatePassword)
|
||||
JICOFO_AUTH_PASSWORD=$(generatePassword)
|
||||
JVB_AUTH_PASSWORD=$(generatePassword)
|
||||
JIBRI_RECORDER_PASSWORD=$(generatePassword)
|
||||
JIBRI_XMPP_PASSWORD=$(generatePassword)
|
||||
|
||||
echo "" >> ../host_vars/${domain}/vars.yml
|
||||
echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml
|
||||
echo "matrix_jitsi_jicofo_component_secret: $JICOFO_COMPONENT_SECRET" >> ../host_vars/${domain}/vars.yml
|
||||
echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml
|
||||
echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml
|
||||
echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" >> ../host_vars/${domain}/vars.yml
|
||||
echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" >> ../host_vars/${domain}/vars.yml
|
@@ -28,7 +28,7 @@ matrix_jitsi_jibri_recorder_user: recorder
|
||||
matrix_jitsi_jibri_recorder_password: recorder-password
|
||||
|
||||
|
||||
matrix_jitsi_web_docker_image: "jitsi/web:4101"
|
||||
matrix_jitsi_web_docker_image: "jitsi/web:4384"
|
||||
matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
|
||||
@@ -73,7 +73,7 @@ matrix_jitsi_web_interface_config_show_powered_by: false
|
||||
matrix_jitsi_web_interface_config_disable_transcription_subtitles: false
|
||||
matrix_jisti_web_interface_config_show_deep_linking_image: false
|
||||
|
||||
matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101"
|
||||
matrix_jitsi_prosody_docker_image: "jitsi/prosody:4384"
|
||||
matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
|
||||
@@ -86,7 +86,7 @@ matrix_jitsi_prosody_container_extra_arguments: []
|
||||
matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
|
||||
|
||||
|
||||
matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101"
|
||||
matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4384"
|
||||
matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
|
||||
@@ -103,7 +103,7 @@ matrix_jitsi_jicofo_auth_user: focus
|
||||
matrix_jitsi_jicofo_auth_password: passw0rd
|
||||
|
||||
|
||||
matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101"
|
||||
matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384"
|
||||
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
|
||||
|
Reference in New Issue
Block a user