mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 18:13:23 +00:00 
			
		
		
		
	Merge pull request #444 from teutat3s/jitsi_security_update
Jitsi security update
This commit is contained in:
		
							
								
								
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -1,4 +1,5 @@ | |||||||
| /inventory/* | /inventory/* | ||||||
| !/inventory/.gitkeep | !/inventory/.gitkeep | ||||||
| !/inventory/host_vars/.gitkeep | !/inventory/host_vars/.gitkeep | ||||||
|  | !/inventory/scripts | ||||||
| /roles/*/files/scratchpad | /roles/*/files/scratchpad | ||||||
|   | |||||||
| @@ -25,6 +25,17 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: | |||||||
| matrix_jitsi_enabled: true | matrix_jitsi_enabled: true | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | ## Securing your Jitsi instance with strong passwords | ||||||
|  |  | ||||||
|  | Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance. | ||||||
|  | Execute the following commands in your terminal from the root of this repo: | ||||||
|  | ```bash | ||||||
|  | cd inventory/scripts | ||||||
|  | bash generate-jitsi-passwords.sh | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration. | ||||||
|  |  | ||||||
| ## (Optional) configure internal Jitsi authentication and guests mode | ## (Optional) configure internal Jitsi authentication and guests mode | ||||||
|  |  | ||||||
| By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration. | By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration. | ||||||
|   | |||||||
							
								
								
									
										50
									
								
								inventory/scripts/generate-jitsi-passwords.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										50
									
								
								inventory/scripts/generate-jitsi-passwords.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,50 @@ | |||||||
|  | #!/usr/bin/env bash | ||||||
|  | # This is a bash script for generating strong passwords for the Jitsi role in this ansible project: | ||||||
|  | # https://github.com/spantaleev/matrix-docker-ansible-deploy | ||||||
|  |  | ||||||
|  | # This script assumes that you followed the documentation at https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md and created a folder in the source code's directory like this: 'mkdir inventory/host_vars/matrix.<your-domain>' | ||||||
|  | # it will put the generated passwords for Jitsi at the end of the vars.yml file in that directory | ||||||
|  |  | ||||||
|  | function generatePassword() { | ||||||
|  |     openssl rand -hex 16 | ||||||
|  | } | ||||||
|  |  | ||||||
|  | # helper function to get the matrix domain in the host_vars directory | ||||||
|  | function get_domain_dir() { | ||||||
|  | 	counter=0 | ||||||
|  |  | ||||||
|  | 	for f in *; do | ||||||
|  | 	    counter=$(( counter + 1 )) | ||||||
|  | 	    if [ ! -d "$f" ]; then | ||||||
|  |             echo "Error: could not find directory 'matrix.your.domain'" | ||||||
|  |             echo "Did you create it already? Please first setup your matrix homeserver before running this script." | ||||||
|  |             echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" | ||||||
|  |             exit 1 | ||||||
|  |         elif [[ "$counter" -gt 1 ]]; then | ||||||
|  |             echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." | ||||||
|  |             echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." | ||||||
|  |             echo "Cannot continue script, exiting." | ||||||
|  |             exit 1 | ||||||
|  |         fi | ||||||
|  |  | ||||||
|  | 	    # Will not set domain if zero or multiple directories are detected | ||||||
|  | 	    domain=$f | ||||||
|  | 	done | ||||||
|  | } | ||||||
|  |  | ||||||
|  | cd ../host_vars | ||||||
|  | get_domain_dir | ||||||
|  |  | ||||||
|  | JICOFO_COMPONENT_SECRET=$(generatePassword) | ||||||
|  | JICOFO_AUTH_PASSWORD=$(generatePassword) | ||||||
|  | JVB_AUTH_PASSWORD=$(generatePassword) | ||||||
|  | JIBRI_RECORDER_PASSWORD=$(generatePassword) | ||||||
|  | JIBRI_XMPP_PASSWORD=$(generatePassword) | ||||||
|  |  | ||||||
|  | echo "" >> ../host_vars/${domain}/vars.yml | ||||||
|  | echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml | ||||||
|  | echo "matrix_jitsi_jicofo_component_secret: $JICOFO_COMPONENT_SECRET" >> ../host_vars/${domain}/vars.yml | ||||||
|  | echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml | ||||||
|  | echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml | ||||||
|  | echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" >> ../host_vars/${domain}/vars.yml | ||||||
|  | echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" >> ../host_vars/${domain}/vars.yml | ||||||
| @@ -28,7 +28,7 @@ matrix_jitsi_jibri_recorder_user: recorder | |||||||
| matrix_jitsi_jibri_recorder_password: recorder-password | matrix_jitsi_jibri_recorder_password: recorder-password | ||||||
|  |  | ||||||
|  |  | ||||||
| matrix_jitsi_web_docker_image: "jitsi/web:4101" | matrix_jitsi_web_docker_image: "jitsi/web:4384" | ||||||
| matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" | matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" | matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" | ||||||
| @@ -73,7 +73,7 @@ matrix_jitsi_web_interface_config_show_powered_by: false | |||||||
| matrix_jitsi_web_interface_config_disable_transcription_subtitles: false | matrix_jitsi_web_interface_config_disable_transcription_subtitles: false | ||||||
| matrix_jisti_web_interface_config_show_deep_linking_image: false | matrix_jisti_web_interface_config_show_deep_linking_image: false | ||||||
|  |  | ||||||
| matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101" | matrix_jitsi_prosody_docker_image: "jitsi/prosody:4384" | ||||||
| matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" | matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" | matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" | ||||||
| @@ -86,7 +86,7 @@ matrix_jitsi_prosody_container_extra_arguments: [] | |||||||
| matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] | matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] | ||||||
|  |  | ||||||
|  |  | ||||||
| matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101" | matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4384" | ||||||
| matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" | matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" | matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" | ||||||
| @@ -103,7 +103,7 @@ matrix_jitsi_jicofo_auth_user: focus | |||||||
| matrix_jitsi_jicofo_auth_password: passw0rd | matrix_jitsi_jicofo_auth_password: passw0rd | ||||||
|  |  | ||||||
|  |  | ||||||
| matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101" | matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384" | ||||||
| matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" | matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" | matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user