security: add script to generate strong passwords

.gitignore

@@ -1,2 +1,3 @@
 *.swp
 .env
+.env.bak

README.md

@@ -34,7 +34,7 @@ follow these steps:
   * `git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meet`
 * Create a ``.env`` file by copying and adjusting ``env.example``
   * `cp env.example .env`
-  * Set strong passwords in the security section options, they ccan be generated with `openssl rand -hex 16`
+  * Set strong passwords in the security section options: `./gen-passwords.sh`
 * Create required `CONFIG` directories
   * `mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb,jigasi,jibri}`
 * Run ``docker-compose up -d``.
@@ -58,7 +58,9 @@ or to use jigasi too: ``docker-compose -f docker-compose.yml -f jigasi.yml -f ji
 This setup used to have default passwords for intetrnal accounts used across components. In order to make the default setup
 secure by default these have been removed and the respective containers won't start without having a password set.
 
-Strong passwordds may be generated as follows: `openssl rand -hex 16`
+Strong passwordds may be generated as follows: `./gen-passwords.sh`
+This will modify your `.env` file (a backup is saved in `.env.backup`) andd set strong passwords for each of the
+require options. Passwords are  generated using `openssl rand -hex 16` .
 
 DO NOT reuse any of the passwords.
 

env.example

@@ -1,8 +1,8 @@
 # Security
 #
 # Set these to strong passwords to avoid intruders from impersonating a service account
-# Here is how to generate a good password: openssl rand -hex 16
 # The service(s) won't start unless these are specified
+# Running ./gen-passwords.sh will update .env with strong passwords
 # You may skip the Jigasi and Jibri passwords if you are not using those
 # DO NOT reuse passwords
 #

get-passwords.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+function generatePassword() {
+    openssl rand -hex 16
+}
+
+JICOFO_COMPONENT_SECRET=`generatePassword`
+JICOFO_AUTH_PASSWORD=`generatePassword`
+JVB_AUTH_PASSWORD=`generatePassword`
+JIGASI_XMPP_PASSWORD=`generatePassword`
+JIBRI_RECORDER_PASSWORD=`generatePassword`
+JIBRI_XMPP_PASSWORD=`generatePassword`
+
+sed -i ".bak" \
+    -e "s#JICOFO_COMPONENT_SECRET=.*#JICOFO_COMPONENT_SECRET=${JICOFO_COMPONENT_SECRET}#g" \
+    -e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
+    -e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
+    -e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \
+    -e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \
+    -e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \
+    .env