security: add script to generate strong passwords
This commit is contained in:
parent
a015710e54
commit
1ffd472fba
|
@ -1,2 +1,3 @@
|
|||
*.swp
|
||||
.env
|
||||
.env.bak
|
||||
|
|
|
@ -34,7 +34,7 @@ follow these steps:
|
|||
* `git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meet`
|
||||
* Create a ``.env`` file by copying and adjusting ``env.example``
|
||||
* `cp env.example .env`
|
||||
* Set strong passwords in the security section options, they ccan be generated with `openssl rand -hex 16`
|
||||
* Set strong passwords in the security section options: `./gen-passwords.sh`
|
||||
* Create required `CONFIG` directories
|
||||
* `mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb,jigasi,jibri}`
|
||||
* Run ``docker-compose up -d``.
|
||||
|
@ -58,7 +58,9 @@ or to use jigasi too: ``docker-compose -f docker-compose.yml -f jigasi.yml -f ji
|
|||
This setup used to have default passwords for intetrnal accounts used across components. In order to make the default setup
|
||||
secure by default these have been removed and the respective containers won't start without having a password set.
|
||||
|
||||
Strong passwordds may be generated as follows: `openssl rand -hex 16`
|
||||
Strong passwordds may be generated as follows: `./gen-passwords.sh`
|
||||
This will modify your `.env` file (a backup is saved in `.env.backup`) andd set strong passwords for each of the
|
||||
require options. Passwords are generated using `openssl rand -hex 16` .
|
||||
|
||||
DO NOT reuse any of the passwords.
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
# Security
|
||||
#
|
||||
# Set these to strong passwords to avoid intruders from impersonating a service account
|
||||
# Here is how to generate a good password: openssl rand -hex 16
|
||||
# The service(s) won't start unless these are specified
|
||||
# Running ./gen-passwords.sh will update .env with strong passwords
|
||||
# You may skip the Jigasi and Jibri passwords if you are not using those
|
||||
# DO NOT reuse passwords
|
||||
#
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
function generatePassword() {
|
||||
openssl rand -hex 16
|
||||
}
|
||||
|
||||
JICOFO_COMPONENT_SECRET=`generatePassword`
|
||||
JICOFO_AUTH_PASSWORD=`generatePassword`
|
||||
JVB_AUTH_PASSWORD=`generatePassword`
|
||||
JIGASI_XMPP_PASSWORD=`generatePassword`
|
||||
JIBRI_RECORDER_PASSWORD=`generatePassword`
|
||||
JIBRI_XMPP_PASSWORD=`generatePassword`
|
||||
|
||||
sed -i ".bak" \
|
||||
-e "s#JICOFO_COMPONENT_SECRET=.*#JICOFO_COMPONENT_SECRET=${JICOFO_COMPONENT_SECRET}#g" \
|
||||
-e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
|
||||
-e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
|
||||
-e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \
|
||||
-e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \
|
||||
-e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \
|
||||
.env
|
Loading…
Reference in New Issue