security: add script to generate strong passwords
This commit is contained in:
parent
a015710e54
commit
1ffd472fba
|
@ -1,2 +1,3 @@
|
||||||
*.swp
|
*.swp
|
||||||
.env
|
.env
|
||||||
|
.env.bak
|
||||||
|
|
|
@ -34,7 +34,7 @@ follow these steps:
|
||||||
* `git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meet`
|
* `git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meet`
|
||||||
* Create a ``.env`` file by copying and adjusting ``env.example``
|
* Create a ``.env`` file by copying and adjusting ``env.example``
|
||||||
* `cp env.example .env`
|
* `cp env.example .env`
|
||||||
* Set strong passwords in the security section options, they ccan be generated with `openssl rand -hex 16`
|
* Set strong passwords in the security section options: `./gen-passwords.sh`
|
||||||
* Create required `CONFIG` directories
|
* Create required `CONFIG` directories
|
||||||
* `mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb,jigasi,jibri}`
|
* `mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb,jigasi,jibri}`
|
||||||
* Run ``docker-compose up -d``.
|
* Run ``docker-compose up -d``.
|
||||||
|
@ -58,7 +58,9 @@ or to use jigasi too: ``docker-compose -f docker-compose.yml -f jigasi.yml -f ji
|
||||||
This setup used to have default passwords for intetrnal accounts used across components. In order to make the default setup
|
This setup used to have default passwords for intetrnal accounts used across components. In order to make the default setup
|
||||||
secure by default these have been removed and the respective containers won't start without having a password set.
|
secure by default these have been removed and the respective containers won't start without having a password set.
|
||||||
|
|
||||||
Strong passwordds may be generated as follows: `openssl rand -hex 16`
|
Strong passwordds may be generated as follows: `./gen-passwords.sh`
|
||||||
|
This will modify your `.env` file (a backup is saved in `.env.backup`) andd set strong passwords for each of the
|
||||||
|
require options. Passwords are generated using `openssl rand -hex 16` .
|
||||||
|
|
||||||
DO NOT reuse any of the passwords.
|
DO NOT reuse any of the passwords.
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# Security
|
# Security
|
||||||
#
|
#
|
||||||
# Set these to strong passwords to avoid intruders from impersonating a service account
|
# Set these to strong passwords to avoid intruders from impersonating a service account
|
||||||
# Here is how to generate a good password: openssl rand -hex 16
|
|
||||||
# The service(s) won't start unless these are specified
|
# The service(s) won't start unless these are specified
|
||||||
|
# Running ./gen-passwords.sh will update .env with strong passwords
|
||||||
# You may skip the Jigasi and Jibri passwords if you are not using those
|
# You may skip the Jigasi and Jibri passwords if you are not using those
|
||||||
# DO NOT reuse passwords
|
# DO NOT reuse passwords
|
||||||
#
|
#
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
function generatePassword() {
|
||||||
|
openssl rand -hex 16
|
||||||
|
}
|
||||||
|
|
||||||
|
JICOFO_COMPONENT_SECRET=`generatePassword`
|
||||||
|
JICOFO_AUTH_PASSWORD=`generatePassword`
|
||||||
|
JVB_AUTH_PASSWORD=`generatePassword`
|
||||||
|
JIGASI_XMPP_PASSWORD=`generatePassword`
|
||||||
|
JIBRI_RECORDER_PASSWORD=`generatePassword`
|
||||||
|
JIBRI_XMPP_PASSWORD=`generatePassword`
|
||||||
|
|
||||||
|
sed -i ".bak" \
|
||||||
|
-e "s#JICOFO_COMPONENT_SECRET=.*#JICOFO_COMPONENT_SECRET=${JICOFO_COMPONENT_SECRET}#g" \
|
||||||
|
-e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
|
||||||
|
-e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
|
||||||
|
-e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \
|
||||||
|
-e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \
|
||||||
|
-e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \
|
||||||
|
.env
|
Loading…
Reference in New Issue