web: add ability to disable HTTPS
If TLS is terminated elsewhere and then connections are proxied over HTTP, there is no need for it and it makes initialization a tad slower on the first run.
This commit is contained in:
parent
5c988de8b6
commit
fcf83859e4
|
@ -160,6 +160,7 @@ Variable | Description | Default value
|
|||
`JIGASI_BREWERY_MUC` | MUC name for the Jigasi pool | jigasibrewery
|
||||
`JIGASI_PORT_MIN` | Minimum port for media used by Jigasi | 20000
|
||||
`JIGASI_PORT_MAX` | Maximum port for media used by Jigasi | 20050
|
||||
`DISABLE_HTTPS` | Disable HTTPS, this can be useful if TLS connections are going to be handled outside of this setup | 1
|
||||
|
||||
### Running on a LAN environment
|
||||
|
||||
|
|
|
@ -13,6 +13,7 @@ services:
|
|||
- ENABLE_AUTH
|
||||
- ENABLE_GUESTS
|
||||
- ENABLE_LETSENCRYPT
|
||||
- DISABLE_HTTPS
|
||||
- JICOFO_AUTH_USER
|
||||
- LETSENCRYPT_DOMAIN
|
||||
- LETSENCRYPT_EMAIL
|
||||
|
|
|
@ -118,3 +118,6 @@ JIGASI_PORT_MIN=20000
|
|||
|
||||
# Maximum port for media used by Jigasi.
|
||||
JIGASI_PORT_MAX=20050
|
||||
|
||||
# Disable HTTPS. This can be useful if TLS connections are going to be handled outside of this setup.
|
||||
#DISABLE_HTTPS=1
|
||||
|
|
|
@ -4,9 +4,11 @@ server {
|
|||
include /config/nginx/meet.conf;
|
||||
}
|
||||
|
||||
{{ if not .Env.DISABLE_HTTPS }}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
|
||||
include /config/nginx/ssl.conf;
|
||||
include /config/nginx/meet.conf;
|
||||
}
|
||||
{{ end }}
|
||||
|
|
|
@ -8,25 +8,30 @@ mkdir -p \
|
|||
/var/tmp/nginx
|
||||
|
||||
# generate keys (maybe)
|
||||
if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
|
||||
if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
|
||||
certbot certonly \
|
||||
--noninteractive \
|
||||
--standalone \
|
||||
--preferred-challenges http \
|
||||
-d $LETSENCRYPT_DOMAIN \
|
||||
--agree-tos \
|
||||
--email $LETSENCRYPT_EMAIL
|
||||
cp /defaults/letsencrypt-renew /etc/cron.monthly/
|
||||
fi
|
||||
else
|
||||
# use self-signed certs
|
||||
if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
|
||||
echo "using keys found in /config/keys"
|
||||
if [[ $DISABLE_HTTPS -ne 1 ]]; then
|
||||
if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
|
||||
if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
|
||||
certbot certonly \
|
||||
--noninteractive \
|
||||
--standalone \
|
||||
--preferred-challenges http \
|
||||
-d $LETSENCRYPT_DOMAIN \
|
||||
--agree-tos \
|
||||
--email $LETSENCRYPT_EMAIL
|
||||
cp /defaults/letsencrypt-renew /etc/cron.monthly/
|
||||
fi
|
||||
else
|
||||
echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required"
|
||||
SUBJECT="/C=US/ST=TX/L=Austin/O=jitsi.org/OU=Jitsi Server/CN=*"
|
||||
openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
|
||||
# use self-signed certs
|
||||
if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
|
||||
echo "using keys found in /config/keys"
|
||||
else
|
||||
echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required"
|
||||
SUBJECT="/C=US/ST=TX/L=Austin/O=jitsi.org/OU=Jitsi Server/CN=*"
|
||||
openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
|
||||
fi
|
||||
fi
|
||||
if [[ ! -f /config/nginx/dhparams.pem ]]; then
|
||||
openssl dhparam -out /config/nginx/dhparams.pem 2048
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -43,12 +48,8 @@ if [[ ! -f /config/nginx/ssl.conf ]]; then
|
|||
tpl /defaults/ssl.conf > /config/nginx/ssl.conf
|
||||
fi
|
||||
|
||||
if [ ! -f "/config/nginx/dhparams.pem" ]; then
|
||||
openssl dhparam -out /config/nginx/dhparams.pem 2048
|
||||
fi
|
||||
|
||||
if [[ ! -f /config/nginx/site-confs/default ]]; then
|
||||
cp /defaults/default /config/nginx/site-confs/default
|
||||
tpl /defaults/default > /config/nginx/site-confs/default
|
||||
fi
|
||||
|
||||
if [[ ! -f /config/config.js ]]; then
|
||||
|
|
Loading…
Reference in New Issue