web: add ability to disable HTTPS

If TLS is terminated elsewhere and then connections are proxied over HTTP, there is no need for it and it makes initialization a tad slower on the first run.
2018-11-07 14:15:09 +01:00 · 2018-11-07 14:15:09 +01:00 · fcf83859e4
parent 5c988de8b6
commit fcf83859e4
5 changed files with 31 additions and 23 deletions
--- a/README.md
+++ b/README.md
@ -160,6 +160,7 @@ Variable | Description | Default value
 `JIGASI_BREWERY_MUC` | MUC name for the Jigasi pool | jigasibrewery
 `JIGASI_PORT_MIN` | Minimum port for media used by Jigasi | 20000
 `JIGASI_PORT_MAX` | Maximum port for media used by Jigasi | 20050
+`DISABLE_HTTPS` | Disable HTTPS, this can be useful if TLS connections are going to be handled outside of this setup | 1

 ### Running on a LAN environment

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -13,6 +13,7 @@ services:
            - ENABLE_AUTH
            - ENABLE_GUESTS
            - ENABLE_LETSENCRYPT
+            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
--- a/env.example
+++ b/env.example
@ -118,3 +118,6 @@ JIGASI_PORT_MIN=20000

 # Maximum port for media used by Jigasi.
 JIGASI_PORT_MAX=20050
+
+# Disable HTTPS. This can be useful if TLS connections are going to be handled outside of this setup.
+#DISABLE_HTTPS=1
--- a/web/rootfs/defaults/default
+++ b/web/rootfs/defaults/default
@ -4,9 +4,11 @@ server {
 	include /config/nginx/meet.conf;
 }

+{{ if not .Env.DISABLE_HTTPS }}
 server {
 	listen 443 ssl;

 	include /config/nginx/ssl.conf;
 	include /config/nginx/meet.conf;
 }
+{{ end }}
--- a/web/rootfs/etc/cont-init.d/10-config
+++ b/web/rootfs/etc/cont-init.d/10-config
@ -8,6 +8,7 @@ mkdir -p \
    /var/tmp/nginx

 # generate keys (maybe)
+if [[ $DISABLE_HTTPS -ne 1 ]]; then
    if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
        if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
            certbot certonly \
@ -29,6 +30,10 @@ else
            openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
        fi
    fi
+    if [[ ! -f /config/nginx/dhparams.pem ]]; then
+        openssl dhparam -out /config/nginx/dhparams.pem 2048
+    fi
+fi

 # copy config files
 if [[ ! -f /config/nginx/nginx.conf ]]; then
@ -43,12 +48,8 @@ if [[ ! -f /config/nginx/ssl.conf ]]; then
    tpl /defaults/ssl.conf > /config/nginx/ssl.conf
 fi

-if [ ! -f "/config/nginx/dhparams.pem" ]; then
-    openssl dhparam -out /config/nginx/dhparams.pem 2048
-fi
-
 if [[ ! -f /config/nginx/site-confs/default ]]; then
-    cp /defaults/default /config/nginx/site-confs/default
+    tpl /defaults/default > /config/nginx/site-confs/default
 fi

 if [[ ! -f /config/config.js ]]; then