Примечание
# openssl genrsa -out rootCA.key 2048
# openssl req -x509 -new -key rootCA.key -days 10000 -out rootCA.crt -subj "/C=RU/ST=Russia/L=Moscow/CN=SuperPlat CA Root"
# openssl genrsa -out jitsi2.test.alt.key 2048
# openssl req -new -key jitsi2.test.alt.key -out jitsi2.test.alt.csr -subj "/C=RU/L=Moscow/CN=jitsi2.test.alt"
# openssl x509 -req -in jitsi2.test.alt.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out jitsi2.test.alt.crt -days 5000
Signature ok
subject=C = RU, CN = jitsi2.test.alt
Getting CA Private Key
/etc/jitsi/meet/
:
#cp jitsi2.test.alt.crt /etc/jitsi/meet/
#cp jitsi2.test.alt.key /etc/jitsi/meet/
/etc/jitsi/meet/jitsi2.test.alt-config.js
на основе /usr/share/jitsi-meet-web-config/config.js
:
# cp /usr/share/jitsi-meet-web-config/config.js /etc/jitsi/meet/jitsi2.test.alt-config.js
Внести изменения в файл /etc/jitsi/meet/jitsi2.test.alt-config.js
в соответствии с настройками серверной части:
var config = { // Connection // hosts: { // XMPP domain. domain: 'jitsi2.test.alt', muc: 'conference.jitsi2.test.alt' }, // BOSH URL. FIXME: use XEP-0156 to discover it. bosh: '//jitsi2.test.alt/http-bind', // Websocket URL // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket', // The name of client node advertised in XEP-0115 'c' stanza clientNode: 'http://jitsi.org/jitsimeet', [...] }
/usr/share/doc/jitsi-meet-web-config-4109/jitsi-meet/jitsi-meet.example-apache
/etc/httpd2/conf/sites-available/jitsi2.test.alt.conf
на основе /usr/share/doc/jitsi-meet-web-config-4109/jitsi-meet/jitsi-meet.example-apache
:
# cp /usr/share/doc/jitsi-meet-web-config-4109/jitsi-meet/jitsi-meet.example-apache /etc/httpd2/conf/sites-available/jitsi2.test.alt.conf
/etc/httpd2/conf/sites-available/jitsi2.test.alt.conf
(изменить имя, указать сертификат):
<VirtualHost *:80> ServerName jitsi2.test.alt Redirect permanent / https://jitsi2.test.alt/ RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </VirtualHost> <VirtualHost *:443> ServerName jitsi2.test.alt SSLProtocol TLSv1 TLSv1.1 TLSv1.2 SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/jitsi/meet/jitsi2.test.alt.crt SSLCertificateKeyFile /etc/jitsi/meet/jitsi2.test.alt.key SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED" SSLHonorCipherOrder on Header set Strict-Transport-Security "max-age=31536000" DocumentRoot "/usr/share/jitsi-meet" <Directory "/usr/share/jitsi-meet"> Options Indexes MultiViews Includes FollowSymLinks AddOutputFilter Includes html AllowOverride All Order allow,deny Allow from all </Directory> ErrorDocument 404 /static/404.html Alias "/config.js" "/etc/jitsi/meet/jitsi2.test.alt-config.js" <Location /config.js> Require all granted </Location> Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js" <Location /external_api.js> Require all granted </Location> ProxyPreserveHost on ProxyPass /http-bind http://localhost:5280/http-bind/ ProxyPassReverse /http-bind http://localhost:5280/http-bind/ RewriteEngine on RewriteRule ^/([a-zA-Z0-9]+)$ /index.html </VirtualHost>
# apt-get install apache2-mod_ssl
#for mod in rewrite ssl headers proxy proxy_http; do a2enmod $mod; done
#a2enport https
#a2dissite 000-default
#a2dissite 000-default_https
# a2ensite jitsi2.test.alt
# systemctl enable --now httpd2