From f9d39f1c0cdb1f73000a254a43792d9c00f61f2b Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 8 Apr 2020 01:59:30 +0200 Subject: [PATCH 1/3] update Jitsi, add generate-jitsi-passwords script --- .gitignore | 1 + docs/configuring-playbook-jitsi.md | 11 ++++ inventory/scripts/generate-jitsi-passwords.sh | 50 +++++++++++++++++++ roles/matrix-jitsi/defaults/main.yml | 8 +-- 4 files changed, 66 insertions(+), 4 deletions(-) create mode 100755 inventory/scripts/generate-jitsi-passwords.sh diff --git a/.gitignore b/.gitignore index e3f61b55f..32ab139fa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ /inventory/* !/inventory/.gitkeep !/inventory/host_vars/.gitkeep +!/inventory/scripts /roles/*/files/scratchpad diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index c2834244e..017cb4eb3 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -25,6 +25,17 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: matrix_jitsi_enabled: true ``` +## Securing your Jitsi instance with strong passwords + +Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance. +Execute the following commands in your terminal from the root of this repo: +```bash +cd inventory/scripts +bash generate-jitsi-passwords.sh +``` + +The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration. + ## (Optional) configure internal Jitsi authentication and guests mode By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration. diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/generate-jitsi-passwords.sh new file mode 100755 index 000000000..2f0cb00c6 --- /dev/null +++ b/inventory/scripts/generate-jitsi-passwords.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# This is a bash script for generating strong passwords for the Jitsi role in this ansible project: +# https://github.com/spantaleev/matrix-docker-ansible-deploy + +# This script assumes that you followed the documentation at https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md and created a folder in the source code's directory like this: 'mkdir inventory/host_vars/matrix.' +# it will put the generated passwords for Jitsi at the end of the vars.yml file in that directory + +function generatePassword() { + openssl rand -hex 16 +} + +# helper function to get the matrix domain in the host_vars directory +function get_domain_dir() { + counter=0 + + for f in *; do + counter=$(( counter + 1 )) + if [ ! -d "$f" ]; then + echo "Error: could not find directory 'matrix.your.domain'" + echo "Did you create it already? Please first setup your matrix homeserver before running this script." + echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" + exit 1 + elif [[ "$counter" -gt 1 ]]; then + echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." + echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." + echo "Cannot continue script, exiting." + exit 1 + fi + + # Will not set domain if zero or multiple directories are detected + domain=$f + done +} + +cd ../host_vars +get_domain_dir + +JICOFO_COMPONENT_SECRET=`generatePassword` +JICOFO_AUTH_PASSWORD=`generatePassword` +JVB_AUTH_PASSWORD=`generatePassword` +JIBRI_RECORDER_PASSWORD=`generatePassword` +JIBRI_XMPP_PASSWORD=`generatePassword` + +echo "" >> ../host_vars/${domain}/vars.yml +echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jicofo_component_secret: $JICOFO_COMPONENT_SECRET" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" >> ../host_vars/${domain}/vars.yml diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 1fed1744e..55f826773 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -28,7 +28,7 @@ matrix_jitsi_jibri_recorder_user: recorder matrix_jitsi_jibri_recorder_password: recorder-password -matrix_jitsi_web_docker_image: "jitsi/web:4101" +matrix_jitsi_web_docker_image: "jitsi/web:4384" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" @@ -73,7 +73,7 @@ matrix_jitsi_web_interface_config_show_powered_by: false matrix_jitsi_web_interface_config_disable_transcription_subtitles: false matrix_jisti_web_interface_config_show_deep_linking_image: false -matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101" +matrix_jitsi_prosody_docker_image: "jitsi/prosody:4384" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" @@ -86,7 +86,7 @@ matrix_jitsi_prosody_container_extra_arguments: [] matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] -matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101" +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4384" matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" @@ -103,7 +103,7 @@ matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_password: passw0rd -matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101" +matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" From 6a9eb89ea6ac5ce59bcdd023884fd8bdb782006f Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 8 Apr 2020 02:04:59 +0200 Subject: [PATCH 2/3] fix whitespace --- inventory/scripts/generate-jitsi-passwords.sh | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/generate-jitsi-passwords.sh index 2f0cb00c6..244d977f7 100755 --- a/inventory/scripts/generate-jitsi-passwords.sh +++ b/inventory/scripts/generate-jitsi-passwords.sh @@ -12,21 +12,21 @@ function generatePassword() { # helper function to get the matrix domain in the host_vars directory function get_domain_dir() { counter=0 - + for f in *; do counter=$(( counter + 1 )) if [ ! -d "$f" ]; then - echo "Error: could not find directory 'matrix.your.domain'" - echo "Did you create it already? Please first setup your matrix homeserver before running this script." - echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" - exit 1 - elif [[ "$counter" -gt 1 ]]; then - echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." - echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." - echo "Cannot continue script, exiting." - exit 1 - fi - + echo "Error: could not find directory 'matrix.your.domain'" + echo "Did you create it already? Please first setup your matrix homeserver before running this script." + echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" + exit 1 + elif [[ "$counter" -gt 1 ]]; then + echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." + echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." + echo "Cannot continue script, exiting." + exit 1 + fi + # Will not set domain if zero or multiple directories are detected domain=$f done From b181f0268072a80b541e1e519c32c2def730dc5c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 09:55:44 +0300 Subject: [PATCH 3/3] Use dollar sign instead of backtick Co-Authored-By: Sandro --- inventory/scripts/generate-jitsi-passwords.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/generate-jitsi-passwords.sh index 244d977f7..ae6d471a8 100755 --- a/inventory/scripts/generate-jitsi-passwords.sh +++ b/inventory/scripts/generate-jitsi-passwords.sh @@ -35,11 +35,11 @@ function get_domain_dir() { cd ../host_vars get_domain_dir -JICOFO_COMPONENT_SECRET=`generatePassword` -JICOFO_AUTH_PASSWORD=`generatePassword` -JVB_AUTH_PASSWORD=`generatePassword` -JIBRI_RECORDER_PASSWORD=`generatePassword` -JIBRI_XMPP_PASSWORD=`generatePassword` +JICOFO_COMPONENT_SECRET=$(generatePassword) +JICOFO_AUTH_PASSWORD=$(generatePassword) +JVB_AUTH_PASSWORD=$(generatePassword) +JIBRI_RECORDER_PASSWORD=$(generatePassword) +JIBRI_XMPP_PASSWORD=$(generatePassword) echo "" >> ../host_vars/${domain}/vars.yml echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml