web: add ability to disable HTTPS

If TLS is terminated elsewhere and then connections are proxied over
HTTP, there is no need for it and it makes initialization a tad slower
on the first run.

README.md

@@ -160,6 +160,7 @@ Variable | Description | Default value
 `JIGASI_BREWERY_MUC` | MUC name for the Jigasi pool | jigasibrewery
 `JIGASI_PORT_MIN` | Minimum port for media used by Jigasi | 20000
 `JIGASI_PORT_MAX` | Maximum port for media used by Jigasi | 20050
+`DISABLE_HTTPS` | Disable HTTPS, this can be useful if TLS connections are going to be handled outside of this setup | 1
 
 ### Running on a LAN environment
 

docker-compose.yml

@@ -13,6 +13,7 @@ services:
             - ENABLE_AUTH
             - ENABLE_GUESTS
             - ENABLE_LETSENCRYPT
+            - DISABLE_HTTPS
             - JICOFO_AUTH_USER
             - LETSENCRYPT_DOMAIN
             - LETSENCRYPT_EMAIL

env.example

@@ -118,3 +118,6 @@ JIGASI_PORT_MIN=20000
 
 # Maximum port for media used by Jigasi.
 JIGASI_PORT_MAX=20050
+
+# Disable HTTPS. This can be useful if TLS connections are going to be handled outside of this setup.
+#DISABLE_HTTPS=1

web/rootfs/defaults/default

@@ -4,9 +4,11 @@ server {
 	include /config/nginx/meet.conf;
 }
 
+{{ if not .Env.DISABLE_HTTPS }}
 server {
 	listen 443 ssl;
 
 	include /config/nginx/ssl.conf;
 	include /config/nginx/meet.conf;
 }
+{{ end }}

web/rootfs/etc/cont-init.d/10-config

@@ -8,25 +8,30 @@ mkdir -p \
     /var/tmp/nginx
 
 # generate keys (maybe)
-if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
+if [[ $DISABLE_HTTPS -ne 1 ]]; then
-    if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
+    if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
-        certbot certonly \
+        if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
-            --noninteractive \
+            certbot certonly \
-            --standalone \
+                --noninteractive \
-            --preferred-challenges http \
+                --standalone \
-            -d $LETSENCRYPT_DOMAIN \
+                --preferred-challenges http \
-            --agree-tos \
+                -d $LETSENCRYPT_DOMAIN \
-            --email $LETSENCRYPT_EMAIL
+                --agree-tos \
-        cp /defaults/letsencrypt-renew /etc/cron.monthly/
+                --email $LETSENCRYPT_EMAIL
-    fi
+            cp /defaults/letsencrypt-renew /etc/cron.monthly/
-else
+        fi
-    # use self-signed certs
-    if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
-        echo "using keys found in /config/keys"
     else
-        echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required"
+        # use self-signed certs
-        SUBJECT="/C=US/ST=TX/L=Austin/O=jitsi.org/OU=Jitsi Server/CN=*"
+        if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
-        openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
+            echo "using keys found in /config/keys"
+        else
+            echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required"
+            SUBJECT="/C=US/ST=TX/L=Austin/O=jitsi.org/OU=Jitsi Server/CN=*"
+            openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
+        fi
+    fi
+    if [[ ! -f /config/nginx/dhparams.pem ]]; then
+        openssl dhparam -out /config/nginx/dhparams.pem 2048
     fi
 fi
 
@@ -43,12 +48,8 @@ if [[ ! -f /config/nginx/ssl.conf ]]; then
     tpl /defaults/ssl.conf > /config/nginx/ssl.conf
 fi
 
-if [ ! -f "/config/nginx/dhparams.pem" ]; then
-    openssl dhparam -out /config/nginx/dhparams.pem 2048
-fi
-
 if [[ ! -f /config/nginx/site-confs/default ]]; then
-    cp /defaults/default /config/nginx/site-confs/default
+    tpl /defaults/default > /config/nginx/site-confs/default
 fi
 
 if [[ ! -f /config/config.js ]]; then