r900
2f9192c238
misc: change test for "unstable" to proper /bin/sh syntax
...
With /bin/sh one `=` has to be used, otherwise it will always fail with "unexpected operator".
5 years ago
Matthias Herzog
e6eecce2af
web: add letsencrypt volume
5 years ago
netaskd
abac343442
makefile: add release target. all target makes build all only
5 years ago
netaskd
e8c8342848
misc: refactoring Makefile
5 years ago
Saúl Ibarra Corretgé
f809afe7ed
prosody: fix enabling the token_verification module
...
Fixes: https://github.com/jitsi/jitsi-meet/issues/4349
6 years ago
arnuschky
85c79cfb2b
doc: fix prosody create user command in README
...
Fixes: https://github.com/jitsi/docker-jitsi-meet/issues/109
6 years ago
netaskd
046145d95e
base: add testing tools if JITSI_RELEASE is unstable
6 years ago
netaskd
bb1d386ebc
jvb: set owner jvb rights for /config directory
6 years ago
Saúl Ibarra Corretgé
8da61612e9
prosody: introduce AUTH_TYPE
...
It simplifies selecting the desired authentication type, instead of
having a boolean for each.
6 years ago
Saúl Ibarra Corretgé
9ff3ce295c
web: persist letsencrypt certificates
...
Store them in the config volume so they are not regenerated on every
boot.
Closes: https://github.com/jitsi/docker-jitsi-meet/issues/71
6 years ago
netaskd
165f313764
jigasi: add SDES srtp enabling possibility and healthcheck
6 years ago
Saúl Ibarra Corretgé
6c0bbae73c
misc: group authentication options together
6 years ago
netaskd
2e3576f6ca
prosody: add LDAP authentication via SASL mechanism
6 years ago
Saúl Ibarra Corretgé
0db4b7dce9
doc: add JWT token example
6 years ago
netaskd
fb93051bea
misc: all variables moved to .env file for fully customization of jitsi-meet service domains
6 years ago
Paul Tiedtke
df36d71542
xmpp: add jwt authentication support
6 years ago
Saúl Ibarra Corretgé
a235af06d0
prosody: ignore errors when moving certificates
...
In case we have moved them before, for example.
6 years ago
netaskd
b8faa26e75
prosody: fix owner for /config dir
6 years ago
Saúl Ibarra Corretgé
5c0776b8ed
doc: this is no longer experimental
...
It seems to work well, who would have thought? :-)
6 years ago
Saúl Ibarra Corretgé
63f8ddda18
build: only push "latest" and the release tag
6 years ago
Saúl Ibarra Corretgé
7f00c8e7a2
web: sync Jitsi Meet configuration
6 years ago
Saúl Ibarra Corretgé
3a534c63b5
xmpp: disable storage for MUC components
...
Fixes: https://github.com/jitsi/docker-jitsi-meet/issues/64
6 years ago
Saúl Ibarra Corretgé
aaf7baa9e8
jigasi: set DOMAIN_BASE for SIP account
...
Fixes: https://github.com/jitsi/docker-jitsi-meet/issues/33
6 years ago
Paul Tiedtke
e848354042
xmpp: add default host to prosody config
6 years ago
netaskd
bb7f68a749
web: update config.js from upstream
6 years ago
Paul Tiedtke
2da615c1f4
misc: fix typo in Makefile
6 years ago
Saúl Ibarra Corretgé
1d0ecec9ef
build: add helper to tag images
6 years ago
Saúl Ibarra Corretgé
7ebbf7b92a
jvb: fix specifying an empty list of STUN servers
...
Fixes: https://github.com/jitsi/docker-jitsi-meet/issues/43
6 years ago
Saúl Ibarra Corretgé
30c425811e
misc: fix handling boolean values
...
Fixes: https://github.com/jitsi/docker-jitsi-meet/issues/30
6 years ago
Saúl Ibarra Corretgé
e3583c72a6
jigasi: don't make SIP proxy port and transport mandatory
6 years ago
Paul Tiedtke
95a55915b7
xmpp: add ability to add custom prosody modules
6 years ago
Paul Tiedtke
fb1fdb1d53
doc: add missing entry in README
6 years ago
Saúl Ibarra Corretgé
8e2964b006
xmpp: fix storage backend on prosody 0.11
6 years ago
Aleksandr Borisenko
0760253ebd
xmpp: fix default directory for generated certs
6 years ago
Paul Tiedtke
0f0a9420a0
jigasi: make it completely optional
6 years ago
Saúl Ibarra Corretgé
19666889bd
doc: update README
6 years ago
netaskd
072fb9d9d1
web: add strong ssl_ciphers and headers
6 years ago
netaskd
7c6c6bcefb
web: enable ssl_protocol TLSv1.2 only
6 years ago
netaskd
4b88a28fcc
jigasi: make SIP port and transport configurable
6 years ago
Paul Tiedtke
ab5f248913
web: run cron only when HTTPS and Let's Encrypt are enabled
6 years ago
Dan Caseley
da43e68854
jvb: add TCP Harvester configuration options
6 years ago
Saúl Ibarra Corretgé
d6de4fdb58
web: fix typo
6 years ago
Saúl Ibarra Corretgé
0399c6dd15
misc: update TODO
...
The entry is covered by the more generic next one.
6 years ago
Saúl Ibarra Corretgé
cda11bc52f
web: add ability to redirect HTTP traffic to HTTPS
...
Useful if you're running this setup directly on the Internet, with a
Let's Encrypt certificate.
6 years ago
Saúl Ibarra Corretgé
fcf83859e4
web: add ability to disable HTTPS
...
If TLS is terminated elsewhere and then connections are proxied over
HTTP, there is no need for it and it makes initialization a tad slower
on the first run.
6 years ago
Saúl Ibarra Corretgé
5c988de8b6
web: refactor nginx configuration
6 years ago
Saúl Ibarra Corretgé
f61ef3f093
web: add builtin Let's Encrypt support
6 years ago
Saúl Ibarra Corretgé
2115bc0ed3
xmpp: remove unneeded files
6 years ago
Saúl Ibarra Corretgé
ca47165807
web: move key generation to the main config script
6 years ago
Saúl Ibarra Corretgé
415f10406f
web: split TLS configuration and make it stronger
...
Resources:
- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
- https://weakdh.org/sysadmin.html
6 years ago