Jonathan Lennox
b0cb4a1846
web: update TLS config to Mozilla security guidelines
4 years ago
Saúl Ibarra Corretgé
06012127e9
web: replace certbot with acme.sh
...
The former seems to be in a pretty bad state for usage with Debian based
containers:
- The Debian provided package is too old
- certbot-auto no longer works on Debian
- The recommended way of using snap is not Docker friendly
Thus, we are migrating to acme.sh, which has the advantage of also
making the web container slimmer.
4 years ago
mammo0
ba011900fb
web: prevent s6 from restarting cron if it shouldn't be run
4 years ago
Felix Geyer
c36c4d02a7
web: always rebuild nginx configs on start
4 years ago
D3473R
6b69576c2f
web: add ability to configure tokenAuthUrl
4 years ago
Saúl Ibarra Corretgé
465816b4eb
web,prosody: turn on XMPP WebSocket by default
4 years ago
Jan-Otto Kröpke
d747bfbe6b
web,prosody: add XMPP WebSocket / Stream Management support
4 years ago
Saúl Ibarra Corretgé
7ab45bbb37
web: add ability to configure prejoin page
4 years ago
Paul Tiedtke
b277926332
jvb: make colibri websocket endpoints dynamic for multiple jvbs
4 years ago
Saúl Ibarra Corretgé
991f695275
web: remove no longer needed settings
...
They default to true now and they have been removed.
4 years ago
Ludovic Muller
087f024fcb
web: configure brandingDataUrl with env variables
4 years ago
NullIsNot0
a404653197
web: configure startAudioOnly using environment variable
4 years ago
Ludovic Muller
409cade8ec
web: configure Matomo using environment variables
4 years ago
Ludovic Muller
5ceaf5fd02
web: add IPv6 support
4 years ago
Saúl Ibarra Corretgé
ad5625bb09
jvb: switch to WebSocket based bridge channels
4 years ago
Saúl Ibarra Corretgé
81103362b5
web: add ability to configure the nginx resolver
4 years ago
Aaron van Meerten
c149463823
web: build config.js on each boot
...
Co-authored-by: Saúl Ibarra Corretgé <saghul@jitsi.org>
4 years ago
Jakub Onderka
2a0120de8b
web: set security headers also for non HTTPS
...
Fixes : #493
4 years ago
Nickolay V. Shmyrev
baed605569
web: fix removing closed captions button if transcription is enabled
4 years ago
Mathieu Brunot
edecacd0c0
etherpad: add ability to use a external server
4 years ago
Jakub Onderka
125775a737
web: fix WASM MIME type
5 years ago
Jakub Onderka
e70975e692
web: enable GZIP compression for more file types
5 years ago
Saúl Ibarra Corretgé
b039b29b7a
web: use certbot-auto
5 years ago
Amin Vakil
b95c95de0e
web: improve nginx configuration
...
* Enable http2 by default
* Disable server_tokens by default
5 years ago
Hanno Böck
dc46215600
web: remove DHE suites support
...
Ref: https://github.com/jitsi/docker-jitsi-meet/issues/433
5 years ago
Saúl Ibarra Corretgé
2c95ab7c9f
web: revert using PUBLIC_URL for BOSH URL
...
This partially reverts
5e6faced4f
It was unnecessary, and created lot of trouble.
5 years ago
Saúl Ibarra Corretgé
5e6faced4f
web: use PUBLIC_URL for etherpaad base and BOSH URLs
5 years ago
Saúl Ibarra Corretgé
655cf6be4a
web,prosody,jvb: prepare for new stable release
5 years ago
Frank Sachsenheim
cd4a071ed4
web: check for certbot's success and exit in case of a failure
5 years ago
Timon Engelke
8fa9f942ac
web: update nginx config from upstream
5 years ago
Matthias Herzog
9b17c0548d
web: fix letsencrypt renewal
5 years ago
Matthias Herzog
6234a18dc6
web: fix letsencrypt renewal
5 years ago
netaskd
ffa017b74d
jibri: add jibri service
5 years ago
Saúl Ibarra Corretgé
edf9630950
web: update config files
5 years ago
netaskd
e48bf46f7c
jigasi,web: add transcription options
5 years ago
netaskd
62f2d11cab
web,etherpad: add etherpad addon for sharing document
5 years ago
Saúl Ibarra Corretgé
7f00c8e7a2
web: sync Jitsi Meet configuration
6 years ago
netaskd
bb7f68a749
web: update config.js from upstream
6 years ago
Saúl Ibarra Corretgé
30c425811e
misc: fix handling boolean values
...
Fixes: https://github.com/jitsi/docker-jitsi-meet/issues/30
6 years ago
netaskd
072fb9d9d1
web: add strong ssl_ciphers and headers
6 years ago
netaskd
7c6c6bcefb
web: enable ssl_protocol TLSv1.2 only
6 years ago
Paul Tiedtke
ab5f248913
web: run cron only when HTTPS and Let's Encrypt are enabled
6 years ago
Saúl Ibarra Corretgé
d6de4fdb58
web: fix typo
6 years ago
Saúl Ibarra Corretgé
cda11bc52f
web: add ability to redirect HTTP traffic to HTTPS
...
Useful if you're running this setup directly on the Internet, with a
Let's Encrypt certificate.
6 years ago
Saúl Ibarra Corretgé
fcf83859e4
web: add ability to disable HTTPS
...
If TLS is terminated elsewhere and then connections are proxied over
HTTP, there is no need for it and it makes initialization a tad slower
on the first run.
6 years ago
Saúl Ibarra Corretgé
5c988de8b6
web: refactor nginx configuration
6 years ago
Saúl Ibarra Corretgé
f61ef3f093
web: add builtin Let's Encrypt support
6 years ago
Saúl Ibarra Corretgé
ca47165807
web: move key generation to the main config script
6 years ago
Saúl Ibarra Corretgé
415f10406f
web: split TLS configuration and make it stronger
...
Resources:
- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
- https://weakdh.org/sysadmin.html
6 years ago
Saúl Ibarra Corretgé
c34b4814df
web: fix formatting
6 years ago