Then run the following openssl command to generate custom parameters for the Diffie-Hellman (DH) key exchange. Let’s improve this with a few simple steps.įirst off, set server_tokens to off in the nf to hide the exact version number of the webserver. Hardening Nginxīy default the Nginx configuration and the Jitsi virtual host configuration get a B score when you test your Jitsi domain with. You can read about more details in the Certbot documentation. This might not be really bad but the deploy hook just seems to fit better. If you would use the post hook instead it would run after each attempt to renew it. Placing the script in the deploy hook makes sure that it only runs after a successful renewal. Add a file 01-reload-nginx to the directory /etc/letsencrypt/renewal-hooks/deploy with the following content: #!/bin/shĪnd again, make the file executable with this command: chmod 755 /etc/letsencrypt/renewal-hooks/deploy/01-reload-nginx If you’re using Nginx – which is the default dependency on Debian right now – you need to tell the webserver that it should reload its configuration when a new certificate is deployed. Save and close the file and make it executable like so: chmod 755 /etc/cron.daily/certbot Simply create a file in /etc/cron.daily/ named certbot and add the following content to it: #!/bin/sh
It also states that you should rerun the script to renew the certificate but this is generally a bad idea and you should automate this process of course. TLS certificate additionĪt the end of the installation process you will get the hint to install a Let’s Encrypt TLS certificate using the script install-letsencrypt-cert.sh. In some older tutorials you will see that the whole range from port 10.000 to 20.000 was opened which is not necessary anymore. Furthermore it will open port 10.000 UDP (not TCP) for Jitsi. This opens the SSH port and HTTP and HTTPS ports. You install the Debian package ufw and issue the following commands to setup the firewall rules. I’m using ufw the uncomplicated firewall for this so let’s have a look at the details. When it comes to setting up the firewall the Jitsi quick start guide only states which ports you need to open but does not exactly tell you how to do this. I also do not want to reiterate what the Jitsi quick install guide already tells you. Make sure to setup a domain name that points to your server. There are a lot of providers and I will not go into the details of setting this up. Installing Jitsiįirst off, you need to setup a dedicated or virtual server that hosts the Jitsi video chat software. Since Jitsi is under active development and some of the settings may change please keep in mind that I recorded this video in April 2020 and even though I try to keep it as general as possible some details might have changed depending on when you are watching this. I would like to focus on a few more topics so we end up with a usable, production ready system that you can deploy for one of you customers for example. There are a lot of tutorials online and everything seems to be super easy. I would like to show you how to setup your self-hosted video chat server with the Open Source software Jitsi. Some of them are encrypted and guarantee a certain level of data privacy. Some of them need a paid subscription plan. There are a lot of different solutions on the market.
Based on the current situation video chat systems are becoming more and more popular.
0 kommentar(er)
