Mise à jour de 'services/viso.libre-service.eu.md'

This commit is contained in:
Christian P. MOMON 2021-10-27 02:49:27 +02:00
parent 12bc313164
commit ff6fd4cd05

View file

@ -68,7 +68,16 @@ PING visio.libre-service.eu (145.239.49.4) 56(84) bytes of data.
64 bytes from visio.libre-service.eu (145.239.49.4): icmp_seq=1 ttl=64 time=0.034 ms 64 bytes from visio.libre-service.eu (145.239.49.4): icmp_seq=1 ttl=64 time=0.034 ms
``` ```
## Paquets ## Paquets Jitsi
Pour que le paquet Jitsi configure Apache, il faut neutraliser certains points :
```
a2dissite visio.libre-service.eu.conf
a2dismod ssl
systemctl reload apache2.service
cd /etc/apache2/sites-available/
mv visio.libre-service.eu.conf visio.libre-service.eu.conf.aco
```
Déclarer le dépôt Jitsi : Déclarer le dépôt Jitsi :
``` ```
curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg' curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
@ -99,3 +108,76 @@ Répondre aux questions :
Full local server path to the SSL certificate file: /var/lib/dehydrated/certs/visio.libre-service.eu/fullchain.pem Full local server path to the SSL certificate file: /var/lib/dehydrated/certs/visio.libre-service.eu/fullchain.pem
``` ```
Compléter le nouveau fichier de conf généré /etc/apache2/site-available/visio.libre-service.eu.conf` :
```
<VirtualHost *:80>
ServerName visio.libre-service.eu
ServerAdmin admins@libre-service.eu
CustomLog ${APACHE_LOG_DIR}/visio.libre-service.eu-nossl-access.log combined
ErrorLog ${APACHE_LOG_DIR}/visio.libre-service.eu-nossl-error.log
LogLevel warn
Redirect 302 / https://visio.libre-service.eu/
</VirtualHost>
<VirtualHost *:443>
ServerName visio.libre-service.eu
ServerAdmin admins@libre-service.eu
CustomLog ${APACHE_LOG_DIR}/visio.libre-service.eu-access.log combined
ErrorLog ${APACHE_LOG_DIR}/visio.libre-service.eu-error.log
LogLevel warn
# enable HTTP/2, if available
Protocols h2 http/1.1
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /var/lib/dehydrated/certs/visio.libre-service.eu/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/visio.libre-service.eu/privkey.pem
Header always set Strict-Transport-Security "max-age=63072000"
DocumentRoot "/usr/share/jitsi-meet"
<Directory "/usr/share/jitsi-meet">
Options Indexes MultiViews Includes FollowSymLinks
AddOutputFilter Includes html
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorDocument 404 /static/404.html
Alias "/config.js" "/etc/jitsi/meet/visio.libre-service.eu-config.js"
<Location /config.js>
Require all granted
</Location>
Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js"
<Location /external_api.js>
Require all granted
</Location>
ProxyPreserveHost on
ProxyPass /http-bind http://localhost:5280/http-bind
ProxyPassReverse /http-bind http://localhost:5280/http-bind
ProxyPass /xmpp-websocket ws://localhost:5280/xmpp-websocket
ProxyPassReverse /xmpp-websocket ws://localhost:5280/xmpp-websocket
ProxyPass /colibri-ws/default-id ws://localhost:9090/colibri-ws/default-id
ProxyPassReverse /colibri-ws/default-id ws://localhost:9090/colibri-ws/default-id
RewriteEngine on
RewriteRule ^/([a-zA-Z0-9]+)$ /index.html
</VirtualHost>
# Mozilla Guideline v5.4, Apache 2.4.41, OpenSSL 1.1.1d, intermediate configuration, no OCSP
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
```
Tester l'installation.