Mise à jour de 'services/viso.libre-service.eu.md'

services/viso.libre-service.eu.md

@@ -68,7 +68,16 @@ PING visio.libre-service.eu (145.239.49.4) 56(84) bytes of data.
 64 bytes from visio.libre-service.eu (145.239.49.4): icmp_seq=1 ttl=64 time=0.034 ms
 ```
 
-## Paquets
+## Paquets Jitsi
+Pour que le paquet Jitsi configure Apache, il faut neutraliser certains points :
+```
+a2dissite visio.libre-service.eu.conf
+a2dismod ssl
+systemctl reload apache2.service
+cd /etc/apache2/sites-available/
+mv visio.libre-service.eu.conf visio.libre-service.eu.conf.aco
+```
+
 Déclarer le dépôt Jitsi :
 ```
 curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
@@ -98,4 +107,77 @@ Répondre aux questions :
  Full local server path to the SSL key file:   /var/lib/dehydrated/certs/visio.libre-service.eu/privkey.pem
 
  Full local server path to the SSL certificate file:  /var/lib/dehydrated/certs/visio.libre-service.eu/fullchain.pem
-```
+```
+
+Compléter le nouveau fichier de conf généré /etc/apache2/site-available/visio.libre-service.eu.conf` :
+```
+<VirtualHost *:80>
+        ServerName visio.libre-service.eu
+        ServerAdmin admins@libre-service.eu
+
+        CustomLog ${APACHE_LOG_DIR}/visio.libre-service.eu-nossl-access.log combined
+        ErrorLog  ${APACHE_LOG_DIR}/visio.libre-service.eu-nossl-error.log
+        LogLevel warn
+
+        Redirect 302 / https://visio.libre-service.eu/
+</VirtualHost>
+
+<VirtualHost *:443>
+        ServerName visio.libre-service.eu
+        ServerAdmin admins@libre-service.eu
+
+        CustomLog ${APACHE_LOG_DIR}/visio.libre-service.eu-access.log combined
+        ErrorLog  ${APACHE_LOG_DIR}/visio.libre-service.eu-error.log
+        LogLevel warn
+
+        # enable HTTP/2, if available
+        Protocols h2 http/1.1
+
+        SSLEngine on
+        SSLProxyEngine on
+        SSLCertificateFile /var/lib/dehydrated/certs/visio.libre-service.eu/fullchain.pem
+        SSLCertificateKeyFile /var/lib/dehydrated/certs/visio.libre-service.eu/privkey.pem
+
+        Header always set Strict-Transport-Security "max-age=63072000"
+
+        DocumentRoot "/usr/share/jitsi-meet"
+        <Directory "/usr/share/jitsi-meet">
+                Options Indexes MultiViews Includes FollowSymLinks
+                AddOutputFilter Includes html
+                AllowOverride All
+                Order allow,deny
+                Allow from all
+        </Directory>
+
+        ErrorDocument 404 /static/404.html
+
+        Alias "/config.js" "/etc/jitsi/meet/visio.libre-service.eu-config.js"
+        <Location /config.js>
+                Require all granted
+        </Location>
+
+        Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js"
+        <Location /external_api.js>
+                Require all granted
+        </Location>
+
+        ProxyPreserveHost on
+        ProxyPass /http-bind http://localhost:5280/http-bind
+        ProxyPassReverse /http-bind http://localhost:5280/http-bind
+        ProxyPass /xmpp-websocket ws://localhost:5280/xmpp-websocket
+        ProxyPassReverse /xmpp-websocket ws://localhost:5280/xmpp-websocket
+        ProxyPass /colibri-ws/default-id ws://localhost:9090/colibri-ws/default-id
+        ProxyPassReverse /colibri-ws/default-id ws://localhost:9090/colibri-ws/default-id
+
+        RewriteEngine on
+        RewriteRule ^/([a-zA-Z0-9]+)$ /index.html
+</VirtualHost>
+
+# Mozilla Guideline v5.4, Apache 2.4.41, OpenSSL 1.1.1d, intermediate configuration, no OCSP
+SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+SSLHonorCipherOrder off
+SSLSessionTickets   off
+``` 
+
+Tester l'installation.