Fix jitsi meet jvb connection info and cert CN

This fixes the JVB connection info to use IP addrs instead of names
since nginx can't seem to do name lookups. Additionally, we modify the
cert CN to match the IP address used.

Change-Id: I6bbca44b60559d9586741c6540cb390371e3c120
This commit is contained in:
Clark Boylan 2022-09-16 15:43:48 -07:00
parent d442287c06
commit 801d8c2843
3 changed files with 13 additions and 3 deletions

View File

@ -68,8 +68,10 @@
-validity 3652
-keystore /var/jitsi-meet/jvb/jvb-keystore.store
-storepass {{ meetpad_jvb_keystore_password }}
# Jitsi meet appears to do SNI via the CN in the cert, but not
# other validation of the cert issuer.
stdin: |
Infra Root
{{ public_v4 }}
OpenDev
Open Infra Foundation
Austin

View File

@ -13,7 +13,11 @@ JVB_AUTH_PASSWORD={{ meetpad_jvb_auth_password }}
JVB_PORT=10000
JVB_KEYSTORE_PATH=/config/jvb-keystore.store
JVB_KEYSTORE_PASSWORD={{ meetpad_jvb_keystore_password }}
JVB_WS_SERVER_ID={{ inventory_hostname }}
# We use the IP address instead of the server fqdn here because nginx was
# unable to do name lookups for the fqdn when we tried that initially.
# Whatever value is used here should match the CN in the java keystore
# generated by ansible.
JVB_WS_SERVER_ID={{ public_v4 }}
# shellcheck disable=SC2034

View File

@ -19,7 +19,11 @@ JVB_AUTH_PASSWORD={{ meetpad_jvb_auth_password }}
JVB_PORT=10000
JVB_KEYSTORE_PATH=/config/jvb-keystore.store
JVB_KEYSTORE_PASSWORD={{ meetpad_jvb_keystore_password }}
JVB_WS_SERVER_ID={{ inventory_hostname }}
# We use the IP address instead of the server fqdn here because nginx was
# unable to do name lookups for the fqdn when we tried that initially.
# Whatever value is used here should match the CN in the java keystore
# generated by ansible.
JVB_WS_SERVER_ID={{ public_v4 }}
JICOFO_COMPONENT_SECRET={{ meetpad_jicofo_component_secret }}
JICOFO_AUTH_PASSWORD={{ meetpad_jicofo_auth_password }}
JIGASI_XMPP_PASSWORD={{ meetpad_jigasi_xmpp_password }}