Fix jitsi meet jvb connection info and cert CN

This fixes the JVB connection info to use IP addrs instead of names
since nginx can't seem to do name lookups. Additionally, we modify the
cert CN to match the IP address used.

Change-Id: I6bbca44b60559d9586741c6540cb390371e3c120
changes/24/858224/1
Clark Boylan 2 months ago
parent d442287c06
commit 801d8c2843
  1. 4
      playbooks/roles/jitsi-meet/tasks/main.yaml
  2. 6
      playbooks/roles/jitsi-meet/templates/jvb-env.j2
  3. 6
      playbooks/roles/jitsi-meet/templates/meet-env.j2

@ -68,8 +68,10 @@
-validity 3652
-keystore /var/jitsi-meet/jvb/jvb-keystore.store
-storepass {{ meetpad_jvb_keystore_password }}
# Jitsi meet appears to do SNI via the CN in the cert, but not
# other validation of the cert issuer.
stdin: |
Infra Root
{{ public_v4 }}
OpenDev
Open Infra Foundation
Austin

@ -13,7 +13,11 @@ JVB_AUTH_PASSWORD={{ meetpad_jvb_auth_password }}
JVB_PORT=10000
JVB_KEYSTORE_PATH=/config/jvb-keystore.store
JVB_KEYSTORE_PASSWORD={{ meetpad_jvb_keystore_password }}
JVB_WS_SERVER_ID={{ inventory_hostname }}
# We use the IP address instead of the server fqdn here because nginx was
# unable to do name lookups for the fqdn when we tried that initially.
# Whatever value is used here should match the CN in the java keystore
# generated by ansible.
JVB_WS_SERVER_ID={{ public_v4 }}
# shellcheck disable=SC2034

@ -19,7 +19,11 @@ JVB_AUTH_PASSWORD={{ meetpad_jvb_auth_password }}
JVB_PORT=10000
JVB_KEYSTORE_PATH=/config/jvb-keystore.store
JVB_KEYSTORE_PASSWORD={{ meetpad_jvb_keystore_password }}
JVB_WS_SERVER_ID={{ inventory_hostname }}
# We use the IP address instead of the server fqdn here because nginx was
# unable to do name lookups for the fqdn when we tried that initially.
# Whatever value is used here should match the CN in the java keystore
# generated by ansible.
JVB_WS_SERVER_ID={{ public_v4 }}
JICOFO_COMPONENT_SECRET={{ meetpad_jicofo_component_secret }}
JICOFO_AUTH_PASSWORD={{ meetpad_jicofo_auth_password }}
JIGASI_XMPP_PASSWORD={{ meetpad_jigasi_xmpp_password }}

Loading…
Cancel
Save