Wednesday, September 28, 2022

Re: README for jitsi

> Passwords
> ========

needs another =

> Ports and pf.conf
> =================

Maybe better to avoid "ports" in the title here, I would go with
perhaps "pf.conf rules"

> The default configuration uses the following ports:
>
> * nginx: TCP 80, 443
> * prosody: TCP 5000, 5222, 5269, 5280, 5281, 5347, 5582
> * jicofo: TCP 8888
> * jvb: TCP 8080, UDP 10000
>
> Only a few ports, TCP 80, 443 and UDP 10000, are to be exposed. A possible set of pf.conf rules that can be used is:
>
> pass in on egress to (self) tcp port { 80 443 }
> pass in on egress to (self) udp port 10000

This makes me think "what are the other ones for then?" if they're
discussed in a section about firewall rules. Maybe say "exposed to
the network" and then say that the others are only used for local
communications between the daemons?

> /etc/hosts configuration
> ========================
>
> Jitsi needs two subdomains, 'auth.jitsi.example.com' and 'jitsi.example.com', configured as part of the setup, of which only 'jitsi.example.com' is exposed outside the local network.
>
> They are accessed by the jicofo, jvb and prosody daemons as part of their internal communication. The simplest way to make them resolvable to localhost is to add them in the /etc/hosts file:
>
> 127.0.0.1 localhost jitsi jitsi.example.com auth.jitsi auth.jitsi.example.com
> ::1 localhost jitsi jitsi.example.com auth.jitsi auth.jitsi.example.com

IPv6 is of course a real mess with Java on OpenBSD with the forced
IPV6_V6ONLY thing:(

> In the sample prosody configuration file, replace the domain and the password placeholders with the pregenerated passwords mentioned above.

"pregenerated" makes me think that something has generated them
automatically, maybe "with the passsword you chose above"?

> These certificates also need to be shared with jicofo and jvb by adding them to a java certificate truststore ${SYSCONFDIR}/ssl/jitsi.store.

s/java/Java/

> The daemons needs to be started in the order given:
>
> pkg_scripts=nginx prosody jvb jicofo
>
> The above can be achieved by editing /etc/rc.conf.local. The setup can be tested by starting the daemons and visiting the site at https://jitsi.example.com.

use "rcctl enable" and "rcctl order", see net/avahi/pkg/README-main

These files want to go into a meta port don't they? Sending that as a
tgz would sidestep the line-wrapping issues ;)

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)