2023-08-18 16:06:18 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
# https://serverfault.com/questions/849683/how-to-setup-coturn-with-letsencrypt
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
for domain in $RENEWED_DOMAINS; do
|
|
|
|
|
case $domain in
|
2024-03-27 21:55:24 +01:00
|
|
|
{{ jitsimeet_turn_domains | first }})
|
2023-08-18 16:06:18 +02:00
|
|
|
daemon_cert_root=/etc/coturn/certs
|
|
|
|
|
|
|
|
|
|
# Make sure the certificate and private key files are
|
|
|
|
|
# never world readable, even just for an instant while
|
|
|
|
|
# we're copying them into daemon_cert_root.
|
|
|
|
|
umask 077
|
|
|
|
|
|
|
|
|
|
cp "$RENEWED_LINEAGE/fullchain.pem" "$daemon_cert_root/$domain.crt"
|
|
|
|
|
cp "$RENEWED_LINEAGE/privkey.pem" "$daemon_cert_root/$domain.key"
|
|
|
|
|
|
|
|
|
|
# Apply the proper file ownership and permissions for
|
|
|
|
|
# the daemon to read its certificate and key.
|
|
|
|
|
chown turnserver "$daemon_cert_root/$domain.crt" \
|
|
|
|
|
"$daemon_cert_root/$domain.key"
|
|
|
|
|
chmod 400 "$daemon_cert_root/$domain.crt" \
|
|
|
|
|
"$daemon_cert_root/$domain.key"
|
|
|
|
|
|
|
|
|
|
service coturn restart >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
