certbot --deploy-hook
This commit is contained in:
parent
6ea0463e57
commit
9fdc5a126b
|
@ -153,7 +153,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
- name: Generate certificate with certbot
|
- name: Generate certificate with certbot
|
||||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
||||||
when: ssl.stat.exists != true
|
when: ssl.stat.exists != true
|
||||||
|
|
||||||
- name: (Re)check if SSL certificate is present and register result
|
- name: (Re)check if SSL certificate is present and register result
|
||||||
|
|
|
@ -3,11 +3,11 @@ use-auth-secret
|
||||||
keep-address-family
|
keep-address-family
|
||||||
static-auth-secret={{ jitsi_meet_turn_secret }}
|
static-auth-secret={{ jitsi_meet_turn_secret }}
|
||||||
realm={{ domains | first }}
|
realm={{ domains | first }}
|
||||||
cert=/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem
|
cert=/etc/coturn/certs/{{ domains | first }}.crt
|
||||||
pkey=/etc/letsencrypt/live/{{ domains | first }}/privkey.pem
|
pkey=/etc/coturn/certs/{{ domains | first }}.key
|
||||||
no-multicast-peers
|
no-multicast-peers
|
||||||
no-cli
|
no-cli
|
||||||
no-loopback-peers
|
#no-loopback-peers
|
||||||
no-tcp-relay
|
no-tcp-relay
|
||||||
no-tcp
|
no-tcp
|
||||||
listening-port=3478
|
listening-port=3478
|
||||||
|
@ -17,7 +17,7 @@ no-tlsv1_1
|
||||||
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
||||||
cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
# without it there are errors when running on Ubuntu 20.04
|
# without it there are errors when running on Ubuntu 20.04
|
||||||
dh2066
|
#dh2066
|
||||||
# jitsi-meet coturn relay disable config. Do not modify this line
|
# jitsi-meet coturn relay disable config. Do not modify this line
|
||||||
denied-peer-ip=0.0.0.0-0.255.255.255
|
denied-peer-ip=0.0.0.0-0.255.255.255
|
||||||
denied-peer-ip=10.0.0.0-10.255.255.255
|
denied-peer-ip=10.0.0.0-10.255.255.255
|
||||||
|
|
Loading…
Reference in a new issue