certbot --deploy-hook
This commit is contained in:
parent
879d7fc044
commit
b0510d37ce
|
@ -153,7 +153,7 @@
|
|||
state: directory
|
||||
mode: '0755'
|
||||
- name: Generate certificate with certbot
|
||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
||||
when: ssl.stat.exists != true
|
||||
|
||||
- name: (Re)check if SSL certificate is present and register result
|
||||
|
|
|
@ -3,11 +3,11 @@ use-auth-secret
|
|||
keep-address-family
|
||||
static-auth-secret={{ jitsi_meet_turn_secret }}
|
||||
realm={{ domains | first }}
|
||||
cert=/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem
|
||||
pkey=/etc/letsencrypt/live/{{ domains | first }}/privkey.pem
|
||||
cert=/etc/coturn/certs/{{ domains | first }}.crt
|
||||
pkey=/etc/coturn/certs/{{ domains | first }}.key
|
||||
no-multicast-peers
|
||||
no-cli
|
||||
no-loopback-peers
|
||||
#no-loopback-peers
|
||||
no-tcp-relay
|
||||
no-tcp
|
||||
listening-port=3478
|
||||
|
@ -17,7 +17,7 @@ no-tlsv1_1
|
|||
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
||||
cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
# without it there are errors when running on Ubuntu 20.04
|
||||
dh2066
|
||||
#dh2066
|
||||
# jitsi-meet coturn relay disable config. Do not modify this line
|
||||
denied-peer-ip=0.0.0.0-0.255.255.255
|
||||
denied-peer-ip=10.0.0.0-10.255.255.255
|
||||
|
|
Loading…
Reference in a new issue