Greetings, I've needed to invest quite a bit of time to get jicofo to talk to prosody because the upstream documentation is specific to Debian, and Java certificate handling is quite different on Debian-based systems vs. FreeBSD. I am proposing to add some documentation to save users some digging. Please check if the instructions below are correct, and then put them into a pkg-message file and/or a post-install documentation referenced from pkg-message. These links aren't exactly helpful for FreeBSD. https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md#install-jitsi-conference-focus-jicofo https://github.com/jitsi/jicofo/blob/master/README.md#certificates Here's what I needed to do: openssl x509 -in /var/db/prosody/auth.jitsi.example.org.crt -outform der \ -out /var/db/prosody/auth.jitsi.example.org.der keytool -import -trustcacerts -file /var/db/prosody/auth.jitsi.example.org.der \ -alias auth.jitsi.example.org -keystore /usr/local/etc/ssl/java.pem and as password I used the default "changeme". However, the file is misnamed and should be called trust.jsk or something, and possibly we should move it outside /usr/local/etc/ssl, and rather into .../etc/jitsi/trust.jsk: # file /usr/local/etc/ssl/java.pem /usr/local/etc/ssl/java.pem: Java KeyStore I think we would need a full deployment instruction set for FreeBSD, and possibly a rapid-deployment meta-port.
Created attachment 213966 [details] touch-ups to polish rcfile, pkg-message and Makefile Find attached a patch that refines the pkg-message, the rcscript, and bumps PORTREVISION. Note that after upgrading from _1 to _2 the java truststore needs to be moved (perhaps add an updating maxversion: to pkg-message?) mv /usr/local/etc/ssl/java.pem /usr/local/etc/jitsi/jicofo/truststore.jks
(In reply to Matthias Andree from comment #0) Certificates can be generated by prosodyctl prosodyctl cert generate jitsi.example.com prosodyctl cert generate auth.jitsi.example.com It is not necessary use openssl directly. I have avoided that users to do a deep search about how configure jicofo/jitsi-videobridge. I have included some parameters into rc script as result of my deep search about jitsi. The only missing thing that I didn't put into pkg-message is related to certificate (but it is clear into manual guide of jitsi/jicofo). About of trusted certificate I agree that it can be stored into jicofo configuration directory. I'll apply some changes to your patch file and I'll commit them as soon as posibly Greetings
acm@, you wrote: > prosodyctl cert generate jitsi.example.com > prosodyctl cert generate auth.jitsi.example.com > > It is not necessary use openssl directly. For me, it was necessary. Keytool was not accepting prosody's certificates directly, I had to convert them first.
A commit references this bug: Author: acm Date: Tue May 5 22:43:06 UTC 2020 New revision: 534105 URL: https://svnweb.freebsd.org/changeset/ports/534105 Log: - Add some additional instructions related to jicofo configuration on FreeBSD into pkg-message.in file - Reorder jicofo rc script - Now trusted certification is take from /usr/local/etc/jitsi/jicofo/truststore.jks If you are updating please move /usr/local/etc/ssl/java.pem file to /usr/local/etc/jitsi/jicofo/truststore.jks path file - Bump PORTREVISION PR: 246069 Submitted by: mandree Changes: head/net-im/jicofo/Makefile head/net-im/jicofo/files/jicofo.in head/net-im/jicofo/files/pkg-message.in
- Committed thanks!