Re: README for jitsi
Am 28.09.2022 20:30 schrieb Marc Espie: I sent private email to that guy about your work at eurobsdcon. I think you should work together and get this stuff in better shape before it's committed. I work together for some weeks now already .. with that "guy" ;-) I would really like to be able to just pkg_add jitsi-server (possibly a meta port), start it up, and have jitsi "just work" :) That's the goal, indeed. -- pb
Re: README for jitsi
On Wed, Sep 28, 2022 at 06:04:17PM +, Philipp Buehler wrote: > Am 28.09.2022 18:43 schrieb Stuart Henderson: > > > > > This makes me think "what are the other ones for then?" if they're > > discussed in a section about firewall rules. Maybe say "exposed to > > the network" and then say that the others are only used for local > > communications between the daemons? > > The many from prosody do not belong here, since only 5280 and 5222 is > *needed* > Also the 8080 and for jvb/jicofo are "only" for monitoring and not > operations per se. > > > IPv6 is of course a real mess with Java on OpenBSD with the forced > > IPV6_V6ONLY thing:( > > Didn't try IPv6 at all, all v4 is fine (and makes ok for a localhost setup > since a generic > v6 only on OpenBSD is rather not around soon?) > > > These files want to go into a meta port don't they? Sending that as a > > tgz would sidestep the line-wrapping issues ;) > > Yes, meta in the makings where this goes in as a pkg-readme. > > -- > pb > > I sent private email to that guy about your work at eurobsdcon. I think you should work together and get this stuff in better shape before it's committed. I would really like to be able to just pkg_add jitsi-server (possibly a meta port), start it up, and have jitsi "just work" :)
Re: README for jitsi
Am 28.09.2022 18:43 schrieb Stuart Henderson: This makes me think "what are the other ones for then?" if they're discussed in a section about firewall rules. Maybe say "exposed to the network" and then say that the others are only used for local communications between the daemons? The many from prosody do not belong here, since only 5280 and 5222 is *needed* Also the 8080 and for jvb/jicofo are "only" for monitoring and not operations per se. IPv6 is of course a real mess with Java on OpenBSD with the forced IPV6_V6ONLY thing:( Didn't try IPv6 at all, all v4 is fine (and makes ok for a localhost setup since a generic v6 only on OpenBSD is rather not around soon?) These files want to go into a meta port don't they? Sending that as a tgz would sidestep the line-wrapping issues ;) Yes, meta in the makings where this goes in as a pkg-readme. -- pb
Re: README for jitsi
> Passwords
>
needs another =
> Ports and pf.conf
> =
Maybe better to avoid "ports" in the title here, I would go with
perhaps "pf.conf rules"
> The default configuration uses the following ports:
>
> * nginx: TCP 80, 443
> * prosody: TCP 5000, 5222, 5269, 5280, 5281, 5347, 5582
> * jicofo: TCP
> * jvb: TCP 8080, UDP 1
>
> Only a few ports, TCP 80, 443 and UDP 1, are to be exposed. A possible
> set of pf.conf rules that can be used is:
>
> pass in on egress to (self) tcp port { 80 443 }
> pass in on egress to (self) udp port 1
This makes me think "what are the other ones for then?" if they're
discussed in a section about firewall rules. Maybe say "exposed to
the network" and then say that the others are only used for local
communications between the daemons?
> /etc/hosts configuration
>
>
> Jitsi needs two subdomains, 'auth.jitsi.example.com' and 'jitsi.example.com',
> configured as part of the setup, of which only 'jitsi.example.com' is exposed
> outside the local network.
>
> They are accessed by the jicofo, jvb and prosody daemons as part of their
> internal communication. The simplest way to make them resolvable to localhost
> is to add them in the /etc/hosts file:
>
> 127.0.0.1 localhost jitsi jitsi.example.com auth.jitsi
> auth.jitsi.example.com
> ::1 localhost jitsi jitsi.example.com auth.jitsi
> auth.jitsi.example.com
IPv6 is of course a real mess with Java on OpenBSD with the forced
IPV6_V6ONLY thing:(
> In the sample prosody configuration file, replace the domain and the password
> placeholders with the pregenerated passwords mentioned above.
"pregenerated" makes me think that something has generated them
automatically, maybe "with the passsword you chose above"?
> These certificates also need to be shared with jicofo and jvb by adding them
> to a java certificate truststore ${SYSCONFDIR}/ssl/jitsi.store.
s/java/Java/
> The daemons needs to be started in the order given:
>
> pkg_scripts=nginx prosody jvb jicofo
>
> The above can be achieved by editing /etc/rc.conf.local. The setup can be
> tested by starting the daemons and visiting the site at
> https://jitsi.example.com.
use "rcctl enable" and "rcctl order", see net/avahi/pkg/README-main
These files want to go into a meta port don't they? Sending that as a
tgz would sidestep the line-wrapping issues ;)
