hewei
/
jitsi-deploy
mirror of https://github.com/shanghailug/jitsi-deploy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

support manual cert

Browse Source
pull/15/head
Wei He 4 years ago
parent 60ee8e0de8
commit 15f22dafad
8 changed files with 79 additions and 38 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 16
      argocd/ingressroute-server.yaml.sh
  2. 31
      deploy_jitsi.sh
  3. 2
      jitsi/Chart.yaml
  4. 15
      jitsi/templates/ingressroute-redir.yaml
  5. 28
      jitsi/templates/ingressroute-web.yaml
  6. 7
      jitsi/templates/middleware-redirect.yaml
  7. 8
      jitsi/templates/middleware-redirectregex-any.yaml
  8. 8
      tlsstore.yaml

16
argocd/ingressroute-server.yaml.sh
Unescape View File

@ -1,3 +1,11 @@
if [ -n "${FQDN}" ]; then
HOST_RULE="Host(\`${FQDN}\`)"
TLS_CERT_RESOLVER="certResolver: ${CERT_RESOLVER}"
else
HOST_RULE="Host(\`${PUBLIC_IP}\`)"
TLS_MAP="{}"
fi
cat <<EOF cat <<EOF
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute kind: IngressRoute
@ -9,16 +17,16 @@ spec:
- websecure - websecure
routes: routes:
- kind: Rule - kind: Rule
match: Host(\`${FQDN}\`) && PathPrefix(\`/argocd\`) match: ${HOST_RULE} && PathPrefix(\`/argocd\`)
services: services:
- name: argocd-server - name: argocd-server
port: 80 port: 80
- kind: Rule - kind: Rule
match: Host(\`${FQDN}\`) && PathPrefix(\`/argocd\`) && Headers(\`Content-Type\`, \`application/grpc\`) match: ${HOST_RULE} && PathPrefix(\`/argocd\`) && Headers(\`Content-Type\`, \`application/grpc\`)
services: services:
- name: argocd-server - name: argocd-server
port: 80 port: 80
scheme: h2c scheme: h2c
tls: tls: ${TLS_MAP}
certResolver: ${CERT_RESOLVER} ${TLS_CERT_RESOLVER}
EOF EOF

31
deploy_jitsi.sh
Unescape View File

@ -21,12 +21,23 @@ apt update && apt -y install grep bind9-dnsutils iproute2 curl wget git
# parameters # parameters
export FQDN=$1 export FQDN=$1
export ACME_EMAIL=$2 export ACME_EMAIL=$2
if [[ "${FQDN}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
export PUBLIC_IP=${FQDN}
export FQDN=""
if [ -z "${TLS_CERT}" ] || [ -z "${TLS_KEY}" ];
err "both of 'TLS_CERT' and 'TLS_KEY' envvars should be specified when deploying without domain name"
fi
else
export PUBLIC_IP=$(nslookup ${FQDN} | grep -A1 Name: | grep Address: | cut -d' ' -f2) export PUBLIC_IP=$(nslookup ${FQDN} | grep -A1 Name: | grep Address: | cut -d' ' -f2)
fi
if [ -z "${PUBLIC_IP}" ]; then if [ -z "${PUBLIC_IP}" ]; then
err "can't resolve hostname: ${FQDN}" err "can't resolve hostname: ${1}"
else else
echo "resolved hostname '${FQDN}' to ip address ${PUBLIC_IP}" echo "resolved hostname '${1}' to ip address ${PUBLIC_IP}"
fi fi
if ! (curl -s https://ipinfo.io/ip | grep -q ${PUBLIC_IP}); then if ! (curl -s https://ipinfo.io/ip | grep -q ${PUBLIC_IP}); then
err "the host doesn't have such public ip: ${PUBLIC_IP}" err "the host doesn't have such public ip: ${PUBLIC_IP}"
fi fi
@ -116,6 +127,14 @@ function do_traefik {
done done
echo "ready." echo "ready."
kubectl -n kube-system get job -o wide kubectl -n kube-system get job -o wide
if [ -n "${TLS_CERT}" ] && [ -n "${TLS_KEY}" ]; then
if kubectl -n default get secret | grep -q tls-secret; then
kubectl -n default delete secret tls-secret
fi
kubectl -n default create secret tls tls-secret --cert ${TLS_CERT} --key ${TLS_KEY}
kubectl apply -f tlsstore.yaml
fi
} }
function do_argocd { function do_argocd {
@ -154,8 +173,8 @@ function do_chart {
-f values.yaml \ -f values.yaml \
$EXCLUDE_JVB_VALUES_FILE \ $EXCLUDE_JVB_VALUES_FILE \
--set certResolver=${CERT_RESOLVER} \ --set certResolver=${CERT_RESOLVER} \
--set fqdn=${FQDN} \ --set fqdn="${FQDN}" \
--set jitsi-meet.publicURL=https://${FQDN} \ --set jitsi-meet.publicURL=https://${FQDN:-${PUBLIC_IP}} \
--set jitsi-meet.jvb.publicIP=${PUBLIC_IP} \ --set jitsi-meet.jvb.publicIP=${PUBLIC_IP} \
--set jitsi-meet.jvb.UDPPort=${JVB_PORT} --set jitsi-meet.jvb.UDPPort=${JVB_PORT}
} }
@ -192,8 +211,8 @@ function do_app {
--values values.yaml \ --values values.yaml \
${EXCLUDE_JVB_VALUES_FILE} \ ${EXCLUDE_JVB_VALUES_FILE} \
--helm-set certResolver=${CERT_RESOLVER} \ --helm-set certResolver=${CERT_RESOLVER} \
--helm-set fqdn=${FQDN} \ --helm-set fqdn="${FQDN}" \
--helm-set jitsi-meet.publicURL=https://${FQDN} \ --helm-set jitsi-meet.publicURL=https://${FQDN:-${PUBLIC_IP}} \
--helm-set jitsi-meet.jvb.publicIP=${PUBLIC_IP} \ --helm-set jitsi-meet.jvb.publicIP=${PUBLIC_IP} \
--helm-set jitsi-meet.jvb.UDPPort=${JVB_PORT} --helm-set jitsi-meet.jvb.UDPPort=${JVB_PORT}

2
jitsi/Chart.yaml
Unescape View File

@ -1,7 +1,7 @@
--- ---
apiVersion: v2 apiVersion: v2
name: jitsi-deploy name: jitsi-deploy
version: 0.1.4 version: 0.1.5
dependencies: dependencies:
- name: jitsi-meet - name: jitsi-meet
version: "1.2.2+etherpad.1" version: "1.2.2+etherpad.1"

15
jitsi/templates/ingressroute-redir.yaml
Unescape View File

@ -1,15 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: redir
spec:
entryPoints:
- web
routes:
- kind: Rule
match: PathPrefix(`/`)
middlewares:
- name: any-redirectregex
services:
- name: {{ .Release.Name }}-jitsi-meet-web
port: 80

28
jitsi/templates/ingressroute-web.yaml
Unescape View File

@ -1,16 +1,38 @@
{{- $hostname := default (index .Values "jitsi-meet" "jvb" "publicIP") .Values.fqdn }}
---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: jitsi-web name: jitsi-websecure
namespace: {{ .Release.Namespace }}
spec: spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- kind: Rule - kind: Rule
match: Host(`{{ .Values.fqdn }}`) match: Host(`{{ $hostname }}`) && PathPrefix(`/`)
services: services:
- name: {{ .Release.Name }}-jitsi-meet-web - name: {{ .Release.Name }}-jitsi-meet-web
port: 80 port: 80
{{- if .Values.fqdn }}
tls: tls:
certResolver: {{ .Values.certResolver }} certResolver: {{ .Values.certResolver }}
{{- else }}
tls: {}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: jitsi-web
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`{{ $hostname }}`) && PathPrefix(`/`)
middlewares:
- name: jitsi-web-redirectscheme
services:
- name: {{ .Release.Name }}-jitsi-meet-web
port: 80

7
jitsi/templates/middleware-redirect.yaml
Unescape View File

@ -0,0 +1,7 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: jitsi-web-redirectscheme
spec:
redirectScheme:
scheme: https

8
jitsi/templates/middleware-redirectregex-any.yaml
Unescape View File

@ -1,8 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: any-redirectregex
spec:
redirectRegex:
regex: ^http://[^/]+/(.*)
replacement: https://{{ .Values.fqdn }}/${1}

8
tlsstore.yaml
Unescape View File

@ -0,0 +1,8 @@
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: default
spec:
defaultCertificate:
secretName: tls-secret
Write Preview
Loading…
Cancel
Save