1 #!/bin/sh 2 3 set -e 4 5 COTURN_CERT_DIR="/etc/coturn/certs" 6 TURN_CONFIG="/etc/turnserver.conf" 7 8 # create a directory to store certs if it does not exists 9 if [ ! -d "$COTURN_CERT_DIR" ]; then 10 mkdir -p $COTURN_CERT_DIR 11 chown -R turnserver:turnserver /etc/coturn/ 12 chmod -R 700 /etc/coturn/ 13 fi 14 15 # This is a template and when copied to /etc/letsencrypt/renewal-hooks/deploy/ 16 # during creating the Let's encrypt certs script 17 # jitsi-meet.example.com will be replaced with the real domain of deployment 18 for domain in $RENEWED_DOMAINS; do 19 case $domain in 20 jitsi-meet.example.com) 21 # Make sure the certificate and private key files are 22 # never world readable, even just for an instant while 23 # we're copying them into daemon_cert_root. 24 umask 077 25 26 cp "$RENEWED_LINEAGE/fullchain.pem" "$COTURN_CERT_DIR/$domain.fullchain.pem" 27 cp "$RENEWED_LINEAGE/privkey.pem" "$COTURN_CERT_DIR/$domain.privkey.pem" 28 29 # Apply the proper file ownership and permissions for 30 # the daemon to read its certificate and key. 31 chown turnserver "$COTURN_CERT_DIR/$domain.fullchain.pem" \ 32 "$COTURN_CERT_DIR/$domain.privkey.pem" 33 chmod 400 "$COTURN_CERT_DIR/$domain.fullchain.pem" \ 34 "$COTURN_CERT_DIR/$domain.privkey.pem" 35 36 if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then 37 echo "Configuring turnserver" 38 sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${domain}.fullchain.pem" $TURN_CONFIG 39 sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${domain}.privkey.pem" $TURN_CONFIG 40 fi 41 service coturn restart 42 ;; 43 esac 44 done 45