Now it’s time to request the certificates. # get the tool (if you can, read the source first) We first prepare the environment and install acme.sh # required for acme.sh to work Jitsi Meet also ships a script that will work for you. Alternatively, with port 80 (http) open, you can safely use one of the many tutorials out there for the default mode. The most popular clients, dehydrated and acme.sh, support this new feature. In that case you need to use the new standalone TLS-ALPN mode of Let’s Encrypt, which can work with only port 443 (https) being open. Some ISPs refuse to open port 80 (which is IMHO more an annoyance than a security feature ). STOP: After making these changes, you should restart your server and check if you can login and everything still works! Request Let’s Encrypt Certificates Ufw allow proto udp from 123.456.789.0/24 to any port 10000Ĭheck open ports from “outside” with nmap -Pn YOUR_IP Ufw allow in 10000/udp # required for jitsi videobridge Ufw allow in 4443/tcp # required for jitsi videobridge Ufw allow in https # required for webserver (SSL/TLS) Ufw allow in http # required for webserver (http -> https redirect) Ufw allow in ssh # DO NOT forget this, you can lock out yourself! Ufw default deny incoming # already the default Ufw logging off # for production, doesn't clutter logs. Install and configure the uncomplicated firewall (ufw) ufw logging medium # for testing Set the correct time zone for accurate logging timedatectl list-timezones After you have finished and have rebooted your server, you probably want to:Ĭopy over your ssh key to the user you created during the Ubuntu installation ssh-copy-id to the remote server and add your key also for the root user ssh su -Ĭp /home/username/.ssh/authorized_keys ~/.ssh/authorized_keysĭisable password login in /etc/ssh/sshd_config ++ PermitRootLogin prohibit-password Then prepare a bootable USB drive, boot into the installer and follow the steps there. First you need to get a copy of Ubuntu Server 19.10 from the official website.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |