[__jitsi_meet] Improve manpage regarding ufw and SSH

This documents the fact that this type does not make decisions about anything
other than Jitsi-Meet itself and therefore care should be taken with the SSH
port.

Related to:	ungleich-public/cdist-contrib#23
Reported by:	@pedro
This commit is contained in:
evilham 2022-05-08 21:47:26 +02:00
parent 1791d35f84
commit 797f7c8648
Signed by untrusted user: evilham
GPG key ID: AE3EE30D970886BF

View file

@ -21,10 +21,10 @@ You will also need the `__jitsi_meet_domain` type in order to finish setting up
the web frontend (including TLS certificates) and its settings.
You may want to use the `files/ufw` example manifest for a `__ufw`-based
firewall compatible with this type.
This file does not include rules for TCP port 9888, which exposes the
prometheus exporter if not disabled.
You should apply your own rules here.
firewall compatible with this type that allows all ports needed by Jitsi-Meet.
Note however that this will not deal with rules for SSH or for TCP port 9888,
which exposes the prometheus exporter if not disabled.
Remember to apply your own rules here, particularly regarding SSH.
This type only works on De{bi,vu}an systems.
@ -76,9 +76,11 @@ EXAMPLES
.. code-block:: sh
# Setup the firewall
# Setup the firewall for Jitsi-Meet
. "${__global}/type/__jitsi_meet/files/ufw"
export require="__ufw"
# Setup firewall SSH rules as necessary
__ufw_rule ssh --rule 'allow 22/tcp from 10.0.0.0/24'
# Setup Jitsi on this host
__jitsi_meet \
--turn-server "turn.exo.cat" \