[__jitsi_meet] Improve manpage regarding ufw and SSH
This documents the fact that this type does not make decisions about anything other than Jitsi-Meet itself and therefore care should be taken with the SSH port. Related to: ungleich-public/cdist-contrib#23 Reported by: @pedro
This commit is contained in:
parent
1791d35f84
commit
797f7c8648
1 changed files with 7 additions and 5 deletions
|
@ -21,10 +21,10 @@ You will also need the `__jitsi_meet_domain` type in order to finish setting up
|
|||
the web frontend (including TLS certificates) and its settings.
|
||||
|
||||
You may want to use the `files/ufw` example manifest for a `__ufw`-based
|
||||
firewall compatible with this type.
|
||||
This file does not include rules for TCP port 9888, which exposes the
|
||||
prometheus exporter if not disabled.
|
||||
You should apply your own rules here.
|
||||
firewall compatible with this type that allows all ports needed by Jitsi-Meet.
|
||||
Note however that this will not deal with rules for SSH or for TCP port 9888,
|
||||
which exposes the prometheus exporter if not disabled.
|
||||
Remember to apply your own rules here, particularly regarding SSH.
|
||||
|
||||
This type only works on De{bi,vu}an systems.
|
||||
|
||||
|
@ -76,9 +76,11 @@ EXAMPLES
|
|||
|
||||
.. code-block:: sh
|
||||
|
||||
# Setup the firewall
|
||||
# Setup the firewall for Jitsi-Meet
|
||||
. "${__global}/type/__jitsi_meet/files/ufw"
|
||||
export require="__ufw"
|
||||
# Setup firewall SSH rules as necessary
|
||||
__ufw_rule ssh --rule 'allow 22/tcp from 10.0.0.0/24'
|
||||
# Setup Jitsi on this host
|
||||
__jitsi_meet \
|
||||
--turn-server "turn.exo.cat" \
|
||||
|
|
Loading…
Reference in a new issue