7.1.0 #99

Merged
Ark74 merged 9 commits from unstable into master 2023-02-22 11:56:21 +00:00
6 changed files with 146 additions and 66 deletions

90
changelog Normal file
View File

@ -0,0 +1,90 @@
quick-jibri-installer (7.0.8)
* jitsi-updater.sh: add checks for openjdk and nodejs supported versions
* add-jibri-node.sh: set openjdk-jre-headless default version to 11
* changelog: add changelog
-- Software, IT & Networks <info@switnet.net> Tue Nov 15 02:56:26 2022 -0600
quick-jibri-installer (7.0.7)
* quick_jibri_installer.sh: fix jaas & acme integration
-- Software, IT & Networks <info@switnet.net> Sun Oct 23 23:52:23 2022 -0500
quick-jibri-installer (7.0.6)
* jitsi-updater.sh: fix jitsi repo package update filtering.
-- Software, IT & Networks <info@switnet.net> Fri Sep 30 04:04:31 2022 -0500
quick-jibri-installer (7.0.5)
* quick_jibri_installer.sh: use new setup to enable local recording feature.
-- Software, IT & Networks <info@switnet.net> Fri Aug 19 07:23:41 2022 -0500
quick-jibri-installer (7.0.4)
* quick_jibri_installer.sh,jwt.sh: update anonymous string on prosody setup.
-fix small format issues.
-- Software, IT & Networks <info@switnet.net> Fri Aug 19 06:47:21 2022 -0500
quick-jibri-installer (7.0.3)
* jitsi-updater: fix condition to set turn config.
* quick-jibri-installer: fix typo on path.
-- Software, IT & Networks <info@switnet.net> Thu Jun 30 09:57:12 2022 -0500
quick-jibri-installer (7.0.2)
* Detect jibri node by jitsi-updater.
-- Software, IT & Networks <info@switnet.net> Fri Jun 17 16:36:15 2022 -0500
quick-jibri-installer (7.0.1)
* Fix debug mode on triggered scripts.
* Fix grep condition.
-- Software, IT & Networks <info@switnet.net> Mon May 23 23:17:39 2022 -0500
quick-jibri-installer (7.0)
* Major rework, comply with shellcheck
## Add
* Add experimental tool for AWS grub setup.
## Fix
* Fix grafana configuration
* Actually apply changes to nginx conf instead of symlink.
* Actually require to run with admin rights.
* Improve comments.
* Rename and fix set_once function.
* Fix jibri domain.
## Improve
* Comply mode section with shellcheck recommendations.
* Comply tools section with shellcheck recommendations.
* Comply main scripts with shellcheck recommendations.
* Improve shell quality
* Change JDK version to 11
* Make warning visible.
* Change email position, and small fixes
* Several indenting changes
* Set warning instead of "note".
* Yet again more fixes on echo and printf
* Standarize jra_nextcloud
* Add comment on debconf state
* Update SwITNet copyright and standarize debug option for scripts.
## Remove
* Rename deprecated scripts folder
* Remove old
* Remove unused code
* Finally remove jigasi deprecated script.
-- Software, IT & Networks <info@switnet.net> Fri May 20 20:07:02 2022 -0500

View File

@ -45,7 +45,7 @@ fi
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js"
WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf" WS_CONF="/etc/nginx/sites-available/$DOMAIN.conf"
PSGVER="$(apt-cache madison postgresql|awk -F'[ +]' 'NR==1{print $3}')" PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
ETHERPAD_DB_USER="dockerpad" ETHERPAD_DB_USER="dockerpad"
ETHERPAD_DB_NAME="etherpad" ETHERPAD_DB_NAME="etherpad"
ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" ETHERPAD_DB_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)"
@ -56,7 +56,8 @@ if [ "$DOCKER_CE_REPO" = "stable" ]; then
echo "Docker repository already installed" echo "Docker repository already installed"
else else
echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker-ce.list echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker-ce.list
wget -qO - https://download.docker.com/linux/ubuntu/gpg | apt-key add - wget -qO - https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/docker-gpg-key.gpg >/dev/null
apt -q2 update apt -q2 update
fi fi

View File

@ -60,15 +60,16 @@ apt-get install -y gnupg2 \
echo " echo "
# Setup InfluxDB Packages # Setup InfluxDB Packages
" "
wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add - curl -s https://repos.influxdata.com/influxdata-archive.key > /etc/apt/trusted.gpg.d/influxdata-archive.key
echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list echo "deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.key] https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
apt-get update && apt-get install influxdb -y apt-get update && apt-get install influxdb -y
run_service influxdb run_service influxdb
echo " echo "
# Setup Grafana Packages # Setup Grafana Packages
" "
curl -s https://packages.grafana.com/gpg.key | sudo apt-key add - curl -s https://apt.grafana.com/gpg-full.key | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/grafana-full-key.gpg >/dev/null
add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
apt-get update && apt-get install grafana -y apt-get update && apt-get install grafana -y
run_service grafana-server run_service grafana-server
@ -76,8 +77,6 @@ run_service grafana-server
echo " echo "
# Setup Telegraf Packages # Setup Telegraf Packages
" "
wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add -
echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
apt-get update && apt-get install telegraf -y apt-get update && apt-get install telegraf -y
mv /etc/telegraf/telegraf.conf /etc/telegraf/telegraf.conf.original mv /etc/telegraf/telegraf.conf /etc/telegraf/telegraf.conf.original
@ -134,7 +133,7 @@ JITSI_TELEGRAF
run_service telegraf run_service telegraf
echo -n "\n# Setup videobridge options\n" echo -e "\n# Setup videobridge options\n"
echo ' echo '
# extra options to pass to the JVB daemon # extra options to pass to the JVB daemon
JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config JVB_OPTS="--apis=rest,xmpp"' >> /etc/jitsi/videobridge/config

View File

@ -74,7 +74,7 @@ fi
#Customize room title #Customize room title
sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE" sed -i "s|Jitsi Meet|$APP_NAME|g" "$TITLE_FILE"
sed -i "s| powered by the Jitsi Videobridge||g" "$TITLE_FILE" sed -i "s| powered by the Jitsi Videobridge||g" "$TITLE_FILE"
sed -i "/appNotInstalled/ s|{{app}}|$MOVILE_APP_NAME|" /usr/share/jitsi-meet/lang/* sed -i "/appNotInstalled/ s|{{app}}|$MOVILE_APP_NAME|g" /usr/share/jitsi-meet/lang/*
#Custom UI changes #Custom UI changes
if [ -f "$INT_CONF_ETC" ]; then if [ -f "$INT_CONF_ETC" ]; then

View File

@ -41,8 +41,8 @@ exit_if_not_installed jitsi-meet
DISTRO_RELEASE="$(lsb_release -sc)" DISTRO_RELEASE="$(lsb_release -sc)"
DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)" DOMAIN="$(find /etc/prosody/conf.d/ -name \*.lua|awk -F'.cfg' '!/localhost/{print $1}'|xargs basename)"
PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')" PHP_REPO="$(apt-cache policy | awk '/http/&&/php/{print$2}' | awk -F "/" 'NR==1{print$5}')"
PHPVER="7.4" PHPVER="$(apt-cache madison php|grep -v ppa|awk -F'[:+]' 'NR==1{print $2}')"
PSGVER="$(apt-cache madison postgresql|awk -F'[ +]' 'NR==1{print $3}')" PSGVER="$(apt-cache madison postgresql|tr -d '[:blank:]'|awk -F'[|+]' 'NR==1{print $2}')"
PHP_FPM_DIR="/etc/php/$PHPVER/fpm" PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
PHP_INI="$PHP_FPM_DIR/php.ini" PHP_INI="$PHP_FPM_DIR/php.ini"
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf" PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
@ -58,12 +58,33 @@ NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording.sh|awk 'NR==1{print$1}')" DIR_RECORD="$(awk -F '"' '/RECORDING/{print$2}' /home/jibri/finalize_recording.sh|awk 'NR==1{print$1}')"
REDIS_CONF="/etc/redis/redis.conf" REDIS_CONF="/etc/redis/redis.conf"
JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
if [ -f $JITSI_MEET_PROXY ];then if [ -f "$JITSI_MEET_PROXY" ];then
PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) PREAD_PROXY=$(grep -nr "preread_server_name" "$JITSI_MEET_PROXY" | cut -d ":" -f1)
fi fi
PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)" PUBLIC_IP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
ISO3166_CODE=TBD ISO3166_CODE=TBD
NL="$(printf '\n ')" NL="$(printf '\n ')"
TMP_GPG_REPO="$(mktemp -d)"
add_gpg_keyring() {
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com "$1"
apt-key export "$1" | gpg --dearmour | tee "$TMP_GPG_REPO"/"$1".gpg >/dev/null
apt-key del "$1"
mv "$TMP_GPG_REPO"/"$1".gpg /etc/apt/trusted.gpg.d/
}
install_aval_package() {
for i in $1
do
if [ -z "$(apt-cache madison $i 2>/dev/null)" ]; then
echo " > Package $i not available on repo."
else
echo " > Add package $i to the install list"
packages="$packages $i"
fi
done
echo "$packages"
apt-get -y install $packages
packages=""
}
while [[ "$ANS_NCD" != "yes" ]] while [[ "$ANS_NCD" != "yes" ]]
do do
@ -164,15 +185,15 @@ else
apt-get -yq2 install "$1" apt-get -yq2 install "$1"
fi fi
} }
add_php74() { add_php() {
if [ "$PHP_REPO" = "php" ]; then if [ "$PHP_REPO" = "php" ]; then
echo "PHP $PHPVER already installed" echo "PHP $PHPVER already installed"
apt-get -q2 update apt-get -q2 update
apt-get -yq2 dist-upgrade apt-get -yq2 dist-upgrade
else else
echo "# Adding Ondrej PHP $PHPVER PPA Repository" echo "# Adding Ondrej PHP $PHPVER PPA Repository"
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com E5267A6C add_gpg_keyring E5267A6C
echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php7x.list echo "deb [arch=amd64] http://ppa.launchpad.net/ondrej/php/ubuntu $DISTRO_RELEASE main" > /etc/apt/sources.list.d/php"$PHPVER".list
apt-get update -q2 apt-get update -q2
fi fi
} }
@ -186,8 +207,8 @@ exit_ifinstalled postgresql-"$PSGVER"
install_ifnot postgresql-"$PSGVER" install_ifnot postgresql-"$PSGVER"
# PHP 7.4 # PHP 7.4
add_php74 add_php
apt-get install -y \ install_aval_package " \
imagemagick \ imagemagick \
php"$PHPVER"-fpm \ php"$PHPVER"-fpm \
php"$PHPVER"-bcmath \ php"$PHPVER"-bcmath \
@ -207,7 +228,8 @@ apt-get install -y \
php"$PHPVER"-xmlrpc \ php"$PHPVER"-xmlrpc \
php"$PHPVER"-zip \ php"$PHPVER"-zip \
redis-server \ redis-server \
unzip unzip \
"
#System related #System related
install_ifnot smbclient install_ifnot smbclient

View File

@ -108,8 +108,8 @@ echo "Add Prosody repo"
if [ "$PROSODY_REPO" = "main" ]; then if [ "$PROSODY_REPO" = "main" ]; then
echo "Prosody repository already installed" echo "Prosody repository already installed"
else else
echo "deb http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list echo "deb [signed-by=/etc/apt/trusted.gpg.d/prosody-debian-packages.key] http://packages.prosody.im/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/prosody.list
wget -qO - https://prosody.im/files/prosody-debian-packages.key | apt-key add - curl -s https://prosody.im/files/prosody-debian-packages.key > /etc/apt/trusted.gpg.d/prosody-debian-packages.key
fi fi
} }
dpkg-compare() { dpkg-compare() {
@ -150,24 +150,24 @@ if ! [ "$(id -u)" = 0 ]; then
fi fi
printf "\nOS: %s" "$(lsb_release -sd)" printf "\nOS: %s" "$(lsb_release -sd)"
if [ "$DIST" = "bionic" ] || \ if [ "$DIST" = "focal" ] || \
[ "$DIST" = "focal" ]; then [ "$DIST" = "jammy" ]; then
printf "\nGood, this is a supported platform!" printf "\nGood, this is a supported platform!"
else else
printf "\nSorry, this platform is not supported... exiting" printf "\nSorry, this platform is not supported... exiting"
exit exit
fi fi
#Suggest 20.04 LTS release over 18.04 in April 2022 #Suggest 22.04 LTS release over 20.04 in April 2024
TODAY=$(date +%s) TODAY=$(date +%s)
NEXT_LTS_DATE=$(date -d 2022-04-01 +%s) NEXT_LTS_DATE=$(date -d 2024-04-01 +%s)
if [ "$DIST" = "bionic" ]; then if [ "$DIST" = "focal" ]; then
if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then if [ "$TODAY" -gt "$NEXT_LTS_DATE" ]; then
echo " > $(lsb_release -sc), even when it's compatible and functional. echo " > $(lsb_release -sc), even when it's compatible and functional.
We suggest to use the next (LTS) release, for longer support and security reasons." We suggest to use the next (LTS) release, for longer support and security reasons."
read -n 1 -s -r -p "Press any key to continue..."$'\n' read -n 1 -s -r -p "Press any key to continue..."$'\n'
else else
echo "Bionic is supported." echo "Focal is supported."
fi fi
fi fi
@ -266,8 +266,8 @@ printf "\nAdd Jitsi repo\n"
if [ "$JITSI_REPO" = "stable" ]; then if [ "$JITSI_REPO" = "stable" ]; then
printf " - Jitsi stable repository already installed\n\n" printf " - Jitsi stable repository already installed\n\n"
else else
echo 'deb http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list echo 'deb [signed-by=/etc/apt/trusted.gpg.d/jitsi-key.gpg.key] http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - curl -s https://download.jitsi.org/jitsi-key.gpg.key > /etc/apt/trusted.gpg.d/jitsi-key.gpg.key
JITSI_REPO="stable" JITSI_REPO="stable"
fi fi
sleep .1 sleep .1
@ -279,7 +279,7 @@ if [ "$LE_SSL" = yes ]; then
printf " - We'll setup Let's Encrypt SSL certs.\n\n" printf " - We'll setup Let's Encrypt SSL certs.\n\n"
else else
printf " - We'll let you choose later on for it." printf " - We'll let you choose later on for it."
printf" Please be aware that a valid SSL cert is required for some features to work properly.\n\n" printf " Please be aware that a valid SSL cert is required for some features to work properly.\n\n"
fi fi
done done
sleep .1 sleep .1
@ -341,7 +341,7 @@ apt-get -y install \
if [ "$LE_SSL" = "yes" ]; then if [ "$LE_SSL" = "yes" ]; then
apt-get -y install \ apt-get -y install \
letsencrypt certbot
if [ "$(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed")" == "1" ]; then if [ "$(dpkg-query -W -f='${Status}' ufw 2>/dev/null | grep -c "ok installed")" == "1" ]; then
echo "# Disable pre-installed ufw, more on firewall see: echo "# Disable pre-installed ufw, more on firewall see:
> https://github.com/switnet-ltd/quick-jibri-installer/wiki/Firewall" > https://github.com/switnet-ltd/quick-jibri-installer/wiki/Firewall"
@ -412,7 +412,8 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then
echo "Google repository already set." echo "Google repository already set."
else else
echo "Installing Google Chrome Stable" echo "Installing Google Chrome Stable"
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - curl -s https://dl.google.com/linux/linux_signing_key.pub | \
gpg --dearmor | tee /etc/apt/trusted.gpg.d/google-chrome-key.gpg >/dev/null
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO"
fi fi
apt-get -q2 update apt-get -q2 update
@ -470,8 +471,6 @@ LE_RENEW_LOG="/var/log/letsencrypt/renew.log"
MOD_LISTU="https://prosody.im/files/mod_listusers.lua" MOD_LISTU="https://prosody.im/files/mod_listusers.lua"
MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua" MOD_LIST_FILE="/usr/lib/prosody/modules/mod_listusers.lua"
ENABLE_SA="yes" ENABLE_SA="yes"
CERTBOT_REPO="$(apt-cache policy | awk '/certbot/{print$2}' | awk -F '/' 'NR==1{print$4}')"
CERTBOT_REL_FILE="http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/$(lsb_release -sc)/Release"
GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release" GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release"
MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)"
MJS_USER="jbsync_$MJS_RAND_TAIL" MJS_USER="jbsync_$MJS_RAND_TAIL"
@ -686,7 +685,7 @@ INT_CONF_ETC="/etc/jitsi/meet/$DOMAIN-interface_config.js"
ssl_wa() { ssl_wa() {
if [ "$LE_SSL" = "yes" ]; then if [ "$LE_SSL" = "yes" ]; then
systemctl stop "$1" systemctl stop "$1"
letsencrypt certonly --standalone --renew-by-default --agree-tos --email "$5" -d "$6" certbot certonly --standalone --renew-by-default --agree-tos --email "$5" -d "$6"
sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" "$4" sed -i "s|/etc/jitsi/meet/$3.crt|/etc/letsencrypt/live/$3/fullchain.pem|" "$4"
sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" "$4" sed -i "s|/etc/jitsi/meet/$3.key|/etc/letsencrypt/live/$3/privkey.pem|" "$4"
systemctl restart "$1" systemctl restart "$1"
@ -700,35 +699,6 @@ if [ "$LE_SSL" = "yes" ]; then
fi fi
} }
enable_letsencrypt() {
if [ "$LE_SSL" = "yes" ]; then
echo '
#--------------------------------------------------
# Starting LetsEncrypt configuration
#--------------------------------------------------
'
#Disabled 'til fixed upstream
#bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
echo "#Set and upgrade certbot PPA if posssible..."
if [ "$CERTBOT_REPO" = "certbot" ]; then
printf "\nCertbot repository already on the system!\nChecking for updates...\n"
apt-get -q2 update
apt-get -yq2 dist-upgrade
elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "200" ]; then
printf "\nAdding cerbot (formerly letsencrypt) PPA repository for latest updates\n"
echo "deb http://ppa.launchpad.net/certbot/certbot/ubuntu $DIST main" > /etc/apt/sources.list.d/certbot.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694
apt-get -q2 update
apt-get -yq2 dist-upgrade
elif [ "$(curl -s -o /dev/null -w "%{http_code}" "$CERTBOT_REL_FILE" )" == "404" ]; then
printf "\nCertbot PPA is not available for %s just yet, it won't be installed...\n" "$(lsb_release -sc)"
fi
else
echo "SSL setup will be skipped."
fi
}
check_jibri() { check_jibri() {
if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ] if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ]
then then
@ -1194,8 +1164,6 @@ if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then
chmod -R 770 "$DIR_RECORD" chmod -R 770 "$DIR_RECORD"
fi fi
enable_letsencrypt
# Fix prosody not able to read SSL Certs # Fix prosody not able to read SSL Certs
chown -R root:prosody /etc/prosody/certs/ chown -R root:prosody /etc/prosody/certs/
chmod -R 650 /etc/prosody/certs/ chmod -R 650 /etc/prosody/certs/