Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update quickstart.md #288

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+12 −0
Open

Update quickstart.md #288

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions docs/devops-guide/quickstart.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,18 @@ Check the firewall status with:
sudo ufw status verbose
```

If you are using `nftables`, you can add the following line to `/etc/nftables.conf` in the "input" chain, which is in the "inet filter" table:

```
tcp dport { 80, 443, 10000, 22, 3478, 5349 } ct state new accept
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Port 5349 is no longer necessary, but 5222 is.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TCP port 5349 is in the documentation. Shall I update the documentation too (changing port 5349 to 5222)?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this about? 5349 is the default turns port.
https://github.com/jitsi/jitsi-meet/blob/8604b1f64d959b652d98d76c99c1140e1bb16e62/doc/debian/jitsi-meet-turn/turnserver.conf#L14

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ops, my bad I read too quickly and mixed it up with the XMPP component port.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We still need 5222 though right?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the outside no, it is used only from jvb, jibri and maybe jigasi(jiigasi can use bosh though and port 443), and normally that will be only the internal network for prosody.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally speaking yeah but if one needs to scale to multiple JVBs they would so I think we better mention it early WDYT?

```

Update the nftables firewall with:

```
sudo /etc/nftables.conf
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line will not do anything

```

#### Using SSH
For more details on using and hardening SSH access, see the corresponding [Debian](https://wiki.debian.org/SSH) or [Ubuntu](https://help.ubuntu.com/community/SSH/OpenSSH/Configuring) documentation.

Expand Down