# YunoHost ## Add domain ### yunohost.lan - Add domain for `yunohost.lan` CNAME in PiHole: [https://justine.mgmt/admin/dns\_records.php](https://justine.mgmt/admin/dns_records.php) - Add domain to YH: [https://yunohost.lan/yunohost/admin/#/domains/add](https://yunohost.lan/yunohost/admin/#/domains/add) - > I want to add a subdomain of an already added domain - Put FQDN - Set up cert ``` ssh root@yunohost.lan cd /etc/yunohost/certs cp -av yunohost.lan/*.pem / ``` ## JitsiMeet See also: [https://blog.hexadust.net/fix-jitsimeet-in-yunohost-stops-working](https://blog.hexadust.net/fix-jitsimeet-in-yunohost-stops-working) ### New public or private IP Can edit configuration but it is overwritten on re-install using auto-detected pubic IP. ``` vi /etc/jitsi/videobridge/sip-communicator.properties # Configure IPs org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.168.50.138 org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=57.128.183.232 # Restart videobridge systemctl restart jitsi-videobridge.service ``` New private IP (migration to another YounoHost VM) ### Change of host for Jitsi #### server-gw and www changes ```diff diff diff --git a/server-gw/net b/server-gw/net index 0be4677..85f3584 100755 --- a/server-gw/net +++ b/server-gw/net @@ -30,8 +30,9 @@ mascot-config "DHCP server setup on eth2 (Sandbox VM vnet)" |          echo 'iptables -t nat -A POSTROUTING -o vps -j MASQUERADE'          echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 443 -j DNAT --to-destination 192.168.50.159:443'          echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 80 -j DNAT --to-destination 192.168.50.159:80' -        echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 4443 -j DNAT --to-destination 192.168.50.138:4443' -        echo 'iptables -t nat -A PREROUTING -i vps -p udp --dport 10000 -j DNAT --to-destination 192.168.50.138:10000' +        # Forward to YounoHost running Jitsi for videobridge inbound +        echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 4443 -j DNAT --to-destination 192.168.50.137:4443' +        echo 'iptables -t nat -A PREROUTING -i vps -p udp --dport 10000 -j DNAT --to-destination 192.168.50.137:10000'          # Minecraft          # vps: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25565 -j DNAT --to-destination 172.17.100.2:25565          echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 25565 -j DNAT --to-destination 192.168.50.152:25565' diff --git a/www/caddy b/www/caddy index 1b33140..d9d5a29 100755 --- a/www/caddy +++ b/www/caddy @@ -47,7 +47,7 @@ mascot-config "Caddy web proxy" |         echo '  }'         echo '}'         echo '' -       echo 'hexadust.net wiki.hexadust.net blog.hexadust.net kiwix.hexadust.net {' +       echo 'hexadust.net wiki.hexadust.net blog.hexadust.net kiwix.hexadust.net video.hexadust.net {'         echo '  @wasm {'         echo '          path_regexp wasm .*\\.wasm$'         echo '  }' @@ -65,24 +65,24 @@ mascot-config "Caddy web proxy" |         echo '          }'         echo '  }'         echo '}' -       echo 'video.hexadust.net {' -       echo '  @wasm {' -       echo '          path_regexp wasm .*\\.wasm$' -       echo '  }' -       echo '  header @wasm -Content-Type' -       echo '  header @wasm Content-Type "application/wasm"' +       # echo 'video.hexadust.net {' +       # echo '        @wasm {' +       # echo '                path_regexp wasm .*\\.wasm$' +       # echo '        }' +       # echo '        header @wasm -Content-Type' +       # echo '        header @wasm Content-Type "application/wasm"'         #echo ''         #echo ' log {'         #echo '         output file /tmp/caddy.log'         #echo ' }' -       echo '' -       echo '  reverse_proxy https://192.168.50.138 {' -       echo '          transport http {' -       echo '                  tls' -       echo '                  tls_insecure_skip_verify' -       echo '          }' -       echo '  }' -       echo '}' +       # echo '' +       # echo '        reverse_proxy https://192.168.50.138 {' +       # echo '                transport http {' +       # echo '                        tls' +       # echo '                        tls_insecure_skip_verify' +       # echo '                }' +       # echo '        }' +       # echo '}'  end | psub) |      mascot-config-dir /var/www present | ``` #### Caroline Set up forwarding rules (for internal client shortcut) in Firewall -> Port forwarding: ``` uci set firewall.cfg1f3837.dest_ip='192.168.50.137' uci set firewall.cfg203837.dest_ip='192.168.50.137' uci set firewall.cfg213837.dest_ip='192.168.50.137' uci set firewall.cfg223837.dest_ip='192.168.50.137' ``` ### Fix for XMPP not working (reconnecting/reloading site) ``` systemctl stop metronome systemctl disable metronome systemctl restart prosody ``` Looks like YunoHost uses metronome and it will get re-enabled with updates but Jitsi needs prosody instead. Jitsi would stop metronome on install. ### No video/sound for participants It was working fine, but after reboot/update the participants are there but they have no video/sound and there are no errors in JS console. Just reinstall. ### Reinstall CLI ``` sudo apt remove metronome yunohost app remove jitsi yunohost app install jitsi -a domain=video.hexadust.net ``` Install testing branch ``` yunohost app install https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing --debug ``` ## Custom certs ``` cd /etc/yunohost/certs rm nitter.yunohost.lan/*.pem -v cp -av yunohost.lan/*.pem nitter.yunohost.lan/ ``` ### Adding root CA to YouoHost host OS Put your cert in PEM format wit `.crt` extension in `/usr/local/share/ca-certificates` and run `update-ca-certificates`. ## DNS resolution
/etc/resolv.dnsmasq.conf ``` nameserver 192.168.0.2 ```
Restart `dnsmasq`.