YunoHost

Add domain

yunohost.lan

• Add domain for IP 192.168.1.9 to PiHole: https://justine.mgmt/admin/dns_records.php
  
• Add domain to YH: https://yunohost.lan/yunohost/admin/#/domains/add

  • I want to add a domain I own, or a subdomain

  • Put FQDN
• Set up cert

  ssh root@yunohost.lan
  cd /etc/yunohost/certs
  cp -av yunohost.lan/*.pem <fqdn>/

  
  

JitsiMeet

See also: https://blog.hexadust.net/fix-jitsimeet-in-yunohost-stops-working

New public or private IP

Can edit configuration but it is overwritten on re-install using auto-detected pubic IP.

vi /etc/jitsi/videobridge/sip-communicator.properties

# Configure IPs
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.168.50.138
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=57.128.183.232

# Restart videobridge
systemctl restart jitsi-videobridge.service

New private IP (migration to another YounoHost VM)

Change of host for Jitsi

server-gw and www changes

diff
diff --git a/server-gw/net b/server-gw/net
index 0be4677..85f3584 100755
--- a/server-gw/net
+++ b/server-gw/net
@@ -30,8 +30,9 @@ mascot-config "DHCP server setup on eth2 (Sandbox VM vnet)" |
         echo 'iptables -t nat -A POSTROUTING -o vps -j MASQUERADE'
         echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 443 -j DNAT --to-destination 192.168.50.159:443'
         echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 80 -j DNAT --to-destination 192.168.50.159:80'
-        echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 4443 -j DNAT --to-destination 192.168.50.138:4443'
-        echo 'iptables -t nat -A PREROUTING -i vps -p udp --dport 10000 -j DNAT --to-destination 192.168.50.138:10000'
+        # Forward to YounoHost running Jitsi for videobridge inbound
+        echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 4443 -j DNAT --to-destination 192.168.50.137:4443'
+        echo 'iptables -t nat -A PREROUTING -i vps -p udp --dport 10000 -j DNAT --to-destination 192.168.50.137:10000'
         # Minecraft
         # vps: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25565 -j DNAT --to-destination 172.17.100.2:25565
         echo 'iptables -t nat -A PREROUTING -i vps -p tcp --dport 25565 -j DNAT --to-destination 192.168.50.152:25565'
diff --git a/www/caddy b/www/caddy
index 1b33140..d9d5a29 100755
--- a/www/caddy
+++ b/www/caddy
@@ -47,7 +47,7 @@ mascot-config "Caddy web proxy" |
        echo '  }'
        echo '}'
        echo ''
-       echo 'hexadust.net wiki.hexadust.net blog.hexadust.net kiwix.hexadust.net {'
+       echo 'hexadust.net wiki.hexadust.net blog.hexadust.net kiwix.hexadust.net video.hexadust.net {'
        echo '  @wasm {'
        echo '          path_regexp wasm .*\\.wasm$'
        echo '  }'
@@ -65,24 +65,24 @@ mascot-config "Caddy web proxy" |
        echo '          }'
        echo '  }'
        echo '}'
-       echo 'video.hexadust.net {'
-       echo '  @wasm {'
-       echo '          path_regexp wasm .*\\.wasm$'
-       echo '  }'
-       echo '  header @wasm -Content-Type'
-       echo '  header @wasm Content-Type "application/wasm"'
+       # echo 'video.hexadust.net {'
+       # echo '        @wasm {'
+       # echo '                path_regexp wasm .*\\.wasm$'
+       # echo '        }'
+       # echo '        header @wasm -Content-Type'
+       # echo '        header @wasm Content-Type "application/wasm"'
        #echo ''
        #echo ' log {'
        #echo '         output file /tmp/caddy.log'
        #echo ' }'
-       echo ''
-       echo '  reverse_proxy https://192.168.50.138 {'
-       echo '          transport http {'
-       echo '                  tls'
-       echo '                  tls_insecure_skip_verify'
-       echo '          }'
-       echo '  }'
-       echo '}'
+       # echo ''
+       # echo '        reverse_proxy https://192.168.50.138 {'
+       # echo '                transport http {'
+       # echo '                        tls'
+       # echo '                        tls_insecure_skip_verify'
+       # echo '                }'
+       # echo '        }'
+       # echo '}'
 end | psub) |
     mascot-config-dir /var/www present |

Caroline

Set up forwarding rules (for internal client shortcut) in Firewall -> Port forwarding:

uci set firewall.cfg1f3837.dest_ip='192.168.50.137'
uci set firewall.cfg203837.dest_ip='192.168.50.137'
uci set firewall.cfg213837.dest_ip='192.168.50.137'
uci set firewall.cfg223837.dest_ip='192.168.50.137'

Fix for XMPP not working (reconnecting/reloading site)

systemctl stop metronome
systemctl disable metronome
systemctl restart prosody

Looks like YunoHost uses metronome and it will get re-enabled with updates but Jitsi needs prosody instead. Jitsi would stop metronome on install.

No video/sound for participants

It was working fine, but after reboot/update the participants are there but they have no video/sound and there are no errors in JS console.

Just reinstall.

Reinstall CLI

sudo apt remove metronome
yunohost app remove jitsi
yunohost app install jitsi -a domain=video.hexadust.net

Install testing branch

yunohost app install https://github.com/YunoHost-Apps/jitsi_ynh/tree/testing --debug

Custom certs

cd /etc/yunohost/certs
rm nitter.yunohost.lan/*.pem -v
cp -av yunohost.lan/*.pem nitter.yunohost.lan/

Adding root CA to YouoHost host OS

Put your cert in PEM format wit .crt extension in /usr/local/share/ca-certificates and run update-ca-certificates.

DNS resolution

nameserver 192.168.0.2

Restart dnsmasq.