On 2023/01/17 11:39, Landry Breuil wrote:
> Le Sat, Jan 14, 2023 at 07:59:36AM -0500, aisha a écrit :
> > Hi,
> > I've attached the meta port for jitsi, which contains the README for
> > jitsi as well as sample files for nginx and prosody.
> > I've had it running locally for a while and its been working fine.
> > Tests, comments, OKs would be good to have.
>
> i think the readme needs some fmt -w love, dont remember if it should be
> 80 or 72 but the lines are definitely too wide.
>
> why not @sampling the config files ? because they'd override the default
> ones provided by nginx & prosody ?
It wouldn't get installed at all if you install nginx first then jitsi.
And if you install jitsi first then nginx it will override.
For nginx (I don't know prosody at all) it might be better to provide
(and @sample somewhere) a partial nginx config section to use with
"include". Or just include the block in pkg-readme, which is what
most ports do.
On the nginx config,
ssl_protocols TLSv1.3 TLSv1.2;
I think that's alright.
ssl_ciphers
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
More specific than it needs to be really, and the list may get outdated.
Something like "TLSv1.3:TLSv1.2+AEAD+ECDHE" would be nicer.
ssl_prefer_server_ciphers on;
You're only listing modern ciphers anyway; it's often better to leave
it up to the client to decide (e.g. the client knows whether it has AES
acceleration and can use that to decide a preference between AES-GCM or
CHACHA20-POLY1305; could be a fair difference in battery life on mobile
devices).
