> Passwords
> ========
needs another =
> Ports and pf.conf
> =================
Maybe better to avoid "ports" in the title here, I would go with
perhaps "pf.conf rules"
> The default configuration uses the following ports:
>
> * nginx: TCP 80, 443
> * prosody: TCP 5000, 5222, 5269, 5280, 5281, 5347, 5582
> * jicofo: TCP 8888
> * jvb: TCP 8080, UDP 10000
>
> Only a few ports, TCP 80, 443 and UDP 10000, are to be exposed. A possible
> set of pf.conf rules that can be used is:
>
> pass in on egress to (self) tcp port { 80 443 }
> pass in on egress to (self) udp port 10000
This makes me think "what are the other ones for then?" if they're
discussed in a section about firewall rules. Maybe say "exposed to
the network" and then say that the others are only used for local
communications between the daemons?
> /etc/hosts configuration
> ========================
>
> Jitsi needs two subdomains, 'auth.jitsi.example.com' and 'jitsi.example.com',
> configured as part of the setup, of which only 'jitsi.example.com' is exposed
> outside the local network.
>
> They are accessed by the jicofo, jvb and prosody daemons as part of their
> internal communication. The simplest way to make them resolvable to localhost
> is to add them in the /etc/hosts file:
>
> 127.0.0.1 localhost jitsi jitsi.example.com auth.jitsi
> auth.jitsi.example.com
> ::1 localhost jitsi jitsi.example.com auth.jitsi
> auth.jitsi.example.com
IPv6 is of course a real mess with Java on OpenBSD with the forced
IPV6_V6ONLY thing:(
> In the sample prosody configuration file, replace the domain and the password
> placeholders with the pregenerated passwords mentioned above.
"pregenerated" makes me think that something has generated them
automatically, maybe "with the passsword you chose above"?
> These certificates also need to be shared with jicofo and jvb by adding them
> to a java certificate truststore ${SYSCONFDIR}/ssl/jitsi.store.
s/java/Java/
> The daemons needs to be started in the order given:
>
> pkg_scripts=nginx prosody jvb jicofo
>
> The above can be achieved by editing /etc/rc.conf.local. The setup can be
> tested by starting the daemons and visiting the site at
> https://jitsi.example.com.
use "rcctl enable" and "rcctl order", see net/avahi/pkg/README-main
These files want to go into a meta port don't they? Sending that as a
tgz would sidestep the line-wrapping issues ;)
