If you want to use the ProsodyCtl utility to import certificates, this utility is available (once Peertube is started) using the following command (adapting the path to your Peertube data folder, and replacing "xxx" with the arguments you wish to pass to prosodyctl): `sudo -u peertube /var/www/peertube/storage/plugins/data/peertube-plugin-livechat/prosodyAppImage/squashfs-root/AppRun prosodyctl --config /var/www/peertube/storage/plugins/data/peertube-plugin-livechat/prosody/prosody.cfg.lua xxx`
We assume here that your Peertube installation is "classic" (no use of Docker), and that the certificates are generated by letsencrypt, using the certbot tool.
First of all, we'll have to create a certificate for the subdomain `room.your_instance.tld` : this is the uri of the MUC (XMPP chat rooms) component.Even if the connections are made on `your_instance.tld`, we will need a valid certificate for this subdomain.
So start by setting up a DNS entry for `room.your_instance.tld`, which points to your server.You can use a CNAME entry (or an A entry and a AAAA entry).
Users can generate long term tokens to connect to the chat. These tokens can for example be used to include the chat in OBS web docks. Check <a href="https://livingston.frama.io/peertube-plugin-livechat/documentation/user/obs" target="_blank">the documentation</a> for more information. You can disable this feature by checking this setting.
Next, we'll use nginx (already installed for your Peertube) to generate the certbot certificate.We will create a new site. In the file `/etc/nginx/site-available/room.peertube`, add:
Default value for new chatrooms. For existing chatrooms, you can change the feature in the room configuration form. When this feature is enabled, anonymous users can only read the chat, and not send messages.
Then we prepare the folder in which we will later import the certificates.We assume here that you already have the plugin active. We will create the following folder (if it doesn't already exist), with the user `peertube` to make sure there are no permissions issues: