123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 |
- plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
-
- -- domain mapper options, must at least have domain base set to use the mapper
- muc_mapper_domain_base = "{{ jitsi_domain }}";
-
- external_service_secret = "6XhEs5NEtN735NXh";
- external_services = {
- { type = "stun", host = "{{ jitsi_domain }}", port = 3478 },
- { type = "turn", host = "{{ jitsi_domain }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
- { type = "turns", host = "{{ jitsi_domain }}", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
- };
-
- cross_domain_bosh = false;
- consider_bosh_secure = true;
- -- https_ports = { }; -- Remove this line to prevent listening on port 5284
-
- -- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
- ssl = {
- protocol = "tlsv1_2+";
- ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
- }
-
- {% if jitsi_enable_ldap == true %}
- -- https://modules.prosody.im/mod_lib_ldap.html
- -- https://modules.prosody.im/mod_auth_ldap2.html
- authentication = 'ldap2'
-
- ldap = {
- hostname = 'localhost',
- bind_dn = 'cn=admin,{{ ldap_domain_string }}',
- bind_password = '{{ slapd_admin_password }}',
- use_tls = false,
- user = {
- usernamefield = 'uid',
- basedn = 'ou=people,{{ ldap_domain_string }}',
- filter = '(objectClass=*)',
- -- admin?
- --namefield = 'cn',
- },
- }
- {% endif %}
-
- VirtualHost "{{ jitsi_domain }}"
- -- enabled = false -- Remove this line to enable this host
- -- authentication = "anonymous"
- {% if jitsi_enable_ldap == true %}
- authentication = "ldap2"
- {% else %}
- authentication = "internal_hashed"
- {% endif %}
- -- Properties below are modified by jitsi-meet-tokens package config
- -- and authentication above is switched to "token"
- --app_id="example_app_id"
- --app_secret="example_app_secret"
- -- Assign this host a certificate for TLS, otherwise it would use the one
- -- set in the global section (if any).
- -- Note that old-style SSL on port 5223 only supports one certificate, and will always
- -- use the global one.
- ssl = {
- key = "/etc/prosody/certs/{{ jitsi_domain }}.key";
- certificate = "/etc/prosody/certs/{{ jitsi_domain }}.crt";
- }
- speakerstats_component = "speakerstats.{{ jitsi_domain }}"
- conference_duration_component = "conferenceduration.{{ jitsi_domain }}"
- -- we need bosh
- modules_enabled = {
- "bosh";
- "pubsub";
- "ping"; -- Enable mod_ping
- "speakerstats";
- "external_services";
- "conference_duration";
- "muc_lobby_rooms";
- }
- c2s_require_encryption = false
- lobby_muc = "lobby.{{ jitsi_domain }}"
- main_muc = "conference.{{ jitsi_domain }}"
- -- muc_lobby_whitelist = { "recorder.{{ jitsi_domain }}" } -- Here we can whitelist jibri to enter lobby enabled rooms
-
- VirtualHost "guest.{{ jitsi_domain }}"
- authentication = "anonymous"
- c2s_require_encryption = false
-
- Component "conference.{{ jitsi_domain }}" "muc"
- storage = "memory"
- modules_enabled = {
- "muc_meeting_id";
- "muc_domain_mapper";
- --"token_verification";
- }
- admins = { "focus@auth.{{ jitsi_domain }}" }
- muc_room_locking = false
- muc_room_default_public_jids = true
-
- -- internal muc component
- Component "internal.auth.{{ jitsi_domain }}" "muc"
- storage = "memory"
- modules_enabled = {
- "ping";
- }
- admins = { "focus@auth.{{ jitsi_domain }}", "jvb@auth.{{ jitsi_domain }}" }
- muc_room_locking = false
- muc_room_default_public_jids = true
-
- VirtualHost "auth.{{ jitsi_domain }}"
- ssl = {
- key = "/etc/prosody/certs/auth.{{ jitsi_domain }}.key";
- certificate = "/etc/prosody/certs/auth.{{ jitsi_domain }}.crt";
- }
- authentication = "internal_hashed"
-
- -- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
- Component "focus.{{ jitsi_domain }}" "client_proxy"
- target_address = "focus@auth.{{ jitsi_domain }}"
-
- Component "speakerstats.{{ jitsi_domain }}" "speakerstats_component"
- muc_component = "conference.{{ jitsi_domain }}"
-
- Component "conferenceduration.{{ jitsi_domain }}" "conference_duration_component"
- muc_component = "conference.{{ jitsi_domain }}"
-
- Component "lobby.{{ jitsi_domain }}" "muc"
- storage = "memory"
- restrict_room_creation = true
- muc_room_locking = false
- muc_room_default_public_jids = true
|