thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1095 Commits
1 Branch
Tree: 4dfdcdcea9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4dfdcdcea9'
${ noResults }
sovereign/roles/jitsi/templates/etc_prosody_conf.avail_jits...

etc_prosody_conf.avail_jitsi_domain.cfg.lua.j2 4.5KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

  2. 

  3. -- domain mapper options, must at least have domain base set to use the mapper

  4. muc_mapper_domain_base = "{{ jitsi_domain }}";

  5. 

  6. external_service_secret = "6XhEs5NEtN735NXh";

  7. external_services = {

  8.      { type = "stun", host = "{{ jitsi_domain }}", port = 3478 },

  9.      { type = "turn", host = "{{ jitsi_domain }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },

  10.      { type = "turns", host = "{{ jitsi_domain }}", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }

  11. };

  12. 

  13. cross_domain_bosh = false;

  14. consider_bosh_secure = true;

  15. -- https_ports = { }; -- Remove this line to prevent listening on port 5284

  16. 

  17. -- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4

  18. ssl = {

  19.     protocol = "tlsv1_2+";

  20.     ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"

  21. }

  22. 

  23. {% if jitsi_enable_ldap == true %}

  24. -- https://modules.prosody.im/mod_lib_ldap.html

  25. -- https://modules.prosody.im/mod_auth_ldap2.html

  26. authentication = 'ldap2'

  27. 

  28. ldap = {

  29.     hostname = 'localhost',

  30.     bind_dn = 'cn=admin,{{ ldap_domain_string }}',

  31.     bind_password = '{{ slapd_admin_password }}',

  32.     use_tls = false,

  33.     user = {

  34.         usernamefield = 'uid',

  35.         basedn = 'ou=people,{{ ldap_domain_string }}',

  36.         filter = '(objectClass=*)',

  37.         -- admin?

  38.         --namefield = 'cn',

  39.     },

  40. }

  41. {% endif %}

  42. 

  43. VirtualHost "{{ jitsi_domain }}"

  44.     -- enabled = false -- Remove this line to enable this host

  45.     -- authentication = "anonymous"

  46. {% if jitsi_enable_ldap == true %}

  47.     authentication = "ldap2"

  48. {% else %}

  49.     authentication = "internal_hashed"

  50. {% endif %}

  51.     -- Properties below are modified by jitsi-meet-tokens package config

  52.     -- and authentication above is switched to "token"

  53.     --app_id="example_app_id"

  54.     --app_secret="example_app_secret"

  55.     -- Assign this host a certificate for TLS, otherwise it would use the one

  56.     -- set in the global section (if any).

  57.     -- Note that old-style SSL on port 5223 only supports one certificate, and will always

  58.     -- use the global one.

  59.     ssl = {

  60.         key = "/etc/prosody/certs/{{ jitsi_domain }}.key";

  61.         certificate = "/etc/prosody/certs/{{ jitsi_domain }}.crt";

  62.     }

  63.     speakerstats_component = "speakerstats.{{ jitsi_domain }}"

  64.     conference_duration_component = "conferenceduration.{{ jitsi_domain }}"

  65.     -- we need bosh

  66.     modules_enabled = {

  67.         "bosh";

  68.         "pubsub";

  69.         "ping"; -- Enable mod_ping

  70.         "speakerstats";

  71.         "external_services";

  72.         "conference_duration";

  73.         "muc_lobby_rooms";

  74.     }

  75.     c2s_require_encryption = false

  76.     lobby_muc = "lobby.{{ jitsi_domain }}"

  77.     main_muc = "conference.{{ jitsi_domain }}"

  78.     -- muc_lobby_whitelist = { "recorder.{{ jitsi_domain }}" } -- Here we can whitelist jibri to enter lobby enabled rooms

  79. 

  80. VirtualHost "guest.{{ jitsi_domain }}"

  81.     authentication = "anonymous"

  82.     c2s_require_encryption = false

  83. 

  84. Component "conference.{{ jitsi_domain }}" "muc"

  85.     storage = "memory"

  86.     modules_enabled = {

  87.         "muc_meeting_id";

  88.         "muc_domain_mapper";

  89.         --"token_verification";

  90.     }

  91.     admins = { "focus@auth.{{ jitsi_domain }}" }

  92.     muc_room_locking = false

  93.     muc_room_default_public_jids = true

  94. 

  95. -- internal muc component

  96. Component "internal.auth.{{ jitsi_domain }}" "muc"

  97.     storage = "memory"

  98.     modules_enabled = {

  99.         "ping";

  100.     }

  101.     admins = { "focus@auth.{{ jitsi_domain }}", "jvb@auth.{{ jitsi_domain }}" }

  102.     muc_room_locking = false

  103.     muc_room_default_public_jids = true

  104. 

  105. VirtualHost "auth.{{ jitsi_domain }}"

  106.     ssl = {

  107.         key = "/etc/prosody/certs/auth.{{ jitsi_domain }}.key";

  108.         certificate = "/etc/prosody/certs/auth.{{ jitsi_domain }}.crt";

  109.     }

  110.     authentication = "internal_hashed"

  111. 

  112. -- Proxy to jicofo's user JID, so that it doesn't have to register as a component.

  113. Component "focus.{{ jitsi_domain }}" "client_proxy"

  114.     target_address = "focus@auth.{{ jitsi_domain }}"

  115. 

  116. Component "speakerstats.{{ jitsi_domain }}" "speakerstats_component"

  117.     muc_component = "conference.{{ jitsi_domain }}"

  118. 

  119. Component "conferenceduration.{{ jitsi_domain }}" "conference_duration_component"

  120.     muc_component = "conference.{{ jitsi_domain }}"

  121. 

  122. Component "lobby.{{ jitsi_domain }}" "muc"

  123.     storage = "memory"

  124.     restrict_room_creation = true

  125.     muc_room_locking = false

  126.     muc_room_default_public_jids = true