thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1084 Commits
1 Branch
Tree: a1614fe810
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a1614fe810'
${ noResults }
sovereign/roles/jitsi/templates/etc_prosody_conf.avail_jits...

etc_prosody_conf.avail_jitsi_domain.cfg.lua.j2 3.9KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

  2. 

  3. -- domain mapper options, must at least have domain base set to use the mapper

  4. muc_mapper_domain_base = "{{ jitsi_domain }}";

  5. 

  6. external_service_secret = "6XhEs5NEtN735NXh";

  7. external_services = {

  8.      { type = "stun", host = "{{ jitsi_domain }}", port = 3478 },

  9.      { type = "turn", host = "{{ jitsi_domain }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },

  10.      { type = "turns", host = "{{ jitsi_domain }}", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }

  11. };

  12. 

  13. cross_domain_bosh = false;

  14. consider_bosh_secure = true;

  15. -- https_ports = { }; -- Remove this line to prevent listening on port 5284

  16. 

  17. -- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4

  18. ssl = {

  19.     protocol = "tlsv1_2+";

  20.     ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"

  21. }

  22. 

  23. VirtualHost "{{ jitsi_domain }}"

  24.     -- enabled = false -- Remove this line to enable this host

  25.     -- authentication = "anonymous"

  26.     authentication = "internal_hashed"

  27.     -- Properties below are modified by jitsi-meet-tokens package config

  28.     -- and authentication above is switched to "token"

  29.     --app_id="example_app_id"

  30.     --app_secret="example_app_secret"

  31.     -- Assign this host a certificate for TLS, otherwise it would use the one

  32.     -- set in the global section (if any).

  33.     -- Note that old-style SSL on port 5223 only supports one certificate, and will always

  34.     -- use the global one.

  35.     ssl = {

  36.         key = "/etc/prosody/certs/{{ jitsi_domain }}.key";

  37.         certificate = "/etc/prosody/certs/{{ jitsi_domain }}.crt";

  38.     }

  39.     speakerstats_component = "speakerstats.{{ jitsi_domain }}"

  40.     conference_duration_component = "conferenceduration.{{ jitsi_domain }}"

  41.     -- we need bosh

  42.     modules_enabled = {

  43.         "bosh";

  44.         "pubsub";

  45.         "ping"; -- Enable mod_ping

  46.         "speakerstats";

  47.         "external_services";

  48.         "conference_duration";

  49.         "muc_lobby_rooms";

  50.     }

  51.     c2s_require_encryption = false

  52.     lobby_muc = "lobby.{{ jitsi_domain }}"

  53.     main_muc = "conference.{{ jitsi_domain }}"

  54.     -- muc_lobby_whitelist = { "recorder.{{ jitsi_domain }}" } -- Here we can whitelist jibri to enter lobby enabled rooms

  55. 

  56. VirtualHost "guest.{{ jitsi_domain }}"

  57.     authentication = "anonymous"

  58.     c2s_require_encryption = false

  59. 

  60. Component "conference.{{ jitsi_domain }}" "muc"

  61.     storage = "memory"

  62.     modules_enabled = {

  63.         "muc_meeting_id";

  64.         "muc_domain_mapper";

  65.         --"token_verification";

  66.     }

  67.     admins = { "focus@auth.{{ jitsi_domain }}" }

  68.     muc_room_locking = false

  69.     muc_room_default_public_jids = true

  70. 

  71. -- internal muc component

  72. Component "internal.auth.{{ jitsi_domain }}" "muc"

  73.     storage = "memory"

  74.     modules_enabled = {

  75.         "ping";

  76.     }

  77.     admins = { "focus@auth.{{ jitsi_domain }}", "jvb@auth.{{ jitsi_domain }}" }

  78.     muc_room_locking = false

  79.     muc_room_default_public_jids = true

  80. 

  81. VirtualHost "auth.{{ jitsi_domain }}"

  82.     ssl = {

  83.         key = "/etc/prosody/certs/auth.{{ jitsi_domain }}.key";

  84.         certificate = "/etc/prosody/certs/auth.{{ jitsi_domain }}.crt";

  85.     }

  86.     authentication = "internal_hashed"

  87. 

  88. -- Proxy to jicofo's user JID, so that it doesn't have to register as a component.

  89. Component "focus.{{ jitsi_domain }}" "client_proxy"

  90.     target_address = "focus@auth.{{ jitsi_domain }}"

  91. 

  92. Component "speakerstats.{{ jitsi_domain }}" "speakerstats_component"

  93.     muc_component = "conference.{{ jitsi_domain }}"

  94. 

  95. Component "conferenceduration.{{ jitsi_domain }}" "conference_duration_component"

  96.     muc_component = "conference.{{ jitsi_domain }}"

  97. 

  98. Component "lobby.{{ jitsi_domain }}" "muc"

  99.     storage = "memory"

  100.     restrict_room_creation = true

  101.     muc_room_locking = false

  102.     muc_room_default_public_jids = true