-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_domain_.cfg.lua
141 lines (124 loc) · 4.89 KB
/
_domain_.cfg.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
asap_accepted_issuers = { "*" }
asap_accepted_audiences = { "*" }
-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "meet.example.com";
external_service_secret = "tAOpmLS1YG9pf8Ly";
external_services = {
{ type = "stun", host = "meet.example.com", port = 3478 },
{ type = "turn", host = "meet.example.com", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
{ type = "turns", host = "meet.example.com", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};
cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
protocol = "tlsv1_2+";
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}
unlimited_jids = {
"focus@auth.meet.example.com",
"jvb@auth.meet.example.com"
}
VirtualHost "meet.example.com"
-- enabled = false -- Remove this line to enable this host
authentication = "token"
-- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token"
app_id = "appName"
app_secret = "<appSecret>"
allow_empty_token = false
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "/etc/prosody/certs/meet.example.com.key";
certificate = "/etc/prosody/certs/meet.example.com.crt";
}
av_moderation_component = "avmoderation.meet.example.com"
speakerstats_component = "speakerstats.meet.example.com"
conference_duration_component = "conferenceduration.meet.example.com"
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
"speakerstats";
"external_services";
"conference_duration";
"muc_lobby_rooms";
"muc_breakout_rooms";
"av_moderation";
"presence_identity";
}
c2s_require_encryption = false
lobby_muc = "lobby.meet.example.com"
breakout_rooms_muc = "breakout.meet.example.com"
main_muc = "conference.meet.example.com"
-- muc_lobby_whitelist = { "recorder.meet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms
--VirtualHost "guest.meet.example.com"
-- authentication = "token"
-- c2s_require_encryption = false
Component "conference.meet.example.com" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
"polls";
"token_verification";
"token_affiliation";
"muc_rate_limit";
}
admins = { "focus@auth.meet.example.com" }
muc_room_locking = false
muc_room_default_public_jids = true
Component "breakout.meet.example.com" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_meeting_id";
"muc_domain_mapper";
"token_verification";
"muc_rate_limit";
}
admins = { "focus@auth.meet.example.com" }
muc_room_locking = false
muc_room_default_public_jids = true
-- internal muc component
Component "internal.auth.meet.example.com" "muc"
storage = "memory"
modules_enabled = {
"ping";
}
admins = { "focus@auth.meet.example.com", "jvb@auth.meet.example.com" }
muc_room_locking = false
muc_room_default_public_jids = true
VirtualHost "auth.meet.example.com"
ssl = {
key = "/etc/prosody/certs/auth.meet.example.com.key";
certificate = "/etc/prosody/certs/auth.meet.example.com.crt";
}
modules_enabled = {
"limits_exception";
}
authentication = "internal_hashed"
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.meet.example.com" "client_proxy"
target_address = "focus@auth.meet.example.com"
Component "speakerstats.meet.example.com" "speakerstats_component"
muc_component = "conference.meet.example.com"
Component "conferenceduration.meet.example.com" "conference_duration_component"
muc_component = "conference.meet.example.com"
Component "avmoderation.meet.example.com" "av_moderation_component"
muc_component = "conference.meet.example.com"
Component "lobby.meet.example.com" "muc"
storage = "memory"
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true
modules_enabled = {
"muc_rate_limit";
}