forked from Deuxfleurs/infrastructure
Prepare Nomad deployment
This commit is contained in:
parent
0a87d26e47
commit
088c9df20c
18 changed files with 1611 additions and 78 deletions
773
app/jitsi/config/config.js
Normal file
773
app/jitsi/config/config.js
Normal file
|
@ -0,0 +1,773 @@
|
|||
/* eslint-disable no-unused-vars, no-var */
|
||||
|
||||
var config = {
|
||||
// Connection
|
||||
//
|
||||
|
||||
hosts: {
|
||||
// XMPP domain.
|
||||
domain: 'jitsi',
|
||||
|
||||
// When using authentication, domain for guest users.
|
||||
// anonymousdomain: 'guest.example.com',
|
||||
|
||||
// Domain for authenticated users. Defaults to <domain>.
|
||||
// authdomain: 'jitsi-meet.example.com',
|
||||
|
||||
// Focus component domain. Defaults to focus.<domain>.
|
||||
// focus: 'focus.jitsi-meet.example.com',
|
||||
|
||||
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||
muc: 'conference.jitsi'
|
||||
},
|
||||
|
||||
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||
bosh: '//jitsi.deuxfleurs.fr/http-bind',
|
||||
|
||||
// Websocket URL
|
||||
// websocket: 'wss://jitsi-meet.example.com/xmpp-websocket',
|
||||
|
||||
// The name of client node advertised in XEP-0115 'c' stanza
|
||||
clientNode: 'http://jitsi.org/jitsimeet',
|
||||
|
||||
// The real JID of focus participant - can be overridden here
|
||||
// Do not change username - FIXME: Make focus username configurable
|
||||
// https://github.com/jitsi/jitsi-meet/issues/7376
|
||||
// focusUserJid: 'focus@auth.jitsi-meet.example.com',
|
||||
|
||||
|
||||
// Testing / experimental features.
|
||||
//
|
||||
|
||||
testing: {
|
||||
// Disables the End to End Encryption feature. Useful for debugging
|
||||
// issues related to insertable streams.
|
||||
// disableE2EE: false,
|
||||
|
||||
// P2P test mode disables automatic switching to P2P when there are 2
|
||||
// participants in the conference.
|
||||
p2pTestMode: false
|
||||
|
||||
// Enables the test specific features consumed by jitsi-meet-torture
|
||||
// testMode: false
|
||||
|
||||
// Disables the auto-play behavior of *all* newly created video element.
|
||||
// This is useful when the client runs on a host with limited resources.
|
||||
// noAutoPlayVideo: false
|
||||
|
||||
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
|
||||
// simulcast is turned off for the desktop share. If presenter is turned
|
||||
// on while screensharing is in progress, the max bitrate is automatically
|
||||
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
|
||||
// the probability for this to be enabled.
|
||||
// capScreenshareBitrate: 1 // 0 to disable
|
||||
|
||||
// Enable callstats only for a percentage of users.
|
||||
// This takes a value between 0 and 100 which determines the probability for
|
||||
// the callstats to be enabled.
|
||||
// callStatsThreshold: 5 // enable callstats for 5% of the users.
|
||||
},
|
||||
|
||||
// Disables ICE/UDP by filtering out local and remote UDP candidates in
|
||||
// signalling.
|
||||
// webrtcIceUdpDisable: false,
|
||||
|
||||
// Disables ICE/TCP by filtering out local and remote TCP candidates in
|
||||
// signalling.
|
||||
// webrtcIceTcpDisable: false,
|
||||
|
||||
|
||||
// Media
|
||||
//
|
||||
|
||||
// Audio
|
||||
|
||||
// Disable measuring of audio levels.
|
||||
// disableAudioLevels: false,
|
||||
// audioLevelsInterval: 200,
|
||||
|
||||
// Enabling this will run the lib-jitsi-meet no audio detection module which
|
||||
// will notify the user if the current selected microphone has no audio
|
||||
// input and will suggest another valid device if one is present.
|
||||
enableNoAudioDetection: true,
|
||||
|
||||
// Enabling this will show a "Save Logs" link in the GSM popover that can be
|
||||
// used to collect debug information (XMPP IQs, SDP offer/answer cycles)
|
||||
// about the call.
|
||||
// enableSaveLogs: false,
|
||||
|
||||
// Enabling this will run the lib-jitsi-meet noise detection module which will
|
||||
// notify the user if there is noise, other than voice, coming from the current
|
||||
// selected microphone. The purpose it to let the user know that the input could
|
||||
// be potentially unpleasant for other meeting participants.
|
||||
enableNoisyMicDetection: false,
|
||||
|
||||
// Start the conference in audio only mode (no video is being received nor
|
||||
// sent).
|
||||
startAudioOnly: false,
|
||||
|
||||
// Every participant after the Nth will start audio muted.
|
||||
startAudioMuted: 5,
|
||||
|
||||
// Start calls with audio muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithAudioMuted: false,
|
||||
|
||||
// Enabling it (with #params) will disable local audio output of remote
|
||||
// participants and to enable it back a reload is needed.
|
||||
// startSilent: false
|
||||
|
||||
// Sets the preferred target bitrate for the Opus audio codec by setting its
|
||||
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
|
||||
// Valid values are in the range 6000 to 510000
|
||||
// opusMaxAverageBitrate: 20000,
|
||||
|
||||
// Enables support for opus-red (redundancy for Opus).
|
||||
// enableOpusRed: false
|
||||
|
||||
// Video
|
||||
|
||||
// Sets the preferred resolution (height) for local video. Defaults to 720.
|
||||
// resolution: 720,
|
||||
|
||||
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
|
||||
// Use -1 to disable.
|
||||
// maxFullResolutionParticipants: 2,
|
||||
|
||||
// w3c spec-compliant video constraints to use for video capture. Currently
|
||||
// used by browsers that return true from lib-jitsi-meet's
|
||||
// util#browser#usesNewGumFlow. The constraints are independent from
|
||||
// this config's resolution value. Defaults to requesting an ideal
|
||||
// resolution of 720p.
|
||||
// constraints: {
|
||||
// video: {
|
||||
// height: {
|
||||
// ideal: 720,
|
||||
// max: 720,
|
||||
// min: 240
|
||||
// }
|
||||
// }
|
||||
// },
|
||||
|
||||
// Enable / disable simulcast support.
|
||||
// disableSimulcast: false,
|
||||
|
||||
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
||||
// layers are not in use will be suspended (no longer sent) until they
|
||||
// are requested again.
|
||||
// enableLayerSuspension: false,
|
||||
|
||||
// Every participant after the Nth will start video muted.
|
||||
startVideoMuted: 5,
|
||||
|
||||
// Start calls with video muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithVideoMuted: false,
|
||||
|
||||
// If set to true, prefer to use the H.264 video codec (if supported).
|
||||
// Note that it's not recommended to do this because simulcast is not
|
||||
// supported when using H.264. For 1-to-1 calls this setting is enabled by
|
||||
// default and can be toggled in the p2p section.
|
||||
// This option has been deprecated, use preferredCodec under videoQuality section instead.
|
||||
// preferH264: true,
|
||||
|
||||
// If set to true, disable H.264 video codec by stripping it out of the
|
||||
// SDP.
|
||||
// disableH264: false,
|
||||
|
||||
// Desktop sharing
|
||||
|
||||
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
|
||||
// desktopSharingFrameRate: {
|
||||
// min: 5,
|
||||
// max: 5
|
||||
// },
|
||||
|
||||
// Try to start calls with screen-sharing instead of camera video.
|
||||
// startScreenSharing: false,
|
||||
|
||||
// Recording
|
||||
|
||||
// Whether to enable file recording or not.
|
||||
// fileRecordingsEnabled: false,
|
||||
// Enable the dropbox integration.
|
||||
// dropbox: {
|
||||
// appKey: '<APP_KEY>' // Specify your app key here.
|
||||
// // A URL to redirect the user to, after authenticating
|
||||
// // by default uses:
|
||||
// // 'https://jitsi-meet.example.com/static/oauth.html'
|
||||
// redirectURI:
|
||||
// 'https://jitsi-meet.example.com/subfolder/static/oauth.html'
|
||||
// },
|
||||
// When integrations like dropbox are enabled only that will be shown,
|
||||
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
||||
// and the generic recording service (its configuration and storage type
|
||||
// depends on jibri configuration)
|
||||
// fileRecordingsServiceEnabled: false,
|
||||
// Whether to show the possibility to share file recording with other people
|
||||
// (e.g. meeting participants), based on the actual implementation
|
||||
// on the backend.
|
||||
// fileRecordingsServiceSharingEnabled: false,
|
||||
|
||||
// Whether to enable live streaming or not.
|
||||
// liveStreamingEnabled: false,
|
||||
|
||||
// Transcription (in interface_config,
|
||||
// subtitles and buttons can be configured)
|
||||
// transcribingEnabled: false,
|
||||
|
||||
// Enables automatic turning on captions when recording is started
|
||||
// autoCaptionOnRecord: false,
|
||||
|
||||
// Misc
|
||||
|
||||
// Default value for the channel "last N" attribute. -1 for unlimited.
|
||||
channelLastN: -1,
|
||||
|
||||
// Provides a way to use different "last N" values based on the number of participants in the conference.
|
||||
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
|
||||
// participants gets to or above the number.
|
||||
//
|
||||
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
|
||||
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
|
||||
// will be used as default until the first threshold is reached.
|
||||
//
|
||||
// lastNLimits: {
|
||||
// 5: 20,
|
||||
// 30: 15,
|
||||
// 50: 10,
|
||||
// 70: 5,
|
||||
// 90: 2
|
||||
// },
|
||||
|
||||
// Specify the settings for video quality optimizations on the client.
|
||||
// videoQuality: {
|
||||
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
|
||||
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
|
||||
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
|
||||
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
|
||||
// disabledCodec: 'H264',
|
||||
//
|
||||
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
|
||||
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
|
||||
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
|
||||
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
|
||||
// // to take effect.
|
||||
// preferredCodec: 'VP8',
|
||||
//
|
||||
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
|
||||
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
|
||||
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
|
||||
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
|
||||
// // This is currently not implemented on app based clients on mobile.
|
||||
// maxBitratesVideo: {
|
||||
// low: 200000,
|
||||
// standard: 500000,
|
||||
// high: 1500000
|
||||
// },
|
||||
//
|
||||
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
|
||||
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
|
||||
// // 'low' - for the low quality level (180p at the time of this writing)
|
||||
// // 'standard' - for the medium quality level (360p)
|
||||
// // 'high' - for the high quality level (720p)
|
||||
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
|
||||
// //
|
||||
// // With the default config value below the application will use 'low' quality until the thumbnails are
|
||||
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
|
||||
// // the high quality.
|
||||
// minHeightForQualityLvl: {
|
||||
// 360: 'standard',
|
||||
// 720: 'high'
|
||||
// },
|
||||
//
|
||||
// // Provides a way to resize the desktop track to 720p (if it is greater than 720p) before creating a canvas
|
||||
// // for the presenter mode (camera picture-in-picture mode with screenshare).
|
||||
// resizeDesktopForPresenter: false
|
||||
// },
|
||||
|
||||
// // Options for the recording limit notification.
|
||||
// recordingLimit: {
|
||||
//
|
||||
// // The recording limit in minutes. Note: This number appears in the notification text
|
||||
// // but doesn't enforce the actual recording time limit. This should be configured in
|
||||
// // jibri!
|
||||
// limit: 60,
|
||||
//
|
||||
// // The name of the app with unlimited recordings.
|
||||
// appName: 'Unlimited recordings APP',
|
||||
//
|
||||
// // The URL of the app with unlimited recordings.
|
||||
// appURL: 'https://unlimited.recordings.app.com/'
|
||||
// },
|
||||
|
||||
// Disables or enables RTX (RFC 4588) (defaults to false).
|
||||
// disableRtx: false,
|
||||
|
||||
// Disables or enables TCC support in this client (default: enabled).
|
||||
// enableTcc: true,
|
||||
|
||||
// Disables or enables REMB support in this client (default: enabled).
|
||||
// enableRemb: true,
|
||||
|
||||
// Enables ICE restart logic in LJM and displays the page reload overlay on
|
||||
// ICE failure. Current disabled by default because it's causing issues with
|
||||
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
|
||||
// not a real ICE restart), the client maintains the TCC sequence number
|
||||
// counter, but the bridge resets it. The bridge sends media packets with
|
||||
// TCC sequence numbers starting from 0.
|
||||
// enableIceRestart: false,
|
||||
|
||||
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
|
||||
// we filter out TURN/UDP because it is usually not needed since the
|
||||
// bridge itself is reachable via UDP)
|
||||
// useTurnUdp: false
|
||||
|
||||
// UI
|
||||
//
|
||||
|
||||
// Disables responsive tiles.
|
||||
// disableResponsiveTiles: false,
|
||||
|
||||
// Hides lobby button
|
||||
// hideLobbyButton: false,
|
||||
|
||||
// Require users to always specify a display name.
|
||||
// requireDisplayName: true,
|
||||
|
||||
// Whether to use a welcome page or not. In case it's false a random room
|
||||
// will be joined when no room is specified.
|
||||
enableWelcomePage: true,
|
||||
|
||||
// Disable app shortcuts that are registered upon joining a conference
|
||||
// disableShortcuts: false,
|
||||
|
||||
// Disable initial browser getUserMedia requests.
|
||||
// This is useful for scenarios where users might want to start a conference for screensharing only
|
||||
// disableInitialGUM: false,
|
||||
|
||||
// Enabling the close page will ignore the welcome page redirection when
|
||||
// a call is hangup.
|
||||
// enableClosePage: false,
|
||||
|
||||
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
|
||||
// disable1On1Mode: false,
|
||||
|
||||
// Default language for the user interface.
|
||||
defaultLanguage: 'fr',
|
||||
|
||||
// Disables profile and the edit of all fields from the profile settings (display name and email)
|
||||
// disableProfile: false,
|
||||
|
||||
// Whether or not some features are checked based on token.
|
||||
// enableFeaturesBasedOnToken: false,
|
||||
|
||||
// When enabled the password used for locking a room is restricted to up to the number of digits specified
|
||||
// roomPasswordNumberOfDigits: 10,
|
||||
// default: roomPasswordNumberOfDigits: false,
|
||||
|
||||
// Message to show the users. Example: 'The service will be down for
|
||||
// maintenance at 01:00 AM GMT,
|
||||
// noticeMessage: '',
|
||||
|
||||
// Enables calendar integration, depends on googleApiApplicationClientID
|
||||
// and microsoftApiApplicationClientID
|
||||
// enableCalendarIntegration: false,
|
||||
|
||||
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
||||
prejoinPageEnabled: true,
|
||||
|
||||
// If etherpad integration is enabled, setting this to true will
|
||||
// automatically open the etherpad when a participant joins. This
|
||||
// does not affect the mobile app since opening an etherpad
|
||||
// obscures the conference controls -- it's better to let users
|
||||
// choose to open the pad on their own in that case.
|
||||
// openSharedDocumentOnJoin: false,
|
||||
|
||||
// If true, shows the unsafe room name warning label when a room name is
|
||||
// deemed unsafe (due to the simplicity in the name) and a password is not
|
||||
// set or the lobby is not enabled.
|
||||
// enableInsecureRoomNameWarning: false,
|
||||
|
||||
// Whether to automatically copy invitation URL after creating a room.
|
||||
// Document should be focused for this option to work
|
||||
// enableAutomaticUrlCopy: false,
|
||||
|
||||
// Base URL for a Gravatar-compatible service. Defaults to libravatar.
|
||||
// gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/';
|
||||
|
||||
// Stats
|
||||
//
|
||||
|
||||
// Whether to enable stats collection or not in the TraceablePeerConnection.
|
||||
// This can be useful for debugging purposes (post-processing/analysis of
|
||||
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
|
||||
// estimation tests.
|
||||
// gatherStats: false,
|
||||
|
||||
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
|
||||
// pcStatsInterval: 10000,
|
||||
|
||||
// To enable sending statistics to callstats.io you must provide the
|
||||
// Application ID and Secret.
|
||||
// callStatsID: '',
|
||||
// callStatsSecret: '',
|
||||
|
||||
// Enables sending participants' display names to callstats
|
||||
// enableDisplayNameInStats: false,
|
||||
|
||||
// Enables sending participants' emails (if available) to callstats and other analytics
|
||||
// enableEmailInStats: false,
|
||||
|
||||
// Privacy
|
||||
//
|
||||
|
||||
// If third party requests are disabled, no other server will be contacted.
|
||||
// This means avatars will be locally generated and callstats integration
|
||||
// will not function.
|
||||
// disableThirdPartyRequests: false,
|
||||
|
||||
|
||||
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
|
||||
//
|
||||
|
||||
p2p: {
|
||||
// Enables peer to peer mode. When enabled the system will try to
|
||||
// establish a direct connection when there are exactly 2 participants
|
||||
// in the room. If that succeeds the conference will stop sending data
|
||||
// through the JVB and use the peer to peer connection instead. When a
|
||||
// 3rd participant joins the conference will be moved back to the JVB
|
||||
// connection.
|
||||
enabled: true,
|
||||
|
||||
// The STUN servers that will be used in the peer to peer connections
|
||||
stunServers: [
|
||||
|
||||
// { urls: 'stun:jitsi-meet.example.com:3478' },
|
||||
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
|
||||
]
|
||||
|
||||
// Sets the ICE transport policy for the p2p connection. At the time
|
||||
// of this writing the list of possible values are 'all' and 'relay',
|
||||
// but that is subject to change in the future. The enum is defined in
|
||||
// the WebRTC standard:
|
||||
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
|
||||
// If not set, the effective value is 'all'.
|
||||
// iceTransportPolicy: 'all',
|
||||
|
||||
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
|
||||
// is supported). This setting is deprecated, use preferredCodec instead.
|
||||
// preferH264: true
|
||||
|
||||
// Provides a way to set the video codec preference on the p2p connection. Acceptable
|
||||
// codec values are 'VP8', 'VP9' and 'H264'.
|
||||
// preferredCodec: 'H264',
|
||||
|
||||
// If set to true, disable H.264 video codec by stripping it out of the
|
||||
// SDP. This setting is deprecated, use disabledCodec instead.
|
||||
// disableH264: false,
|
||||
|
||||
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
|
||||
// disabledCodec: '',
|
||||
|
||||
// How long we're going to wait, before going back to P2P after the 3rd
|
||||
// participant has left the conference (to filter out page reload).
|
||||
// backToP2PDelay: 5
|
||||
},
|
||||
|
||||
analytics: {
|
||||
// The Google Analytics Tracking ID:
|
||||
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
|
||||
|
||||
// Matomo configuration:
|
||||
// matomoEndpoint: 'https://your-matomo-endpoint/',
|
||||
// matomoSiteID: '42',
|
||||
|
||||
// The Amplitude APP Key:
|
||||
// amplitudeAPPKey: '<APP_KEY>'
|
||||
|
||||
// Configuration for the rtcstats server:
|
||||
// By enabling rtcstats server every time a conference is joined the rtcstats
|
||||
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
|
||||
// PeerConnection states along with getStats metrics polled at the specified
|
||||
// interval.
|
||||
// rtcstatsEnabled: true,
|
||||
|
||||
// In order to enable rtcstats one needs to provide a endpoint url.
|
||||
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
|
||||
|
||||
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
|
||||
// If the value is set to 0 getStats won't be polled and the rtcstats client
|
||||
// will only send data related to RTCPeerConnection events.
|
||||
// rtcstatsPolIInterval: 1000
|
||||
|
||||
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
|
||||
// scriptURLs: [
|
||||
// "libs/analytics-ga.min.js", // google-analytics
|
||||
// "https://example.com/my-custom-analytics.js"
|
||||
// ],
|
||||
},
|
||||
|
||||
// Logs that should go be passed through the 'log' event if a handler is defined for it
|
||||
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
|
||||
|
||||
// Information about the jitsi-meet instance we are connecting to, including
|
||||
// the user region as seen by the server.
|
||||
deploymentInfo: {
|
||||
// shard: "shard1",
|
||||
// region: "europe",
|
||||
// userRegion: "asia"
|
||||
},
|
||||
|
||||
// Decides whether the start/stop recording audio notifications should play on record.
|
||||
// disableRecordAudioNotification: false,
|
||||
|
||||
// Information for the chrome extension banner
|
||||
// chromeExtensionBanner: {
|
||||
// // The chrome extension to be installed address
|
||||
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
|
||||
// // Extensions info which allows checking if they are installed or not
|
||||
// chromeExtensionsInfo: [
|
||||
// {
|
||||
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
// path: 'jitsi-logo-48x48.png'
|
||||
// }
|
||||
// ]
|
||||
// },
|
||||
|
||||
// Local Recording
|
||||
//
|
||||
|
||||
// localRecording: {
|
||||
// Enables local recording.
|
||||
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
||||
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
|
||||
// button to show up on the toolbar.
|
||||
//
|
||||
// enabled: true,
|
||||
//
|
||||
|
||||
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
||||
// format: 'flac'
|
||||
//
|
||||
|
||||
// },
|
||||
|
||||
// Options related to end-to-end (participant to participant) ping.
|
||||
// e2eping: {
|
||||
// // The interval in milliseconds at which pings will be sent.
|
||||
// // Defaults to 10000, set to <= 0 to disable.
|
||||
// pingInterval: 10000,
|
||||
//
|
||||
// // The interval in milliseconds at which analytics events
|
||||
// // with the measured RTT will be sent. Defaults to 60000, set
|
||||
// // to <= 0 to disable.
|
||||
// analyticsInterval: 60000,
|
||||
// },
|
||||
|
||||
// If set, will attempt to use the provided video input device label when
|
||||
// triggering a screenshare, instead of proceeding through the normal flow
|
||||
// for obtaining a desktop stream.
|
||||
// NOTE: This option is experimental and is currently intended for internal
|
||||
// use only.
|
||||
// _desktopSharingSourceDevice: 'sample-id-or-label',
|
||||
|
||||
// If true, any checks to handoff to another application will be prevented
|
||||
// and instead the app will continue to display in the current browser.
|
||||
// disableDeepLinking: false,
|
||||
|
||||
// A property to disable the right click context menu for localVideo
|
||||
// the menu has option to flip the locally seen video for local presentations
|
||||
// disableLocalVideoFlip: false,
|
||||
|
||||
// Mainly privacy related settings
|
||||
|
||||
// Disables all invite functions from the app (share, invite, dial out...etc)
|
||||
// disableInviteFunctions: true,
|
||||
|
||||
// Disables storing the room name to the recents list
|
||||
// doNotStoreRoom: true,
|
||||
|
||||
// Deployment specific URLs.
|
||||
// deploymentUrls: {
|
||||
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
|
||||
// // user documentation.
|
||||
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
|
||||
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
|
||||
// // to the specified URL for an app download page.
|
||||
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
|
||||
// },
|
||||
|
||||
// Options related to the remote participant menu.
|
||||
// remoteVideoMenu: {
|
||||
// // If set to true the 'Kick out' button will be disabled.
|
||||
// disableKick: true
|
||||
// },
|
||||
|
||||
// If set to true all muting operations of remote participants will be disabled.
|
||||
// disableRemoteMute: true,
|
||||
|
||||
// Enables support for lip-sync for this client (if the browser supports it).
|
||||
// enableLipSync: false
|
||||
|
||||
/**
|
||||
External API url used to receive branding specific information.
|
||||
If there is no url set or there are missing fields, the defaults are applied.
|
||||
None of the fields are mandatory and the response must have the shape:
|
||||
{
|
||||
// The hex value for the colour used as background
|
||||
backgroundColor: '#fff',
|
||||
// The url for the image used as background
|
||||
backgroundImageUrl: 'https://example.com/background-img.png',
|
||||
// The anchor url used when clicking the logo image
|
||||
logoClickUrl: 'https://example-company.org',
|
||||
// The url used for the image used as logo
|
||||
logoImageUrl: 'https://example.com/logo-img.png'
|
||||
}
|
||||
*/
|
||||
// dynamicBrandingUrl: '',
|
||||
|
||||
// The URL of the moderated rooms microservice, if available. If it
|
||||
// is present, a link to the service will be rendered on the welcome page,
|
||||
// otherwise the app doesn't render it.
|
||||
// moderatedRoomServiceUrl: 'https://moderated.jitsi-meet.example.com',
|
||||
|
||||
// If true, tile view will not be enabled automatically when the participants count threshold is reached.
|
||||
// disableTileView: true,
|
||||
|
||||
// Hides the conference subject
|
||||
// hideConferenceSubject: true
|
||||
|
||||
// Hides the conference timer.
|
||||
// hideConferenceTimer: true,
|
||||
|
||||
// Hides the participants stats
|
||||
// hideParticipantsStats: true
|
||||
|
||||
// Sets the conference subject
|
||||
// subject: 'Conference Subject',
|
||||
|
||||
// List of undocumented settings used in jitsi-meet
|
||||
/**
|
||||
_immediateReloadThreshold
|
||||
debug
|
||||
debugAudioLevels
|
||||
deploymentInfo
|
||||
dialInConfCodeUrl
|
||||
dialInNumbersUrl
|
||||
dialOutAuthUrl
|
||||
dialOutCodesUrl
|
||||
disableRemoteControl
|
||||
displayJids
|
||||
etherpad_base
|
||||
externalConnectUrl
|
||||
firefox_fake_device
|
||||
googleApiApplicationClientID
|
||||
iAmRecorder
|
||||
iAmSipGateway
|
||||
microsoftApiApplicationClientID
|
||||
peopleSearchQueryTypes
|
||||
peopleSearchUrl
|
||||
requireDisplayName
|
||||
tokenAuthUrl
|
||||
*/
|
||||
|
||||
/**
|
||||
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
|
||||
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
|
||||
* can become https://brandedDomain/roomAlias)
|
||||
*/
|
||||
// brandingRoomAlias: null,
|
||||
|
||||
// List of undocumented settings used in lib-jitsi-meet
|
||||
/**
|
||||
_peerConnStatusOutOfLastNTimeout
|
||||
_peerConnStatusRtcMuteTimeout
|
||||
abTesting
|
||||
avgRtpStatsN
|
||||
callStatsConfIDNamespace
|
||||
callStatsCustomScriptUrl
|
||||
desktopSharingSources
|
||||
disableAEC
|
||||
disableAGC
|
||||
disableAP
|
||||
disableHPF
|
||||
disableNS
|
||||
enableTalkWhileMuted
|
||||
forceJVB121Ratio
|
||||
forceTurnRelay
|
||||
hiddenDomain
|
||||
ignoreStartMuted
|
||||
websocketKeepAlive
|
||||
websocketKeepAliveUrl
|
||||
*/
|
||||
|
||||
/**
|
||||
Use this array to configure which notifications will be shown to the user
|
||||
The items correspond to the title or description key of that notification
|
||||
Some of these notifications also depend on some other internal logic to be displayed or not,
|
||||
so adding them here will not ensure they will always be displayed
|
||||
|
||||
A falsy value for this prop will result in having all notifications enabled (e.g null, undefined, false)
|
||||
*/
|
||||
// notifications: [
|
||||
// 'connection.CONNFAIL', // shown when the connection fails,
|
||||
// 'dialog.cameraNotSendingData', // shown when there's no feed from user's camera
|
||||
// 'dialog.kickTitle', // shown when user has been kicked
|
||||
// 'dialog.liveStreaming', // livestreaming notifications (pending, on, off, limits)
|
||||
// 'dialog.lockTitle', // shown when setting conference password fails
|
||||
// 'dialog.maxUsersLimitReached', // shown when maximmum users limit has been reached
|
||||
// 'dialog.micNotSendingData', // shown when user's mic is not sending any audio
|
||||
// 'dialog.passwordNotSupportedTitle', // shown when setting conference password fails due to password format
|
||||
// 'dialog.recording', // recording notifications (pending, on, off, limits)
|
||||
// 'dialog.remoteControlTitle', // remote control notifications (allowed, denied, start, stop, error)
|
||||
// 'dialog.reservationError',
|
||||
// 'dialog.serviceUnavailable', // shown when server is not reachable
|
||||
// 'dialog.sessTerminated', // shown when there is a failed conference session
|
||||
// 'dialog.tokenAuthFailed', // show when an invalid jwt is used
|
||||
// 'dialog.transcribing', // transcribing notifications (pending, off)
|
||||
// 'dialOut.statusMessage', // shown when dial out status is updated.
|
||||
// 'liveStreaming.busy', // shown when livestreaming service is busy
|
||||
// 'liveStreaming.failedToStart', // shown when livestreaming fails to start
|
||||
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
|
||||
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
|
||||
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
|
||||
// 'localRecording.localRecording', // shown when a local recording is started
|
||||
// 'notify.disconnected', // shown when a participant has left
|
||||
// 'notify.grantedTo', // shown when moderator rights were granted to a participant
|
||||
// 'notify.invitedOneMember', // shown when 1 participant has been invited
|
||||
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
|
||||
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
|
||||
// 'notify.kickParticipant', // shown when a participant is kicked
|
||||
// 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
|
||||
// 'notify.mutedTitle', // shown when user has been muted upon joining,
|
||||
// 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
|
||||
// 'notify.newDeviceCameraTitle', // prompts the user to use a newly detected camera
|
||||
// 'notify.passwordRemovedRemotely', // shown when a password has been removed remotely
|
||||
// 'notify.passwordSetRemotely', // shown when a password has been set remotely
|
||||
// 'notify.raisedHand', // shown when a partcipant used raise hand,
|
||||
// 'notify.startSilentTitle', // shown when user joined with no audio
|
||||
// 'prejoin.errorDialOut',
|
||||
// 'prejoin.errorDialOutDisconnected',
|
||||
// 'prejoin.errorDialOutFailed',
|
||||
// 'prejoin.errorDialOutStatus',
|
||||
// 'prejoin.errorStatusCode',
|
||||
// 'prejoin.errorValidation',
|
||||
// 'recording.busy', // shown when recording service is busy
|
||||
// 'recording.failedToStart', // shown when recording fails to start
|
||||
// 'recording.unavailableTitle', // shown when recording service is not reachable
|
||||
// 'toolbar.noAudioSignalTitle', // shown when a broken mic is detected
|
||||
// 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone
|
||||
// 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted
|
||||
// 'transcribing.failedToStart' // shown when transcribing fails to start
|
||||
// ]
|
||||
|
||||
// Allow all above example options to include a trailing comma and
|
||||
// prevent fear when commenting out the last value.
|
||||
makeJsonParserHappy: 'even if last key had a trailing comma'
|
||||
|
||||
// no configuration value should follow this line.
|
||||
};
|
||||
|
||||
/* eslint-enable no-unused-vars, no-var */
|
|
@ -1,10 +0,0 @@
|
|||
JITSI_SECRET_VIDEOBRIDGE={{ key "secrets/jitsi/jitsi_secret_videobridge" }}
|
||||
JITSI_SECRET_JICOFO_COMPONENT={{ key "secrets/jitsi/jitsi_secret_jicofo_component" }}
|
||||
JITSI_SECRET_JICOFO_USER={{ key "secrets/jitsi/jitsi_secret_jicofo_user" }}
|
||||
JITSI_PROSODY_BOSH_PORT={{ env "NOMAD_PORT_bosh_port" }}
|
||||
JITSI_PROSODY_BOSH_HOST=127.0.0.1
|
||||
JITSI_PROSODY_HOST=127.0.0.1
|
||||
JITSI_CERTS_FOLDER=/secrets/certs/
|
||||
JITSI_NAT_PUBLIC_IP=78.197.205.190
|
||||
JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }}
|
||||
NGINX_PORT={{ env "NOMAD_PORT_https_port" }}
|
273
app/jitsi/config/jicofo.conf
Normal file
273
app/jitsi/config/jicofo.conf
Normal file
|
@ -0,0 +1,273 @@
|
|||
jicofo {
|
||||
// Authentication with external services
|
||||
authentication {
|
||||
enabled = false
|
||||
// The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default).
|
||||
type = SHIBBOLETH
|
||||
|
||||
// The pattern of authentication URL. See ShibbolethAuthAuthority for more information.
|
||||
# login-url =
|
||||
|
||||
# logout-url =
|
||||
|
||||
authentication-lifetime = 24 hours
|
||||
enable-auto-login = true
|
||||
}
|
||||
// Configuration related to jitsi-videobridge
|
||||
bridge {
|
||||
// The maximum number of participants in a single conference to put on one bridge (use -1 for no maximum).
|
||||
max-bridge-participants = -1
|
||||
// The assumed maximum packet rate that a bridge can handle.
|
||||
max-bridge-packet-rate = 50000
|
||||
// The assumed average packet rate per participant.
|
||||
average-participant-packet-rate-pps = 500
|
||||
// The assumed average stress per participant.
|
||||
average-participant-stress = 0.01
|
||||
// The assumed time that an endpoint takes to start contributing fully to the load on a bridge. To avoid allocating
|
||||
// a burst of endpoints to the same bridge, the bridge stress is adjusted by adding the number of new endpoints
|
||||
// in the last [participant-rampup-time] multiplied by [average-participant-stress].
|
||||
participant-rampup-interval = 20 seconds
|
||||
// The stress level above which a bridge is considered overstressed.
|
||||
stress-threshold = 0.8
|
||||
// The amount of to wait before retrying using a failed bridge.
|
||||
failure-reset-threshold = 1 minute
|
||||
// The bridge selection strategy. The built-in strategies are:
|
||||
// SingleBridgeSelectionStrategy: Use the least loaded bridge, do not split a conference between bridges (Octo).
|
||||
// SplitBridgeSelectionStrategy: Use a separate bridge for each participant (for testing).
|
||||
// RegionBasedBridgeSelectionStrategy: Attempt to put each participant in a bridge in their local region (i.e. use
|
||||
// Octo for geo-location).
|
||||
// IntraRegionBridgeSelectionStrategy: Use additional bridges when a bridge becomes overloaded (i.e. use Octo for
|
||||
// load balancing).
|
||||
//
|
||||
// Additionally, you can use the fully qualified class name for custom BridgeSelectionStrategy implementations.
|
||||
selection-strategy = SingleBridgeSelectionStrategy
|
||||
health-checks {
|
||||
// Whether jicofo should perform periodic health checks to the connected bridges.
|
||||
enabled = true
|
||||
// The interval at which to perform health checks.
|
||||
interval = 10 seconds
|
||||
// When a health checks times out, jicofo will retry and only consider it fail after the retry fails. This
|
||||
// configures the delay between the original health check timing out and the second health check being sent.
|
||||
// It is a duration and defaults to half the [interval].
|
||||
# retry-delay = 5 seconds
|
||||
}
|
||||
|
||||
// The JID of the MUC to be used as a brewery for bridge instances.
|
||||
brewery-jid = "jvbbrewery@internal.auth.jitsi"
|
||||
}
|
||||
// Configure the codecs and RTP extensions to be used in the offer sent to clients.
|
||||
codec {
|
||||
video {
|
||||
vp8 {
|
||||
enabled = true
|
||||
pt = 100
|
||||
// Payload type for the associated RTX stream. Set to -1 to disable RTX.
|
||||
rtx-pt = 96
|
||||
}
|
||||
vp9 {
|
||||
enabled = true
|
||||
pt = 101
|
||||
// Payload type for the associated RTX stream. Set to -1 to disable RTX.
|
||||
rtx-pt = 97
|
||||
}
|
||||
h264 {
|
||||
enabled = true
|
||||
pt = 107
|
||||
// Payload type for the associated RTX stream. Set to -1 to disable RTX.
|
||||
rtx-pt = 99
|
||||
}
|
||||
}
|
||||
|
||||
audio {
|
||||
isac-16000 {
|
||||
enabled = true
|
||||
pt = 103
|
||||
}
|
||||
isac-32000 {
|
||||
enabled = true
|
||||
pt = 104
|
||||
}
|
||||
opus {
|
||||
enabled = true
|
||||
pt = 111
|
||||
minptime = 10
|
||||
use-inband-fec = true
|
||||
red {
|
||||
enabled = false
|
||||
pt = 112
|
||||
}
|
||||
}
|
||||
telephone-event {
|
||||
enabled = true
|
||||
pt = 126
|
||||
}
|
||||
}
|
||||
|
||||
// RTP header extensions
|
||||
rtp-extensions {
|
||||
audio-level {
|
||||
enabled = true
|
||||
id = 1
|
||||
}
|
||||
tof {
|
||||
// TOF is currently disabled, because we don't support it in the bridge
|
||||
// (and currently clients seem to not use it when abs-send-time is
|
||||
// available).
|
||||
enabled = false
|
||||
id = 2
|
||||
}
|
||||
abs-send-time {
|
||||
enabled = true
|
||||
id = 3
|
||||
}
|
||||
rid {
|
||||
enabled = false
|
||||
id = 4
|
||||
}
|
||||
tcc {
|
||||
enabled = true
|
||||
id = 5
|
||||
}
|
||||
video-content-type {
|
||||
enabled = false
|
||||
id = 7
|
||||
}
|
||||
framemarking {
|
||||
enabled = false
|
||||
id = 9
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
conference {
|
||||
// Whether to automatically grant the 'owner' role to the first participant in the conference (and subsequently to
|
||||
// the next in line when the current owner leaves).
|
||||
enable-auto-owner = true
|
||||
|
||||
// How long to wait for the initial participant in a conference.
|
||||
initial-timeout = 15 seconds
|
||||
|
||||
// Whether jicofo should inject a random SSRC for endpoints which don't advertise any SSRCs. This is a temporary
|
||||
// workaround for an issue with signaling endpoints for Octo.
|
||||
inject-ssrc-for-recv-only-endpoints = false
|
||||
|
||||
max-ssrcs-per-user = 20
|
||||
|
||||
// How long a participant's media session will be kept alive once it remains the only participant in the room.
|
||||
single-participant-timeout = 20 seconds
|
||||
|
||||
// The minimum number of participants required for the conference to be started.
|
||||
min-participants = 2
|
||||
|
||||
// Experimental.
|
||||
enable-lip-sync = false
|
||||
|
||||
shared-document {
|
||||
// If `true` the shared document uses a random name. Otherwise, it uses the conference name.
|
||||
use-random-name = false
|
||||
}
|
||||
}
|
||||
|
||||
// Configuration for the internal health checks performed by jicofo.
|
||||
health {
|
||||
// Whether to perform health checks.
|
||||
enabled = false
|
||||
|
||||
// The interval between health checks. If set to 0, periodic health checks will not be performed.
|
||||
interval = 10 seconds
|
||||
|
||||
# The timeout for a health check
|
||||
timeout = 30 seconds
|
||||
|
||||
# If performing a health check takes longer than this, it is considered unsuccessful.
|
||||
max-check-duration = 20 seconds
|
||||
|
||||
# The prefix to use when creating MUC rooms for the purpose of health checks.
|
||||
room-name-prefix = "__jicofo-health-check"
|
||||
}
|
||||
|
||||
jibri {
|
||||
// The JID of the MUC to be used as a brewery for jibri instances for streaming.
|
||||
# brewery-jid = "jibribrewery@example.com"
|
||||
|
||||
// How many times to retry a given Jibri request before giving up. Set to -1 to allow infinite retries.
|
||||
num-retries = 5
|
||||
|
||||
// How long to wait for Jibri to start recording from the time it accepts a START request.
|
||||
pending-timeout = 90 seconds
|
||||
}
|
||||
|
||||
jibri-sip {
|
||||
// The JID of the MUC to be used as a brewery for jibri instances for SIP.
|
||||
# brewery-jid = "jibrisipbrewery@example.com"
|
||||
}
|
||||
|
||||
jigasi {
|
||||
// The JID of the MUC to be used as a brewery for jigasi instances.
|
||||
# brewery-jid = "jigasibrewery@example.com"
|
||||
}
|
||||
|
||||
// The region in which the machine is running.
|
||||
#local-region="us-east-1"
|
||||
|
||||
octo {
|
||||
// Whether or not to use Octo. Note that when enabled, its use will be determined by
|
||||
// $jicofo.bridge.selection-strategy.
|
||||
enabled = false
|
||||
|
||||
// An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of
|
||||
// Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured.
|
||||
id = 1
|
||||
}
|
||||
|
||||
rest {
|
||||
port = 8888
|
||||
tls-port = 8843
|
||||
}
|
||||
|
||||
sctp {
|
||||
// Whether to allocate SCTP channels on the bridge (only when the client advertises support, and SCTP is
|
||||
// enabled in the per-conference configuration).
|
||||
enabled = true
|
||||
}
|
||||
|
||||
task-pools {
|
||||
shared-pool-max-threads = 1500
|
||||
}
|
||||
|
||||
xmpp {
|
||||
// The separate XMPP connection used for communication with clients (endpoints).
|
||||
client {
|
||||
enabled = true
|
||||
hostname = "{{ env "NOMAD_IP_xmpp_port" }}"
|
||||
port = {{ env "NOMAD_PORT_xmpp_port" }}
|
||||
domain = "auth.jitsi"
|
||||
username = "focus"
|
||||
password = {{ key "secrets/jitsi/jitsi_secret_jicofo_user" }}
|
||||
|
||||
// How long to wait for a response to a stanza before giving up.
|
||||
reply-timeout = 15 seconds
|
||||
|
||||
// The JID/domain of the MUC service used for conferencing.
|
||||
conference-muc-jid = conference.jitsi
|
||||
|
||||
// A flag to suppress the TLS certificate verification.
|
||||
disable-certificate-verification = false
|
||||
}
|
||||
// The separate XMPP connection used for internal services (currently only jitsi-videobridge).
|
||||
service {
|
||||
enabled = false
|
||||
hostname = "jitsi-xmpp"
|
||||
port = 5222
|
||||
domain = "auth.jitsi"
|
||||
username = "focus"
|
||||
password = "jicofopass"
|
||||
|
||||
// How long to wait for a response to a stanza before giving up.
|
||||
reply-timeout = 15 seconds
|
||||
|
||||
// A flag to suppress the TLS certificate verification.
|
||||
disable-certificate-verification = false
|
||||
}
|
||||
}
|
||||
}
|
42
app/jitsi/config/nginx.conf
Normal file
42
app/jitsi/config/nginx.conf
Normal file
|
@ -0,0 +1,42 @@
|
|||
# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
|
||||
error_log /dev/stderr;
|
||||
|
||||
events {}
|
||||
|
||||
http {
|
||||
access_log /dev/stdout;
|
||||
server_names_hash_bucket_size 64;
|
||||
|
||||
server {
|
||||
listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||
listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||
server_name _;
|
||||
ssl_certificate /etc/nginx/jitsi.crt;
|
||||
ssl_certificate_key /etc/nginx/jitsi.key;
|
||||
root /srv/jitsi-meet;
|
||||
index index.html;
|
||||
|
||||
# lot of work would be needed to improve location rules
|
||||
# - in order to allow - and _ in the URL, even space
|
||||
# - while not shadowing other files (.js and following locations)
|
||||
# - passed some times twice on the problem, not as easy as it seems
|
||||
location ~ ^/([a-zA-Z0-9=\?]+)$ {
|
||||
rewrite ^/(.*)$ / break;
|
||||
}
|
||||
location / {
|
||||
ssi on;
|
||||
}
|
||||
|
||||
location /external_api.js {
|
||||
alias /srv/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
|
||||
location /http-bind {
|
||||
proxy_pass http://{{ env "NOMAD_ADDR_xmpp_port" }}/http-bind;
|
||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||
proxy_set_header Host \$http_host;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
135
app/jitsi/config/prosody.cfg.lua
Normal file
135
app/jitsi/config/prosody.cfg.lua
Normal file
|
@ -0,0 +1,135 @@
|
|||
modules_enabled = {
|
||||
"roster"; -- Allow users to have a roster. Recommended ;)
|
||||
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||||
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||||
"dialback"; -- s2s dialback support
|
||||
"disco"; -- Service discovery
|
||||
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
|
||||
"version"; -- Replies to server version requests
|
||||
"uptime"; -- Report how long server has been running
|
||||
"time"; -- Let others know the time here on this server
|
||||
"ping"; -- Replies to XMPP pings with pongs
|
||||
"pep"; -- Enables users to publish their mood, activity, playing music and more
|
||||
-- jitsi
|
||||
--"smacks"; -- not shipped with prosody
|
||||
"carbons";
|
||||
"mam";
|
||||
"lastactivity";
|
||||
"offline";
|
||||
"pubsub";
|
||||
"adhoc";
|
||||
"websocket";
|
||||
--"http_altconnect"; -- not shipped with prosody
|
||||
}
|
||||
modules_disabled = { "s2s" }
|
||||
|
||||
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
||||
|
||||
log = {
|
||||
--log less on console with warn="*console"; or err="*console" or more with debug="*console"
|
||||
info="*console";
|
||||
}
|
||||
daemonize = false
|
||||
use_libevent = true
|
||||
|
||||
-- domain mapper options, must at least have domain base set to use the mapper
|
||||
muc_mapper_domain_base = "jitsi.deuxfleurs.fr";
|
||||
|
||||
--@FIXME would be great to configure it
|
||||
--turncredentials_secret = "__turnSecret__";
|
||||
|
||||
--turncredentials = {
|
||||
-- { type = "stun", host = "jitmeet.example.com", port = "3478" },
|
||||
-- { type = "turn", host = "jitmeet.example.com", port = "3478", transport = "udp" },
|
||||
-- { type = "turns", host = "jitmeet.example.com", port = "5349", transport = "tcp" }
|
||||
--};
|
||||
|
||||
cross_domain_bosh = false;
|
||||
consider_bosh_secure = true;
|
||||
component_ports = { } -- it seems we don't need external components for now...
|
||||
https_ports = { } -- we don't need https
|
||||
http_ports = { 5280 }
|
||||
c2s_ports = { 5222 }
|
||||
|
||||
|
||||
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
||||
ssl = {
|
||||
protocol = "tlsv1_2+";
|
||||
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
||||
}
|
||||
|
||||
VirtualHost "jitsi"
|
||||
enabled = true -- Remove this line to enable this host
|
||||
authentication = "anonymous"
|
||||
-- Properties below are modified by jitsi-meet-tokens package config
|
||||
-- and authentication above is switched to "token"
|
||||
--app_id="example_app_id"
|
||||
--app_secret="example_app_secret"
|
||||
-- Assign this host a certificate for TLS, otherwise it would use the one
|
||||
-- set in the global section (if any).
|
||||
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
||||
-- use the global one.
|
||||
ssl = {
|
||||
key = "/var/lib/prosody/jitsi.key";
|
||||
certificate = "/var/lib/prosody/jitsi.crt";
|
||||
}
|
||||
speakerstats_component = "speakerstats.jitsi"
|
||||
conference_duration_component = "conferenceduration.jitsi"
|
||||
-- we need bosh
|
||||
modules_enabled = {
|
||||
"bosh";
|
||||
"pubsub";
|
||||
"ping"; -- Enable mod_ping
|
||||
"speakerstats";
|
||||
--"turncredentials"; not supported yet
|
||||
"conference_duration";
|
||||
"muc_lobby_rooms";
|
||||
}
|
||||
c2s_require_encryption = false
|
||||
lobby_muc = "lobby.jitsi"
|
||||
main_muc = "conference.jitsi"
|
||||
-- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
||||
|
||||
Component "conference.jitsi" "muc"
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
"muc_meeting_id";
|
||||
"muc_domain_mapper";
|
||||
--"token_verification";
|
||||
}
|
||||
admins = { "focus@auth.jitsi" }
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
-- internal muc component
|
||||
Component "internal.auth.jitsi" "muc"
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
"ping";
|
||||
}
|
||||
admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
VirtualHost "auth.jitsi"
|
||||
ssl = {
|
||||
key = "/var/lib/prosody/auth.jitsi.key";
|
||||
certificate = "/var/lib/prosody/auth.jitsi.crt";
|
||||
}
|
||||
authentication = "internal_plain"
|
||||
|
||||
Component "focus.jitsi" "client_proxy"
|
||||
target_address = "focus@auth.jitsi"
|
||||
|
||||
Component "speakerstats.jitsi" "speakerstats_component"
|
||||
muc_component = "conference.jitsi"
|
||||
|
||||
Component "conferenceduration.jitsi" "conference_duration_component"
|
||||
muc_component = "conference.jitsi"
|
||||
|
||||
Component "lobby.jitsi" "muc"
|
||||
storage = "memory"
|
||||
restrict_room_creation = true
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
290
app/jitsi/config/videobridge.conf
Normal file
290
app/jitsi/config/videobridge.conf
Normal file
|
@ -0,0 +1,290 @@
|
|||
videobridge {
|
||||
entity-expiration {
|
||||
# If an entity has no activity after this timeout, it is expired
|
||||
timeout=1 minute
|
||||
|
||||
# The interval at which the videobridge will check for expired entities
|
||||
check-interval=${videobridge.entity-expiration.timeout}
|
||||
}
|
||||
health {
|
||||
# The interval between health checks
|
||||
interval=10 seconds
|
||||
|
||||
# The timeout for a health check
|
||||
timeout=30 seconds
|
||||
|
||||
# If performing a health check takes longer than this, it is considered unsuccessful.
|
||||
max-check-duration=3 seconds
|
||||
|
||||
# Whether or not health check failures should be 'sticky'
|
||||
# (i.e. once the bridge becomes unhealthy, it will never
|
||||
# go back to a healthy state)
|
||||
sticky-failures=false
|
||||
}
|
||||
ep-connection-status {
|
||||
# How long we'll wait for an endpoint to *start* sending
|
||||
# data before we consider it 'inactive'
|
||||
first-transfer-timeout=15 seconds
|
||||
|
||||
# How long an endpoint can be 'inactive' before it will
|
||||
# be considered disconnected
|
||||
max-inactivity-limit=3 seconds
|
||||
|
||||
# How often we check endpoint's connectivity status
|
||||
check-interval=500 milliseconds
|
||||
}
|
||||
cc {
|
||||
bwe-change-threshold=0.15
|
||||
thumbnail-max-height-px=180
|
||||
onstage-ideal-height-px=1080
|
||||
onstage-preferred-height-px=360
|
||||
onstage-preferred-framerate=30
|
||||
enable-onstage-video-suspend=false
|
||||
trust-bwe=true
|
||||
|
||||
# How often we check to send probing data
|
||||
padding-period=15ms
|
||||
|
||||
# How often we'll force recalculations of forwarded
|
||||
# streams
|
||||
max-time-between-calculations = 15 seconds
|
||||
|
||||
# A JVB-wide last-n value, observed by all endpoints. Endpoints
|
||||
# will take the minimum of their setting and this one (-1 implies
|
||||
# no last-n limit)
|
||||
jvb-last-n = -1
|
||||
}
|
||||
# The APIs by which the JVB can be controlled
|
||||
apis {
|
||||
xmpp-client {
|
||||
# The interval at which presence is published in the configured MUCs.
|
||||
presence-interval = ${videobridge.stats.interval}
|
||||
|
||||
configs {
|
||||
unique-xmpp-server {
|
||||
hostname="{{ env "NOMAD_IP_xmpp_port" }}"
|
||||
port = {{ env "NOMAD_PORT_xmpp_port" }}
|
||||
domain = "auth.jitsi"
|
||||
username = "jvb"
|
||||
password = "{{ key "secrets/jitsi/jitsi_secret_jvb_user" }}"
|
||||
muc_jids = "jvbbrewery@internal.auth.jitsi"
|
||||
# The muc_nickname must be unique across all jitsi-videobridge instances
|
||||
muc_nickname = "unique-jvb-server"
|
||||
disable_certificate_verification = false
|
||||
}
|
||||
# example-connection-id {
|
||||
# For the properties which should be
|
||||
# filled out here, see MucClientConfiguration
|
||||
# }
|
||||
}
|
||||
}
|
||||
# The COLIBRI REST API
|
||||
rest {
|
||||
enabled = true
|
||||
}
|
||||
jvb-api {
|
||||
enabled = true
|
||||
}
|
||||
}
|
||||
# Configuration of the different REST APIs.
|
||||
# Note that the COLIBRI REST API is configured under videobridge.apis.rest instead.
|
||||
rest {
|
||||
debug {
|
||||
enabled = true
|
||||
}
|
||||
health {
|
||||
enabled = true
|
||||
}
|
||||
shutdown {
|
||||
# Note that the shutdown API requires the COLIBRI API to also be enabled.
|
||||
enabled = false
|
||||
}
|
||||
version {
|
||||
enabled = true
|
||||
}
|
||||
}
|
||||
http-servers {
|
||||
# The HTTP server which hosts services intended for 'public' use
|
||||
# (e.g. websockets for the bridge channel connection)
|
||||
public {
|
||||
# See JettyBundleActivatorConfig in Jicoco for values
|
||||
port = -1
|
||||
tls-port = -1
|
||||
}
|
||||
# The HTTP server which hosts services intended for 'private' use
|
||||
# (e.g. health or debug stats)
|
||||
private {
|
||||
# See JettyBundleActivatorConfig in Jicoco for values
|
||||
host = 127.0.0.1
|
||||
}
|
||||
}
|
||||
octo {
|
||||
# Whether or not Octo is enabled
|
||||
enabled=false
|
||||
|
||||
# A string denoting the 'region' of this JVB. This region
|
||||
# will be used by Jicofo in the selection of a bridge for
|
||||
# a client by comparing it to the client's region.
|
||||
# Must be set when 'enabled' is true
|
||||
#region="us-west-1"
|
||||
|
||||
# The address on which the Octo relay should bind
|
||||
# Must be set when 'enabled' is true
|
||||
#bind-address=198.51.100.1
|
||||
|
||||
# The port to which the Octo relay should bind
|
||||
bind-port=4096
|
||||
|
||||
# The address which controls the public address which
|
||||
# will be part of the Octo relayId
|
||||
#public-address=198.51.100.1
|
||||
|
||||
# The size of the incoming octo queue. This queue is per-remote-endpoint,
|
||||
# so it matches what we use for local endpoints
|
||||
recv-queue-size=1024
|
||||
|
||||
# The size of the outgoing octo queue. This is a per-originating-endpoint
|
||||
# queue, so assuming all packets are routed (as they currently are for Octo)
|
||||
# it should be the same size as the transceiver recv queue in
|
||||
# jitsi-media-transform. Repeating the description from there:
|
||||
# Assuming 300pps for high-definition, 200pps for standard-definition,
|
||||
# 100pps for low-definition and 50pps for audio, this queue is fed
|
||||
# 650pps, so its size in terms of millis is 1024/650*1000 ~= 1575ms.
|
||||
send-queue-size=1024
|
||||
}
|
||||
load-management {
|
||||
# Whether or not the reducer will be enabled to take actions to mitigate load
|
||||
reducer-enabled = false
|
||||
load-measurements {
|
||||
packet-rate {
|
||||
# The packet rate at which we'll consider the bridge overloaded
|
||||
load-threshold = 50000
|
||||
# The packet rate at which we'll consider the bridge 'underloaded' enough
|
||||
# to start recovery
|
||||
recovery-threshold = 40000
|
||||
}
|
||||
}
|
||||
load-reducers {
|
||||
last-n {
|
||||
# The factor by which we'll reduce the current last-n when trying to reduce load
|
||||
reduction-scale = .75
|
||||
# The factor by which we'll increase the current last-n when trying to recover
|
||||
recover-scale = 1.25
|
||||
# The minimum time in between runs of the last-n reducer to reduce or recover from
|
||||
# load
|
||||
impact-time = 1 minute
|
||||
# The lowest value we'll set for last-n
|
||||
minimum-last-n-value = 0
|
||||
# The highest last-n value we'll enforce. Once the enforced last-n exceeds this value
|
||||
# we'll remove the limit entirely
|
||||
maximum-enforced-last-n-value = 40
|
||||
}
|
||||
}
|
||||
}
|
||||
sctp {
|
||||
# Whether SCTP data channels are enabled.
|
||||
enabled=true
|
||||
}
|
||||
stats {
|
||||
# Whether periodic collection of statistics is enabled or not. When enabled they are accessible through the REST
|
||||
# API (at `/colibri/stats`), and are available to other modules (e.g. to be pushed to callstats or in a MUC).
|
||||
enabled = true
|
||||
|
||||
# The interval at which stats are gathered.
|
||||
interval = 5 seconds
|
||||
|
||||
# Configuration related to pushing statistics to callstats.io.
|
||||
callstats {
|
||||
# An integer application ID (use 0 to disable pushing stats to callstats).
|
||||
app-id = 0
|
||||
|
||||
# The shared secred to authentication with callstats.io.
|
||||
//app-secret = "s3cret"
|
||||
|
||||
# ID of the key that was used to generate token.
|
||||
//key-id = "abcd"
|
||||
|
||||
# The path to private key file.
|
||||
//key-path = "/etc/jitsi/videobridge/ecpriv.jwk"
|
||||
|
||||
# The ID of the server instance to be used when reporting to callstats.
|
||||
bridge-id = "jitsi"
|
||||
|
||||
# TODO: document
|
||||
//conference-id-prefix = "abcd"
|
||||
|
||||
# The interval at which statististics will be published to callstats. This affects both per-conference and global
|
||||
# statistics.
|
||||
# Note that this value will be overriden if a "callstatsio" transport is defined in the parent "stats" section.
|
||||
interval = ${videobridge.stats.interval}
|
||||
}
|
||||
}
|
||||
websockets {
|
||||
enabled=false
|
||||
server-id="default-id"
|
||||
|
||||
# Optional, even when 'enabled' is set to true
|
||||
# tls=true
|
||||
# Must be set when enabled = true
|
||||
#domain="some-domain"
|
||||
}
|
||||
ice {
|
||||
tcp {
|
||||
# Whether ICE/TCP is enabled.
|
||||
enabled = true
|
||||
|
||||
# The port to bind to for ICE/TCP.
|
||||
port = {{ env "NOMAD_PORT_video_port" }}
|
||||
|
||||
# An optional additional port to advertise.
|
||||
# mapped-port = 8443
|
||||
# Whether to use "ssltcp" or plain "tcp".
|
||||
ssltcp = true
|
||||
}
|
||||
|
||||
udp {
|
||||
# The port for ICE/UDP.
|
||||
port = {{ env "NOMAD_PORT_video_port" }}
|
||||
}
|
||||
|
||||
# An optional prefix to include in STUN username fragments generated by the bridge.
|
||||
#ufrag-prefix = "jvb-123:"
|
||||
|
||||
# Which candidate pairs to keep alive. The accepted values are defined in ice4j's KeepAliveStrategy:
|
||||
# "selected_and_tcp", "selected_only", or "all_succeeded".
|
||||
keep-alive-strategy = "selected_and_tcp"
|
||||
|
||||
# Whether to use the "component socket" feature of ice4j.
|
||||
use-component-socket = true
|
||||
|
||||
# Whether to attempt DNS resolution for remote candidates that contain a non-literal address. When set to 'false'
|
||||
# such candidates will be ignored.
|
||||
resolve-remote-candidates = false
|
||||
|
||||
# The nomination strategy to use for ICE. THe accepted values are defined in ice4j's NominationStrategy:
|
||||
# "NominateFirstValid", "NominateHighestPriority", "NominateFirstHostOrReflexiveValid", or "NominateBestRTT".
|
||||
nomination-strategy = "NominateFirstValid"
|
||||
}
|
||||
|
||||
transport {
|
||||
send {
|
||||
# The size of the dtls-transport outgoing queue. This is a per-participant
|
||||
# queue. Packets from the egress end-up in this queue right before
|
||||
# transmission by the outgoing srtp pipeline (which mainly consists of the
|
||||
# packet sender).
|
||||
#
|
||||
# Its size needs to be of the same order of magnitude as the rtp sender
|
||||
# queue. In a 100 participant call, assuming 300pps for the on-stage and
|
||||
# 100pps for low-definition, last-n 20 and 2 participants talking, so
|
||||
# 2*50pps for audio, this queue is fed 300+19*100+2*50 = 2300pps, so its
|
||||
# size in terms of millis is 1024/2300*1000 ~= 445ms.
|
||||
queue-size=1024
|
||||
}
|
||||
}
|
||||
|
||||
version {
|
||||
// Wheather to announe the jitsi-videobridge version to clients in the ServerHello message.
|
||||
announce = false
|
||||
}
|
||||
}
|
||||
|
|
@ -11,46 +11,59 @@ job "jitsi" {
|
|||
|
||||
network {
|
||||
port "bosh_port" { }
|
||||
port "ext_port" { static = 5347 }
|
||||
port "xmpp_port" { static = 5222 }
|
||||
port "xmpp_port" { }
|
||||
port "https_port" { }
|
||||
port "video1_port" { static = 8081 }
|
||||
port "video2_port" { static = 10000 }
|
||||
port "video_port" { static = 8080 }
|
||||
}
|
||||
|
||||
task "xmpp" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_jitsi_xmpp:v8"
|
||||
ports = [ "bosh_port", "ext_port", "xmpp_port" ]
|
||||
image = "superboum/amd64_jitsi_xmpp:v9"
|
||||
ports = [ "bosh_port", "xmpp_port" ]
|
||||
network_mode = "host"
|
||||
volumes = [
|
||||
"secrets/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua"
|
||||
"secrets/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt"
|
||||
"secrets/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key"
|
||||
"secrets/certs/jitsi.crt:/var/lib/prosody/jitsi.crt"
|
||||
"secrets/certs/jitsi.key:/var/lib/prosody/jitsi.key"
|
||||
]
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/global_env.tpl")
|
||||
data = <<EOF
|
||||
JICOFO_AUTH_PASSWORD={{ key "secrets/jitsi/jicofo_pass" }}
|
||||
JVB_AUTH_PASSWORD={{ key "secrets/jitsi/jvb_pass" }}
|
||||
EOF
|
||||
destination = "secrets/global_env"
|
||||
env = true
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/prosody.cfg.lua")
|
||||
destination = "secrets/prosody.cfg.lua"
|
||||
}
|
||||
|
||||
# --- secrets ---
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
|
||||
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
|
||||
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
|
||||
destination = "secrets/certs/auth.jitsi.crt"
|
||||
}
|
||||
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
|
||||
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
|
||||
data = "{{ key \"secrets/jitsi/auth.jitsi.key\" }}"
|
||||
destination = "secrets/certs/auth.jitsi.key"
|
||||
}
|
||||
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
|
||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
|
||||
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
||||
destination = "secrets/certs/jitsi.crt"
|
||||
}
|
||||
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
|
||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
|
||||
data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
|
||||
destination = "secrets/certs/jitsi.key"
|
||||
}
|
||||
|
||||
resources {
|
||||
|
@ -62,7 +75,7 @@ job "jitsi" {
|
|||
tags = [ "jitsi", "bosh" ]
|
||||
port = "bosh_port"
|
||||
address_mode = "host"
|
||||
name = "jitsi-xmpp-bosh"
|
||||
name = "bosh-jitsi"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "bosh_port"
|
||||
|
@ -76,43 +89,48 @@ job "jitsi" {
|
|||
}
|
||||
}
|
||||
|
||||
service {
|
||||
tags = [ "jitsi", "ext" ]
|
||||
port = "ext_port"
|
||||
address_mode = "host"
|
||||
name = "jitsi-ext"
|
||||
}
|
||||
|
||||
service {
|
||||
tags = [ "jitsi", "xmpp" ]
|
||||
port = "xmpp_port"
|
||||
address_mode = "host"
|
||||
name = "jitsi-xmpp"
|
||||
name = "xmpp-jitsi"
|
||||
}
|
||||
}
|
||||
|
||||
task "front" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_jitsi_meet:v3"
|
||||
image = "superboum/amd64_jitsi_meet:v4"
|
||||
network_mode = "host"
|
||||
ports = [ "https_port" ]
|
||||
volumes = [
|
||||
"secrets/certs/jitsi.crt:/etc/nginx/jitsi.crt"
|
||||
"secrets/certs/jitsi.key:/etc/nginx/jitsi.key"
|
||||
"secrets/config.js:/srv/jitsi-meet/config.js"
|
||||
"secrets/nginx.conf:/etc/nginx/nginx.conf"
|
||||
]
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/global_env.tpl")
|
||||
destination = "secrets/global_env"
|
||||
data = file("../config/config.js")
|
||||
destination = "secrets/config.js"
|
||||
env = true
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/nginx.conf")
|
||||
destination = "secrets/nginx.conf"
|
||||
env = true
|
||||
}
|
||||
|
||||
# --- secrets ---
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
|
||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
|
||||
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
||||
destination = "secrets/certs/jitsi.crt"
|
||||
}
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
|
||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
|
||||
data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
|
||||
destination = "secrets/certs/jitsi.key"
|
||||
}
|
||||
|
||||
resources {
|
||||
|
@ -130,7 +148,7 @@ job "jitsi" {
|
|||
]
|
||||
port = "https_port"
|
||||
address_mode = "host"
|
||||
name = "jitsi-front-https"
|
||||
name = "https-jitsi"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "https_port"
|
||||
|
@ -148,25 +166,29 @@ job "jitsi" {
|
|||
task "jicofo" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_jitsi_conference_focus:v6"
|
||||
image = "superboum/amd64_jitsi_conference_focus:v7"
|
||||
network_mode = "host"
|
||||
volumes = [
|
||||
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt"
|
||||
"secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt"
|
||||
"secrets/jicofo.conf:/etc/jitsi/jicofo.conf"
|
||||
]
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/global_env.tpl")
|
||||
destination = "secrets/global_env"
|
||||
env = true
|
||||
data = file("../config/jicofo.conf")
|
||||
destination = "secrets/jicofo.conf"
|
||||
}
|
||||
|
||||
#--- secrets ---
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
|
||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
|
||||
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
||||
destination = "secrets/certs/jitsi.crt"
|
||||
}
|
||||
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
|
||||
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
|
||||
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
|
||||
destination = "secrets/certs/auth.jitsi.crt"
|
||||
}
|
||||
|
||||
resources {
|
||||
|
@ -178,57 +200,62 @@ job "jitsi" {
|
|||
task "videobridge" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_jitsi_videobridge:v16"
|
||||
image = "superboum/amd64_jitsi_videobridge:v17"
|
||||
network_mode = "host"
|
||||
ports = [ "video1_port", "video2_port" ]
|
||||
ports = [ "video_port" ]
|
||||
ulimit {
|
||||
nofile = "1048576:1048576"
|
||||
nproc = "65536:65536"
|
||||
}
|
||||
volumes = [
|
||||
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt"
|
||||
"secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt"
|
||||
"secrets/videobridge.conf:/etc/jitsi/videobridge.conf"
|
||||
]
|
||||
}
|
||||
|
||||
env {
|
||||
#JITSI_DEBUG = 1
|
||||
JITSI_VIDEO_TCP = 8081
|
||||
VIDEOBRIDGE_MAX_MEMORY = "1450m"
|
||||
# Our container can autodetect the public IP with the ifconfig.me service
|
||||
# However we would like to avoid relying on a 3rd party service for production use
|
||||
# That's why I am setting the public IP address statically here VVVV
|
||||
JITSI_NAT_PUBLIC_IP = "78.197.205.190"
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("../config/global_env.tpl")
|
||||
destination = "secrets/global_env"
|
||||
data = file("../config/videobridge.conf")
|
||||
destination = "secrets/videobridge.conf"
|
||||
env = true
|
||||
}
|
||||
|
||||
# --- secrets ---
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
||||
destination = "secrets/certs/jitsi.crt"
|
||||
}
|
||||
|
||||
template {
|
||||
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
|
||||
destination = "secrets/certs/auth.jitsi.crt"
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 900
|
||||
memory = 1500
|
||||
memory = 3000
|
||||
}
|
||||
|
||||
service {
|
||||
tags = [ "jitsi", "(diplonat (tcp_port 8081))" ]
|
||||
port = "video1_port"
|
||||
tags = [ "jitsi", "(diplonat (tcp_port 8080) (udp_port 8080))" ]
|
||||
port = "video_port"
|
||||
address_mode = "host"
|
||||
name = "jitsi-videobridge-video1"
|
||||
name = "video-jitsi"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "video1_port"
|
||||
port = "video_port"
|
||||
interval = "60s"
|
||||
timeout = "5s"
|
||||
check_restart {
|
||||
limit = 3
|
||||
grace = "90s"
|
||||
ignore_warnings = false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
service {
|
||||
tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
|
||||
port = "video2_port"
|
||||
address_mode = "host"
|
||||
name = "jitsi-videobridge-video2"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -66,6 +66,7 @@ videobridge {
|
|||
domain = "auth.jitsi"
|
||||
username = "jvb"
|
||||
password = "jvbpass"
|
||||
port = 5222
|
||||
muc_jids = "jvbbrewery@internal.auth.jitsi"
|
||||
# The muc_nickname must be unique across all jitsi-videobridge instances
|
||||
muc_nickname = "unique-jvb-server"
|
||||
|
|
1
app/jitsi/secrets/jitsi/auth.jitsi.crt
Normal file
1
app/jitsi/secrets/jitsi/auth.jitsi.crt
Normal file
|
@ -0,0 +1 @@
|
|||
SSL_CERT jitsi_auth auth.jitsi
|
|
@ -1 +0,0 @@
|
|||
SSL_CERT jitsi_auth autj.jitsi.deuxfleurs.fr
|
|
@ -1 +0,0 @@
|
|||
SSL_KEY jitsi_auth autj.jitsi.deuxfleurs.fr
|
1
app/jitsi/secrets/jitsi/auth.jitsi.key
Normal file
1
app/jitsi/secrets/jitsi/auth.jitsi.key
Normal file
|
@ -0,0 +1 @@
|
|||
SSL_KEY jitsi_auth auth.jitsi
|
1
app/jitsi/secrets/jitsi/jicofo_pass
Normal file
1
app/jitsi/secrets/jitsi/jicofo_pass
Normal file
|
@ -0,0 +1 @@
|
|||
CMD openssl rand -base64 24
|
1
app/jitsi/secrets/jitsi/jitsi.crt
Normal file
1
app/jitsi/secrets/jitsi/jitsi.crt
Normal file
|
@ -0,0 +1 @@
|
|||
SSL_CERT jitsi jitsi
|
|
@ -1 +0,0 @@
|
|||
SSL_CERT jitsi jitsi.deuxfleurs.fr
|
|
@ -1 +0,0 @@
|
|||
SSL_KEY jitsi
|
1
app/jitsi/secrets/jitsi/jitsi.key
Normal file
1
app/jitsi/secrets/jitsi/jitsi.key
Normal file
|
@ -0,0 +1 @@
|
|||
SSL_KEY jitsi jitsi
|
1
app/jitsi/secrets/jitsi/jvb_pass
Normal file
1
app/jitsi/secrets/jitsi/jvb_pass
Normal file
|
@ -0,0 +1 @@
|
|||
CMD openssl rand -base64 24
|
Loading…
Reference in a new issue