aboutsummaryrefslogtreecommitdiff
path: root/app/jitsi/integration
diff options
context:
space:
mode:
authorLUXEY Adrien <adrien.luxey@inria.fr>2021-01-29 10:57:42 +0100
committerLUXEY Adrien <adrien.luxey@inria.fr>2021-01-29 10:57:42 +0100
commit9a263b762bab91fd4406bd4a454267bc71e3a66c (patch)
treecb207b05ca713a584bbc0a7e7159a590efffdaf7 /app/jitsi/integration
parent8f0cb24246a19f25f1865109730939ea64dbab2b (diff)
parent982efd1b49f7435f7c49c2099aabfc994d3901fb (diff)
downloadinfrastructure-9a263b762bab91fd4406bd4a454267bc71e3a66c.tar.gz
infrastructure-9a263b762bab91fd4406bd4a454267bc71e3a66c.zip
Merge branch 'master' of git.deuxfleurs.fr:Deuxfleurs/infrastructure
Diffstat (limited to 'app/jitsi/integration')
-rw-r--r--app/jitsi/integration/README.md68
-rw-r--r--app/jitsi/integration/docker-compose.yml37
-rw-r--r--app/jitsi/integration/jicofo/jicofo.conf273
-rw-r--r--app/jitsi/integration/jvb/videobridge.conf279
-rw-r--r--app/jitsi/integration/prosody/prosody.cfg.lua106
-rw-r--r--app/jitsi/integration/prosody/prosody.cfg.lua.back64
6 files changed, 827 insertions, 0 deletions
diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md
new file mode 100644
index 0000000..82fa91d
--- /dev/null
+++ b/app/jitsi/integration/README.md
@@ -0,0 +1,68 @@
+## About Jitsi
+
+Several server components:
+ - prosody XMPP (ext)
+ - jitsi videobridge aka JVB
+ - jitsi conference focus aka jicofo aka focus
+ - jitsi meet
+ - octo
+ - jigasi
+ - jibri
+ - etc.
+
+Some libs:
+ - libjitsi
+ - jicoco
+ - jitsi-utils
+ - etc.
+
+Client components:
+ - jitsi meet electron
+ - jitsi android/ios
+ - etc.
+
+## Conf
+
+Base conf:
+
+ - [videobridge.conf](https://github.com/jitsi/jitsi-videobridge/blob/master/jvb/src/main/resources/reference.conf)
+ - [jicofo.conf](https://github.com/jitsi/jicofo/blob/master/src/main/resources/reference.conf)
+
+the following is used in videobridge.conf:
+[jicoco/MucClientConfiguration](https://github.com/jitsi/jicoco/blob/master/jicoco/src/main/java/org/jitsi/xmpp/mucclient/MucClientConfiguration.java)
+
+How the new configuration is read in jicoco:
+https://github.com/jitsi/jicoco/blob/master/jicoco-config/src/main/kotlin/org/jitsi/config/JitsiConfig.kt#L83-L91
+They use this library: https://github.com/lightbend/config
+We are particularly interested by: https://github.com/lightbend/config#standard-behavior
+Using 'application.conf' with classpath does not seem to work.
+But, specifying the file path as `-Dconfig.file=/etc/jitsi/jicofo.conf` works!
+
+Some parameters are also set independently of lightbend hocon config.
+They are seen in jicofo entrypoint:
+https://github.com/jitsi/jicofo/blob/master/src/main/java/org/jitsi/jicofo/Main.java
+Many of these parameters can be in fact read from the HOCON file except one: the `--secret` parameter or the `JICOFO_SECRET` env variable.
+But we can see this is a deprecated thing, it has been already removed from master: https://github.com/jitsi/jicofo/commit/c9e5b50a8b4e77f8b8cb8831a4a044a53edfcf48
+For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set
+But maybe this value is deprecated: the check is still here but it is not used anymore?!
+
+## Generate certs with prosody
+```
+prosodyctl cert generate auth.jitsi
+prosodyctl cert generate jitsi
+```
+
+## An example prosody configuration file
+
+https://github.com/jitsi/jitsi-meet/blob/master/doc/example-config-files/prosody.cfg.lua.example
+
+but this one is not the one used by the [debian postinst script](https://github.com/jitsi/jitsi-meet/blob/master/debian/jitsi-meet-prosody.postinst)
+instead, we should look at this one: https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example
+
+Jitsi can be configured to authenticated through tokens,
+the postinst file is here: https://github.com/jitsi/jitsi-meet/blob/master/debian/jitsi-meet-tokens.postinst
+
+## Resources to understand jitsi
+
+ - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst)
+ - [videobridge/debian/postinst](https://github.com/jitsi/jitsi-videobridge/blob/master/debian/postinst)
diff --git a/app/jitsi/integration/docker-compose.yml b/app/jitsi/integration/docker-compose.yml
new file mode 100644
index 0000000..2f8141a
--- /dev/null
+++ b/app/jitsi/integration/docker-compose.yml
@@ -0,0 +1,37 @@
+version: '3.4'
+services:
+ jitsi-xmpp:
+ image: superboum/amd64_jitsi_xmpp:v9
+ volumes:
+ - "./prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua:ro"
+ - "./prosody/certs/jitsi.crt:/var/lib/prosody/jitsi.crt:ro"
+ - "./prosody/certs/jitsi.key:/var/lib/prosody/jitsi.key:ro"
+ - "./prosody/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt:ro"
+ - "./prosody/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key:ro"
+ environment:
+ - JICOFO_AUTH_PASSWORD=jicofopass
+ - JVB_AUTH_PASSWORD=jvbpass
+
+ jitsi-conference-focus:
+ image: superboum/amd64_jitsi_conference_focus:v7
+ volumes:
+ - "./prosody/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt:ro"
+ - "./jicofo/jicofo.conf:/etc/jitsi/jicofo.conf:ro"
+ environment:
+ - JDOMAIN=jitsi
+ - JHOST=jitsi-xmpp
+ - JPORT=5347
+ - JSUBDOMAIN=focus
+ - JICOFO_SECRET=jicofosecretpass
+ - JUSERDOMAIN=auth.jitsi
+ - JUSERNAME=focus
+ - JICOFO_AUTH_PASSWORD=jicofopass
+# jitsi-meet:
+# image: superboum/amd64_jitsi_meet:v1
+# ports:
+# - "443:443"
+# jitsi-videobridge:
+# image: superboum/amd64_jitsi_videobridge:v14
+# ports:
+# - "8080:8080/tcp"
+# - "10000:10000/udp"
diff --git a/app/jitsi/integration/jicofo/jicofo.conf b/app/jitsi/integration/jicofo/jicofo.conf
new file mode 100644
index 0000000..4ef175f
--- /dev/null
+++ b/app/jitsi/integration/jicofo/jicofo.conf
@@ -0,0 +1,273 @@
+jicofo {
+ // Authentication with external services
+ authentication {
+ enabled = false
+ // The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default).
+ type = SHIBBOLETH
+
+ // The pattern of authentication URL. See ShibbolethAuthAuthority for more information.
+ # login-url =
+
+ # logout-url =
+
+ authentication-lifetime = 24 hours
+ enable-auto-login = true
+ }
+ // Configuration related to jitsi-videobridge
+ bridge {
+ // The maximum number of participants in a single conference to put on one bridge (use -1 for no maximum).
+ max-bridge-participants = -1
+ // The assumed maximum packet rate that a bridge can handle.
+ max-bridge-packet-rate = 50000
+ // The assumed average packet rate per participant.
+ average-participant-packet-rate-pps = 500
+ // The assumed average stress per participant.
+ average-participant-stress = 0.01
+ // The assumed time that an endpoint takes to start contributing fully to the load on a bridge. To avoid allocating
+ // a burst of endpoints to the same bridge, the bridge stress is adjusted by adding the number of new endpoints
+ // in the last [participant-rampup-time] multiplied by [average-participant-stress].
+ participant-rampup-interval = 20 seconds
+ // The stress level above which a bridge is considered overstressed.
+ stress-threshold = 0.8
+ // The amount of to wait before retrying using a failed bridge.
+ failure-reset-threshold = 1 minute
+ // The bridge selection strategy. The built-in strategies are:
+ // SingleBridgeSelectionStrategy: Use the least loaded bridge, do not split a conference between bridges (Octo).
+ // SplitBridgeSelectionStrategy: Use a separate bridge for each participant (for testing).
+ // RegionBasedBridgeSelectionStrategy: Attempt to put each participant in a bridge in their local region (i.e. use
+ // Octo for geo-location).
+ // IntraRegionBridgeSelectionStrategy: Use additional bridges when a bridge becomes overloaded (i.e. use Octo for
+ // load balancing).
+ //
+ // Additionally, you can use the fully qualified class name for custom BridgeSelectionStrategy implementations.
+ selection-strategy = SingleBridgeSelectionStrategy
+ health-checks {
+ // Whether jicofo should perform periodic health checks to the connected bridges.
+ enabled = true
+ // The interval at which to perform health checks.
+ interval = 10 seconds
+ // When a health checks times out, jicofo will retry and only consider it fail after the retry fails. This
+ // configures the delay between the original health check timing out and the second health check being sent.
+ // It is a duration and defaults to half the [interval].
+ # retry-delay = 5 seconds
+ }
+
+ // The JID of the MUC to be used as a brewery for bridge instances.
+ brewery-jid = "jvbbrewery@jitsi"
+ }
+ // Configure the codecs and RTP extensions to be used in the offer sent to clients.
+ codec {
+ video {
+ vp8 {
+ enabled = true
+ pt = 100
+ // Payload type for the associated RTX stream. Set to -1 to disable RTX.
+ rtx-pt = 96
+ }
+ vp9 {
+ enabled = true
+ pt = 101
+ // Payload type for the associated RTX stream. Set to -1 to disable RTX.
+ rtx-pt = 97
+ }
+ h264 {
+ enabled = true
+ pt = 107
+ // Payload type for the associated RTX stream. Set to -1 to disable RTX.
+ rtx-pt = 99
+ }
+ }
+
+ audio {
+ isac-16000 {
+ enabled = true
+ pt = 103
+ }
+ isac-32000 {
+ enabled = true
+ pt = 104
+ }
+ opus {
+ enabled = true
+ pt = 111
+ minptime = 10
+ use-inband-fec = true
+ red {
+ enabled = false
+ pt = 112
+ }
+ }
+ telephone-event {
+ enabled = true
+ pt = 126
+ }
+ }
+
+ // RTP header extensions
+ rtp-extensions {
+ audio-level {
+ enabled = true
+ id = 1
+ }
+ tof {
+ // TOF is currently disabled, because we don't support it in the bridge
+ // (and currently clients seem to not use it when abs-send-time is
+ // available).
+ enabled = false
+ id = 2
+ }
+ abs-send-time {
+ enabled = true
+ id = 3
+ }
+ rid {
+ enabled = false
+ id = 4
+ }
+ tcc {
+ enabled = true
+ id = 5
+ }
+ video-content-type {
+ enabled = false
+ id = 7
+ }
+ framemarking {
+ enabled = false
+ id = 9
+ }
+ }
+ }
+
+ conference {
+ // Whether to automatically grant the 'owner' role to the first participant in the conference (and subsequently to
+ // the next in line when the current owner leaves).
+ enable-auto-owner = true
+
+ // How long to wait for the initial participant in a conference.
+ initial-timeout = 15 seconds
+
+ // Whether jicofo should inject a random SSRC for endpoints which don't advertise any SSRCs. This is a temporary
+ // workaround for an issue with signaling endpoints for Octo.
+ inject-ssrc-for-recv-only-endpoints = false
+
+ max-ssrcs-per-user = 20
+
+ // How long a participant's media session will be kept alive once it remains the only participant in the room.
+ single-participant-timeout = 20 seconds
+
+ // The minimum number of participants required for the conference to be started.
+ min-participants = 2
+
+ // Experimental.
+ enable-lip-sync = false
+
+ shared-document {
+ // If `true` the shared document uses a random name. Otherwise, it uses the conference name.
+ use-random-name = false
+ }
+ }
+
+ // Configuration for the internal health checks performed by jicofo.
+ health {
+ // Whether to perform health checks.
+ enabled = false
+
+ // The interval between health checks. If set to 0, periodic health checks will not be performed.
+ interval = 10 seconds
+
+ # The timeout for a health check
+ timeout = 30 seconds
+
+ # If performing a health check takes longer than this, it is considered unsuccessful.
+ max-check-duration = 20 seconds
+
+ # The prefix to use when creating MUC rooms for the purpose of health checks.
+ room-name-prefix = "__jicofo-health-check"
+ }
+
+ jibri {
+ // The JID of the MUC to be used as a brewery for jibri instances for streaming.
+ # brewery-jid = "jibribrewery@example.com"
+
+ // How many times to retry a given Jibri request before giving up. Set to -1 to allow infinite retries.
+ num-retries = 5
+
+ // How long to wait for Jibri to start recording from the time it accepts a START request.
+ pending-timeout = 90 seconds
+ }
+
+ jibri-sip {
+ // The JID of the MUC to be used as a brewery for jibri instances for SIP.
+ # brewery-jid = "jibrisipbrewery@example.com"
+ }
+
+ jigasi {
+ // The JID of the MUC to be used as a brewery for jigasi instances.
+ # brewery-jid = "jigasibrewery@example.com"
+ }
+
+ // The region in which the machine is running.
+ #local-region="us-east-1"
+
+ octo {
+ // Whether or not to use Octo. Note that when enabled, its use will be determined by
+ // $jicofo.bridge.selection-strategy.
+ enabled = false
+
+ // An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of
+ // Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured.
+ id = 1
+ }
+
+ rest {
+ port = 8888
+ tls-port = 8843
+ }
+
+ sctp {
+ // Whether to allocate SCTP channels on the bridge (only when the client advertises support, and SCTP is
+ // enabled in the per-conference configuration).
+ enabled = true
+ }
+
+ task-pools {
+ shared-pool-max-threads = 1500
+ }
+
+ xmpp {
+ // The separate XMPP connection used for communication with clients (endpoints).
+ client {
+ enabled = true
+ hostname = "jitsi-xmpp"
+ port = 5222
+ domain = "auth.jitsi"
+ username = "focus"
+ password = "jicofopass"
+
+ // How long to wait for a response to a stanza before giving up.
+ reply-timeout = 15 seconds
+
+ // The JID/domain of the MUC service used for conferencing.
+ conference-muc-jid = conference.jitsi
+
+ // A flag to suppress the TLS certificate verification.
+ disable-certificate-verification = false
+ }
+ // The separate XMPP connection used for internal services (currently only jitsi-videobridge).
+ service {
+ enabled = true
+ hostname = "jitsi-xmpp"
+ port = 5222
+ domain = "auth.jitsi"
+ username = "focus"
+ password = "jicofopass"
+
+ // How long to wait for a response to a stanza before giving up.
+ reply-timeout = 15 seconds
+
+ // A flag to suppress the TLS certificate verification.
+ disable-certificate-verification = false
+ }
+ }
+}
diff --git a/app/jitsi/integration/jvb/videobridge.conf b/app/jitsi/integration/jvb/videobridge.conf
new file mode 100644
index 0000000..e9bded0
--- /dev/null
+++ b/app/jitsi/integration/jvb/videobridge.conf
@@ -0,0 +1,279 @@
+videobridge {
+ entity-expiration {
+ # If an entity has no activity after this timeout, it is expired
+ timeout=1 minute
+
+ # The interval at which the videobridge will check for expired entities
+ check-interval=${videobridge.entity-expiration.timeout}
+ }
+ health {
+ # The interval between health checks
+ interval=10 seconds
+
+ # The timeout for a health check
+ timeout=30 seconds
+
+ # If performing a health check takes longer than this, it is considered unsuccessful.
+ max-check-duration=3 seconds
+
+ # Whether or not health check failures should be 'sticky'
+ # (i.e. once the bridge becomes unhealthy, it will never
+ # go back to a healthy state)
+ sticky-failures=false
+ }
+ ep-connection-status {
+ # How long we'll wait for an endpoint to *start* sending
+ # data before we consider it 'inactive'
+ first-transfer-timeout=15 seconds
+
+ # How long an endpoint can be 'inactive' before it will
+ # be considered disconnected
+ max-inactivity-limit=3 seconds
+
+ # How often we check endpoint's connectivity status
+ check-interval=500 milliseconds
+ }
+ cc {
+ bwe-change-threshold=0.15
+ thumbnail-max-height-px=180
+ onstage-ideal-height-px=1080
+ onstage-preferred-height-px=360
+ onstage-preferred-framerate=30
+ enable-onstage-video-suspend=false
+ trust-bwe=true
+
+ # How often we check to send probing data
+ padding-period=15ms
+
+ # How often we'll force recalculations of forwarded
+ # streams
+ max-time-between-calculations = 15 seconds
+
+ # A JVB-wide last-n value, observed by all endpoints. Endpoints
+ # will take the minimum of their setting and this one (-1 implies
+ # no last-n limit)
+ jvb-last-n = -1
+ }
+ # The APIs by which the JVB can be controlled
+ apis {
+ xmpp-client {
+ # The interval at which presence is published in the configured MUCs.
+ presence-interval = ${videobridge.stats.interval}
+
+ configs {
+ # example-connection-id {
+ # For the properties which should be
+ # filled out here, see MucClientConfiguration
+ # }
+ }
+ }
+ # The COLIBRI REST API
+ rest {
+ enabled = false
+ }
+ jvb-api {
+ enabled = false
+ }
+ }
+ # Configuration of the different REST APIs.
+ # Note that the COLIBRI REST API is configured under videobridge.apis.rest instead.
+ rest {
+ debug {
+ enabled = true
+ }
+ health {
+ enabled = true
+ }
+ shutdown {
+ # Note that the shutdown API requires the COLIBRI API to also be enabled.
+ enabled = false
+ }
+ version {
+ enabled = true
+ }
+ }
+ http-servers {
+ # The HTTP server which hosts services intended for 'public' use
+ # (e.g. websockets for the bridge channel connection)
+ public {
+ # See JettyBundleActivatorConfig in Jicoco for values
+ port = -1
+ tls-port = -1
+ }
+ # The HTTP server which hosts services intended for 'private' use
+ # (e.g. health or debug stats)
+ private {
+ # See JettyBundleActivatorConfig in Jicoco for values
+ host = 127.0.0.1
+ }
+ }
+ octo {
+ # Whether or not Octo is enabled
+ enabled=false
+
+ # A string denoting the 'region' of this JVB. This region
+ # will be used by Jicofo in the selection of a bridge for
+ # a client by comparing it to the client's region.
+ # Must be set when 'enabled' is true
+ #region="us-west-1"
+
+ # The address on which the Octo relay should bind
+ # Must be set when 'enabled' is true
+ #bind-address=198.51.100.1
+
+ # The port to which the Octo relay should bind
+ bind-port=4096
+
+ # The address which controls the public address which
+ # will be part of the Octo relayId
+ #public-address=198.51.100.1
+
+ # The size of the incoming octo queue. This queue is per-remote-endpoint,
+ # so it matches what we use for local endpoints
+ recv-queue-size=1024
+
+ # The size of the outgoing octo queue. This is a per-originating-endpoint
+ # queue, so assuming all packets are routed (as they currently are for Octo)
+ # it should be the same size as the transceiver recv queue in
+ # jitsi-media-transform. Repeating the description from there:
+ # Assuming 300pps for high-definition, 200pps for standard-definition,
+ # 100pps for low-definition and 50pps for audio, this queue is fed
+ # 650pps, so its size in terms of millis is 1024/650*1000 ~= 1575ms.
+ send-queue-size=1024
+ }
+ load-management {
+ # Whether or not the reducer will be enabled to take actions to mitigate load
+ reducer-enabled = false
+ load-measurements {
+ packet-rate {
+ # The packet rate at which we'll consider the bridge overloaded
+ load-threshold = 50000
+ # The packet rate at which we'll consider the bridge 'underloaded' enough
+ # to start recovery
+ recovery-threshold = 40000
+ }
+ }
+ load-reducers {
+ last-n {
+ # The factor by which we'll reduce the current last-n when trying to reduce load
+ reduction-scale = .75
+ # The factor by which we'll increase the current last-n when trying to recover
+ recover-scale = 1.25
+ # The minimum time in between runs of the last-n reducer to reduce or recover from
+ # load
+ impact-time = 1 minute
+ # The lowest value we'll set for last-n
+ minimum-last-n-value = 0
+ # The highest last-n value we'll enforce. Once the enforced last-n exceeds this value
+ # we'll remove the limit entirely
+ maximum-enforced-last-n-value = 40
+ }
+ }
+ }
+ sctp {
+ # Whether SCTP data channels are enabled.
+ enabled=true
+ }
+ stats {
+ # Whether periodic collection of statistics is enabled or not. When enabled they are accessible through the REST
+ # API (at `/colibri/stats`), and are available to other modules (e.g. to be pushed to callstats or in a MUC).
+ enabled = false
+
+ # The interval at which stats are gathered.
+ interval = 5 seconds
+
+ # Configuration related to pushing statistics to callstats.io.
+ callstats {
+ # An integer application ID (use 0 to disable pushing stats to callstats).
+ app-id = 0
+
+ # The shared secred to authentication with callstats.io.
+ //app-secret = "s3cret"
+
+ # ID of the key that was used to generate token.
+ //key-id = "abcd"
+
+ # The path to private key file.
+ //key-path = "/etc/jitsi/videobridge/ecpriv.jwk"
+
+ # The ID of the server instance to be used when reporting to callstats.
+ bridge-id = "jitsi"
+
+ # TODO: document
+ //conference-id-prefix = "abcd"
+
+ # The interval at which statististics will be published to callstats. This affects both per-conference and global
+ # statistics.
+ # Note that this value will be overriden if a "callstatsio" transport is defined in the parent "stats" section.
+ interval = ${videobridge.stats.interval}
+ }
+ }
+ websockets {
+ enabled=false
+ server-id="default-id"
+
+ # Optional, even when 'enabled' is set to true
+ # tls=true
+ # Must be set when enabled = true
+ #domain="some-domain"
+ }
+ ice {
+ tcp {
+ # Whether ICE/TCP is enabled.
+ enabled = true
+
+ # The port to bind to for ICE/TCP.
+ port = 8080
+
+ # An optional additional port to advertise.
+ # mapped-port = 8443
+ # Whether to use "ssltcp" or plain "tcp".
+ ssltcp = true
+ }
+
+ udp {
+ # The port for ICE/UDP.
+ port = 10000
+ }
+
+ # An optional prefix to include in STUN username fragments generated by the bridge.
+ #ufrag-prefix = "jvb-123:"
+
+ # Which candidate pairs to keep alive. The accepted values are defined in ice4j's KeepAliveStrategy:
+ # "selected_and_tcp", "selected_only", or "all_succeeded".
+ keep-alive-strategy = "selected_and_tcp"
+
+ # Whether to use the "component socket" feature of ice4j.
+ use-component-socket = true
+
+ # Whether to attempt DNS resolution for remote candidates that contain a non-literal address. When set to 'false'
+ # such candidates will be ignored.
+ resolve-remote-candidates = false
+
+ # The nomination strategy to use for ICE. THe accepted values are defined in ice4j's NominationStrategy:
+ # "NominateFirstValid", "NominateHighestPriority", "NominateFirstHostOrReflexiveValid", or "NominateBestRTT".
+ nomination-strategy = "NominateFirstValid"
+ }
+
+ transport {
+ send {
+ # The size of the dtls-transport outgoing queue. This is a per-participant
+ # queue. Packets from the egress end-up in this queue right before
+ # transmission by the outgoing srtp pipeline (which mainly consists of the
+ # packet sender).
+ #
+ # Its size needs to be of the same order of magnitude as the rtp sender
+ # queue. In a 100 participant call, assuming 300pps for the on-stage and
+ # 100pps for low-definition, last-n 20 and 2 participants talking, so
+ # 2*50pps for audio, this queue is fed 300+19*100+2*50 = 2300pps, so its
+ # size in terms of millis is 1024/2300*1000 ~= 445ms.
+ queue-size=1024
+ }
+ }
+
+ version {
+ // Wheather to announe the jitsi-videobridge version to clients in the ServerHello message.
+ announce = false
+ }
+}
+
diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua
new file mode 100644
index 0000000..215bb5b
--- /dev/null
+++ b/app/jitsi/integration/prosody/prosody.cfg.lua
@@ -0,0 +1,106 @@
+plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
+
+log = {
+ --log less on console with warn="*console"; or err="*console" or more with debug="*console"
+ debug="*console";
+}
+daemonize = false
+use_libevent = true
+
+-- domain mapper options, must at least have domain base set to use the mapper
+muc_mapper_domain_base = "jitsi.deuxfleurs.fr";
+
+--@FIXME would be great to configure it
+--turncredentials_secret = "__turnSecret__";
+
+--turncredentials = {
+-- { type = "stun", host = "jitmeet.example.com", port = "3478" },
+-- { type = "turn", host = "jitmeet.example.com", port = "3478", transport = "udp" },
+-- { type = "turns", host = "jitmeet.example.com", port = "5349", transport = "tcp" }
+--};
+
+cross_domain_bosh = false;
+consider_bosh_secure = true;
+https_ports = { }; -- Remove this line to prevent listening on port 5284
+component_interface = "0.0.0.0"
+component_ports = { 5347 }
+http_ports = { 5280 }
+
+
+-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
+ssl = {
+ protocol = "tlsv1_2+";
+ ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
+}
+
+VirtualHost "jitsi"
+ enabled = true -- Remove this line to enable this host
+ authentication = "anonymous"
+ -- Properties below are modified by jitsi-meet-tokens package config
+ -- and authentication above is switched to "token"
+ --app_id="example_app_id"
+ --app_secret="example_app_secret"
+ -- Assign this host a certificate for TLS, otherwise it would use the one
+ -- set in the global section (if any).
+ -- Note that old-style SSL on port 5223 only supports one certificate, and will always
+ -- use the global one.
+ ssl = {
+ key = "/var/lib/prosody/jitsi.key";
+ certificate = "/var/lib/prosody/jitsi.crt";
+ }
+ speakerstats_component = "speakerstats.jitsi"
+ conference_duration_component = "conferenceduration.jitsi"
+ -- we need bosh
+ modules_enabled = {
+ "bosh";
+ "pubsub";
+ "ping"; -- Enable mod_ping
+ "speakerstats";
+ --"turncredentials"; not supported yet
+ "conference_duration";
+ "muc_lobby_rooms";
+ }
+ c2s_require_encryption = false
+ lobby_muc = "lobby.jitsi"
+ main_muc = "conference.jitsi"
+ -- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms
+
+Component "conference.jitsi" "muc"
+ storage = "memory"
+ modules_enabled = {
+ "muc_meeting_id";
+ "muc_domain_mapper";
+ --"token_verification";
+ }
+ admins = { "focus@auth.jitsi" }
+ muc_room_locking = false
+ muc_room_default_public_jids = true
+
+-- internal muc component
+Component "internal.auth.jitsi" "muc"
+ storage = "memory"
+ modules_enabled = {
+ "ping";
+ }
+ admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }
+ muc_room_locking = false
+ muc_room_default_public_jids = true
+
+VirtualHost "auth.jitsi"
+ authentication = "internal_plain"
+
+Component "focus.jitsi"
+ component_secret = "jicofosecretpass"
+
+Component "speakerstats.jitsi" "speakerstats_component"
+ muc_component = "conference.jitsi"
+
+Component "conferenceduration.jitsi" "conference_duration_component"
+ muc_component = "conference.jitsi"
+
+Component "lobby.jitsi" "muc"
+ storage = "memory"
+ restrict_room_creation = true
+ muc_room_locking = false
+ muc_room_default_public_jids = true
+
diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua.back b/app/jitsi/integration/prosody/prosody.cfg.lua.back
new file mode 100644
index 0000000..d03d7c9
--- /dev/null
+++ b/app/jitsi/integration/prosody/prosody.cfg.lua.back
@@ -0,0 +1,64 @@
+daemonize = false
+allow_registration = false
+use_libevent = true
+component_interface = "0.0.0.0"
+component_ports = { 5347 }
+http_ports = { 5280 }
+https_ports = {}
+
+-- Not sure all modules are required
+modules_enabled = {
+ "roster"; -- Allow users to have a roster. Recommended ;)
+ "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+ "tls"; -- Add support for secure TLS on c2s/s2s connections
+ "dialback"; -- s2s dialback support
+ "disco"; -- Service discovery
+ "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+ "version"; -- Replies to server version requests
+ "uptime"; -- Report how long server has been running
+ "time"; -- Let others know the time here on this server
+ "ping"; -- Replies to XMPP pings with pongs
+ "pep"; -- Enables users to publish their mood, activity, playing music and more
+ -- jitsi
+ --"smacks"; -- not shipped with prosody
+ "carbons";
+ "mam";
+ "lastactivity";
+ "offline";
+ "pubsub";
+ "adhoc";
+ "websocket";
+ --"http_altconnect"; -- not shipped with prosody
+}
+
+log = {
+ --log less on console with warn="*console"; or err="*console" or more with debug="*console"
+ debug="*console";
+}
+
+VirtualHost "jitsi"
+ authentication = "anonymous"
+ ssl = {
+ key = "/var/lib/prosody/jitsi.key";
+ certificate = "/var/lib/prosody/jitsi.crt";
+ }
+ modules_enabled = {
+ "bosh";
+ "pubsub";
+ }
+ c2s_require_encryption = false
+
+VirtualHost "auth.jitsi"
+ ssl = {
+ key = "/var/lib/prosody/auth.jitsi.key";
+ certificate = "/var/lib/prosody/auth.jitsi.crt";
+ }
+ authentication = "internal_plain"
+ admins = { "focus@auth.jitsi"}
+
+Component "conference.jitsi" "muc"
+Component "internal.auth.jitsi" "muc"
+ storage = "memory"
+ modules_enabled = { "ping"; }
+ admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }
+