From 7b57ff72a918ca295e2b00e76da33eec700c6a2a Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 17:52:41 +0100 Subject: Simplify prosody too --- app/jitsi/integration/README.md | 8 + app/jitsi/integration/dev.env | 10 - app/jitsi/integration/jicofo.conf | 273 ------------------------- app/jitsi/integration/jicofo/jicofo.conf | 273 +++++++++++++++++++++++++ app/jitsi/integration/jitsi-certs/.gitignore | 2 - app/jitsi/integration/jvb/videobridge.conf | 279 ++++++++++++++++++++++++++ app/jitsi/integration/prosody/prosody.cfg.lua | 34 ++++ app/jitsi/integration/videobridge.conf | 279 -------------------------- 8 files changed, 594 insertions(+), 564 deletions(-) delete mode 100644 app/jitsi/integration/dev.env delete mode 100644 app/jitsi/integration/jicofo.conf create mode 100644 app/jitsi/integration/jicofo/jicofo.conf delete mode 100644 app/jitsi/integration/jitsi-certs/.gitignore create mode 100644 app/jitsi/integration/jvb/videobridge.conf create mode 100644 app/jitsi/integration/prosody/prosody.cfg.lua delete mode 100644 app/jitsi/integration/videobridge.conf (limited to 'app/jitsi/integration') diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index 315b5de..e295745 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -38,6 +38,14 @@ We are particularly interested by: https://github.com/lightbend/config#standard- Using 'application.conf' with classpath does not seem to work. But, specifying the file path as `-Dconfig.file=/etc/jitsi/jicofo.conf` works! +Some parameters are also set independently of lightbend hocon config. +They are seen in jicofo entrypoint: +https://github.com/jitsi/jicofo/blob/master/src/main/java/org/jitsi/jicofo/Main.java +Many of these parameters can be in fact read from the HOCON file except one: the `--secret` parameter or the `JICOFO_SECRET` env variable. +But we can see this is a deprecated thing, it has been already removed from master: https://github.com/jitsi/jicofo/commit/c9e5b50a8b4e77f8b8cb8831a4a044a53edfcf48 +For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set +But maybe this value is deprecated: the check is still here but it is not used anymore?! + ## Resources to understand jitsi - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst) diff --git a/app/jitsi/integration/dev.env b/app/jitsi/integration/dev.env deleted file mode 100644 index 1dd2122..0000000 --- a/app/jitsi/integration/dev.env +++ /dev/null @@ -1,10 +0,0 @@ -JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 -JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 -JITSI_SECRET_JICOFO_USER=S3CR3T03 -JITSI_PROSODY_BOSH_PORT=5280 -JITSI_PROSODY_BOSH_HOST=172.17.0.1 -JITSI_PROSODY_HOST=172.17.0.1 -JITSI_CERTS_FOLDER=/certs/ -JITSI_NAT_PUBLIC_IP=37.164.35.154 -JITSI_NAT_LOCAL_IP=192.168.0.231 -JITSI_VIDEO_TCP=8080 diff --git a/app/jitsi/integration/jicofo.conf b/app/jitsi/integration/jicofo.conf deleted file mode 100644 index 2351cde..0000000 --- a/app/jitsi/integration/jicofo.conf +++ /dev/null @@ -1,273 +0,0 @@ -jicofo { - // Authentication with external services - authentication { - enabled = false - // The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default). - type = SHIBBOLETH - - // The pattern of authentication URL. See ShibbolethAuthAuthority for more information. - # login-url = - - # logout-url = - - authentication-lifetime = 24 hours - enable-auto-login = true - } - // Configuration related to jitsi-videobridge - bridge { - // The maximum number of participants in a single conference to put on one bridge (use -1 for no maximum). - max-bridge-participants = -1 - // The assumed maximum packet rate that a bridge can handle. - max-bridge-packet-rate = 50000 - // The assumed average packet rate per participant. - average-participant-packet-rate-pps = 500 - // The assumed average stress per participant. - average-participant-stress = 0.01 - // The assumed time that an endpoint takes to start contributing fully to the load on a bridge. To avoid allocating - // a burst of endpoints to the same bridge, the bridge stress is adjusted by adding the number of new endpoints - // in the last [participant-rampup-time] multiplied by [average-participant-stress]. - participant-rampup-interval = 20 seconds - // The stress level above which a bridge is considered overstressed. - stress-threshold = 0.8 - // The amount of to wait before retrying using a failed bridge. - failure-reset-threshold = 1 minute - // The bridge selection strategy. The built-in strategies are: - // SingleBridgeSelectionStrategy: Use the least loaded bridge, do not split a conference between bridges (Octo). - // SplitBridgeSelectionStrategy: Use a separate bridge for each participant (for testing). - // RegionBasedBridgeSelectionStrategy: Attempt to put each participant in a bridge in their local region (i.e. use - // Octo for geo-location). - // IntraRegionBridgeSelectionStrategy: Use additional bridges when a bridge becomes overloaded (i.e. use Octo for - // load balancing). - // - // Additionally, you can use the fully qualified class name for custom BridgeSelectionStrategy implementations. - selection-strategy = SingleBridgeSelectionStrategy - health-checks { - // Whether jicofo should perform periodic health checks to the connected bridges. - enabled = true - // The interval at which to perform health checks. - interval = 10 seconds - // When a health checks times out, jicofo will retry and only consider it fail after the retry fails. This - // configures the delay between the original health check timing out and the second health check being sent. - // It is a duration and defaults to half the [interval]. - # retry-delay = 5 seconds - } - - // The JID of the MUC to be used as a brewery for bridge instances. - brewery-jid = "jvbbrewery@example.com" - } - // Configure the codecs and RTP extensions to be used in the offer sent to clients. - codec { - video { - vp8 { - enabled = true - pt = 100 - // Payload type for the associated RTX stream. Set to -1 to disable RTX. - rtx-pt = 96 - } - vp9 { - enabled = true - pt = 101 - // Payload type for the associated RTX stream. Set to -1 to disable RTX. - rtx-pt = 97 - } - h264 { - enabled = true - pt = 107 - // Payload type for the associated RTX stream. Set to -1 to disable RTX. - rtx-pt = 99 - } - } - - audio { - isac-16000 { - enabled = true - pt = 103 - } - isac-32000 { - enabled = true - pt = 104 - } - opus { - enabled = true - pt = 111 - minptime = 10 - use-inband-fec = true - red { - enabled = false - pt = 112 - } - } - telephone-event { - enabled = true - pt = 126 - } - } - - // RTP header extensions - rtp-extensions { - audio-level { - enabled = true - id = 1 - } - tof { - // TOF is currently disabled, because we don't support it in the bridge - // (and currently clients seem to not use it when abs-send-time is - // available). - enabled = false - id = 2 - } - abs-send-time { - enabled = true - id = 3 - } - rid { - enabled = false - id = 4 - } - tcc { - enabled = true - id = 5 - } - video-content-type { - enabled = false - id = 7 - } - framemarking { - enabled = false - id = 9 - } - } - } - - conference { - // Whether to automatically grant the 'owner' role to the first participant in the conference (and subsequently to - // the next in line when the current owner leaves). - enable-auto-owner = true - - // How long to wait for the initial participant in a conference. - initial-timeout = 15 seconds - - // Whether jicofo should inject a random SSRC for endpoints which don't advertise any SSRCs. This is a temporary - // workaround for an issue with signaling endpoints for Octo. - inject-ssrc-for-recv-only-endpoints = false - - max-ssrcs-per-user = 20 - - // How long a participant's media session will be kept alive once it remains the only participant in the room. - single-participant-timeout = 20 seconds - - // The minimum number of participants required for the conference to be started. - min-participants = 2 - - // Experimental. - enable-lip-sync = false - - shared-document { - // If `true` the shared document uses a random name. Otherwise, it uses the conference name. - use-random-name = false - } - } - - // Configuration for the internal health checks performed by jicofo. - health { - // Whether to perform health checks. - enabled = false - - // The interval between health checks. If set to 0, periodic health checks will not be performed. - interval = 10 seconds - - # The timeout for a health check - timeout = 30 seconds - - # If performing a health check takes longer than this, it is considered unsuccessful. - max-check-duration = 20 seconds - - # The prefix to use when creating MUC rooms for the purpose of health checks. - room-name-prefix = "__jicofo-health-check" - } - - jibri { - // The JID of the MUC to be used as a brewery for jibri instances for streaming. - # brewery-jid = "jibribrewery@example.com" - - // How many times to retry a given Jibri request before giving up. Set to -1 to allow infinite retries. - num-retries = 5 - - // How long to wait for Jibri to start recording from the time it accepts a START request. - pending-timeout = 90 seconds - } - - jibri-sip { - // The JID of the MUC to be used as a brewery for jibri instances for SIP. - # brewery-jid = "jibrisipbrewery@example.com" - } - - jigasi { - // The JID of the MUC to be used as a brewery for jigasi instances. - # brewery-jid = "jigasibrewery@example.com" - } - - // The region in which the machine is running. - #local-region="us-east-1" - - octo { - // Whether or not to use Octo. Note that when enabled, its use will be determined by - // $jicofo.bridge.selection-strategy. - enabled = true - - // An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of - // Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured. - #id = 1234 - } - - rest { - port = 8888 - tls-port = 8843 - } - - sctp { - // Whether to allocate SCTP channels on the bridge (only when the client advertises support, and SCTP is - // enabled in the per-conference configuration). - enabled = true - } - - task-pools { - shared-pool-max-threads = 1500 - } - - xmpp { - // The separate XMPP connection used for communication with clients (endpoints). - client { - enabled = true - hostname = "localhost" - port = 5222 - #domain = - username = "focus" - #password = - - // How long to wait for a response to a stanza before giving up. - reply-timeout = 15 seconds - - // The JID/domain of the MUC service used for conferencing. - # conference-muc-jid = conference.example.com - - // A flag to suppress the TLS certificate verification. - disable-certificate-verification = false - } - // The separate XMPP connection used for internal services (currently only jitsi-videobridge). - service { - enabled = false - hostname = "localhost" - port = 6222 - #domain = - #username = - #password = - - // How long to wait for a response to a stanza before giving up. - reply-timeout = 15 seconds - - // A flag to suppress the TLS certificate verification. - disable-certificate-verification = false - } - } -} diff --git a/app/jitsi/integration/jicofo/jicofo.conf b/app/jitsi/integration/jicofo/jicofo.conf new file mode 100644 index 0000000..edb87c5 --- /dev/null +++ b/app/jitsi/integration/jicofo/jicofo.conf @@ -0,0 +1,273 @@ +jicofo { + // Authentication with external services + authentication { + enabled = false + // The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default). + type = SHIBBOLETH + + // The pattern of authentication URL. See ShibbolethAuthAuthority for more information. + # login-url = + + # logout-url = + + authentication-lifetime = 24 hours + enable-auto-login = true + } + // Configuration related to jitsi-videobridge + bridge { + // The maximum number of participants in a single conference to put on one bridge (use -1 for no maximum). + max-bridge-participants = -1 + // The assumed maximum packet rate that a bridge can handle. + max-bridge-packet-rate = 50000 + // The assumed average packet rate per participant. + average-participant-packet-rate-pps = 500 + // The assumed average stress per participant. + average-participant-stress = 0.01 + // The assumed time that an endpoint takes to start contributing fully to the load on a bridge. To avoid allocating + // a burst of endpoints to the same bridge, the bridge stress is adjusted by adding the number of new endpoints + // in the last [participant-rampup-time] multiplied by [average-participant-stress]. + participant-rampup-interval = 20 seconds + // The stress level above which a bridge is considered overstressed. + stress-threshold = 0.8 + // The amount of to wait before retrying using a failed bridge. + failure-reset-threshold = 1 minute + // The bridge selection strategy. The built-in strategies are: + // SingleBridgeSelectionStrategy: Use the least loaded bridge, do not split a conference between bridges (Octo). + // SplitBridgeSelectionStrategy: Use a separate bridge for each participant (for testing). + // RegionBasedBridgeSelectionStrategy: Attempt to put each participant in a bridge in their local region (i.e. use + // Octo for geo-location). + // IntraRegionBridgeSelectionStrategy: Use additional bridges when a bridge becomes overloaded (i.e. use Octo for + // load balancing). + // + // Additionally, you can use the fully qualified class name for custom BridgeSelectionStrategy implementations. + selection-strategy = SingleBridgeSelectionStrategy + health-checks { + // Whether jicofo should perform periodic health checks to the connected bridges. + enabled = true + // The interval at which to perform health checks. + interval = 10 seconds + // When a health checks times out, jicofo will retry and only consider it fail after the retry fails. This + // configures the delay between the original health check timing out and the second health check being sent. + // It is a duration and defaults to half the [interval]. + # retry-delay = 5 seconds + } + + // The JID of the MUC to be used as a brewery for bridge instances. + brewery-jid = "jvbbrewery@example.com" + } + // Configure the codecs and RTP extensions to be used in the offer sent to clients. + codec { + video { + vp8 { + enabled = true + pt = 100 + // Payload type for the associated RTX stream. Set to -1 to disable RTX. + rtx-pt = 96 + } + vp9 { + enabled = true + pt = 101 + // Payload type for the associated RTX stream. Set to -1 to disable RTX. + rtx-pt = 97 + } + h264 { + enabled = true + pt = 107 + // Payload type for the associated RTX stream. Set to -1 to disable RTX. + rtx-pt = 99 + } + } + + audio { + isac-16000 { + enabled = true + pt = 103 + } + isac-32000 { + enabled = true + pt = 104 + } + opus { + enabled = true + pt = 111 + minptime = 10 + use-inband-fec = true + red { + enabled = false + pt = 112 + } + } + telephone-event { + enabled = true + pt = 126 + } + } + + // RTP header extensions + rtp-extensions { + audio-level { + enabled = true + id = 1 + } + tof { + // TOF is currently disabled, because we don't support it in the bridge + // (and currently clients seem to not use it when abs-send-time is + // available). + enabled = false + id = 2 + } + abs-send-time { + enabled = true + id = 3 + } + rid { + enabled = false + id = 4 + } + tcc { + enabled = true + id = 5 + } + video-content-type { + enabled = false + id = 7 + } + framemarking { + enabled = false + id = 9 + } + } + } + + conference { + // Whether to automatically grant the 'owner' role to the first participant in the conference (and subsequently to + // the next in line when the current owner leaves). + enable-auto-owner = true + + // How long to wait for the initial participant in a conference. + initial-timeout = 15 seconds + + // Whether jicofo should inject a random SSRC for endpoints which don't advertise any SSRCs. This is a temporary + // workaround for an issue with signaling endpoints for Octo. + inject-ssrc-for-recv-only-endpoints = false + + max-ssrcs-per-user = 20 + + // How long a participant's media session will be kept alive once it remains the only participant in the room. + single-participant-timeout = 20 seconds + + // The minimum number of participants required for the conference to be started. + min-participants = 2 + + // Experimental. + enable-lip-sync = false + + shared-document { + // If `true` the shared document uses a random name. Otherwise, it uses the conference name. + use-random-name = false + } + } + + // Configuration for the internal health checks performed by jicofo. + health { + // Whether to perform health checks. + enabled = false + + // The interval between health checks. If set to 0, periodic health checks will not be performed. + interval = 10 seconds + + # The timeout for a health check + timeout = 30 seconds + + # If performing a health check takes longer than this, it is considered unsuccessful. + max-check-duration = 20 seconds + + # The prefix to use when creating MUC rooms for the purpose of health checks. + room-name-prefix = "__jicofo-health-check" + } + + jibri { + // The JID of the MUC to be used as a brewery for jibri instances for streaming. + # brewery-jid = "jibribrewery@example.com" + + // How many times to retry a given Jibri request before giving up. Set to -1 to allow infinite retries. + num-retries = 5 + + // How long to wait for Jibri to start recording from the time it accepts a START request. + pending-timeout = 90 seconds + } + + jibri-sip { + // The JID of the MUC to be used as a brewery for jibri instances for SIP. + # brewery-jid = "jibrisipbrewery@example.com" + } + + jigasi { + // The JID of the MUC to be used as a brewery for jigasi instances. + # brewery-jid = "jigasibrewery@example.com" + } + + // The region in which the machine is running. + #local-region="us-east-1" + + octo { + // Whether or not to use Octo. Note that when enabled, its use will be determined by + // $jicofo.bridge.selection-strategy. + enabled = false + + // An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of + // Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured. + id = 1 + } + + rest { + port = 8888 + tls-port = 8843 + } + + sctp { + // Whether to allocate SCTP channels on the bridge (only when the client advertises support, and SCTP is + // enabled in the per-conference configuration). + enabled = true + } + + task-pools { + shared-pool-max-threads = 1500 + } + + xmpp { + // The separate XMPP connection used for communication with clients (endpoints). + client { + enabled = true + hostname = "jitsi-xmpp" + port = 5222 + #domain = + username = "focus" + password = "3x@mple01" + + // How long to wait for a response to a stanza before giving up. + reply-timeout = 15 seconds + + // The JID/domain of the MUC service used for conferencing. + # conference-muc-jid = conference.example.com + + // A flag to suppress the TLS certificate verification. + disable-certificate-verification = false + } + // The separate XMPP connection used for internal services (currently only jitsi-videobridge). + service { + enabled = false + hostname = "localhost" + port = 6222 + #domain = + #username = + #password = + + // How long to wait for a response to a stanza before giving up. + reply-timeout = 15 seconds + + // A flag to suppress the TLS certificate verification. + disable-certificate-verification = false + } + } +} diff --git a/app/jitsi/integration/jitsi-certs/.gitignore b/app/jitsi/integration/jitsi-certs/.gitignore deleted file mode 100644 index d6b7ef3..0000000 --- a/app/jitsi/integration/jitsi-certs/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore diff --git a/app/jitsi/integration/jvb/videobridge.conf b/app/jitsi/integration/jvb/videobridge.conf new file mode 100644 index 0000000..e9bded0 --- /dev/null +++ b/app/jitsi/integration/jvb/videobridge.conf @@ -0,0 +1,279 @@ +videobridge { + entity-expiration { + # If an entity has no activity after this timeout, it is expired + timeout=1 minute + + # The interval at which the videobridge will check for expired entities + check-interval=${videobridge.entity-expiration.timeout} + } + health { + # The interval between health checks + interval=10 seconds + + # The timeout for a health check + timeout=30 seconds + + # If performing a health check takes longer than this, it is considered unsuccessful. + max-check-duration=3 seconds + + # Whether or not health check failures should be 'sticky' + # (i.e. once the bridge becomes unhealthy, it will never + # go back to a healthy state) + sticky-failures=false + } + ep-connection-status { + # How long we'll wait for an endpoint to *start* sending + # data before we consider it 'inactive' + first-transfer-timeout=15 seconds + + # How long an endpoint can be 'inactive' before it will + # be considered disconnected + max-inactivity-limit=3 seconds + + # How often we check endpoint's connectivity status + check-interval=500 milliseconds + } + cc { + bwe-change-threshold=0.15 + thumbnail-max-height-px=180 + onstage-ideal-height-px=1080 + onstage-preferred-height-px=360 + onstage-preferred-framerate=30 + enable-onstage-video-suspend=false + trust-bwe=true + + # How often we check to send probing data + padding-period=15ms + + # How often we'll force recalculations of forwarded + # streams + max-time-between-calculations = 15 seconds + + # A JVB-wide last-n value, observed by all endpoints. Endpoints + # will take the minimum of their setting and this one (-1 implies + # no last-n limit) + jvb-last-n = -1 + } + # The APIs by which the JVB can be controlled + apis { + xmpp-client { + # The interval at which presence is published in the configured MUCs. + presence-interval = ${videobridge.stats.interval} + + configs { + # example-connection-id { + # For the properties which should be + # filled out here, see MucClientConfiguration + # } + } + } + # The COLIBRI REST API + rest { + enabled = false + } + jvb-api { + enabled = false + } + } + # Configuration of the different REST APIs. + # Note that the COLIBRI REST API is configured under videobridge.apis.rest instead. + rest { + debug { + enabled = true + } + health { + enabled = true + } + shutdown { + # Note that the shutdown API requires the COLIBRI API to also be enabled. + enabled = false + } + version { + enabled = true + } + } + http-servers { + # The HTTP server which hosts services intended for 'public' use + # (e.g. websockets for the bridge channel connection) + public { + # See JettyBundleActivatorConfig in Jicoco for values + port = -1 + tls-port = -1 + } + # The HTTP server which hosts services intended for 'private' use + # (e.g. health or debug stats) + private { + # See JettyBundleActivatorConfig in Jicoco for values + host = 127.0.0.1 + } + } + octo { + # Whether or not Octo is enabled + enabled=false + + # A string denoting the 'region' of this JVB. This region + # will be used by Jicofo in the selection of a bridge for + # a client by comparing it to the client's region. + # Must be set when 'enabled' is true + #region="us-west-1" + + # The address on which the Octo relay should bind + # Must be set when 'enabled' is true + #bind-address=198.51.100.1 + + # The port to which the Octo relay should bind + bind-port=4096 + + # The address which controls the public address which + # will be part of the Octo relayId + #public-address=198.51.100.1 + + # The size of the incoming octo queue. This queue is per-remote-endpoint, + # so it matches what we use for local endpoints + recv-queue-size=1024 + + # The size of the outgoing octo queue. This is a per-originating-endpoint + # queue, so assuming all packets are routed (as they currently are for Octo) + # it should be the same size as the transceiver recv queue in + # jitsi-media-transform. Repeating the description from there: + # Assuming 300pps for high-definition, 200pps for standard-definition, + # 100pps for low-definition and 50pps for audio, this queue is fed + # 650pps, so its size in terms of millis is 1024/650*1000 ~= 1575ms. + send-queue-size=1024 + } + load-management { + # Whether or not the reducer will be enabled to take actions to mitigate load + reducer-enabled = false + load-measurements { + packet-rate { + # The packet rate at which we'll consider the bridge overloaded + load-threshold = 50000 + # The packet rate at which we'll consider the bridge 'underloaded' enough + # to start recovery + recovery-threshold = 40000 + } + } + load-reducers { + last-n { + # The factor by which we'll reduce the current last-n when trying to reduce load + reduction-scale = .75 + # The factor by which we'll increase the current last-n when trying to recover + recover-scale = 1.25 + # The minimum time in between runs of the last-n reducer to reduce or recover from + # load + impact-time = 1 minute + # The lowest value we'll set for last-n + minimum-last-n-value = 0 + # The highest last-n value we'll enforce. Once the enforced last-n exceeds this value + # we'll remove the limit entirely + maximum-enforced-last-n-value = 40 + } + } + } + sctp { + # Whether SCTP data channels are enabled. + enabled=true + } + stats { + # Whether periodic collection of statistics is enabled or not. When enabled they are accessible through the REST + # API (at `/colibri/stats`), and are available to other modules (e.g. to be pushed to callstats or in a MUC). + enabled = false + + # The interval at which stats are gathered. + interval = 5 seconds + + # Configuration related to pushing statistics to callstats.io. + callstats { + # An integer application ID (use 0 to disable pushing stats to callstats). + app-id = 0 + + # The shared secred to authentication with callstats.io. + //app-secret = "s3cret" + + # ID of the key that was used to generate token. + //key-id = "abcd" + + # The path to private key file. + //key-path = "/etc/jitsi/videobridge/ecpriv.jwk" + + # The ID of the server instance to be used when reporting to callstats. + bridge-id = "jitsi" + + # TODO: document + //conference-id-prefix = "abcd" + + # The interval at which statististics will be published to callstats. This affects both per-conference and global + # statistics. + # Note that this value will be overriden if a "callstatsio" transport is defined in the parent "stats" section. + interval = ${videobridge.stats.interval} + } + } + websockets { + enabled=false + server-id="default-id" + + # Optional, even when 'enabled' is set to true + # tls=true + # Must be set when enabled = true + #domain="some-domain" + } + ice { + tcp { + # Whether ICE/TCP is enabled. + enabled = true + + # The port to bind to for ICE/TCP. + port = 8080 + + # An optional additional port to advertise. + # mapped-port = 8443 + # Whether to use "ssltcp" or plain "tcp". + ssltcp = true + } + + udp { + # The port for ICE/UDP. + port = 10000 + } + + # An optional prefix to include in STUN username fragments generated by the bridge. + #ufrag-prefix = "jvb-123:" + + # Which candidate pairs to keep alive. The accepted values are defined in ice4j's KeepAliveStrategy: + # "selected_and_tcp", "selected_only", or "all_succeeded". + keep-alive-strategy = "selected_and_tcp" + + # Whether to use the "component socket" feature of ice4j. + use-component-socket = true + + # Whether to attempt DNS resolution for remote candidates that contain a non-literal address. When set to 'false' + # such candidates will be ignored. + resolve-remote-candidates = false + + # The nomination strategy to use for ICE. THe accepted values are defined in ice4j's NominationStrategy: + # "NominateFirstValid", "NominateHighestPriority", "NominateFirstHostOrReflexiveValid", or "NominateBestRTT". + nomination-strategy = "NominateFirstValid" + } + + transport { + send { + # The size of the dtls-transport outgoing queue. This is a per-participant + # queue. Packets from the egress end-up in this queue right before + # transmission by the outgoing srtp pipeline (which mainly consists of the + # packet sender). + # + # Its size needs to be of the same order of magnitude as the rtp sender + # queue. In a 100 participant call, assuming 300pps for the on-stage and + # 100pps for low-definition, last-n 20 and 2 participants talking, so + # 2*50pps for audio, this queue is fed 300+19*100+2*50 = 2300pps, so its + # size in terms of millis is 1024/2300*1000 ~= 445ms. + queue-size=1024 + } + } + + version { + // Wheather to announe the jitsi-videobridge version to clients in the ServerHello message. + announce = false + } +} + diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua new file mode 100644 index 0000000..edfd820 --- /dev/null +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -0,0 +1,34 @@ +component_ports = { 5347 } +component_interface = "0.0.0.0" +http_ports = { ${JITSI_PROSODY_BOSH_PORT} } +log = { + error="/dev/stderr" + info="/dev/stdout" +} + +VirtualHost "jitsi.deuxfleurs.fr" + authentication = "anonymous" + ssl = { + key = "/var/lib/prosody/jitsi.key"; + certificate = "/var/lib/prosody/jitsi.crt"; + } + modules_enabled = { + "bosh"; + "pubsub"; + } + c2s_require_encryption = false + +VirtualHost "auth.jitsi.deuxfleurs.fr" + ssl = { + key = "/var/lib/prosody/auth.jitsi.key"; + certificate = "/var/lib/prosody/auth.jitsi.crt"; + } + authentication = "internal_plain" + admins = { "focus@auth.jitsi.deuxfleurs.fr"} + +Component "conference.jitsi.deuxfleurs.fr" "muc" +Component "internal.auth.jitsi.deuxfleurs.fr" "muc" + storage = "memory" + modules_enabled = { "ping"; } + admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" } + diff --git a/app/jitsi/integration/videobridge.conf b/app/jitsi/integration/videobridge.conf deleted file mode 100644 index e9bded0..0000000 --- a/app/jitsi/integration/videobridge.conf +++ /dev/null @@ -1,279 +0,0 @@ -videobridge { - entity-expiration { - # If an entity has no activity after this timeout, it is expired - timeout=1 minute - - # The interval at which the videobridge will check for expired entities - check-interval=${videobridge.entity-expiration.timeout} - } - health { - # The interval between health checks - interval=10 seconds - - # The timeout for a health check - timeout=30 seconds - - # If performing a health check takes longer than this, it is considered unsuccessful. - max-check-duration=3 seconds - - # Whether or not health check failures should be 'sticky' - # (i.e. once the bridge becomes unhealthy, it will never - # go back to a healthy state) - sticky-failures=false - } - ep-connection-status { - # How long we'll wait for an endpoint to *start* sending - # data before we consider it 'inactive' - first-transfer-timeout=15 seconds - - # How long an endpoint can be 'inactive' before it will - # be considered disconnected - max-inactivity-limit=3 seconds - - # How often we check endpoint's connectivity status - check-interval=500 milliseconds - } - cc { - bwe-change-threshold=0.15 - thumbnail-max-height-px=180 - onstage-ideal-height-px=1080 - onstage-preferred-height-px=360 - onstage-preferred-framerate=30 - enable-onstage-video-suspend=false - trust-bwe=true - - # How often we check to send probing data - padding-period=15ms - - # How often we'll force recalculations of forwarded - # streams - max-time-between-calculations = 15 seconds - - # A JVB-wide last-n value, observed by all endpoints. Endpoints - # will take the minimum of their setting and this one (-1 implies - # no last-n limit) - jvb-last-n = -1 - } - # The APIs by which the JVB can be controlled - apis { - xmpp-client { - # The interval at which presence is published in the configured MUCs. - presence-interval = ${videobridge.stats.interval} - - configs { - # example-connection-id { - # For the properties which should be - # filled out here, see MucClientConfiguration - # } - } - } - # The COLIBRI REST API - rest { - enabled = false - } - jvb-api { - enabled = false - } - } - # Configuration of the different REST APIs. - # Note that the COLIBRI REST API is configured under videobridge.apis.rest instead. - rest { - debug { - enabled = true - } - health { - enabled = true - } - shutdown { - # Note that the shutdown API requires the COLIBRI API to also be enabled. - enabled = false - } - version { - enabled = true - } - } - http-servers { - # The HTTP server which hosts services intended for 'public' use - # (e.g. websockets for the bridge channel connection) - public { - # See JettyBundleActivatorConfig in Jicoco for values - port = -1 - tls-port = -1 - } - # The HTTP server which hosts services intended for 'private' use - # (e.g. health or debug stats) - private { - # See JettyBundleActivatorConfig in Jicoco for values - host = 127.0.0.1 - } - } - octo { - # Whether or not Octo is enabled - enabled=false - - # A string denoting the 'region' of this JVB. This region - # will be used by Jicofo in the selection of a bridge for - # a client by comparing it to the client's region. - # Must be set when 'enabled' is true - #region="us-west-1" - - # The address on which the Octo relay should bind - # Must be set when 'enabled' is true - #bind-address=198.51.100.1 - - # The port to which the Octo relay should bind - bind-port=4096 - - # The address which controls the public address which - # will be part of the Octo relayId - #public-address=198.51.100.1 - - # The size of the incoming octo queue. This queue is per-remote-endpoint, - # so it matches what we use for local endpoints - recv-queue-size=1024 - - # The size of the outgoing octo queue. This is a per-originating-endpoint - # queue, so assuming all packets are routed (as they currently are for Octo) - # it should be the same size as the transceiver recv queue in - # jitsi-media-transform. Repeating the description from there: - # Assuming 300pps for high-definition, 200pps for standard-definition, - # 100pps for low-definition and 50pps for audio, this queue is fed - # 650pps, so its size in terms of millis is 1024/650*1000 ~= 1575ms. - send-queue-size=1024 - } - load-management { - # Whether or not the reducer will be enabled to take actions to mitigate load - reducer-enabled = false - load-measurements { - packet-rate { - # The packet rate at which we'll consider the bridge overloaded - load-threshold = 50000 - # The packet rate at which we'll consider the bridge 'underloaded' enough - # to start recovery - recovery-threshold = 40000 - } - } - load-reducers { - last-n { - # The factor by which we'll reduce the current last-n when trying to reduce load - reduction-scale = .75 - # The factor by which we'll increase the current last-n when trying to recover - recover-scale = 1.25 - # The minimum time in between runs of the last-n reducer to reduce or recover from - # load - impact-time = 1 minute - # The lowest value we'll set for last-n - minimum-last-n-value = 0 - # The highest last-n value we'll enforce. Once the enforced last-n exceeds this value - # we'll remove the limit entirely - maximum-enforced-last-n-value = 40 - } - } - } - sctp { - # Whether SCTP data channels are enabled. - enabled=true - } - stats { - # Whether periodic collection of statistics is enabled or not. When enabled they are accessible through the REST - # API (at `/colibri/stats`), and are available to other modules (e.g. to be pushed to callstats or in a MUC). - enabled = false - - # The interval at which stats are gathered. - interval = 5 seconds - - # Configuration related to pushing statistics to callstats.io. - callstats { - # An integer application ID (use 0 to disable pushing stats to callstats). - app-id = 0 - - # The shared secred to authentication with callstats.io. - //app-secret = "s3cret" - - # ID of the key that was used to generate token. - //key-id = "abcd" - - # The path to private key file. - //key-path = "/etc/jitsi/videobridge/ecpriv.jwk" - - # The ID of the server instance to be used when reporting to callstats. - bridge-id = "jitsi" - - # TODO: document - //conference-id-prefix = "abcd" - - # The interval at which statististics will be published to callstats. This affects both per-conference and global - # statistics. - # Note that this value will be overriden if a "callstatsio" transport is defined in the parent "stats" section. - interval = ${videobridge.stats.interval} - } - } - websockets { - enabled=false - server-id="default-id" - - # Optional, even when 'enabled' is set to true - # tls=true - # Must be set when enabled = true - #domain="some-domain" - } - ice { - tcp { - # Whether ICE/TCP is enabled. - enabled = true - - # The port to bind to for ICE/TCP. - port = 8080 - - # An optional additional port to advertise. - # mapped-port = 8443 - # Whether to use "ssltcp" or plain "tcp". - ssltcp = true - } - - udp { - # The port for ICE/UDP. - port = 10000 - } - - # An optional prefix to include in STUN username fragments generated by the bridge. - #ufrag-prefix = "jvb-123:" - - # Which candidate pairs to keep alive. The accepted values are defined in ice4j's KeepAliveStrategy: - # "selected_and_tcp", "selected_only", or "all_succeeded". - keep-alive-strategy = "selected_and_tcp" - - # Whether to use the "component socket" feature of ice4j. - use-component-socket = true - - # Whether to attempt DNS resolution for remote candidates that contain a non-literal address. When set to 'false' - # such candidates will be ignored. - resolve-remote-candidates = false - - # The nomination strategy to use for ICE. THe accepted values are defined in ice4j's NominationStrategy: - # "NominateFirstValid", "NominateHighestPriority", "NominateFirstHostOrReflexiveValid", or "NominateBestRTT". - nomination-strategy = "NominateFirstValid" - } - - transport { - send { - # The size of the dtls-transport outgoing queue. This is a per-participant - # queue. Packets from the egress end-up in this queue right before - # transmission by the outgoing srtp pipeline (which mainly consists of the - # packet sender). - # - # Its size needs to be of the same order of magnitude as the rtp sender - # queue. In a 100 participant call, assuming 300pps for the on-stage and - # 100pps for low-definition, last-n 20 and 2 participants talking, so - # 2*50pps for audio, this queue is fed 300+19*100+2*50 = 2300pps, so its - # size in terms of millis is 1024/2300*1000 ~= 445ms. - queue-size=1024 - } - } - - version { - // Wheather to announe the jitsi-videobridge version to clients in the ServerHello message. - announce = false - } -} - -- cgit v1.2.3