aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua
blob: 5d993e81102b7e99081bb2ffe67b6640b4200597 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
modules_enabled = {
  "roster"; -- Allow users to have a roster. Recommended ;)
  "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
  "tls"; -- Add support for secure TLS on c2s/s2s connections
  "dialback"; -- s2s dialback support
  "disco"; -- Service discovery
  "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
  "version"; -- Replies to server version requests
  "uptime"; -- Report how long server has been running
  "time"; -- Let others know the time here on this server
  "ping"; -- Replies to XMPP pings with pongs
  "pep"; -- Enables users to publish their mood, activity, playing music and more
  -- jitsi
  --"smacks"; -- not shipped with prosody
  "carbons";
  "mam";
  "lastactivity";
  "offline";
  "pubsub";
  "adhoc";
  "websocket";
  --"http_altconnect"; -- not shipped with prosody
}
modules_disabled = { "s2s" }

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

log = {
  --log less on console with warn="*console"; or err="*console" or more with debug="*console"
  info="*console";
}
daemonize = false
use_libevent = true

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "jitsi.deuxfleurs.fr";

--@FIXME would be great to configure it
--turncredentials_secret = "__turnSecret__";

--turncredentials = {
--    { type = "stun", host = "jitmeet.example.com", port = "3478" },
--    { type = "turn", host = "jitmeet.example.com", port = "3478", transport = "udp" },
--    { type = "turns", host = "jitmeet.example.com", port = "5349", transport = "tcp" }
--};

cross_domain_bosh = false;
consider_bosh_secure = true;
--component_ports = { 5347 }
component_ports = { } -- it seems we don't need external components for now...
https_ports = { } -- we don't need http
http_ports = { 5280 }
http_interfaces = { "0.0.0.0", "::" }
c2s_ports = { 5222 }
s2s_ports = { }


-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

VirtualHost "jitsi"
    enabled = true -- Remove this line to enable this host
    authentication = "anonymous"
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    --app_id="example_app_id"
    --app_secret="example_app_secret"
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
        key = "/var/lib/prosody/jitsi.key";
        certificate = "/var/lib/prosody/jitsi.crt";
    }
    speakerstats_component = "speakerstats.jitsi"
    conference_duration_component = "conferenceduration.jitsi"
    -- we need bosh
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        --"turncredentials"; not supported yet
        "conference_duration";
        "muc_lobby_rooms";
    }
    c2s_require_encryption = false
    lobby_muc = "lobby.jitsi"
    main_muc = "conference.jitsi"
    http_host = "jitsi-bosh"
    -- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

Component "conference.jitsi" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        --"token_verification";
    }
    admins = { "focus@auth.jitsi" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.jitsi" "muc"
    storage = "memory"
    modules_enabled = {
        "ping";
    }
    admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.jitsi"
    ssl = {
        key = "/var/lib/prosody/auth.jitsi.key";
        certificate = "/var/lib/prosody/auth.jitsi.crt";
    }
    authentication = "internal_plain"

Component "focus.jitsi" "client_proxy"
    target_address = "focus@auth.jitsi"

Component "speakerstats.jitsi" "speakerstats_component"
    muc_component = "conference.jitsi"

Component "conferenceduration.jitsi" "conference_duration_component"
    muc_component = "conference.jitsi"

Component "lobby.jitsi" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true