plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } -- domain mapper options, must at least have domain base set to use the mapper muc_mapper_domain_base = "{{ jitsimeet_domains | first }}"; external_service_secret = "{{ jitsimeet_turn_secret }}"; external_services = { { type = "stun", host = "{{ jitsimeet_turn_domains | first }}", port = 3478 }, { type = "turn", host = "{{ jitsimeet_turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" }, { type = "turns", host = "{{ jitsimeet_turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } }; cross_domain_bosh = false; consider_bosh_secure = true; cross_domain_websocket = true; consider_websocket_secure = true; -- https_ports = { }; -- Remove this line to prevent listening on port 5284 -- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1) --http_cors_override = { -- bosh = { -- enabled = false; -- }; -- websocket = { -- enabled = false; -- }; --} -- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4 ssl = { protocol = "tlsv1_2+"; ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" } unlimited_jids = { "focus@auth.{{ jitsimeet_domains | first }}", "jvb@auth.{{ jitsimeet_domains | first }}" } VirtualHost "{{ jitsimeet_domains | first }}" authentication = "jitsi-anonymous" -- do not delete me -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" --app_id="example_app_id" --app_secret="example_app_secret" -- Assign this host a certificate for TLS, otherwise it would use the one -- set in the global section (if any). -- Note that old-style SSL on port 5223 only supports one certificate, and will always -- use the global one. ssl = { key = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.key"; certificate = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.crt"; } av_moderation_component = "avmoderation.{{ jitsimeet_domains | first }}" speakerstats_component = "speakerstats.{{ jitsimeet_domains | first }}" conference_duration_component = "conferenceduration.{{ jitsimeet_domains | first }}" end_conference_component = "endconference.{{ jitsimeet_domains | first }}" -- we need bosh modules_enabled = { "bosh"; "websocket"; "smacks"; -- XEP-0198: Stream Management "pubsub"; "ping"; -- Enable mod_ping "speakerstats"; "external_services"; "conference_duration"; "end_conference"; "muc_lobby_rooms"; "muc_breakout_rooms"; "av_moderation"; "room_metadata"; } c2s_require_encryption = false lobby_muc = "lobby.{{ jitsimeet_domains | first }}" breakout_rooms_muc = "breakout.{{ jitsimeet_domains | first }}" room_metadata_component = "metadata.{{ jitsimeet_domains | first }}" main_muc = "conference.{{ jitsimeet_domains | first }}" -- muc_lobby_whitelist = { "recorder.{{ jitsimeet_domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms Component "conference.{{ jitsimeet_domains | first }}" "muc" restrict_room_creation = true storage = "memory" modules_enabled = { "muc_hide_all"; "muc_meeting_id"; "muc_domain_mapper"; "polls"; --"token_verification"; "muc_rate_limit"; "muc_password_whitelist"; } admins = { "focus@auth.{{ jitsimeet_domains | first }}" } muc_password_whitelist = { "focus@auth.{{ jitsimeet_domains | first }}" } muc_room_locking = false muc_room_default_public_jids = true Component "breakout.{{ jitsimeet_domains | first }}" "muc" restrict_room_creation = true storage = "memory" modules_enabled = { "muc_hide_all"; "muc_meeting_id"; "muc_domain_mapper"; "muc_rate_limit"; "polls"; } admins = { "focus@auth.{{ jitsimeet_domains | first }}" } muc_room_locking = false muc_room_default_public_jids = true -- internal muc component Component "internal.auth.{{ jitsimeet_domains | first }}" "muc" storage = "memory" modules_enabled = { "muc_hide_all"; "ping"; } admins = { "focus@auth.{{ jitsimeet_domains | first }}", "jvb@auth.{{ jitsimeet_domains | first }}" } muc_room_locking = false muc_room_default_public_jids = true VirtualHost "auth.{{ jitsimeet_domains | first }}" ssl = { key = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.key"; certificate = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.crt"; } modules_enabled = { "limits_exception"; } authentication = "internal_hashed" -- Proxy to jicofo's user JID, so that it doesn't have to register as a component. Component "focus.{{ jitsimeet_domains | first }}" "client_proxy" target_address = "focus@auth.{{ jitsimeet_domains | first }}" Component "speakerstats.{{ jitsimeet_domains | first }}" "speakerstats_component" muc_component = "conference.{{ jitsimeet_domains | first }}" Component "conferenceduration.{{ jitsimeet_domains | first }}" "conference_duration_component" muc_component = "conference.{{ jitsimeet_domains | first }}" Component "endconference.{{ jitsimeet_domains | first }}" "end_conference" muc_component = "conference.{{ jitsimeet_domains | first }}" Component "avmoderation.{{ jitsimeet_domains | first }}" "av_moderation_component" muc_component = "conference.{{ jitsimeet_domains | first }}" Component "lobby.{{ jitsimeet_domains | first }}" "muc" storage = "memory" restrict_room_creation = true muc_room_locking = false muc_room_default_public_jids = true modules_enabled = { "muc_hide_all"; "muc_rate_limit"; "polls"; } Component "metadata.{{ jitsimeet_domains | first }}" "room_metadata_component" muc_component = "conference.{{ jitsimeet_domains | first }}" breakout_rooms_component = "breakout.{{ jitsimeet_domains | first }}"