Compare commits

..

9 commits

Author SHA1 Message Date
fe523fe993
__opendkim: fix start_on_boot on FreeBSD
There was a bit of an oddity with this, it is implemented in a way
that should not be an issue for other systems.

Reviewed at:	ungleich-public/cdist-contrib#31
2024-05-24 13:32:22 +02:00
0f281d4118 __jitsi_meet: improve screensharing in certain situations
We had been noticing issues when sharing screen that required
refreshing (sometimes from presentors, sometimes from receivers), or
else people would get a shared black screen or hanging screen after
some time.

This somewhat undocumented jitsi-videobridge setting appears to have
fixed the issue on all instances tested:

    videobridge.cc.trust-bwe = false

Announcement: https://agora.exo.cat/t/exofasia-3/276#meetexocatguifinet-4

Relevant links:
- https://community.jitsi.org/t/jitsi-users-video-turned-off-to-save-bandwidth-on-meet-jit-si/12735/2
- https://github.com/jitsi/jitsi-videobridge/blob/master/CONFIG.md#migrating-from-old-config

Sponsored by:	camilion.eu, eXO.cat
2024-05-24 07:29:52 +00:00
624bf996f6 [__jitsi_meet*] Update to 2.0.9457
Changelog:	https://github.com/jitsi/jitsi-meet-release-notes/blob/master/CHANGELOG-WEB.md#209457-2024-04-23

Sponsored by:	camilion.eu, eXO.cat
2024-05-24 07:29:52 +00:00
b7ba43553b
[__php_fpm*] add support for Debian and Ubuntu 2024-05-16 17:05:45 +02:00
116acebd10
[__opendkim] Deprecate --userid
The parameter could produce inconsistencies permissions-wise.

Users of the type that need this functionality can still use:
--custom-config 'UserId $USERID'

Closes #17
2024-05-15 13:48:38 +02:00
79baaf02b1 [__opendkim_genkey] Improve error text for unsupported OS
It was not listing FreeBSD, which is currently supported.
2024-05-15 11:45:51 +00:00
cc2b1af653 [__opendkim_key] Overall improvements in key management
While developing this, I noticed that the type was handling inconsistently the
expectation that a cdist object with the same __object_id gets *modified*.
Instead more and more lines were added to, e.g. SigningTable and KeyTable.

In order to solve this, some backwards compatibility breaking is necessary.

This is probably not too terrible since:

- the `--selector` parameter was mandatory, therefore the fallback for the key
location is triggered.
- OpenDKIM uses the first match in `SigningTable` and `KeyTable`
- __line and __block respectively append if they do not match

Closes #19 and #20.
2024-05-15 11:45:51 +00:00
f2850de5eb [__php_fpm_pool] remove mention to recycledcloud / e-Durable SA 2024-05-15 10:18:03 +00:00
3bc9a9ff4a __php_fpm{,_pool}: initial implementation. 2024-05-15 10:18:03 +00:00
35 changed files with 1360 additions and 355 deletions

View file

@ -195,6 +195,15 @@ upstream jvb1 {
keepalive 2;
}
EOF
require="__directory${NGINX_ETC}/conf.d" __file "${NGINX_ETC}/conf.d/jicofo.conf" \
--mode 644 \
--source - << EOF
upstream jicofo {
zone upstreams 64K;
server 127.0.0.1:8888;
keepalive 2;
}
EOF
if [ -f "${__object}/parameter/secured-domains" ]; then
SECURED_DOMAINS_STATE='present'
@ -245,6 +254,9 @@ videobridge {
enabled = true
}
}
cc {
trust-bwe = false
}
}
EOFJVB
@ -264,7 +276,7 @@ if [ -f "${__object}/parameter/disable-prometheus-exporter" ]; then
else
EXPORTER_STATE="present"
fi
__evilham_single_binary_service prometheus-jitsi-meet-exporter \
__single_binary_service prometheus-jitsi-meet-exporter \
--state "${EXPORTER_STATE}" \
--do-not-manage-user \
--user "nobody" \

View file

@ -7,7 +7,7 @@
# We could automate this, but are using it as an indicator for the
# latest branch with which we conciliated changes.
BRANCH="jitsi-meet_8319"
BRANCH="jitsi-meet_9457"
REPO="https://github.com/jitsi/jitsi-meet"
get_url() {

View file

@ -53,25 +53,51 @@ var config = {
// BOSH URL. FIXME: use XEP-0156 to discover it.
// useful for multidomain scenario -> src https://community.jitsi.org/t/same-jitsi-meet-instance-with-multiple-domain-names/17391/2
bosh: '//<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind',
bosh: 'https://<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind',
// Websocket URL
// Websocket URL (XMPP)
// websocket: 'wss://${DOMAIN}/xmpp-websocket',
// Whether BOSH should be preferred over WebSocket if both are configured.
// preferBosh: false,
// The real JID of focus participant - can be overridden here
// Do not change username - FIXME: Make focus username configurable
// https://github.com/jitsi/jitsi-meet/issues/7376
focusUserJid: 'focus@auth.${JITSI_HOST}',
// Option to send conference requests to jicofo over http (requires nginx rule for it)
// conferenceRequestUrl:
// 'https://<!--# echo var="http_host" default="jitsi-meet.example.com" -->/' + subdir + 'conference-request/v1',
// Options related to the bridge (colibri) data channel
bridgeChannel: {
// If the backend advertises multiple colibri websockets, this options allows
// to filter some of them out based on the domain name. We use the first URL
// which does not match ignoreDomain, falling back to the first one that matches
// ignoreDomain. Has no effect if undefined.
// ignoreDomain: 'example.com',
// Prefer SCTP (WebRTC data channels over the media path) over a colibri websocket.
// If SCTP is available in the backend it will be used instead of a WS. Defaults to
// false (SCTP is used only if available and no WS are available).
// preferSctp: false
},
// Testing / experimental features.
//
testing: {
// Allows the setting of a custom bandwidth value from the UI.
// assumeBandwidth: true,
// Disables the End to End Encryption feature. Useful for debugging
// issues related to insertable streams.
// disableE2EE: false,
// Enables supports for AV1 codec.
// enableAv1Support: false,
// Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users.
// mobileXmppWsThreshold: 10, // enable XMPP WebSockets on mobile for 10% of the users
@ -86,10 +112,11 @@ var config = {
// This is useful when the client runs on a host with limited resources.
// noAutoPlayVideo: false,
// Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for
// the callstats to be enabled.
// callStatsThreshold: 5, // enable callstats for 5% of the users.
// Experiment: Whether to skip interim transcriptions.
// skipInterimTranscriptions: false,
// Dump transcripts to a <transcript> element for debugging.
// dumpTranscript: false,
},
// Disables moderator indicators.
@ -133,9 +160,6 @@ var config = {
// Media
//
// Enable unified plan implementation support on Chromium based browsers.
// enableUnifiedOnChrome: false,
// Audio
// Disable measuring of audio levels.
@ -191,8 +215,27 @@ var config = {
// enableOpusDtx: false,
// },
// Noise suppression configuration. By default rnnoise is used. Optionally Krisp
// can be used by enabling it below, but the Krisp JS SDK files must be supplied in your
// installation. Specifically, these files are needed:
// - https://meet.example.com/libs/krisp/krisp.mjs
// - https://meet.example.com/libs/krisp/models/model_8.kw
// - https://meet.example.com/libs/krisp/models/model_16.kw
// - https://meet.example.com/libs/krisp/models/model_32.kw
// NOTE: Krisp JS SDK v1.0.9 was tested.
// noiseSuppression: {
// krisp: {
// enabled: false,
// logProcessStats: false,
// debugLogs: false,
// },
// },
// Video
// Sets the default camera facing mode.
// cameraFacingMode: 'user',
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
@ -252,12 +295,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended
// (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen
// sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent
// by the client.
// enableLayerSuspension: false,
// Every participant after the Nth will start video muted.
startVideoMuted: ${START_VIDEO_MUTED},
@ -273,12 +310,19 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// max: 5,
// },
// This option has been deprecated since it is no longer supported as per the w3c spec.
// https://w3c.github.io/mediacapture-screen-share/#dom-mediadevices-getdisplaymedia. If the user has not
// interacted with the webpage before the getDisplayMedia call, the promise will be rejected by the browser. This
// has already been implemented in Firefox and Safari and will be implemented in Chrome soon.
// https://bugs.chromium.org/p/chromium/issues/detail?id=1198918
// startScreenSharing: false,
// Optional screenshare settings that give more control over screen capture in the browser.
// screenShareSettings: {
// // Show users the current tab is the preferred capture source, default: false.
// desktopPreferCurrentTab: false,
// // Allow users to select system audio, default: include.
// desktopSystemAudio: 'include',
// // Allow users to seamlessly switch which tab they are sharing without having to select the tab again.
// desktopSurfaceSwitching: 'include',
// // Allow a user to be shown a preference for what screen is to be captured, default: unset.
// desktopDisplaySurface: undefined,
// // Allow users to select the current tab as a capture source, default: exclude.
// desktopSelfBrowserSurface: 'exclude'
// },
// Recording
@ -295,6 +339,18 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'https://${DOMAIN}/subfolder/static/oauth.html',
// },
// configuration for all things recording related. Existing settings will be migrated here in the future.
// recordings: {
// // IF true (default) recording audio and video is selected by default in the recording dialog.
// // recordAudioAndVideo: true,
// // If true, shows a notification at the start of the meeting with a call to action button
// // to start recording (for users who can do so).
// // suggestRecording: true,
// // If true, shows a warning label in the prejoin screen to point out the possibility that
// // the call you're joining might be recorded.
// // showPrejoinWarning: true,
// },
// recordingService: {
// // When integrations like dropbox are enabled only that will be shown,
// // by enabling fileRecordingsServiceEnabled, we show both the integrations
@ -355,7 +411,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// DEPRECATED. Use transcription.preferredLanguage instead.
// preferredTranscribeLanguage: 'en-US',
// DEPRECATED. Use transcription.autoCaptionOnRecord instead.
// DEPRECATED. Use transcription.autoTranscribeOnRecord instead.
// autoCaptionOnRecord: false,
// Transcription options.
@ -384,11 +440,8 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// // ./src/react/features/transcribing/transcriber-langs.json.
// preferredLanguage: 'en-US',
// // Disable start transcription for all participants.
// disableStartForAll: false,
// // Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false,
// // Enables automatic turning on transcribing when recording is started
// autoTranscribeOnRecord: false,
// },
// Misc
@ -410,44 +463,55 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// value will be used when the quality level is selected using "Manage Video Quality" slider.
// startLastN: 1,
// Provides a way to use different "last N" values based on the number of participants in the conference.
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
// participants gets to or above the number.
//
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
// will be used as default until the first threshold is reached.
//
// lastNLimits: {
// 5: 20,
// 30: 15,
// 50: 10,
// 70: 5,
// 90: 2,
// },
// Specify the settings for video quality optimizations on the client.
// videoQuality: {
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
// disabledCodec: 'H264',
//
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
// // to take effect.
// preferredCodec: 'VP8',
// // Provides a way to set the codec preference on desktop based endpoints.
// codecPreferenceOrder: [ 'VP9', 'VP8', 'H264' ],
//
// // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints
// // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet.
// // This will result in Safari not being able to decode video from endpoints sending VP9 video.
// // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the
// // preferred codec and goes back to the preferred codec when that endpoint leaves.
// enforcePreferredCodec: false,
// // Codec specific settings for scalability modes and max bitrates.
// av1: {
// maxBitratesVideo: {
// low: 100000,
// standard: 300000,
// high: 1000000,
// ssHigh: 2500000
// },
// scalabilityModeEnabled: true,
// useSimulcast: false,
// useKSVC: true
// },
// h264: {
// maxBitratesVideo: {
// low: 200000,
// standard: 500000,
// high: 1500000,
// ssHigh: 2500000
// },
// scalabilityModeEnabled: true
// },
// vp8: {
// maxBitratesVideo: {
// low: 200000,
// standard: 500000,
// high: 1500000,
// ssHigh: 2500000
// },
// scalabilityModeEnabled: false
// },
// vp9: {
// maxBitratesVideo: {
// low: 100000,
// standard: 300000,
// high: 1200000,
// ssHigh: 2500000
// },
// scalabilityModeEnabled: true,
// useSimulcast: false,
// useKSVC: true
// }
//
// DEPRECATED! Use \`codec specific settings\` instead.
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
@ -486,6 +550,24 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 720: 'high',
// },
//
// // Provides a way to set the codec preference on mobile devices, both on RN and mobile browser based endpoint
// mobileCodecPreferenceOrder: [ 'VP8', 'VP9', 'H264' ],
//
// // DEPRECATED! Use \`codecPreferenceOrder/mobileCodecPreferenceOrder\` instead.
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
// disabledCodec: 'H264',
//
// // DEPRECATED! Use \`codecPreferenceOrder/mobileCodecPreferenceOrder\` instead.
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
// // to take effect.
// preferredCodec: 'VP8',
//
// },
// Notification timeouts
@ -569,6 +651,9 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Require users to always specify a display name.
// requireDisplayName: true,
// Enables webhid functionality for Audio.
// enableWebHIDFeature: false,
// DEPRECATED! Use 'welcomePage.disabled' instead.
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
@ -584,7 +669,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// },
// Configs for the lobby screen.
// lobby {
// lobby: {
// // If Lobby is enabled, it starts knocking automatically. Replaces \`autoKnockLobby\`.
// autoKnock: false,
// // Enables the lobby chat. Replaces \`enableLobbyChat\`.
@ -628,6 +713,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// hideDominantSpeakerBadge: false,
// Default language for the user interface. Cannot be overwritten.
// DEPRECATED! Use the \`lang\` iframe option directly instead.
defaultLanguage: '${DEFAULT_LANGUAGE}',
// Disables profile and the edit of all fields from the profile settings (display name and email)
@ -651,7 +737,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// Configs for prejoin page.
// prejoinConfig: {
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// // This replaces \`prejoinPageEnabled\`.
// // This replaces \`prejoinPageEnabled\`. Defaults to true.
// enabled: true,
// // Hides the participant name editing field in the prejoin screen.
// // If requireDisplayName is also set as true, a name should still be provided through
@ -822,6 +908,42 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// 'whiteboard',
// ],
// Participant context menu buttons which have their click/tap event exposed through the API on
// \`participantMenuButtonClick\`. Passing a string for the button key will
// prevent execution of the click/tap routine; passing an object with \`key\` and
// \`preventExecution\` flag on false will not prevent execution of the click/tap
// routine. Below array with mixed mode for passing the buttons.
// participantMenuButtonsWithNotifyClick: [
// 'allow-video',
// {
// key: 'ask-unmute',
// preventExecution: false
// },
// 'conn-status',
// 'flip-local-video',
// 'grant-moderator',
// {
// key: 'kick',
// preventExecution: true
// },
// {
// key: 'hide-self-view',
// preventExecution: false
// },
// 'mute',
// 'mute-others',
// 'mute-others-video',
// 'mute-video',
// 'pinToStage',
// 'privateMessage',
// {
// key: 'remote-control',
// preventExecution: false
// },
// 'send-participant-to-room',
// 'verify',
// ],
// List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons:
// 'microphone', 'camera', 'select-background', 'invite', 'settings'
// hiddenPremeetingButtons: [],
@ -831,7 +953,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// customParticipantMenuButtons: [],
// An array with custom option buttons for the toolbar
// type: Array<{ icon: string; id: string; text: string; }>
// type: Array<{ icon: string; id: string; text: string; backgroundColor?: string; }>
// customToolbarButtons: [],
// Stats
@ -846,38 +968,10 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
// pcStatsInterval: 10000,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// callStatsApplicationLogsDisabled: false,
// The callstats initialize config params as described in the API:
// https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret
// callStatsConfigParams: {
// disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter.
// applicationVersion: "app_version", // Application version specified by the developer.
// disablePrecalltest: true, // disables the pre-call test, it is enabled by default.
// siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made.
// additionalIDs: { // additionalIDs object, contains application related IDs.
// customerID: "Customer Identifier. Example, walmart.",
// tenantID: "Tenant Identifier. Example, monster.",
// productName: "Product Name. Example, Jitsi.",
// meetingsName: "Meeting Name. Example, Jitsi loves callstats.",
// serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.",
// pbxID: "PBX Identifier. Example, walmart.",
// pbxExtensionID: "PBX Extension Identifier. Example, 5625.",
// fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.",
// sessionID: "Session Identifier. Example, session-12-34",
// },
// collectLegacyStats: true, //enables the collection of legacy stats in chrome browser
// collectIP: true, //enables the collection localIP address
// },
// Enables sending participants' display names to callstats
// Enables sending participants' display names to stats
// enableDisplayNameInStats: false,
// Enables sending participants' emails (if available) to callstats and other analytics
// Enables sending participants' emails (if available) to stats and other analytics
// enableEmailInStats: false,
// faceLandmarks: {
@ -900,7 +994,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// captureInterval: 1000,
// },
// Controls the percentage of automatic feedback shown to participants when callstats is enabled.
// Controls the percentage of automatic feedback shown to participants.
// The default value is 100%. If set to 0, no automatic feedback will be requested
// feedbackPercentage: 100,
@ -908,7 +1002,7 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// This means avatars will be locally generated and external stats integration
// will not function.
disableThirdPartyRequests: $(if [ -z "${ENABLE_THIRD_PARTY_REQUESTS}" ]; then printf "true"; else printf "false"; fi),
@ -925,9 +1019,6 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// connection.
enabled: true,
// Enable unified plan implementation support on Chromium for p2p connection.
// enableUnifiedOnChrome: false,
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
@ -936,12 +1027,12 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// Provides a way to set the video codec preference on the p2p connection. Acceptable
// codec values are 'VP8', 'VP9' and 'H264'.
// preferredCodec: 'H264',
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
// disabledCodec: '',
// Provides a way to set the codec preference on mobile devices, both on RN and mobile browser based
// endpoints.
// mobileCodecPreferenceOrder: [ 'H264', 'VP8', 'VP9' ],
//
// Provides a way to set the codec preference on desktop based endpoints.
// codecPreferenceOrder: [ 'VP9', 'VP8', 'H264 ],
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
@ -953,6 +1044,15 @@ $(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi)
// { urls: 'stun:jitsi-meet.example.com:3478' },
{ urls: 'stun:${TURN_SERVER}:443' },
],
// DEPRECATED! Use \`codecPreferenceOrder/mobileCodecPreferenceOrder\` instead.
// Provides a way to set the video codec preference on the p2p connection. Acceptable
// codec values are 'VP8', 'VP9' and 'H264'.
// preferredCodec: 'H264',
// DEPRECATED! Use \`codecPreferenceOrder/mobileCodecPreferenceOrder\` instead.
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
// disabledCodec: '',
},
analytics: {
@ -970,6 +1070,10 @@ ${ANALYTICS_SETTINGS}
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>',
// Enables Amplitude UTM tracking:
// Default value is false.
// amplitudeIncludeUTM: false,
// Obfuscates room name sent to analytics (amplitude, rtcstats)
// Default value is false.
// obfuscateRoomName: false,
@ -999,6 +1103,11 @@ ${ANALYTICS_SETTINGS}
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js",
// ],
// By enabling watchRTCEnabled option you would want to use watchRTC feature
// This would also require to configure watchRTCConfigParams.
// Please remember to keep rtcstatsEnabled disabled for watchRTC to work.
// watchRTCEnabled: false,
},
// Logs that should go be passed through the 'log' event if a handler is defined for it
@ -1070,7 +1179,12 @@ ${ANALYTICS_SETTINGS}
// },
// e2ee: {
// labels,
// labels: {
// description: '',
// label: '',
// tooltip: '',
// warning: '',
// },
// externallyManagedKey: false,
// },
@ -1108,9 +1222,17 @@ ${ANALYTICS_SETTINGS}
// https://firebase.google.com/docs/dynamic-links/create-manually
// deeplinking: {
//
// // The desktop deeplinking config.
// // The desktop deeplinking config, disabled by default.
// desktop: {
// appName: 'Jitsi Meet'
// appName: 'Jitsi Meet',
// appScheme: 'jitsi-meet,
// download: {
// linux:
// 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet-x86_64.AppImage',
// macos: 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet.dmg',
// windows: 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet.exe'
// },
// enabled: false
// },
// // If true, any checks to handoff to another application will be prevented
// // and instead the app will continue to display in the current browser.
@ -1155,6 +1277,17 @@ ${ANALYTICS_SETTINGS}
// }
// },
// // The terms, privacy and help centre URL's.
// // TODO: Check and set these up
legalUrls: {
helpCentre: '',
privacy: '',
terms: ''
// helpCentre: 'https://web-cdn.jitsi.net/faq/meet-faq.html',
// privacy: 'https://jitsi.org/meet/privacy',
// terms: 'https://jitsi.org/meet/terms'
},
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false,
@ -1186,6 +1319,8 @@ ${ANALYTICS_SETTINGS}
// remoteVideoMenu: {
// // Whether the remote video context menu to be rendered or not.
// disabled: true,
// // If set to true the 'Switch to visitor' button will be disabled.
// disableDemote: true,
// // If set to true the 'Kick out' button will be disabled.
// disableKick: true,
// // If set to true the 'Grant moderator' button will be disabled.
@ -1206,9 +1341,6 @@ ${ANALYTICS_SETTINGS}
// If set to true all muting operations of remote participants will be disabled.
// disableRemoteMute: true,
// Enables support for lip-sync for this client (if the browser supports it).
// enableLipSync: false,
/**
External API url used to receive branding specific information.
If there is no url set or there are missing fields, the defaults are applied.
@ -1232,6 +1364,16 @@ ${ANALYTICS_SETTINGS}
// A list of images that can be used as video backgrounds.
// When this field is present, the default images will be replaced with those provided.
virtualBackgrounds: ['https://example.com/img.jpg'],
// Object containing customized icons that should replace the default ones.
// The keys need to be the exact same icon names used in here:
// https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/icons/svg/index.ts
// To avoid having the icons trimmed or displayed in an unexpected way, please provide svg
// files containing svg xml icons in the size that the default icons come in.
customIcons: {
IconArrowUp: 'https://example.com/arrow-up.svg',
IconDownload: 'https://example.com/download.svg',
IconRemoteControlStart: 'https://example.com/remote-start.svg',
},
// Object containing a theme's properties. It also supports partial overwrites of the main theme.
// For a list of all possible theme tokens and their current defaults, please check:
// https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json
@ -1247,7 +1389,6 @@ ${ANALYTICS_SETTINGS}
ui03: "violet",
ui04: "magenta",
ui05: "blueviolet",
field02Hover: 'red',
action01: 'green',
action01Hover: 'lightgreen',
disabled01: 'beige',
@ -1268,6 +1409,8 @@ ${ANALYTICS_SETTINGS}
// Options related to the participants pane.
// participantsPane: {
// // Enables feature
// enabled: true,
// // Hides the moderator settings tab.
// hideModeratorSettingsTab: false,
// // Hides the more actions button.
@ -1286,13 +1429,13 @@ ${ANALYTICS_SETTINGS}
// hideJoinRoomButton: false,
// },
// When true, virtual background feature will be disabled.
// disableVirtualBackground: false,
// When true the user cannot add more images to be used as virtual background.
// Only the default ones from will be available.
// disableAddingBackgroundImages: false,
// Disables using screensharing as virtual background.
// disableScreensharingVirtualBackground: false,
// Sets the background transparency level. '0' is fully transparent, '1' is opaque.
// backgroundAlpha: 1,
@ -1319,7 +1462,6 @@ ${ANALYTICS_SETTINGS}
// 'conference-timer',
// 'participants-count',
// 'e2ee',
// 'transcribing',
// 'video-quality',
// 'insecure-room',
// 'highlight-moment',
@ -1363,6 +1505,31 @@ ${ANALYTICS_SETTINGS}
// dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
// or the other way around (more info in resources/cloud-api.swagger)
// You can use external service for authentication that will redirect back passing a jwt token
// You can use tokenAuthUrl config to point to a URL of such service.
// The URL for the service supports few params which will be filled in by the code.
// tokenAuthUrl:
// 'https://myservice.com/auth/{room}?code_challenge_method=S256&code_challenge={code_challenge}&state={state}'
// Supported parameters in tokenAuthUrl:
// {room} - will be replaced with the room name
// {code_challenge} - (A web only). A oauth 2.0 code challenge that will be sent to the service. See:
// https://datatracker.ietf.org/doc/html/rfc7636. The code verifier will be saved in the sessionStorage
// under key: 'code_verifier'.
// {state} - A json with the current state before redirecting. Keys that are included in the state:
// - room (The current room name as shown in the address bar)
// - roomSafe (the backend safe room name to use (lowercase), that is passed to the backend)
// - tenant (The tenant if any)
// - config.xxx (all config overrides)
// - interfaceConfig.xxx (all interfaceConfig overrides)
// - ios=true (in case ios mobile app is used)
// - android=true (in case android mobile app is used)
// - electron=true (when web is loaded in electron app)
// If there is a logout service you can specify its URL with:
// tokenLogoutUrl: 'https://myservice.com/logout'
// You can enable tokenAuthUrlAutoRedirect which will detect that you have logged in successfully before
// and will automatically redirect to the token service to get the token for the meeting.
// tokenAuthUrlAutoRedirect: false
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
@ -1374,8 +1541,6 @@ ${ANALYTICS_SETTINGS}
dialOutRegionUrl
disableRemoteControl
displayJids
externalConnectUrl
e2eeLabels
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
@ -1384,7 +1549,6 @@ ${ANALYTICS_SETTINGS}
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
*/
/**
@ -1398,18 +1562,15 @@ ${ANALYTICS_SETTINGS}
/**
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableLocalStats
disableNS
enableTalkWhileMuted
forceJVB121Ratio
forceTurnRelay
hiddenDomain
hiddenFromRecorderFeatureEnabled
@ -1433,6 +1594,7 @@ ${ANALYTICS_SETTINGS}
*/
// notifications: [
// 'connection.CONNFAIL', // shown when the connection fails,
// 'dialog.cameraConstraintFailedError', // shown when the camera failed
// 'dialog.cameraNotSendingData', // shown when there's no feed from user's camera
// 'dialog.kickTitle', // shown when user has been kicked
// 'dialog.liveStreaming', // livestreaming notifications (pending, on, off, limits)
@ -1443,10 +1605,12 @@ ${ANALYTICS_SETTINGS}
// 'dialog.recording', // recording notifications (pending, on, off, limits)
// 'dialog.remoteControlTitle', // remote control notifications (allowed, denied, start, stop, error)
// 'dialog.reservationError',
// 'dialog.screenSharingFailedTitle', // shown when the screen sharing failed
// 'dialog.serviceUnavailable', // shown when server is not reachable
// 'dialog.sessTerminated', // shown when there is a failed conference session
// 'dialog.sessionRestarted', // show when a client reload is initiated because of bridge migration
// 'dialog.tokenAuthFailed', // show when an invalid jwt is used
// 'dialog.tokenAuthFailedWithReasons', // show when an invalid jwt is used with the reason behind the error
// 'dialog.transcribing', // transcribing notifications (pending, off)
// 'dialOut.statusMessage', // shown when dial out status is updated.
// 'liveStreaming.busy', // shown when livestreaming service is busy
@ -1454,37 +1618,45 @@ ${ANALYTICS_SETTINGS}
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
// 'notify.audioUnmuteBlockedTitle', // shown when mic unmute blocked
// 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
// 'notify.disconnected', // shown when a participant has left
// 'notify.connectedOneMember', // show when a participant joined
// 'notify.connectedTwoMembers', // show when two participants joined simultaneously
// 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously
// 'notify.leftOneMember', // show when a participant left
// 'notify.leftTwoMembers', // show when two participants left simultaneously
// 'notify.leftThreePlusMembers', // show when more than 2 participants left simultaneously
// 'notify.grantedTo', // shown when moderator rights were granted to a participant
// 'notify.connectedTwoMembers', // show when two participants joined simultaneously
// 'notify.dataChannelClosed', // shown when the bridge channel has been disconnected
// 'notify.hostAskedUnmute', // shown to participant when host asks them to unmute
// 'notify.invitedOneMember', // shown when 1 participant has been invited
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
// 'notify.kickParticipant', // shown when a participant is kicked
// 'notify.leftOneMember', // show when a participant left
// 'notify.leftThreePlusMembers', // show when more than 2 participants left simultaneously
// 'notify.leftTwoMembers', // show when two participants left simultaneously
// 'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration
// 'notify.moderationStartedTitle', // shown when AV moderation is activated
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
// 'notify.localRecordingStarted', // shown when the local recording has been started
// 'notify.localRecordingStopped', // shown when the local recording has been stopped
// 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
// 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation
// 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation
// 'notify.moderator', // shown when user gets moderator privilege
// 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
// 'notify.mutedTitle', // shown when user has been muted upon joining,
// 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
// 'notify.newDeviceCameraTitle', // prompts the user to use a newly detected camera
// 'notify.noiseSuppressionFailedTitle', // shown when failed to start noise suppression
// 'notify.participantWantsToJoin', // shown when lobby is enabled and participant requests to join meeting
// 'notify.participantsWantToJoin', // shown when lobby is enabled and participants request to join meeting
// 'notify.passwordRemovedRemotely', // shown when a password has been removed remotely
// 'notify.passwordSetRemotely', // shown when a password has been set remotely
// 'notify.raisedHand', // shown when a partcipant used raise hand,
// 'notify.screenShareNoAudio', // shown when the audio could not be shared for the selected screen
// 'notify.screenSharingAudioOnlyTitle', // shown when the best performance has been affected by screen sharing
// 'notify.selfViewTitle', // show "You can always un-hide the self-view from settings"
// 'notify.startSilentTitle', // shown when user joined with no audio
// 'notify.suboptimalExperienceTitle', // show the browser warning
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation
// 'notify.videoMutedRemotelyTitle', // shown when user's video is muted by a remote party,
// 'notify.videoUnmuteBlockedTitle', // shown when camera unmute and desktop sharing are blocked
// 'prejoin.errorDialOut',
// 'prejoin.errorDialOutDisconnected',
// 'prejoin.errorDialOutFailed',
@ -1507,6 +1679,8 @@ ${ANALYTICS_SETTINGS}
// disableFilmstripAutohiding: false,
// filmstrip: {
// // Disable the vertical/horizonal filmstrip.
// disabled: false,
// // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
// // (width, tiles aspect ratios) through the interfaceConfig options.
// disableResizable: false,
@ -1529,6 +1703,8 @@ ${ANALYTICS_SETTINGS}
// Tile view related config options.
// tileView: {
// // Whether tileview should be disabled.
// disabled: false,
// // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may
// // not be possible to show the exact number of participants specified here.
// numberOfVisibleTiles: 25,
@ -1560,13 +1736,12 @@ ${ANALYTICS_SETTINGS}
// logging: {
// // Default log level for the app and lib-jitsi-meet.
// defaultLogLevel: 'trace',
// // Option to disable LogCollector (which stores the logs on CallStats).
// // Option to disable LogCollector.
// //disableLogCollector: true,
// // Individual loggers are customizable.
// loggers: {
// // The following are too verbose in their logging with the default level.
// 'modules/RTC/TraceablePeerConnection.js': 'info',
// 'modules/statistics/CallStats.js': 'info',
// 'modules/xmpp/strophe.util.js': 'log',
// },
@ -1580,6 +1755,45 @@ ${ANALYTICS_SETTINGS}
// // The server used to support whiteboard collaboration.
// // https://github.com/jitsi/excalidraw-backend
// collabServerBaseUrl: 'https://excalidraw-backend.example.com',
// // The user access limit to the whiteboard, introduced as a means
// // to control the performance.
// userLimit: 25,
// // The url for more info about the whiteboard and its usage limitations.
// limitUrl: 'https://example.com/blog/whiteboard-limits,
// },
// The watchRTC initialize config params as described :
// https://testrtc.com/docs/installing-the-watchrtc-javascript-sdk/#h-set-up-the-sdk
// https://www.npmjs.com/package/@testrtc/watchrtc-sdk
// watchRTCConfigParams: {
// /** Watchrtc api key */
// rtcApiKey: string;
// /** Identifier for the session */
// rtcRoomId?: string;
// /** Identifier for the current peer */
// rtcPeerId?: string;
// /**
// * ["tag1", "tag2", "tag3"]
// * @deprecated use 'keys' instead
// */
// rtcTags?: string[];
// /** { "key1": "value1", "key2": "value2"} */
// keys?: any;
// /** Enables additional logging */
// debug?: boolean;
// rtcToken?: string;
// /**
// * @deprecated No longer needed. Use "proxyUrl" instead.
// */
// wsUrl?: string;
// proxyUrl?: string;
// console?: {
// level: string;
// override: boolean;
// };
// allowBrowserLogCollection?: boolean;
// collectionInterval?: number;
// logGetStats?: boolean;
// },
};

View file

@ -46,25 +46,51 @@ var config = {
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '//jitsi-meet.example.com/' + subdir + 'http-bind',
bosh: 'https://jitsi-meet.example.com/' + subdir + 'http-bind',
// Websocket URL
// Websocket URL (XMPP)
// websocket: 'wss://jitsi-meet.example.com/' + subdir + 'xmpp-websocket',
// Whether BOSH should be preferred over WebSocket if both are configured.
// preferBosh: false,
// The real JID of focus participant - can be overridden here
// Do not change username - FIXME: Make focus username configurable
// https://github.com/jitsi/jitsi-meet/issues/7376
// focusUserJid: 'focus@auth.jitsi-meet.example.com',
// Option to send conference requests to jicofo over http (requires nginx rule for it)
// conferenceRequestUrl:
// 'https://<!--# echo var="http_host" default="jitsi-meet.example.com" -->/' + subdir + 'conference-request/v1',
// Options related to the bridge (colibri) data channel
bridgeChannel: {
// If the backend advertises multiple colibri websockets, this options allows
// to filter some of them out based on the domain name. We use the first URL
// which does not match ignoreDomain, falling back to the first one that matches
// ignoreDomain. Has no effect if undefined.
// ignoreDomain: 'example.com',
// Prefer SCTP (WebRTC data channels over the media path) over a colibri websocket.
// If SCTP is available in the backend it will be used instead of a WS. Defaults to
// false (SCTP is used only if available and no WS are available).
// preferSctp: false
},
// Testing / experimental features.
//
testing: {
// Allows the setting of a custom bandwidth value from the UI.
// assumeBandwidth: true,
// Disables the End to End Encryption feature. Useful for debugging
// issues related to insertable streams.
// disableE2EE: false,
// Enables supports for AV1 codec.
// enableAv1Support: false,
// Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users.
// mobileXmppWsThreshold: 10, // enable XMPP WebSockets on mobile for 10% of the users
@ -79,10 +105,11 @@ var config = {
// This is useful when the client runs on a host with limited resources.
// noAutoPlayVideo: false,
// Enable callstats only for a percentage of users.
// This takes a value between 0 and 100 which determines the probability for
// the callstats to be enabled.
// callStatsThreshold: 5, // enable callstats for 5% of the users.
// Experiment: Whether to skip interim transcriptions.
// skipInterimTranscriptions: false,
// Dump transcripts to a <transcript> element for debugging.
// dumpTranscript: false,
},
// Disables moderator indicators.
@ -126,9 +153,6 @@ var config = {
// Media
//
// Enable unified plan implementation support on Chromium based browsers.
// enableUnifiedOnChrome: false,
// Audio
// Disable measuring of audio levels.
@ -184,8 +208,27 @@ var config = {
// enableOpusDtx: false,
// },
// Noise suppression configuration. By default rnnoise is used. Optionally Krisp
// can be used by enabling it below, but the Krisp JS SDK files must be supplied in your
// installation. Specifically, these files are needed:
// - https://meet.example.com/libs/krisp/krisp.mjs
// - https://meet.example.com/libs/krisp/models/model_8.kw
// - https://meet.example.com/libs/krisp/models/model_16.kw
// - https://meet.example.com/libs/krisp/models/model_32.kw
// NOTE: Krisp JS SDK v1.0.9 was tested.
// noiseSuppression: {
// krisp: {
// enabled: false,
// logProcessStats: false,
// debugLogs: false,
// },
// },
// Video
// Sets the default camera facing mode.
// cameraFacingMode: 'user',
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
@ -244,12 +287,6 @@ var config = {
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD layers are not in use will be suspended
// (no longer sent) until they are requested again. This is enabled by default. This must be enabled for screen
// sharing to work as expected on Chrome. Disabling this might result in low resolution screenshare being sent
// by the client.
// enableLayerSuspension: false,
// Every participant after the Nth will start video muted.
// startVideoMuted: 10,
@ -265,12 +302,19 @@ var config = {
// max: 5,
// },
// This option has been deprecated since it is no longer supported as per the w3c spec.
// https://w3c.github.io/mediacapture-screen-share/#dom-mediadevices-getdisplaymedia. If the user has not
// interacted with the webpage before the getDisplayMedia call, the promise will be rejected by the browser. This
// has already been implemented in Firefox and Safari and will be implemented in Chrome soon.
// https://bugs.chromium.org/p/chromium/issues/detail?id=1198918
// startScreenSharing: false,
// Optional screenshare settings that give more control over screen capture in the browser.
// screenShareSettings: {
// // Show users the current tab is the preferred capture source, default: false.
// desktopPreferCurrentTab: false,
// // Allow users to select system audio, default: include.
// desktopSystemAudio: 'include',
// // Allow users to seamlessly switch which tab they are sharing without having to select the tab again.
// desktopSurfaceSwitching: 'include',
// // Allow a user to be shown a preference for what screen is to be captured, default: unset.
// desktopDisplaySurface: undefined,
// // Allow users to select the current tab as a capture source, default: exclude.
// desktopSelfBrowserSurface: 'exclude'
// },
// Recording
@ -287,6 +331,18 @@ var config = {
// 'https://jitsi-meet.example.com/subfolder/static/oauth.html',
// },
// configuration for all things recording related. Existing settings will be migrated here in the future.
// recordings: {
// // IF true (default) recording audio and video is selected by default in the recording dialog.
// // recordAudioAndVideo: true,
// // If true, shows a notification at the start of the meeting with a call to action button
// // to start recording (for users who can do so).
// // suggestRecording: true,
// // If true, shows a warning label in the prejoin screen to point out the possibility that
// // the call you're joining might be recorded.
// // showPrejoinWarning: true,
// },
// recordingService: {
// // When integrations like dropbox are enabled only that will be shown,
// // by enabling fileRecordingsServiceEnabled, we show both the integrations
@ -347,7 +403,7 @@ var config = {
// DEPRECATED. Use transcription.preferredLanguage instead.
// preferredTranscribeLanguage: 'en-US',
// DEPRECATED. Use transcription.autoCaptionOnRecord instead.
// DEPRECATED. Use transcription.autoTranscribeOnRecord instead.
// autoCaptionOnRecord: false,
// Transcription options.
@ -376,11 +432,8 @@ var config = {
// // ./src/react/features/transcribing/transcriber-langs.json.
// preferredLanguage: 'en-US',
// // Disable start transcription for all participants.
// disableStartForAll: false,
// // Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false,
// // Enables automatic turning on transcribing when recording is started
// autoTranscribeOnRecord: false,
// },
// Misc
@ -402,44 +455,55 @@ var config = {
// value will be used when the quality level is selected using "Manage Video Quality" slider.
// startLastN: 1,
// Provides a way to use different "last N" values based on the number of participants in the conference.
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
// participants gets to or above the number.
//
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
// will be used as default until the first threshold is reached.
//
// lastNLimits: {
// 5: 20,
// 30: 15,
// 50: 10,
// 70: 5,
// 90: 2,
// },
// Specify the settings for video quality optimizations on the client.
// videoQuality: {
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
// disabledCodec: 'H264',
//
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
// // to take effect.
// preferredCodec: 'VP8',
// // Provides a way to set the codec preference on desktop based endpoints.
// codecPreferenceOrder: [ 'VP9', 'VP8', 'H264' ],
//
// // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints
// // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet.
// // This will result in Safari not being able to decode video from endpoints sending VP9 video.
// // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the
// // preferred codec and goes back to the preferred codec when that endpoint leaves.
// enforcePreferredCodec: false,
// // Codec specific settings for scalability modes and max bitrates.
// av1: {
// maxBitratesVideo: {
// low: 100000,
// standard: 300000,
// high: 1000000,
// ssHigh: 2500000
// },
// scalabilityModeEnabled: true,
// useSimulcast: false,
// useKSVC: true
// },
// h264: {
// maxBitratesVideo: {
// low: 200000,
// standard: 500000,
// high: 1500000,
// ssHigh: 2500000
// },
// scalabilityModeEnabled: true
// },
// vp8: {
// maxBitratesVideo: {
// low: 200000,
// standard: 500000,
// high: 1500000,
// ssHigh: 2500000
// },
// scalabilityModeEnabled: false
// },
// vp9: {
// maxBitratesVideo: {
// low: 100000,
// standard: 300000,
// high: 1200000,
// ssHigh: 2500000
// },
// scalabilityModeEnabled: true,
// useSimulcast: false,
// useKSVC: true
// }
//
// DEPRECATED! Use `codec specific settings` instead.
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
@ -478,6 +542,24 @@ var config = {
// 720: 'high',
// },
//
// // Provides a way to set the codec preference on mobile devices, both on RN and mobile browser based endpoint
// mobileCodecPreferenceOrder: [ 'VP8', 'VP9', 'H264' ],
//
// // DEPRECATED! Use `codecPreferenceOrder/mobileCodecPreferenceOrder` instead.
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
// disabledCodec: 'H264',
//
// // DEPRECATED! Use `codecPreferenceOrder/mobileCodecPreferenceOrder` instead.
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
// // to take effect.
// preferredCodec: 'VP8',
//
// },
// Notification timeouts
@ -561,6 +643,9 @@ var config = {
// Require users to always specify a display name.
// requireDisplayName: true,
// Enables webhid functionality for Audio.
// enableWebHIDFeature: false,
// DEPRECATED! Use 'welcomePage.disabled' instead.
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
@ -576,7 +661,7 @@ var config = {
// },
// Configs for the lobby screen.
// lobby {
// lobby: {
// // If Lobby is enabled, it starts knocking automatically. Replaces `autoKnockLobby`.
// autoKnock: false,
// // Enables the lobby chat. Replaces `enableLobbyChat`.
@ -620,6 +705,7 @@ var config = {
// hideDominantSpeakerBadge: false,
// Default language for the user interface. Cannot be overwritten.
// DEPRECATED! Use the `lang` iframe option directly instead.
// defaultLanguage: 'en',
// Disables profile and the edit of all fields from the profile settings (display name and email)
@ -643,7 +729,7 @@ var config = {
// Configs for prejoin page.
// prejoinConfig: {
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// // This replaces `prejoinPageEnabled`.
// // This replaces `prejoinPageEnabled`. Defaults to true.
// enabled: true,
// // Hides the participant name editing field in the prejoin screen.
// // If requireDisplayName is also set as true, a name should still be provided through
@ -814,6 +900,42 @@ var config = {
// 'whiteboard',
// ],
// Participant context menu buttons which have their click/tap event exposed through the API on
// `participantMenuButtonClick`. Passing a string for the button key will
// prevent execution of the click/tap routine; passing an object with `key` and
// `preventExecution` flag on false will not prevent execution of the click/tap
// routine. Below array with mixed mode for passing the buttons.
// participantMenuButtonsWithNotifyClick: [
// 'allow-video',
// {
// key: 'ask-unmute',
// preventExecution: false
// },
// 'conn-status',
// 'flip-local-video',
// 'grant-moderator',
// {
// key: 'kick',
// preventExecution: true
// },
// {
// key: 'hide-self-view',
// preventExecution: false
// },
// 'mute',
// 'mute-others',
// 'mute-others-video',
// 'mute-video',
// 'pinToStage',
// 'privateMessage',
// {
// key: 'remote-control',
// preventExecution: false
// },
// 'send-participant-to-room',
// 'verify',
// ],
// List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons:
// 'microphone', 'camera', 'select-background', 'invite', 'settings'
// hiddenPremeetingButtons: [],
@ -823,7 +945,7 @@ var config = {
// customParticipantMenuButtons: [],
// An array with custom option buttons for the toolbar
// type: Array<{ icon: string; id: string; text: string; }>
// type: Array<{ icon: string; id: string; text: string; backgroundColor?: string; }>
// customToolbarButtons: [],
// Stats
@ -838,38 +960,10 @@ var config = {
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
// pcStatsInterval: 10000,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// callStatsApplicationLogsDisabled: false,
// The callstats initialize config params as described in the API:
// https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret
// callStatsConfigParams: {
// disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter.
// applicationVersion: "app_version", // Application version specified by the developer.
// disablePrecalltest: true, // disables the pre-call test, it is enabled by default.
// siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made.
// additionalIDs: { // additionalIDs object, contains application related IDs.
// customerID: "Customer Identifier. Example, walmart.",
// tenantID: "Tenant Identifier. Example, monster.",
// productName: "Product Name. Example, Jitsi.",
// meetingsName: "Meeting Name. Example, Jitsi loves callstats.",
// serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.",
// pbxID: "PBX Identifier. Example, walmart.",
// pbxExtensionID: "PBX Extension Identifier. Example, 5625.",
// fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.",
// sessionID: "Session Identifier. Example, session-12-34",
// },
// collectLegacyStats: true, //enables the collection of legacy stats in chrome browser
// collectIP: true, //enables the collection localIP address
// },
// Enables sending participants' display names to callstats
// Enables sending participants' display names to stats
// enableDisplayNameInStats: false,
// Enables sending participants' emails (if available) to callstats and other analytics
// Enables sending participants' emails (if available) to stats and other analytics
// enableEmailInStats: false,
// faceLandmarks: {
@ -892,7 +986,7 @@ var config = {
// captureInterval: 1000,
// },
// Controls the percentage of automatic feedback shown to participants when callstats is enabled.
// Controls the percentage of automatic feedback shown to participants.
// The default value is 100%. If set to 0, no automatic feedback will be requested
// feedbackPercentage: 100,
@ -900,7 +994,7 @@ var config = {
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// This means avatars will be locally generated and external stats integration
// will not function.
// disableThirdPartyRequests: false,
@ -917,9 +1011,6 @@ var config = {
// connection.
enabled: true,
// Enable unified plan implementation support on Chromium for p2p connection.
// enableUnifiedOnChrome: false,
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
@ -928,12 +1019,12 @@ var config = {
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// Provides a way to set the video codec preference on the p2p connection. Acceptable
// codec values are 'VP8', 'VP9' and 'H264'.
// preferredCodec: 'H264',
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
// disabledCodec: '',
// Provides a way to set the codec preference on mobile devices, both on RN and mobile browser based
// endpoints.
// mobileCodecPreferenceOrder: [ 'H264', 'VP8', 'VP9' ],
//
// Provides a way to set the codec preference on desktop based endpoints.
// codecPreferenceOrder: [ 'VP9', 'VP8', 'H264 ],
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
@ -945,6 +1036,15 @@ var config = {
// { urls: 'stun:jitsi-meet.example.com:3478' },
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' },
],
// DEPRECATED! Use `codecPreferenceOrder/mobileCodecPreferenceOrder` instead.
// Provides a way to set the video codec preference on the p2p connection. Acceptable
// codec values are 'VP8', 'VP9' and 'H264'.
// preferredCodec: 'H264',
// DEPRECATED! Use `codecPreferenceOrder/mobileCodecPreferenceOrder` instead.
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
// disabledCodec: '',
},
analytics: {
@ -961,6 +1061,10 @@ var config = {
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>',
// Enables Amplitude UTM tracking:
// Default value is false.
// amplitudeIncludeUTM: false,
// Obfuscates room name sent to analytics (amplitude, rtcstats)
// Default value is false.
// obfuscateRoomName: false,
@ -990,6 +1094,11 @@ var config = {
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js",
// ],
// By enabling watchRTCEnabled option you would want to use watchRTC feature
// This would also require to configure watchRTCConfigParams.
// Please remember to keep rtcstatsEnabled disabled for watchRTC to work.
// watchRTCEnabled: false,
},
// Logs that should go be passed through the 'log' event if a handler is defined for it
@ -1061,7 +1170,12 @@ var config = {
// },
// e2ee: {
// labels,
// labels: {
// description: '',
// label: '',
// tooltip: '',
// warning: '',
// },
// externallyManagedKey: false,
// },
@ -1099,9 +1213,17 @@ var config = {
// https://firebase.google.com/docs/dynamic-links/create-manually
// deeplinking: {
//
// // The desktop deeplinking config.
// // The desktop deeplinking config, disabled by default.
// desktop: {
// appName: 'Jitsi Meet'
// appName: 'Jitsi Meet',
// appScheme: 'jitsi-meet,
// download: {
// linux:
// 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet-x86_64.AppImage',
// macos: 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet.dmg',
// windows: 'https://github.com/jitsi/jitsi-meet-electron/releases/latest/download/jitsi-meet.exe'
// },
// enabled: false
// },
// // If true, any checks to handoff to another application will be prevented
// // and instead the app will continue to display in the current browser.
@ -1146,6 +1268,13 @@ var config = {
// }
// },
// // The terms, privacy and help centre URL's.
// legalUrls: {
// helpCentre: 'https://web-cdn.jitsi.net/faq/meet-faq.html',
// privacy: 'https://jitsi.org/meet/privacy',
// terms: 'https://jitsi.org/meet/terms'
// },
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false,
@ -1177,6 +1306,8 @@ var config = {
// remoteVideoMenu: {
// // Whether the remote video context menu to be rendered or not.
// disabled: true,
// // If set to true the 'Switch to visitor' button will be disabled.
// disableDemote: true,
// // If set to true the 'Kick out' button will be disabled.
// disableKick: true,
// // If set to true the 'Grant moderator' button will be disabled.
@ -1197,9 +1328,6 @@ var config = {
// If set to true all muting operations of remote participants will be disabled.
// disableRemoteMute: true,
// Enables support for lip-sync for this client (if the browser supports it).
// enableLipSync: false,
/**
External API url used to receive branding specific information.
If there is no url set or there are missing fields, the defaults are applied.
@ -1223,6 +1351,16 @@ var config = {
// A list of images that can be used as video backgrounds.
// When this field is present, the default images will be replaced with those provided.
virtualBackgrounds: ['https://example.com/img.jpg'],
// Object containing customized icons that should replace the default ones.
// The keys need to be the exact same icon names used in here:
// https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/icons/svg/index.ts
// To avoid having the icons trimmed or displayed in an unexpected way, please provide svg
// files containing svg xml icons in the size that the default icons come in.
customIcons: {
IconArrowUp: 'https://example.com/arrow-up.svg',
IconDownload: 'https://example.com/download.svg',
IconRemoteControlStart: 'https://example.com/remote-start.svg',
},
// Object containing a theme's properties. It also supports partial overwrites of the main theme.
// For a list of all possible theme tokens and their current defaults, please check:
// https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json
@ -1238,7 +1376,6 @@ var config = {
ui03: "violet",
ui04: "magenta",
ui05: "blueviolet",
field02Hover: 'red',
action01: 'green',
action01Hover: 'lightgreen',
disabled01: 'beige',
@ -1259,6 +1396,8 @@ var config = {
// Options related to the participants pane.
// participantsPane: {
// // Enables feature
// enabled: true,
// // Hides the moderator settings tab.
// hideModeratorSettingsTab: false,
// // Hides the more actions button.
@ -1277,13 +1416,13 @@ var config = {
// hideJoinRoomButton: false,
// },
// When true, virtual background feature will be disabled.
// disableVirtualBackground: false,
// When true the user cannot add more images to be used as virtual background.
// Only the default ones from will be available.
// disableAddingBackgroundImages: false,
// Disables using screensharing as virtual background.
// disableScreensharingVirtualBackground: false,
// Sets the background transparency level. '0' is fully transparent, '1' is opaque.
// backgroundAlpha: 1,
@ -1310,7 +1449,6 @@ var config = {
// 'conference-timer',
// 'participants-count',
// 'e2ee',
// 'transcribing',
// 'video-quality',
// 'insecure-room',
// 'highlight-moment',
@ -1354,6 +1492,31 @@ var config = {
// dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
// or the other way around (more info in resources/cloud-api.swagger)
// You can use external service for authentication that will redirect back passing a jwt token
// You can use tokenAuthUrl config to point to a URL of such service.
// The URL for the service supports few params which will be filled in by the code.
// tokenAuthUrl:
// 'https://myservice.com/auth/{room}?code_challenge_method=S256&code_challenge={code_challenge}&state={state}'
// Supported parameters in tokenAuthUrl:
// {room} - will be replaced with the room name
// {code_challenge} - (A web only). A oauth 2.0 code challenge that will be sent to the service. See:
// https://datatracker.ietf.org/doc/html/rfc7636. The code verifier will be saved in the sessionStorage
// under key: 'code_verifier'.
// {state} - A json with the current state before redirecting. Keys that are included in the state:
// - room (The current room name as shown in the address bar)
// - roomSafe (the backend safe room name to use (lowercase), that is passed to the backend)
// - tenant (The tenant if any)
// - config.xxx (all config overrides)
// - interfaceConfig.xxx (all interfaceConfig overrides)
// - ios=true (in case ios mobile app is used)
// - android=true (in case android mobile app is used)
// - electron=true (when web is loaded in electron app)
// If there is a logout service you can specify its URL with:
// tokenLogoutUrl: 'https://myservice.com/logout'
// You can enable tokenAuthUrlAutoRedirect which will detect that you have logged in successfully before
// and will automatically redirect to the token service to get the token for the meeting.
// tokenAuthUrlAutoRedirect: false
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
@ -1365,8 +1528,6 @@ var config = {
dialOutRegionUrl
disableRemoteControl
displayJids
externalConnectUrl
e2eeLabels
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
@ -1375,7 +1536,6 @@ var config = {
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
*/
/**
@ -1389,18 +1549,15 @@ var config = {
/**
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableLocalStats
disableNS
enableTalkWhileMuted
forceJVB121Ratio
forceTurnRelay
hiddenDomain
hiddenFromRecorderFeatureEnabled
@ -1424,6 +1581,7 @@ var config = {
*/
// notifications: [
// 'connection.CONNFAIL', // shown when the connection fails,
// 'dialog.cameraConstraintFailedError', // shown when the camera failed
// 'dialog.cameraNotSendingData', // shown when there's no feed from user's camera
// 'dialog.kickTitle', // shown when user has been kicked
// 'dialog.liveStreaming', // livestreaming notifications (pending, on, off, limits)
@ -1434,10 +1592,12 @@ var config = {
// 'dialog.recording', // recording notifications (pending, on, off, limits)
// 'dialog.remoteControlTitle', // remote control notifications (allowed, denied, start, stop, error)
// 'dialog.reservationError',
// 'dialog.screenSharingFailedTitle', // shown when the screen sharing failed
// 'dialog.serviceUnavailable', // shown when server is not reachable
// 'dialog.sessTerminated', // shown when there is a failed conference session
// 'dialog.sessionRestarted', // show when a client reload is initiated because of bridge migration
// 'dialog.tokenAuthFailed', // show when an invalid jwt is used
// 'dialog.tokenAuthFailedWithReasons', // show when an invalid jwt is used with the reason behind the error
// 'dialog.transcribing', // transcribing notifications (pending, off)
// 'dialOut.statusMessage', // shown when dial out status is updated.
// 'liveStreaming.busy', // shown when livestreaming service is busy
@ -1445,37 +1605,45 @@ var config = {
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
// 'notify.audioUnmuteBlockedTitle', // shown when mic unmute blocked
// 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
// 'notify.disconnected', // shown when a participant has left
// 'notify.connectedOneMember', // show when a participant joined
// 'notify.connectedTwoMembers', // show when two participants joined simultaneously
// 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously
// 'notify.leftOneMember', // show when a participant left
// 'notify.leftTwoMembers', // show when two participants left simultaneously
// 'notify.leftThreePlusMembers', // show when more than 2 participants left simultaneously
// 'notify.grantedTo', // shown when moderator rights were granted to a participant
// 'notify.connectedTwoMembers', // show when two participants joined simultaneously
// 'notify.dataChannelClosed', // shown when the bridge channel has been disconnected
// 'notify.hostAskedUnmute', // shown to participant when host asks them to unmute
// 'notify.invitedOneMember', // shown when 1 participant has been invited
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
// 'notify.kickParticipant', // shown when a participant is kicked
// 'notify.leftOneMember', // show when a participant left
// 'notify.leftThreePlusMembers', // show when more than 2 participants left simultaneously
// 'notify.leftTwoMembers', // show when two participants left simultaneously
// 'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration
// 'notify.moderationStartedTitle', // shown when AV moderation is activated
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
// 'notify.localRecordingStarted', // shown when the local recording has been started
// 'notify.localRecordingStopped', // shown when the local recording has been stopped
// 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
// 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation
// 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation
// 'notify.moderator', // shown when user gets moderator privilege
// 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
// 'notify.mutedTitle', // shown when user has been muted upon joining,
// 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
// 'notify.newDeviceCameraTitle', // prompts the user to use a newly detected camera
// 'notify.noiseSuppressionFailedTitle', // shown when failed to start noise suppression
// 'notify.participantWantsToJoin', // shown when lobby is enabled and participant requests to join meeting
// 'notify.participantsWantToJoin', // shown when lobby is enabled and participants request to join meeting
// 'notify.passwordRemovedRemotely', // shown when a password has been removed remotely
// 'notify.passwordSetRemotely', // shown when a password has been set remotely
// 'notify.raisedHand', // shown when a partcipant used raise hand,
// 'notify.screenShareNoAudio', // shown when the audio could not be shared for the selected screen
// 'notify.screenSharingAudioOnlyTitle', // shown when the best performance has been affected by screen sharing
// 'notify.selfViewTitle', // show "You can always un-hide the self-view from settings"
// 'notify.startSilentTitle', // shown when user joined with no audio
// 'notify.suboptimalExperienceTitle', // show the browser warning
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation
// 'notify.videoMutedRemotelyTitle', // shown when user's video is muted by a remote party,
// 'notify.videoUnmuteBlockedTitle', // shown when camera unmute and desktop sharing are blocked
// 'prejoin.errorDialOut',
// 'prejoin.errorDialOutDisconnected',
// 'prejoin.errorDialOutFailed',
@ -1498,6 +1666,8 @@ var config = {
// disableFilmstripAutohiding: false,
// filmstrip: {
// // Disable the vertical/horizonal filmstrip.
// disabled: false,
// // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
// // (width, tiles aspect ratios) through the interfaceConfig options.
// disableResizable: false,
@ -1520,6 +1690,8 @@ var config = {
// Tile view related config options.
// tileView: {
// // Whether tileview should be disabled.
// disabled: false,
// // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may
// // not be possible to show the exact number of participants specified here.
// numberOfVisibleTiles: 25,
@ -1551,13 +1723,12 @@ var config = {
// logging: {
// // Default log level for the app and lib-jitsi-meet.
// defaultLogLevel: 'trace',
// // Option to disable LogCollector (which stores the logs on CallStats).
// // Option to disable LogCollector.
// //disableLogCollector: true,
// // Individual loggers are customizable.
// loggers: {
// // The following are too verbose in their logging with the default level.
// 'modules/RTC/TraceablePeerConnection.js': 'info',
// 'modules/statistics/CallStats.js': 'info',
// 'modules/xmpp/strophe.util.js': 'log',
// },
@ -1571,6 +1742,45 @@ var config = {
// // The server used to support whiteboard collaboration.
// // https://github.com/jitsi/excalidraw-backend
// collabServerBaseUrl: 'https://excalidraw-backend.example.com',
// // The user access limit to the whiteboard, introduced as a means
// // to control the performance.
// userLimit: 25,
// // The url for more info about the whiteboard and its usage limitations.
// limitUrl: 'https://example.com/blog/whiteboard-limits,
// },
// The watchRTC initialize config params as described :
// https://testrtc.com/docs/installing-the-watchrtc-javascript-sdk/#h-set-up-the-sdk
// https://www.npmjs.com/package/@testrtc/watchrtc-sdk
// watchRTCConfigParams: {
// /** Watchrtc api key */
// rtcApiKey: string;
// /** Identifier for the session */
// rtcRoomId?: string;
// /** Identifier for the current peer */
// rtcPeerId?: string;
// /**
// * ["tag1", "tag2", "tag3"]
// * @deprecated use 'keys' instead
// */
// rtcTags?: string[];
// /** { "key1": "value1", "key2": "value2"} */
// keys?: any;
// /** Enables additional logging */
// debug?: boolean;
// rtcToken?: string;
// /**
// * @deprecated No longer needed. Use "proxyUrl" instead.
// */
// wsUrl?: string;
// proxyUrl?: string;
// console?: {
// level: string;
// override: boolean;
// };
// allowBrowserLogCollection?: boolean;
// collectionInterval?: number;
// logGetStats?: boolean;
// },
};

View file

@ -81,7 +81,8 @@ var interfaceConfig = {
ENABLE_DIAL_OUT: true,
ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation.
// DEPRECATED. Animation no longer supported.
// ENABLE_FEEDBACK_ANIMATION: false,
FILM_STRIP_MAX_HEIGHT: 120,
@ -117,8 +118,8 @@ var interfaceConfig = {
// Names of browsers which should show a warning stating the current browser
// has a suboptimal experience. Browsers which are not listed as optimal or
// unsupported are considered suboptimal. Valid values are:
// chrome, chromium, edge, electron, firefox, nwjs, opera, safari
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
// chrome, chromium, electron, firefox , safari, webkit
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'electron', 'safari', 'webkit' ],
POLICY_LOGO: null,
PROVIDER_NAME: 'Jitsi',

View file

@ -70,7 +70,8 @@ var interfaceConfig = {
ENABLE_DIAL_OUT: true,
ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation.
// DEPRECATED. Animation no longer supported.
// ENABLE_FEEDBACK_ANIMATION: false,
FILM_STRIP_MAX_HEIGHT: 120,
@ -106,8 +107,8 @@ var interfaceConfig = {
// Names of browsers which should show a warning stating the current browser
// has a suboptimal experience. Browsers which are not listed as optimal or
// unsupported are considered suboptimal. Valid values are:
// chrome, chromium, edge, electron, firefox, nwjs, opera, safari
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
// chrome, chromium, electron, firefox , safari, webkit
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'electron', 'safari', 'webkit' ],
POLICY_LOGO: null,
PROVIDER_NAME: 'Jitsi',

View file

@ -1 +1 @@
2.0.8319-1
2.0.9457-1

View file

@ -12,6 +12,11 @@ JITSI_NGINX_CONFIG="$(cat <<EOF
# audio/wav wav;
#}
# These upstreams are managed by __jitsi_meet
#upstream jicofo {
# zone upstreams 64K;
# server 127.0.0.1:8888;
# keepalive 2;
#}
#upstream prosody {
# zone upstreams 64K;
# server 127.0.0.1:5280;
@ -45,8 +50,8 @@ server {
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${DOMAIN};
include snippets/acme-challenge.conf;
@ -62,6 +67,10 @@ server {
add_header Strict-Transport-Security "max-age=63072000" always;
set \$prefix "";
# Try the custom page for this domain, fallback to default page
set \$custom_index "index-${DOMAIN}.html";
# We expect this domain to be properly configured, the file should exist
set \$config_js_location "/etc/jitsi/meet/${DOMAIN}-config.js";
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
@ -73,7 +82,7 @@ server {
ssi_types application/x-javascript application/javascript;
# Try the custom page for this domain, fallback to default page
index index-${DOMAIN}.html index.html index.htm;
index \$custom_index index.html index.htm;
error_page 404 /static/404.html;
gzip on;
@ -82,9 +91,10 @@ server {
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 512;
# We expect this domain to be properly configured, the file should exist
# include /etc/jitsi/meet/jaas/*.conf;
location = /config.js {
alias /etc/jitsi/meet/${DOMAIN}-config.js;
alias \$config_js_location;
}
# We expect this domain to be properly configured, the file should exist
location = /interface_config.js {
@ -110,8 +120,13 @@ server {
proxy_set_header Host \$http_host;
}
location ~ ^/_api/public/(.*)\$ {
autoindex off;
alias /etc/jitsi/meet/public/\$1;
}
# ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)\$
location ~ ^/(libs|css|static|images|fonts|lang|sounds|.well-known)/(.*)\$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/\$1/\$2;
@ -179,11 +194,22 @@ server {
# alias /usr/share/jitsi-meet/load-test/libs/\$1;
#}
location ~ ^/conference-request/v1([/].*)?\$ {
proxy_pass http://jicofo/conference-request/v1\$1;
add_header "Cache-Control" "no-cache, no-store";
add_header 'Access-Control-Allow-Origin' '*';
}
location ~ ^/([^/?&:'"]+)/conference-request/v1([/].*)?\$ {
rewrite ^/([^/?&:'"]+)/conference-request/v1([/].*)?\$ /conference-request/v1\$2;
}
location ~ ^/([^/?&:'"]+)\$ {
set \$roomname "\$1";
try_files \$uri @root_path;
}
location @root_path {
# rewrite ^/(.*)\$ /\$custom_index break;
rewrite ^/(.*)\$ / break;
}
@ -192,9 +218,16 @@ server {
set \$subdomain "\$1.";
set \$subdir "\$1/";
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
alias \$config_js_location;
}
## Matches /(TENANT)/pwa-worker.js or /(TENANT)/manifest.json to rewrite to / and look for file
#location ~ ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)\$ {
# set \$subdomain "\$1.";
# set \$subdir "\$1/";
# rewrite ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)\$ /\$2;
#}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set \$subdomain "\$1.";

View file

@ -43,8 +43,8 @@ server {
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jitsi-meet.example.com;
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
@ -58,6 +58,8 @@ server {
add_header Strict-Transport-Security "max-age=63072000" always;
set $prefix "";
set $custom_index "";
set $config_js_location /etc/jitsi/meet/jitsi-meet.example.com-config.js;
ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt;
ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key;
@ -77,8 +79,10 @@ server {
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 512;
include /etc/jitsi/meet/jaas/*.conf;
location = /config.js {
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
alias $config_js_location;
}
location = /external_api.js {
@ -92,8 +96,13 @@ server {
proxy_set_header Host $http_host;
}
location ~ ^/_api/public/(.*)$ {
autoindex off;
alias /etc/jitsi/meet/public/$1;
}
# ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
location ~ ^/(libs|css|static|images|fonts|lang|sounds|.well-known)/(.*)$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/$1/$2;
@ -141,12 +150,22 @@ server {
# alias /usr/share/jitsi-meet/load-test/libs/$1;
#}
location ~ ^/conference-request/v1(\/.*)?$ {
proxy_pass http://127.0.0.1:8888/conference-request/v1$1;
add_header "Cache-Control" "no-cache, no-store";
add_header 'Access-Control-Allow-Origin' '*';
}
location ~ ^/([^/?&:'"]+)/conference-request/v1(\/.*)?$ {
rewrite ^/([^/?&:'"]+)/conference-request/v1(\/.*)?$ /conference-request/v1$2;
}
location ~ ^/([^/?&:'"]+)$ {
set $roomname "$1";
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
rewrite ^/(.*)$ /$custom_index break;
}
location ~ ^/([^/?&:'"]+)/config.js$
@ -154,7 +173,14 @@ server {
set $subdomain "$1.";
set $subdir "$1/";
alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
alias $config_js_location;
}
# Matches /(TENANT)/pwa-worker.js or /(TENANT)/manifest.json to rewrite to / and look for file
location ~ ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ /$2;
}
# BOSH for subdomains

View file

@ -90,12 +90,10 @@ VirtualHost "${JITSI_DOMAIN:?}"
}
av_moderation_component = "avmoderation.${JITSI_DOMAIN:?}"
speakerstats_component = "speakerstats.${JITSI_DOMAIN:?}"
conference_duration_component = "conferenceduration.${JITSI_DOMAIN:?}"
end_conference_component = "endconference.${JITSI_DOMAIN:?}"
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
"speakerstats";
"external_services";
@ -123,13 +121,18 @@ Component "conference.${JITSI_DOMAIN:?}" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_hide_all";
"muc_meeting_id";
"muc_domain_mapper";
"polls";
--"token_verification";
"muc_rate_limit";
"muc_password_whitelist";
}
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}" }
muc_password_whitelist = {
"${FOCUS_USER:?}@auth.${JITSI_HOST:?}"
}
muc_room_locking = false
muc_room_default_public_jids = true
@ -137,6 +140,7 @@ Component "breakout.${JITSI_DOMAIN:?}" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_hide_all";
"muc_meeting_id";
"muc_domain_mapper";
"muc_rate_limit";
@ -150,6 +154,7 @@ Component "breakout.${JITSI_DOMAIN:?}" "muc"
Component "internal.auth.${JITSI_DOMAIN:?}" "muc"
storage = "memory"
modules_enabled = {
"muc_hide_all";
"ping";
}
admins = { "${FOCUS_USER:?}@auth.${JITSI_HOST:?}", "jvb@auth.${JITSI_HOST:?}" }
@ -183,9 +188,6 @@ Component "focus.${JITSI_DOMAIN:?}" "client_proxy"
Component "speakerstats.${JITSI_DOMAIN:?}" "speakerstats_component"
muc_component = "conference.${JITSI_DOMAIN:?}"
Component "conferenceduration.${JITSI_DOMAIN:?}" "conference_duration_component"
muc_component = "conference.${JITSI_DOMAIN:?}"
Component "endconference.${JITSI_DOMAIN:?}" "end_conference"
muc_component = "conference.${JITSI_DOMAIN:?}"
@ -198,6 +200,7 @@ Component "lobby.${JITSI_DOMAIN:?}" "muc"
muc_room_locking = false
muc_room_default_public_jids = true
modules_enabled = {
"muc_hide_all";
"muc_rate_limit";
"polls";
}

View file

@ -51,12 +51,10 @@ VirtualHost "jitmeet.example.com"
}
av_moderation_component = "avmoderation.jitmeet.example.com"
speakerstats_component = "speakerstats.jitmeet.example.com"
conference_duration_component = "conferenceduration.jitmeet.example.com"
end_conference_component = "endconference.jitmeet.example.com"
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
"speakerstats";
"external_services";
@ -78,13 +76,18 @@ Component "conference.jitmeet.example.com" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_hide_all";
"muc_meeting_id";
"muc_domain_mapper";
"polls";
--"token_verification";
"muc_rate_limit";
"muc_password_whitelist";
}
admins = { "focusUser@auth.jitmeet.example.com" }
muc_password_whitelist = {
"focusUser@auth.jitmeet.example.com"
}
muc_room_locking = false
muc_room_default_public_jids = true
@ -92,6 +95,7 @@ Component "breakout.jitmeet.example.com" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_hide_all";
"muc_meeting_id";
"muc_domain_mapper";
"muc_rate_limit";
@ -105,6 +109,7 @@ Component "breakout.jitmeet.example.com" "muc"
Component "internal.auth.jitmeet.example.com" "muc"
storage = "memory"
modules_enabled = {
"muc_hide_all";
"ping";
}
admins = { "focusUser@auth.jitmeet.example.com", "jvb@auth.jitmeet.example.com" }
@ -124,9 +129,6 @@ Component "focus.jitmeet.example.com" "client_proxy"
Component "speakerstats.jitmeet.example.com" "speakerstats_component"
muc_component = "conference.jitmeet.example.com"
Component "conferenceduration.jitmeet.example.com" "conference_duration_component"
muc_component = "conference.jitmeet.example.com"
Component "endconference.jitmeet.example.com" "end_conference"
muc_component = "conference.jitmeet.example.com"
@ -139,6 +141,7 @@ Component "lobby.jitmeet.example.com" "muc"
muc_room_locking = false
muc_room_default_public_jids = true
modules_enabled = {
"muc_hide_all";
"muc_rate_limit";
"polls";
}

View file

@ -41,21 +41,25 @@ subdomains
umask
Set the umask for the socket and PID file.
userid
Change the user the opendkim program is to run as.
By default, Alpine Linux's OpenRC service will set this to `opendkim` on the
command-line and FreeBSD's rc will set it to `mailnull`.
custom-config
The string following this parameter is appended as-is in the configuration, to
enable more complex configurations.
BOOLEAN PARAMETERS
------------------
syslog
Log to syslog.
DEPRECATED PARAMETERS
---------------------
userid
Change the user the opendkim program is to run as.
By default, Alpine Linux's OpenRC service will set this to `opendkim` on the
command-line and FreeBSD's rc will set it to `mailnull`.
EXAMPLES
--------

View file

@ -29,6 +29,7 @@ case "$os" in
'freebsd')
CFG_DIR="/usr/local/etc/mail"
service="milter-opendkim"
start_service="milteropendkim"
;;
*)
printf "__opendkim does not yet support %s.\n" "$os" >&2
@ -90,7 +91,11 @@ fi
require="__package/opendkim" __file "$target_file" \
--source "$source_file" --mode 0644
require="__package/opendkim" __start_on_boot "${service}"
# Due to the way rc.conf works on *BSD, we find ourselves in the awkward
# situation, where a service's name can contain a '-' symbol, but the
# rc.conf setting to enable a service at boot cannot.
# Unless start_service has been defined before, these two match.
require="__package/opendkim" __start_on_boot "${start_service:-${service}}"
# Ensure Key and Signing tables exist and have proper permissions
key_table="${CFG_DIR}/KeyTable"
@ -105,7 +110,7 @@ require="__package/opendkim" \
--mode 444
require="__file${target_file} __file${key_table}
__file${signing_table} __start_on_boot/${service}" \
__file${signing_table} __start_on_boot/${start_service:-${service}}" \
__check_messages opendkim \
--pattern "^__file${target_file}" \
--execute "service ${service} restart"

View file

@ -0,0 +1,2 @@
This can cause inconsistencies with permissions and will stop being supported.
If you still need this, you can use --custom-config 'UserId $USERID'.

View file

@ -0,0 +1,32 @@
#!/bin/sh -e
DIRECTORY="/var/db/dkim/"
if [ -f "${__object:?}/parameter/directory" ];
then
# Be forgiving about a lack of trailing slash
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi
KEY_ID="$(echo "${__object_id:?)}" | tr '/' '_')"
DEFAULT_PATH="${DIRECTORY:?}${KEY_ID:?}.private"
if [ -s "${DEFAULT_PATH}" ]; then
# This is the main location for the key
FOUND_PATH="${DEFAULT_PATH}"
else
# This is a backwards-compatible location for the key
# Keys generated post March 2022 should not land here
if [ -f "${__object:?}/parameter/selector" ]; then
SELECTOR="$(cat "${__object:?}/parameter/selector")"
if [ -s "${DIRECTORY}${SELECTOR:?}.private" ]; then
FOUND_PATH="${DIRECTORY}${SELECTOR:?}.private"
fi
fi
fi
if [ -n "${FOUND_PATH}" ]; then
printf "present\t%s" "${FOUND_PATH}"
else
# We didn't find the key
# We pass the default path here, to easen logic in the rest of the type
printf "absent\t%s" "${DEFAULT_PATH}"
fi

View file

@ -19,8 +19,8 @@
#
# Required parameters
DOMAIN="$(cat "${__object:?}/parameter/domain")"
SELECTOR="$(cat "${__object:?}/parameter/selector")"
DOMAIN="$(cat "${__object:?}/domain")"
SELECTOR="$(cat "${__object:?}/selector")"
# Optional parameters
BITS=
@ -28,12 +28,6 @@ if [ -f "${__object:?}/parameter/bits" ]; then
BITS="-b $(cat "${__object:?}/parameter/bits")"
fi
DIRECTORY="/var/db/dkim/"
if [ -f "${__object:?}/parameter/directory" ]; then
# Be forgiving about a lack of trailing slash
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi
# Boolean parameters
SUBDOMAINS=
if [ -f "${__object:?}/parameter/no-subdomains" ]; then
@ -48,9 +42,24 @@ fi
user="$(cat "${__object:?}/user")"
group="$(cat "${__object:?}/group")"
if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private"
KEY_STATE="$(cut -f 1 "${__object:?}/explorer/key-state")"
KEY_LOCATION="$(cut -f 2- "${__object:?}/explorer/key-state")"
if [ "${KEY_STATE:?}" = "absent" ]; then
# opendkim-genkey(8) does not allow specifying the file name.
# To err on the safe side (and avoid potentially killing other keys)
# we operate on a temporary directory first, then move the resulting key
cat <<-EOF
tmp_dir="\$(mktemp -d cdist-dkim.XXXXXXXXXXX)"
opendkim-genkey $BITS --domain=${DOMAIN:?} --directory=\${tmp_dir:?} $RESTRICTED --selector=${SELECTOR:?} $SUBDOMAINS
# Relocate and ensure permissions
mv "\${tmp_dir:?}/${SELECTOR:?}.private" '${KEY_LOCATION:?}'
chown ${user}:${group} '${KEY_LOCATION}'
chmod 0600 '${KEY_LOCATION}'
# This is usually generated, if it weren't we do not want to fail
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true"
mv "\${tmp_dir:?}/${SELECTOR:?}.txt" '${KEY_LOCATION%.private}.txt' || true
chown ${user}:${group} '${KEY_LOCATION%.private}.txt' || true
# Cleanup after ourselves
rmdir "\${tmp_dir:?}" || true
EOF
fi

View file

@ -10,23 +10,27 @@ DESCRIPTION
-----------
This type uses the `opendkim-genkey(8)` to generate signing keys suitable for
usage by `opendkim(8)` to sign outgoing emails. Then, a line with the domain,
selector and keyname in the `$selector._domainkey.$domain` format will be added
to the OpenDKIM key table located at `/etc/opendkim/KeyTable`. Finally, a line
will be added to the OpenDKIM signing table, using either the domain or the
provided key for the `domain:selector:keyfile` value in the table. An existing
key will not be overwritten.
usage by `opendkim(8)` to sign outgoing emails.
It also manages the key, identified by its `$__object_id` in OpenDKIM's
KeyTable and sets its `s=` and `d=` parameters (see: `--selector` and
`--sigdomain` respectively).
This type will also manage the entries in the OpenDKIM's SigningTable by
associating any given `sigkey` values to this key.
Take into account that if you use this type without the `--domain` and
`--selector` parameters, the `$__object_id` must be in form `$domain/$selector`.
Currently, this type is only implemented for Alpine Linux and FreeBSD.
Please contribute an implementation if you can.
REQUIRED PARAMETERS
-------------------
domain
The domain to generate the key for.
selector
The DKIM selector to generate the key for.
NOTE: the name of the key file under `--directory` will default to
`$__object_id.private`, but if that fails and `--selector` is used,
`SELECTOR.private` will be considered.
Take care when using unrelated keys that might collide this way.
For more information see:
https://code.ungleich.ch/ungleich-public/cdist-contrib/issues/20
OPTIONAL PARAMETERS
@ -38,10 +42,36 @@ bits
directory
The directory in which to generate the key, `/var/db/dkim/` by default.
domain
The domain to generate the key for.
If omitted, `--selector` must be omitted as well and `$__object_id` must be
in form: `$domain/$selector`.
selector
The DKIM selector to generate the key for.
If omitted, `--domain` must be omitted as well and `$__object_id` must be
in form: `$domain/$selector`.
sigdomain
Specified in the KeyTable, the domain to use in the signature's "d=" value.
Defaults to the specified domain. If `%`, it will be replaced by the apparent
domain of the sender when generating a signature.
Note you probably don't want to set both `--sigdomain` and `--sigkey` to `%`.
See `KeyTable` in `opendkim.conf(5)` for more information.
OPTIONAL MULTIPLE PARAMETERS
----------------------------
sigkey
The key used in the SigningTable for this signing key. Defaults to the
The key used in the `SigningTable` for this signing key. Defaults to the
specified domain. If `%`, OpenDKIM will replace it with the domain found
in the `From:` header. See `opendkim.conf(5)` for more options.
Note you probably don't want to set both `--sigdomain` and `--sigkey` to `%`.
This can be passed multiple times, resulting in multiple lines in the
SigningTable, which can be used to support signing of subdomains or multiple
domains with the same key; in that case, you probably want to set
`--sigdomain` to `%`, else the domains will not be aligned.
BOOLEAN PARAMETERS
------------------
@ -57,6 +87,7 @@ EXAMPLES
.. code-block:: sh
# Setup the OpenDKIM service
__opendkim \
--socket inet:8891@localhost \
--basedir /var/lib/opendkim \
@ -65,14 +96,24 @@ EXAMPLES
--umask 002 \
--syslog
require='__opendkim' \
# Continue only after the service has been set up
export require="__opendkim"
# Generate a key for 'example.com' with selector 'default'
__opendkim_genkey default \
--domain example.com \
--selector default
__opendkim_genkey myfoo \
--domain foo.com \
--selector backup
# Generate a key for 'foo.com' with selector 'backup'
__opendkim_genkey 'foo.com/backup'
# Generate a key for 'example.org' with selector 'main'
# that can also sign 'cdi.st' and subdomains of 'example.org'
__opendkim_genkey 'example.org/main' \
--sigdomain '%' \
--sigkey 'example.org' \
--sigkey '.example.org' \
--sigkey 'cdi.st'
SEE ALSO

View file

@ -35,17 +35,48 @@ case "$os" in
;;
*)
cat <<- EOF >&2
__opendkim_genkey currently only supports Alpine Linux. Please
contribute an implementation for $os if you can.
__opendkim_genkey currently only supports Alpine Linux and FreeBSD.
Please contribute an implementation for $os if you can.
EOF
exit 1
;;
esac
# Persist user and group for gencode-remote
printf '%s' "${user}" > "${__object:?}/user"
printf '%s' "${group}" > "${__object:?}/group"
SELECTOR="$(cat "${__object:?}/parameter/selector")"
DOMAIN="$(cat "${__object:?}/parameter/domain")"
# Logic to simplify the type as documented in
# https://code.ungleich.ch/ungleich-public/cdist-contrib/issues/20#issuecomment-14711
DOMAIN="$(cat "${__object:?}/parameter/domain" 2>/dev/null || true)"
SELECTOR="$(cat "${__object:?}/parameter/selector" 2>/dev/null || true)"
if [ -z "${DOMAIN}${SELECTOR}" ]; then
# Neither SELECTOR nor DOMAIN were passed, try to use __object_id
if echo "${__object_id:?}" | \
grep -qE '^[^/[:space:]]+/[^/[:space:]]+$'; then
# __object_id matches, let's get the data
DOMAIN="$(echo "${__object_id:?}" | cut -d '/' -f 1)"
SELECTOR="$(echo "${__object_id:?}" | cut -d '/' -f 2)"
else
# It doesn't match the pattern, this is sad
cat <<- EOF >&2
The arguments --domain and --selector were not used.
So __object_id must match DOMAIN/SELECTOR.
But instead the type got: ${__object_id:?}
EOF
exit 1
fi
elif [ -z "${DOMAIN}" ] || [ -z "${SELECTOR}" ]; then
# Only one was passed, this is sad :-(
cat <<- EOF >&2
You must pass either both --selector and --domain or none of them.
If these arguments are absent, __object_id must match: DOMAIN/SELECTOR.
EOF
exit 1
# else: both were passed
fi
# Persist data for gencode-remote
printf '%s' "${user:?}" > "${__object:?}/user"
printf '%s' "${group:?}" > "${__object:?}/group"
printf '%s' "${DOMAIN:?}" > "${__object:?}/domain"
printf '%s' "${SELECTOR:?}" > "${__object:?}/selector"
DIRECTORY="/var/db/dkim/"
if [ -f "${__object:?}/parameter/directory" ];
@ -59,6 +90,11 @@ if [ -f "${__object:?}/parameter/sigkey" ];
then
SIGKEY="$(cat "${__object:?}/parameter/sigkey")"
fi
SIGDOMAIN="${DOMAIN:?}"
if [ -f "${__object:?}/parameter/sigdomain" ];
then
SIGDOMAIN="$(cat "${__object:?}/parameter/sigdomain")"
fi
# Ensure the key-container directory exists with the proper permissions
__directory "${DIRECTORY}" \
@ -76,10 +112,28 @@ esac
key_table="${CFG_DIR}/KeyTable"
signing_table="${CFG_DIR}/SigningTable"
__line "line-key-${__object_id:?}" \
--file "${key_table}" \
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private"
KEY_STATE="$(cut -f 1 "${__object:?}/explorer/key-state")"
KEY_LOCATION="$(cut -f 2- "${__object:?}/explorer/key-state")"
__line "line-sig-${__object_id:?}" \
__line "__opendkim_genkey/${__object_id:?}" \
--file "${key_table}" \
--line "${__object_id:?} ${SIGDOMAIN:?}:${SELECTOR:?}:${KEY_LOCATION:?}" \
--regex "^${__object_id:?}[[:space:]]" \
--state 'replace'
sigtable_block() {
for sigkey in ${SIGKEY:?}; do
echo "${sigkey:?} ${__object_id:?}"
done
}
__block "__opendkim_genkey/${__object_id:?}" \
--file "${signing_table}" \
--line "${SIGKEY:?} ${SELECTOR:?}._domainkey.${DOMAIN:?}"
--text "$(sigtable_block)"
if [ "${KEY_STATE:?}" = "present" ]; then
# Ensure proper permissions for the key file
__file "${KEY_LOCATION}" \
--owner "${user}" \
--group "${group}" \
--mode 0600
fi

View file

@ -1,4 +1,6 @@
bits
directory
domain
unrestricted
sigkey
selector
sigdomain

View file

@ -0,0 +1 @@
sigkey

View file

@ -1,2 +0,0 @@
domain
selector

45
type/__php_fpm/files/php.ini.sh Executable file
View file

@ -0,0 +1,45 @@
#!/bin/sh
cat <<EOF
; This file is managed by cdist, and has been shortened for readability.
; The fine manual is at http://php.net/configuration.file.
[PHP]
; Production recommended defaults
display_errors = Off
display_startup_errors = Off
enable_dl = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
log_errors = On
output_buffering = 4096
register_argc_argv = Off
request_order = "GP"
short_open_tag = Off
variables_order = "GPCS"
zend.assertions = -1
; Local custom variations
include_path = ".:${PHP_INCLUDEDIR}"
memory_limit = ${MEMORY_LIMIT:?}
post_max_size = ${UPLOAD_MAX_FILESIZE:?}
upload_max_filesize = ${UPLOAD_MAX_FILESIZE:?}
EOF
if [ -f "${__object:?}/parameter/enable-opcache" ]; then
cat <<-EOF
; opcache enabled by type flag
opcache.enable=1
opcache.enable_cli=1
EOF
fi
if [ -f "${__object:?}/parameter/enable-apcu" ]; then
cat <<-EOF
; acpu enabled by type flag
apc.enabled=1
apc.enable_cli=1
apc.shm_size=512M
EOF
fi

74
type/__php_fpm/man.rst Normal file
View file

@ -0,0 +1,74 @@
cdist-type__php_fpm(7)
======================
NAME
----
cdist-type__php_fpm - Setup and configure PHP-FPM
DESCRIPTION
-----------
This type installs and configures PHP-FPM for a given version of PHP. It is
expected to be used in combination with cdist-type__php_fpm_pool, which
configures specific pools.
This type supports Debian, Ubuntu and Alpine Linux.
REQUIRED PARAMETERS
-------------------
php-version
The PHP version for which the type is working. Will impact installed
packages, configuration files, &c
OPTIONAL PARAMETERS
-------------------
memory-limit
The system-wide memory limit for PHP-FPM. Can be overriden per-pool.
Default is 512M.
upload-max-filesize
The maximum filesize accepted by PHP-FPM for file uploads. Default is
2M.
BOOLEAN PARAMETERS
------------------
enable-opcache
Enable PHP opcache.
enable-apcu
Enable PHP APCu.
EXAMPLES
--------
.. code-block:: sh
# Dead simple setup
__php_fpm --php-version 8.1
# Custom setup
__php_fpm \
--php-version 8.1 \
--memory-limit 768M \
--upload-max-filesize 200M \
--enable-opcache \
--enable-apcu
SEE ALSO
--------
cdist-type__php_fpm_pool(7)
AUTHORS
-------
Joachim Desroches <joachim.desroches@epfl.ch>
COPYING
-------
Copyright \(C) 2022 Joachim Desroches. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

68
type/__php_fpm/manifest Normal file
View file

@ -0,0 +1,68 @@
#!/bin/sh
os=$(cat "${__global:?}/explorer/os")
PHPVER=$(cat "${__object:?}/parameter/php-version")
export PHPVER
case "$os" in
'alpine')
# Alpine packages looks like php81-fpm - we make sure to remove dots from user
# input.
PHPVER=$(echo "$PHPVER" | tr -d '.')
package="php${PHPVER}-fpm"
opcache_package="php${PHPVER}-opcache"
apcu_package="php${PHPVER}-pecl-apcu"
service="php-fpm${PHPVER}"
php_confdir="/etc/php${PHPVER}"
php_ini="${php_confdir:?}/php.ini"
PHP_INCLUDEDIR="/usr/share/php${PHPVER:?}"
export PHP_INCLUDEDIR
;;
'debian'|'ubuntu')
package="php${PHPVER}-fpm"
opcache_package="php${PHPVER}-opcache"
apcu_package="php${PHPVER}-apcu"
service="php${PHPVER}-fpm"
php_confdir="/etc/php/${PHPVER}"
php_ini="${php_confdir:?}/fpm/php.ini"
PHP_INCLUDEDIR="/usr/share/php/${PHPVER:?}"
export PHP_INCLUDEDIR
;;
*)
printf "Your operating system is currently not supported by this type\n" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
__package "$package"
require="__package/$package" __start_on_boot "$service"
if [ -f "${__object:?}/parameter/enable-opcache" ]; then
__package "$opcache_package"
fi
if [ -f "${__object:?}/parameter/enable-apcu" ]; then
__package "$apcu_package"
fi
MEMORY_LIMIT=$(cat "${__object:?}/parameter/memory-limit")
export MEMORY_LIMIT
UPLOAD_MAX_FILESIZE=$(cat "${__object:?}/parameter/upload-max-filesize")
export UPLOAD_MAX_FILESIZE
mkdir -p "${__object:?}/files"
"${__type:?}/files/php.ini.sh" >"${__object:?}/files/php.ini"
require="__package/$package" __file "${php_ini:?}" \
--mode 644 --source "${__object:?}/files/php.ini" \
--onchange "service $service restart"
require="__file/${php_ini:?}" __service "$service" --action start

View file

@ -0,0 +1,2 @@
enable-opcache
enable-apcu

View file

@ -0,0 +1 @@
512M

View file

@ -0,0 +1 @@
2M

View file

@ -0,0 +1,2 @@
upload-max-filesize
memory-limit

View file

@ -0,0 +1 @@
php-version

0
type/__php_fpm/singleton Normal file
View file

View file

@ -0,0 +1,34 @@
#!/bin/sh
cat <<EOF
; PHP-FPM configuration file for $POOL_NAME, PHP version $PHPVER.
; This file is managed by cdist, do not edit by hand!
[$POOL_NAME]
; Local non-default configuration
user = $POOL_USER
group = $POOL_GROUP
listen = $POOL_LISTEN_ADDR
listen.owner = $POOL_LISTEN_OWNER
; Mandatory configuration options with default production values
pm = dynamic
pm.max_children = 10
pm.min_spare_servers = 1
pm.max_spare_servers = 3
env[HOSTNAME] = \$HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
EOF
if [ -f "${__object:?}/parameter/memory-limit" ]; then
echo "php_admin_value[memory_limit] = $(cat "$__object/parameter/memory-limit")"
fi
if [ -f "${__object:?}/parameter/open-basedir" ]; then
echo "php_admin_value[open_basedir] = $(cat "${__object:?}/parameter/open-basedir")"
fi

View file

@ -0,0 +1,79 @@
cdist-type__php_fpm_pool(7)
===========================
NAME
----
cdist-type__php_fpm_pool - Setup and configure a PHP-FPM pool
DESCRIPTION
-----------
This type configures a pool named after the `__object_id` for a specified PHP
version. Note that this types expects a same-version cdist-type__php_fpm type
to have been run first: the user is responsible for doing so.
This type supports Debian, Ubuntu and Alpine Linux.
REQUIRED PARAMETERS
-------------------
php-version
The PHP version for which the type is working. Will impact installed
packages, configuration files, &c
pool-user
The local user under which the pool processes should run.
pool-group
The local group under which the pool processes should run.
pool-listen-addr
The socket or address to which the pool should bind for listening.
pool-listen-owner
The owner of the socket if a socket is used.
OPTIONAL PARAMETERS
-------------------
memory-limit
The pool memory limit for PHP-FPM. Will default to the setting in the
system-wide php.ini file.
openbasedir
Limit the files that can be accessed by PHP to the specified
directory-tree, including the file itself.
EXAMPLES
--------
.. code-block:: sh
# Setup PHP-FPM
__php_fpm --php-version 8
# Setup the pool
__php_fpm_pool www \
--php-version 8 \
--pool-user nextcloud \
--pool-group www-data \
--pool-listen-addr "/run/php8/php-fpm.sock" \
--pool-listen-owner nginx \
--memory-limit 1G
SEE ALSO
--------
cdist-type__php_fpm(7)
AUTHORS
-------
Joachim Desroches <joachim.desroches@epfl.ch>
COPYING
-------
Copyright \(C) 2022 Joachim Desroches. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,40 @@
#!/bin/sh
os=$(cat "${__global:?}/explorer/os")
name=${__object_id:?}
PHPVER=$(cat "${__object:?}/parameter/php-version")
export PHPVER
case "$os" in
'alpine')
PHPVER=$(echo "$PHP_VERSION" | tr -d '.')
service="php-fpm${PHPVER}"
php_confdir="/etc/php${PHPVER}"
php_pooldir="${php_confdir:?}/php-fpm.d"
;;
'debian'|'ubuntu')
service="php${PHPVER}-fpm"
php_confdir="/etc/php/${PHPVER}"
php_pooldir="${php_confdir:?}/fpm/pool.d"
;;
*)
printf "Your operating system is currently not supported by this type\n" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
POOL_NAME="$name"
POOL_USER=$(cat "${__object:?}/parameter/pool-user")
POOL_GROUP=$(cat "${__object:?}/parameter/pool-group")
POOL_LISTEN_ADDR=$(cat "${__object:?}/parameter/pool-listen-addr")
POOL_LISTEN_OWNER=$(cat "${__object:?}/parameter/pool-listen-owner")
export POOL_USER POOL_GROUP POOL_LISTEN_ADDR POOL_LISTEN_OWNER POOL_NAME
mkdir -p "${__object:?}/files"
"${__type:?}/files/www.conf.sh" >"${__object:?}/files/www.conf"
__file "${php_pooldir:?}/${name}.conf" \
--mode 644 --source "${__object:?}/files/www.conf" \
--onchange "service $service reload"

View file

@ -0,0 +1,2 @@
memory-limit
open-basedir

View file

@ -0,0 +1,5 @@
php-version
pool-user
pool-group
pool-listen-addr
pool-listen-owner