nc-env/templates/template13-talk-hpb/artifacts/nextcloud-spreed-signaling-server.conf at 81e8c7279a92ded38ab3960fdd5ba612a986e382

Fork: 0
pmarini / nc-env
Find file
Newer
Older
nc-env / templates / template13-talk-hpb / artifacts / nextcloud-spreed-signaling-server.conf
pmarini on 13 Apr 2022 6 KB initial commit
Raw Blame History
[http]
# IP and port to listen on for HTTP requests.
# Comment line to disable the listener.
listen = 127.0.0.1:8088

# HTTP socket read timeout in seconds.
#readtimeout = 15

# HTTP socket write timeout in seconds.
#writetimeout = 15

[https]
# IP and port to listen on for HTTPS requests.
# Comment line to disable the listener.
#listen = 127.0.0.1:8443

# HTTPS socket read timeout in seconds.
#readtimeout = 15

# HTTPS socket write timeout in seconds.
#writetimeout = 15

# Certificate / private key to use for the HTTPS server.
certificate = /etc/nginx/ssl/#MACHINE_HOSTNAME#.pem
key = /etc/nginx/ssl/#MACHINE_HOSTNAME#-key.pem

[app]
# Set to "true" to install pprof debug handlers.
# See "https://golang.org/pkg/net/http/pprof/" for further information.
debug = true

[sessions]
# Secret value used to generate checksums of sessions. This should be a random
# string of 32 or 64 bytes.
hashkey = 47b91f88695c66b2dd8b2f07dceafd82bc3bb58ad7afd72edf977d9581da37f2

# Optional key for encrypting data in the sessions. Must be either 16, 24 or
# 32 bytes.
# If no key is specified, data will not be encrypted (not recommended).
blockkey = 9685548d450071c2685418413c206586

[clients]
# Shared secret for connections from internal clients. This must be the same
# value as configured in the respective internal services.
internalsecret = 33558e3b8a2e9c6dcd559a7fd476e894decbb678a1a043a048ea4f76ed772653

[backend]
# Comma-separated list of backend ids from which clients are allowed to connect
# from. Each backend will have isolated rooms, i.e. clients connecting to room
# "abc12345" on backend 1 will be in a different room than clients connected to
# a room with the same name on backend 2. Also sessions connected from different
# backends will not be able to communicate with each other.
backends = backend-1

# Allow any hostname as backend endpoint. This is extremely insecure and should
# only be used while running the benchmark client against the server.
allowall = false

# Common shared secret for requests from and to the backend servers if
# "allowall" is enabled. This must be the same value as configured in the
# Nextcloud admin ui.
#secret = the-shared-secret

# Timeout in seconds for requests to the backend.
timeout = 20

# Maximum number of concurrent backend connections per host.
connectionsperhost = 8

# If set to "true", certificate validation of backend endpoints will be skipped.
# This should only be enabled during development, e.g. to work with self-signed
# certificates.
#skipverify = false

# Backend configurations as defined in the "[backend]" section above. The
# section names must match the ids used in "backends" above.
[backend-1]
# URL of the Nextcloud instance
url = #NEXTCLOUD_URL#

# Shared secret for requests from and to the backend servers. This must be the
# same value as configured in the Nextcloud admin ui.
secret = #SECRET_KEY#

[nats]
# Url of NATS backend to use. This can also be a list of URLs to connect to
# multiple backends. For local development, this can be set to ":loopback:"
# to process NATS messages internally instead of sending them through an
# external NATS backend.
#url = nats://localhost:4222

[mcu]
# The type of the MCU to use. Currently only "janus" and "proxy" are supported.
# Leave empty to disable MCU functionality.
type = janus

# For type "janus": the URL to the websocket endpoint of the MCU server.
# For type "proxy": a space-separated list of proxy URLs to connect to.
url = ws://localhost:8188

# For type "janus": the maximum bitrate per publishing stream (in bits per
# second).
# Defaults to 1 mbit/sec.
maxstreambitrate = 2097152

# For type "janus": the maximum bitrate per screensharing stream (in bits per
# second).
# Default is 2 mbit/sec.
#maxscreenbitrate = 2097152

# For type "proxy": type of URL configuration for proxy servers.
# Defaults to "static".
#
# Possible values:
# - static: A space-separated list of proxy URLs is given in the "url" option.
# - etcd: Proxy URLs are retrieved from an etcd cluster (see below).
#urltype = static

# For type "proxy": the id of the token to use when connecting to proxy servers.
#token_id = server1

# For type "proxy": the private key for the configured token id to use when
# connecting to proxy servers.
#token_key = privkey.pem

# For url type "etcd": Comma-separated list of static etcd endpoints to
# connect to.
#endpoints = 127.0.0.1:2379,127.0.0.1:22379,127.0.0.1:32379

# For url type "etcd": Options to perform endpoint discovery through DNS SRV.
# Only used if no endpoints are configured manually.
#discoverysrv = example.com
#discoveryservice = foo

# For url type "etcd": Path to private key, client certificate and CA
# certificate if TLS authentication should be used.
#clientkey = /path/to/etcd-client.key
#clientcert = /path/to/etcd-client.crt
#cacert = /path/to/etcd-ca.crt

# For url type "etcd": Key prefix of MCU proxy entries. All keys below will be
# watched and assumed to contain a JSON document. The entry "address" from this
# document will be used as proxy URL, other contents in the document will be
# ignored.
#
# Example:
# "/signaling/proxy/server/one" -> {"address": "https://proxy1.domain.invalid"}
# "/signaling/proxy/server/two" -> {"address": "https://proxy2.domain.invalid"}
#keyprefix = /signaling/proxy/server

[turn]
# API key that the MCU will need to send when requesting TURN credentials.
#apikey = the-api-key-for-the-rest-service

# The shared secret to use for generating TURN credentials. This must be the
# same as on the TURN server.
#secret = 6d1c17a7-c736-4e22-b02c-e2955b7ecc64

# A comma-separated list of TURN servers to use. Leave empty to disable the
# TURN REST API.
#servers = turn:1.2.3.4:9991?transport=udp,turn:1.2.3.4:9991?transport=tcp

[geoip]
# License key to use when downloading the MaxMind GeoIP database. You can
# register an account at "https://www.maxmind.com/en/geolite2/signup" for
# free. See "https://dev.maxmind.com/geoip/geoip2/geolite2/" for further
# information.
# Leave empty to disable GeoIP lookups.
#license =

# Optional URL to download a MaxMind GeoIP database from. Will be generated if
# "license" is provided above. Can be a "file://" url if a local file should
# be used. Please note that the database must provide a country field when
# looking up IP addresses.
#url =

[geoip-overrides]
# Optional overrides for GeoIP lookups. The key is an IP address / range, the
# value the associated country code.
#127.0.0.1 = DE
#192.168.0.0/24 = DE

[stats]
# Comma-separated list of IP addresses that are allowed to access the stats
# endpoint. Leave empty (or commented) to only allow access from "127.0.0.1".
#allowed_ips =