|
|
@@ -18,6 +18,7 @@
|
|
|
{{ $ENABLE_END_CONFERENCE := .Env.ENABLE_END_CONFERENCE | default "true" | toBool }}
|
|
|
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }}
|
|
|
{{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }}
|
|
|
+{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool }}
|
|
|
{{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}}
|
|
|
{{ $PUBLIC_URL_DOMAIN := $PUBLIC_URL | trimPrefix "https://" | trimSuffix "/" -}}
|
|
|
{{ $TURN_PORT := .Env.TURN_PORT | default "443" }}
|
|
|
@@ -31,10 +32,17 @@
|
|
|
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
|
|
|
{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 }}
|
|
|
{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}}
|
|
|
+{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}}
|
|
|
+{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}}
|
|
|
{{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}}
|
|
|
{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
|
|
|
{{ $PROSODY_RESERVATION_ENABLED := .Env.PROSODY_RESERVATION_ENABLED | default "false" | toBool }}
|
|
|
{{ $PROSODY_RESERVATION_REST_BASE_URL := .Env.PROSODY_RESERVATION_REST_BASE_URL | default "" }}
|
|
|
+{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" }}
|
|
|
+{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" }}
|
|
|
+{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" }}
|
|
|
+{{ $RATE_LIMIT_ALLOW_RANGES := (splitList "," .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES) | default ["10.0.0.0/8"] }}
|
|
|
+{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" }}
|
|
|
{{ $ENV := .Env -}}
|
|
|
|
|
|
admins = {
|
|
|
@@ -268,10 +276,39 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc"
|
|
|
{{ if $ENABLE_SUBDOMAINS -}}
|
|
|
"muc_domain_mapper";
|
|
|
{{ end -}}
|
|
|
+ {{ if $ENABLE_RATE_LIMITS -}}
|
|
|
+ "muc_rate_limit";
|
|
|
+ "rate_limit";
|
|
|
+ {{ end -}}
|
|
|
{{ if .Env.MAX_PARTICIPANTS }}
|
|
|
"muc_max_occupants";
|
|
|
{{ end }}
|
|
|
}
|
|
|
+
|
|
|
+ {{ if $ENABLE_RATE_LIMITS -}}
|
|
|
+ -- Max allowed join/login rate in events per second.
|
|
|
+ rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }};
|
|
|
+ -- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second.
|
|
|
+ rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }};
|
|
|
+ -- The time in seconds, after which the limit for an IP address is lifted.
|
|
|
+ rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }};
|
|
|
+ -- List of regular expressions for IP addresses that are not limited by this module.
|
|
|
+ rate_limit_whitelist = {
|
|
|
+ "127.0.0.1";
|
|
|
+ {{ range $index, $cidr := $RATE_LIMIT_ALLOW_RANGES -}}
|
|
|
+ "{{ $cidr }}";
|
|
|
+ {{ end -}}
|
|
|
+ };
|
|
|
+
|
|
|
+ rate_limit_whitelist_jids = {
|
|
|
+ "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}",
|
|
|
+ "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}"
|
|
|
+ }
|
|
|
+ {{ end -}}
|
|
|
+
|
|
|
+ -- The size of the cache that saves state for IP addresses
|
|
|
+ rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }};
|
|
|
+
|
|
|
muc_room_cache_size = 1000
|
|
|
muc_room_locking = false
|
|
|
muc_room_default_public_jids = true
|
|
|
@@ -308,7 +345,13 @@ Component "lobby.{{ $XMPP_DOMAIN }}" "muc"
|
|
|
restrict_room_creation = true
|
|
|
muc_room_locking = false
|
|
|
muc_room_default_public_jids = true
|
|
|
-{{ end }}
|
|
|
+ modules_enabled = {
|
|
|
+ {{ if $ENABLE_RATE_LIMITS -}}
|
|
|
+ "muc_rate_limit";
|
|
|
+ {{ end -}}
|
|
|
+ }
|
|
|
+
|
|
|
+ {{ end }}
|
|
|
|
|
|
{{ if $ENABLE_BREAKOUT_ROOMS }}
|
|
|
Component "breakout.{{ $XMPP_DOMAIN }}" "muc"
|
|
|
@@ -324,6 +367,9 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc"
|
|
|
{{ if not $DISABLE_POLLS -}}
|
|
|
"polls";
|
|
|
{{ end -}}
|
|
|
+ {{ if $ENABLE_RATE_LIMITS -}}
|
|
|
+ "muc_rate_limit";
|
|
|
+ {{ end -}}
|
|
|
}
|
|
|
{{ end }}
|
|
|
|
Aaron van Meerten