root/F7_HPB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

overlay: nats-server.conf, janus, coturn, nats-server/turnserver binaries; f7hpb.sh install overlay and coturn permissions

Browse Source
This commit is contained in:
root 2026-03-09 13:32:21 +00:00
parent 37a4ddd26d
commit 5cdff47105
32 changed files with 1779 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
f7hpb.sh Normal file
View File

@ -0,0 +1,113 @@
#!/bin/bash
# Установка F7_HPB (signaling, конфиг, systemd). Запускается на сервере HPB.
# Использование: ./f7hpb.sh [/path/to/f7cloud-install.env]
# Переменные можно передать через env-файл или ввести в диалоге, если не заданы.
set -e
ROLE="f7hpb"
ERROR_LOG="/tmp/install-error-${ROLE}.log"
log_error() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] ERROR: $*" >> "$ERROR_LOG"; echo "ERROR: $*" >&2; }
log_warn() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] WARN: $*" >> "$ERROR_LOG"; echo "WARN: $*" >&2; }
# Два режима: если переменная передана (не пустая) — использовать; иначе — запросить ввод.
# Использование: get_var ИМЯ_ПЕРЕМЕННОЙ "Подсказка для пользователя"
get_var() {
local name="$1"
local prompt="$2"
local val="${!name}"
if [ -z "$val" ]; then
read -rp "$prompt: " val
[ -z "$val" ] && { log_error "Переменная $name не задана."; exit 1; }
printf -v "$name" '%s' "$val"
fi
}
# Путь к env-файлу: аргумент скрипта или запрос
ENV_FILE="${1:-}"
get_var ENV_FILE "Путь к файлу конфигурации (например /path/to/f7cloud-install.env)"
if [ ! -f "$ENV_FILE" ]; then
log_error "Файл конфигурации не найден: $ENV_FILE"
exit 1
fi
# shellcheck source=/dev/null
set -a && source "$ENV_FILE" && set +a
# Переменные из env или диалог, если не переданы
get_var HPB_HASHKEY "HPB hashkey"
get_var HPB_BLOCKKEY "HPB blockkey"
get_var HPB_INTERNAL_SECRET "HPB internal_secret"
get_var HPB_BACKEND_SECRET "HPB backend secret"
get_var F7CLOUD_URL "URL F7 Cloud (например https://cloud.example.com)"
HPB_DOMAIN="${F7CLOUD_URL}"
> "$ERROR_LOG"
echo "=== Лог установки F7_HPB ===" >> "$ERROR_LOG"
echo "Начало: $(date '+%Y-%m-%d %H:%M:%S')" >> "$ERROR_LOG"
if ! command -v git >/dev/null 2>&1; then
echo "Установка git..."
apt-get update -qq && apt-get install -y git || { log_error "Не удалось установить git"; exit 1; }
fi
rm -rf /tmp/F7_HPB
echo "Клонирование репозитория F7_HPB..."
if ! (cd /tmp && git clone https://git.f7cloud.ru/root/F7_HPB.git); then
log_error "Не удалось клонировать репозиторий F7_HPB"
exit 1
fi
sleep 1
if ! [ -d /tmp/F7_HPB ]; then
log_error "Директория /tmp/F7_HPB не существует после клонирования"
exit 1
fi
# Секреты должны быть в env (переданы из главного скрипта)
if [ -f /tmp/hpb-secrets.env ]; then
# shellcheck source=/dev/null
set -a && source /tmp/hpb-secrets.env && set +a
fi
R=/tmp/F7_HPB
mkdir -p /etc/f7cloud-spreed-signaling
if [ -f "$R/server.conf.example" ]; then
cp "$R/server.conf.example" /etc/f7cloud-spreed-signaling/server.conf
sed -i "s|hashkey.*=.*|hashkey = \"${HPB_HASHKEY}\"|i" /etc/f7cloud-spreed-signaling/server.conf
sed -i "s|blockkey.*=.*|blockkey = \"${HPB_BLOCKKEY}\"|i" /etc/f7cloud-spreed-signaling/server.conf
sed -i "s|internal.*secret.*=.*|internal_secret = \"${HPB_INTERNAL_SECRET}\"|i" /etc/f7cloud-spreed-signaling/server.conf
sed -i "s|backend.*secret.*=.*|secret = \"${HPB_BACKEND_SECRET}\"|i" /etc/f7cloud-spreed-signaling/server.conf
sed -i "s|https://.*nextcloud|${F7CLOUD_URL}|i" /etc/f7cloud-spreed-signaling/server.conf
sed -i "s|https://.*hpb|https://${HPB_DOMAIN}|i" /etc/f7cloud-spreed-signaling/server.conf
fi
for bin in "$R/signaling-server" "$R/build/signaling-server" "$R/signaling-server-server"; do
[ -f "$bin" ] && cp "$bin" /usr/bin/ 2>/dev/null && chmod +x "/usr/bin/$(basename "$bin")" && break
done
find "$R" -maxdepth 2 -name "*.service" -exec cp {} /etc/systemd/system/ \;
# Overlay: файлы и каталоги из репозитория на те же пути в системе
if [ -d "$R/overlay" ]; then
echo "Установка overlay (nats, janus, coturn, бинарники)..."
[ -f "$R/overlay/etc/nats-server.conf" ] && cp "$R/overlay/etc/nats-server.conf" /etc/
[ -d "$R/overlay/etc/janus" ] && cp -a "$R/overlay/etc/janus" /etc/
[ -d "$R/overlay/etc/coturn" ] && cp -a "$R/overlay/etc/coturn" /etc/
[ -f "$R/overlay/usr/sbin/nats-server" ] && cp "$R/overlay/usr/sbin/nats-server" /usr/sbin/ && chmod +x /usr/sbin/nats-server
[ -f "$R/overlay/usr/bin/turnserver" ] && cp "$R/overlay/usr/bin/turnserver" /usr/bin/ && chmod +x /usr/bin/turnserver
# Права для coturn: пользователь turnserver, каталоги 750
if [ -d /etc/coturn ]; then
getent passwd turnserver >/dev/null 2>&1 || (useradd -r -s /usr/sbin/nologin turnserver 2>/dev/null || true)
chown -R turnserver:turnserver /etc/coturn
find /etc/coturn -type d -exec chmod 750 {} \;
find /etc/coturn -type f -exec chmod 640 {} \;
fi
fi
systemctl daemon-reload 2>/dev/null || true
systemctl enable f7cloud-spreed-signaling 2>/dev/null || systemctl enable signaling 2>/dev/null || true
systemctl start f7cloud-spreed-signaling 2>/dev/null || systemctl start signaling 2>/dev/null || true
echo "Конец: $(date '+%Y-%m-%d %H:%M:%S')" >> "$ERROR_LOG"
echo "F7_HPB установлен. Лог ошибок: $ERROR_LOG"
exit 0

0
overlay/etc/coturn/.gitkeep Normal file
View File

0
overlay/etc/coturn/certs/.gitkeep Normal file
View File

21
overlay/etc/janus/janus.eventhandler.gelfevh.jcfg Normal file
View File

@ -0,0 +1,21 @@
# This configures the GELF event handler. Appending necessary headers
# and sending messages via TCP or UDP
general: {
enabled = false # By default the module is not enabled
events = "all"
# Comma separated list of the events mask you're interested
# in. Valid values are none, sessions, handles, jsep, webrtc,
# media, plugins, transports, core, external and all. By
# default we subscribe to everything (all)
backend = "your.graylog.server" # DNS or IP of your Graylog server
port = "12201" # Port Graylog server is listening on
protocol = "tcp" # tcp or udp transport type
max_message_len = 1024 # Note that we add 12 bytes of headers + standard UDP headers (8 bytes)
# when calculating packet size based on MTU
#compress = true # Optionally, only for UDP transport, JSON messages can be compressed using zlib
#compression = 9 # In case, you can specify the compression factor, where 1 is
# the fastest (low compression), and 9 gives the best compression
}

57
overlay/etc/janus/janus.eventhandler.mqttevh.jcfg Normal file
View File

@ -0,0 +1,57 @@
# This configures the MQTT event handler. Events are sent either on
# one topic or on a topic per event type.
#
# By default, configuration topics for handle and webrtc event types
# with the base topic are configured to /janus/events, e.g.:
# /janus/events/handle
# /janus/events/webrtc
general: {
enabled = false # By default the module is not enabled
events = "all" # Comma separated list of the events mask you're interested
# in. Valid values are none, sessions, handles, jsep, webrtc,
# media, plugins, transports, core, external and all. By
# default we subscribe to everything (all)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
url = "tcp://localhost:1883" # The URL of the MQTT server. "tcp://" and "ssl://" protocols are supported.
#mqtt_version = "3.1.1" # Protocol version. Available values: 3.1, 3.1.1 (default), 5.
client_id = "janus.example.com" # Janus client id. You have to configure a unique ID (default: guest).
#keep_alive_interval = 20 # Keep connection for N seconds (default: 30)
#cleansession = 0 # Clean session flag (default: off)
#retain = 0 # Default MQTT retain flag for published events
#qos = 1 # Default MQTT QoS for published events
#max_inflight = 10 # Maximum number of inflight messages
#max_buffered = 100 # Maximum number of buffered messages
#disconnect_timeout = 100 # Seconds to wait before destroying client
#username = "guest" # Username for authentication (default: no authentication)
#password = "guest" # Password for authentication (default: no authentication)
#topic = "/janus/events" # Base topic (default: /janus/events)
#addevent = true # Whether we should add the event type to the base topic
#tls_enable = false # Whether TLS support must be enabled
# Initial message sent to status topic
#connect_status = "{\"event\": \"connected\", \"eventhandler\": \"janus.eventhandler.mqttevh\"}"
# Message sent after disconnect or as LWT
#disconnect_status = "{\"event\": \"disconnected\"}"
#will_enabled = false # Whether to enable LWT (default: false)
#will_retain = 1 # Whether LWT should be retained (default: 1)
#will_qos = 0 # QoS for LWT (default: 0)
# Additional parameters if "mqtts://" schema is used
#tls_verify_peer = true # Whether peer verification must be enabled
#tls_verify_hostname = true # Whether hostname verification must be enabled
# Certificates to use when TLS support is enabled, if needed
#tls_cacert = "/path/to/cacert.pem"
tls_client_cert = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
tls_client_key = "/etc/ssl/private/ssl-cert-snakeoil.key"
#tls_ciphers
#tls_version
# These options work with MQTT 5 only.
#add_user_properties = () # List of user property ["key", "value"] pairs to add.
}

30
overlay/etc/janus/janus.eventhandler.nanomsgevh.jcfg Normal file
View File

@ -0,0 +1,30 @@
# This configures the Nanomsg event handler. Since this plugin only
# forwards each event it receives via Nanomsg, you simply need to
# configure (i) which events to subscribe to, (ii) the address to use for
# the communication, and (iii) whether the address should be used to bind
# locally or to connect to a remote endpoint. Notice that the only supported
# pattern is NN_PUBSUB, where the Nanomsg event handler is the publisher.
general: {
enabled = false # By default the module is not enabled
events = "all" # Comma separated list of the events mask you're interested
# in. Valid values are none, sessions, handles, jsep, webrtc,
# media, plugins, transports, core, external and all. By
# default we subscribe to everything (all)
grouping = true # Whether events should be sent individually (one per
# HTTP POST, JSON object), or if it's ok to group them
# (one or more per HTTP POST, JSON array with objects)
# The default is 'yes' to limit the number of connections.
# Address the plugin will send all events to as HTTP POST
# requests with an application/json payload. In case
# authentication is required to contact the backend, set
# the credentials as well (basic authentication only).
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
#mode = "bind" # Whether we should 'bind' to the specified
# address, or connect to it if remote (default)
address = "ipc:///tmp/janusevh.ipc" # Address to use, refer to the Nanomsg documentation
# for more info on different transports you can use here
}

34
overlay/etc/janus/janus.eventhandler.rabbitmqevh.jcfg Normal file
View File

@ -0,0 +1,34 @@
# This configures the RabbitMQ event handler.
general: {
enabled = false # By default the module is not enabled
events = "all" # Comma separated list of the events mask you're interested
# in. Valid values are none, sessions, handles, jsep, webrtc,
# media, plugins, transports, core, external and all. By
# default we subscribe to everything (all)
grouping = true # Whether events should be sent individually , or if it's ok
# to group them. The default is 'yes' to limit the number of
# messages
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
host = "localhost" # The address of the RabbitMQ server
#port = 5672 # The port of the RabbitMQ server (5672 by default)
#username = "guest" # Username to use to authenticate, if needed
#password = "guest" # Password to use to authenticate, if needed
#vhost = "/" # Virtual host to specify when logging in, if needed
#exchange = "janus-exchange"
route_key = "janus-events" # Routing key to use when publishing messages
#exchange_type = "fanout" # Rabbitmq exchange_type can be one of the available types: direct, topic, headers and fanout (fanout by defualt).
#heartbeat = 60 # Defines the seconds without communication that should pass before considering the TCP connection unreachable.
#declare_outgoing_queue = true # By default (for backwards compatibility), we declare an outgoing queue. Set this to false to disable that behavior
#ssl_enable = false # Whether ssl support must be enabled
#ssl_verify_peer = true # Whether peer verification must be enabled
#ssl_verify_hostname = true # Whether hostname verification must be enabled
# Certificates to use when SSL support is enabled, if needed
#ssl_cacert = "/path/to/cacert.pem"
ssl_cert = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
ssl_key = "/etc/ssl/private/ssl-cert-snakeoil.key"
}

44
overlay/etc/janus/janus.eventhandler.sampleevh.jcfg Normal file
View File

@ -0,0 +1,44 @@
# This configures the sample event handler. Since this plugin simply
# forwards each event it receives via HTTP POST, you simply need to
# configure (i) which events to subscribe to, and (ii) the address of
# the web server which will receive the requests.
general: {
enabled = false # By default the module is not enabled
events = "all" # Comma separated list of the events mask you're interested
# in. Valid values are none, sessions, handles, jsep, webrtc,
# media, plugins, transports, core, external and all. By
# default we subscribe to everything (all)
grouping = true # Whether events should be sent individually (one per
# HTTP POST, JSON object), or if it's ok to group them
# (one or more per HTTP POST, JSON array with objects)
# The default is 'yes' to limit the number of connections.
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
#compress = true # Optionally, the JSON messages can be compressed using zlib
#compression = 9 # In case, you can specify the compression factor, where 1 is
# the fastest (low compression), and 9 gives the best compression
# Address the plugin will send all events to as HTTP POST
# requests with an application/json payload. In case
# authentication is required to contact the backend, set
# the credentials as well (basic authentication only).
backend = "http://your.webserver.here/and/a/path"
#backend_user = "myuser"
#backend_pwd = "mypwd"
# You can also configure how retransmissions should
# happen, after a failed attempt to deliver an event.
# Specifically, you can specify how many times a
# retransmission should be attempted (default=5) and
# which step is used, in milliseconds, for the exponential
# backoff before retrying (e.g, if step=100ms, then the
# the first retry will happen after 100ms, the second
# after 200ms, then 400ms, and so on). If the event cannot
# be retransmitted after the maximum number of attemps
# is reached, then it's lost. Beware that retransmissions
# will also delay pending events and increase the queue.
#max_retransmissions = 5
#retransmissions_backoff = 100
}

31
overlay/etc/janus/janus.eventhandler.wsevh.jcfg Normal file
View File

@ -0,0 +1,31 @@
# This configures the WebSockets event handler. Since this plugin only
# forwards each event it receives via WebSockets, you simply need to
# configure (i) which events to subscribe to, and (ii) the address of
# the WebSockets server which will receive the requests.
general: {
enabled = false # By default the module is not enabled
events = "all" # Comma separated list of the events mask you're interested
# in. Valid values are none, sessions, handles, jsep, webrtc,
# media, plugins, transports, core, external and all. By
# default we subscribe to everything (all)
grouping = true # Whether events should be sent individually (one per
# HTTP POST, JSON object), or if it's ok to group them
# (one or more per HTTP POST, JSON array with objects)
# The default is 'yes' to limit the number of connections.
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
# Address the plugin will send all events to as WebSocket
# messages. In case authentication is required to contact
# the backend, set the credentials as well.
backend = "ws://your.websocket.here"
# subprotocol = "your-subprotocol"
# In case you need to debug connection issues, you can configure
# the libwebsockets debugging level as a comma separated list of things
# to debug, supported values: err, warn, notice, info, debug, parser,
# header, ext, client, latency, user, count (plus 'none' and 'all')
#ws_logging = "err,warn"
}

437
overlay/etc/janus/janus.jcfg Normal file
View File

@ -0,0 +1,437 @@
# General configuration: folders where the configuration and the plugins
# can be found, how output should be logged, whether Janus should run as
# a daemon or in foreground, default interface to use, debug/logging level
# and, if needed, shared apisecret and/or token authentication mechanism
# between application(s) and Janus.
general: {
configs_folder = "/etc/janus" # Configuration files folder
plugins_folder = "/usr/lib/x86_64-linux-gnu/janus/plugins" # Plugins folder
transports_folder = "/usr/lib/x86_64-linux-gnu/janus/transports" # Transports folder
events_folder = "/usr/lib/x86_64-linux-gnu/janus/events" # Event handlers folder
loggers_folder = "/usr/lib/x86_64-linux-gnu/janus/loggers" # External loggers folder
# The next settings configure logging
#log_to_stdout = false # Whether the Janus output should be written
# to stdout or not (default=true)
log_to_file = "/var/log/janus.log" # Whether to use a log file or not
debug_level = 4 # Debug/logging level, valid values are 0-7
debug_timestamps = true # Whether to show a timestamp for each log line
#debug_colors = false # Whether colors should be disabled in the log
#debug_locks = true # Whether to enable debugging of locks (very verbose!)
#log_prefix = "[janus] " # In case you want log lines to be prefixed by some
# custom text, you can use the 'log_prefix' property.
# It supports terminal colors, meaning something like
# "[\x1b[32mjanus\x1b[0m] " would show a green "janus"
# string in square brackets (assuming debug_colors=true).
# This is what you configure if you want to launch Janus as a daemon
#daemonize = true # Whether Janus should run as a daemon
# or not (default=run in foreground)
#pid_file = "/path/to/janus.pid" # PID file to create when Janus has been
# started, and to destroy at shutdown
# There are different ways you can authenticate the Janus and Admin APIs
#api_secret = "janusrocks" # String that all Janus requests must contain
# to be accepted/authorized by the Janus core.
# Useful if you're wrapping all Janus API requests
# in your servers (that is, not in the browser,
# where you do the things your way) and you
# don't want other application to mess with
# this Janus instance.
#token_auth = true # Enable a token based authentication
# mechanism to force users to always provide
# a valid token in all requests. Useful if
# you want to authenticate requests from web
# users.
#token_auth_secret = "janus" # Use HMAC-SHA1 signed tokens (with token_auth). Note that
# without this, the Admin API MUST
# be enabled, as tokens are added and removed
# through messages sent there.
admin_secret = "janusoverlord" # String that all Janus requests must contain
# to be accepted/authorized by the admin/monitor.
# only needed if you enabled the admin API
# in any of the available transports.
# Generic settings
#interface = "1.2.3.4" # Interface to use (will be used in SDP)
#server_name = "MyJanusInstance"# Public name of this Janus instance
# as it will appear in an info request
#session_timeout = 60 # How long (in seconds) we should wait before
# deciding a Janus session has timed out. A
# session times out when no request is received
# for session_timeout seconds (default=60s).
# Setting this to 0 will disable the timeout
# mechanism, which is NOT suggested as it may
# risk having orphaned sessions (sessions not
# controlled by any transport and never freed).
# To avoid timeouts, keep-alives can be used.
#candidates_timeout = 45 # How long (in seconds) we should keep hold of
# pending (trickle) candidates before discarding
# them (default=45s). Notice that setting this
# to 0 will NOT disable the timeout, but will
# be considered an invalid value and ignored.
#reclaim_session_timeout = 0 # How long (in seconds) we should wait for a
# janus session to be reclaimed after the transport
# is gone. After the transport is gone, a session
# times out when no request is received for
# reclaim_session_timeout seconds (default=0s).
# Setting this to 0 will disable the timeout
# mechanism, and sessions will be destroyed immediately
# if the transport is gone.
#recordings_tmp_ext = "tmp" # The extension for recordings, in Janus, is
# .mjr, a custom format we devised ourselves.
# By default, we save to .mjr directly. If you'd
# rather the recording filename have a temporary
# extension while it's being saved, and only
# have the .mjr extension when the recording
# is over (e.g., to automatically trigger some
# external scripts), then uncomment and set the
# recordings_tmp_ext property to the extension
# to add to the base (e.g., tmp --> .mjr.tmp).
#event_loops = 8 # By default, Janus handles each have their own
# event loop and related thread for all the media
# routing and management. If for some reason you'd
# rather limit the number of loop/threads, and
# you want handles to share those, you can do that
# configuring the event_loops property: this will
# spawn the specified amount of threads at startup,
# run a separate event loop on each of them, and
# add new handles to one of them when attaching.
# Notice that, while cutting the number of threads
# and possibly reducing context switching, this
# might have an impact on the media delivery,
# especially if the available loops can't take
# care of all the handles and their media in time.
# As such, if you want to use this you should
# provision the correct value according to the
# available resources (e.g., CPUs available).
#allow_loop_indication = true # In case a static number of event loops is
# configured as explained above, by default
# new handles will be allocated on one loop or
# another by the Janus core itself. In some cases
# it may be helpful to manually tell the Janus
# core which loop a handle should be added to,
# e.g., to group viewers of the same stream on
# the same loop. This is possible via the Janus
# API when performing the 'attach' request, but
# only if allow_loop_indication is set to true;
# it's set to false by default to avoid abuses.
# Don't change if you don't know what you're doing!
#opaqueid_in_api = true # Opaque IDs set by applications are typically
# only passed to event handlers for correlation
# purposes, but not sent back to the user or
# application in the related Janus API responses
# or events; in case you need them to be in the
# Janus API too, set this property to 'true'.
#hide_dependencies = true # By default, a call to the "info" endpoint of
# either the Janus or Admin API now also returns
# the versions of the main dependencies (e.g.,
# libnice, libsrtp, which crypto library is in
# use and so on). Should you want that info not
# to be disclose, set 'hide_dependencies' to true.
#exit_on_dl_error = false # If a Janus shared libary cannot be loaded or an expected
# symbol is not found, exit immediately.
# The following is ONLY useful when debugging RTP/RTCP packets,
# e.g., to look at unencrypted live traffic with a browser. By
# default it is obviously disabled, as WebRTC mandates encryption.
#no_webrtc_encryption = true
# Janus provides ways via its API to specify custom paths to save
# files to (e.g., recordings, pcap captures and the like). In order
# to avoid people can mess with folders they're not supposed to,
# you can configure an array of folders that Janus should prevent
# creating files in. If the 'protected_folder' property below is
# commented, no folder is protected.
# Notice that at the moment this only covers attempts to start
# an .mjr recording and pcap/text2pcap packet captures.
protected_folders = [
"/bin",
"/boot",
"/dev",
"/etc",
"/initrd",
"/lib",
"/lib32",
"/lib64",
"/proc",
"/sbin",
"/sys",
"/usr",
"/var",
# We add what are usually the folders Janus is installed to
# as well: we don't just put "/opt/janus" because that would
# include folders like "/opt/janus/share" that is where
# recordings might be saved to by some plugins
"/opt/janus/bin",
"/opt/janus/etc",
"/opt/janus/include",
"/opt/janus/lib",
"/opt/janus/lib32",
"/opt/janus/lib64",
"/opt/janus/sbin"
]
}
# Certificate and key to use for DTLS (and passphrase if needed). If missing,
# Janus will autogenerate a self-signed certificate to use. Notice that
# self-signed certificates are fine for the purpose of WebRTC DTLS
# connectivity, for the time being, at least until Identity Providers
# are standardized and implemented in browsers. If for some reason you
# want to enforce the DTLS stack in Janus to enforce valid certificates
# from peers, though, you can do that setting 'dtls_accept_selfsigned' to
# 'false' below: DO NOT TOUCH THAT IF YOU DO NOT KNOW WHAT YOU'RE DOING!
# You can also configure the DTLS ciphers to offer: the default if not
# set is "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK"
# Finally, by default NIST P-256 certificates are generated (see #1997),
# but RSA generation is still supported if you set 'rsa_private_key' to 'true'.
certificates: {
#cert_pem = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
#cert_key = "/etc/ssl/private/ssl-cert-snakeoil.key"
#cert_pwd = "secretpassphrase"
#dtls_accept_selfsigned = false
#dtls_ciphers = "your-desired-openssl-ciphers"
#rsa_private_key = false
}
# Media-related stuff: you can configure whether if you want to enable IPv6
# support (and link-local IPs), the minimum size of the NACK queue (in ms,
# defaults to 200ms) for retransmissions no matter the RTT, the range of
# ports to use for RTP and RTCP (by default, no range is envisaged), the
# starting MTU for DTLS (1200 by default, it adapts automatically),
# how much time, in seconds, should pass with no media (audio or
# video) being received before Janus notifies you about this (default=1s,
# 0 disables these events entirely), how many lost packets should trigger a
# 'slowlink' event to users (default=0, disabled), and how often, in milliseconds,
# to send the Transport Wide Congestion Control feedback information back
# to senders, if negotiated (default=200ms). Finally, if you're using BoringSSL
# you can customize the frequency of retransmissions: OpenSSL has a fixed
# value of 1 second (the default), while BoringSSL can override that. Notice
# that lower values (e.g., 100ms) will typically get you faster connection
# times, but may not work in case the RTT of the user is high: as such,
# you should pick a reasonable trade-off (usually 2*max expected RTT).
media: {
#ipv6 = true
#ipv6_linklocal = true
#min_nack_queue = 500
#rtp_port_range = "20000-40000"
#dtls_mtu = 1200
#no_media_timer = 1
#slowlink_threshold = 4
#twcc_period = 100
#dtls_timeout = 500
# Janus can do some optimizations on the NACK queue, specifically when
# keyframes are involved. Namely, you can configure Janus so that any
# time a keyframe is sent to a user, the NACK buffer for that connection
# is emptied. This allows Janus to ignore NACK requests for packets
# sent shortly before the keyframe was sent, since it can be assumed
# that the keyframe will restore a complete working image for the user
# anyway (which is the main reason why video retransmissions are typically
# required). While this optimization is known to work fine in most cases,
# it can backfire in some edge cases, and so is disabled by default.
#nack_optimizations = true
# If you need DSCP packet marking and prioritization, you can configure
# the 'dscp' property to a specific values, and Janus will try to
# set it on all outgoing packets using libnice. Normally, the specs
# suggest to use different values depending on whether audio, video
# or data are used, but since all PeerConnections in Janus are bundled,
# we can only use one. You can refer to this document for more info:
# https://tools.ietf.org/html/draft-ietf-tsvwg-rtcweb-qos-18#page-6
# That said, DON'T TOUCH THIS IF YOU DON'T KNOW WHAT IT MEANS!
#dscp = 46
}
# NAT-related stuff: specifically, you can configure the STUN/TURN
# servers to use to gather candidates if the gateway is behind a NAT,
# and srflx/relay candidates are needed. In case STUN is not enough and
# this is needed (it shouldn't), you can also configure Janus to use a
# TURN server# please notice that this does NOT refer to TURN usage in
# browsers, but in the gathering of relay candidates by Janus itself,
# e.g., if you want to limit the ports used by a Janus instance on a
# private machine. Furthermore, you can choose whether Janus should be
# configured to do full-trickle (Janus also trickles its candidates to
# users) rather than the default half-trickle (Janus supports trickle
# candidates from users, but sends its own within the SDP), and whether
# it should work in ICE-Lite mode (by default it doesn't). If libnice is
# at least 0.1.15, you can choose which ICE nomination mode to use: valid
# values are "regular" and "aggressive" (the default depends on the libnice
# version itself; if we can set it, we set aggressive nomination). You can
# also configure whether to use connectivity checks as keep-alives, which
# might help detecting when a peer is no longer available (notice that
# current libnice master is breaking connections after 50 seconds when
# keepalive-conncheck is being used, so if you want to use it, better
# sticking to 0.1.18 until the issue is addressed upstream). Finally,
# you can also enable ICE-TCP support (beware that this may lead to problems
# if you do not enable ICE Lite as well), choose which interfaces should
# be used for gathering candidates, and enable or disable the
# internal libnice debugging, if needed.
nat: {
stun_server = "global-hpb.f7cloud.ru" # HAND-EDIT
stun_port = 5349 # HAND-EDIT PORT-EDIT (443)
nice_debug = false
full_trickle = true # HAND-EDIT
#ice_nomination = "regular"
#ice_keepalive_conncheck = true
#ice_lite = true
#ice_tcp = true
# By default Janus tries to resolve mDNS (.local) candidates: even
# though this is now done asynchronously and shouldn't keep the API
# busy, even in case mDNS resolution takes a long time to timeout,
# you can choose to drop all .local candidates instead, which is
# helpful in case you know clients will never be in the same private
# network as the one the Janus instance is running from. Notice that
# this will cause ICE to fail if mDNS is the only way to connect!
#ignore_mdns = true
# In case you're deploying Janus on a server which is configured with
# a 1:1 NAT (e.g., Amazon EC2), you might want to also specify the public
# address of the machine using the setting below. This will result in
# all host candidates (which normally have a private IP address) to
# be rewritten with the public address provided in the settings. As
# such, use the option with caution and only if you know what you're doing.
# Make sure you keep ICE Lite disabled, though, as it's not strictly
# speaking a publicly reachable server, and a NAT is still involved.
# If you'd rather keep the private IP address in place, rather than
# replacing it (and so have both of them as advertised candidates),
# then set the 'keep_private_host' property to true.
# Multiple public IP addresses can be specified as a comma separated list
# if the Janus is deployed in a DMZ between two 1-1 NAT for internal and
# external users.
#nat_1_1_mapping = "1.2.3.4"
#keep_private_host = true
# You can configure a TURN server in two different ways: specifying a
# statically configured TURN server, and thus provide the address of the
# TURN server, the transport (udp/tcp/tls) to use, and a set of valid
# credentials to authenticate. Notice that you should NEVER configure
# a TURN server for Janus unless it's really what you want! If you want
# *users* to use TURN, then you need to configure that on the client
# side, and NOT in Janus. The following TURN configuration should ONLY
# be enabled when Janus itself is sitting behind a restrictive firewall
# (e.g., it's part of a service installed on a box in a private home).
#turn_server = "myturnserver.com"
#turn_port = 3478
#turn_type = "udp"
#turn_user = "myuser"
#turn_pwd = "mypassword"
# You can also make use of the TURN REST API to get info on one or more
# TURN services dynamically. This makes use of the proposed standard of
# such an API (https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00)
# which is currently available in both rfc5766-turn-server and coturn.
# You enable this by specifying the address of your TURN REST API backend,
# the HTTP method to use (GET or POST) and, if required, the API key Janus
# must provide. The timeout can be configured in seconds, with a default of
# 10 seconds and a minimum of 1 second. Notice that the 'opaque_id' provided
# via Janus API will be used as the username for a specific PeerConnection
# by default; if that one is missing, the 'session_id' will be used as the
# username instead.
#turn_rest_api = "http://yourbackend.com/path/to/api"
turn_rest_api_key = "wU6fR0Eb0J4Aky5NuNeo3w==" # HAND-EDIT
#turn_rest_api_method = "GET"
#turn_rest_api_timeout = 10
# In case a TURN server is provided, you can allow applications to force
# Janus to use TURN (https://github.com/meetecho/janus-gateway/pull/2774).
# This is NOT allowed by default: only enable it if you know what you're doing.
#allow_force_relay = true
# You can also choose which interfaces should be explicitly used by the
# gateway for the purpose of ICE candidates gathering, thus excluding
# others that may be available. To do so, use the 'ice_enforce_list'
# setting and pass it a comma-separated list of interfaces or IP addresses
# to enforce. This is especially useful if the server hosting the gateway
# has several interfaces, and you only want a subset to be used. Any of
# the following examples are valid:
# ice_enforce_list = "eth0"
# ice_enforce_list = "eth0,eth1"
# ice_enforce_list = "eth0,192.168."
# ice_enforce_list = "eth0,192.168.0.1"
# By default, no interface is enforced, meaning Janus will try to use them all.
#ice_enforce_list = "eth0"
# In case you don't want to specify specific interfaces to use, but would
# rather tell Janus to use all the available interfaces except some that
# you don't want to involve, you can also choose which interfaces or IP
# addresses should be excluded and ignored by the gateway for the purpose
# of ICE candidates gathering. To do so, use the 'ice_ignore_list' setting
# and pass it a comma-separated list of interfaces or IP addresses to
# ignore. This is especially useful if the server hosting the gateway
# has several interfaces you already know will not be used or will simply
# always slow down ICE (e.g., virtual interfaces created by VMware).
# Partial strings are supported, which means that any of the following
# examples are valid:
# ice_ignore_list = "vmnet8,192.168.0.1,10.0.0.1"
# ice_ignore_list = "vmnet,192.168."
# Just beware that the ICE ignore list is not used if an enforce list
# has been configured. By default, Janus ignores all interfaces whose
# name starts with 'vmnet', to skip VMware interfaces:
ice_ignore_list = "vmnet"
# In case you want to allow Janus to start even if the configured STUN or TURN
# server is unreachable, you can set 'ignore_unreachable_ice_server' to true.
# WARNING: We do not recommend to ignore reachability problems, particularly
# if you run Janus in the cloud. Before enabling this flag, make sure your
# system is correctly configured and Janus starts after the network layer of
# your machine is ready. Note that Linux distributions offer such directives.
# You could use the following directive in systemd: 'After=network-online.target'
# https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=
#ignore_unreachable_ice_server = true
}
# You can choose which of the available plugins should be
# enabled or not. Use the 'disable' directive to prevent Janus from
# loading one or more plugins: use a comma separated list of plugin file
# names to identify the plugins to disable. By default all available
# plugins are enabled and loaded at startup.
plugins: {
#disable = "libjanus_voicemail.so,libjanus_recordplay.so"
}
# You can choose which of the available transports should be enabled or
# not. Use the 'disable' directive to prevent Janus from loading one
# or more transport: use a comma separated list of transport file names
# to identify the transports to disable. By default all available
# transports are enabled and loaded at startup.
transports: {
#disable = "libjanus_rabbitmq.so"
}
# As a core feature, Janus can log either on the standard output, or to
# a local file. Should you need more advanced logging functionality, you
# can make use of one of the custom loggers, or write one yourself. Use the
# 'disable' directive to prevent Janus from loading one or more loggers:
# use a comma separated list of logger file names to identify the loggers
# to disable. By default all available loggers are enabled and loaded at startup.
loggers: {
#disable = "libjanus_jsonlog.so"
}
# Event handlers allow you to receive live events from Janus happening
# in core and/or plugins. Since this can require some more resources,
# the feature is disabled by default. Setting broadcast to yes will
# enable them. You can then choose which of the available event handlers
# should be loaded or not. Use the 'disable' directive to prevent Janus
# from loading one or more event handlers: use a comma separated list of
# file names to identify the event handlers to disable. By default, if
# broadcast is set to yes all available event handlers are enabled and
# loaded at startup. Finally, you can choose how often media statistics
# (packets sent/received, losses, etc.) should be sent: by default it's
# once per second (audio and video statistics sent separately), but may
# considered too verbose, or you may want to limit the number of events,
# especially if you have many PeerConnections active. To change this,
# just set 'stats_period' to the number of seconds that should pass in
# between statistics for each handle. Setting it to 0 disables them (but
# not other media-related events). By default Janus sends single media
# statistic events per media (audio, video and simulcast layers as separate
# events): if you'd rather receive a single containing all media stats in a
# single array, set 'combine_media_stats' to true.
events: {
#broadcast = true
#combine_media_stats = true
#disable = "libjanus_sampleevh.so"
#stats_period = 5
}

16
overlay/etc/janus/janus.logger.jsonlog.jcfg Normal file
View File

@ -0,0 +1,16 @@
# This configures the JSON-based file logger. This is a very simple logger
# with no particular advantage over the existing, integrated, logging
# functionality Janus provides, and so it's configuration is quite basic
# as well: it's here mostly to provide a reference implementation for
# developers willing to provide additional, and more complex, external loggers.
general: {
enabled = false # By default the module is not enabled
json = "indented" # Since this logger simply writes each log line as
# a JSON object to a file, you can configure whether
# the JSON log lines should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
filename = "/tmp/janus-log.json" # Filename to save to
}

83
overlay/etc/janus/janus.plugin.audiobridge.jcfg Normal file
View File

@ -0,0 +1,83 @@
# room-<unique room ID>: {
# description = "This is my awesome room"
# is_private = true|false (whether this room should be in the public list, default=true)
# secret = "<optional password needed for manipulating (e.g. destroying) the room>"
# pin = "<optional password needed for joining the room>"
# sampling_rate = <sampling rate> (e.g., 16000 for wideband mixing)
# spatial_audio = true|false (if true, the mix will be stereo to spatially place users, default=false)
# audiolevel_ext = true|false (whether the ssrc-audio-level RTP extension must
# be negotiated/used or not for new joins, default=true)
# audiolevel_event = true|false (whether to emit event to other users or not, default=false)
# audio_active_packets = 100 (number of packets with audio level, default=100, 2 seconds)
# audio_level_average = 25 (average value of audio level, 127=muted, 0='too loud', default=25)
# default_prebuffering = number of packets to buffer before decoding each particiant (default=6)
# default_expectedloss = percent of packets we expect participants may miss, to help with FEC (default=0, max=20; automatically used for forwarders too)
# default_bitrate = default bitrate in bps to use for the all participants (default=0, which means libopus decides; automatically used for forwarders too)
# record = true|false (whether this room should be recorded, default=false)
# record_file = "/path/to/recording.wav" (where to save the recording)
# record_dir = "/path/to/" (path to save the recording to, makes record_file a relative path if provided)
# mjrs = true|false (whether all participants in the room should be individually recorded to mjr files, default=false)
# mjrs_dir = "/path/to/" (path to save the mjr files to)
# allow_rtp_participants = true|false (whether participants should be allowed to join
# via plain RTP as well, rather than just WebRTC, default=false)
# groups = optional, non-hierarchical, array of groups to tag participants, for external forwarding purposes only
#
# The following lines are only needed if you want the mixed audio
# to be automatically forwarded via plain RTP to an external component
# (e.g., an ffmpeg script, or a gstreamer pipeline) for processing
# By default plain RTP is used, SRTP must be configured if needed
# rtp_forward_id = numeric RTP forwarder ID for referencing it via API (optional: random ID used if missing)
# rtp_forward_host = "<host address to forward RTP packets of mixed audio to>"
# rtp_forward_host_family = "<ipv4|ipv6; by default, first family returned by DNS request>"
# rtp_forward_port = port to forward RTP packets of mixed audio to
# rtp_forward_ssrc = SSRC to use to use when streaming (optional: stream_id used if missing)
# rtp_forward_codec = opus (default), pcma (A-Law) or pcmu (mu-Law)
# rtp_forward_ptype = payload type to use when streaming (optional: only read for Opus, 100 used if missing)
# rtp_forward_group = group of participants to forward, if enabled in the room (optional: forwards full mix if missing)
# rtp_forward_srtp_suite = length of authentication tag (32 or 80)
# rtp_forward_srtp_crypto = "<key to use as crypto (base64 encoded key as in SDES)>"
# rtp_forward_always_on = true|false, whether silence should be forwarded when the room is empty (optional: false used if missing)
#}
general: {
#admin_key = "supersecret" # If set, rooms can be created via API only
# if this key is provided in the request
#lock_rtp_forward = true # Whether the admin_key above should be
# enforced for RTP forwarding requests too
#lock_play_file = true # Whether the admin_key above should be
# enforced for playing .opus files too
#record_tmp_ext = "tmp" # Optional temporary extension to add to filenames
# while recording: e.g., setting "tmp" would mean
# .wav --> .wav.tmp until the file is closed
#events = false # Whether events should be sent to event
# handlers (default=true)
# By default, integers are used as a unique ID for both rooms and participants.
# In case you want to use strings instead (e.g., a UUID), set string_ids to true.
#string_ids = true
# Normally, all AudioBridge participants will join by negotiating a WebRTC
# PeerConnection: the plugin also supports adding participants that will
# use plain RTP, though, be it for supporting legacy users (e.g., SIP
# participants who an orchestrator can add to the bridge) or more simply
# to temporarily inject external audio in a room from a live source. To
# support plain RTP, the plugin needs to have a range of ports it can bind
# to: notice this should be configured so that it doesn't conflict with other
# plugins (e.g., Streaming, SIP, NoSIP) and applications (e.g., Janus itself).
# The default if you don't specify anything is 10000-60000.
#rtp_port_range = "50000-60000"
# In case we need to support plain RTP participants, we'll also need to know
# what local IP address to bind to for media. If no address is set in the
# property below, then one will be automatically guessed from the system.
#local_ip = "1.2.3.4"
}
room-1234: {
description = "Demo Room"
secret = "adminpwd"
sampling_rate = 16000
record = false
#record_dir = "/path/to/"
#record_file = "recording.wav"
}

20
overlay/etc/janus/janus.plugin.duktape.jcfg Normal file
View File

@ -0,0 +1,20 @@
# The only things you configure in here are which JavaScipt file to load and,
# optionally, the paths to add for searching libraries and a configuration
# file, if the script will need it. For what concerns the libraries path,
# by default this configuration file adds a path to where the JS samples
# have been installed, as it contains a couple of helper libraries the
# samples use; should you be interested in adding more, just add other
# paths separated by a semicolon. Due to the syntax of the configuration
# file, make sure you escape all semicolons with a trailing slash, in case.
# The 'config' property is entirely script specific, instead: if your
# script will need to rely on an XML configuration file in its initialization,
# for instance, then set the 'config' property as the path to the file;
# it will be passed, as is, to your script in the init() call. None of
# the samples use this property, which is why it's commented out.
general: {
path = "/usr/share/janus/duktape"
script = "/usr/share/janus/duktape/echotest.js"
#script = "/usr/share/janus/duktape/videoroom.js"
#config = "/path/to/configfile"
}

5
overlay/etc/janus/janus.plugin.echotest.jcfg Normal file
View File

@ -0,0 +1,5 @@
# events = true|false, whether events should be sent to event handlers
general: {
#events = false
}

20
overlay/etc/janus/janus.plugin.lua.jcfg Normal file
View File

@ -0,0 +1,20 @@
# The only things you configure in here are which lua script to load and,
# optionally, the paths to add for searching libraries and a configuration
# file, if the script will need it. For what concerns the libraries path,
# by default this configuration file adds a path to where the Lua samples
# have been installed, as it contains a couple of helper libraries the
# samples use; should you be interested in adding more, just add other
# paths separated by a semicolon. Due to the syntax of the configuration
# file, make sure you escape all semicolons with a trailing slash, in case.
# The 'config' property is entirely script specific, instead: if your
# script will need to rely on an XML configuration file in its initialization,
# for instance, then set the 'config' property as the path to the file;
# it will be passed, as is, to your script in the init() call. None of
# the samples use this property, which is why it's commented out.
general: {
path = "/usr/share/janus/lua"
script = "/usr/share/janus/lua/echotest.lua"
#script = "/usr/share/janus/lua/videoroom.lua"
#config = "/path/to/configfile"
}

23
overlay/etc/janus/janus.plugin.nosip.jcfg Normal file
View File

@ -0,0 +1,23 @@
general: {
# Specify which local IP address to bind to for media.
# If not set it will be automatically guessed from the system
#local_ip = "1.2.3.4"
# Specify which (public) IP address to advertise in the SDP.
# If not set, the value above or anything autodetected will be used
#sdp_ip = "1.2.3.4"
# Range of ports to use for RTP/RTCP (default=10000-60000)
rtp_port_range = "20000-40000"
# Whether events should be sent to event handlers (default=true)
#events = false
# If you need DSCP packet marking and prioritization, you can configure
# the 'dscp_audio_rtp' and/or 'dscp_video_rtp' property to specific values,
# and the plugin will set it on all outgoing audio/video RTP packets.
# No packet marking is done if this parameter is undefined or equal to 0
#dscp_audio_rtp = 46
#dscp_video_rtp = 26
}

7
overlay/etc/janus/janus.plugin.recordplay.jcfg Normal file
View File

@ -0,0 +1,7 @@
# path = where to place recordings in the file system
# events = true|false, whether events should be sent to event handlers
general: {
path = "/usr/share/janus/recordings"
#events = false
}

55
overlay/etc/janus/janus.plugin.sip.jcfg Normal file
View File

@ -0,0 +1,55 @@
general: {
# Specify which local IP address to bind to for SIP stack.
# If not set it will be automatically guessed from the system
#local_ip = "1.2.3.4"
# Specify which local IP address to bind for the media stack.
# If not set it will be automatically set to the value of local_ip
#local_media_ip = "1.2.3.4"
# Specify which (public) IP address to advertise in the SDP.
# If not set, the value above or anything autodetected will be used
#sdp_ip = "1.2.3.4"
# Enable local keep-alives to keep the registration open. Keep-alives are
# sent in the form of OPTIONS requests, at the given interval inseconds.
# (0 to disable)
keepalive_interval = 120
# Indicate if the server is behind NAT. If so, the server will use STUN
# to guess its own public IP address and use it in the Contact header of
# outgoing requests
behind_nat = false
# User-Agent string to be used
# user_agent = "Cool WebRTC Gateway"
# Expiration time for registrations
register_ttl = 3600
# Range of ports to use for RTP/RTCP (default=10000-60000)
rtp_port_range = "20000-40000"
# Whether events should be sent to event handlers (default=true)
#events = false
# If you need DSCP packet marking and prioritization, you can configure
# the 'dscp_audio_rtp' and/or 'dscp_video_rtp' property to specific values,
# and the plugin will set it on all outgoing audio/video RTP packets.
# No packet marking is done if this parameter is undefined or equal to 0
#dscp_audio_rtp = 46
#dscp_video_rtp = 26
# In case you want to use SIPS for some sessions, Sofia may need to
# have access to a certificate to use: this is especially true for
# Sofia >= 1.13, which will fail to create the agent if no certificate
# is available. By default, Sofia looks for 'agent.pem' and 'cafile.pem'
# in the '$HOME/.sip/auth' folder, but you can specify a different
# one by uncommenting and setting the property below.
#sips_certs_dir = "/etc/sip/certs"
# Set the T1x64 timeout value (in milliseconds) used by the SIP transaction
# engine (default 32000 milliseconds)
sip_timer_t1x64 = 32000
}

323
overlay/etc/janus/janus.plugin.streaming.jcfg Normal file
View File

@ -0,0 +1,323 @@
# stream-name: {
# type = rtp|live|ondemand|rtsp
# rtp = stream originated by an external tool (e.g., gstreamer or
# ffmpeg) and sent to the plugin via RTP
# live = local file streamed live to multiple listeners
# (multiple listeners = same streaming context)
# ondemand = local file streamed on-demand to a single listener
# (multiple listeners = different streaming contexts)
# rtsp = stream originated by an external RTSP feed (only
# available if libcurl support was compiled)
# id = <unique numeric ID> (if missing, a random one will be generated)
# description = This is my awesome stream
# metadata = An optional string that can contain any metadata (e.g., JSON)
# associated with the stream you want users to receive
# is_private = true|false (private streams don't appear when you do a 'list'
# request)
# secret = <optional password needed for manipulating (e.g., destroying
# or enabling/disabling) the stream>
# pin = <optional password needed for watching the stream>
# filename = path to the local file to stream (only for live/ondemand)
# audio = true|false (do/don't stream audio)
# video = true|false (do/don't stream video)
# The following options are only valid for the 'rtp' type:
# data = true|false (do/don't stream text via datachannels)
# audioport = local port for receiving audio frames
# audiortcpport = local port, if any, for receiving and sending audio RTCP feedback
# audiomcast = multicast group port for receiving audio frames, if any
# audioiface = network interface or IP address to bind to, if any (binds to all otherwise)
# audiopt = <audio RTP payload type> (e.g., 111)
# audiocodec = name of the audio codec (e.g., opus)
# audioskew = true|false (whether the plugin should perform skew
# analisys and compensation on incoming audio RTP stream, EXPERIMENTAL)
# videoport = local port for receiving video frames
# videortcpport = local port, if any, for receiving and sending video RTCP feedback
# videomcast = multicast group port for receiving video frames, if any
# videoiface = network interface or IP address to bind to, if any (binds to all otherwise)
# videopt = <video RTP payload type> (e.g., 100)
# videocodec = name of the video codec (e.g., vp8)
# videobufferkf = true|false (whether the plugin should store the latest
# keyframe and send it immediately for new viewers, EXPERIMENTAL)
# videosimulcast = true|false (do|don't enable video simulcasting)
# videoport2 = second local port for receiving video frames (only for rtp, and simulcasting)
# videoport3 = third local port for receiving video frames (only for rtp, and simulcasting)
# videoskew = true|false (whether the plugin should perform skew
# analisys and compensation on incoming video RTP stream, EXPERIMENTAL)
# videosvc = true|false (whether the video will have SVC support; works only for VP9-SVC, default=false)
# collision = in case of collision (more than one SSRC hitting the same port), the plugin
# will discard incoming RTP packets with a new SSRC unless this many milliseconds
# passed, which would then change the current SSRC (0=disabled)
# dataport = local port for receiving data messages to relay
# dataiface = network interface or IP address to bind to, if any (binds to all otherwise)
# datatype = text|binary (type of data this mountpoint will relay, default=text)
# databuffermsg = true|false (whether the plugin should store the latest
# message and send it immediately for new viewers)
# threads = number of threads to assist with the relaying part, which can help
# if you expect a lot of viewers that may cause the RTP receiving part
# in the Streaming plugin to slow down and fail to catch up (default=0)
#
# In case you want to use SRTP for your RTP-based mountpoint, you'll need
# to configure the SRTP-related properties as well, namely the suite to
# use for hashing (32 or 80) and the crypto information for decrypting
# the stream (as a base64 encoded string the way SDES does it). Notice
# that with SRTP involved you'll have to pay extra attention to what you
# feed the mountpoint, as you may risk getting SRTP decrypt errors:
# srtpsuite = 32
# srtpcrypto = WbTBosdVUZqEb6Htqhn+m3z7wUh4RJVR8nE15GbN
#
# The Streaming plugin can also be used to (re)stream media that has been
# encrypted using something that can be consumed via Insertable Streams.
# In that case, we only need to be aware of it, so that we can send the
# info along with the SDP. How to decrypt the media is out of scope, and
# up to the application since, again, this is end-to-end encryption and
# so neither Janus nor the Streaming plugin have access to anything.
# DO NOT SET THIS PROPERTY IF YOU DON'T KNOW WHAT YOU'RE DOING!
# e2ee = true
#
# To allow mountpoints to negotiate the playout-delay RTP extension,
# you can set the 'playoutdelay_ext' property to true: this way, any
# subscriber can customize the playout delay of incoming video streams,
# assuming the browser supports the RTP extension in the first place.
# playoutdelay_ext = true
#
# The following options are only valid for the 'rtsp' type:
# url = RTSP stream URL (only for restreaming RTSP)
# rtsp_user = RTSP authorization username (only if type=rtsp)
# rtsp_pwd = RTSP authorization password (only if type=rtsp)
# rtsp_quirk = Some RTSP servers offer the stream using only the path, instead of the fully qualified URL.
# If set true, this boolean informs Janus that we should try a path-only DESCRIBE request if the initial request returns 404.
# rtsp_failcheck = whether an error should be returned if connecting to the RTSP server fails (default=true)
# rtspiface = network interface or IP address to bind to, if any (binds to all otherwise), when receiving RTSP streams
# rtsp_reconnect_delay = after n seconds passed and no media assumed, the RTSP server has gone and schedule a reconnect (default=5s)
# rtsp_session_timeout = by default the streaming plugin will check the RTSP connection with an OPTIONS query,
# the value of the timeout comes from the RTSP session initializer and by default
# this session timeout is the half of this value In some cases this value can be too high (for example more than one minute)
# because of the media server. In that case this plugin will calculate the timeout with this
# formula: timeout = min(session_timeout, rtsp_session_timeout / 2). (default=0s)
# rtsp_timeout = communication timeout (CURLOPT_TIMEOUT) for cURL call gathering the RTSP information (default=10s)
# rtsp_conn_timeout = connection timeout for cURL (CURLOPT_CONNECTTIMEOUT) call gathering the RTSP information (default=5s)
#
# Notice that, for 'rtsp' mountpoints, normally the plugin uses the exact
# SDP codec and fmtp attributes the remote camera or RTSP server sent.
# In case the values set remotely are known to conflict with WebRTC viewers,
# you can override both using the settings introduced above.
#
# To test the 'gstreamer-sample' example, check the test_gstreamer.sh
# script in the plugins/streams folder. The live and on-demand audio
# file streams, use a couple of files (radio.alaw, music.mulaw) that are
# provided in the plugins/streams folder.
#}
general: {
#admin_key = "supersecret" # If set, mountpoints can be created via API
# only if this key is provided in the request
#rtp_port_range = "20000-40000" # Range of ports to use for RTP/RTCP when '0' is
# passed as port for a mountpoint (default=10000-60000)
#events = false # Whether events should be sent to event
# handlers (default=true)
# By default, integers are used as a unique ID for both mountpoints. In case
# you want to use strings instead (e.g., a UUID), set string_ids to true.
#string_ids = true
}
#
# This is an example of an RTP source stream, which is what you'll need
# in the vast majority of cases: here, the Streaming plugin will bind to
# some ports, and expect media to be sent by an external source (e.g.,
# FFmpeg or Gstreamer). This sample listens on 5002 for audio (Opus) and
# 5004 for video (VP8), which is what the sample gstreamer script in the
# plugins/streams folder sends to. Whatever is sent to those ports will
# be the source of a WebRTC broadcast users can subscribe to.
#
rtp-sample: {
type = "rtp"
id = 1
description = "Opus/VP8 live stream coming from external source"
metadata = "You can use this metadata section to put any info you want!"
audio = true
video = true
audioport = 5002
audiopt = 111
audiocodec = "opus"
videoport = 5004
videopt = 100
videocodec = "vp8"
secret = "adminpwd"
}
#
# This is a better example that uses the new settings to configure a live
# mountpoint to send multiple streams of the same type at the same time:
# that is, not simulcasting, but different streams (e.g., two audio
# streams and two video streams). To do so, you don't set the audio,
# video and data properties inline, but use an array of properties instead,
# each identifying a single stream to add, that will then translate to
# a dedicated m-line in the SDP. For each stream, you specify the type,
# a unique ID (mid), and can provide a short description (label) so that
# the client side can know what's what when rendering the streams;
# optionally, a msid to add to the SDP m-line can be provided as well. Notice
# how the port/pt/codec/fmtp/etc. stuff is called just like that, without
# any audio/video/data prefix: in fact, each media stream can be configured
# the same way, and it's the type that allows us to differentiate them.
# As such, you can use the same approach for creating regular mountpoints
# as well (e.g., 1 audio and 1 video) in a much clearer, and cleaner, way.
#
multistream-test: {
type = "rtp"
id = 123
description = "Multistream test (1 audio, 2 video)"
metadata = "This is an example of a multistream mountpoint: you'll get an audio stream and two video feeds"
media = (
{
type = "audio"
mid = "a"
label = "Audio stream"
port = 5102
pt = 111
codec = "opus"
},
{
type = "video"
mid = "v1"
label = "Video stream #1"
port = 5104
pt = 100
codec = "vp8"
},
{
type = "video"
mid = "v2"
label = "Video stream #2"
port = 5106
pt = 100
codec = "vp8"
}
)
secret = "adminpwd"
}
#
# This is a sample of the file-based streaming support. Specifically,
# this simulates a radio broadcast by streaming (in a loop) raw a-Law
# (that is, G.711) frames. Since type is "live", anyone subscribing to
# this mountpoint will listen to the same broadcast as if it were live.
# Notice that file-based streaming supports Opus files too, but no video.
#
file-live-sample: {
type = "live"
id = 2
description = "a-law file source (radio broadcast)"
filename = "/usr/share/janus/streams/radio.alaw"
audio = true
video = false
secret = "adminpwd"
}
#
# This is another sample of the file-based streaming support, but using
# the "ondemand" type instead. In this case, the file we're streaming
# contains raw mu-Law (still G.711) frames. Since this is "ondemand",
# anyone subscribing to this mountpoint will listen to their own version
# of the stream, meaning that it will start from the beginning and then
# loop when it's over. On-demand streaming supports Opus files as well.
#
file-ondemand-sample: {
type = "ondemand"
id = 3
description = "mu-law file source (music)"
filename = "/usr/share/janus/streams/music.mulaw"
audio = true
video = false
secret = "adminpwd"
}
#
# All browsers also support H.264, often through Cisco's OpenH264 plugin.
# The only profile that is definitely supported is the baseline one, which
# means that if you try a higher one it might or might not work. No matter
# which profile you encode, though, you can put a custom one in the SDP if
# you override the fmtp SDP attribute via 'videofmtp'. The following is an
# example of how to create a simple H.264 mountpoint: you can feed it via
# an x264enc+rtph264pay pipeline in gstreamer, an ffmpeg script or other.
#
#h264-sample: {
#type = "rtp"
#id = 10
#description = "H.264 live stream coming from gstreamer"
#audio = false
#video = true
#videoport = 8004
#videopt = 126
#videocodec = "h264"
#videofmtp = "profile-level-id=42e01f;packetization-mode=1"
#secret = "adminpwd"
#}
#
# The Streaming plugin also supports the broadcasting of datachannel
# messages, either by themselves or along other audio/video streams (e.g.,
# to add a subtitle to a stream you're sending). The following is an
# example of how you can create a datachannel-only mountpoint: you can
# feed it with any tool that can send UDP datagrams, e.g., netcat.
# Notice that the 'rtp' type just indicates this is a live mountpoint:
# datachannel messages will be sent as usual, and not use RTP at all.
#
#data-example: {
#type = "rtp"
#id = 15
#description = "Datachannel stream from an UDP source"
#audio = false
#video = false
#data = true
#dataport = 5008
#datatype = "text"
#secret = "adminpwd"
#}
#
# This is a variation of the rtp-sample configuration for Opus/VP8 shown
# before, where multicast support is used to receive the streams. You
# need an external script to feed data on those ports, of course.
#
#rtp-multicast: {
#type = "rtp"
#id = 20
#description = "Opus/VP8 live multicast stream sample"
#audio = true
#video = true
#audioport = 5002
#audiomcast = "232.3.4.5"
#audiopt = 111
#audiocodec = "opus"
#videoport = 5004
#videomcast = "232.3.4.5"
#videopt = 100
#videocodec = "vp8"
#secret = "adminpwd"
#}
#
# This is a sample configuration for an RTSP stream: you can specify
# the url to connect to and whether or not authentication is needed
# using the url/rtsp_user/rtsp_pwd settings (but notice that digest
# authentication will only work if you installed libcurl >= 7.45.0)
# NOTE WELL: the plugin does NOT transcode, so the RTSP stream MUST be
# in a format the browser can digest (e.g., VP8 or H.264 baseline for video)
# Again, you can override payload type, codec and/or fmtp, if needed.
#
#rtsp-test: {
#type = "rtsp"
#id = 99
#description = "RTSP Test"
#audio = false
#video = true
#url = "rtsp://127.0.0.1:8554/unicast"
#rtsp_user = "username"
#rtsp_pwd = "password"
#secret = "adminpwd"
#rtsp_reconnect_delay = 5
#rtsp_session_timeout = 0
#rtsp_timeout = 10
#rtsp_conn_timeout = 5
#}

30
overlay/etc/janus/janus.plugin.textroom.jcfg Normal file
View File

@ -0,0 +1,30 @@
# room-<unique room ID>: {
# description = This is my awesome room
# is_private = true|false (whether this room should be in the public list, default=true)
# secret = <optional password needed for manipulating (e.g. destroying) the room>
# pin = <optional password needed for joining the room>
# history = <number of messages to store as a history, and send back to new participants (default=0, no history)>
# post = <optional backend to contact via HTTP post for all incoming messages>
#}
general: {
#admin_key = "supersecret" # If set, rooms can be created via API only
# if this key is provided in the request
json = "indented" # Whether the data channel JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
#events = false # Whether events should be sent to event
# handlers (default=true)
# By default, integers are used as a unique ID for rooms. In case you
# want to use strings instead (e.g., a UUID), set string_ids to true.
#string_ids = true
}
room-1234: {
description = "Demo Room"
# is_private = true
secret = "adminpwd"
# pin = "roompwd"
# history = 10
# post = "http://example.com/forward/here"
}

5
overlay/etc/janus/janus.plugin.videocall.jcfg Normal file
View File

@ -0,0 +1,5 @@
# events = true|false, whether events should be sent to event handlers
general: {
#events = false
}

95
overlay/etc/janus/janus.plugin.videoroom.jcfg Normal file
View File

@ -0,0 +1,95 @@
# room-<unique room ID>: {
# description = This is my awesome room
# is_private = true|false (whether this room should be in the public list, default=true)
# secret = <optional password needed for manipulating (e.g. destroying) the room>
# pin = <optional password needed for joining the room>
# require_pvtid = true|false (whether subscriptions are required to provide a valid private_id
# to associate with a publisher, default=false)
# signed_tokens = true|false (whether access to the room requires signed tokens; default=false,
# only works if signed tokens are used in the core as well)
# publishers = <max number of concurrent senders> (e.g., 6 for a video
# conference or 1 for a webinar)
bitrate = 5000000
# bitrate_cap = true|false (whether the above cap should act as a hard limit to
# dynamic bitrate changes by publishers; default=false, publishers can go beyond that)
fir_freq = 5
# audiocodec = opus|g722|pcmu|pcma|isac32|isac16 (audio codec(s) to force on publishers, default=opus
# can be a comma separated list in order of preference, e.g., opus,pcmu)
videocodec = vp9
# can be a comma separated list in order of preference, e.g., vp9,vp8,h264)
# vp9_profile = VP9-specific profile to prefer (e.g., "2" for "profile-id=2")
# h264_profile = H.264-specific profile to prefer (e.g., "42e01f" for "profile-level-id=42e01f")
# opus_fec = true|false (whether inband FEC must be negotiated; only works for Opus, default=true)
# opus_dtx = true|false (whether DTX must be negotiated; only works for Opus, default=false)
# video_svc = true|false (whether SVC support must be enabled; only works for VP9, default=false)
# audiolevel_ext = true|false (whether the ssrc-audio-level RTP extension must
# be negotiated/used or not for new publishers, default=true)
# audiolevel_event = true|false (whether to emit event to other users or not, default=false)
# audio_active_packets = 100 (number of packets with audio level, default=100, 2 seconds)
# audio_level_average = 25 (average value of audio level, 127=muted, 0='too loud', default=25)
# videoorient_ext = true|false (whether the video-orientation RTP extension must
# be negotiated/used or not for new publishers, default=true)
# playoutdelay_ext = true|false (whether the playout-delay RTP extension must
# be negotiated/used or not for new publishers, default=true)
# transport_wide_cc_ext = true|false (whether the transport wide CC RTP extension must be
# negotiated/used or not for new publishers, default=true)
# record = true|false (whether this room should be recorded, default=false)
# rec_dir = <folder where recordings should be stored, when enabled>
# lock_record = true|false (whether recording can only be started/stopped if the secret
# is provided, or using the global enable_recording request, default=false)
# notify_joining = true|false (optional, whether to notify all participants when a new
# participant joins the room. The Videoroom plugin by design only notifies
# new feeds (publishers), and enabling this may result extra notification
# traffic. This flag is particularly useful when enabled with require_pvtid
# for admin to manage listening only participants. default=false)
# require_e2ee = true|false (whether all participants are required to publish and subscribe
# using end-to-end media encryption, e.g., via Insertable Streams; default=false)
# dummy_publisher = true|false (whether a dummy publisher should be created in this room,
# with one separate m-line for each codec supported in the room; this is
# useful when there's a need to create subscriptions with placeholders
# for some or all m-lines, even when they aren't used yet; default=false)
# dummy_streams = in case dummy_publisher is set to true, array of codecs to offer,
# optionally with a fmtp attribute to match (codec/fmtp properties).
# If not provided, all codecs enabled in the room are offered, with no fmtp.
# Notice that the fmtp is parsed, and only a few codecs are supported.
#}
general: {
#admin_key = "supersecret" # If set, rooms can be created via API only
# if this key is provided in the request
#lock_rtp_forward = true # Whether the admin_key above should be
# enforced for RTP forwarding requests too
#events = false # Whether events should be sent to event
# handlers (default=true)
# By default, integers are used as a unique ID for both rooms and participants.
# In case you want to use strings instead (e.g., a UUID), set string_ids to true.
#string_ids = true
}
room-1234: {
description = "Demo Room"
secret = "adminpwd"
publishers = 6
bitrate = 128000
fir_freq = 10
#audiocodec = "opus"
#videocodec = "vp8"
record = false
#rec_dir = "/path/to/recordings-folder"
}
# This other demo room here is only there in case you want to play with
# the VP9 SVC support. Notice that you'll need a Chrome launched with
# the flag that enables that support, or otherwise you'll be using just
# plain VP9 (which is good if you want to test how this indeed affect
# what receivers will get, whether they're encoding SVC or not).
room-5678: {
description = "VP9-SVC Demo Room"
secret = "adminpwd"
publishers = 6
bitrate = 512000
fir_freq = 10
videocodec = "vp9"
video_svc = true
}

11
overlay/etc/janus/janus.plugin.voicemail.jcfg Normal file
View File

@ -0,0 +1,11 @@
# path = where to place recordings in the file system (should be in a
# properly configured web server, if you want the demo to work)
# base = base path to use when returning the recording URI (use this
# to make sure the file in the path you chose is reachable via HTTP)
# events = true|false, whether events should be sent to event handlers
general: {
path = "/usr/share/janus/demos/voicemail/"
base = "/voicemail/"
events = true
}

74
overlay/etc/janus/janus.transport.http.jcfg Normal file
View File

@ -0,0 +1,74 @@
# Web server stuff: whether any should be enabled, which ports they
# should use, whether security should be handled directly or demanded to
# an external application (e.g., web frontend) and what should be the
# base path for the Janus API protocol. Notice that by default
# all the web servers will try and bind on both IPv4 and IPv6: if you
# want to only bind to IPv4 addresses (e.g., because your system does not
# support IPv6), you should set the web server 'ip' property to '0.0.0.0'.
# To see debug logs from the HTTP server library, set 'mhd_debug'.
general: {
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
base_path = "/janus" # Base path to bind to in the web server (plain HTTP only)
http = true # Whether to enable the plain HTTP interface
port = 8088 # Web server HTTP port
interface = "lo" # HAND-EDIT # Whether we should bind this server to a specific interface only
#ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
https = false # Whether to enable HTTPS (default=false)
#secure_port = 8089 # Web server HTTPS port, if enabled
#secure_interface = "eth0" # Whether we should bind this server to a specific interface only
#secure_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
#acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
#mhd_connection_limit = 1020 # Open connections limit in libmicrohttpd (default=1020)
#mhd_debug = false # Ask libmicrohttpd to write warning and error messages to stderr (default=false)
}
# Janus can also expose an admin/monitor endpoint, to allow you to check
# which sessions are up, which handles they're managing, their current
# status and so on. This provides a useful aid when debugging potential
# issues in Janus. The configuration is pretty much the same as the one
# already presented above for the webserver stuff, as the API is very
# similar: choose the base bath for the admin/monitor endpoint (/admin
# by default), ports, etc. Besides, you can specify
# a secret that must be provided in all requests as a crude form of
# authorization mechanism, and partial or full source IPs if you want to
# limit access basing on IP addresses. For security reasons, this
# endpoint is disabled by default, enable it by setting admin_http=true.
admin: {
admin_base_path = "/admin" # Base path to bind to in the admin/monitor web server (plain HTTP only)
admin_http = false # Whether to enable the plain HTTP interface
admin_port = 7088 # Admin/monitor web server HTTP port
#admin_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
admin_https = false # Whether to enable HTTPS (default=false)
#admin_secure_port = 7889 # Admin/monitor web server HTTPS port, if enabled
#admin_secure_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_secure_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
#admin_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
# The HTTP servers created in Janus support CORS out of the box, but by
# default they return a wildcard (*) in the 'Access-Control-Allow-Origin'
# header. This works fine in most situations, except when we have to
# respond to a credential request (withCredentials=true in the XHR). If
# you need that, uncomment and set the 'allow_origin' below to specify
# what must be returned in 'Access-Control-Allow-Origin'. More details:
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
# In case you want to enforce the Origin validation, rather than leave
# it to browsers, you can set 'enforce_cors' to 'true' to have Janus
# return a '403 Forbidden' for all requests that don't comply.
cors: {
#allow_origin = "http://foo.example"
#enforce_cors = true
}
# Certificate and key to use for HTTPS, if enabled (and passphrase if needed).
# You can also disable insecure protocols and ciphers by configuring the
# 'ciphers' property accordingly (no limitation by default).
certificates: {
cert_pem = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
cert_key = "/etc/ssl/private/ssl-cert-snakeoil.key"
#cert_pwd = "secretpassphrase"
#ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}

59
overlay/etc/janus/janus.transport.mqtt.jcfg Normal file
View File

@ -0,0 +1,59 @@
# Configuration of the MQTT additional transport for the Janus API.
general: {
enabled = false # Whether the support must be enabled
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
url = "tcp://localhost:1883" # The connection URL of the MQTT broker: if you want
# to use SSL, make sure you type ssl:// instead of tcp://,
# and that you configure the SSL settings below
#mqtt_version = "3.1.1" # Protocol version. Available values: 3.1, 3.1.1 (default), 5.
#client_id = "guest" # Client identifier
#username = "guest" # Username to use to authenticate, if needed
#password = "guest" # Password to use to authenticate, if needed
#keep_alive_interval = 20 # Keep connection for N seconds
#cleansession = 0 # Clean session flag
#max_inflight = 10 # Maximum number of inflight messages
#max_buffered = 100 # Maximum number of buffered messages
#disconnect_timeout = 100 # Milliseconds to wait before destroying client
subscribe_topic = "to-janus" # Topic for incoming messages
#subscribe_qos = 1 # QoS for incoming messages
publish_topic = "from-janus" # Topic for outgoing messages
#publish_qos = 1 # QoS for outgoing messages
#ssl_enabled = true # Whether ssl support must be enabled
#verify_peer = true # Whether peer verification must be enabled
# Certificates to use when SSL support is enabled, if needed
#cacertfile = /path/to/cacert.pem
certfile = /etc/ssl/certs/ssl-cert-snakeoil.pem
keyfile = /etc/ssl/private/ssl-cert-snakeoil.key
# These options work with MQTT 5 only.
#vacuum_interval = 60 # Interval for removing old transaction states in seconds.
#proxy_transaction_user_properties = [] # Array of user property names to copy from the incoming message.
#add_transaction_user_properties = () # List of user property ["key", "value"] pairs to add.
}
admin: {
#admin_enabled = false # Whether the support must be enabled
subscribe_topic = "to-janus-admin" # Topic for incoming admin messages
#subscribe_qos = 1 # QoS for incoming admin messages
publish_topic = "from-janus-admin" # Topic for outgoing admin messages
#publish_qos = 1 # QoS for outgoing admin messages
}
status: {
enabled = false # Whether status messages must be enabled (default: false)
# Initial message sent to status topic. Nothing is being sent if not set.
#connect_message = "{\"online\": true}"
# Message sent after disconnect or as LWT. Nothing is being sent if not set.
#disconnect_message = "{\"online\": false}"
#topic = "status" # Status topic (default: "status")
#qos = 1 # QoS for status messages (default: 1)
#retain = false # Whether status messages should be retained (default: false)
}

29
overlay/etc/janus/janus.transport.nanomsg.jcfg Normal file
View File

@ -0,0 +1,29 @@
# You can also control a Janus instance using Nanomsg sockets. The only
# aspect you need to configure here is the address to use for the
# communication, and whether the address should be used to bind locally
# or to connect to a remote endpoint. Notice that the only supported
# pattern is NN_PAIR, so you'll only be able to have a single client
# controlling the API with this plugin. As usual, both Janus API and Admin
# API endpoints can be configured.
general: {
enabled = true # Whether to enable the Nanomsg interface
# for Janus API clients
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
#mode = "bind" # Whether we should 'bind' to the specified
# address (default), or connect to it if remote
address = "ipc:///tmp/janus.ipc" # Address to use (Janus API), refer
# to the Nanomsg documentation for more info
# on different transports you can use here
}
# As with other transport plugins, you can use Nanomsg to interact with
# the Admin API as well: in case you're interested in it, a different
# address needs to be provided.
admin: {
admin_enabled = false # Whether to enable the Nanomsg interface
# for Admin API clients
#admin_mode = "bind"
#admin_address = "ipc:///tmp/janus-admin.ipc"
}

23
overlay/etc/janus/janus.transport.pfunix.jcfg Normal file
View File

@ -0,0 +1,23 @@
# You can also control a Janus instance using Unix Sockets. The only
# aspect you need to configure here is the path of the Unix Sockets
# server. Notice that by default the interface is disabled, as you need
# to specify the path(s) to bind to for the API(s).
general: {
enabled = false # Whether to enable the Unix Sockets interface
# for Janus API clients
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
#path = "/path/to/ux-janusapi" # Path to bind to (Janus API)
#type = "SOCK_SEQPACKET" # SOCK_SEQPACKET (default) or SOCK_DGRAM?
}
# As with other transport plugins, you can use Unix Sockets to interact
# with the Admin API as well: in case you're interested in it, a different
# path needs to be provided.
admin: {
admin_enabled = false # Whether to enable the Unix Sockets interface
# for Admin API clients
#admin_path = "/path/to/ux-janusadmin" # Path to bind to (Admin API)
#admin_type = "SOCK_SEQPACKET" # SOCK_SEQPACKET (default) or SOCK_DGRAM?
}

64
overlay/etc/janus/janus.transport.rabbitmq.jcfg Normal file
View File

@ -0,0 +1,64 @@
# Configuration of the RabbitMQ additional transport for the Janus API.
# This is only useful when you're wrapping Janus requests in your server
# application, and handling the communication with clients your own way.
# At the moment, only a single "application" can be handled at the same
# time, meaning that Janus won't implement multiple queues to handle
# multiple concurrent "application servers" taking advantage of its
# features. Support for this is planned, though (e.g., through some kind
# of negotiation to create queues on the fly). Right now, you can only
# configure the address of the RabbitMQ server to use, and the queues to
# make use of to receive (to-janus) and send (from-janus) messages
# from/to an external application. If you're using the same RabbitMQ
# server instance for multiple Janus instances, make sure you configure
# different queues for each of them (e.g., from-janus-1/to-janus-1 and
# from-janus-2/to-janus-2), or otherwise both the instances will make
# use of the same queues and messages will get lost. The integration
# is disabled by default, so set enabled=true if you want to use it.
general: {
enabled = false # Whether the support must be enabled
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
host = "localhost" # The address of the RabbitMQ server
#port = 5672 # The port of the RabbitMQ server (5672 by default)
#username = "guest" # Username to use to authenticate, if needed
#password = "guest" # Password to use to authenticate, if needed
#vhost = "/" # Virtual host to specify when logging in, if needed
#janus_exchange = "janus-exchange" # Exchange for outgoing messages, using default if not provided
#janus_exchange_type = "fanout" # Rabbitmq exchange_type can be one of the available types: direct, topic, headers and fanout (fanout by defualt).
#queue_name = "janus-gateway" # Queue name for incoming messages (if set and janus_exchange_type is topic/direct, to_janus will be the routing key the queue is bound to the exchange on)
to_janus = "to-janus" # Name of the queue for incoming messages if queue_name isn't set, otherwise, the routing key that queue_name is bound to
from_janus = "from-janus" # Routing key of the message sent from janus (as well as the name of the outgoing queue if declare_outgoing_queue = true)
#declare_outgoing_queue = true # By default (for backwards compatibility), we declare an outgoing queue. Set this to false to disable that behavior
#queue_durable = false # Whether or not incoming queue should remain after a RabbitMQ reboot
#queue_autodelete = false # Whether or not incoming queue should autodelete after janus disconnects from RabbitMQ
#queue_exclusive = false # Whether or not incoming queue should only allow one subscriber
#heartbeat = 60 # Defines the seconds without communication that should pass before considering the TCP connection unreachable.
#ssl_enabled = false # Whether ssl support must be enabled
#ssl_verify_peer = true # Whether peer verification must be enabled
#ssl_verify_hostname = true # Whether hostname verification must be enabled
# Certificates to use when SSL support is enabled, if needed
#ssl_cacert = "/path/to/cacert.pem"
ssl_cert = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
ssl_key = "/etc/ssl/private/ssl-cert-snakeoil.key"
}
# If you want to expose the Admin API via RabbitMQ as well, you need to
# specify a different set of queues, as you cannot mix Janus API and
# Admin API messaging. The same RabbitMQ server is supposed to be used.
# Notice that by default the Admin API support via RabbitMQ is disabled.
admin: {
#admin_enabled = false # Whether the support must be enabled
#queue_name_admin = "janus-gateway-admin" # Queue name for incoming admin messages (if set and janus_exchange_type is topic/direct, to_janus_admin will be the the routing key the queue is bound to the exchange on)
#to_janus_admin = "to-janus-admin" # Name of the queue for incoming messages if queue_name_admin isn't set, otherwise, the routing key that queue_name_admin is bound to
#from_janus_admin = "from-janus-admin" # Routing key of the message sent from janus (as well as the name of the outgoing queue if declare_outgoing_queue_admin = true)
#declare_outgoing_queue_admin = true # By default (for backwards compatibility), we declare an outgoing queue. Set this to false to disable that behavior
#queue_durable_admin = false # Whether or not incoming queue should remain after a RabbitMQ reboot
#queue_autodelete_admin = false # Whether or not incoming queue should autodelete after janus disconnects from RabbitMQ
#queue_exclusive_admin = false # Whether or not incoming queue should only allow one subscriber
}

68
overlay/etc/janus/janus.transport.websockets.jcfg Normal file
View File

@ -0,0 +1,68 @@
# WebSockets stuff: whether they should be enabled, which ports they
# should use, and so on.
general: {
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
#pingpong_trigger = 30 # After how many seconds of idle, a PING should be sent
#pingpong_timeout = 10 # After how many seconds of not getting a PONG, a timeout should be detected
ws = true # Whether to enable the WebSockets API
ws_port = 8188 # WebSockets server port
ws_interface = "lo" # HAND-EDIT # Whether we should bind this server to a specific interface only
#ws_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#ws_unix = "/run/ws.sock" # Use WebSocket server over UNIX socket instead of TCP
wss = false # Whether to enable secure WebSockets
#wss_port = 8989 # WebSockets server secure port, if enabled
#wss_interface = "eth0" # Whether we should bind this server to a specific interface only
#wss_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#wss_unix = "/run/wss.sock" # Use WebSocket server over UNIX socket instead of TCP
#ws_logging = "err,warn" # libwebsockets debugging level as a comma separated list of things
# to debug, supported values: err, warn, notice, info, debug, parser,
# header, ext, client, latency, user, count (plus 'none' and 'all')
#ws_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
# If you want to expose the Admin API via WebSockets as well, you need to
# specify a different server instance, as you cannot mix Janus API and
# Admin API messaging. Notice that by default the Admin API support via
# WebSockets is disabled.
admin: {
admin_ws = false # Whether to enable the Admin API WebSockets API
admin_ws_port = 7188 # Admin API WebSockets server port, if enabled
#admin_ws_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_ws_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#admin_ws_unix = "/run/aws.sock" # Use WebSocket server over UNIX socket instead of TCP
admin_wss = false # Whether to enable the Admin API secure WebSockets
#admin_wss_port = 7989 # Admin API WebSockets server secure port, if enabled
#admin_wss_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_wss_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#admin_wss_unix = "/run/awss.sock" # Use WebSocket server over UNIX socket instead of TCP
#admin_ws_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
# The HTTP servers created in Janus support CORS out of the box, but by
# default they return a wildcard (*) in the 'Access-Control-Allow-Origin'
# header. This works fine in most situations, except when we have to
# respond to a credential request (withCredentials=true in the XHR). If
# you need that, uncomment and set the 'allow_origin' below to specify
# what must be returned in 'Access-Control-Allow-Origin'. More details:
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
# In case you want to enforce the Origin validation, rather than leave
# it to browsers, you can set 'enforce_cors' to 'true' to have Janus
# return a '403 Forbidden' for all requests that don't comply.
cors: {
#allow_origin = "http://foo.example"
#enforce_cors = true
}
# Certificate and key to use for any secure WebSocket server, if enabled (and passphrase if needed).
# You can also disable insecure protocols and ciphers by configuring the
# 'ciphers' property accordingly (no limitation by default).
# Examples of recommended cipher strings at https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html
certificates: {
cert_pem = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
cert_key = "/etc/ssl/private/ssl-cert-snakeoil.key"
#cert_pwd = "secretpassphrase"
#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}

2
overlay/etc/nats-server.conf Normal file
View File

@ -0,0 +1,2 @@
host: 127.0.0.1
port: 4222

BIN
overlay/usr/bin/turnserver Executable file
View File

Binary file not shown.

BIN
overlay/usr/sbin/nats-server Executable file
View File

Binary file not shown.