· 5 years ago · Sep 09, 2020, 11:30 AM
1# Web server stuff: whether any should be enabled, which ports they
2# should use, whether security should be handled directly or demanded to
3# an external application (e.g., web frontend) and what should be the
4# base path for the Janus API protocol. Notice that by default
5# all the web servers will try and bind on both IPv4 and IPv6: if you
6# want to only bind to IPv4 addresses (e.g., because your system does not
7# support IPv6), you should set the web server 'ip' property to '0.0.0.0'.
8general: {
9 #events = true # Whether to notify event handlers about transport events (default=true)
10 json = "indented" # Whether the JSON messages should be indented (default),
11 # plain (no indentation) or compact (no indentation and no spaces)
12 base_path = "/janus-media-server" # Base path to bind to in the web server (plain HTTP only)
13 http = true # Whether to enable the plain HTTP interface
14 port = 8088 # Web server HTTP port
15 #interface = "eth0" # Whether we should bind this server to a specific interface only
16 #ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
17 https = false # Whether to enable HTTPS (default=false)
18 #secure_port = 8089 # Web server HTTPS port, if enabled
19 #secure_interface = "eth0" # Whether we should bind this server to a specific interface only
20 #secure_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
21 #acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
22}
23
24# Janus can also expose an admin/monitor endpoint, to allow you to check
25# which sessions are up, which handles they're managing, their current
26# status and so on. This provides a useful aid when debugging potential
27# issues in Janus. The configuration is pretty much the same as the one
28# already presented above for the webserver stuff, as the API is very
29# similar: choose the base bath for the admin/monitor endpoint (/admin
30# by default), ports, etc. Besides, you can specify
31# a secret that must be provided in all requests as a crude form of
32# authorization mechanism, and partial or full source IPs if you want to
33# limit access basing on IP addresses. For security reasons, this
34# endpoint is disabled by default, enable it by setting admin_http=true.
35admin: {
36 admin_base_path = "/admin" # Base path to bind to in the admin/monitor web server (plain HTTP only)
37 admin_http = false # Whether to enable the plain HTTP interface
38 admin_port = 7088 # Admin/monitor web server HTTP port
39 #admin_interface = "eth0" # Whether we should bind this server to a specific interface only
40 #admin_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
41 admin_https = false # Whether to enable HTTPS (default=false)
42 #admin_secure_port = 7889 # Admin/monitor web server HTTPS port, if enabled
43 #admin_secure_interface = "eth0" # Whether we should bind this server to a specific interface only
44 #admin_secure_ip = "192.168.0.1 # Whether we should bind this server to a specific IP address (v4 or v6) only
45 #admin_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
46}
47
48# The HTTP servers created in Janus support CORS out of the box, but by
49# default they return a wildcard (*) in the 'Access-Control-Allow-Origin'
50# header. This works fine in most situations, except when we have to
51# respond to a credential request (withCredentials=true in the XHR). If
52# you need that, uncomment and set the 'allow_origin' below to specify
53# what must be returned in 'Access-Control-Allow-Origin'. More details:
54# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
55cors: {
56 #allow_origin = "http://foo.example"
57}
58
59# Certificate and key to use for HTTPS, if enabled (and passphrase if needed).
60# You can also disable insecure protocols and ciphers by configuring the
61# 'ciphers' property accordingly (no limitation by default).
62certificates: {
63 #cert_pem = "/path/to/cert.pem"
64 #cert_key = "/path/to/key.pem"
65 #cert_pwd = "secretpassphrase"
66 #ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
67 cert_pem = "/etc/letsencrypt/live/internetcompania.org/cert.pem"
68 cert_key = "/etc/letsencrypt/live/internetcompania.org/privkey.pem"
69}
70