From d8ebd940d2040aae0f4a3c197d1e41373e704580 Mon Sep 17 00:00:00 2001 From: marcus Date: Fri, 25 Nov 2022 12:08:29 +0100 Subject: [PATCH] =?UTF-8?q?=E2=80=9Esrc/janus/janus.jcfg=E2=80=9C=20hinzuf?= =?UTF-8?q?=C3=BCgen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/janus/janus.jcfg | 399 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 399 insertions(+) create mode 100644 src/janus/janus.jcfg diff --git a/src/janus/janus.jcfg b/src/janus/janus.jcfg new file mode 100644 index 0000000..859ce25 --- /dev/null +++ b/src/janus/janus.jcfg @@ -0,0 +1,399 @@ +# General configuration: folders where the configuration and the plugins +# can be found, how output should be logged, whether Janus should run as +# a daemon or in foreground, default interface to use, debug/logging level +# and, if needed, shared apisecret and/or token authentication mechanism +# between application(s) and Janus. +general: { + configs_folder = "/etc/janus" # Configuration files folder + plugins_folder = "/usr/lib/x86_64-linux-gnu/janus/plugins" # Plugins folder + transports_folder = "/usr/lib/x86_64-linux-gnu/janus/transports" # Transports folder + events_folder = "/usr/lib/x86_64-linux-gnu/janus/events" # Event handlers folder + loggers_folder = "/usr/lib/x86_64-linux-gnu/janus/loggers" # External loggers folder + + # The next settings configure logging + #log_to_stdout = false # Whether the Janus output should be written + # to stdout or not (default=true) + #log_to_file = "/path/to/janus.log" # Whether to use a log file or not + debug_level = 4 # Debug/logging level, valid values are 0-7 + #debug_timestamps = true # Whether to show a timestamp for each log line + #debug_colors = false # Whether colors should be disabled in the log + #debug_locks = true # Whether to enable debugging of locks (very verbose!) + #log_prefix = "[janus] " # In case you want log lines to be prefixed by some + # custom text, you can use the 'log_prefix' property. + # It supports terminal colors, meaning something like + # "[\x1b[32mjanus\x1b[0m] " would show a green "janus" + # string in square brackets (assuming debug_colors=true). + + # This is what you configure if you want to launch Janus as a daemon + #daemonize = true # Whether Janus should run as a daemon + # or not (default=run in foreground) + #pid_file = "/path/to/janus.pid" # PID file to create when Janus has been + # started, and to destroy at shutdown + + # There are different ways you can authenticate the Janus and Admin APIs + #api_secret = "janusrocks" # String that all Janus requests must contain + # to be accepted/authorized by the Janus core. + # Useful if you're wrapping all Janus API requests + # in your servers (that is, not in the browser, + # where you do the things your way) and you + # don't want other application to mess with + # this Janus instance. + #token_auth = true # Enable a token based authentication + # mechanism to force users to always provide + # a valid token in all requests. Useful if + # you want to authenticate requests from web + # users. + #token_auth_secret = "janus" # Use HMAC-SHA1 signed tokens (with token_auth). Note that + # without this, the Admin API MUST + # be enabled, as tokens are added and removed + # through messages sent there. + admin_secret = "janusoverlord" # String that all Janus requests must contain + # to be accepted/authorized by the admin/monitor. + # only needed if you enabled the admin API + # in any of the available transports. + + # Generic settings + #interface = "1.2.3.4" # Interface to use (will be used in SDP) + #server_name = "MyJanusInstance"# Public name of this Janus instance + # as it will appear in an info request + #session_timeout = 60 # How long (in seconds) we should wait before + # deciding a Janus session has timed out. A + # session times out when no request is received + # for session_timeout seconds (default=60s). + # Setting this to 0 will disable the timeout + # mechanism, which is NOT suggested as it may + # risk having orphaned sessions (sessions not + # controlled by any transport and never freed). + # To avoid timeouts, keep-alives can be used. + #candidates_timeout = 45 # How long (in seconds) we should keep hold of + # pending (trickle) candidates before discarding + # them (default=45s). Notice that setting this + # to 0 will NOT disable the timeout, but will + # be considered an invalid value and ignored. + #reclaim_session_timeout = 0 # How long (in seconds) we should wait for a + # janus session to be reclaimed after the transport + # is gone. After the transport is gone, a session + # times out when no request is received for + # reclaim_session_timeout seconds (default=0s). + # Setting this to 0 will disable the timeout + # mechanism, and sessions will be destroyed immediately + # if the transport is gone. + #recordings_tmp_ext = "tmp" # The extension for recordings, in Janus, is + # .mjr, a custom format we devised ourselves. + # By default, we save to .mjr directly. If you'd + # rather the recording filename have a temporary + # extension while it's being saved, and only + # have the .mjr extension when the recording + # is over (e.g., to automatically trigger some + # external scripts), then uncomment and set the + # recordings_tmp_ext property to the extension + # to add to the base (e.g., tmp --> .mjr.tmp). + #event_loops = 8 # By default, Janus handles each have their own + # event loop and related thread for all the media + # routing and management. If for some reason you'd + # rather limit the number of loop/threads, and + # you want handles to share those, you can do that + # configuring the event_loops property: this will + # spawn the specified amount of threads at startup, + # run a separate event loop on each of them, and + # add new handles to one of them when attaching. + # Notice that, while cutting the number of threads + # and possibly reducing context switching, this + # might have an impact on the media delivery, + # especially if the available loops can't take + # care of all the handles and their media in time. + # As such, if you want to use this you should + # provision the correct value according to the + # available resources (e.g., CPUs available). + #opaqueid_in_api = true # Opaque IDs set by applications are typically + # only passed to event handlers for correlation + # purposes, but not sent back to the user or + # application in the related Janus API responses + # or events; in case you need them to be in the + # Janus API too, set this property to 'true'. + #hide_dependencies = true # By default, a call to the "info" endpoint of + # either the Janus or Admin API now also returns + # the versions of the main dependencies (e.g., + # libnice, libsrtp, which crypto library is in + # use and so on). Should you want that info not + # to be disclose, set 'hide_dependencies' to true. + + # The following is ONLY useful when debugging RTP/RTCP packets, + # e.g., to look at unencrypted live traffic with a browser. By + # default it is obviously disabled, as WebRTC mandates encryption. + #no_webrtc_encryption = true + + # Janus provides ways via its API to specify custom paths to save + # files to (e.g., recordings, pcap captures and the like). In order + # to avoid people can mess with folders they're not supposed to, + # you can configure an array of folders that Janus should prevent + # creating files in. If the 'protected_folder' property below is + # commented, no folder is protected. + # Notice that at the moment this only covers attempts to start + # an .mjr recording and pcap/text2pcap packet captures. + protected_folders = [ + "/bin", + "/boot", + "/dev", + "/etc", + "/initrd", + "/lib", + "/lib32", + "/lib64", + "/proc", + "/sbin", + "/sys", + "/usr", + "/var", + # We add what are usually the folders Janus is installed to + # as well: we don't just put "/opt/janus" because that would + # include folders like "/opt/janus/share" that is where + # recordings might be saved to by some plugins + "/opt/janus/bin", + "/opt/janus/etc", + "/opt/janus/include", + "/opt/janus/lib", + "/opt/janus/lib32", + "/opt/janus/lib64", + "/opt/janus/sbin" + ] +} + +# Certificate and key to use for DTLS (and passphrase if needed). If missing, +# Janus will autogenerate a self-signed certificate to use. Notice that +# self-signed certificates are fine for the purpose of WebRTC DTLS +# connectivity, for the time being, at least until Identity Providers +# are standardized and implemented in browsers. If for some reason you +# want to enforce the DTLS stack in Janus to enforce valid certificates +# from peers, though, you can do that setting 'dtls_accept_selfsigned' to +# 'false' below: DO NOT TOUCH THAT IF YOU DO NOT KNOW WHAT YOU'RE DOING! +# You can also configure the DTLS ciphers to offer: the default if not +# set is "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK" +# Finally, by default NIST P-256 certificates are generated (see #1997), +# but RSA generation is still supported if you set 'rsa_private_key' to 'true'. +certificates: { + #cert_pem = "/etc/ssl/certs/ssl-cert-snakeoil.pem" + #cert_key = "/etc/ssl/private/ssl-cert-snakeoil.key" + #cert_pwd = "secretpassphrase" + #dtls_accept_selfsigned = false + #dtls_ciphers = "your-desired-openssl-ciphers" + #rsa_private_key = false +} + +# Media-related stuff: you can configure whether if you want +# to enable IPv6 support, the minimum size of the NACK queue (in ms, +# defaults to 200ms) for retransmissions no matter the RTT, the range of +# ports to use for RTP and RTCP (by default, no range is envisaged), the +# starting MTU for DTLS (1200 by default, it adapts automatically), +# how much time, in seconds, should pass with no media (audio or +# video) being received before Janus notifies you about this (default=1s, +# 0 disables these events entirely), how many lost packets should trigger +# a 'slowlink' event to users (default=4), and how often, in milliseconds, +# to send the Transport Wide Congestion Control feedback information back +# to senders, if negotiated (default=200ms). Finally, if you're using BoringSSL +# you can customize the frequency of retransmissions: OpenSSL has a fixed +# value of 1 second (the default), while BoringSSL can override that. Notice +# that lower values (e.g., 100ms) will typically get you faster connection +# times, but may not work in case the RTT of the user is high: as such, +# you should pick a reasonable trade-off (usually 2*max expected RTT). +media: { + ipv6 = true + #min_nack_queue = 500 + rtp_port_range = "" + #dtls_mtu = 1200 + #no_media_timer = 1 + #slowlink_threshold = 4 + #twcc_period = 100 + #dtls_timeout = 500 + + # Janus can do some optimizations on the NACK queue, specifically when + # keyframes are involved. Namely, you can configure Janus so that any + # time a keyframe is sent to a user, the NACK buffer for that connection + # is emptied. This allows Janus to ignore NACK requests for packets + # sent shortly before the keyframe was sent, since it can be assumed + # that the keyframe will restore a complete working image for the user + # anyway (which is the main reason why video retransmissions are typically + # required). While this optimization is known to work fine in most cases, + # it can backfire in some edge cases, and so is disabled by default. + #nack_optimizations = true + + # If you need DSCP packet marking and prioritization, you can configure + # the 'dscp' property to a specific values, and Janus will try to + # set it on all outgoing packets using libnice. Normally, the specs + # suggest to use different values depending on whether audio, video + # or data are used, but since all PeerConnections in Janus are bundled, + # we can only use one. You can refer to this document for more info: + # https://tools.ietf.org/html/draft-ietf-tsvwg-rtcweb-qos-18#page-6 + # That said, DON'T TOUCH THIS IF YOU DON'T KNOW WHAT IT MEANS! + #dscp = 46 +} + +# NAT-related stuff: specifically, you can configure the STUN/TURN +# servers to use to gather candidates if the gateway is behind a NAT, +# and srflx/relay candidates are needed. In case STUN is not enough and +# this is needed (it shouldn't), you can also configure Janus to use a +# TURN server# please notice that this does NOT refer to TURN usage in +# browsers, but in the gathering of relay candidates by Janus itself, +# e.g., if you want to limit the ports used by a Janus instance on a +# private machine. Furthermore, you can choose whether Janus should be +# configured to do full-trickle (Janus also trickles its candidates to +# users) rather than the default half-trickle (Janus supports trickle +# candidates from users, but sends its own within the SDP), and whether +# it should work in ICE-Lite mode (by default it doesn't). Finally, +# you can also enable ICE-TCP support (beware that this may lead to problems +# if you do not enable ICE Lite as well), choose which interfaces should +# be used for gathering candidates, and enable or disable the +# internal libnice debugging, if needed. +nat: { + #stun_server = "stun.voip.eutelia.it" + #stun_port = 3478 + nice_debug = false + #full_trickle = true + #ice_lite = true + #ice_tcp = true + + # By default Janus tries to resolve mDNS (.local) candidates: even + # though this is now done asynchronously and shouldn't keep the API + # busy, even in case mDNS resolution takes a long time to timeout, + # you can choose to drop all .local candidates instead, which is + # helpful in case you know clients will never be in the same private + # network as the one the Janus instance is running from. Notice that + # this will cause ICE to fail if mDNS is the only way to connect! + #ignore_mdns = true + + # In case you're deploying Janus on a server which is configured with + # a 1:1 NAT (e.g., Amazon EC2), you might want to also specify the public + # address of the machine using the setting below. This will result in + # all host candidates (which normally have a private IP address) to + # be rewritten with the public address provided in the settings. As + # such, use the option with caution and only if you know what you're doing. + # Make sure you keep ICE Lite disabled, though, as it's not strictly + # speaking a publicly reachable server, and a NAT is still involved. + # If you'd rather keep the private IP address in place, rather than + # replacing it (and so have both of them as advertised candidates), + # then set the 'keep_private_host' property to true. + # Multiple public IP addresses can be specified as a comma separated list + # if the Janus is deployed in a DMZ between two 1-1 NAT for internal and + # external users. + #nat_1_1_mapping = "1.2.3.4" + #keep_private_host = true + + # You can configure a TURN server in two different ways: specifying a + # statically configured TURN server, and thus provide the address of the + # TURN server, the transport (udp/tcp/tls) to use, and a set of valid + # credentials to authenticate... + turn_server = "" + turn_port = 3478 + turn_type = "udp" + #turn_user = "myuser" + #turn_pwd = "mypassword" + + # ... or you can make use of the TURN REST API to get info on one or more + # TURN services dynamically. This makes use of the proposed standard of + # such an API (https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00) + # which is currently available in both rfc5766-turn-server and coturn. + # You enable this by specifying the address of your TURN REST API backend, + # the HTTP method to use (GET or POST) and, if required, the API key Janus + # must provide. The timeout can be configured in seconds, with a default of + # 10 seconds and a minimum of 1 second. Notice that the 'opaque_id' provided + # via Janus API will be used as the username for a specific PeerConnection + # by default; if that one is missing, the 'session_id' will be used as the + # username instead. + #turn_rest_api = "http://yourbackend.com/path/to/api" + turn_rest_api_key = "" + #turn_rest_api_method = "GET" + #turn_rest_api_timeout = 10 + + # You can also choose which interfaces should be explicitly used by the + # gateway for the purpose of ICE candidates gathering, thus excluding + # others that may be available. To do so, use the 'ice_enforce_list' + # setting and pass it a comma-separated list of interfaces or IP addresses + # to enforce. This is especially useful if the server hosting the gateway + # has several interfaces, and you only want a subset to be used. Any of + # the following examples are valid: + # ice_enforce_list = "eth0" + # ice_enforce_list = "eth0,eth1" + # ice_enforce_list = "eth0,192.168." + # ice_enforce_list = "eth0,192.168.0.1" + # By default, no interface is enforced, meaning Janus will try to use them all. + ice_enforce_list = "" + + # In case you don't want to specify specific interfaces to use, but would + # rather tell Janus to use all the available interfaces except some that + # you don't want to involve, you can also choose which interfaces or IP + # addresses should be excluded and ignored by the gateway for the purpose + # of ICE candidates gathering. To do so, use the 'ice_ignore_list' setting + # and pass it a comma-separated list of interfaces or IP addresses to + # ignore. This is especially useful if the server hosting the gateway + # has several interfaces you already know will not be used or will simply + # always slow down ICE (e.g., virtual interfaces created by VMware). + # Partial strings are supported, which means that any of the following + # examples are valid: + # ice_ignore_list = "vmnet8,192.168.0.1,10.0.0.1" + # ice_ignore_list = "vmnet,192.168." + # Just beware that the ICE ignore list is not used if an enforce list + # has been configured. By default, Janus ignores all interfaces whose + # name starts with 'vmnet', to skip VMware interfaces: + ice_ignore_list = "vmnet" + + # In case you want to allow Janus to start even if the configured STUN or TURN + # server is unreachable, you can set 'ignore_unreachable_ice_server' to true. + # WARNING: We do not recommend to ignore reachability problems, particularly + # if you run Janus in the cloud. Before enabling this flag, make sure your + # system is correctly configured and Janus starts after the network layer of + # your machine is ready. Note that Linux distributions offer such directives. + # You could use the following directive in systemd: 'After=network-online.target' + # https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before= + #ignore_unreachable_ice_server = true +} + +# You can choose which of the available plugins should be +# enabled or not. Use the 'disable' directive to prevent Janus from +# loading one or more plugins: use a comma separated list of plugin file +# names to identify the plugins to disable. By default all available +# plugins are enabled and loaded at startup. +plugins: { + #disable = "libjanus_voicemail.so,libjanus_recordplay.so" +} + +# You can choose which of the available transports should be enabled or +# not. Use the 'disable' directive to prevent Janus from loading one +# or more transport: use a comma separated list of transport file names +# to identify the transports to disable. By default all available +# transports are enabled and loaded at startup. +transports: { + #disable = "libjanus_rabbitmq.so" +} + +# As a core feature, Janus can log either on the standard output, or to +# a local file. Should you need more advanced logging functionality, you +# can make use of one of the custom loggers, or write one yourself. Use the +# 'disable' directive to prevent Janus from loading one or more loggers: +# use a comma separated list of logger file names to identify the loggers +# to disable. By default all available loggers are enabled and loaded at startup. +loggers: { + #disable = "libjanus_jsonlog.so" +} + +# Event handlers allow you to receive live events from Janus happening +# in core and/or plugins. Since this can require some more resources, +# the feature is disabled by default. Setting broadcast to yes will +# enable them. You can then choose which of the available event handlers +# should be loaded or not. Use the 'disable' directive to prevent Janus +# from loading one or more event handlers: use a comma separated list of +# file names to identify the event handlers to disable. By default, if +# broadcast is set to yes all available event handlers are enabled and +# loaded at startup. Finally, you can choose how often media statistics +# (packets sent/received, losses, etc.) should be sent: by default it's +# once per second (audio and video statistics sent separately), but may +# considered too verbose, or you may want to limit the number of events, +# especially if you have many PeerConnections active. To change this, +# just set 'stats_period' to the number of seconds that should pass in +# between statistics for each handle. Setting it to 0 disables them (but +# not other media-related events). +events: { + #broadcast = true + #disable = "libjanus_sampleevh.so" + #stats_period = 5 +} +