docker-jitsi-meet/env.example

# shellcheck disable=SC2034

################################################################################
################################################################################
# Welcome to the Jitsi Meet Docker setup!
#
# This sample .env file contains some basic options to get you started.
# The full options reference can be found here:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
################################################################################
################################################################################


#
# Basic configuration options
#

# Directory where all configuration will be stored
CONFIG=~/.jitsi-meet-cfg

# Exposed HTTP port
HTTP_PORT=8000

# Exposed HTTPS port
HTTPS_PORT=8443

# System time zone
TZ=UTC

# Public URL for the web service (required)
#PUBLIC_URL=https://meet.example.com

# Media IP addresses to advertise by the JVB
# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4

#
# Memory limits for Java components
#

#JICOFO_MAX_MEMORY=3072m
#VIDEOBRIDGE_MAX_MEMORY=3072m

#
# JaaS Components (beta)
# https://jaas.8x8.vc
#

# Enable JaaS Components (hosted Jigasi)
# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL
#ENABLE_JAAS_COMPONENTS=0

#
# Let's Encrypt configuration
#

# Enable Let's Encrypt certificate generation
#ENABLE_LETSENCRYPT=1

# Domain for which to generate the certificate
#LETSENCRYPT_DOMAIN=meet.example.com

# E-Mail for receiving important account notifications (mandatory)
#LETSENCRYPT_EMAIL=alice@atlanta.net

# Use the staging server (for avoiding rate limits while testing)
#LETSENCRYPT_USE_STAGING=1


#
# Etherpad integration (for document sharing)
#

# Set etherpad-lite URL in docker local network (uncomment to enable)
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001

# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/

# Name your etherpad instance!
ETHERPAD_TITLE="Video Chat"

# The default text of a pad
ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"

# Name of the skin for etherpad
ETHERPAD_SKIN_NAME=colibris

# Skin variants for etherpad
ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"


#
# Basic Jigasi configuration options (needed for SIP gateway support)
#

# SIP URI for incoming / outgoing calls
#JIGASI_SIP_URI=test@sip2sip.info

# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd

# SIP server (use the SIP account domain if in doubt)
#JIGASI_SIP_SERVER=sip2sip.info

# SIP server port
#JIGASI_SIP_PORT=5060

# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP


#
# Authentication configuration (see handbook for details)
#

# Enable authentication
#ENABLE_AUTH=1

# Enable guest access
#ENABLE_GUESTS=1

# Select authentication type: internal, jwt, ldap or matrix
#AUTH_TYPE=internal

# JWT authentication
#

# Application identifier
#JWT_APP_ID=my_jitsi_app_id

# Application secret known only to your token generator
#JWT_APP_SECRET=my_jitsi_app_secret

# (Optional) Set asap_accepted_issuers as a comma separated list
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client

# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2

# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#

# LDAP url for connection
#LDAP_URL=ldaps://ldap.domain.com/

# LDAP base DN. Can be empty
#LDAP_BASE=DC=example,DC=domain,DC=com

# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com

# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd

# LDAP filter. Tokens example:
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
# %s - %s is replaced by the complete service string
# %r - %r is replaced by the complete realm string
#LDAP_FILTER=(sAMAccountName=%u)

# LDAP authentication method
#LDAP_AUTH_METHOD=bind

# LDAP version
#LDAP_VERSION=3

# LDAP TLS using
#LDAP_USE_TLS=1

# List of SSL/TLS ciphers to allow
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC

# Require and verify server certificate
#LDAP_TLS_CHECK_PEER=1

# Path to CA cert file. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt

# Path to CA certs directory. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs

# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
# LDAP_START_TLS=1


#
# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#

# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=

# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=

# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD=

# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD=

# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD=

#
# Docker Compose options
#

# Container restart policy
#RESTART_POLICY=unless-stopped

# Jitsi image version (useful for local development)
#JITSI_IMAGE_VERSION=latest
misc: support/encourage usage of ShellCheck My editor detected `.env` as shell script and thus automatically checked it with ShellCheck. I would propose to make it a valid shell script that complies with ShellCheck by default. To do this, we just need to disable https://github.com/koalaman/shellcheck/wiki/SC2034 because the variables are not used (in that file). When you search for "docker-compose .env shellcheck SC2034" it turns out that I am not the first one to do this :) 2020-10-20 09:07:17 +02:00			`# shellcheck disable=SC2034`

env: add link to handbook 2022-05-20 10:57:00 +02:00			`################################################################################`
			`################################################################################`
			`# Welcome to the Jitsi Meet Docker setup!`
			`#`
			`# This sample .env file contains some basic options to get you started.`
			`# The full options reference can be found here:`
			`# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker`
			`################################################################################`
			`################################################################################`


doc: update example env file and documentation 2018-10-17 12:04:12 +02:00			`#`
			`# Basic configuration options`
			`#`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# Directory where all configuration will be stored`
doc: update documentation and sample env file 2018-04-28 17:24:50 +02:00			`CONFIG=~/.jitsi-meet-cfg`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# Exposed HTTP port`
core: make HTTP, HTTPS and JVB ports configurable 2018-09-19 22:12:57 +02:00			`HTTP_PORT=8000`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# Exposed HTTPS port`
core: make HTTP, HTTPS and JVB ports configurable 2018-09-19 22:12:57 +02:00			`HTTPS_PORT=8443`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# System time zone`
misc: set ddefault timezone to UTC 2020-04-22 10:25:35 +02:00			`TZ=UTC`
doc: update documentation and sample env file 2018-04-28 17:24:50 +02:00
jvb: switch to WebSocket based bridge channels 2020-10-02 16:40:04 +02:00			`# Public URL for the web service (required)`
doc: drop confusing port number from PUBLIC_URL 2021-05-06 08:38:50 +02:00			`#PUBLIC_URL=https://meet.example.com`
jigasi,web: add transcription options 2019-02-07 12:45:36 +01:00
jvb: add JVB_ADVERTISE_IPS, deprecating DOCKER_HOST_ADDRESS The new variable has a better purposed name, and supports a comma separated list of IPs instead of a single one, which should help those running split-horizon setups. 2022-09-26 20:44:40 +02:00			`# Media IP addresses to advertise by the JVB`
			`# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs`
doc: updated link for running behind NAT 2020-10-26 15:49:23 +01:00			`# See the "Running behind NAT or on a LAN environment" section in the Handbook:`
			`# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment`
jvb: add JVB_ADVERTISE_IPS, deprecating DOCKER_HOST_ADDRESS The new variable has a better purposed name, and supports a comma separated list of IPs instead of a single one, which should help those running split-horizon setups. 2022-09-26 20:44:40 +02:00			`#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4`
doc: update example env file and documentation 2018-10-17 12:04:12 +02:00
env.example: add jicofo and jvb env vars for defining max memory. 2023-11-26 04:28:12 +01:00			`#`
			`# Memory limits for Java components`
			`#`

			`#JICOFO_MAX_MEMORY=3072m`
			`#VIDEOBRIDGE_MAX_MEMORY=3072m`
misc: move security options in sample file 2022-05-30 16:11:49 +02:00
web,prosody: add support for JaaS components 2022-05-30 16:46:04 +02:00			`#`
misc: update env.example 2022-05-30 16:49:35 +02:00			`# JaaS Components (beta)`
			`# https://jaas.8x8.vc`
web,prosody: add support for JaaS components 2022-05-30 16:46:04 +02:00			`#`

misc: update env.example 2022-05-30 16:49:35 +02:00			`# Enable JaaS Components (hosted Jigasi)`
env: add note about JaaS account creation 2022-11-22 13:07:30 +01:00			`# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL`
web,prosody: add support for JaaS components 2022-05-30 16:46:04 +02:00			`#ENABLE_JAAS_COMPONENTS=0`

web: add builtin Let's Encrypt support 2018-11-07 11:23:08 +01:00			`#`
			`# Let's Encrypt configuration`
			`#`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# Enable Let's Encrypt certificate generation`
web: add builtin Let's Encrypt support 2018-11-07 11:23:08 +01:00			`#ENABLE_LETSENCRYPT=1`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# Domain for which to generate the certificate`
web: add builtin Let's Encrypt support 2018-11-07 11:23:08 +01:00			`#LETSENCRYPT_DOMAIN=meet.example.com`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# E-Mail for receiving important account notifications (mandatory)`
web: add builtin Let's Encrypt support 2018-11-07 11:23:08 +01:00			`#LETSENCRYPT_EMAIL=alice@atlanta.net`

web: replace certbot with acme.sh The former seems to be in a pretty bad state for usage with Debian based containers: - The Debian provided package is too old - certbot-auto no longer works on Debian - The recommended way of using snap is not Docker friendly Thus, we are migrating to acme.sh, which has the advantage of also making the web container slimmer. 2020-12-02 10:38:10 +01:00			`# Use the staging server (for avoiding rate limits while testing)`
			`#LETSENCRYPT_USE_STAGING=1`

web: add builtin Let's Encrypt support 2018-11-07 11:23:08 +01:00
web,etherpad: add etherpad addon for sharing document 2019-06-17 15:22:00 +02:00			`#`
			`# Etherpad integration (for document sharing)`
			`#`

etherpad: add ability to use a external server 2020-06-27 16:21:31 +02:00			`# Set etherpad-lite URL in docker local network (uncomment to enable)`
web,etherpad: add etherpad addon for sharing document 2019-06-17 15:22:00 +02:00			`#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001`

env.example : ETHERPAD_PUBLIC_URL : incl. /p/ path Closes #1200 2022-01-18 19:06:28 +01:00			`# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)`
			`#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/`
web,etherpad: add etherpad addon for sharing document 2019-06-17 15:22:00 +02:00
etherpad: use official image and making skin full width 2020-03-31 13:41:57 +02:00			`# Name your etherpad instance!`
sample: escape/encapsulate string Currently if you use the default `source` command in linux and the default `.env` file as declared in the `env.example`, it will fail because of the space in the string. Using double-quotes around the string will solve this issue. 2023-11-02 11:32:18 +01:00			`ETHERPAD_TITLE="Video Chat"`
etherpad: use official image and making skin full width 2020-03-31 13:41:57 +02:00
			`# The default text of a pad`
env: fix unexpected character bug with recent docker desktop This prevents the following parsing errors in recent Docker Desktop app: - unexpected character "!" in variable name near "to Web Chat!\\n\\n... - respectively: unexpected character "-" in variable name near "super-light-editor light-background full-width-editor... Co-authored-by: Werner Fleischer <70745309+wernf@users.noreply.github.com> 2021-11-25 15:17:01 +01:00			`ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"`
etherpad: use official image and making skin full width 2020-03-31 13:41:57 +02:00
			`# Name of the skin for etherpad`
etherpad: remove quotes from all env vars 2021-03-04 16:04:03 +01:00			`ETHERPAD_SKIN_NAME=colibris`
etherpad: use official image and making skin full width 2020-03-31 13:41:57 +02:00
			`# Skin variants for etherpad`
env: fix unexpected character bug with recent docker desktop This prevents the following parsing errors in recent Docker Desktop app: - unexpected character "!" in variable name near "to Web Chat!\\n\\n... - respectively: unexpected character "-" in variable name near "super-light-editor light-background full-width-editor... Co-authored-by: Werner Fleischer <70745309+wernf@users.noreply.github.com> 2021-11-25 15:17:01 +01:00			`ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"`
etherpad: use official image and making skin full width 2020-03-31 13:41:57 +02:00

doc: update example env file and documentation 2018-10-17 12:04:12 +02:00			`#`
			`# Basic Jigasi configuration options (needed for SIP gateway support)`
			`#`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# SIP URI for incoming / outgoing calls`
doc: update example env file and documentation 2018-10-17 12:04:12 +02:00			`#JIGASI_SIP_URI=test@sip2sip.info`

jigasi: make SIP port and transport configurable 2018-12-04 13:05:48 +01:00			`# Password for the specified SIP account as a clear text`
doc: update example env file and documentation 2018-10-17 12:04:12 +02:00			`#JIGASI_SIP_PASSWORD=passw0rd`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# SIP server (use the SIP account domain if in doubt)`
doc: update example env file and documentation 2018-10-17 12:04:12 +02:00			`#JIGASI_SIP_SERVER=sip2sip.info`

jigasi: make SIP port and transport configurable 2018-12-04 13:05:48 +01:00			`# SIP server port`
			`#JIGASI_SIP_PORT=5060`

			`# SIP server transport`
			`#JIGASI_SIP_TRANSPORT=UDP`
doc: update example env file and documentation 2018-10-17 12:04:12 +02:00
misc: move security options in sample file 2022-05-30 16:11:49 +02:00
xmpp: add support for authentication 2018-10-17 23:02:10 +02:00			`#`
prosody: add support for lobby 2020-07-22 11:00:46 +02:00			`# Authentication configuration (see handbook for details)`
xmpp: add support for authentication 2018-10-17 23:02:10 +02:00			`#`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# Enable authentication`
xmpp: add support for authentication 2018-10-17 23:02:10 +02:00			`#ENABLE_AUTH=1`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# Enable guest access`
xmpp: add support for authentication 2018-10-17 23:02:10 +02:00			`#ENABLE_GUESTS=1`

prosody: authentication by matrix user authentication service Added env variables and prosody plugins to authenticate prosody users by the matrix user authentication service, refer to https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification Co-authored-by: Markus Münzel <markus@muenzel.de> 2022-02-25 19:40:20 +01:00			`# Select authentication type: internal, jwt, ldap or matrix`
prosody: introduce AUTH_TYPE It simplifies selecting the desired authentication type, instead of having a boolean for each. 2019-05-04 14:52:35 +02:00			`#AUTH_TYPE=internal`
misc: group authentication options together 2019-04-17 10:01:22 +02:00
doc: fix typo 2020-03-25 15:28:53 +01:00			`# JWT authentication`
misc: group authentication options together 2019-04-17 10:01:22 +02:00			`#`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# Application identifier`
xmpp: add jwt authentication support 2019-02-21 08:34:41 +01:00			`#JWT_APP_ID=my_jitsi_app_id`

doc: clarify env variable 2021-04-30 21:19:27 +02:00			`# Application secret known only to your token generator`
xmpp: add jwt authentication support 2019-02-21 08:34:41 +01:00			`#JWT_APP_SECRET=my_jitsi_app_secret`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# (Optional) Set asap_accepted_issuers as a comma separated list`
xmpp: add jwt authentication support 2019-02-21 08:34:41 +01:00			`#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# (Optional) Set asap_accepted_audiences as a comma separated list`
xmpp: add jwt authentication support 2019-02-21 08:34:41 +01:00			`#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2`

misc: group authentication options together 2019-04-17 10:01:22 +02:00			`# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)`
doc: update example env file and documentation 2018-10-17 12:04:12 +02:00			`#`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# LDAP url for connection`
prosody: add LDAP authentication via SASL mechanism 2019-03-13 18:10:40 +01:00			`#LDAP_URL=ldaps://ldap.domain.com/`

			`# LDAP base DN. Can be empty`
			`#LDAP_BASE=DC=example,DC=domain,DC=com`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# LDAP user DN. Do not specify this parameter for the anonymous bind`
prosody: add LDAP authentication via SASL mechanism 2019-03-13 18:10:40 +01:00			`#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# LDAP user password. Do not specify this parameter for the anonymous bind`
prosody: add LDAP authentication via SASL mechanism 2019-03-13 18:10:40 +01:00			`#LDAP_BINDPW=LdapUserPassw0rd`

			`# LDAP filter. Tokens example:`
doc: update env.example 2020-03-31 12:53:00 +02:00			`# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail`
			`# %s - %s is replaced by the complete service string`
			`# %r - %r is replaced by the complete realm string`
prosody: add LDAP authentication via SASL mechanism 2019-03-13 18:10:40 +01:00			`#LDAP_FILTER=(sAMAccountName=%u)`

			`# LDAP authentication method`
			`#LDAP_AUTH_METHOD=bind`

			`# LDAP version`
			`#LDAP_VERSION=3`

			`# LDAP TLS using`
			`#LDAP_USE_TLS=1`

doc: update env.example 2020-03-31 12:53:00 +02:00			`# List of SSL/TLS ciphers to allow`
prosody: add LDAP authentication via SASL mechanism 2019-03-13 18:10:40 +01:00			`#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC`

			`# Require and verify server certificate`
			`#LDAP_TLS_CHECK_PEER=1`

doc: fix typo in env.example 2020-04-11 19:06:58 +02:00			`# Path to CA cert file. Used when server certificate verify is enabled`
prosody: add LDAP authentication via SASL mechanism 2019-03-13 18:10:40 +01:00			`#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt`

doc: fix typo in env.example 2020-04-11 19:06:58 +02:00			`# Path to CA certs directory. Used when server certificate verify is enabled`
prosody: add LDAP authentication via SASL mechanism 2019-03-13 18:10:40 +01:00			`#LDAP_TLS_CACERT_DIR=/etc/ssl/certs`

ldap: add option for ldap starttls support 2020-03-13 21:07:44 +01:00			`# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://`
			`# LDAP_START_TLS=1`

misc: move security options in sample file 2022-05-30 16:11:49 +02:00
			`#`
			`# Security`
			`#`
			`# Set these to strong passwords to avoid intruders from impersonating a service account`
			`# The service(s) won't start unless these are specified`
			`# Running ./gen-passwords.sh will update .env with strong passwords`
			`# You may skip the Jigasi and Jibri passwords if you are not using those`
			`# DO NOT reuse passwords`
			`#`

			`# XMPP password for Jicofo client connections`
			`JICOFO_AUTH_PASSWORD=`

			`# XMPP password for JVB client connections`
			`JVB_AUTH_PASSWORD=`

			`# XMPP password for Jigasi MUC client connections`
			`JIGASI_XMPP_PASSWORD=`

			`# XMPP recorder password for Jibri client connections`
			`JIBRI_RECORDER_PASSWORD=`

			`# XMPP password for Jibri client connections`
			`JIBRI_XMPP_PASSWORD=`

compose: add ability to override image versions Useful for local development, overriding to latest is possible now without changing the compose file itself. 2022-06-10 13:14:46 +02:00			`#`
			`# Docker Compose options`
			`#`

			`# Container restart policy`
			`#RESTART_POLICY=unless-stopped`

			`# Jitsi image version (useful for local development)`
			`#JITSI_IMAGE_VERSION=latest`