1b9aa86d91
The webrtc table is not a recognized Prosody directive and was silently ignored. TURN/STUN is already correctly configured via external_services. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
80 lines
2.5 KiB
Plaintext
80 lines
2.5 KiB
Plaintext
-- Custom Prosody configuration for Snikket
|
|
-- This file is included alongside the auto-generated Snikket config.
|
|
|
|
----------------------------------------------------------------------
|
|
-- PostgreSQL storage
|
|
----------------------------------------------------------------------
|
|
storage = "sql"
|
|
|
|
sql = {
|
|
driver = "PostgreSQL";
|
|
database = "snikket";
|
|
host = "127.0.0.1";
|
|
port = 5432;
|
|
username = "snikket";
|
|
password = os.getenv("POSTGRES_PASSWORD");
|
|
}
|
|
|
|
----------------------------------------------------------------------
|
|
-- S3 HTTP Upload (via mod_http_upload_external)
|
|
----------------------------------------------------------------------
|
|
|
|
-- Disable built-in upload module, enable external upload
|
|
modules_disabled = {
|
|
"http_upload";
|
|
}
|
|
|
|
modules_enabled = {
|
|
"http_upload_external";
|
|
"external_services";
|
|
}
|
|
|
|
-- URL of the external upload service that handles S3 interaction.
|
|
-- This is NOT the S3 bucket URL directly. You need to run a separate
|
|
-- upload handler service (e.g. prosody-filer, or a custom Lambda/endpoint)
|
|
-- that validates Prosody's HMAC signature and proxies files to/from S3.
|
|
http_upload_external_base_url = "http://chat.example.org:5050/upload/"
|
|
|
|
-- Shared secret between Prosody and the upload handler service
|
|
-- (must match the secret configured in the upload handler)
|
|
http_upload_external_secret = os.getenv("UPLOAD_SECRET")
|
|
|
|
-- How long (seconds) the upload URL remains valid
|
|
http_upload_external_expire_after = 3600
|
|
|
|
-- Max file size in bytes (10 MB)
|
|
http_upload_external_file_size_limit = 10485760
|
|
|
|
----------------------------------------------------------------------
|
|
-- TURN/STUN for voice/video calls (via mod_external_services)
|
|
-- Credentials are generated on-the-fly using TURN REST API (RFC 8489 §9.2)
|
|
-- Shared secret must match TURN_SECRET in secrets.env
|
|
----------------------------------------------------------------------
|
|
|
|
external_services = {
|
|
{
|
|
type = "stun";
|
|
host = os.getenv("SNIKKET_DOMAIN");
|
|
port = 3478;
|
|
transport = "udp";
|
|
},
|
|
{
|
|
type = "turn";
|
|
host = os.getenv("SNIKKET_DOMAIN");
|
|
port = 3478;
|
|
transport = "udp";
|
|
secret = os.getenv("TURN_SECRET");
|
|
algorithm = "turn";
|
|
ttl = 86400;
|
|
},
|
|
{
|
|
type = "turns";
|
|
host = os.getenv("SNIKKET_DOMAIN");
|
|
port = 5349;
|
|
transport = "tcp";
|
|
secret = os.getenv("TURN_SECRET");
|
|
algorithm = "turn";
|
|
ttl = 86400;
|
|
},
|
|
};
|