-
-
Notifications
You must be signed in to change notification settings - Fork 556
/
screego.config.example
117 lines (100 loc) · 4.5 KB
/
screego.config.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# The external ip of the server.
# When using a dual stack setup define both IPv4 & IPv6 separated by a comma.
# Execute the following command on the server you want to host Screego
# to find your external ip.
# curl 'https://api.ipify.org'
# Example:
# SCREEGO_EXTERNAL_IP=192.168.178.2,2a01:c22:a87c:e500:2d8:61ff:fec7:f92a
#
# If the server doesn't have a static ip, the ip can be obtained via a domain:
# SCREEGO_EXTERNAL_IP=dns:app.screego.net
# You can also specify the dns server to use
# SCREEGO_EXTERNAL_IP=dns:[email protected]:53
SCREEGO_EXTERNAL_IP=
# A secret which should be unique. Is used for cookie authentication.
SCREEGO_SECRET=
# If TLS should be enabled for HTTP requests. Screego requires TLS,
# you either have to enable this setting or serve TLS via a reverse proxy.
SCREEGO_SERVER_TLS=false
# The TLS cert file (only needed if TLS is enabled)
SCREEGO_TLS_CERT_FILE=
# The TLS key file (only needed if TLS is enabled)
SCREEGO_TLS_KEY_FILE=
# The address the http server will listen on.
# Formats:
# - host:port
# Example: 127.0.0.1:5050
# - unix socket (must be prefixed with unix:)
# Example: unix:/my/file/path.socket
SCREEGO_SERVER_ADDRESS=0.0.0.0:5050
# The address the TURN server will listen on.
SCREEGO_TURN_ADDRESS=0.0.0.0:3478
# Limit the ports that TURN will use for data relaying.
# Format: min:max
# Example:
# 50000:55000
SCREEGO_TURN_PORT_RANGE=
# If set, screego will not start TURN server and instead use an external TURN server.
# When using a dual stack setup define both IPv4 & IPv6 separated by a comma.
# Execute the following command on the server where you host TURN server
# to find your external ip.
# curl 'https://api.ipify.org'
# Example:
# SCREEGO_TURN_EXTERNAL_IP=192.168.178.2,2a01:c22:a87c:e500:2d8:61ff:fec7:f92a
#
# If the turn server doesn't have a static ip, the ip can be obtained via a domain:
# SCREEGO_TURN_EXTERNAL_IP=dns:turn.screego.net
# You can also specify the dns server to use
# SCREEGO_TURN_EXTERNAL_IP=dns:[email protected]:53
SCREEGO_TURN_EXTERNAL_IP=
# The port the external TURN server listens on.
SCREEGO_TURN_EXTERNAL_PORT=3478
# Authentication secret for the external TURN server.
SCREEGO_TURN_EXTERNAL_SECRET=
# Deny/ban peers within specific CIDRs to prevent TURN server users from
# accessing machines reachable by the TURN server but not from the internet,
# useful when the server is behind a NAT.
#
# Disallow internal ip addresses: https://en.wikipedia.org/wiki/Reserved_IP_addresses
# SCREEGO_TURN_DENY_PEERS=0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,127.0.0.1/8,169.254.0.0/16,172.16.0.0/12,192.0.0.0/24,192.0.2.0/24,192.88.99.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,224.0.0.0/4,239.0.0.0/8,255.255.255.255/32,::/128,::1/128,64:ff9b:1::/48,100::/64,2001::/32,2002::/16,fc00::/7,fe80::/10
#
# By default denies local addresses.
SCREEGO_TURN_DENY_PEERS=0.0.0.0/8,127.0.0.1/8,::/128,::1/128,fe80::/10
# If reverse proxy headers should be trusted.
# Screego uses ip whitelisting for authentication
# of TURN connections. When behind a proxy the ip is always the proxy server.
# To still allow whitelisting this setting must be enabled and
# the `X-Real-Ip` header must be set by the reverse proxy.
SCREEGO_TRUST_PROXY_HEADERS=false
# Defines when a user login is required
# Possible values:
# all: User login is always required
# turn: User login is required for TURN connections
# none: User login is never required
SCREEGO_AUTH_MODE=turn
# Defines origins that will be allowed to access Screego (HTTP + WebSocket)
# The default value is sufficient for most use-cases.
# Example Value: https://screego.net,https://sub.gotify.net
SCREEGO_CORS_ALLOWED_ORIGINS=
# Defines the location of the users file.
# File Format:
# user1:bcrypt_password_hash
# user2:bcrypt_password_hash
#
# Example:
# user1:$2a$12$WEfYCnWGk0PDzbATLTNiTuoZ7e/43v6DM/h7arOnPU6qEtFG.kZQy
#
# The user password pair can be created via
# screego hash --name "user1" --pass "your password"
SCREEGO_USERS_FILE=
# Defines how long a user session is valid in seconds.
# 0 = session invalides after browser session ends
SCREEGO_SESSION_TIMEOUT_SECONDS=0
# Defines the default value for the checkbox in the room creation dialog to select
# if the room should be closed when the room owner leaves
SCREEGO_CLOSE_ROOM_WHEN_OWNER_LEAVES=true
# The loglevel (one of: debug, info, warn, error)
SCREEGO_LOG_LEVEL=info
# If screego should expose a prometheus endpoint at /metrics. The endpoint
# requires basic authentication from a user in the users file.
SCREEGO_PROMETHEUS=false