mirrors/docker-jitsi-meet
1
0
Fork 0
mirror of https://github.com/jitsi/docker-jitsi-meet.git synced 2026-04-02 15:51:05 +02:00
Code Issues Projects Releases Wiki Activity

prosody: enable rate limits (#1536)

Browse Source
This commit is contained in:
Aaron van Meerten 2023-04-18 10:12:25 -05:00 committed by GitHub
parent 35685424e1
commit 39de818cb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docker-compose.yml
View File

@ -227,6 +227,12 @@ services:
- MAX_PARTICIPANTS
- PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL
- PROSODY_ENABLE_RATE_LIMITS
- PROSODY_RATE_LIMIT_LOGIN_RATE
- PROSODY_RATE_LIMIT_SESSION_RATE
- PROSODY_RATE_LIMIT_TIMEOUT
- PROSODY_RATE_LIMIT_ALLOW_RANGES
- PROSODY_RATE_LIMIT_CACHE_SIZE
- PUBLIC_URL
- TURN_CREDENTIALS
- TURN_HOST

48
prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
View File

@ -18,6 +18,7 @@
{{ $ENABLE_END_CONFERENCE := .Env.ENABLE_END_CONFERENCE | default "true" | toBool }}
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }}
{{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }}
{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool }}
{{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}}
{{ $PUBLIC_URL_DOMAIN := $PUBLIC_URL | trimPrefix "https://" | trimSuffix "/" -}}
{{ $TURN_PORT := .Env.TURN_PORT | default "443" }}
@ -31,10 +32,17 @@
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 }}
{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}}
{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}}
{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}}
{{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}}
{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
{{ $PROSODY_RESERVATION_ENABLED := .Env.PROSODY_RESERVATION_ENABLED | default "false" | toBool }}
{{ $PROSODY_RESERVATION_REST_BASE_URL := .Env.PROSODY_RESERVATION_REST_BASE_URL | default "" }}
{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" }}
{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" }}
{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" }}
{{ $RATE_LIMIT_ALLOW_RANGES := (splitList "," .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES) | default ["10.0.0.0/8"] }}
{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" }}
{{ $ENV := .Env -}}
admins = {
@ -268,10 +276,39 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc"
{{ if $ENABLE_SUBDOMAINS -}}
"muc_domain_mapper";
{{ end -}}
{{ if $ENABLE_RATE_LIMITS -}}
"muc_rate_limit";
"rate_limit";
{{ end -}}
{{ if .Env.MAX_PARTICIPANTS }}
"muc_max_occupants";
{{ end }}
}
{{ if $ENABLE_RATE_LIMITS -}}
-- Max allowed join/login rate in events per second.
rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }};
-- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second.
rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }};
-- The time in seconds, after which the limit for an IP address is lifted.
rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }};
-- List of regular expressions for IP addresses that are not limited by this module.
rate_limit_whitelist = {
"127.0.0.1";
{{ range $index, $cidr := $RATE_LIMIT_ALLOW_RANGES -}}
"{{ $cidr }}";
{{ end -}}
};
rate_limit_whitelist_jids = {
"{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}",
"{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}"
}
{{ end -}}
-- The size of the cache that saves state for IP addresses
rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }};
muc_room_cache_size = 1000
muc_room_locking = false
muc_room_default_public_jids = true
@ -308,7 +345,13 @@ Component "lobby.{{ $XMPP_DOMAIN }}" "muc"
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true
{{ end }}
modules_enabled = {
{{ if $ENABLE_RATE_LIMITS -}}
"muc_rate_limit";
{{ end -}}
}
{{ end }}
{{ if $ENABLE_BREAKOUT_ROOMS }}
Component "breakout.{{ $XMPP_DOMAIN }}" "muc"
@ -324,6 +367,9 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc"
{{ if not $DISABLE_POLLS -}}
"polls";
{{ end -}}
{{ if $ENABLE_RATE_LIMITS -}}
"muc_rate_limit";
{{ end -}}
}
{{ end }}