@drumee/setup-infra 1.0.12 → 1.0.14

package/templates/etc/bind/named.conf.private

@@ -0,0 +1,21 @@
+//
+// Configs setup by Drumee setup-infra utility
+//
+
+include "/etc/bind/named.conf.log";
+include "<%= nsupdate_key %>";
+zone "<%= private_domain %>" {
+    type master;
+    file "/var/lib/bind/<%= private_domain %>";
+    allow-query { any; };
+    allow-update { key "update"; };
+    allow-transfer { <%= private_ip4 %>; };
+};
+
+<% if (typeof(private_reverse_ip4) !== "undefined" && private_reverse_ip4 != "" ) { %>
+zone "<%= private_reverse_ip4 %>" {
+    type master;
+    file "/var/lib/bind/<%= private_ip4 %>";
+    allow-query { any; };
+};
+<% } %>

package/templates/etc/bind/{named.conf.local → named.conf.public}

@@ -4,9 +4,9 @@
 
 include "/etc/bind/named.conf.log";
 include "<%= nsupdate_key %>";
-zone "<%= domain %>" {
+zone "<%= public_domain %>" {
     type master;
-    file "/var/lib/bind/<%= domain %>";
+    file "/var/lib/bind/<%= public_domain %>";
     allow-query { any; };
     allow-update { key "update"; };
     allow-transfer { <%= public_ip4 %>; };

package/templates/etc/dkimkeys/dkim.key

@@ -1 +1 @@
-*@<%= domain %>:<%= domain %>:/etc/opendkim/keys/<%= domain %>/private.pem
+*@<%= public_domain %>:<%= public_domain %>:/etc/opendkim/keys/<%= public_domain %>/private.pem

package/templates/etc/drumee/conf.d/myDrumee.json.tpl

@@ -9,7 +9,7 @@
     "zh"
   ],
   "verbosity": 2,
-  "useEmail":1,
+  "useEmail":<%= use_email %>,
   "quota": {
     "watermark": "<%= quota_watermark %>"
   }

package/templates/etc/drumee/dnsapi.sh.tpl

@@ -4,7 +4,7 @@
 # Date : <%= date %>
 # -------------------------------------------------------------
 
-export ACME_CERTS_DIR=<%= certs_dir %>
+export CERTS_DIR=<%= certs_dir %>
 export ACME_DIR=<%= acme_dir %>
 export ACME_DNS=<%= acme_dns %>
 export ACME_EMAIL_ACCOUNT=<%= acme_email_account %>

package/templates/etc/drumee/drumee.sh.tpl

@@ -4,37 +4,44 @@
 # Date : <%= date %>
 # -------------------------------------------------------------
 
+export CERTS_DIR=<%= certs_dir %>
+
+<% if (typeof(public_domain) !== "undefined" && public_domain != "" ) { %>
 export ACME_CA_SERVER=<%= ca_server %>
-export ACME_CERTS_DIR=<%= certs_dir %>
 export ACME_DIR=<%= acme_dir %>
 export ACME_EMAIL_ACCOUNT=<%= acme_email_account %>
-export ACME_STORE=<%= certs_dir %>/<%= domain_name %>_ecc
+export ACME_STORE=<%= certs_dir %>/<%= public_domain %>_ecc
+export NSUPDATE_SERVER=ns1.<%= public_domain %>
+export NSUPDATE_ZONE=<%= public_domain %>
+export DRUMEE_PUBLIC_DOMAIN=<%= public_domain %>
+<% } %>
+
+<% if (typeof(jitsi_domain) !== "undefined" && jitsi_domain != "" ) { %>
+export JITSI_DOMAIN=<%= jitsi_domain %>
+<% } %>
+
 export APP_ROUTING_MARK=<%= public_ui_root %>
 export CREDENTIAL_DIR=/etc/drumee/credential
 export NSUPDATE_KEY=<%= nsupdate_key %>
-export NSUPDATE_SERVER=ns1.<%= domain_name %>
-export NSUPDATE_ZONE=<%= domain_name %>
 export DRUMEE_DB_DIR=<%= db_dir %>
 export DRUMEE_CACHE_DIR=<%= cache_dir %>
 export DRUMEE_DATA_DIR=<%= data_dir %>
-export DRUMEE_DOMAIN_NAME=<%= domain_name %>
+export DRUMEE_TMP_DIR=$DRUMEE_DATA_DIR/tmp
+export DRUMEE_MFS_DIR=$DRUMEE_DATA_DIR/mfs
 export DRUMEE_EXPORT_DIR=<%= export_dir %>
 export DRUMEE_IMPORT_DIR=<%= import_dir %>
 export DRUMEE_LOG_DIR=<%= log_dir %>
-export DRUMEE_MFS_DIR=<%= data_dir %>/mfs
-export DRUMEE_ROOT='/srv/drumee'
-export DRUMEE_RUNTIME_DIR=<%= runtime_dir %>
-export DRUMEE_SCHEMAS_DIR=<%= runtime_dir %>/server/schemas
-export DRUMEE_SERVER_HOME=<%= server_dir %>
-export DRUMEE_SERVER_NODE=<%= runtime_dir %>/dist/main/node_modules
-export DRUMEE_STATIC_DIR=<%= static_dir %>
+export DRUMEE_ROOT=<%= drumee_root %>
+export DRUMEE_RUNTIME_DIR=$DRUMEE_ROOT/runtime
+export DRUMEE_STATIC_DIR=$DRUMEE_ROOT/static
+export DRUMEE_UI_HOME=$DRUMEE_RUNTIME_DIR/ui
+export DRUMEE_SERVER_HOME=$DRUMEE_RUNTIME_DIR/server
+export DRUMEE_SCHEMAS_DIR=$DRUMEE_SERVER_HOME/schemas
+export DRUMEE_SERVER_NODE=$DRUMEE_SERVER_HOME/node_modules
 export DRUMEE_SYSTEM_GROUP=<%= system_group %>
 export DRUMEE_SYSTEM_USER=<%= system_user %>
-export DRUMEE_TMP_DIR=<%= data_dir %>/tmp
-export DRUMEE_UI_HOME=<%= runtime_dir %>/ui
-export DRUMEE_STORAGE_BACKUP=<%= storage_backup %>
-export DRUMEE_DB_BACKUP=<%= storage_backup %>/db
-export JITSI_DOMAIN=<%= jitsi_domain %>
+export DRUMEE_BACKUP_STORAGE=<%= backup_storage %>
+export DRUMEE_DB_BACKUP=<%= backup_storage %>/db
 export OWN_CERTS_DIR=<%= own_certs_dir %>
 export PUBLIC_UI_ROOT=<%= public_ui_root %>
 

package/templates/etc/drumee/env.json

@@ -1,6 +1,6 @@
 {
   "ACME_CA_SERVER":"<%= ca_server %>",
-  "ACME_CERTS_DIR":"<%= certs_dir %>",
+  "CERTS_DIR":"<%= certs_dir %>",
   "ACME_DIR":"<%= acme_dir %>",
   "ACME_DNS":"<%= acme_dns %>",
   "ACME_EMAIL_ACCOUNT":"<%= acme_email_account %>",

package/templates/etc/drumee/infrastructure/routes/main.conf.tpl

@@ -6,7 +6,7 @@
 
 
 location <%= location %>app/ {
-  alias /srv/drumee/runtime/ui/dist/<%= endpoint %>/app/;
+  alias <%= drumee_root %>/runtime/ui/<%= endpoint_name %>/app/;
   add_header Cache-Control max-age=31536000;
   add_header Access-Control-Allow-Origin <%= domain %>;
   fastcgi_hide_header Set-Cookie;
@@ -15,7 +15,7 @@ location <%= location %>app/ {
 
 # Frontend application assets
 location <%= location %>api/ {
-  alias /srv/drumee/runtime/ui/dist/<%= endpoint %>/api/;
+  alias <%= drumee_root %>/runtime/ui/<%= endpoint_name %>/api/;
   add_header Cache-Control max-age=31536000;
   add_header Access-Control-Allow-Origin <%= domain %>;
   fastcgi_hide_header Set-Cookie;
@@ -23,8 +23,9 @@ location <%= location %>api/ {
 }
 
 # Frontend application assets
-location <%= location %>plugins/ {
-  alias /srv/drumee/runtime/ui/dist/<%= endpoint %>/plugins/;
+location 
+plugins/ {
+  alias <%= drumee_root %>/runtime/ui/<%= endpoint_name %>/plugins/;
   add_header Cache-Control max-age=31536000;
   add_header Access-Control-Allow-Origin <%= domain %>;
   fastcgi_hide_header Set-Cookie;
@@ -34,7 +35,7 @@ location <%= location %>plugins/ {
 
 # Frontend application templates
 location <%= location %>bb-templates/ {
-  alias  /srv/drumee/runtime/ui/dist/<%= endpoint %>/bb-templates/;
+  alias  <%= drumee_root %>/runtime/ui/<%= endpoint_name %>/bb-templates/;
   add_header Cache-Control max-age=31536000;
   add_header Access-Control-Allow-Origin *;
   fastcgi_hide_header Set-Cookie;
@@ -52,9 +53,12 @@ location <%= location %> {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Real-IP       $remote_addr;
+    proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Connecting-IP $remote_addr;
-    proxy_set_header Host       	$host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Port $server_port;  # The port Nginx is listening on
+    proxy_set_header X-Original-Port $http_host;
     add_header Vary "Accept-Encoding";
     fastcgi_hide_header Set-Cookie;
     break;
@@ -66,9 +70,12 @@ location <%= location %> {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Real-IP       $remote_addr;
+    proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Connecting-IP $remote_addr;
-    proxy_set_header Host       	$host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Port $server_port;  # The port Nginx is listening on
+    proxy_set_header X-Original-Port $http_host;
     add_header Vary "Accept-Encoding";
     fastcgi_hide_header Set-Cookie;
     break;
@@ -119,7 +126,7 @@ location <%= location %> {
     fastcgi_hide_header Set-Cookie;
     add_header Cache-Control max-age=31536000;
     add_header Access-Control-Allow-Origin <%= domain %>;
-    rewrite /somanos/(.+)$ /-/svc/media.raw&p=$1&d=inline;
+    rewrite /<%= endpoint_name %>/(.+)$ /-/svc/media.raw&p=$1&d=inline;
     break;
   }
 
@@ -131,10 +138,13 @@ location <%= location %> {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Real-IP       $remote_addr;
+    proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Connecting-IP $remote_addr;
-    proxy_set_header Host       	$host;
-    proxy_set_header Referer       	$http_referer;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Port $server_port;  # The port Nginx is listening on
+    proxy_set_header X-Original-Port $http_host;
+    proxy_set_header Referer $http_referer;
+    proxy_set_header X-Forwarded-Proto $scheme;
     add_header Access-Control-Allow-Credentials true;
     add_header Vary "Accept-Encoding";
     fastcgi_hide_header Set-Cookie;

package/templates/etc/drumee/ssl/{main.conf.tpl → private.conf.tpl}

@@ -4,7 +4,5 @@
 # Date : <%= date %>
 # -------------------------------------------------------------
 
-ssl_certificate_key <%= certs_dir %>/<%= domain %>_ecc/<%= domain %>.key;
-ssl_certificate <%= certs_dir %>/<%= domain %>_ecc/fullchain.cer;
-ssl_trusted_certificate <%= certs_dir %>/<%= domain %>_ecc/ca.cer;
-
+ssl_certificate_key <%= certs_dir %>/<%= private_domain %>_ecc/<%= private_domain %>.key;
+ssl_trusted_certificate <%= certs_dir %>/<%= private_domain %>_ecc/<%= private_domain %>.cer;

package/templates/etc/drumee/ssl/public.conf.tpl

@@ -0,0 +1,10 @@
+# -------------------------------------------------------------
+# ! DO NOT EDIT !
+# Config file automatically generated by <setup-infra>
+# Date : <%= date %>
+# -------------------------------------------------------------
+
+ssl_certificate_key <%= certs_dir %>/<%= public_domain %>_ecc/<%= public_domain %>.key;
+ssl_certificate <%= certs_dir %>/<%= public_domain %>_ecc/fullchain.cer;
+ssl_trusted_certificate <%= certs_dir %>/<%= public_domain %>_ecc/ca.cer;
+

package/templates/etc/mysql/mariadb.conf.d/50-client.cnf

@@ -0,0 +1,21 @@
+#
+# This group is read by the client library
+# Use it for options that affect all clients, but not the server
+#
+
+[client]
+# Example of client certificate usage
+#ssl-cert = /etc/mysql/client-cert.pem
+#ssl-key  = /etc/mysql/client-key.pem
+#
+# Allow only TLS encrypted connections
+#ssl-verify-server-cert = on
+default-character-set = utf8mb4
+
+# This group is *never* read by mysql client library, though this
+# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL
+# client anyway.
+# If you use the same .cnf file for MySQL and MariaDB,
+# use it for MariaDB-only client options
+[client-mariadb]
+default-character-set = utf8mb4

package/templates/etc/mysql/mariadb.conf.d/50-server.cnf

@@ -59,7 +59,7 @@ bind-address            = 127.0.0.1
 # and when running legacy init error logging goes to syslog due to
 # /etc/mysql/conf.d/mariadb.conf.d/50-mysqld_safe.cnf
 # Enable this if you want to have error logging into a separate file
-#log_error = /var/log/mysql/error.log
+log_error = /var/log/mysql/error.log
 # Enable the slow query log to see queries with especially long duration
 #log_slow_query_file    = /var/log/mysql/mariadb-slow.log
 #log_slow_query_time    = 10
@@ -92,6 +92,7 @@ expire_logs_days        = 10
 
 # MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
 # utf8 4-byte character set. See also client.cnf
+character-set-client-handshake = FALSE
 character-set-server  = utf8mb4
 collation-server      = utf8mb4_general_ci
 

package/templates/etc/nginx/nginx.conf

@@ -27,7 +27,7 @@ http {
 
 	client_max_body_size 0;
 
-	resolver <%= local_address %>;
+	resolver <%= private_ip4 %>;
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 

package/templates/etc/nginx/sites-enabled/jitsi.conf.tpl

@@ -12,15 +12,15 @@ map $http_upgrade $connection_upgrade {
 }
 
 server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
+	listen <%= http_port %> default_server;
+	listen [::]:<%= http_port %> default_server;
     server_name *.<%= jitsi_domain %>;
 	include /etc/jitsi/meet.conf;
 }
 
 server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
+	listen <%= https_port %> ssl http2;
+	listen [::]:<%= https_port %> ssl http2;
 	server_name <%= jitsi_domain %>; 
 	include /etc/jitsi/ssl.conf;
 	include /etc/jitsi/meet.conf;

package/templates/etc/nginx/sites-enabled/{loopback.tpl → localhost.conf}

@@ -3,19 +3,18 @@
 # !!!!!!! DO NOT EDIT !!!!!!!!
 # Config file automatically generated by <setup-infra>
 # Purpose     : Provide Nginx config to a specific server
-# Server name : loopback
+# Server name : localhost
 # Date        : <%= date %>
 # -------------------------------------------------------------
 
-
-proxy_cache_path <%= cache_dir %>/loopback levels=1:2 keys_zone=loopback_keys_zone:10m max_size=10g inactive=60m;
+proxy_cache_path <%= drumee_root %>/cache/localhost levels=1:2 keys_zone=localhost_keys_zone:10m max_size=10g inactive=60m;
 server {
-	listen 127.0.0.1:80;
-	server_name _; 
+	listen <%= http_port %>;
+	listen [::]:<%= http_port %>;
+	server_name localhost; 
 	#
-	root <%= server_dir %>;
-	server_name _; 
-	client_max_body_size <%= max_body_size %>;
+	root <%= drumee_root %>/runtime/server;
+	client_max_body_size 10G;
 
 	# Security headers
 	add_header X-Content-Type-Options nosniff;
@@ -23,10 +22,10 @@ server {
 
 	set $prefix "";
 
-	include /etc/drumee/ssl/main.conf;
 	include /etc/drumee/infrastructure/routes/*.conf;
-	include /etc/drumee/infrastructure/internals/*.conf;
+	include /etc/drumee/infrastructure/internals/accel.conf;
 	include /etc/drumee/infrastructure/mfs.conf;
 }
 
 
+

package/templates/etc/nginx/sites-enabled/pivate.jitsi.conf.tpl

@@ -0,0 +1,28 @@
+# -------------------------------------------------------------
+# !!!!!!! DO NOT EDIT !!!!!!!!
+# Config file automatically generated by <setup-infra>
+# Purpose     : Provide Nginx config to a specific server
+# Server name : <%= domain %>
+# Date        : <%= date %>
+# -------------------------------------------------------------
+
+map $http_upgrade $connection_upgrade {
+	default upgrade;
+	''      close;
+}
+
+server {
+	listen <%= http_port %> default_server;
+	listen [::]:<%= http_port %> default_server;
+    server_name *.<%= jitsi_domain %>;
+	include /etc/jitsi/meet.conf;
+}
+
+server {
+	listen <%= https_port %> ssl;
+	listen [::]:<%= https_port %> ssl;
+	server_name <%= jitsi_domain %>; 
+	include /etc/jitsi/ssl.conf;
+	include /etc/jitsi/meet.conf;
+}
+

package/templates/etc/nginx/sites-enabled/private.conf.tpl

@@ -0,0 +1,40 @@
+
+# -------------------------------------------------------------
+# !!!!!!! DO NOT EDIT !!!!!!!!
+# Config file automatically generated by <setup-infra>
+# Purpose     : Provide Nginx config to a specific server
+# Server name : <%= private_domain %>
+# Date        : <%= date %>
+# -------------------------------------------------------------
+
+
+proxy_cache_path <%= cache_dir %>/<%= private_domain %> levels=1:2 keys_zone=<%= private_domain %>_keys_zone:10m max_size=10g inactive=60m;
+server {
+	listen <%= http_port %>;
+	listen [::]:<%= http_port %>;
+	server_name <%= private_domain %>; 
+	location / {
+		return  301 https://$host$request_uri;
+	}
+}
+server {
+	listen <%= https_port %> ssl;
+	listen [::]:<%= https_port %> ssl;	
+	#
+	root <%= server_dir %>;
+	server_name <%= private_domain %>; 
+	client_max_body_size <%= max_body_size %>;
+
+	# Security headers
+	add_header X-Content-Type-Options nosniff;
+	add_header X-XSS-Protection "1; mode=block";
+
+	set $prefix "";
+
+	include /etc/drumee/ssl/private.conf;
+	include /etc/drumee/infrastructure/routes/*.conf;
+	include /etc/drumee/infrastructure/internals/*.conf;
+	include /etc/drumee/infrastructure/mfs.conf;
+}
+
+

package/templates/etc/nginx/sites-enabled/{drumee.conf.tpl → public.conf.tpl}

@@ -3,26 +3,26 @@
 # !!!!!!! DO NOT EDIT !!!!!!!!
 # Config file automatically generated by <setup-infra>
 # Purpose     : Provide Nginx config to a specific server
-# Server name : <%= domain %>
+# Server name : <%= public_domain %>
 # Date        : <%= date %>
 # -------------------------------------------------------------
 
 
-proxy_cache_path <%= cache_dir %>/<%= domain %> levels=1:2 keys_zone=<%= domain %>_keys_zone:10m max_size=10g inactive=60m;
+proxy_cache_path <%= cache_dir %>/<%= public_domain %> levels=1:2 keys_zone=<%= public_domain %>_keys_zone:10m max_size=10g inactive=60m;
 server {
-	listen 80;
-	listen [::]:80;
-	server_name <%= domain %>; 
+	listen <%= http_port %>;
+	listen [::]:<%= http_port %>;
+	server_name <%= public_domain %>; 
 	location / {
 		return  301 https://$host$request_uri;
 	}
 }
 server {
-	listen 443 ssl;
-	listen [::]:443 ssl;	
+	listen <%= https_port %> ssl;
+	listen [::]:<%= https_port %> ssl;	
 	#
 	root <%= server_dir %>;
-	server_name <%= domain %>; 
+	server_name <%= public_domain %>; 
 	client_max_body_size <%= max_body_size %>;
 
 	# Security headers

package/templates/etc/nginx/sites-enabled/public.jitsi.conf.tpl

@@ -0,0 +1,28 @@
+# -------------------------------------------------------------
+# !!!!!!! DO NOT EDIT !!!!!!!!
+# Config file automatically generated by <setup-infra>
+# Purpose     : Provide Nginx config to a specific server
+# Server name : <%= domain %>
+# Date        : <%= date %>
+# -------------------------------------------------------------
+
+map $http_upgrade $connection_upgrade {
+	default upgrade;
+	''      close;
+}
+
+server {
+	listen <%= http_port %> default_server;
+	listen [::]:<%= http_port %> default_server;
+    server_name *.<%= jitsi_public %>;
+	include /etc/jitsi/meet.conf;
+}
+
+server {
+	listen <%= https_port %> ssl http2;
+	listen [::]:<%= https_port %> ssl http2;
+	server_name <%= jitsi_public %>; 
+	include /etc/jitsi/ssl.conf;
+	include /etc/jitsi/meet.conf;
+}
+

package/templates/etc/postfix/main.cf

@@ -59,7 +59,7 @@ inet_interfaces = all
 inet_protocols = ipv4
 #inet_protocols = ipv4, ipv6
 virtual_transport = lmtp:unix:private/dovecot-lmtp
-virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
+#virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
 virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
 local_recipient_maps =

package/templates/etc/prosody/conf.d/private.cfg.lua.tpl

@@ -0,0 +1,162 @@
+admins = {
+    "jigasi@auth.<%= prvate_jitsi %>",
+    "jibri@auth.<%= prvate_jitsi %>",
+    "focus@auth.<%= prvate_jitsi %>",
+    "jvb@auth.<%= prvate_jitsi %>"
+}
+
+unlimited_jids = {
+    "focus@auth.<%= prvate_jitsi %>",
+    "jvb@auth.<%= prvate_jitsi %>"
+}
+
+plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/", "/prosody-plugins-custom" }
+
+muc_mapper_domain_base = "<%= prvate_jitsi %>";
+muc_mapper_domain_prefix = "muc";
+http_default_host = "<%= prvate_jitsi %>"
+consider_bosh_secure = true;
+consider_websocket_secure = true;
+
+VirtualHost "<%= prvate_jitsi %>"
+    authentication = "internal_hashed"
+    ssl = {
+        key = "<%= certs_dir %>/<%= prvate_jitsi %>_ecc/<%= prvate_jitsi %>.key";
+        certificate = "<%= certs_dir %>/<%= prvate_jitsi %>_ecc/<%= prvate_jitsi %>.cer";
+    }
+    modules_enabled = {
+        "bosh";
+        "websocket";
+        "smacks"; -- XEP-0198: Stream Management
+        "pubsub";
+        "ping";
+        "speakerstats";
+        "conference_duration";
+        "room_metadata";
+        "end_conference";
+        "muc_lobby_rooms";
+        "muc_breakout_rooms";
+        "av_moderation";
+        "turncredentials";
+    }
+    main_muc = "muc.<%= prvate_jitsi %>"
+    lobby_muc = "lobby.<%= prvate_jitsi %>"
+    breakout_rooms_muc = "breakout.<%= prvate_jitsi %>"
+    speakerstats_component = "speakerstats.<%= prvate_jitsi %>"
+    conference_duration_component = "conferenceduration.<%= prvate_jitsi %>"
+    end_conference_component = "endconference.<%= prvate_jitsi %>"
+    av_moderation_component = "avmoderation.<%= prvate_jitsi %>"
+    turncredentials_secret = "<%= turn_sercret %>"
+    c2s_require_encryption = false
+
+
+VirtualHost "guest.<%= prvate_jitsi %>"
+    authentication = "anonymous"
+    ssl = {
+        key = "/usr/share/acme/certs/<%= prvate_jitsi %>_ecc/<%= prvate_jitsi %>.key";
+        certificate = "/usr/share/acme/certs/<%= prvate_jitsi %>_ecc/<%= prvate_jitsi %>.cer";
+    }
+    modules_enabled = {
+        "bosh";
+        "websocket";
+        "smacks"; -- XEP-0198: Stream Management
+        "pubsub";
+        "ping";
+        "speakerstats";
+        "conference_duration";
+        "room_metadata";
+        "end_conference";
+        "muc_lobby_rooms";
+        "muc_breakout_rooms";
+        "av_moderation";
+ 	    "turncredentials";
+    }
+    main_muc = "muc.<%= prvate_jitsi %>"
+    lobby_muc = "lobby.<%= prvate_jitsi %>"
+    breakout_rooms_muc = "breakout.<%= prvate_jitsi %>"
+    speakerstats_component = "speakerstats.<%= prvate_jitsi %>"
+    conference_duration_component = "conferenceduration.<%= prvate_jitsi %>"
+    end_conference_component = "endconference.<%= prvate_jitsi %>"
+    av_moderation_component = "avmoderation.<%= prvate_jitsi %>"
+    turncredentials_secret = "<%= turn_sercret %>"
+    c2s_require_encryption = false
+
+
+VirtualHost "auth.<%= prvate_jitsi %>"
+    ssl = {
+        key = "<%= certs_dir %>/<%= prvate_jitsi %>_ecc/<%= prvate_jitsi %>.key";
+        certificate = "<%= certs_dir %>/<%= prvate_jitsi %>_ecc/fullchain.cer";
+    }
+    modules_enabled = {
+        "limits_exception";
+    }
+    authentication = "internal_hashed"
+
+
+
+Component "internal-muc.<%= prvate_jitsi %>" "muc"
+    storage = "memory"
+    modules_enabled = {
+        "ping";
+    }
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+
+Component "muc.<%= prvate_jitsi %>" "muc"
+    restrict_room_creation = true
+    storage = "memory"
+    modules_enabled = {
+        "muc_meeting_id";
+        "polls";
+        "muc_domain_mapper";
+        "muc_password_whitelist";
+    }
+
+    -- The size of the cache that saves state for IP addresses
+	rate_limit_cache_size = 10000;
+    muc_room_cache_size = 1000
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    muc_password_whitelist = {
+        "focus@<no value>"
+    }
+
+Component "focus.<%= prvate_jitsi %>" "client_proxy"
+    target_address = "focus@auth.<%= prvate_jitsi %>"
+
+Component "speakerstats.<%= prvate_jitsi %>" "speakerstats_component"
+    muc_component = "muc.<%= prvate_jitsi %>"
+
+Component "conferenceduration.<%= prvate_jitsi %>" "conference_duration_component"
+    muc_component = "muc.<%= prvate_jitsi %>"
+
+
+Component "endconference.<%= prvate_jitsi %>" "end_conference"
+    muc_component = "muc.<%= prvate_jitsi %>"
+
+
+Component "lobby.<%= prvate_jitsi %>" "muc"
+    storage = "memory"
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    modules_enabled = {
+    }
+
+
+Component "breakout.<%= prvate_jitsi %>" "muc"
+    storage = "memory"
+    restrict_room_creation = true
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    modules_enabled = {
+        "muc_meeting_id";
+        "muc_domain_mapper";
+        "polls";
+    }
+
+
+Component "metadata.<%= prvate_jitsi %>" "room_metadata_component"
+    muc_component = "muc.<%= prvate_jitsi %>"
+    breakout_rooms_component = "breakout.<%= prvate_jitsi %>"