# Web server stuff: whether any should be enabled, which ports they
# should use, whether security should be handled directly or demanded to
# an external application (e.g., web frontend) and what should be the
# base path for the Janus API protocol. Notice that by default
# all the web servers will try and bind on both IPv4 and IPv6: if you
# want to only bind to IPv4 addresses (e.g., because your system does not
# support IPv6), you should set the web server 'ip' property to '0.0.0.0'.
general: {
	events = true					# Whether to notify event handlers about transport events (default=true)
	json = "indented"				# Whether the JSON messages should be indented (default),
									# plain (no indentation) or compact (no indentation and no spaces)
	base_path = "/janus"			# Base path to bind to in the web server (plain HTTP only)
	http = true			# Whether to enable the plain HTTP interface
	port = 8088		# Web server HTTP port
	#interface = "eth0"				# Whether we should bind this server to a specific interface only
	#ip = "192.168.0.1"				# Whether we should bind this server to a specific IP address (v4 or v6) only
	https = true			# Whether to enable HTTPS (default=false)
	secure_port = 8089 # Web server HTTPS port, if enabled
	#secure_interface = "eth0"		# Whether we should bind this server to a specific interface only
	#secure_ip = "192.168.0.1"		# Whether we should bind this server to a specific IP address (v4 or v6) only
	#acl = "127.,192.168.0."		# Only allow requests coming from this comma separated list of addresses
}

# Janus can also expose an admin/monitor endpoint, to allow you to check
# which sessions are up, which handles they're managing, their current
# status and so on. This provides a useful aid when debugging potential
# issues in Janus. The configuration is pretty much the same as the one
# already presented above for the webserver stuff, as the API is very
# similar: choose the base bath for the admin/monitor endpoint (/admin
# by default), ports, etc. Besides, you can specify
# a secret that must be provided in all requests as a crude form of
# authorization mechanism, and partial or full source IPs if you want to
# limit access basing on IP addresses. For security reasons, this
# endpoint is disabled by default, enable it by setting admin_http=true.
admin: {
	admin_base_path = "/admin"			# Base path to bind to in the admin/monitor web server (plain HTTP only)
	admin_http = false					# Whether to enable the plain HTTP interface
	#admin_port = 7088					# Admin/monitor web server HTTP port
	#admin_interface = "eth0"			# Whether we should bind this server to a specific interface only
	#admin_ip = "192.168.0.1"			# Whether we should bind this server to a specific IP address (v4 or v6) only
	admin_https = False # Whether to enable HTTPS (default=false)
	admin_secure_port = 7889 # Admin/monitor web server HTTPS port, if enabled
	#admin_secure_interface = "eth0"	# Whether we should bind this server to a specific interface only
	#admin_secure_ip = "192.168.0.1		# Whether we should bind this server to a specific IP address (v4 or v6) only
	#admin_acl = "127.,192.168.0."		# Only allow requests coming from this comma separated list of addresses
}

# The HTTP servers created in Janus support CORS out of the box, but by
# default they return a wildcard (*) in the 'Access-Control-Allow-Origin'
# header. This works fine in most situations, except when we have to
# respond to a credential request (withCredentials=true in the XHR). If
# you need that, uncomment and set the 'allow_origin' below to specify
# what must be returned in 'Access-Control-Allow-Origin'. More details:
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
cors: {
	allow_origin = "https://remote.developnetwork.net"
}

# Certificate and key to use for HTTPS, if enabled (and passphrase if needed).
# You can also disable insecure protocols and ciphers by configuring the
# 'ciphers' property accordingly (no limitation by default).
certificates: {
    cert_pem = "/etc/letsencrypt/live/remote.developnetwork.net/fullchain.pem"
	cert_key = "/etc/letsencrypt/live/remote.developnetwork.net/privkey.pem"
	#cert_pwd = "secretpassphrase"
	#ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}
