Configuring OpenTalk-Controller
When the controller gets started, it loads the configuration from the environment. It reads the settings in this order:
- Read environment variables which have a specific name, see section Environment variables.
- Load from a configuration file which defaults to
config.toml
in the current working directory, but can be set using the--config
or-c
CLI argument
Sections in the configuration file
Functionality that can be configured through the configuration file:
- Logging
- Database
- Shared folders on external storage systems
- HTTP server
- Room server
- RabbitMQ
- The recording service is enabled/disabled by configuring the queue name
- Redis
- STUN and TURN
- Authz
- Call-in
- MinIO
- EtherPad
- SpaceDeck
- Reports
- Default and fallback values
- Endpoints
- Metrics
- Tenants
- Tariffs
Environment variables
Settings in the configuration file can be overwritten by environment variables,
nested fields are separated by two underscores __
. The pattern looks like
this:
OPENTALK_CTRL_<field>__<nested-field>…
Limitations
Some settings can not be overwritten by environment variables. This is for example the case for entries in lists, because there is no environment variable naming pattern that could identify the index of the entry inside the list.
Examples
In order to set the database.url
field, this environment variable could be used:
OPENTALK_CTRL_DATABASE__URL=postgres://opentalk:s3cur3_p4ssw0rd@localhost:5432/opentalk
The field database.max_connections
could be overwritten like this:
OPENTALK_CTRL_DATABASE__MAX_CONNECTIONS=5
The field tariffs.status_mapping.downgraded_tariff_name
could be overwritten like this:
OPENTALK_CTRL_TARIFFS__STATUS_MAPPING__DOWNGRADED_TARIFF_NAME=downgraded_tariff
Example configuration file
This file can be found in the source code distribution under extra/example.toml
# SPDX-FileCopyrightText: OpenTalk GmbH <mail@opentalk.eu>
#
# SPDX-License-Identifier: EUPL-1.2
[logging]
# Default tracing directives that will always be applied after RUST_LOG's directives.
# Each array entry may contain a single directive.
# Below are some example directives which are used by default to reduce the amount of spamming some crates do by default.
# The defaults will always apply, but they can be explicitly overwritten with this config or the RUST_LOG environment
# variable. The priority of the different configuration options is: RUST_LOG > config file > defaults
#default_directives = [
# "ERROR",
# "opentalk=INFO",
# "pinky_swear=OFF",
# "rustls=WARN",
# "mio=ERROR",
# "lapin=WARN",
# "execution_id=trace"
#]
# Specify an optional OTLP tracing endpoint to export traces to
#otlp_tracing_endpoint = "http://localhost:4317"
# Service name when using opentelemetry
#service_name = "controller"
# Service namespace when using opentelemetry
#service_namespace = "opentalk"
# Service instance id when using opentelemetry. A random UUID will be generated at runtime if not set here.
#service_instance_id = "627cc493-f310-47de-96bd-71410b7dec09"
[database]
# URL used to connect to a postgres.
url = "postgres://postgres:password123@localhost:5432/opentalk"
# Maximum number of connections allowed to the server.
# Defaults to 100 which is the default of postgres.
#max_connections = 100
[http]
# The port to bind the HTTP Server to (defaults to 11311).
port = 11311
# Settings for the keycloak which is the user provider
# and allows authentication via OIDC
[keycloak]
# URL to the keycloak
base_url = "http://localhost:8080/auth"
# Name of the keycloak realm
realm = "MyRealm"
# Client ID
client_id = "Controller"
# Client secret (application requires confidential client).
client_secret = "c64c5854-3f02-4728-a617-bbe98ec42b8f"
# Configure how Keycloak users resulting from a search and registered Opentalk users are assigned to each other
# The following assignment strategies are available:
# - by Keycloak id (default): Keycloak users are assigned to Opentalk users using Keycloak's id field.
# - by user attribute: Keycloak must provide a user attribute holding the user IDs. The name of this user
# attribute must be set here in external_id_user_attribute_name.
#external_id_user_attribute_name = "my_user_attribute_name"
[room_server]
# Maximum bitrate allowed for media sessions that will be used to transmit webcam video/audio
# Example: 1.5 Mbit/s
max_video_bitrate = "1500000"
# Maximum bitrate allowed for media sessions used for screen share
# Example: 1MB/s
max_screen_bitrate = "8000000"
# Connection settings for the channel used to talk to the room server.
# Currently these should be equal to the settings in janus.transport.rabbitmq.jcfg
# of the respective janus instance.
[[room_server.connections]]
exchange = "janus-exchange"
from_routing_key = "from-janus"
to_routing_key = "to-janus"
# Optional setting to specify how many event loops are configured for this janus server
# This value is used to balance new webrtc sessions on specific event-loops.
#event_loops = 92
# WebRTC SFU Alternative to janus (room_server section)
[livekit]
url = "https://url.to.your.livekit.server"
api_key = "your-livekit-api-key"
api_secret = "your-livekit-api-secret"
[rabbit_mq]
# The URL to use to connect to the rabbit mq broker
#url = "amqp://username:password@host/%2F"
# The rabbitmq queue name for the mail worker,
# mailing is disabled when this is not set.
#mail_task_queue = "opentalk_mailer"
# The rabbitmq queue name for the recorder,
# recording is disabled when this is not set.
#recording_task_queue = "opentalk_recorder"
# Minimum amount of connections to retain when removing stale connections
#min_connections = 10
# Maximum number of amqp channels per connection
#max_channels_per_connection = 100
#[redis]
# Configuration of a redis server which can be used for synchronizing multiple
# controllers running in a cluster to provide an OpenTalk web api and meeting
# signaling service.
#
# If this section is present, then the redis service will be used for
# synchronizing meeting state throughout all controllers in the cluster. If it
# is left out entirely, then the service will run in "standalone" mode.
#
# Redis URL used to connect the redis server
#url = "redis://localhost:6379/"
#[turn]
# Lifetime of the generated credentials (in seconds)
#lifetime = 86400
#[[turn.servers]]
# URIS of this Turn Server following rfc7065
#uris = [
# "turn:127.0.0.1:3478?transport=udp",
# "turn:127.0.0.1:3478?transport=tcp",
# "turns:127.0.0.1:5349?transport=tcp"
#]
# The Pre Shared Key set with --static-auth-secret=...
#pre_shared_key = "opentalk2"
#[stun]
#uris = ["stun:127.0.0.1:3478"]
#[authz]
# Should the controller publish/receive ACL changes via RabbitMQ to/from other controllers
#synchronize_controllers = true
#[call_in]
# Set a phone number which will be displayed to the user
# for the call-in service
#tel="03012345678"
# Enable the mapping of user names to their phone number. This requires
# the OIDC provider to have a phone number field configured for their users.
#enable_phone_mapping=false
# The default country code for call in numbers. Notated in Alpha-2 code (ISO 3166)
# Phone numbers that do not fall in the category of the default country must be notated
# in the international format.
#default_country_code="DE"
# MinIO configuration
[minio]
# The URI to the MinIO instance
uri = "http://localhost:9555"
# Name of the bucket
bucket = "controller"
# Access key for the MinIO bucket
access_key = "minioadmin"
# Secret key for the MinIO bucket
secret_key = "minioadmin"
# Etcd configuration
[etcd]
# A list urls of a etcd cluster
urls = ["localhost:2379"]
# The etherpad configuration for the meeting-notes module
#[etherpad]
#url = "http://localhost:9001"
# Etherpads api key
#api_key = "secret"
# Spacedeck configuration
#[spacedeck]
#url = "http://localhost:9666"
#api_key = "secret"
# Reports configuration
#[reports]
#url = "http://localhost:6560"
# Shared folder configuration
#[shared_folder]
#provider = "nextcloud"
#url = "https://nextcloud.example.org/"
#username = "exampleuser"
#password = "v3rys3cr3t"
# Optional subdirectory under the user's folder
#directory = "opentalk/meetings"
# Optional expiry of folder shares in days
#expiry = 48
# Default/fallback values
#[defaults]
# Default language of a new user
#user_language = "en-US"
# Default presenter role for all users (defaults to false if not set)
#screen_share_requires_permission = true
# A list of disabled features in the controller. By default all features are enabled.
# Format: <module>::<feature>. A missing module defaults to "core".
# Currently supported features:
# - core::call_in
# - integration::outlook
#disabled_features = ["core::call_in", "integration::outlook"]
# Settings for endpoints
#[endpoints]
# Disable the /users/find endpoint for performance or privacy reasons
#disable_users_find = false
# Enable user-searching using keycloak's admin API
# This allows for finding users which have not yet
# logged into the controller
#users_find_use_kc = false
# Allow inviting any unchecked email address.
# Not recommended without proper outgoing anti-spam protection
#event_invite_external_email_address = false
# Prohibit users from changing the display name (guests are always allowed to change it)
#disallow_custom_display_name = false
# Disable the OpenAPI endpoint under `/v1/openapi.json` and the corresponding
# swagger endpoint under `/swagger`.
#disable_openapi = false
# Configuration for the /metrics HTTP endpoint
#[metrics]
# Allowlist for the /metrics endpoint
#
# Example: Allow all traffic from localhost
#allowlist = ["127.0.0.0/24", "::ffff:0:0/96"]
#[tenants]
# Configure how users are assigned to tenants
# The following assignment strategies are available:
# - "static" (default): Every user is assigned to a single tenant with a tenant_id specified in the static_tenant_id field.
# static_tenant_id's default value is "OpenTalkDefaultTenant".
# - "by_external_tenant_id": The OIDC provider (Keycloak) must be configured to include a "tenant_id" field in its
# id_token's JWT claims. It is used to assign users to the correct tenant.
# The OIDC provider must also provide a user attribute holding the tenant_id. The name of this
# field ist set here in external_tenant_id_user_attribute_name, the default field name is "tenant_id".
#
# Static assignment (Default configuration if nothing is specified):
#assignment = "static"
#static_tenant_id = "OpenTalkDefaultTenant"
#
# Assignment by JWT tenant_id:
#assignment = "by_external_tenant_id"
#external_tenant_id_user_attribute_name = "tenant_id"
#[tariffs]
# Configure how tariffs are assigned to users
# The following assignment strategies are available:
# - "static" (default): Every user is assigned the same tariff with the tariff's name specified in a separate field
# called static_tariff_name. The default value is "OpenTalkDefaultTariff".
# - "by_external_tariff_id": The OIDC provider (Keycloak) must be configured to include a "tariff_id" field it's
# id_token's JWT claims. It is used to assign users the correct tariff.
#
# Static Example (Default configuration if nothing is specified)
#assignment = "static"
#static_tariff_name = "OpenTalkDefaultTariff"
#
# Assignemnt by JWT tariff_id example:
#assignment = "by_external_tariff_id"
#
# Status mapping for tariff status. Can only be used if the tariff assignment
# is configured as "by_external_tariff_id". If present, the controller will look
# at the JWT attribute named "tariff_status" and transfer its value to its
# internal tariff status based on the values of the "default", "paid" and
# "downgraded" field values. An entry in any of the lists below must be unique
# across all lists. For example, if the paid list contains "all_ok", then
# "all_ok" must not appear in any other list.
#[tariffs.status_mapping]
#
# The name of the tariff that gets applied when the user's tariff state is "downgraded".
#downgraded_tariff_name = "basic"
#
# The default tariff status, usually a tariff that any user can get without paying
# Any user with an invalid value in the "tariff_status" attribute will be set to
# the default status, but a warning will be issued if the mapping does not contain
# that attribute value.
#default = ["default"]
#
# The user's tariff has been paid and is valid.
#paid = ["paid", "all_ok"]
#
# The user has booked a specific tariff, but is not allowed to use it, e.g. because
# it is unpaid. Therefore the user's tariff is downgraded to the fallback tariff.
#downgraded = ["unpaid"]