Update mumble-server.ini

conf/mumble-server.ini

@@ -1,181 +1,277 @@
-# Murmur configuration file.
+; Murmur configuration file.
-#
+;
-# General notes:
+; General notes:
-# * Settings in this file are default settings and many of them can be overridden
+; * Settings in this file are default settings and many of them can be overridden
-#   with virtual server specific configuration via the Ice or DBus interface.
+;   with virtual server specific configuration via the Ice or DBus interface.
-# * Due to the way this configuration file is read some rules have to be
+; * Due to the way this configuration file is read some rules have to be
-#   followed when specifying variable values (as in variable = value):
+;   followed when specifying variable values (as in variable = value):
-#     * Make sure to quote the value when using commas in strings or passwords.
+;     * Make sure to quote the value when using commas in strings or passwords.
-#        NOT variable = super,secret BUT variable = "super,secret"
+;        NOT variable = super,secret BUT variable = "super,secret"
-#     * Make sure to escape special characters like '\' or '"' correctly
+;     * Make sure to escape special characters like '\' or '"' correctly
-#        NOT variable = """ BUT variable = "\""
+;        NOT variable = """ BUT variable = "\""
-#        NOT regex = \w* BUT regex = \\w*
+;        NOT regex = \w* BUT regex = \\w*
 
-# Path to database. If blank, will search for
+; Path to database. If blank, will search for
-# murmur.sqlite in default locations or create it if not found.
+; murmur.sqlite in default locations or create it if not found.
 database=__FINALPATH__/mumble-server.sqlite
 
-# If you wish to use something other than SQLite, you'll need to set the name
+; Murmur defaults to using SQLite with its default rollback journal.
-# of the database above, and also uncomment the below.
+; In some situations, using SQLite's write-ahead log (WAL) can be
-# Sticking with SQLite is strongly recommended, as it's the most well tested
+; advantageous.
-# and by far the fastest solution.
+; If you encounter slowdowns when moving between channels and similar
-#
+; operations, enabling the SQLite write-ahead log might help.
-#dbDriver=QMYSQL
+;
-#dbUsername=
+; To use SQLite's write-ahead log, set sqlite_wal to one of the following
-#dbPassword=
+; values:
-#dbHost=
+;
-#dbPort=
+; 0 - Use SQLite's default rollback journal.
-#dbPrefix=murmur_
+; 1 - Use write-ahead log with synchronous=NORMAL.
-#dbOpts=
+;     If Murmur crashes, the database will be in a consistent state, but
+;     the most recent changes might be lost if the operating system did
+;     not write them to disk yet. This option can improve Murmur's
+;     interactivity on busy servers, or servers with slow storage.
+; 2 - Use write-ahead log with synchronous=FULL.
+;     All database writes are synchronized to disk when they are made.
+;     If Murmur crashes, the database will be include all completed writes.
+;sqlite_wal=0
 
-# Murmur defaults to not using D-Bus. If you wish to use dbus, which is one of the
+; If you wish to use something other than SQLite, you'll need to set the name
-# RPC methods available in Murmur, please specify so here.
+; of the database above, and also uncomment the below.
-#
+; Sticking with SQLite is strongly recommended, as it's the most well tested
+; and by far the fastest solution.
+;
+;dbDriver=QMYSQL
+;dbUsername=
+;dbPassword=
+;dbHost=
+;dbPort=
+;dbPrefix=murmur_
+;dbOpts=
+
+; Murmur defaults to not using D-Bus. If you wish to use dbus, which is one of the
+; RPC methods available in Murmur, please specify so here.
+;
 dbus=system
 
-# Alternate D-Bus service name. Only use if you are running distinct
+; Alternate D-Bus service name. Only use if you are running distinct
-# murmurd processes connected to the same D-Bus daemon.
+; murmurd processes connected to the same D-Bus daemon.
-#dbusservice=net.sourceforge.mumble.murmur
+;dbusservice=net.sourceforge.mumble.murmur
 
-# If you want to use ZeroC Ice to communicate with Murmur, you need
+; If you want to use ZeroC Ice to communicate with Murmur, you need
-# to specify the endpoint to use. Since there is no authentication
+; to specify the endpoint to use. Since there is no authentication
-# with ICE, you should only use it if you trust all the users who have
+; with ICE, you should only use it if you trust all the users who have
-# shell access to your machine.
+; shell access to your machine.
-# Please see the ICE documentation on how to specify endpoints.
+; Please see the ICE documentation on how to specify endpoints.
 ice="tcp -h 127.0.0.1 -p 6502"
 
-# Ice primarily uses local sockets. This means anyone who has a
+; Ice primarily uses local sockets. This means anyone who has a
-# user account on your machine can connect to the Ice services.
+; user account on your machine can connect to the Ice services.
-# You can set a plaintext "secret" on the Ice connection, and
+; You can set a plaintext "secret" on the Ice connection, and
-# any script attempting to access must then have this secret
+; any script attempting to access must then have this secret
-# (as context with name "secret").
+; (as context with name "secret").
-# Access is split in read (look only) and write (modify) 
+; Access is split in read (look only) and write (modify)
-# operations. Write access always includes read access,
+; operations. Write access always includes read access,
-# unless read is explicitly denied (see note below).
+; unless read is explicitly denied (see note below).
-#
+;
-# Note that if this is uncommented and with empty content,
+; Note that if this is uncommented and with empty content,
-# access will be denied.
+; access will be denied.
 
-#icesecretread=
+;icesecretread=
 icesecretwrite=
 
-# How many login attempts do we tolerate from one IP
+; If you want to expose Murmur's experimental gRPC API, you
-# inside a given timeframe before we ban the connection?
+; need to specify an address to bind on.
-# Note that this is global (shared between all virtual servers), and that
+; Note: not all builds of Murmur support gRPC. If gRPC is not
-# it counts both successfull and unsuccessfull connection attempts.
+; available, Murmur will warn you in its log output.
-# Set either Attempts or Timeframe to 0 to disable.
+;grpc="127.0.0.1:50051"
-#autobanAttempts = 10
+; Specifying both a certificate and key file below will cause gRPC to use
-#autobanTimeframe = 120
+; secured, TLS connections.
-#autobanTime = 300
+;grpccert=""
+;grpckey=""
 
-# Specifies the file Murmur should log to. By default, Murmur
+; How many login attempts do we tolerate from one IP
-# logs to the file 'murmur.log'. If you leave this field blank
+; inside a given timeframe before we ban the connection?
-# on Unix-like systems, Murmur will force itself into foreground
+; Note that this is global (shared between all virtual servers), and that
-# mode which logs to the console.
+; it counts both successfull and unsuccessfull connection attempts.
+; Set either Attempts or Timeframe to 0 to disable.
+;autobanAttempts = 10
+;autobanTimeframe = 120
+;autobanTime = 300
+
+; Specifies the file Murmur should log to. By default, Murmur
+; logs to the file 'murmur.log'. If you leave this field blank
+; on Unix-like systems, Murmur will force itself into foreground
+; mode which logs to the console.
 logfile=/var/log/mumble-server/__APP__.log
 
-# If set, Murmur will write its process ID to this file
+; If set, Murmur will write its process ID to this file
-# when running in daemon mode (when the -fg flag is not
+; when running in daemon mode (when the -fg flag is not
-# specified on the command line). Only available on
+; specified on the command line). Only available on
-# Unix-like systems.
+; Unix-like systems.
 pidfile=/var/run/mumble-server/__APP__.pid
 
-# The below will be used as defaults for new configured servers.
+; The below will be used as defaults for new configured servers.
-# If you're just running one server (the default), it's easier to
+; If you're just running one server (the default), it's easier to
-# configure it here than through D-Bus or Ice.
+; configure it here than through D-Bus or Ice.
-#
+;
-# Welcome message sent to clients when they connect.
+; Welcome message sent to clients when they connect.
+; If the welcome message is set to an empty string,
+; no welcome message will be sent to clients.
 welcometext="__WELCOMETEXT__"
 
-# Port to bind TCP and UDP sockets to.
+; Port to bind TCP and UDP sockets to.
 port=__PORT__
 
-# Specific IP or hostname to bind to.
+; Specific IP or hostname to bind to.
-# If this is left blank (default), Murmur will bind to all available addresses.
+; If this is left blank (default), Murmur will bind to all available addresses.
-#host=
+;host=
 
-# Password to join server.
+; Password to join server.
 serverpassword=__SERVER_PASSWORD__
 
-# Maximum bandwidth (in bits per second) clients are allowed
+; Maximum bandwidth (in bits per second) clients are allowed
-# to send speech at.
+; to send speech at.
 bandwidth=72000
 
-# Maximum number of concurrent clients allowed.
+; Maximum number of concurrent clients allowed.
 users=100
 
-# Amount of users with Opus support needed to force Opus usage, in percent.
+; Per-user rate limiting
-# 0 = Always enable Opus, 100 = enable Opus if it's supported by all clients.
+;
-#opusthreshold=100
+; These two settings allow to configure the per-user rate limiter for some
+; command messages sent from the client to the server. The messageburst setting
+; specifies an amount of messages which are allowed in short bursts. The
+; messagelimit setting specifies the number of messages per second allowed over
+; a longer period. If a user hits the rate limit, his packages are then ignored
+; for some time. Both of these settings have a minimum of 1 as setting either to
+; 0 could render the server unusable.
+messageburst=5
+messagelimit=1
 
-# Maximum depth of channel nesting. Note that some databases like MySQL using
+; Respond to UDP ping packets.
-# InnoDB will fail when operating on deeply nested channels.
+;
-#channelnestinglimit=10
+; Setting to true exposes the current user count, the maximum user count, and
+; the server's maximum bandwidth per client to unauthenticated users. In the
+; Mumble client, this information is shown in the Connect dialog.
+allowping=true
 
-# Regular expression used to validate channel names.
+; Amount of users with Opus support needed to force Opus usage, in percent.
-# (Note that you have to escape backslashes with \ )
+; 0 = Always enable Opus, 100 = enable Opus if it's supported by all clients.
-#channelname=[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+
+;opusthreshold=100
 
-# Regular expression used to validate user names.
+; Maximum depth of channel nesting. Note that some databases like MySQL using
-# (Note that you have to escape backslashes with \ )
+; InnoDB will fail when operating on deeply nested channels.
-#username=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+
+;channelnestinglimit=10
 
-# Maximum length of text messages in characters. 0 for no limit.
+; Maximum number of channels per server. 0 for unlimited. Note that an
-#textmessagelength=5000
+; excessive number of channels will impact server performance
+;channelcountlimit=1000
 
-# Maximum length of text messages in characters, with image data. 0 for no limit.
+; Regular expression used to validate channel names.
-#imagemessagelength=131072
+; (Note that you have to escape backslashes with \ )
+;channelname=[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+
 
-# Allow clients to use HTML in messages, user comments and channel descriptions?
+; Regular expression used to validate user names.
-#allowhtml=true
+; (Note that you have to escape backslashes with \ )
+;username=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+
 
-# Murmur retains the per-server log entries in an internal database which
+; Maximum length of text messages in characters. 0 for no limit.
-# allows it to be accessed over D-Bus/ICE.
+;textmessagelength=5000
-# How many days should such entries be kept?
-# Set to 0 to keep forever, or -1 to disable logging to the DB.
-#logdays=31
 
-# To enable public server registration, the serverpassword must be blank, and
+; Maximum length of text messages in characters, with image data. 0 for no limit.
-# this must all be filled out.
+;imagemessagelength=131072
-# The password here is used to create a registry for the server name; subsequent
+
-# updates will need the same password. Don't lose your password.
+; Allow clients to use HTML in messages, user comments and channel descriptions?
-# The URL is your own website, and only set the registerHostname for static IP
+;allowhtml=true
-# addresses.
+
-# Only uncomment the 'registerName' parameter if you wish to give your "Root" channel a custom name.
+; Murmur retains the per-server log entries in an internal database which
-#
+; allows it to be accessed over D-Bus/ICE.
+; How many days should such entries be kept?
+; Set to 0 to keep forever, or -1 to disable logging to the DB.
+;logdays=31
+
+; To enable public server registration, the serverpassword must be blank, and
+; this must all be filled out.
+; The password here is used to create a registry for the server name; subsequent
+; updates will need the same password. Don't lose your password.
+; The URL is your own website, and only set the registerHostname for static IP
+; addresses.
+; Only uncomment the 'registerName' parameter if you wish to give your "Root" channel a custom name.
+;
 registerName=__REGISTERNAME__
-#registerPassword=secret
+;registerPassword=secret
-#registerUrl=http://mumble.sourceforge.net/
+;registerUrl=http://www.mumble.info/
-#registerHostname=
+;registerHostname=
 
-# If this option is enabled, the server will announce its presence via the 
+; If this option is enabled, the server will announce its presence via the
-# bonjour service discovery protocol. To change the name announced by bonjour
+; bonjour service discovery protocol. To change the name announced by bonjour
-# adjust the registerName variable.
+; adjust the registerName variable.
-# See http://developer.apple.com/networking/bonjour/index.html for more information
+; See http://developer.apple.com/networking/bonjour/index.html for more information
-# about bonjour.
+; about bonjour.
-#bonjour=True
+;bonjour=True
 
-# If you have a proper SSL certificate, you can provide the filenames here.
+; If you have a proper SSL certificate, you can provide the filenames here.
-# Otherwise, Murmur will create it's own certificate automatically.
+; Otherwise, Murmur will create its own certificate automatically.
 sslCert=/etc/yunohost/certs/__DOMAIN__/crt.pem
 sslKey=/etc/yunohost/certs/__DOMAIN__/key.pem
 
-# If Murmur is started as root, which user should it switch to?
+; The sslDHParams option allows you to specify a PEM-encoded file with
-# This option is ignored if Murmur isn't started with root privileges.
+; Diffie-Hellman parameters, which will be used as the default Diffie-
+; Hellman parameters for all virtual servers.
+;
+; Instead of pointing sslDHParams to a file, you can also use the option
+; to specify a named set of Diffie-Hellman parameters for Murmur to use.
+; Murmur comes bundled with the Diffie-Hellman parameters from RFC 7919.
+; These parameters are available by using the following names:
+;
+; @ffdhe2048, @ffdhe3072, @ffdhe4096, @ffdhe6144, @ffdhe8192
+;
+; By default, Murmur uses @ffdhe2048.
+;sslDHParams=@ffdhe2048
+
+; The sslCiphers option chooses the cipher suites to make available for use
+; in SSL/TLS. This option is server-wide, and cannot be set on a
+; per-virtual-server basis.
+;
+; This option is specified using OpenSSL cipher list notation (see
+; https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT).
+;
+; It is recommended that you try your cipher string using 'openssl ciphers <string>'
+; before setting it here, to get a feel for which cipher suites you will get.
+;
+; After setting this option, it is recommend that you inspect your Murmur log
+; to ensure that Murmur is using the cipher suites that you expected it to.
+;
+; Note: Changing this option may impact the backwards compatibility of your
+; Murmur server, and can remove the ability for older Mumble clients to be able
+; to connect to it.
+;sslCiphers=EECDH+AESGCM:EDH+aRSA+AESGCM:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA
+
+; If Murmur is started as root, which user should it switch to?
+; This option is ignored if Murmur isn't started with root privileges.
 uname=mumble-server
 
-# If this options is enabled, only clients which have a certificate are allowed
+; If this options is enabled, only clients which have a certificate are allowed
-# to connect.
+; to connect.
-#certrequired=False
+;certrequired=False
 
-# If enabled, clients are sent information about the servers version and operating
+; If enabled, clients are sent information about the servers version and operating
-# system.
+; system.
-#sendversion=True
+;sendversion=True
 
-# You can configure any of the configuration options for Ice here. We recommend
+; This sets password hash storage to legacy mode (1.2.4 and before)
-# leave the defaults as they are.
+; (Note that setting this to true is insecure and should not be used unless absolutely necessary)
-# Please note that this section has to be last in the configuration file.
+;legacyPasswordHash=false
-#
+
+; By default a strong amount of PBKDF2 iterations are chosen automatically. If >0 this setting
+; overrides the automatic benchmark and forces a specific number of iterations.
+; (Note that you should only change this value if you know what you are doing)
+;kdfIterations=-1
+
+; You can configure any of the configuration options for Ice here. We recommend
+; leave the defaults as they are.
+; Please note that this section has to be last in the configuration file.
+;
 [Ice]
 Ice.Warn.UnknownProperties=1
 Ice.MessageSizeMax=65536