updated

README.md

@@ -1,2 +1 @@
-# jitsi-quick
-
+# jitsi-quick

ansible-jitsi.yml

@@ -0,0 +1,170 @@
+# playbook.yml:
+---
+- name: "common config"
+  hosts: localhost
+  connection: local
+  vars_files:
+    - variables.yml
+
+  tasks:
+    - name: "check the variable: hostname"
+      fail: msg="The variable 'hostname' in variables.yml, has to be set to somethings else than CHANGEME"
+      when: '"CHANGEME" in hostname'
+
+    - name: change hostname on myserver to {{ hostname }}
+      hostname:
+        name: "{{ hostname }}"
+
+    - name: add myself to /etc/hosts
+      lineinfile:
+        dest: /etc/hosts
+        regexp: '^127\.0\.0\.1[ \t]+localhost'
+        line: '127.0.0.1 localhost {{ hostname }}'
+        state: present
+
+    - name: Set timezone to {{ timezone }}
+      timezone:
+        name: "{{ timezone }}"
+
+#    - name: "copy influxdb.repo"
+#      copy:
+#        backup: yes
+#        src: "{{ playbook_dir }}/repo/influxdb.repo"
+#        dest: /etc/yum.repos.d/influxdb.repo
+#        owner: root
+#        group: root
+#        mode: '0644'
+#      when: ansible_distribution == 'Amazon'
+#
+#    - name: download repo
+#      shell: sed -i "s/\$releasever/$(rpm -E %{rhel})/g" /etc/yum.repos.d/influxdb.repo
+#      when: ansible_distribution == 'Amazon'
+#
+#
+#    - name: Update cache and install a list of COMMON packages with a list variable
+#      ansible.builtin.yum:
+#        name: "{{ packages }}"
+#        update_cache: true
+#      vars:
+#        packages:
+#        - telegraf
+#        - wget
+#      when: ansible_distribution == 'CentOS'
+#
+#    - name: Install docker on CentOS (tested on 7)
+#      ansible.builtin.yum:
+#        name: "{{ packages }}"
+#      vars:
+#        packages:
+#        - containerd.io
+#        - docker-ce
+#        - docker-ce-cli
+#      when: ansible_distribution == 'CentOS'
+#
+#    - name: Install docker on AmazonLinux (tested on v2)
+#      ansible.builtin.yum:
+#        name: "{{ packages }}"
+#      vars:
+#        packages:
+#        - docker
+#      when: ansible_distribution == 'Amazon'
+
+
+    - name: "telegraf"
+      hosts: localhost
+      connection: local
+      roles:
+        - telegraf
+#      when: (ansible_distribution == 'Debian') or (ansible_distribution == 'Ubuntu')
+
+    - name: "docker"
+      hosts: localhost
+      connection: local
+      roles:
+        - docker
+#      when: (ansible_distribution == 'Debian') or (ansible_distribution == 'Ubuntu')
+
+    - name: "copy telegraf.conf"
+      copy:
+        backup: yes
+        src: "{{ playbook_dir }}/repo/telegraf.conf"
+        dest: /etc/telegraf/telegraf.conf
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: "copy telegraf.d/jitsi.conf"
+      copy:
+        backup: yes
+        src: "{{ playbook_dir }}/repo/telegraf_jitsi.conf"
+        dest: /etc/telegraf/telegraf.d/jitsi.conf
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: Reload telegraf and enable it onboot
+      ansible.builtin.service:
+        name: telegraf
+        state: reloaded
+        enabled: yes
+
+### Blocco usato per recuperare automaticamente l'ultima versione stabile di docker-jitsi-meet in quanto un clone del repo senza tag fa usare versioni unstable
+### e' stato commentato in quanto la versione viene definita nelle variabili in modo da poterla tracciare e validare il playbook
+#
+#    - name: retrieve docker-jitsi-meet latest stable tag
+#      shell: curl -s https://api.github.com/repos/jitsi/docker-jitsi-meet/releases/latest | grep tag_name | cut -d '"' -f 4
+#      register: jitsi_latest_stable
+#      delegate_to: 127.0.0.1
+#      run_once: true
+#
+#    - set_fact: 
+#        jitsi_latest_stable={{ jitsi_latest_stable.stdout }}
+
+    - name: checkout docker-jitsi-meet git repo latest stable tag {{ jitsi_latest_stable }}
+      ansible.builtin.git:
+        repo: 'https://github.com/jitsi/docker-jitsi-meet'
+        dest: /root/docker-jitsi-meet
+        version: "{{ jitsi_latest_stable }}"
+
+## Per aggiunta plugin moderazione
+#
+#    - name: checkout moderation plugin git repo
+#      ansible.builtin.git:
+#        repo: 'https://github.com/nvonahsen/jitsi-token-moderation-plugin'
+#        dest: /root/jitsi-token-moderation-plugin
+
+    - name: copy configfile
+      template:
+        src: repo/env.j2
+        dest: /root/docker-jitsi-meet/.env
+
+    - name: generate new passwords for internal jitsi components
+      ansible.builtin.shell: /root/docker-jitsi-meet/gen-passwords.sh
+      args:
+        chdir: /root/docker-jitsi-meet/
+
+    - name: pull, build and start jitsi
+      ansible.builtin.shell: docker-compose up -d
+      args:
+        chdir: /root/docker-jitsi-meet/
+
+    - name: pausa di 45 secondi per la fine del deploy di jitsi
+      ansible.builtin.pause:
+        seconds: 45
+
+## Per aggiunta plugin moderazione
+#
+#    - name: stop jitsi
+#      ansible.builtin.shell: docker-compose stop
+#      args:
+#        chdir: /root/docker-jitsi-meet/
+#
+#    - name: copy moderation plugin to it's correct folder
+#      ansible.builtin.shell: cp jitsi-token-moderation-plugin/mod_token_moderation.lua .jitsi-meet-cfg/prosody/prosody-plugins-custom/ && chown 101 .jitsi-meet-cfg/prosody/prosody-plugins-custom/mod_token_moderation.lua
+#      args:
+#        chdir: /root/
+#
+#    - name: start jitsi
+#      ansible.builtin.shell: docker-compose start
+#      args:
+#        chdir: /root/docker-jitsi-meet/

repo/env.j2

@@ -0,0 +1,229 @@
+# shellcheck disable=SC2034
+
+################################################################################
+################################################################################
+# Welcome to the Jitsi Meet Docker setup!
+#
+# This sample .env file contains some basic options to get you started.
+# The full options reference can be found here:
+# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
+################################################################################
+################################################################################
+
+
+#
+# Basic configuration options
+#
+
+# Directory where all configuration will be stored
+CONFIG=~/.jitsi-meet-cfg
+
+# Exposed HTTP port
+HTTP_PORT={{ jitsi_http_port }}
+
+# Exposed HTTPS port
+HTTPS_PORT={{ jitsi_https_port }}
+
+# System me zone
+TZ=Europe/Rome
+
+# Public URL for the web service (required)
+PUBLIC_URL=https://{{ jitsi_http_domain }}
+
+# IP address of the Docker host
+# See the "Running behind NAT or on a LAN environment" section in the Handbook:
+# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
+DOCKER_HOST_ADDRESS={{ ansible_default_ipv4.address }}
+
+
+#
+# JaaS Components (beta)
+# https://jaas.8x8.vc
+#
+
+# Enable JaaS Components (hosted Jigasi)
+#ENABLE_JAAS_COMPONENTS=0
+
+#
+# Let's Encrypt configuration
+#
+
+# Enable Let's Encrypt certificate generation
+ENABLE_LETSENCRYPT=1
+
+# Domain for which to generate the certificate
+LETSENCRYPT_DOMAIN={{ jitsi_http_domain }}
+
+# E-Mail for receiving important account notifications (mandatory)
+LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }}
+
+# Use the staging server (for avoiding rate limits while testing)
+LETSENCRYPT_USE_STAGING=0
+
+# Show a prejoin page before entering a conference
+ENABLE_PREJOIN_PAGE=0
+# Enable the welcome page
+ENABLE_WELCOME_PAGE=0
+
+
+#
+# Etherpad integration (for document sharing)
+#
+
+# Set etherpad-lite URL in docker local network (uncomment to enable)
+#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
+
+# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
+#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
+
+# Name your etherpad instance!
+ETHERPAD_TITLE=Video Chat
+
+# The default text of a pad
+ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
+
+# Name of the skin for etherpad
+ETHERPAD_SKIN_NAME=colibris
+
+# Skin variants for etherpad
+ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
+
+
+#
+# Basic Jigasi configuration options (needed for SIP gateway support)
+#
+
+# SIP URI for incoming / outgoing calls
+#JIGASI_SIP_URI=test@sip2sip.info
+
+# Password for the specified SIP account as a clear text
+#JIGASI_SIP_PASSWORD=passw0rd
+
+# SIP server (use the SIP account domain if in doubt)
+#JIGASI_SIP_SERVER=sip2sip.info
+
+# SIP server port
+#JIGASI_SIP_PORT=5060
+
+# SIP server transport
+#JIGASI_SIP_TRANSPORT=UDP
+
+
+#
+# Authentication configuration (see handbook for details)
+#
+
+# Enable authentication
+ENABLE_AUTH=0
+
+# Enable guest access
+ENABLE_GUESTS=1
+
+# Select authentication type: internal, jwt, ldap or matrix
+AUTH_TYPE=jwt
+
+# JWT authentication
+#
+
+# Application identifier
+#JWT_APP_ID={{ jitsi_jwt_app_id }}
+
+# Application secret known only to your token generator
+#JWT_APP_SECRET={{ jitsi_jwt_app_secret }}
+
+# (Optional) Set asap_accepted_issuers as a comma separated list
+#JWT_ACCEPTED_ISSUERS={{ jitsi_jwt_accepted_audiences }}
+
+# (Optional) Set asap_accepted_audiences as a comma separated list
+#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
+
+# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
+#
+
+# LDAP url for connection
+#LDAP_URL=ldaps://ldap.domain.com/
+
+# LDAP base DN. Can be empty
+#LDAP_BASE=DC=example,DC=domain,DC=com
+
+# LDAP user DN. Do not specify this parameter for the anonymous bind
+#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
+
+# LDAP user password. Do not specify this parameter for the anonymous bind
+#LDAP_BINDPW=LdapUserPassw0rd
+
+# LDAP filter. Tokens example:
+# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
+# %s - %s is replaced by the complete service string
+# %r - %r is replaced by the complete realm string
+#LDAP_FILTER=(sAMAccountName=%u)
+
+# LDAP authentication method
+#LDAP_AUTH_METHOD=bind
+
+# LDAP version
+#LDAP_VERSION=3
+
+# LDAP TLS using
+#LDAP_USE_TLS=1
+
+# List of SSL/TLS ciphers to allow
+#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
+
+# Require and verify server certificate
+#LDAP_TLS_CHECK_PEER=1
+
+# Path to CA cert file. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+# Path to CA certs directory. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
+
+# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
+# LDAP_START_TLS=1
+
+
+#
+# Security
+#
+# Set these to strong passwords to avoid intruders from impersonating a service account
+# The service(s) won't start unless these are specified
+# Running ./gen-passwords.sh will update .env with strong passwords
+# You may skip the Jigasi and Jibri passwords if you are not using those
+# DO NOT reuse passwords
+#
+
+# XMPP password for Jicofo client connections
+JICOFO_AUTH_PASSWORD=
+
+# XMPP password for JVB client connections
+JVB_AUTH_PASSWORD=
+
+# XMPP password for Jigasi MUC client connections
+JIGASI_XMPP_PASSWORD=
+
+# XMPP recorder password for Jibri client connections
+JIBRI_RECORDER_PASSWORD=
+
+# XMPP password for Jibri client connections
+JIBRI_XMPP_PASSWORD=
+
+## Per aggiunta plugin moderazione:
+#XMPP_MUC_MODULES=token_moderation
+
+#
+# Docker Compose options
+#
+
+# Container restart policy
+RESTART_POLICY=unless-stopped
+
+# Jitsi image version (useful for local development)
+#JITSI_IMAGE_VERSION=latest
+
+ENABLE_HTTP_REDIRECT=1
+ENABLE_IPV6=0
+COLIBRI_REST_ENABLED=true
+
+#Per modifica toolbar:
+#TOOLBAR_BUTTONS=camera,closedcaptions,desktop,download,feedback,filmstrip,fullscreen,hangup,help,invite,microphone,mute-everyone,mute-video-everyone,participants-pane,profile,raisehand,security,settings,shareaudio,shortcuts,stats,tileview,toggle-camera,videoquality

repo/influxdb.repo

@@ -0,0 +1,6 @@
+[influxdb]
+name = InfluxDB Repository - RHEL \$releasever
+baseurl = https://repos.influxdata.com/rhel/\$releasever/\$basearch/stable
+enabled = 1
+gpgcheck = 1
+gpgkey = https://repos.influxdata.com/influxdb.key

repo/telegraf.conf

@@ -0,0 +1,12 @@
+[global_tags]
+[agent]
+  interval = "10s"
+  round_interval = true
+  metric_batch_size = 1000
+  metric_buffer_limit = 10000
+  collection_jitter = "0s"
+  flush_interval = "10s"
+  flush_jitter = "0s"
+  precision = ""
+  hostname = ""
+  omit_hostname = false

repo/telegraf_jitsi.conf

@@ -0,0 +1,12 @@
+[[inputs.http]]
+  name_override = "jitsi_stats"
+  urls = [
+    "http://127.0.0.1:8080/colibri/stats"
+  ]
+  data_format = "json"
+[[outputs.influxdb]]
+  urls = ["http://192.168.100.10:8086"] # required
+  database = "telegraf" # required
+  retention_policy = ""
+  write_consistency = "any"
+  timeout = "5s"

roles/docker/tasks/amazon.yml

@@ -0,0 +1,18 @@
+- name: Install docker on AmazonLinux (tested on v2)
+  ansible.builtin.yum:
+    name: "{{ packages }}"
+  vars:
+    packages:
+    - docker
+
+- name: download compose
+  shell: curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | grep -v sha256 | cut -d '"' -f 4 | wget -O /usr/local/bin/docker-compose -qi -
+
+- name: make compose executable
+  shell: chmod +x /usr/local/bin/docker-compose
+
+- name: Reload docker and enable it onboot
+  ansible.builtin.service:
+    name: docker
+    state: reloaded
+    enabled: yes

roles/docker/tasks/centos.yml

@@ -0,0 +1,20 @@
+- name: Install docker on CentOS (tested on 7)
+  ansible.builtin.yum:
+    name: "{{ packages }}"
+  vars:
+    packages:
+    - containerd.io
+    - docker-ce
+    - docker-ce-cli
+
+- name: download compose
+  shell: curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | grep -v sha256 | cut -d '"' -f 4 | wget -O /usr/local/bin/docker-compose -qi -
+
+- name: make compose executable
+  shell: chmod +x /usr/local/bin/docker-compose
+
+- name: Reload docker and enable it onboot
+  ansible.builtin.service:
+    name: docker
+    state: reloaded
+    enabled: yes

roles/docker/tasks/debian.yml

@@ -0,0 +1,42 @@
+- name: Include variables                                                            
+  include_vars:
+    file: "../../../variables.yml"
+
+- name: Install docker prerequsistes
+  apt:
+    pkg:
+    - apt-transport-https
+    - ca-certificates
+    - curl 
+    - software-properties-common
+    - gnupg-agent
+
+- name: Add docker repo key
+  shell: curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
+
+- name: add repo for docker
+  shell: echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
+
+- name: Update repositories cache
+  apt:
+    update_cache: yes
+
+- name: install docker
+  apt:
+    pkg:
+    - docker-ce
+
+#install compose:
+
+- name: download compose
+#  shell: curl -L https://github.com/docker/compose/releases/download/{{ compose_ver }}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
+  shell: curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | grep -v sha256 | cut -d '"' -f 4 | wget -O /usr/local/bin/docker-compose -qi -
+
+- name: make compose executable
+  shell: chmod +x /usr/local/bin/docker-compose
+
+- name: Reload docker and enable it onboot
+  ansible.builtin.service:
+    name: docker
+    state: reloaded
+    enabled: yes

roles/docker/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+
+- include: ubuntu.yml
+  when: ansible_distribution == 'Ubuntu'
+
+- include: debian.yml
+  when: ansible_distribution == 'Debian'
+
+- include: centos.yml
+  when: ansible_distribution == 'CentOS'
+
+- include: amazon.yml
+  when: ansible_distribution == 'Amazon'

roles/docker/tasks/ubuntu.yml

@@ -0,0 +1,41 @@
+- name: Include variables                                                            
+  include_vars:
+    file: "../../../variables.yml"
+
+- name: Install docker prerequsistes
+  apt:
+    pkg:
+    - apt-transport-https
+    - ca-certificates
+    - curl 
+    - software-properties-common
+
+- name: Add docker repo key
+  shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+
+- name: add repo for docker
+  shell: echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" | tee /etc/apt/sources.list.d/docker.list
+
+- name: Update repositories cache
+  apt:
+    update_cache: yes
+
+- name: telegraf
+  apt:
+    pkg:
+    - docker-ce
+
+#install compose:
+
+- name: download compose
+#  shell: curl -L https://github.com/docker/compose/releases/download/{{ compose_ver }}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
+  shell: curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | grep -v sha256 | cut -d '"' -f 4 | wget -O /usr/local/bin/docker-compose -qi -
+
+- name: make compose executable
+  shell: chmod +x /usr/local/bin/docker-compose
+
+- name: Reload docker and enable it onboot
+  ansible.builtin.service:
+    name: docker
+    state: reloaded
+    enabled: yes

roles/telegraf/tasks/amazon.yml

@@ -0,0 +1,20 @@
+- name: "copy influxdb.repo"
+  copy:
+    backup: yes
+    src: "{{ playbook_dir }}/repo/influxdb.repo"
+    dest: /etc/yum.repos.d/influxdb.repo
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: download repo   
+  shell: sed -i "s/\$releasever/$(rpm -E %{rhel})/g" /etc/yum.repos.d/influxdb.repo
+
+- name: Update cache and install a list of COMMON packages with a list variable
+  ansible.builtin.yum:
+    name: "{{ packages }}"
+    update_cache: true
+  vars:
+    packages:
+    - telegraf
+    - wget

roles/telegraf/tasks/centos.yml

@@ -0,0 +1,8 @@
+- name: Update cache and install a list of COMMON packages with a list variable
+  ansible.builtin.yum:
+    name: "{{ packages }}"
+    update_cache: true
+  vars:
+    packages:
+    - telegraf
+    - wget

roles/telegraf/tasks/debian.yml

@@ -0,0 +1,61 @@
+- name: Install telegraf prerequsistes
+  apt:
+    pkg:
+    - apt-transport-https
+    - curl
+
+- name: Add influx repo key
+  shell: curl -sL https://repos.influxdata.com/influxdb.key | apt-key add -
+
+#- name: Check system version
+#  shell: source /etc/os-release
+#  args:
+#     executable: /bin/bash
+#
+#- set_fact: VERSION_ID="{{ lookup('env','VERSION_ID') }}"
+
+- name: memorize debian version variable
+  shell: cat /etc/debian_version | cut -d. -f1
+  register: debian_version
+
+- set_fact:
+    debian_version={{ debian_version.stdout }}
+
+- name: add repo for debian 7
+  when: "{{ debian_version }} == 7"
+  shell: echo "deb https://repos.influxdata.com/debian wheezy stable" | tee /etc/apt/sources.list.d/influxdb.list
+
+- name: add repo for debian 8
+  when: "{{ debian_version }} == 8"
+  shell: echo "deb https://repos.influxdata.com/debian jessie stable" | tee /etc/apt/sources.list.d/influxdb.list
+
+- name: add repo for debian 9
+  when: "{{ debian_version }} == 9"
+  shell: echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sources.list.d/influxdb.list
+
+- name: Update repositories cache
+  apt:
+    update_cache: yes
+
+- name: telegraf
+  apt:
+    pkg:
+    - telegraf
+
+#- name: create telegraf basic config
+#  shell: telegraf -sample-config -input-filter cpu:mem:swap:net:netstat:disk:diskio:docker:system:processes:kernel:sysstat:conntrack:nstat:iptables:sensors -output-filter influxdb > /etc/telegraf/telegraf.conf
+
+- name: restart telegraf
+  systemd:
+    state: restarted
+    name: telegraf
+
+- name: restart telegraf
+  systemd:
+    enabled: yes
+    name: telegraf
+
+- name: display help next steps
+  vars:
+     contents: "{{ lookup('file', 'repo/telegraf_settings') }}"
+  debug: msg="{{ contents.split('\n') }}"

roles/telegraf/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+
+
+- include: debian.yml
+  when: ansible_distribution == 'Debian'
+
+- include: centos.yml
+  when: ansible_distribution == 'CentOS'
+
+- include: amazon.yml
+  when: ansible_distribution == 'Amazon'

variables.yml

@@ -0,0 +1,29 @@
+#CAMBIARE:
+hostname: jitsi-test01
+#
+timezone: Europe/Rome
+#
+jitsi_latest_stable: stable-7648-3
+#
+jitsi_http_port: 80
+jitsi_https_port: 443
+jitsi_http_domain: test.domain.net
+jitsi_letsencrypt_email: something@domain.net
+
+#per generare le password eseguire: 
+#tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1
+
+#generare una password e mettere il nome dell'istanza in fondo, es per mauriziano: awgb3g012hvbkh3[...]8t2y_jitsi_mauriziano
+#
+#jitsi_jwt_app_id: "AAAAA"
+
+#generare una password
+#
+#jitsi_jwt_app_secret: "BBBBB"
+
+#generare una password per ogni utilizzatore e mettere in fondo il nome, es per mauriziano awgb3g012hvbkh3[...]8t2y_mauriziano
+#questo serve perche' sulle istanze shared avremo piu' clienti e cosi' possiamo invalidare gli accessi e capire chi sta usando quale accesso
+#separare le diverse stringhe con una virgola, no spazi
+#
+#jitsi_jwt_accepted_audiences: "CCCCC,DDDDD"
+