"You didn't set up this ownCloud app."... except that I did. about nextcloud-spreedme HOT 13 CLOSED

; Spreed WebRTC server example configuration

[http]
; HTTP listener in format ip:port.
listen = 127.0.0.1:8080
; Full path to directory where to find the server web assets.
;root = /usr/share/spreed-webrtc-server/www
; HTTP socket read timeout in seconds.
;readtimeout = 10
; HTTP socket write timeout in seconds.
;writetimeout = 10
; Use basePath if the server does not run on the root path (/) of your server.
basePath = /spreed-webrtc/
; Set maximum number of open files (only works when run as root).
;maxfd = 32768
; Enable stats API /api/v1/stats for debugging (not for production use!).
;stats = false
; Enable HTTP listener for golang pprof module. See
; http://golang.org/pkg/net/http/pprof/ for details.
;pprofListen = 127.0.0.1:6060

[https]
; Native HTTPS listener in format ip:port.
;listen = 127.0.0.1:8443
; Full path to PEM encoded certificate chain.
;certificate = server.crt
; Full path to PEM encoded private key.
;key = server.key
; Mimimal supported encryption standard (SSLv3, TLSv1, TLSv1.1 or TLSv1.2).
;minVersion = SSLv3
; HTTPS socket read timeout in seconds.
;readtimeout = 10
; HTTPS socket write timeout in seconds.
;writetimeout = 10

[app]
; HTML page title
title = MyDomain.com Real Time Communication
; Version string to use for static resources. This defaults to the server
; version and should only be changed when you use your own way to invalidate
; long cached static resources.
;ver = 1234
; STUN server URIs in format host:port. You can provide multiple seperated by
; space. If you do not have one use a public one like stun.spreed.me:443. If
; you have a TURN server you do not need to set an STUN server as the TURN
; server will provide STUN services.
;stunURIs = stun:stun.spreed.me:443
; TURN server URIs in format host:port?transport=udp|tcp. You can provide
; multiple seperated by space. If you do not have at least one TURN server then
; some users will not be able to use the server as the peer to peer connection
; cannot be established without a TURN server due to firewall reasons. An open
; source TURN server which is fully supported can be found at
; https://code.google.com/p/rfc5766-turn-server/.
;turnURIs = turn:turnserver:port?transport=udp
; Shared secret authentication for TURN user generation if the TURN server is
; protected (which it should be).
; See http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 for details.
; A supported TURN server is https://code.google.com/p/rfc5766-turn-server/.
;turnSecret = the-default-turn-shared-secret-do-not-keep
; Enable renegotiation support. Set to true to tell clients that they can
; renegotiate peer connections when required. Firefox support is not complete,
; so do not enable if you want compatibility with Firefox clients.
;renegotiation = false
; Session secret to use for session id generator. 32 or 64 bytes of random data
; are recommented (hex encoded). A warning will be logged if hex decode fails.
; You can generate a secret easily with "xxd -ps -l 32 -c 32 /dev/random".
sessionSecret = XXXXXXXXXXXX
; Encryption secret protecting the data in generated server side tokens. Use
; 16, 24, or 32 bytes (hex encoded) to select AES-128, AES-192, or AES-256.
; When you change the encryption secret, stored authentications, sessions and
; contacts become invalid. A warning will be logged if hex decode fails. You
; can generate a secret easily with "xxd -ps -l 32 -c 32 /dev/random".
encryptionSecret = XXXXXXXXXXXX
; Full path to a text file containig client tokens which a user needs to enter
; when accessing the web client. Each line in this file represents a valid
; token.
;tokenFile = tokens.txt
; The name of a global room. If enabled it should be kept secret. Users in that
; room are visible in all other rooms.
;globalRoom = global
; The default room is the room at the root URL of the servers base address and
; all users will join this room if enabled. If it is disabled then a room join
; form will be shown instead.
;defaultRoomEnabled = true
; Whether a user account is required to join a room. This only has an effect
; if user accounts are enabled. Optional, defaults to false.
authorizeRoomJoin = true
; Whether a user account is required to create a room. This only has an effect
; if user accounts are enabled. Optional, defaults to false.
;authorizeRoomCreation = false
; Wether the pipelines API should be enabled. Optional, defaults to false.
;pipelinesEnabled = false
; Server token is a public random string which is used to enhance security of
; server generated security tokens. When the serverToken is changed all existing
; nonces become invalid. Use 32 or 64 characters (eg. 16 or 32 byte hex).
serverToken = i-did-not-change-the-public-token-boo
; The server realm is part of the validation chain of tokens and nonces and is
; added as suffix to server created user ids if user creation is enabled. When
; the realm is changed, all existing tokens and nonces become invalid.
serverRealm = local
; Full path to an extra templates directory. Templates in this directory ending
; with .html will be parsed on startup and can be used to fill the supported
; extra-* template slots. If the extra folder has a sub folder "static", the
; resources in this static folder will be available as /extra/static/filename
; relative to your servers base URL.
extra = /path/to/my/nextcloud/apps/spreedme/extra (<---- Changed obviously)
; URL relative to the servers base path for a plugin javascript file which is
; automatically loaded on web client start for all users. You can put your
; plugin in the extra/static folder (see above) or provide another folder using
; a front end webserver. Check the doc folder for more info about plugins and
; examples.
plugin = extra/static/owncloud.js
; Content-Security-Policy HTTP response header value.
; Spreed WebRTC requires inline styles, WebSocket connection to itself and
; data: URL for images.
; The currently recommended CSP is:
;   default-src 'self';
;   frame-src 'self' blob:;
;   style-src 'self' 'unsafe-inline';
;   img-src 'self' data: blob:;
;   connect-src 'self' wss://server:port/ws blob:;
;   font-src 'self' data: blob:;
;   media-src 'self' blob:;
;contentSecurityPolicy =
; Content-Security-Policy-Report-Only HTTP response header value. Use this
; to test your CSP before putting it into production.
;contentSecurityPolicyReportOnly =

[modules]
; Modules provide optional functionality. Modules are enabled by default and
; can be disabled by setting false to their corresponding configuration.
;screensharing = true
;youtube = true
;presentation = true
;contacts = true

[log]
;logfile = /var/log/spreed-webrtc-server.log

[users]
; Set to true to enable user functionality.
enabled = true
; Set users authorization mode.
; sharedsecret:
;   Validates the userid with a HMAC authentication secret.
;   The format goes like this:
;     BASE64(HMAC-SHA-256(secret, expirationTimestampInSeconds:userid))
; httpheader:
;   The userid is provided as an HTTP header. The server does not do any
;   validation. This usually only makes sense with a front end HTTPS proxy which
;   does the authentication and injects the user id as HTTP header for sessions
;   REST requests. In mode httpheader, allowRegistration should be false.
; certificate:
;   The userid is provided as CommonName with a certificate provided with TLS
;   client authentication. When you use this with a front end proxy for TLS
;   termination, that proxy has to validate the certificate and inject certain
;   headers into the proxy connection. In certificate mode the server can act as
;   a signing CA to sign incoming user certificate requests with a private key
;   when allowRegistration is true. While certificate mode offers the highest
;   security it is currently considered experimental and the user experience
;   varies between browsers and platforms.
mode = sharedsecret
; The shared secred for HMAC validation in "sharedsecret" mode. Best use 32 or
; 64 bytes of random data.
sharedsecret_secret = XXXXXXXXXXXX
; The HTTP header name where to find the userid in "httpheader" mode.
;httpheader_header = x-userid
; Full path to PEM encoded private key to use for user creation in "certificate"
; mode. Keep this commented if you do not want the server to sign certificate
; requests.
;certificate_key = userskey.key
; Full path to PEM encoded certificate to use for user validation in
; "certificate" mode. When allowRegistration is true and certificate_key is also
; set then the server will act as a CA and sign incoming user registrations and
; return certificates to users as registration.
;certificate_certificate = usersca.crt
; The HTTP header name where to find if the TLS client authentication was
; successfull. The value of this header is matched to
; certificate_verifiedHeaderValue and only if there is a match, the proxy
; handled TLS client authentication is accepted as success. Make sure to secure
; these headers with your front end proxy (always set them). Do not use these
; settings when not using a front end proxy.
;certificate_verifiedHeader = x-verified
;certificate_verifiedHeaderValue = SUCCESS
; The HTTP header name where to find the PEM encoded certificate authenticated
; by a front end proxy. With Nginx the required value is in $ssl_client_cert.
;certificate_certificateHeader = x-certificate
; The valid duration of generated certificates created in certificate mode when
; allowRegistration is enabled.
;certificate_validForDays = 365
; Organization to set into the created user certificates. Use a readable public
; name to make the certificate easily recognizable as certificate for your
; server so users can choose the correct certificate when prompted.
;certificate_organization= = My Spreed Server
; If enabled the server can create new userids. Set allowRegistration to true to
; enable userid creation/registration. Users are created according the settings
; of the currently configured mode (see above).
;allowRegistration = false

[nats]
; Set to true, to enable triggering channelling events via NATS
;channelling_trigger = false
;channelling_trigger_subject = channelling.trigger
; NATS server URL
;url = nats://127.0.0.1:4222
; NATS connect establish timeout in seconds
;establishTimeout = 60
; Use client_id to distinguish between multipe servers. The value is sent
; together with every NATS request. Defaults to empty.
;client_id =

<?php
/**
 * ownCloud - spreedme
 *
 * This file is licensed under the Affero General Public License version 3 or
 * later. See the COPYING file.
 *
 * @author Leon <[email protected]>
 * @copyright struktur AG 2016
 */

namespace OCA\SpreedME\Config;

class Config {

        // Domain of your Spreed WebRTC server (including protocol and optional port number), examples:
        //const SPREED_WEBRTC_ORIGIN = 'https://myowncloudserver.com';
        //const SPREED_WEBRTC_ORIGIN = 'https://webrtc.myowncloudserver.com:8080';
        // If this is empty or only includes a port (e.g. :8080), host will automatically be determined (current host)
        const SPREED_WEBRTC_ORIGIN = 'https://mydomain.com'; <-- Changed for security

        // This has to be the same `basePath`
        // you already set in the [http] section of the `server.conf` file from Spreed WebRTC server
        const SPREED_WEBRTC_BASEPATH = '/spreed-webrtc/';

        // This has to be the same `sharedsecret_secret` (64-character HEX string)
        // you already set in the [users] section of the `server.conf` file from Spreed WebRTC server                                          
        const SPREED_WEBRTC_SHAREDSECRET = 'XXXXXXXXX';  <-- Changed for security                                

        // Set to true if you want to allow access to this app + spreed-webrtc for non-registered users who received a temporary password by an ownCloud admin.                                                                                                                               
        // You can generate such a temporary password at: /index.php/apps/spreedme/admin/tp (ownCloud admin user account required)             
        const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED = true;                                                                                

        // If 'OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED' is set to true, you also have to provide a signing key here (64-character HEX string)
        // Generate it using `xxd -ps -l 32 -c 32 /dev/random` (better) or `openssl rand -hex 32`
        const OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY = 'xxxxxxxxxxxxxxx'; <-- Changed for security

        private function __construct() {

        }

}

server 2016/07/10 15:24:54 Using '/spreed-webrtc/' base base path.
server 2016/07/10 15:24:54.059792 Enabled modules: [screensharing youtube presentation contacts]
server 2016/07/10 15:24:54.061098 Loaded extra templates from: /var/www/owncloud/apps/spreedme/extra
server 2016/07/10 15:24:54.061110 Using the number of CPU's (1) as GOMAXPROCS
server 2016/07/10 15:24:54.061115 Max open files are 65536
server 2016/07/10 15:24:54.061941 Enabled users handler 'sharedsecret'
server 2016/07/10 15:24:54.062121 Added URL handler /extra/static/... for static files in /var/www/owncloud/apps/spreedme/extra/static/...
server 2016/07/10 15:24:54 Starting HTTP server on 127.0.0.1:8080