From 6f6fe7717ce9eca34de4d5d86bc3da2038e6d5ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=8F=D0=BD=20=D0=9C=D0=B8=D0=BD=D0=BA?=
 =?UTF-8?q?=D0=BE=D0=B2?= <damencho@jitsi.org>
Date: Mon, 7 Jun 2021 13:09:26 -0500
Subject: [PATCH] prosody: enable limits

* feat: Enables limits with default values from upstream.

* feat: Enables limits_exception module and adding jicofo and jvb.

Removes the limits for the jicofo and jvb connections.
---
 prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua |  8 ++++++++
 prosody/rootfs/defaults/prosody.cfg.lua           | 11 +++++++++++
 2 files changed, 19 insertions(+)

diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
index e33381f..6bd2322 100644
--- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
+++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
@@ -3,6 +3,11 @@ admins = {
     "{{ .Env.JVB_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}"
 }
 
+unlimited_jids = {
+    "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}",
+    "{{ .Env.JVB_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}"
+}
+
 plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
 http_default_host = "{{ .Env.XMPP_DOMAIN }}"
 
@@ -130,6 +135,9 @@ VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}"
         key = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.key";
         certificate = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.crt";
     }
+    modules_enabled = {
+        "limits_exception";
+    }
     authentication = "internal_hashed"
 
 {{ if .Env.XMPP_RECORDER_DOMAIN }}
diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua
index 467d422..b949e3c 100644
--- a/prosody/rootfs/defaults/prosody.cfg.lua
+++ b/prosody/rootfs/defaults/prosody.cfg.lua
@@ -43,6 +43,7 @@ modules_enabled = {
 	-- Not essential, but recommended
 		"private"; -- Private XML storage (for room bookmarks, etc.)
 		"vcard"; -- Allow users to set vCards
+		"limits"; -- Enable bandwidth limiting for XMPP connections
 
 	-- These are commented by default as they have a performance impact
 		--"privacy"; -- Support privacy lists
@@ -93,6 +94,16 @@ allow_registration = false;
 
 daemonize = false;
 
+-- Enable rate limits for incoming client and server connections
+limits = {
+  c2s = {
+    rate = "10kb/s";
+  };
+  s2sin = {
+    rate = "30kb/s";
+  };
+}
+
 pidfile = "/config/data/prosody.pid";
 
 -- Force clients to use encrypted connections? This option will