security: don't provide default passwords

Also check if they are not provided at sstartup time and fail to start
in that case.

README.md

@@ -32,9 +32,11 @@ follow these steps:
 
 * Clone this repository to your computer.
   * `git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meet`
-* Create a ``.env`` file by copying and adjusting ``env.example``, and create required `CONFIG` directories
+* Create a ``.env`` file by copying and adjusting ``env.example``
   * `cp env.example .env`
-  * `mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb}`
+  * Set strong passwords in the security section options, they ccan be generated with `openssl rand -hex 16`
+* Create required `CONFIG` directories
+  * `mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb,jigasi,jibri}`
 * Run ``docker-compose up -d``.
 * Access the web UI at [``https://localhost:8443``](https://localhost:8443) (or a different port, in case you edited the compose file).
 
@@ -51,6 +53,15 @@ If you want to use jibri too, first configure a host as described in JItsi BRoad
 and then run Docker Compose as follows: ``docker-compose -f docker-compose.yml -f jibri.yml up -d``
 or to use jigasi too: ``docker-compose -f docker-compose.yml -f jigasi.yml -f jibri.yml up -d``
 
+### Security note
+
+This setup used to have default passwords for intetrnal accounts used across components. In order to make the default setup
+secure by default these have been removed and the respective containers won't start without having a password set.
+
+Strong passwordds may be generated as follows: `openssl rand -hex 16`
+
+DO NOT reuse any of the passwords.
+
 ## Architecture
 
 A Jitsi Meet installation can be broken down into the following components: