diff --git a/README.md b/README.md
index c0d10fa..858cfa4 100644
--- a/README.md
+++ b/README.md
@@ -14,16 +14,31 @@ Requirements
Role Variables
--------------
-| Variable | Description | Default |
-|---------------------------|-------------------------------------------------------------------------------|------------------|
-| docker_user | The user who is going to manage/run the Docker Compose services | deploy |
-| jitsi_enable_letsencrypt | Jitsi will take care of Let's Encrypt certificates | 0 |
-| *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set |
-| jitsi_exposed_http_port | Exposed container port for HTTP | 8000 |
-| jitsi_exposed_https_port | Exposed container port for HTTPS | 8443 |
-| jitsi_public_url | The public URL under which Jitsi Meet can be accessed | http://localhost |
-| jitsi_timezone | | Europe/Amsterdam |
-| jitsi_virtual_host | The virtual host that is e.g. used by Traefik, usually part of the public url | localhost |
+| Variable | Description | Default |
+| --------------------------- | ------------------------------------------------------------------------------- | ------------------ |
+| docker_user | The user who is going to manage/run the Docker Compose services | deploy |
+| *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set |
+| jitsi_docker_host_address | | |
+| jitsi_enable_letsencrypt | Jitsi will take care of Let's Encrypt certificates | 0 |
+| jitsi_exposed_http_port | Exposed container port for HTTP | 8000 |
+| jitsi_exposed_https_port | Exposed container port for HTTPS | 8443 |
+| jitsi_jibri_recorder_password | Provide a secure password\* | |
+| jitsi_jibri_recorder_user | | |
+| jitsi_jibri_xmpp_password | | |
+| jitsi_jibri_xmpp_user | | |
+| jitsi_jicofo_auth_password | | |
+| jitsi_jicofo_auth_user | | |
+| jitsi_jicofo_component_secret | | |
+| jitsi_jigasi_xmpp_password | | |
+| jitsi_jigasi_xmpp_user | | |
+| jitsi_jvb_auth_password | | |
+| jitsi_jvb_auth_user | | |
+| jitsi_jvb_stun_servers | | stun:stun.schlund.de:3478,
stun:stun.t-online.de:3478,
stun:stun.1und1.de:3478 |
+| jitsi_public_url | The public URL under which Jitsi Meet can be accessed | http://localhost |
+| jitsi_timezone | | Europe/Amsterdam |
+| jitsi_virtual_host | The virtual host that is e.g. used by Traefik, usually part of the public url | localhost |
+
+\* It is important to provide a dedicated secure password for each service. Generate passwords with e.g. `openssl rand -hex 16`
Dependencies
------------
diff --git a/defaults/main.yml b/defaults/main.yml
index c4b7667..79fdff6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,4 +7,5 @@ jitsi_exposed_http_port: 8000
jitsi_exposed_https_port: 8443
jitsi_virtual_host: localhost
jitsi_public_url: http://{{ jitsi_virtual_host }}
-jitsi_timezone: Europe/Amsterdam
\ No newline at end of file
+jitsi_timezone: Europe/Amsterdam
+jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443
\ No newline at end of file
diff --git a/templates/env.jitsi.j2 b/templates/env.jitsi.j2
index 5281d34..efb7ab6 100644
--- a/templates/env.jitsi.j2
+++ b/templates/env.jitsi.j2
@@ -15,7 +15,7 @@ HTTPS_PORT={{ jitsi_exposed_https_port }}
TZ={{ jitsi_timezone }}
# Public URL for the web service.
-PUBLIC_URL="{{ jitsi_public_url }}"
+PUBLIC_URL={{ jitsi_public_url }}
VIRTUAL_HOST={{ jitsi_virtual_host }}
# IP address of the Docker host. See the "Running on a LAN environment" section
@@ -178,13 +178,13 @@ XMPP_INTERNAL_MUC_MODULES=
JVB_BREWERY_MUC=jvbbrewery
# XMPP user for JVB client connections.
-JVB_AUTH_USER=jvb
+JVB_AUTH_USER={{ jitsi_jvb_auth_user }}
# XMPP password for JVB client connections.
-JVB_AUTH_PASSWORD=passw0rd
+JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
# STUN servers used to discover the server's public IP.
-JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
+JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
# Media port for the Jitsi Videobridge
JVB_PORT=10000
@@ -198,22 +198,22 @@ JVB_TCP_PORT=4443
#JVB_ENABLE_APIS=rest,colibri
# XMPP component password for Jicofo.
-JICOFO_COMPONENT_SECRET=s3cr37
+JICOFO_COMPONENT_SECRET={{ jitsi_jicofo_component_secret }}
# XMPP user for Jicofo client connections. NOTE: this option doesn't currently work due to a bug.
-JICOFO_AUTH_USER=focus
+JICOFO_AUTH_USER={{ jitsi_jicofo_auth_user }}
# XMPP password for Jicofo client connections.
-JICOFO_AUTH_PASSWORD=passw0rd
+JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }}
# Base URL of Jicofo's reservation REST API
#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com
# XMPP user for Jigasi MUC client connections.
-JIGASI_XMPP_USER=jigasi
+JIGASI_XMPP_USER={{ jitsi_jigasi_xmpp_user }}
# XMPP password for Jigasi MUC client connections.
-JIGASI_XMPP_PASSWORD=passw0rd
+JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }}
# MUC name for the Jigasi pool.
JIGASI_BREWERY_MUC=jigasibrewery
@@ -261,10 +261,10 @@ JIGASI_PORT_MAX=20050
XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
# XMPP recorder user for Jibri client connections.
-JIBRI_RECORDER_USER=recorder
+JIBRI_RECORDER_USER={{ jitsi_jibri_recorder_user }}
# XMPP recorder password for Jibri client connections.
-JIBRI_RECORDER_PASSWORD=passw0rd
+JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }}
# Directory for recordings inside Jibri container.
JIBRI_RECORDING_DIR=/config/recordings
@@ -273,10 +273,10 @@ JIBRI_RECORDING_DIR=/config/recordings
JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
# XMPP user for Jibri client connections.
-JIBRI_XMPP_USER=jibri
+JIBRI_XMPP_USER={{ jitsi_jibri_xmpp_user }}
# XMPP password for Jibri client connections.
-JIBRI_XMPP_PASSWORD=passw0rd
+JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }}
# MUC name for the Jibri pool.
JIBRI_BREWERY_MUC=jibribrewery