From b6b812c01153bdf023a8c9a4e1651052b5c3500f Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 1 Feb 2021 18:19:43 +0100 Subject: Upgrade jitsi nginx conf to make ADRN happy! --- app/jitsi/config/nginx.conf | 79 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 67 insertions(+), 12 deletions(-) (limited to 'app/jitsi') diff --git a/app/jitsi/config/nginx.conf b/app/jitsi/config/nginx.conf index 12cca4a..b1e201f 100644 --- a/app/jitsi/config/nginx.conf +++ b/app/jitsi/config/nginx.conf @@ -7,31 +7,53 @@ http { access_log /dev/stdout; server_names_hash_bucket_size 64; + # inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf server { listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server; listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server; + client_max_body_size 0; server_name _; + + # ssi on with javascript for multidomain variables in config.js + ssi on; + ssi_types application/x-javascript application/javascript; + ssl_certificate /etc/nginx/jitsi.crt; ssl_certificate_key /etc/nginx/jitsi.key; root /srv/jitsi-meet; index index.html; + error_page 404 /static/404.html; + + location = /config.js { + alias /srv/jitsi-meet/config.js; + } - # lot of work would be needed to improve location rules - # - in order to allow - and _ in the URL, even space - # - while not shadowing other files (.js and following locations) - # - passed some times twice on the problem, not as easy as it seems - location ~ ^/([a-zA-Z0-9=\?]+)$ { - rewrite ^/(.*)$ / break; + location = /interface_config.js { + alias /srv/jitsi-meet/interface_config.js; } - location / { - ssi on; + + location = /external_api.js { + alias /srv/jitsi-meet/libs/external_api.min.js; } - location /external_api.js { - alias /srv/jitsi-meet/libs/external_api.min.js; + # ensure all static content can always be found first + location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ + { + add_header 'Access-Control-Allow-Origin' '*'; + alias /srv/jitsi-meet/$1/$2; } - location /http-bind { + # not used yet VVV + # colibri (JVB) websockets + #location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { + # proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args; + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "upgrade"; + # tcp_nodelay on; + #} + + location = /http-bind { # We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL add_header 'Access-Control-Allow-Headers' 'content-type'; add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS'; @@ -41,6 +63,39 @@ http { proxy_set_header Host \$http_host; } - + # not used yet VVV + # xmpp websockets + #location = /xmpp-websocket { + # proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket; + # proxy_http_version 1.1; + # proxy_set_header Connection "upgrade"; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; + # proxy_set_header X-Forwarded-For $remote_addr; + # tcp_nodelay on; + #} + + location ~ ^/([^/?&:'"]+)$ { + try_files $uri @root_path; + } + + location @root_path { + rewrite ^/(.*)$ / break; + } + + # Not used yet VVVV + # Etherpad-lite + # location /etherpad/ { + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection 'upgrade'; + # proxy_set_header Host $host; + # proxy_cache_bypass $http_upgrade; + # proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/; + # proxy_set_header X-Forwarded-For $remote_addr; + # proxy_buffering off; + # proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; + # } + } } -- cgit v1.2.3