blob: aecf4ce6e5888152a2fea390956054da16cd821a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
error_log /dev/stderr;
events {}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# mimetypes, required by jitsi!
include /etc/nginx/mime.types;
default_type application/octet-stream;
types {
application/wasm wasm;
}
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Gzip Settings
##
gzip on;
access_log /dev/stdout;
server_names_hash_bucket_size 64;
# inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
server {
listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
client_max_body_size 0;
server_name _;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
ssl_certificate /etc/nginx/jitsi.crt;
ssl_certificate_key /etc/nginx/jitsi.key;
root /srv/jitsi-meet;
index index.html;
error_page 404 /static/404.html;
location = /config.js {
alias /srv/jitsi-meet/config.js;
}
location = /interface_config.js {
alias /srv/jitsi-meet/interface_config.js;
}
location = /external_api.js {
alias /srv/jitsi-meet/libs/external_api.min.js;
}
# ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /srv/jitsi-meet/$1/$2;
}
# not used yet VVV
# colibri (JVB) websockets
#location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
# proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# tcp_nodelay on;
#}
location = /http-bind {
# We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL
add_header 'Access-Control-Allow-Headers' 'content-type';
add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS';
add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header Host \$http_host;
}
# not used yet VVV
# xmpp websockets
#location = /xmpp-websocket {
# proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
# proxy_http_version 1.1;
# proxy_set_header Connection "upgrade";
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
# proxy_set_header X-Forwarded-For $remote_addr;
# tcp_nodelay on;
#}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
}
# Not used yet VVVV
# Etherpad-lite
# location /etherpad/ {
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
# proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_buffering off;
# proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
# }
}
}
|