aboutsummaryrefslogtreecommitdiff
path: root/app/jitsi/config/nginx.conf
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-08-23 18:00:07 +0200
committerAlex Auvolat <alex@adnab.me>2022-08-23 18:00:07 +0200
commit5994e41ad1fdba931ae488d8e0efb13f3e505c18 (patch)
tree342f432cc0a4598570672f7f8d66d7fa400aa693 /app/jitsi/config/nginx.conf
parent02b1e6200c6f2acf85e4471ea341adde8e93ec9c (diff)
downloadnixcfg-5994e41ad1fdba931ae488d8e0efb13f3e505c18.tar.gz
nixcfg-5994e41ad1fdba931ae488d8e0efb13f3e505c18.zip
Add jitsi
Diffstat (limited to 'app/jitsi/config/nginx.conf')
-rw-r--r--app/jitsi/config/nginx.conf133
1 files changed, 133 insertions, 0 deletions
diff --git a/app/jitsi/config/nginx.conf b/app/jitsi/config/nginx.conf
new file mode 100644
index 0000000..32cc3c1
--- /dev/null
+++ b/app/jitsi/config/nginx.conf
@@ -0,0 +1,133 @@
+# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
+error_log /dev/stderr info;
+
+events {}
+
+http {
+ ##
+ # Basic Settings
+ ##
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+
+
+ # mimetypes, required by jitsi!
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ types {
+ application/wasm wasm;
+ }
+
+ ##
+ # SSL Settings
+ ##
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+ ssl_prefer_server_ciphers on;
+
+ ##
+ # Gzip Settings
+ ##
+ gzip on;
+
+ access_log /dev/stdout;
+ server_names_hash_bucket_size 64;
+
+ # inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
+ server {
+ #listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
+ #listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
+ listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} default_server;
+ listen [::]:{{ env "NOMAD_PORT_https_port" }} default_server;
+ client_max_body_size 0;
+ server_name _;
+
+ # ssi on with javascript for multidomain variables in config.js
+ ssi on;
+ ssi_types application/x-javascript application/javascript;
+
+ #ssl_certificate /etc/nginx/jitsi.crt;
+ #ssl_certificate_key /etc/nginx/jitsi.key;
+ root /srv/jitsi-meet;
+ index index.html;
+ error_page 404 /static/404.html;
+
+ location = /config.js {
+ alias /srv/jitsi-meet/config.js;
+ }
+
+ location = /interface_config.js {
+ alias /srv/jitsi-meet/interface_config.js;
+ }
+
+ location = /external_api.js {
+ alias /srv/jitsi-meet/libs/external_api.min.js;
+ }
+
+ # ensure all static content can always be found first
+ location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
+ {
+ add_header 'Access-Control-Allow-Origin' '*';
+ alias /srv/jitsi-meet/$1/$2;
+ }
+
+ # not used yet VVV
+ # colibri (JVB) websockets
+ #location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
+ # proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
+ # proxy_http_version 1.1;
+ # proxy_set_header Upgrade $http_upgrade;
+ # proxy_set_header Connection "upgrade";
+ # tcp_nodelay on;
+ #}
+
+ location = /http-bind {
+ # We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL
+ add_header 'Access-Control-Allow-Headers' 'content-type';
+ add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS';
+ add_header 'Access-Control-Allow-Origin' '*';
+ proxy_pass http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind;
+ proxy_set_header X-Forwarded-For \$remote_addr;
+ #proxy_set_header Host \$http_host;
+ }
+
+ # not used yet VVV
+ # xmpp websockets
+ #location = /xmpp-websocket {
+ # proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
+ # proxy_http_version 1.1;
+ # proxy_set_header Connection "upgrade";
+ # proxy_set_header Upgrade $http_upgrade;
+ # proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
+ # proxy_set_header X-Forwarded-For $remote_addr;
+ # tcp_nodelay on;
+ #}
+
+ location ~ ^/([^/?&:'"]+)$ {
+ try_files $uri @root_path;
+ }
+
+ location @root_path {
+ rewrite ^/(.*)$ / break;
+ }
+
+ # Not used yet VVVV
+ # Etherpad-lite
+ # location /etherpad/ {
+ # proxy_http_version 1.1;
+ # proxy_set_header Upgrade $http_upgrade;
+ # proxy_set_header Connection 'upgrade';
+ # proxy_set_header Host $host;
+ # proxy_cache_bypass $http_upgrade;
+ # proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
+ # proxy_set_header X-Forwarded-For $remote_addr;
+ # proxy_buffering off;
+ # proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
+ # }
+
+ }
+}