diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:42:47 +0200 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:42:47 +0200 |
| commit | 2e8923b383eb06c53261eee8e5c442b857fb67e4 (patch) | |
| tree | 0ad148f75f7b54dfed2dbac8f43f6df9badc502a /cluster/prod/app/jitsi/config/nginx.conf | |
| parent | 9848f3090f77363a2fda0f9fa673ebcf1fb8228c (diff) | |
| download | nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.tar.gz nixcfg-2e8923b383eb06c53261eee8e5c442b857fb67e4.zip | |
Move app files into cluster subdirectories; add prod garage
Diffstat (limited to 'cluster/prod/app/jitsi/config/nginx.conf')
| -rw-r--r-- | cluster/prod/app/jitsi/config/nginx.conf | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/cluster/prod/app/jitsi/config/nginx.conf b/cluster/prod/app/jitsi/config/nginx.conf new file mode 100644 index 0000000..32cc3c1 --- /dev/null +++ b/cluster/prod/app/jitsi/config/nginx.conf @@ -0,0 +1,133 @@ +# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/ +error_log /dev/stderr info; + +events {} + +http { + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + + # mimetypes, required by jitsi! + include /etc/nginx/mime.types; + default_type application/octet-stream; + + types { + application/wasm wasm; + } + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Gzip Settings + ## + gzip on; + + access_log /dev/stdout; + server_names_hash_bucket_size 64; + + # inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf + server { + #listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server; + #listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server; + listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} default_server; + listen [::]:{{ env "NOMAD_PORT_https_port" }} default_server; + client_max_body_size 0; + server_name _; + + # ssi on with javascript for multidomain variables in config.js + ssi on; + ssi_types application/x-javascript application/javascript; + + #ssl_certificate /etc/nginx/jitsi.crt; + #ssl_certificate_key /etc/nginx/jitsi.key; + root /srv/jitsi-meet; + index index.html; + error_page 404 /static/404.html; + + location = /config.js { + alias /srv/jitsi-meet/config.js; + } + + location = /interface_config.js { + alias /srv/jitsi-meet/interface_config.js; + } + + location = /external_api.js { + alias /srv/jitsi-meet/libs/external_api.min.js; + } + + # ensure all static content can always be found first + location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ + { + add_header 'Access-Control-Allow-Origin' '*'; + alias /srv/jitsi-meet/$1/$2; + } + + # not used yet VVV + # colibri (JVB) websockets + #location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { + # proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args; + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "upgrade"; + # tcp_nodelay on; + #} + + location = /http-bind { + # We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL + add_header 'Access-Control-Allow-Headers' 'content-type'; + add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS'; + add_header 'Access-Control-Allow-Origin' '*'; + proxy_pass http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind; + proxy_set_header X-Forwarded-For \$remote_addr; + #proxy_set_header Host \$http_host; + } + + # not used yet VVV + # xmpp websockets + #location = /xmpp-websocket { + # proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket; + # proxy_http_version 1.1; + # proxy_set_header Connection "upgrade"; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; + # proxy_set_header X-Forwarded-For $remote_addr; + # tcp_nodelay on; + #} + + location ~ ^/([^/?&:'"]+)$ { + try_files $uri @root_path; + } + + location @root_path { + rewrite ^/(.*)$ / break; + } + + # Not used yet VVVV + # Etherpad-lite + # location /etherpad/ { + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection 'upgrade'; + # proxy_set_header Host $host; + # proxy_cache_bypass $http_upgrade; + # proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/; + # proxy_set_header X-Forwarded-For $remote_addr; + # proxy_buffering off; + # proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; + # } + + } +} |