155 lines
4.3 KiB
Nginx Configuration File
155 lines
4.3 KiB
Nginx Configuration File
# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
|
|
error_log /dev/stderr info;
|
|
|
|
events {}
|
|
|
|
http {
|
|
##
|
|
# Basic Settings
|
|
##
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
|
|
# mimetypes, required by jitsi!
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
types {
|
|
application/wasm wasm;
|
|
}
|
|
|
|
##
|
|
# SSL Settings
|
|
##
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
gzip on;
|
|
|
|
access_log /dev/stdout;
|
|
server_names_hash_bucket_size 64;
|
|
|
|
# Log real IPs
|
|
set_real_ip_from 10.0.0.0/8;
|
|
set_real_ip_from 172.16.0.0/12;
|
|
set_real_ip_from 192.168.0.0/16;
|
|
real_ip_header X-Forwarded-For;
|
|
|
|
# inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
|
|
server {
|
|
#listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
|
#listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
|
listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} default_server;
|
|
listen [::]:{{ env "NOMAD_PORT_https_port" }} default_server;
|
|
client_max_body_size 0;
|
|
server_name _;
|
|
|
|
# ssi on with javascript for multidomain variables in config.js
|
|
ssi on;
|
|
ssi_types application/x-javascript application/javascript;
|
|
|
|
#ssl_certificate /etc/nginx/jitsi.crt;
|
|
#ssl_certificate_key /etc/nginx/jitsi.key;
|
|
root /srv/jitsi-meet;
|
|
index index.html;
|
|
error_page 404 /static/404.html;
|
|
|
|
location = /config.js {
|
|
alias /srv/jitsi-meet/config.js;
|
|
}
|
|
|
|
location = /interface_config.js {
|
|
alias /srv/jitsi-meet/interface_config.js;
|
|
}
|
|
|
|
location = /external_api.js {
|
|
alias /srv/jitsi-meet/libs/external_api.min.js;
|
|
}
|
|
|
|
# ensure all static content can always be found first
|
|
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
|
|
{
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
alias /srv/jitsi-meet/$1/$2;
|
|
}
|
|
|
|
# Disallow robots indexation
|
|
location = /robots.txt {
|
|
add_header Content-Type text/plain;
|
|
return 200 "User-agent: *\nDisallow: /\n";
|
|
}
|
|
|
|
# not used yet VVV
|
|
# colibri (JVB) websockets
|
|
#location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
|
|
# proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
# tcp_nodelay on;
|
|
#}
|
|
|
|
|
|
location ~* {{ key "secrets/jitsi/blacklist_regex" }} {
|
|
return 302 https://www.service-public.fr/particuliers/vosdroits/R17674;
|
|
}
|
|
|
|
location = /http-bind {
|
|
if ($args ~* {{ key "secrets/jitsi/blacklist_regex" }}) {
|
|
return 403 'forbidden';
|
|
}
|
|
|
|
# We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL
|
|
add_header 'Access-Control-Allow-Headers' 'content-type';
|
|
add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS';
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
proxy_pass http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
#proxy_set_header Host $http_host;
|
|
proxy_set_header Host jitsi-bosh;
|
|
}
|
|
|
|
# not used yet VVV
|
|
# xmpp websockets
|
|
#location = /xmpp-websocket {
|
|
# proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Connection "upgrade";
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
|
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
|
# tcp_nodelay on;
|
|
#}
|
|
|
|
location ~ ^/([^/?&:'"]+)$ {
|
|
try_files $uri @root_path;
|
|
}
|
|
|
|
location @root_path {
|
|
rewrite ^/(.*)$ / break;
|
|
}
|
|
|
|
# Not used yet VVVV
|
|
# Etherpad-lite
|
|
# location /etherpad/ {
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection 'upgrade';
|
|
# proxy_set_header Host $host;
|
|
# proxy_cache_bypass $http_upgrade;
|
|
# proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
|
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
|
# proxy_buffering off;
|
|
# proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
|
|
# }
|
|
|
|
}
|
|
}
|