# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/ error_log /dev/stderr info; events {} http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # mimetypes, required by jitsi! include /etc/nginx/mime.types; default_type application/octet-stream; types { application/wasm wasm; } ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Gzip Settings ## gzip on; access_log /dev/stdout; server_names_hash_bucket_size 64; # Log real IPs set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/12; set_real_ip_from 192.168.0.0/16; real_ip_header X-Forwarded-For; # inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf server { #listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server; #listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server; listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} default_server; listen [::]:{{ env "NOMAD_PORT_https_port" }} default_server; client_max_body_size 0; server_name _; # ssi on with javascript for multidomain variables in config.js ssi on; ssi_types application/x-javascript application/javascript; #ssl_certificate /etc/nginx/jitsi.crt; #ssl_certificate_key /etc/nginx/jitsi.key; root /srv/jitsi-meet; index index.html; error_page 404 /static/404.html; location = /config.js { alias /srv/jitsi-meet/config.js; } location = /interface_config.js { alias /srv/jitsi-meet/interface_config.js; } location = /external_api.js { alias /srv/jitsi-meet/libs/external_api.min.js; } # ensure all static content can always be found first location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ { add_header 'Access-Control-Allow-Origin' '*'; alias /srv/jitsi-meet/$1/$2; } # not used yet VVV # colibri (JVB) websockets #location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { # proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # tcp_nodelay on; #} location ~ "2daut2wank2|2duat2wank|2duat2wank0|2duat2wank1|2duat2wank2|2duat2wank3|2duatr2wank|2duatr2wank0|2duatr2wank1|2duatr2wank2|2wank2daut2|daut1|duat2wank|duat2wank2|duatr2wank2|prettypanties|slutgfs|wabk2daugther|wank2daugther|wank2daut|wank2daut2|wank2daut3|wankwatch" { return 302 https://www.service-public.fr/particuliers/vosdroits/R17674; } location = /http-bind { if ($args ~ "2daut2wank2|2duat2wank|2duat2wank0|2duat2wank1|2duat2wank2|2duat2wank3|2duatr2wank|2duatr2wank0|2duatr2wank1|2duatr2wank2|2wank2daut2|daut1|duat2wank|duat2wank2|duatr2wank2|prettypanties|slutgfs|wabk2daugther|wank2daugther|wank2daut|wank2daut2|wank2daut3|wankwatch") { return 403 'forbidden'; } # We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL add_header 'Access-Control-Allow-Headers' 'content-type'; add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS'; add_header 'Access-Control-Allow-Origin' '*'; proxy_pass http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind; proxy_set_header X-Forwarded-For $remote_addr; #proxy_set_header Host $http_host; proxy_set_header Host jitsi-bosh; } # not used yet VVV # xmpp websockets #location = /xmpp-websocket { # proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket; # proxy_http_version 1.1; # proxy_set_header Connection "upgrade"; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; # proxy_set_header X-Forwarded-For $remote_addr; # tcp_nodelay on; #} location ~ ^/([^/?&:'"]+)$ { try_files $uri @root_path; } location @root_path { rewrite ^/(.*)$ / break; } # Not used yet VVVV # Etherpad-lite # location /etherpad/ { # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection 'upgrade'; # proxy_set_header Host $host; # proxy_cache_bypass $http_upgrade; # proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/; # proxy_set_header X-Forwarded-For $remote_addr; # proxy_buffering off; # proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; # } } }