Upgrade jitsi nginx conf to make ADRN happy!

2021-02-01 18:19:43 +01:00 · 2021-02-01 18:19:43 +01:00 · b6b812c011
commit b6b812c011
parent 5fb05f0b7e
1 changed files with 68 additions and 13 deletions
--- a/app/jitsi/config/nginx.conf
+++ b/app/jitsi/config/nginx.conf
@ -7,31 +7,53 @@ http {
  access_log /dev/stdout;
  server_names_hash_bucket_size 64;

+  # inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
  server {
    listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
    listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
+    client_max_body_size 0;
    server_name _;
+
+    # ssi on with javascript for multidomain variables in config.js
+    ssi on;
+    ssi_types application/x-javascript application/javascript;
+
    ssl_certificate /etc/nginx/jitsi.crt;
    ssl_certificate_key /etc/nginx/jitsi.key;
    root /srv/jitsi-meet;
    index index.html;
+    error_page 404 /static/404.html;

-    # lot of work would be needed to improve location rules
-    #  - in order to allow - and _ in the URL, even space
-    #  - while not shadowing other files (.js and following locations)
-    #  - passed some times twice on the problem, not as easy as it seems
-    location ~ ^/([a-zA-Z0-9=\?]+)$ {
-        rewrite ^/(.*)$ / break;
-    }
-    location / {
-        ssi on;
+    location = /config.js {
+      alias /srv/jitsi-meet/config.js;
    }

-    location /external_api.js {
-        alias /srv/jitsi-meet/libs/external_api.min.js;
+    location = /interface_config.js {
+      alias /srv/jitsi-meet/interface_config.js;
    }

-    location /http-bind {
+    location = /external_api.js {
+      alias /srv/jitsi-meet/libs/external_api.min.js;
+    }
+
+    # ensure all static content can always be found first
+    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
+    {
+      add_header 'Access-Control-Allow-Origin' '*';
+      alias /srv/jitsi-meet/$1/$2;
+    }
+
+    # not used yet VVV
+    # colibri (JVB) websockets
+    #location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
+    #  proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
+    #  proxy_http_version 1.1;
+    #  proxy_set_header Upgrade $http_upgrade;
+    #  proxy_set_header Connection "upgrade";
+    #  tcp_nodelay on;
+    #}
+
+    location = /http-bind {
        # We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL
        add_header 'Access-Control-Allow-Headers' 'content-type';
        add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS';
@ -41,6 +63,39 @@ http {
        proxy_set_header Host \$http_host;
    }

-    
+    # not used yet VVV
+    # xmpp websockets
+    #location = /xmpp-websocket {
+    #    proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
+    #    proxy_http_version 1.1;
+    #    proxy_set_header Connection "upgrade";
+    #    proxy_set_header Upgrade $http_upgrade;
+    #    proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
+    #    proxy_set_header X-Forwarded-For $remote_addr;
+    #    tcp_nodelay on;
+    #}
+
+    location ~ ^/([^/?&:'"]+)$ {
+      try_files $uri @root_path;
+    }
+
+    location @root_path {
+      rewrite ^/(.*)$ / break;
+    }
+
+  # Not used yet VVVV
+  # Etherpad-lite
+  # location /etherpad/ {
+  #    proxy_http_version 1.1;
+  #    proxy_set_header Upgrade $http_upgrade;
+  #    proxy_set_header Connection 'upgrade';
+  #    proxy_set_header Host $host;
+  #    proxy_cache_bypass $http_upgrade;
+  #    proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
+  #    proxy_set_header X-Forwarded-For $remote_addr;
+  #    proxy_buffering off;
+  #    proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
+  #  }
+
  }
 }