{{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} {{ $XMPP_BOSH_URL_BASE := .Env.XMPP_BOSH_URL_BASE | default "http://xmpp.meet.jitsi:5280" -}} server_name _; client_max_body_size 0; root /usr/share/jitsi-meet; # ssi on with javascript for multidomain variables in config.js ssi on; ssi_types application/x-javascript application/javascript; index index.html index.htm; error_page 404 /static/404.html; # Security headers add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; {{ if .Env.DEPLOYMENTINFO_SHARD }} add_header X-Jitsi-Shard {{ .Env.DEPLOYMENTINFO_SHARD }}; {{ end }} # Opt out of FLoC (deprecated) add_header Permissions-Policy "interest-cohort=()"; location = /config.js { alias /config/config.js; } location = /interface_config.js { alias /config/interface_config.js; } location = /external_api.js { alias /usr/share/jitsi-meet/libs/external_api.min.js; } # ensure all static content can always be found first location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ { add_header 'Access-Control-Allow-Origin' '*'; alias /usr/share/jitsi-meet/$1/$2; # cache all versioned files if ($arg_v) { expires 1y; } } {{ if $ENABLE_COLIBRI_WEBSOCKET }} # colibri (JVB) websockets location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { tcp_nodelay on; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args; } {{ end }} # BOSH location = /http-bind { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host {{ $XMPP_DOMAIN }}; proxy_pass {{ $XMPP_BOSH_URL_BASE }}/http-bind; } {{ if $ENABLE_XMPP_WEBSOCKET }} # xmpp websockets location = /xmpp-websocket { tcp_nodelay on; proxy_http_version 1.1; proxy_set_header Connection $connection_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Host {{ $XMPP_DOMAIN }}; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass {{ $XMPP_BOSH_URL_BASE }}/xmpp-websocket; } {{ end }} {{ if .Env.ETHERPAD_URL_BASE }} # Etherpad-lite location ^~ /etherpad/ { proxy_buffering off; proxy_cache_bypass $http_upgrade; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/; } {{ end }} location ~ ^/([^/?&:'"]+)$ { try_files $uri @root_path; } location @root_path { rewrite ^/(.*)$ / break; } {{ if $ENABLE_SUBDOMAINS }} location ~ ^/([^/?&:'"]+)/config.js$ { set $subdomain "$1."; set $subdir "$1/"; alias /config/config.js; } # BOSH for subdomains location ~ ^/([^/?&:'"]+)/http-bind { set $subdomain "$1."; set $subdir "$1/"; set $prefix "$1"; rewrite ^/(.*)$ /http-bind; } {{ if $ENABLE_XMPP_WEBSOCKET }} # websockets for subdomains location ~ ^/([^/?&:'"]+)/xmpp-websocket { set $subdomain "$1."; set $subdir "$1/"; set $prefix "$1"; rewrite ^/(.*)$ /xmpp-websocket; } {{ end }} # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / location ~ ^/([^/?&:'"]+)/(.*)$ { set $subdomain "$1."; set $subdir "$1/"; rewrite ^/([^/?&:'"]+)/(.*)$ /$2; } {{ end }}