You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
193 lines
5.1 KiB
193 lines
5.1 KiB
{{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }}
|
|
{{ $COLIBRI_WEBSOCKET_PORT := .Env.COLIBRI_WEBSOCKET_PORT | default "9090" }}
|
|
{{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }}
|
|
{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}}
|
|
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }}
|
|
{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
|
|
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
|
|
{{ $XMPP_BOSH_URL_BASE := .Env.XMPP_BOSH_URL_BASE | default "http://xmpp.meet.jitsi:5280" -}}
|
|
|
|
server_name _;
|
|
|
|
charset utf8;
|
|
|
|
client_max_body_size 0;
|
|
|
|
root /usr/share/jitsi-meet;
|
|
|
|
# ssi on with javascript for multidomain variables in config.js
|
|
ssi on;
|
|
ssi_types application/x-javascript application/javascript;
|
|
|
|
index index.html index.htm;
|
|
error_page 404 /static/404.html;
|
|
|
|
# Security headers
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
set $prefix "";
|
|
|
|
{{ if .Env.DEPLOYMENTINFO_SHARD }}
|
|
add_header X-Jitsi-Shard {{ .Env.DEPLOYMENTINFO_SHARD }};
|
|
{{ end }}
|
|
|
|
# Opt out of FLoC (deprecated)
|
|
add_header Permissions-Policy "interest-cohort=()";
|
|
|
|
location = /config.js {
|
|
alias /config/config.js;
|
|
}
|
|
|
|
location = /interface_config.js {
|
|
alias /config/interface_config.js;
|
|
}
|
|
|
|
location = /external_api.js {
|
|
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
|
}
|
|
|
|
{{ if $ENABLE_JAAS_COMPONENTS }}
|
|
location = /_api/room-info {
|
|
proxy_pass {{ $XMPP_BOSH_URL_BASE }}/room-info?prefix=$prefix&$args;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{{ end }}
|
|
|
|
# ensure all static content can always be found first
|
|
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
alias /usr/share/jitsi-meet/$1/$2;
|
|
|
|
# cache all versioned files
|
|
if ($arg_v) {
|
|
expires 1y;
|
|
}
|
|
}
|
|
|
|
{{ if $ENABLE_COLIBRI_WEBSOCKET }}
|
|
# colibri (JVB) websockets
|
|
location ~ ^/colibri-ws/([a-zA-Z0-9-\._]+)/(.*) {
|
|
tcp_nodelay on;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
proxy_pass http://$1:{{ $COLIBRI_WEBSOCKET_PORT }}/colibri-ws/$1/$2$is_args$args;
|
|
}
|
|
|
|
{{ if $ENABLE_OCTO }}
|
|
# colibri (JVB) Relay to Relay websockets
|
|
location ~ ^/colibri-relay-ws/([a-zA-Z0-9-\._]+)/(.*) {
|
|
tcp_nodelay on;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
proxy_pass http://$1:{{ $COLIBRI_WEBSOCKET_PORT }}/colibri-relay-ws/$1/$2$is_args$args;
|
|
}
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
# BOSH
|
|
location = /http-bind {
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header Host {{ $XMPP_DOMAIN }};
|
|
|
|
proxy_pass {{ $XMPP_BOSH_URL_BASE }}/http-bind?prefix=$prefix&$args;
|
|
}
|
|
|
|
{{ if $ENABLE_XMPP_WEBSOCKET }}
|
|
# xmpp websockets
|
|
location = /xmpp-websocket {
|
|
tcp_nodelay on;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Host {{ $XMPP_DOMAIN }};
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_pass {{ $XMPP_BOSH_URL_BASE }}/xmpp-websocket?prefix=$prefix&$args;
|
|
}
|
|
{{ end }}
|
|
|
|
{{ if .Env.ETHERPAD_URL_BASE }}
|
|
# Etherpad-lite
|
|
location ^~ /etherpad/ {
|
|
proxy_buffering off;
|
|
proxy_cache_bypass $http_upgrade;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
|
|
}
|
|
{{ end }}
|
|
|
|
location ~ ^/([^/?&:'"]+)$ {
|
|
try_files $uri @root_path;
|
|
}
|
|
|
|
location @root_path {
|
|
rewrite ^/(.*)$ / break;
|
|
}
|
|
|
|
{{ if $ENABLE_SUBDOMAINS }}
|
|
# Matches /(TENANT)/pwa-worker.js or /(TENANT)/manifest.json to rewrite to / and look for file
|
|
location ~ ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ {
|
|
set $subdomain "$1.";
|
|
set $subdir "$1/";
|
|
rewrite ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ /$2;
|
|
}
|
|
|
|
location ~ ^/([^/?&:'"]+)/config.js$ {
|
|
set $subdomain "$1.";
|
|
set $subdir "$1/";
|
|
|
|
alias /config/config.js;
|
|
}
|
|
|
|
# BOSH for subdomains
|
|
location ~ ^/([^/?&:'"]+)/http-bind {
|
|
set $subdomain "$1.";
|
|
set $subdir "$1/";
|
|
set $prefix "$1";
|
|
|
|
rewrite ^/(.*)$ /http-bind;
|
|
}
|
|
|
|
{{ if $ENABLE_XMPP_WEBSOCKET }}
|
|
# websockets for subdomains
|
|
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
|
|
set $subdomain "$1.";
|
|
set $subdir "$1/";
|
|
set $prefix "$1";
|
|
|
|
rewrite ^/(.*)$ /xmpp-websocket;
|
|
}
|
|
{{ end }}
|
|
|
|
{{ if $ENABLE_JAAS_COMPONENTS }}
|
|
location ~ ^/([^/?&:'"]+)/_api/room-info {
|
|
set $subdomain "$1.";
|
|
set $subdir "$1/";
|
|
set $prefix "$1";
|
|
|
|
rewrite ^/(.*)$ /_api/room-info;
|
|
}
|
|
{{ end }}
|
|
|
|
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
|
|
location ~ ^/([^/?&:'"]+)/(.*)$ {
|
|
set $subdomain "$1.";
|
|
set $subdir "$1/";
|
|
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
|
|
}
|
|
{{ end }}
|
|
|