mateuszs

jitsi-vm.OUR_DOMAIN.conf

Sep 3rd, 2021
23
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. cat jitsi-vm.OUR_DOMAIN.conf
  2. server_names_hash_bucket_size 64;
  3.  
  4. types {
  5. # nginx's default mime.types doesn't include a mapping for wasm
  6. application/wasm wasm;
  7. }
  8. server {
  9. listen 80;
  10. listen [::]:80;
  11. server_name jitsi-vm.OUR_DOMAIN;
  12.  
  13. location ^~ /.well-known/acme-challenge/ {
  14. default_type "text/plain";
  15. root /usr/share/jitsi-meet;
  16. }
  17. location = /.well-known/acme-challenge/ {
  18. return 404;
  19. }
  20. location / {
  21. return 301 https://$host$request_uri;
  22. }
  23. }
  24. server {
  25. listen 443 ssl;
  26. listen [::]:443 ssl;
  27. server_name jitsi-vm.OUR_DOMAIN;
  28.  
  29. # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
  30. ssl_protocols TLSv1.2 TLSv1.3;
  31. ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  32. ssl_prefer_server_ciphers off;
  33.  
  34. ssl_session_timeout 1d;
  35. ssl_session_cache shared:SSL:10m; # about 40000 sessions
  36. ssl_session_tickets off;
  37.  
  38. add_header Strict-Transport-Security "max-age=63072000" always;
  39. set $prefix "";
  40.  
  41. ssl_certificate /etc/letsencrypt/live/jitsi-vm.OUR_DOMAIN/fullchain.pem;
  42. ssl_certificate_key /etc/letsencrypt/live/jitsi-vm.OUR_DOMAIN/privkey.pem;
  43.  
  44. root /usr/share/jitsi-meet;
  45.  
  46. # ssi on with javascript for multidomain variables in config.js
  47. ssi on;
  48. ssi_types application/x-javascript application/javascript;
  49.  
  50. index index.html index.htm;
  51. error_page 404 /static/404.html;
  52.  
  53. gzip on;
  54. gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
  55. gzip_vary on;
  56. gzip_proxied no-cache no-store private expired auth;
  57. gzip_min_length 512;
  58.  
  59. location = /config.js {
  60. alias /etc/jitsi/meet/jitsi-vm.OUR_DOMAIN-config.js;
  61. }
  62.  
  63. location = /external_api.js {
  64. alias /usr/share/jitsi-meet/libs/external_api.min.js;
  65. }
  66.  
  67. # ensure all static content can always be found first
  68. location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
  69. {
  70. add_header 'Access-Control-Allow-Origin' '*';
  71. alias /usr/share/jitsi-meet/$1/$2;
  72.  
  73. # cache all versioned files
  74. if ($arg_v) {
  75. expires 1y;
  76. }
  77. }
  78.  
  79. # BOSH
  80. location = /http-bind {
  81. proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args;
  82. proxy_set_header X-Forwarded-For $remote_addr;
  83. proxy_set_header Host $http_host;
  84. }
  85.  
  86. # xmpp websockets
  87. location = /xmpp-websocket {
  88. proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
  89. proxy_http_version 1.1;
  90. proxy_set_header Upgrade $http_upgrade;
  91. proxy_set_header Connection "upgrade";
  92. proxy_set_header Host $http_host;
  93. tcp_nodelay on;
  94. }
  95.  
  96. # colibri (JVB) websockets for jvb1
  97. location ~ ^/colibri-ws/1/(.*) {
  98. proxy_pass http://FIRST_JVB:9090/colibri-ws/1/$1$is_args$args;
  99. proxy_http_version 1.1;
  100. proxy_set_header Upgrade $http_upgrade;
  101. proxy_set_header Connection "upgrade";
  102. tcp_nodelay on;
  103. }
  104.  
  105. location ~ ^/colibri-ws/2/(.*) {
  106. proxy_pass http://SECOND_JVB:9090/colibri-ws/2/$1$is_args$args;
  107. proxy_http_version 1.1;
  108. proxy_set_header Upgrade $http_upgrade;
  109. proxy_set_header Connection "upgrade";
  110. tcp_nodelay on;
  111. }
  112.  
  113. # load test minimal client, uncomment when used
  114. #location ~ ^/_load-test/([^/?&:'"]+)$ {
  115. # rewrite ^/_load-test/(.*)$ /load-test/index.html break;
  116. #}
  117. #location ~ ^/_load-test/libs/(.*)$ {
  118. # add_header 'Access-Control-Allow-Origin' '*';
  119. # alias /usr/share/jitsi-meet/load-test/libs/$1;
  120. #}
  121.  
  122. location ~ ^/([^/?&:'"]+)$ {
  123. try_files $uri @root_path;
  124. }
  125.  
  126. location @root_path {
  127. rewrite ^/(.*)$ / break;
  128. }
  129.  
  130. location ~ ^/([^/?&:'"]+)/config.js$
  131. {
  132. set $subdomain "$1.";
  133. set $subdir "$1/";
  134.  
  135. alias /etc/jitsi/meet/jitsi-vm.OUR_DOMAIN-config.js;
  136. }
  137.  
  138. # BOSH for subdomains
  139. location ~ ^/([^/?&:'"]+)/http-bind {
  140. set $subdomain "$1.";
  141. set $subdir "$1/";
  142. set $prefix "$1";
  143.  
  144. rewrite ^/(.*)$ /http-bind;
  145. }
  146.  
  147. # websockets for subdomains
  148. location ~ ^/([^/?&:'"]+)/xmpp-websocket {
  149. set $subdomain "$1.";
  150. set $subdir "$1/";
  151. set $prefix "$1";
  152.  
  153. rewrite ^/(.*)$ /xmpp-websocket;
  154. }
  155.  
  156. # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
  157. location ~ ^/([^/?&:'"]+)/(.*)$ {
  158. set $subdomain "$1.";
  159. set $subdir "$1/";
  160. rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
  161. }
  162. }
  163.  
RAW Paste Data