"Fossies" - the Fresh Open Source Software Archive

Member "jitsi-meet-6316/doc/debian/jitsi-meet/jitsi-meet.example" (5 Jul 2022, 4794 Bytes) of package /linux/misc/jitsi-meet-6316.tar.gz:

    1 server_names_hash_bucket_size 64;
    2 
    3 types {
    4 # nginx's default mime.types doesn't include a mapping for wasm
    5     application/wasm     wasm;
    6 }
    7 upstream prosody {
    8     zone upstreams 64K;
    9     server 127.0.0.1:5280;
   10     keepalive 2;
   11 }
   12 upstream jvb1 {
   13     zone upstreams 64K;
   14     server 127.0.0.1:9090;
   15     keepalive 2;
   16 }
   17 server {
   18     listen 80;
   19     listen [::]:80;
   20     server_name jitsi-meet.example.com;
   21 
   22     location ^~ /.well-known/acme-challenge/ {
   23         default_type "text/plain";
   24         root         /usr/share/jitsi-meet;
   25     }
   26     location = /.well-known/acme-challenge/ {
   27         return 404;
   28     }
   29     location / {
   30         return 301 https://$host$request_uri;
   31     }
   32 }
   33 server {
   34     listen 443 ssl;
   35     listen [::]:443 ssl;
   36     server_name jitsi-meet.example.com;
   37 
   38     # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
   39     ssl_protocols TLSv1.2 TLSv1.3;
   40     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
   41     ssl_prefer_server_ciphers off;
   42 
   43     ssl_session_timeout 1d;
   44     ssl_session_cache shared:SSL:10m;  # about 40000 sessions
   45     ssl_session_tickets off;
   46 
   47     add_header Strict-Transport-Security "max-age=63072000" always;
   48     set $prefix "";
   49 
   50     ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt;
   51     ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key;
   52 
   53     root /usr/share/jitsi-meet;
   54 
   55     # ssi on with javascript for multidomain variables in config.js
   56     ssi on;
   57     ssi_types application/x-javascript application/javascript;
   58 
   59     index index.html index.htm;
   60     error_page 404 /static/404.html;
   61 
   62     gzip on;
   63     gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
   64     gzip_vary on;
   65     gzip_proxied no-cache no-store private expired auth;
   66     gzip_min_length 512;
   67 
   68     location = /config.js {
   69         alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
   70     }
   71 
   72     location = /external_api.js {
   73         alias /usr/share/jitsi-meet/libs/external_api.min.js;
   74     }
   75 
   76     # ensure all static content can always be found first
   77     location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
   78     {
   79         add_header 'Access-Control-Allow-Origin' '*';
   80         alias /usr/share/jitsi-meet/$1/$2;
   81 
   82         # cache all versioned files
   83         if ($arg_v) {
   84             expires 1y;
   85         }
   86     }
   87 
   88     # BOSH
   89     location = /http-bind {
   90         proxy_pass http://prosody/http-bind?prefix=$prefix&$args;
   91         proxy_http_version 1.1;
   92         proxy_set_header X-Forwarded-For $remote_addr;
   93         proxy_set_header Host $http_host;
   94         proxy_set_header Connection "";
   95     }
   96 
   97     # xmpp websockets
   98     location = /xmpp-websocket {
   99         proxy_pass http://prosody/xmpp-websocket?prefix=$prefix&$args;
  100         proxy_http_version 1.1;
  101         proxy_set_header Upgrade $http_upgrade;
  102         proxy_set_header Connection "upgrade";
  103         proxy_set_header Host $http_host;
  104         tcp_nodelay on;
  105     }
  106 
  107     # colibri (JVB) websockets for jvb1
  108     location ~ ^/colibri-ws/default-id/(.*) {
  109         proxy_pass http://jvb1/colibri-ws/default-id/$1$is_args$args;
  110         proxy_http_version 1.1;
  111         proxy_set_header Upgrade $http_upgrade;
  112         proxy_set_header Connection "upgrade";
  113         tcp_nodelay on;
  114     }
  115 
  116     # load test minimal client, uncomment when used
  117     #location ~ ^/_load-test/([^/?&:'"]+)$ {
  118     #    rewrite ^/_load-test/(.*)$ /load-test/index.html break;
  119     #}
  120     #location ~ ^/_load-test/libs/(.*)$ {
  121     #    add_header 'Access-Control-Allow-Origin' '*';
  122     #    alias /usr/share/jitsi-meet/load-test/libs/$1;
  123     #}
  124 
  125     location ~ ^/([^/?&:'"]+)$ {
  126         try_files $uri @root_path;
  127     }
  128 
  129     location @root_path {
  130         rewrite ^/(.*)$ / break;
  131     }
  132 
  133     location ~ ^/([^/?&:'"]+)/config.js$
  134     {
  135         set $subdomain "$1.";
  136         set $subdir "$1/";
  137 
  138         alias /etc/jitsi/meet/jitsi-meet.example.com-config.js;
  139     }
  140 
  141     # BOSH for subdomains
  142     location ~ ^/([^/?&:'"]+)/http-bind {
  143         set $subdomain "$1.";
  144         set $subdir "$1/";
  145         set $prefix "$1";
  146 
  147         rewrite ^/(.*)$ /http-bind;
  148     }
  149 
  150     # websockets for subdomains
  151     location ~ ^/([^/?&:'"]+)/xmpp-websocket {
  152         set $subdomain "$1.";
  153         set $subdir "$1/";
  154         set $prefix "$1";
  155 
  156         rewrite ^/(.*)$ /xmpp-websocket;
  157     }
  158 
  159     # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
  160     location ~ ^/([^/?&:'"]+)/(.*)$ {
  161         set $subdomain "$1.";
  162         set $subdir "$1/";
  163         rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
  164     }
  165 }