|
|
|
|
@ -98,150 +98,16 @@ configuration file: |
|
|
|
|
|
|
|
|
|
.. warning:: |
|
|
|
|
|
|
|
|
|
Thoses 2 blocks should be append before the "location ~ ^/([^/?&:'"]+)/(.*)$ {" |
|
|
|
|
Thoses 2 blocks should be append BEFORE the following block:: |
|
|
|
|
|
|
|
|
|
A complete nginx configuration would look like this : |
|
|
|
|
|
|
|
|
|
server { |
|
|
|
|
listen 80; |
|
|
|
|
server_name jitsi.demo; |
|
|
|
|
|
|
|
|
|
location ^~ /.well-known/acme-challenge/ { |
|
|
|
|
default_type "text/plain"; |
|
|
|
|
root /usr/share/jitsi-meet; |
|
|
|
|
} |
|
|
|
|
location = /.well-known/acme-challenge/ { |
|
|
|
|
return 404; |
|
|
|
|
} |
|
|
|
|
location / { |
|
|
|
|
return 301 https://$host$request_uri; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
server { |
|
|
|
|
listen 443 ssl http2; |
|
|
|
|
server_name jitsi.demo; |
|
|
|
|
|
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3; |
|
|
|
|
ssl_prefer_server_ciphers on; |
|
|
|
|
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED"; |
|
|
|
|
|
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000"; |
|
|
|
|
|
|
|
|
|
ssl_certificate /etc/jitsi/meet/jitsi.demo.crt; |
|
|
|
|
ssl_certificate_key /etc/jitsi/meet/jitsi.demo.key; |
|
|
|
|
|
|
|
|
|
root /usr/share/jitsi-meet; |
|
|
|
|
|
|
|
|
|
# ssi on with javascript for multidomain variables in config.js |
|
|
|
|
ssi on; |
|
|
|
|
ssi_types application/x-javascript application/javascript; |
|
|
|
|
|
|
|
|
|
index index.html index.htm; |
|
|
|
|
error_page 404 /static/404.html; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
location = /config.js { |
|
|
|
|
alias /etc/jitsi/meet/jitsi.demo-config.js; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location = /external_api.js { |
|
|
|
|
alias /usr/share/jitsi-meet/libs/external_api.min.js; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
#ensure all static content can always be found first |
|
|
|
|
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ |
|
|
|
|
{ |
|
|
|
|
add_header 'Access-Control-Allow-Origin' '*'; |
|
|
|
|
alias /usr/share/jitsi-meet/$1/$2; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# BOSH |
|
|
|
|
location = /http-bind { |
|
|
|
|
proxy_pass http://127.0.0.1:5280/http-bind; |
|
|
|
|
proxy_http_version 1.0; |
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr; |
|
|
|
|
proxy_set_header Host $http_host; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# xmpp websockets |
|
|
|
|
location = /xmpp-websocket { |
|
|
|
|
proxy_pass http://localhost:5280/xmpp-websocket?prefix=$prefix&$args; |
|
|
|
|
proxy_http_version 1.1; |
|
|
|
|
proxy_set_header Upgrade $http_upgrade; |
|
|
|
|
proxy_set_header Connection "upgrade"; |
|
|
|
|
proxy_set_header Host $http_host; |
|
|
|
|
tcp_nodelay on; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location ~ ^/([^/?&:'"]+)$ { |
|
|
|
|
try_files $uri @root_path; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location @root_path { |
|
|
|
|
rewrite ^/(.*)$ / break; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location ~ ^/([^/?&:'"]+)/config.js$ |
|
|
|
|
{ |
|
|
|
|
set $subdomain "$1."; |
|
|
|
|
set $subdir "$1/"; |
|
|
|
|
|
|
|
|
|
alias /etc/jitsi/meet/jitsi.demo-config.js; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# BOSH for subdomains |
|
|
|
|
location ~ ^/([^/?&:'"]+)/http-bind { |
|
|
|
|
set $subdomain "$1."; |
|
|
|
|
set $subdir "$1/"; |
|
|
|
|
set $prefix "$1"; |
|
|
|
|
|
|
|
|
|
rewrite ^/(.*)$ /http-bind; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# websockets for subdomains |
|
|
|
|
location ~ ^/([^/?&:'"]+)/xmpp-websocket { |
|
|
|
|
set $subdomain "$1."; |
|
|
|
|
set $subdir "$1/"; |
|
|
|
|
set $prefix "$1"; |
|
|
|
|
|
|
|
|
|
rewrite ^/(.*)$ /xmpp-websocket; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location = /lmauth { |
|
|
|
|
internal; |
|
|
|
|
include /etc/nginx/fastcgi_params; |
|
|
|
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; |
|
|
|
|
fastcgi_pass_request_body off; |
|
|
|
|
fastcgi_param CONTENT_LENGTH ""; |
|
|
|
|
fastcgi_param HOST $http_host; |
|
|
|
|
fastcgi_param X_ORIGINAL_URI $request_uri; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
location = /login/ { |
|
|
|
|
|
|
|
|
|
auth_request /lmauth; |
|
|
|
|
auth_request_set $lmremote_user $upstream_http_lm_remote_user; |
|
|
|
|
auth_request_set $lmlocation $upstream_http_location; |
|
|
|
|
error_page 401 $lmlocation; |
|
|
|
|
|
|
|
|
|
auth_request_set $mail $upstream_http_mail; |
|
|
|
|
proxy_set_header mail $mail; |
|
|
|
|
auth_request_set $displayname $upstream_http_displayName; |
|
|
|
|
proxy_set_header displayName $displayname; |
|
|
|
|
auth_request_set $lmcookie $upstream_http_cookie; |
|
|
|
|
proxy_set_header Cookie: $lmcookie; |
|
|
|
|
|
|
|
|
|
proxy_pass http://127.0.0.1:8888/login; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / |
|
|
|
|
#Anything that didn't match above, and isn't a real file, |
|
|
|
|
#assume it's a room name and redirect to / |
|
|
|
|
location ~ ^/([^/?&:'"]+)/(.*)$ { |
|
|
|
|
set $subdomain "$1."; |
|
|
|
|
set $subdir "$1/"; |
|
|
|
|
rewrite ^/([^/?&:'"]+)/(.*)$ /$2; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
Jitsi Meet Virtual host in Manager |
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
|
|
|
Maxime Besson
5 years ago