Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

77 lines
1.9 KiB

server {
listen 80;
listen 443 ssl http2;
server_name {{ jitsi_domain }};
ssl_certificate_key {{ jitsi_key_path }};
ssl_certificate {{ jitsi_cert_path }};
include /etc/nginx/ansible_conf.d/perf.inc;
include /etc/nginx/ansible_conf.d/force_ssl.inc;
include /etc/nginx/ansible_conf.d/acme.inc;
if ($request_method !~ ^(GET|POST|HEAD)$ ) {
return 405;
}
add_header Strict-Transport-Security "$hsts_header";
root {{ jitsi_root_dir }}/meet;
index index.html;
# conferenceMapper endpoint
location ~ ^/(phoneNumberList|conferenceMapper) {
proxy_pass http://localhost:{{ jitsi_confmapper_port }};
proxy_socket_keepalive on;
# TODO : rate limit these endpoints to prevent room listing
}
# BOSH endpoint
location /http-bind {
proxy_socket_keepalive on;
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# Websocket endpoint
location /xmpp-websocket {
proxy_pass http://localhost:5280/xmpp-websocket?$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
tcp_nodelay on;
}
{% if jitsi_auth == 'sso' %}
# SSO endpoint
location /login {
proxy_pass http://127.0.0.1:8888;
proxy_set_header mail $http_mail;
proxy_set_header displayName $http_displayname;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# jicofo doesn't add the Content-Type for the redirection page
add_header Content-Type 'text/html';
}
{% endif %}
# Conference rooms
location ~ ^/([a-zA-Z0-9=\?]+)$ {
rewrite ^/(.*)$ / break;
}
location / {
ssi on;
limit_req zone=limit_req_std burst=100 nodelay;
limit_conn limit_conn_std 80;
}
{% for ip in jitsi_web_src_ip %}
allow {{ ip }};
{% endfor %}
deny all;
}