Merge "Manage jitsi-meet meet.conf as a template input for the container"
This commit is contained in:
Zuul
Gerrit Code Review
commit
4302bf3585
@ -12,6 +12,7 @@ services:
|
||||
- ${CONFIG}/web:/config
|
||||
- ${CONFIG}/web/letsencrypt:/etc/letsencrypt
|
||||
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
|
||||
- ${DEFAULTS}/web/nginx/meet.conf:/defaults/meet.conf
|
||||
environment:
|
||||
- ENABLE_AUTH
|
||||
- ENABLE_GUESTS
|
||||
|
||||
@ -1,50 +1,96 @@
|
||||
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }}
|
||||
|
||||
server_name _;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
root /usr/share/jitsi-meet;
|
||||
index index.html
|
||||
|
||||
# ssi on with javascript for multidomain variables in config.js
|
||||
ssi on;
|
||||
ssi_types application/x-javascript application/javascript;
|
||||
|
||||
index index.html index.htm;
|
||||
error_page 404 /static/404.html;
|
||||
|
||||
location ~ ^/([a-zA-Z0-9=\?_-]+)$ {
|
||||
rewrite ^/(.*)$ / break;
|
||||
}
|
||||
# Security headers
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
location ^~ /config.js {
|
||||
location = /config.js {
|
||||
alias /config/config.js;
|
||||
}
|
||||
|
||||
location ^~ /interface_config.js {
|
||||
location = /interface_config.js {
|
||||
alias /config/interface_config.js;
|
||||
}
|
||||
|
||||
location ^~ /external_api.js {
|
||||
location = /external_api.js {
|
||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
|
||||
location / {
|
||||
ssi on;
|
||||
# ensure all static content can always be found first
|
||||
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
|
||||
{
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
alias /usr/share/jitsi-meet/$1/$2;
|
||||
}
|
||||
|
||||
# colibri (JVB) websockets
|
||||
location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
|
||||
proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# BOSH
|
||||
location ^~ /http-bind {
|
||||
proxy_pass http://localhost:5280/http-bind;
|
||||
location = /http-bind {
|
||||
proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/http-bind;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
|
||||
}
|
||||
|
||||
{{ if $ENABLE_XMPP_WEBSOCKET }}
|
||||
# xmpp websockets
|
||||
location = /xmpp-websocket {
|
||||
proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
||||
proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)$ {
|
||||
try_files $uri @root_path;
|
||||
}
|
||||
|
||||
location @root_path {
|
||||
rewrite ^/(.*)$ / break;
|
||||
}
|
||||
|
||||
{{ if .Env.ETHERPAD_URL_BASE }}
|
||||
# Etherpad-lite
|
||||
location ^~ /etherpad/ {
|
||||
location /etherpad/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection 'upgrade';
|
||||
proxy_set_header Host 'etherpad.opendev.org';
|
||||
# Commented out as we want the default behavior of using
|
||||
# $proxy_host as the Host header value
|
||||
#proxy_set_header Host $host;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass https://etherpad.opendev.org/;
|
||||
proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_buffering off;
|
||||
# Commented out as we want the default behavior of using
|
||||
# $proxy_host as the Host header value
|
||||
#proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
@ -24,6 +24,13 @@
|
||||
- web
|
||||
- web/nginx
|
||||
- web/nginx/site-confs
|
||||
- defaults
|
||||
- defaults/web
|
||||
- defaults/web/nginx
|
||||
|
||||
# TODO files managed here seem to be completely ignored by the containers
|
||||
# we should clean them up. And if necessary replace them with templates
|
||||
# below like meet.conf.
|
||||
- name: Write web config
|
||||
copy:
|
||||
src: config.js
|
||||
@ -36,10 +43,16 @@
|
||||
copy:
|
||||
src: default.conf
|
||||
dest: /var/jitsi-meet/web/nginx/site-confs/default
|
||||
- name: Write nginx meet config
|
||||
# END TODO
|
||||
|
||||
# These files are interpreted by the container at startup and are templated
|
||||
# using the frep tool. Ideally we'll keep the content in templates to a
|
||||
# minumum and rely on upstream as much as possible.
|
||||
- name: Write nginx meet config template
|
||||
copy:
|
||||
src: meet.conf
|
||||
dest: /var/jitsi-meet/web/nginx/meet.conf
|
||||
dest: /var/jitsi-meet/defaults/web/nginx/meet.conf
|
||||
|
||||
- name: Run docker-compose pull
|
||||
shell:
|
||||
cmd: docker-compose pull
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
# Directory where all configuration will be stored.
|
||||
CONFIG=/var/jitsi-meet
|
||||
|
||||
# Directory where templates to generate configs are stored.
|
||||
DEFAULTS=/var/jitsi-meet/defaults
|
||||
|
||||
# System time zone.
|
||||
TZ=Etc/UTC
|
||||
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
# Directory where all configuration will be stored.
|
||||
CONFIG=/var/jitsi-meet
|
||||
|
||||
# Directory where templates to generate configs are stored.
|
||||
DEFAULTS=/var/jitsi-meet/defaults
|
||||
|
||||
# System time zone.
|
||||
TZ=Etc/UTC
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user