opendev/system-config
Code Issues Proposed changes
87a67c7656
system-config/playbooks/roles/jitsi-meet/files/meet.conf
Clark Boylan 2ac695f628 Manage jitsi-meet meet.conf as a template input for the container 
The jitsi meet containers want to generate configuration from the
templates found in /defaults on the container to config files in the
bind mounted /config (/var/jitsi-meet/ on the host side). This means
that the configs ansible is writing to /var/jitsi-meet are complete
ignored and overwritten by the container using its templating system and
env vars.

This is causing us problems because we would like to use a different
etherpad prxoy config in nginx to ensure the Host header is set
properly. To make this happen we bind mount in our own template file so
that the container can template what we want rather than what is found
in the image.

Change-Id: Ifdde66a01bb7e632fc19ca0a512216584f1ea9f0
2021-03-17 13:03:09 -07:00

97 lines
2.5 KiB
Plaintext
Raw Blame History

{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }}
server_name _;
client_max_body_size 0;
root /usr/share/jitsi-meet;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location = /config.js {
alias /config/config.js;
}
location = /interface_config.js {
alias /config/interface_config.js;
}
location = /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
# ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/$1/$2;
}
# colibri (JVB) websockets
location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
# BOSH
location = /http-bind {
proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
}
{{ if $ENABLE_XMPP_WEBSOCKET }}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
proxy_set_header X-Forwarded-For $remote_addr;
tcp_nodelay on;
}
{{ end }}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
}
{{ if .Env.ETHERPAD_URL_BASE }}
# Etherpad-lite
location /etherpad/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
# Commented out as we want the default behavior of using
# $proxy_host as the Host header value
#proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_buffering off;
# Commented out as we want the default behavior of using
# $proxy_host as the Host header value
#proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
}
{{ end }}
View Git Blame Copy Permalink