From b354155d7cbca855dd979ae941668154f10afe18 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 27 Nov 2020 17:57:07 +0200
Subject: [PATCH] Make JVB websockets reverse-proxying work

---
 group_vars/matrix_servers                     |  2 ++
 roles/matrix-jitsi/defaults/main.yml          |  5 +++++
 .../templates/jvb/matrix-jitsi-jvb.service.j2 |  3 +++
 .../nginx/conf.d/matrix-jitsi.conf.j2         | 21 +++++++++++++++++++
 4 files changed, 31 insertions(+)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 464cff78..07f9a88c 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -671,6 +671,8 @@ matrix_jitsi_enabled: false
 # the Jitsi HTTP port to the local host.
 matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12080' }}"
 
+matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12090' }}"
+
 matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}"
 matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}"
 matrix_jitsi_jvb_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jvb') | to_uuid }}"
diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml
index c9c8745e..85123cf7 100644
--- a/roles/matrix-jitsi/defaults/main.yml
+++ b/roles/matrix-jitsi/defaults/main.yml
@@ -247,3 +247,8 @@ matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4443"), or empty string to not expose.
 matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}"
+
+# Controls whether the matrix-jitsi-jvb container exposes its Colibri WebSocket port (tcp/9090 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12090"), or empty string to not expose.
+matrix_jitsi_jvb_container_colibri_ws_host_bind_port: ''
diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
index 6db6a850..7fcfeec6 100644
--- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
+++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
@@ -21,6 +21,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
 			{% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %}
 			-p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \
 			{% endif %}
+			{% if matrix_jitsi_jvb_container_colibri_ws_host_bind_port %}
+			-p {{ matrix_jitsi_jvb_container_colibri_ws_host_bind_port }}:9090 \
+			{% endif %}
 			--mount type=bind,src={{ matrix_jitsi_jvb_config_path }},dst=/config \
 			{% for arg in matrix_jitsi_jvb_container_extra_arguments %}
 			{{ arg }} \
diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
index 4cacf1f1..500f1943 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
@@ -23,6 +23,27 @@
 		proxy_set_header Host $host;
 		proxy_set_header X-Forwarded-For $remote_addr;
 	}
+
+	# colibri (JVB) websockets
+	location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
+		{% if matrix_nginx_proxy_enabled %}
+			resolver 127.0.0.11 valid=5s;
+			set $backend "matrix-jitsi-jvb:9090";
+			proxy_pass http://$backend;
+		{% else %}
+			{# Generic configuration for use outside of our container setup #}
+			proxy_pass http://127.0.0.1:12090;
+		{% endif %}
+
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+
+		proxy_http_version 1.1;
+
+		tcp_nodelay on;
+	}
 {% endmacro %}
 
 server {