#jinja2: lstrip_blocks: "True" {% macro render_vhost_directives() %} gzip on; gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options nosniff; {% if matrix_nginx_proxy_floc_optout_enabled %} add_header Permissions-Policy interest-cohort=() always; {% endif %} {% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %} {{- configuration_block }} {% endfor %} location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-jitsi-web:80"; proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:13080; {% endif %} proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } # colibri (JVB) websockets location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { {% if matrix_nginx_proxy_enabled %} resolver 127.0.0.11 valid=5s; set $backend "matrix-jitsi-jvb:9090"; proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:13090; {% endif %} proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; tcp_nodelay on; } # XMPP websocket location = /xmpp-websocket { {% if matrix_nginx_proxy_enabled %} resolver 127.0.0.11 valid=5s; set $backend {{ matrix_jitsi_xmpp_bosh_url_base }}; proxy_pass $backend/xmpp-websocket; {% else %} {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:5280; {% endif %} proxy_set_header Host $host; proxy_http_version 1.1; proxy_read_timeout 900s; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; tcp_nodelay on; } {% endmacro %} server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }}; server_tokens off; root /dev/null; {% if matrix_nginx_proxy_https_enabled %} location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; {% endif %} } location / { return 301 https://$http_host$request_uri; } {% else %} {{ render_vhost_directives() }} {% endif %} } {% if matrix_nginx_proxy_https_enabled %} server { listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }}; server_tokens off; root /dev/null; ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/fullchain.pem; ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/privkey.pem; ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; {% if matrix_nginx_proxy_ssl_ciphers != '' %} ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; {% endif %} ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; {% if matrix_nginx_proxy_ocsp_stapling_enabled %} ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/chain.pem; {% endif %} {{ render_vhost_directives() }} } {% endif %}