server_names_hash_bucket_size 64; server { listen 127.0.0.1:80; server_name talk.valinor.fr; return 301 https://$server_name$request_uri; } server { listen 127.0.0.1:443 ssl http2; server_name talk.valinor.fr; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols TLSv1.2; ssl_ciphers AESGCM:HIGH:!aNULL:!eNULL:!EXPORT:!RC4:!MD5:!DES:!3DES:!SSLv2:!DH:!kRSA; ssl_prefer_server_ciphers on; ssl_certificate /etc/letsencrypt/live/talk.valinor.fr/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/talk.valinor.fr/privkey.pem; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; preload;"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; root /usr/share/jitsi-meet; ssi on; index index.html index.htm; error_page 404 /static/404.html; location = /config.js { alias /etc/jitsi/meet/config.js; } location = /interface_config.js { alias /etc/jitsi/meet/interface_config.js; } location = /logging_config.js { alias /etc/jitsi/meet/logging_config.js; } location = /external_api.js { alias /usr/share/jitsi-meet/libs/external_api.min.js; } #ensure all static content can always be found first location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ { add_header 'Access-Control-Allow-Origin' '*'; alias /usr/share/jitsi-meet/$1/$2; } # BOSH location = /http-bind { proxy_pass http://localhost:5280/http-bind; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; } location ~ ^/([^/?&:'"]+)$ { try_files $uri @root_path; } location @root_path { rewrite ^/(.*)$ / break; } }