From 91f636a813640a0551c51a1e2dbeaa10be1d8966 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=8F=D0=BD=20=D0=9C=D0=B8=D0=BD=D0=BA?=
 =?UTF-8?q?=D0=BE=D0=B2?= <damencho@jitsi.org>
Date: Tue, 29 Sep 2020 06:17:42 -0500
Subject: [PATCH] debian: Don't break those still using ALPN multiplex (Fixes
 #7794) (#7796)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix: Don't break those still using ALPN multiplex (Fixes #7794)

* squash: Update doc/debian/jitsi-meet/jitsi-meet.conf

Co-authored-by: Saúl Ibarra Corretgé <saghul@jitsi.org>

Co-authored-by: Saúl Ibarra Corretgé <saghul@jitsi.org>
---
 debian/jitsi-meet-turnserver.install  |  1 +
 doc/debian/jitsi-meet/jitsi-meet.conf | 34 +++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 doc/debian/jitsi-meet/jitsi-meet.conf

diff --git a/debian/jitsi-meet-turnserver.install b/debian/jitsi-meet-turnserver.install
index 52a096b81..9d8098b2b 100644
--- a/debian/jitsi-meet-turnserver.install
+++ b/debian/jitsi-meet-turnserver.install
@@ -1,2 +1,3 @@
 doc/debian/jitsi-meet-turn/turnserver.conf          /usr/share/jitsi-meet-turnserver/
+doc/debian/jitsi-meet/jitsi-meet.conf               /usr/share/jitsi-meet-turnserver/
 doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh /usr/share/jitsi-meet-turnserver/
diff --git a/doc/debian/jitsi-meet/jitsi-meet.conf b/doc/debian/jitsi-meet/jitsi-meet.conf
new file mode 100644
index 000000000..59e9a537d
--- /dev/null
+++ b/doc/debian/jitsi-meet/jitsi-meet.conf
@@ -0,0 +1,34 @@
+# this is jitsi-meet nginx module configuration
+# this forward all http traffic to the nginx virtual host port
+# and the rest to the turn server
+#
+# Multiplexing based on ALPN is DEPRECATED. ALPN does not play well with websockets on some browsers and reverse proxies.
+# To migrate away from using it read: https://jitsi.org/multiplexing-to-bridge-ws-howto
+# This file will be removed at some point and if deployment is still using it, will break.
+#
+stream {
+    upstream web {
+        server 127.0.0.1:4444;
+    }
+    upstream turn {
+        server 127.0.0.1:5349;
+    }
+    # since 1.13.10
+    map $ssl_preread_alpn_protocols $upstream {
+        ~\bh2\b         web;
+        ~\bhttp/1\.     web;
+        default         turn;
+    }
+
+    server {
+        listen 443;
+        listen [::]:443;
+
+        # since 1.11.5
+        ssl_preread on;
+        proxy_pass $upstream;
+
+        # Increase buffer to serve video
+        proxy_buffer_size 10m;
+    }
+}