From 91f636a813640a0551c51a1e2dbeaa10be1d8966 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=8F=D0=BD=20=D0=9C=D0=B8=D0=BD=D0=BA?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Tue, 29 Sep 2020 06:17:42 -0500 Subject: [PATCH] debian: Don't break those still using ALPN multiplex (Fixes #7794) (#7796) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: Don't break those still using ALPN multiplex (Fixes #7794) * squash: Update doc/debian/jitsi-meet/jitsi-meet.conf Co-authored-by: Saúl Ibarra Corretgé Co-authored-by: Saúl Ibarra Corretgé --- debian/jitsi-meet-turnserver.install | 1 + doc/debian/jitsi-meet/jitsi-meet.conf | 34 +++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 doc/debian/jitsi-meet/jitsi-meet.conf diff --git a/debian/jitsi-meet-turnserver.install b/debian/jitsi-meet-turnserver.install index 52a096b81..9d8098b2b 100644 --- a/debian/jitsi-meet-turnserver.install +++ b/debian/jitsi-meet-turnserver.install @@ -1,2 +1,3 @@ doc/debian/jitsi-meet-turn/turnserver.conf /usr/share/jitsi-meet-turnserver/ +doc/debian/jitsi-meet/jitsi-meet.conf /usr/share/jitsi-meet-turnserver/ doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh /usr/share/jitsi-meet-turnserver/ diff --git a/doc/debian/jitsi-meet/jitsi-meet.conf b/doc/debian/jitsi-meet/jitsi-meet.conf new file mode 100644 index 000000000..59e9a537d --- /dev/null +++ b/doc/debian/jitsi-meet/jitsi-meet.conf @@ -0,0 +1,34 @@ +# this is jitsi-meet nginx module configuration +# this forward all http traffic to the nginx virtual host port +# and the rest to the turn server +# +# Multiplexing based on ALPN is DEPRECATED. ALPN does not play well with websockets on some browsers and reverse proxies. +# To migrate away from using it read: https://jitsi.org/multiplexing-to-bridge-ws-howto +# This file will be removed at some point and if deployment is still using it, will break. +# +stream { + upstream web { + server 127.0.0.1:4444; + } + upstream turn { + server 127.0.0.1:5349; + } + # since 1.13.10 + map $ssl_preread_alpn_protocols $upstream { + ~\bh2\b web; + ~\bhttp/1\. web; + default turn; + } + + server { + listen 443; + listen [::]:443; + + # since 1.11.5 + ssl_preread on; + proxy_pass $upstream; + + # Increase buffer to serve video + proxy_buffer_size 10m; + } +}