server_names_hash_bucket_size 64; server { listen 80; server_name jitsi-meet.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name jitsi-meet.example.com; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED"; add_header Strict-Transport-Security "max-age=31536000"; ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt; ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key; root /usr/share/jitsi-meet; index index.html index.htm; error_page 404 /static/404.html; location /config.js { alias /etc/jitsi/meet/jitsi-meet.example.com-config.js; } location ~ ^/([a-zA-Z0-9=\?]+)$ { rewrite ^/(.*)$ / break; } location / { ssi on; } # Backward compatibility location ~ /external_api.* { root /usr/share/jitsi-meet/libs; } # BOSH location /http-bind { proxy_pass http://localhost:5280/http-bind; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; } }