server_names_hash_bucket_size 64; server { listen 80; server_name jitsi-meet.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name jitsi-meet.example.com; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED"; add_header Strict-Transport-Security "max-age=31536000"; ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt; ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key; root /usr/share/jitsi-meet; ssi on; index index.html index.htm; error_page 404 /static/404.html; location = /config.js { alias /etc/jitsi/meet/jitsi-meet.example.com-config.js; } location = /external_api.js { alias /usr/share/jitsi-meet/libs/external_api.min.js; } #ensure all static content can always be found first location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ { add_header 'Access-Control-Allow-Origin' '*'; alias /usr/share/jitsi-meet/$1/$2; } # BOSH location = /http-bind { proxy_pass http://localhost:5280/http-bind; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; } location ~ ^/([^/?&:'"]+)$ { try_files $uri @root_path; } location @root_path { rewrite ^/(.*)$ / break; } }