nginx.conf.tmpl (1659B)
1 # https://github.com/conversejs/converse.js/blob/master/docs/source/setup.rst#websocket 2 3 server { 4 listen {{ env "NOMAD_PORT_https" }} ssl; 5 6 ssl_certificate /etc/letsencrypt/live/dm.in0rdr.ch/fullchain.pem; 7 ssl_certificate_key /etc/letsencrypt/live/dm.in0rdr.ch/privkey.pem; 8 9 # serve converse-js app from 10 location / { 11 root /usr/share/nginx/html; 12 try_files $uri /index.html; 13 } 14 15 # proxy XMPP websocket directly to Prosody upstream 16 location /xmpp-websocket { 17 proxy_pass https://in0rdr.ch:5281/xmpp-websocket; 18 proxy_set_header Host $host; 19 proxy_set_header X-Real-IP $remote_addr; 20 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 21 proxy_set_header X-Forwarded-Proto $scheme; 22 23 # WebSocket proxying 24 # https://nginx.org/en/docs/http/websocket.html 25 proxy_http_version 1.1; 26 # timeout for reading a response from the proxied server. If the 27 # proxied server does not transmit anything within this time, 28 # the connection is closed. 29 proxy_read_timeout 86400; #24h 30 # When buffering is disabled, the response is passed to a client 31 # synchronously, immediately as it is received. 32 proxy_buffering off; 33 proxy_set_header Upgrade $http_upgrade; 34 proxy_set_header Connection "upgrade"; 35 } 36 37 # CORS 38 location ~ .(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$ { 39 # Decide here whether you want to allow all or only a particular domain 40 add_header Access-Control-Allow-Origin "*"; 41 root /usr/share/nginx/html; 42 } 43 }