Closed tio-trom closed 2 years ago
Feel free to do a Pull Request
Ok. As soon as I'll know how I'll try.
Ok so we are trying to figure this out. For it to work it needs Access-Control-Allow-Origin: *
. I suppose the Nginx file for YNH Jitsi is /etc/nginx/conf.d/call.trom.tf.d/jitsi.conf
. My instance is call.trom.tf. That config file seems to allow that origin. Here it is:
root /var/www/jitsi/jitsi-meet-web;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
location = /config.js {
alias /etc/jitsi/meet/call.trom.tf-config.js;
}
location = /external_api.js {
alias /var/www/jitsi/jitsi-meet-web/libs/external_api.min.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
more_set_headers "Access-Control-Allow-Origin: *";
alias /var/www/jitsi/jitsi-meet-web/$1/$2;
# cache all versioned files
if ($arg_v) {
expires 1y;
}
}
# BOSH
location = /http-bind {
proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
tcp_nodelay on;
}
# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js$
{
set $subdomain "$1.";
set $subdir "$1/";
alias /etc/jitsi/meet/call.trom.tf-config.js;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /xmpp-websocket;
}
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}
And yet when debugging the Jitsi Meet App we clearly see that the origin is set to "sameorigin".
chrome-error://chromewebdata/:1 Refused to display 'https://call.trom.tf/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
So something is either wring with the nginx config for jitsi or it is getting re-written by something else.
Any help?
We re discussing it here too https://github.com/jitsi/jitsi-meet-electron/issues/710
there are several nginx files starting from /etc/nginx/nginx.conf, that include other nginx files, you can look into them ... But please don't break nginx conf files or you will have to repear them on you own.
Shouldn't the individual nginx files for individual apps, rewrite the main one?
nope individual nginx files are just a part of the global nginx config file
hmm...ok...so how can one force a setting like more_set_headers "Access-Control-Allow-Origin: *";
for just 1 single app? That's for sure a useful setting for apps like Jitsi, Nextcloud and the like...
i don't know
Apps nginx config are included after security config, so apps config can "force" a setting.
chrome-error://chromewebdata/:1 Refused to display 'https://call.trom.tf/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
The browser seems to complain about X-Frame-Options
.
You can remove this header by adding more_clear_headers X-Frame-Options;
in the nginx conf.
Sounds encouraging @tagadda !
I have added it as such and in the file /etc/nginx/conf.d/call.trom.tf.d/jitsi.conf :
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
more_set_headers "Access-Control-Allow-Origin: *";
more_clear_headers "X-Frame-Options";
alias /var/www/jitsi/jitsi-meet-web/$1/$2;
# cache all versioned files
if ($arg_v) {
expires 1y;
}
}
Or without the "".
Seems not to work. I restarted the nginx.
Oh it worked when I added it to the top of nginx config. Thanks a ton!
As explained here https://github.com/jitsi/jitsi-meet-electron#using-it-with-your-own-jitsi-meet-installation
Probably the nginx needs to be edited for it to work. Currently the nginx looks like so: