search

YunoHost-Apps / jitsi_ynh

Video conference for YunoHost
https://jitsi.org/
Apache License 2.0
21 stars 19 forks source link

Make it work with Jitsi Meet apps #63

Closed tio-trom closed 2 years ago

tio-trom commented 2 years ago

As explained here https://github.com/jitsi/jitsi-meet-electron#using-it-with-your-own-jitsi-meet-installation

Probably the nginx needs to be edited for it to work. Currently the nginx looks like so:

root /var/www/jitsi/jitsi-meet-web;

# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;

index index.html index.htm;
error_page 404 /static/404.html;

location = /config.js {
    alias /etc/jitsi/meet/call.trom.tf-config.js;
}

location = /external_api.js {
    alias /var/www/jitsi/jitsi-meet-web/libs/external_api.min.js;
}

#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
    more_set_headers "Access-Control-Allow-Origin: *";
    alias /var/www/jitsi/jitsi-meet-web/$1/$2;

    # cache all versioned files
    if ($arg_v) {
        expires 1y;
    }
}

# BOSH
location = /http-bind {
    proxy_pass  http://127.0.0.1:5280/http-bind?prefix=$prefix&$args;
    proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
}

# xmpp websockets
location = /xmpp-websocket {
    proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    tcp_nodelay on;
}

# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
    proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}

location ~ ^/([^/?&:'"]+)$ {
    try_files $uri @root_path;
}

location @root_path {
    rewrite ^/(.*)$ / break;
}

location ~ ^/([^/?&:'"]+)/config.js$
{
   set $subdomain "$1.";
   set $subdir "$1/";

   alias /etc/jitsi/meet/call.trom.tf-config.js;
}

# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
    set $subdomain "$1.";
    set $subdir "$1/";
    set $prefix "$1";

    rewrite ^/(.*)$ /http-bind;
}

# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
    set $subdomain "$1.";
    set $subdir "$1/";
    set $prefix "$1";

    rewrite ^/(.*)$ /xmpp-websocket;
}

#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
    set $subdomain "$1.";
    set $subdir "$1/";
    rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}
yalh76 commented 2 years ago

Feel free to do a Pull Request

tio-trom commented 2 years ago

Ok. As soon as I'll know how I'll try.

tio-trom commented 2 years ago

Ok so we are trying to figure this out. For it to work it needs Access-Control-Allow-Origin: * . I suppose the Nginx file for YNH Jitsi is /etc/nginx/conf.d/call.trom.tf.d/jitsi.conf . My instance is call.trom.tf. That config file seems to allow that origin. Here it is:

root /var/www/jitsi/jitsi-meet-web;

# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;

index index.html index.htm;
error_page 404 /static/404.html;

location = /config.js {
    alias /etc/jitsi/meet/call.trom.tf-config.js;
}

location = /external_api.js {
    alias /var/www/jitsi/jitsi-meet-web/libs/external_api.min.js;
}

#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
    more_set_headers "Access-Control-Allow-Origin: *";
    alias /var/www/jitsi/jitsi-meet-web/$1/$2;

    # cache all versioned files
    if ($arg_v) {
        expires 1y;
    }
}

# BOSH
location = /http-bind {
    proxy_pass  http://127.0.0.1:5280/http-bind?prefix=$prefix&$args;
    proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
}

# xmpp websockets
location = /xmpp-websocket {
    proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    tcp_nodelay on;
}

# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
    proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}

location ~ ^/([^/?&:'"]+)$ {
    try_files $uri @root_path;
}

location @root_path {
    rewrite ^/(.*)$ / break;
}

location ~ ^/([^/?&:'"]+)/config.js$
{
   set $subdomain "$1.";
   set $subdir "$1/";

   alias /etc/jitsi/meet/call.trom.tf-config.js;
}

# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
    set $subdomain "$1.";
    set $subdir "$1/";
    set $prefix "$1";

    rewrite ^/(.*)$ /http-bind;
}

# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
    set $subdomain "$1.";
    set $subdir "$1/";
    set $prefix "$1";

    rewrite ^/(.*)$ /xmpp-websocket;
}

#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
    set $subdomain "$1.";
    set $subdir "$1/";
    rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}

And yet when debugging the Jitsi Meet App we clearly see that the origin is set to "sameorigin".

chrome-error://chromewebdata/:1 Refused to display 'https://call.trom.tf/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

So something is either wring with the nginx config for jitsi or it is getting re-written by something else.

Any help?

We re discussing it here too https://github.com/jitsi/jitsi-meet-electron/issues/710

yalh76 commented 2 years ago

there are several nginx files starting from /etc/nginx/nginx.conf, that include other nginx files, you can look into them ... But please don't break nginx conf files or you will have to repear them on you own.

tio-trom commented 2 years ago

Shouldn't the individual nginx files for individual apps, rewrite the main one?

yalh76 commented 2 years ago

nope individual nginx files are just a part of the global nginx config file

tio-trom commented 2 years ago

hmm...ok...so how can one force a setting like more_set_headers "Access-Control-Allow-Origin: *"; for just 1 single app? That's for sure a useful setting for apps like Jitsi, Nextcloud and the like...

yalh76 commented 2 years ago

i don't know

Tagadda commented 2 years ago

Apps nginx config are included after security config, so apps config can "force" a setting.

chrome-error://chromewebdata/:1 Refused to display 'https://call.trom.tf/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

The browser seems to complain about X-Frame-Options. You can remove this header by adding more_clear_headers X-Frame-Options; in the nginx conf.

tio-trom commented 2 years ago

Sounds encouraging @tagadda !

I have added it as such and in the file /etc/nginx/conf.d/call.trom.tf.d/jitsi.conf :

#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
    more_set_headers "Access-Control-Allow-Origin: *";
    more_clear_headers "X-Frame-Options";
    alias /var/www/jitsi/jitsi-meet-web/$1/$2;

    # cache all versioned files
    if ($arg_v) {
        expires 1y;
    }
}

Or without the "".

Seems not to work. I restarted the nginx.

tio-trom commented 2 years ago

Oh it worked when I added it to the top of nginx config. Thanks a ton!