ejabberd nginx reverse-proxy config

gistfile1.txt · 1.8 KiB · Text Raw

1	# Reverse proxy of websocket and bosh endpoints from Ejabberd
2	# Reverse proxy of http_upload for Ejabberd
3	# Todo: add /admin and /api endpoints
4
5	server {
6	listen 443 ssl http2;
7	listen [::]:443 ssl http2;
8
9	server_name xmpp.example.org;
10
11	ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
12	ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
13	ssl_trusted_certificate /etc/letsencrypt/live/example.org/chain.pem;
14
15
16	# Ejabberd BOSH
17	location /bosh {
18	proxy_pass http://localhost:5280/bosh;
19	proxy_set_header Host $host;
20	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
21	proxy_set_header X-Forwarded-Proto $scheme;
22	proxy_buffering off;
23	tcp_nodelay on;
24	}
25
26	# Ejabberd websocket
27	location /ws {
28	proxy_pass http://localhost:5280/ws;
29	proxy_http_version 1.1;
30	proxy_set_header Connection "Upgrade";
31	proxy_set_header Upgrade $http_upgrade;
32	proxy_set_header Host $host;
33	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
34	proxy_set_header X-Forwarded-Proto $scheme;
35	proxy_read_timeout 900s;
36	}
37	}
38
39	# http_upload
40	server {
41	listen 443 ssl http2;
42	listen [::]:443 ssl http2;
43
44	server_name uploads.example.org;
45
46	ssl_certificate /etc/letsencrypt/live/uploads.example.org/fullchain.pem;
47	ssl_certificate_key /etc/letsencrypt/live/uploads.example.org/privkey.pem;
48	ssl_trusted_certificate /etc/letsencrypt/live/uploads.example.org/chain.pem;
49
50	location /upload {
51	proxy_pass http://localhost:5280/upload;
52	proxy_set_header Host "uploads.example.org";
53	client_max_body_size 110M;
54	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
55	proxy_set_header X-Forwarded-Proto $scheme;
56	proxy_buffering off;
57	tcp_nodelay on;
58	}
59	}