openvidu/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default-app-without-demos.conf

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

# Openvidu call
#upstream yourapp {
#    server localhost:5442;
#}

upstream kibana {
    server localhost:5601;
}

upstream openviduserver {
    server localhost:5443;
}

server {
    # Redirect to https
    if ($host = {domain_name}) {
        rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
    } # managed by Certbot

    listen {http_port} default_server;
    server_name {domain_name};

    # letsencrypt
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }

    # Kibana panel
    location /kibana {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        
        rewrite ^/kibana/(.*)$ /$1 break;
        proxy_pass http://kibana/;
    }
}

server {
    listen {https_port} ssl default deferred;
    server_name {domain_name};

    ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/{domain_name}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;
    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

    ssl_prefer_server_ciphers on;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Proto https;
    proxy_headers_hash_bucket_size 512;
    proxy_redirect off;

    # Websockets
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    # Welcome
    root /var/www/html;

    # Your app
    # location / {
    #    proxy_pass http://yourapp; # Openvidu call by default
    #}

    #################################
    # Common rules                  #
    #################################
    location /dashboard {
        {rules_access_dashboard}
        deny all;
        rewrite ^/dashboard/(.*)$ /$1 break;
        proxy_pass http://openviduserver/;
    }

    location /inspector {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }

    location ~ /openvidu$ {
        proxy_pass http://openviduserver;
    }

    location /kibana {
        {rules_access_dashboard}
        deny all;

        rewrite ^/kibana/(.*)$ /$1 break;
        proxy_pass http://kibana/;
    }

    #################################
    # New API                       #
    #################################
    # OpenVidu Server
    location /openvidu/layouts {
        rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
        root /opt/openvidu;
    }

    location /openvidu/recordings {
        proxy_pass http://openviduserver;
    }

    location /openvidu/api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }

    location /openvidu/info {
        {rules_access_dashboard}
        deny all;
        proxy_pass http://openviduserver;
    }

    location /openvidu/accept-certificate {
        proxy_pass http://openviduserver;
    }

    location /openvidu/cdr {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }
    # OpenVidu Server PRO
    location /openvidu/elk {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }

    location /openvidu/inspector-api {
        {rules_acess_api}
        deny all;
        proxy_pass http://openviduserver;
    }


    #################################
    # LetsEncrypt                   #
    #################################

    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }
}
Updated proxy image 2020-04-09 16:33:26 +02:00			`add_header X-Frame-Options SAMEORIGIN;`
			`add_header X-Content-Type-Options nosniff;`
			`add_header X-XSS-Protection "1; mode=block";`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`# Openvidu call`
			`#upstream yourapp {`
			`# server localhost:5442;`
			`#}`

Updated proxy image 2020-04-09 16:33:26 +02:00			`upstream kibana {`
			`server localhost:5601;`
Control exist certificated in openvidu-proxy 2020-03-27 12:53:04 +01:00			`}`

			`upstream openviduserver {`
			`server localhost:5443;`
			`}`

			`server {`
Updated proxy image 2020-04-09 16:33:26 +02:00			`# Redirect to https`
			`if ($host = {domain_name}) {`
openvidu proxy updated 2020-04-28 15:53:56 +02:00			`rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;`
Updated proxy image 2020-04-09 16:33:26 +02:00			`} # managed by Certbot`

openvidu proxy updated 2020-04-28 15:53:56 +02:00			`listen {http_port} default_server;`
Updated proxy image 2020-04-09 16:33:26 +02:00			`server_name {domain_name};`

			`# letsencrypt`
			`location /.well-known/acme-challenge {`
			`root /var/www/certbot;`
			`try_files $uri $uri/ =404;`
			`}`

			`# Kibana panel`
			`location /kibana {`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection 'upgrade';`
			`proxy_set_header Host $host;`
			`proxy_cache_bypass $http_upgrade;`

			`rewrite ^/kibana/(.*)$ /$1 break;`
			`proxy_pass http://kibana/;`
			`}`
			`}`

			`server {`
openvidu proxy updated 2020-04-28 15:53:56 +02:00			`listen {https_port} ssl default deferred;`
Control exist certificated in openvidu-proxy 2020-03-27 12:53:04 +01:00			`server_name {domain_name};`

			`ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem;`
			`ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;`
Updated proxy image 2020-04-09 16:33:26 +02:00
Control exist certificated in openvidu-proxy 2020-03-27 12:53:04 +01:00			`ssl_session_cache shared:SSL:50m;`
			`ssl_session_timeout 5m;`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`

deployment-openvidu-ce-and-pro: Add TLSv1.3 and some ssl_chiphers recommended for browsers compatibility: https://ssl-config.mozilla.org/\#server\=nginx\&version\=1.17.7\&config\=intermediate\&openssl\=1.1.1d\&guideline\=5.6 2020-10-15 14:47:53 +02:00			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;`
			ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
Control exist certificated in openvidu-proxy 2020-03-27 12:53:04 +01:00
			`ssl_prefer_server_ciphers on;`

			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Proto https;`
			`proxy_headers_hash_bucket_size 512;`
			`proxy_redirect off;`

			`# Websockets`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`

Updated proxy image 2020-04-09 16:33:26 +02:00			`# Welcome`
			`root /var/www/html;`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`# Your app`
			`# location / {`
			`# proxy_pass http://yourapp; # Openvidu call by default`
			`#}`

			`#################################`
			`# Common rules #`
			`#################################`
proxy ip restrictions added 2020-04-30 14:27:40 +02:00			`location /dashboard {`
			`{rules_access_dashboard}`
			`deny all;`
			`rewrite ^/dashboard/(.*)$ /$1 break;`
			`proxy_pass http://openviduserver/;`
			`}`

			`location /inspector {`
			`{rules_access_dashboard}`
			`deny all;`
			`proxy_pass http://openviduserver;`
			`}`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`location ~ /openvidu$ {`
			`proxy_pass http://openviduserver;`
			`}`

Updated proxy image 2020-04-09 16:33:26 +02:00			`location /kibana {`
proxy ip restrictions added 2020-04-30 14:27:40 +02:00			`{rules_access_dashboard}`
			`deny all;`
Updated proxy image 2020-04-09 16:33:26 +02:00
			`rewrite ^/kibana/(.*)$ /$1 break;`
			`proxy_pass http://kibana/;`
Control exist certificated in openvidu-proxy 2020-03-27 12:53:04 +01:00			`}`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`#################################`
			`# New API #`
			`#################################`
			`# OpenVidu Server`
			`location /openvidu/layouts {`
			`rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;`
Updated proxy image 2020-04-09 16:33:26 +02:00			`root /opt/openvidu;`
			`}`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`location /openvidu/recordings {`
recording fixed 2020-04-20 18:45:56 +02:00			`proxy_pass http://openviduserver;`
			`}`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`location /openvidu/api {`
proxy ip restrictions added 2020-04-30 14:27:40 +02:00			`{rules_acess_api}`
			`deny all;`
Control exist certificated in openvidu-proxy 2020-03-27 12:53:04 +01:00			`proxy_pass http://openviduserver;`
			`}`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`location /openvidu/info {`
proxy ip restrictions added 2020-04-30 14:27:40 +02:00			`{rules_access_dashboard}`
			`deny all;`
Control exist certificated in openvidu-proxy 2020-03-27 12:53:04 +01:00			`proxy_pass http://openviduserver;`
			`}`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`location /openvidu/accept-certificate {`
Updated proxy image 2020-04-09 16:33:26 +02:00			`proxy_pass http://openviduserver;`
			`}`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`location /openvidu/cdr {`
proxy ip restrictions added 2020-04-30 14:27:40 +02:00			`{rules_acess_api}`
			`deny all;`
Updated proxy image 2020-04-09 16:33:26 +02:00			`proxy_pass http://openviduserver;`
			`}`
deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`# OpenVidu Server PRO`
			`location /openvidu/elk {`
proxy ip restrictions added 2020-04-30 14:27:40 +02:00			`{rules_acess_api}`
			`deny all;`
Updated proxy image 2020-04-09 16:33:26 +02:00			`proxy_pass http://openviduserver;`
			`}`

deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`location /openvidu/inspector-api {`
proxy ip restrictions added 2020-04-30 14:27:40 +02:00			`{rules_acess_api}`
			`deny all;`
Updated proxy image 2020-04-09 16:33:26 +02:00			`proxy_pass http://openviduserver;`
			`}`

Proxy updated for auto renew letscrypt certificated 2020-06-29 16:37:26 +02:00
deployment-openvidu-ce: Update nginx to new API rules and use deprecated APIs. 2020-10-14 14:34:21 +02:00			`#################################`
			`# LetsEncrypt #`
			`#################################`

Proxy updated for auto renew letscrypt certificated 2020-06-29 16:37:26 +02:00			`location /.well-known/acme-challenge {`
			`root /var/www/certbot;`
			`try_files $uri $uri/ =404;`
			`}`
Updated proxy image 2020-04-09 16:33:26 +02:00			`}`