jitsi docker desktop wsl2 nginx proxy for wss

Question

Using the latest jitsi docker build on a docker desktop with wsl2 I am having problems getting the wss socket to redirect when using a an internal PUBLIC_URL behind an nginx reverse proxy

using a default localhost with no PUBLIC_URL I can connect to a meeting no issues and url = http://localhost

.env

 # Public URL for the web service (required)
 #PUBLIC_URL=https://meet.example.com

adding a reverse proxy with the following nginx default.conf

server {
    listen       80;
    listen  [::]:80;
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /home/ssl/certs/meet.example.com.crt;
        ssl_certificate_key /home/ssl/private/meet.example.com.key;
    server_name  meet.example.com;

    #charset koi8-r;
    access_log  /home/meet.jitsi.access.log  main;
    error_log  /home/meet.jitsi.error.log  ;

    location / {
        proxy_pass http://meet.jitsi:80;
    }


    location /xmpp-websocket {
        proxy_pass ​http://jvb.meet.jitsi;     <- see error below
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
    location ~ /\.ht {
        deny  all;
    }
}

I get an error when testing the above default.conf

root@9c684:/# nginx -c /etc/nginx/nginx.conf -t
2021/01/25 15:53:14 [emerg] 300#300: invalid URL prefix in /etc/nginx/conf.d/default.conf:20
nginx: [emerg] invalid URL prefix in /etc/nginx/conf.d/default.conf:20
nginx: configuration file /etc/nginx/nginx.conf test failed


/etc/nginx/conf.d/default.conf:20 == proxy_pass ​http://jvb.meet.jitsi;

Following a number of threads I am lost to the current config I should use, but I understand that two proxy_pass should be possible for the same sever_name, is this correct?

Is there a better method to have a local url redirect to the JVB sever for the wss:// socket?

Answer 1

In the virtual host that Jitsi creates by default for Nginx there is an entry for websocket that I don't see in your configuration. This is the default configuration:

# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
   proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   tcp_nodelay on;
}

In my case I have several JVB servers so I have an entry for each one.

# colibri (JVB) websockets for my jvb1
location ~ ^/colibri-ws/jvb1/(.*) {
    proxy_pass http://10.200.0.112:9090/colibri-ws/jvb1/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}
# colibri (JVB) websockets for my jvb2
location ~ ^/colibri-ws/jvb2/(.*) {
    proxy_pass http://10.200.0.83:9090/colibri-ws/jvb2/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}

To know the id that you go to use you need to configure the /etc/jitsi/videobridge/jvb.conf file

videobridge {
    http-servers {
        public {
            port = 9090
        }
    }
    websockets {
        enabled = true
        domain = "your.domain.com:443"
        tls = true
        server-id = jvb2
    }
  }