{{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }}
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }}
{{ $WS_SERVER_ID := .Env.JVB_WS_SERVER_ID | default .Env.JVB_WS_SERVER_ID_FALLBACK -}}

server_name _;

client_max_body_size 0;

root /usr/share/jitsi-meet;

# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;

index index.html index.htm;
error_page 404 /static/404.html;

# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

{{ if .Env.DEPLOYMENTINFO_SHARD }}
add_header X-Jitsi-Shard {{ .Env.DEPLOYMENTINFO_SHARD }};
{{ end }}

{{ if not (.Env.ENABLE_FLOC | default "0" | toBool) }}
add_header Permissions-Policy "interest-cohort=()";
{{ end }}

location = /config.js {
    alias /config/config.js;
}

location = /interface_config.js {
    alias /config/interface_config.js;
}

location = /external_api.js {
    alias /usr/share/jitsi-meet/libs/external_api.min.js;
}

# ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
    add_header 'Access-Control-Allow-Origin' '*';
    alias /usr/share/jitsi-meet/$1/$2;
}

{{ if $ENABLE_COLIBRI_WEBSOCKET }}
# colibri (JVB) websockets
location ~ ^/colibri-ws/{{ $WS_SERVER_ID }}/(.*) {
    proxy_pass http://{{ $WS_SERVER_ID }}:9090/colibri-ws/{{ $WS_SERVER_ID }}/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}
{{ end }}

# BOSH
location = /http-bind {
    proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/http-bind;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
}

{{ if $ENABLE_XMPP_WEBSOCKET }}
# xmpp websockets
location = /xmpp-websocket {
    proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
    proxy_http_version 1.1;

    proxy_set_header Connection "upgrade";
    proxy_set_header Upgrade $http_upgrade;

    proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
    proxy_set_header X-Forwarded-For $remote_addr;
    tcp_nodelay on;
}
{{ end }}

location ~ ^/([^/?&:'"]+)$ {
    try_files $uri @root_path;
}

location @root_path {
    rewrite ^/(.*)$ / break;
}

{{ if .Env.ETHERPAD_URL_BASE }}
# Etherpad-lite
location /etherpad/ {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_cache_bypass $http_upgrade;

    proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_buffering off;
}
{{ end }}