diff options
| author | Matthew Fennell <matthew@fennell.dev> | 2024-05-23 21:02:51 +0100 |
|---|---|---|
| committer | Matthew Fennell <matthew@fennell.dev> | 2024-05-23 21:02:51 +0100 |
| commit | b997dabfebe74422de510884b68480fcb3bf1780 (patch) | |
| tree | 08475967e5b2fa368bc1c3e76aab8e8d58562745 /files | |
| parent | 850275469f7da1a9829edfe45bd40b40d3cc6a02 (diff) | |
Add anonymous subdomain when requested
This will primiarly be used for motoristic.
Diffstat (limited to 'files')
| -rw-r--r-- | files/nginx_conf.j2 | 51 | ||||
| -rw-r--r-- | files/prosody.cfg.lua.j2 | 2 | ||||
| -rw-r--r-- | files/virtual_host.cfg.lua.j2 | 8 |
3 files changed, 60 insertions, 1 deletions
diff --git a/files/nginx_conf.j2 b/files/nginx_conf.j2 index fbddce8..da4222d 100644 --- a/files/nginx_conf.j2 +++ b/files/nginx_conf.j2 @@ -29,3 +29,54 @@ server { return 301 https://$host$request_uri; } + +{% if anonymous_login %} + +server { + listen 443 ssl; + listen [::]:443; + + ssl_certificate /etc/prosody/certs/{{ virtual_host }}.crt; + ssl_certificate_key /etc/prosody/certs/{{ virtual_host }}.key; + + server_name anon.{{ virtual_host }}; + + location / { + proxy_pass https://localhost:5281; + proxy_set_header Host "anon.{{ virtual_host }}"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + tcp_nodelay on; + } + + location /http-bind { + proxy_pass https://localhost:5281; + proxy_set_header Host "anon.{{ virtual_host }}"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + tcp_nodelay on; + } + + location /.well-known/host-meta { + add_header Access-Control-Allow-Origin * always; + return 200 "<?xml version='1.0' encoding='utf-8'?> +<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> + <Link rel='urn:xmpp:alt-connections:xbosh' + href='https://anon.{{ virtual_host }}/http-bind' /> +</XRD> +"; + } +} + +server { + listen 80; + listen [::]:80; + + server_name anon.{{ virtual_host }}; + + return 301 https://$host$request_uri; +} + +{% endif %} diff --git a/files/prosody.cfg.lua.j2 b/files/prosody.cfg.lua.j2 index e20ba4e..b107536 100644 --- a/files/prosody.cfg.lua.j2 +++ b/files/prosody.cfg.lua.j2 @@ -9,6 +9,7 @@ modules_enabled = { "admin_shell"; "blocklist"; "bookmarks"; + "bosh"; "carbons"; "cloud_notify"; "csi_battery_saver"; @@ -31,7 +32,6 @@ modules_enabled = { "smacks"; "time"; "tls"; - "turn_external"; "uptime"; "vcard4"; "vcard_legacy"; diff --git a/files/virtual_host.cfg.lua.j2 b/files/virtual_host.cfg.lua.j2 index 272e24b..77726ff 100644 --- a/files/virtual_host.cfg.lua.j2 +++ b/files/virtual_host.cfg.lua.j2 @@ -13,6 +13,7 @@ modules_enabled = { "invites_register"; "register"; "register_apps"; + "turn_external"; } contact_info = { @@ -39,3 +40,10 @@ log_all_rooms = true restrict_room_creation = "local" muc_room_default_public = false muc_room_default_public_jids = true + +{% if anonymous_login %} + +VirtualHost "anon.{{ virtual_host }}" +authentication = "anonymous" + +{% endif %} |