Jitsi behind the nginx reverse proxy

Hi to everyone!
I got next error when try to use jitsi behind reverse nginx proxy

Access to XMLHttpRequest at 'https://10.10.2.32/http-bind?room=dumbmonkeysshootdelicately' from origin 'https://jitsi.mydomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

in my nginx config I have

 add_header 'Access-Control-Allow-Origin' '*';

Have anybody working nginx reverse proxy config, when jitsi and reverse proxy is too different servers.

jitsi in the local network (as 'https://10.10.2.32) is working fine. It’s a fresh installation of the stable version.

thanks!

1 Like

@ssydorov Did you find a solution for this?

@ssydorov If you didn’t already find it and for others who come across this issue. This is what made me solve my problem

    location = /http-bind {
	    add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'GET,HEAD,OPTIONS,POST,PUT';
        add_header Access-Control-Allow-Headers 'Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers';
        proxy_pass      http://localhost:5280/http-bind;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }

@ssydorov would you mind sharing you nginx prox conf for jitsi ? or link a web resource. right now internally jitsi is working but externally through nginx i am getting to many redirects as an error.

Hi
unfortunately, it still not working. I did not find any working solution.

So here is my working config. however, I have some kinks to workout… Right now when I have two people connected it works ok, the second a third joins everyone gets disconnected. This does work solid with just two people though!

Again this is the Nginx conf on the external-facing proxy

server {
server_name jitsi.nerdnightlax.com;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/nerdnightlax.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/nerdnightlax.com/privkey.pem; # managed by Certbot

location / {
    ssi on;
    proxy_pass https://192.168.50.20/;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $http_host;
}
# BOSH
location /http-bind {
    proxy_pass http://192.168.50.20:5280/http-bind;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $http_host;
}

# xmpp websockets
location /xmpp-websocket {
    proxy_pass              http://192.168.50.20:5280/xmpp-websocket;
    proxy_http_version      1.1;
    proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection "upgrade";
    proxy_set_header        Host $host;
    tcp_nodelay             on;
}

}