diff --git a/docker-compose.jeffsi.yml b/docker-compose.jeffsi.yml index 35ee98b..90a08bf 100644 --- a/docker-compose.jeffsi.yml +++ b/docker-compose.jeffsi.yml @@ -1,4 +1,6 @@ -# Jeffsi Meet - Docker Compose for Traefik + Cloudflare Tunnel +# Jeffsi Meet - Docker Compose for Traefik +# Primary domain: jeffsi.localvibe.live (direct HTTPS via Let's Encrypt) +# Legacy domain: meet.jeffemmett.com (via Cloudflare tunnel) services: web: image: jeffsi-meet-web:latest @@ -17,17 +19,29 @@ services: - ./nginx-custom:/config/nginx-custom:ro labels: - "traefik.enable=true" - - "traefik.http.routers.jeffsi-meet.rule=Host(`meet.jeffemmett.com`)" - - "traefik.http.routers.jeffsi-meet.entrypoints=web" - "traefik.http.services.jeffsi-meet.loadbalancer.server.port=80" + # Shared middlewares - "traefik.http.middlewares.jeffsi-headers.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.jeffsi-nocache.headers.customresponseheaders.Cache-Control=no-store, must-revalidate" - "traefik.http.middlewares.jeffsi-frame.headers.customFrameOptionsValue=ALLOWALL" - "traefik.http.middlewares.jeffsi-permissions.headers.customresponseheaders.Permissions-Policy=camera=*, microphone=*, display-capture=*, fullscreen=*, autoplay=*" - "traefik.http.middlewares.jeffsi-csp.headers.customresponseheaders.Content-Security-Policy=frame-ancestors *" + - "traefik.http.middlewares.jeffsi-redirect-https.redirectscheme.scheme=https" + # PRIMARY: jeffsi.localvibe.live - HTTPS via Let's Encrypt + - "traefik.http.routers.jeffsi-meet-secure.rule=Host(`jeffsi.localvibe.live`)" + - "traefik.http.routers.jeffsi-meet-secure.entrypoints=websecure" + - "traefik.http.routers.jeffsi-meet-secure.tls.certresolver=letsencrypt" + - "traefik.http.routers.jeffsi-meet-secure.middlewares=jeffsi-headers,jeffsi-nocache,jeffsi-frame,jeffsi-permissions,jeffsi-csp" + # PRIMARY HTTP->HTTPS redirect + - "traefik.http.routers.jeffsi-meet-http.rule=Host(`jeffsi.localvibe.live`)" + - "traefik.http.routers.jeffsi-meet-http.entrypoints=web" + - "traefik.http.routers.jeffsi-meet-http.middlewares=jeffsi-redirect-https" + # LEGACY: meet.jeffemmett.com - via Cloudflare tunnel (port 80) + - "traefik.http.routers.jeffsi-meet.rule=Host(`meet.jeffemmett.com`)" + - "traefik.http.routers.jeffsi-meet.entrypoints=web" - "traefik.http.routers.jeffsi-meet.middlewares=jeffsi-headers,jeffsi-nocache,jeffsi-frame,jeffsi-permissions,jeffsi-csp" environment: - - PUBLIC_URL=https://meet.jeffemmett.com + - PUBLIC_URL=https://jeffsi.localvibe.live - TZ=${TZ:-UTC} - ENABLE_COLIBRI_WEBSOCKET=1 - ENABLE_XMPP_WEBSOCKET=1 @@ -68,7 +82,7 @@ services: - ${CONFIG}/prosody/config:/config:Z - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z environment: - - PUBLIC_URL=https://meet.jeffemmett.com + - PUBLIC_URL=https://jeffsi.localvibe.live - TZ=${TZ:-UTC} - AUTH_TYPE=${AUTH_TYPE:-internal} - ENABLE_AUTH=${ENABLE_AUTH:-0} @@ -130,7 +144,7 @@ services: - ${CONFIG}/jvb:/config:Z environment: - TZ=${TZ:-UTC} - - PUBLIC_URL=https://meet.jeffemmett.com + - PUBLIC_URL=https://jeffsi.localvibe.live - JVB_AUTH_USER - JVB_AUTH_PASSWORD - JVB_BREWERY_MUC=jvbbrewery @@ -138,7 +152,7 @@ services: - JVB_PORT=10200 - JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443 - ENABLE_COLIBRI_WEBSOCKET=1 - - JVB_WS_DOMAIN=meet.jeffemmett.com + - JVB_WS_DOMAIN=jeffsi.localvibe.live - JVB_WS_SERVER_ID=default-id - XMPP_AUTH_DOMAIN=auth.meet.jitsi - XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi