From e4e6dbd83f67555a8cf656615dcff2c3219281d4 Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Fri, 13 Feb 2026 00:38:58 -0700 Subject: [PATCH] Add jeffsi.localvibe.live as primary domain with Let's Encrypt HTTPS Redeploy to new domain while keeping meet.jeffemmett.com as legacy fallback via Cloudflare tunnel. Sync compose file with production (branding volume mounts, middlewares). Co-Authored-By: Claude Opus 4.6 --- docker-compose.jeffsi.yml | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/docker-compose.jeffsi.yml b/docker-compose.jeffsi.yml index 35ee98b..90a08bf 100644 --- a/docker-compose.jeffsi.yml +++ b/docker-compose.jeffsi.yml @@ -1,4 +1,6 @@ -# Jeffsi Meet - Docker Compose for Traefik + Cloudflare Tunnel +# Jeffsi Meet - Docker Compose for Traefik +# Primary domain: jeffsi.localvibe.live (direct HTTPS via Let's Encrypt) +# Legacy domain: meet.jeffemmett.com (via Cloudflare tunnel) services: web: image: jeffsi-meet-web:latest @@ -17,17 +19,29 @@ services: - ./nginx-custom:/config/nginx-custom:ro labels: - "traefik.enable=true" - - "traefik.http.routers.jeffsi-meet.rule=Host(`meet.jeffemmett.com`)" - - "traefik.http.routers.jeffsi-meet.entrypoints=web" - "traefik.http.services.jeffsi-meet.loadbalancer.server.port=80" + # Shared middlewares - "traefik.http.middlewares.jeffsi-headers.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.jeffsi-nocache.headers.customresponseheaders.Cache-Control=no-store, must-revalidate" - "traefik.http.middlewares.jeffsi-frame.headers.customFrameOptionsValue=ALLOWALL" - "traefik.http.middlewares.jeffsi-permissions.headers.customresponseheaders.Permissions-Policy=camera=*, microphone=*, display-capture=*, fullscreen=*, autoplay=*" - "traefik.http.middlewares.jeffsi-csp.headers.customresponseheaders.Content-Security-Policy=frame-ancestors *" + - "traefik.http.middlewares.jeffsi-redirect-https.redirectscheme.scheme=https" + # PRIMARY: jeffsi.localvibe.live - HTTPS via Let's Encrypt + - "traefik.http.routers.jeffsi-meet-secure.rule=Host(`jeffsi.localvibe.live`)" + - "traefik.http.routers.jeffsi-meet-secure.entrypoints=websecure" + - "traefik.http.routers.jeffsi-meet-secure.tls.certresolver=letsencrypt" + - "traefik.http.routers.jeffsi-meet-secure.middlewares=jeffsi-headers,jeffsi-nocache,jeffsi-frame,jeffsi-permissions,jeffsi-csp" + # PRIMARY HTTP->HTTPS redirect + - "traefik.http.routers.jeffsi-meet-http.rule=Host(`jeffsi.localvibe.live`)" + - "traefik.http.routers.jeffsi-meet-http.entrypoints=web" + - "traefik.http.routers.jeffsi-meet-http.middlewares=jeffsi-redirect-https" + # LEGACY: meet.jeffemmett.com - via Cloudflare tunnel (port 80) + - "traefik.http.routers.jeffsi-meet.rule=Host(`meet.jeffemmett.com`)" + - "traefik.http.routers.jeffsi-meet.entrypoints=web" - "traefik.http.routers.jeffsi-meet.middlewares=jeffsi-headers,jeffsi-nocache,jeffsi-frame,jeffsi-permissions,jeffsi-csp" environment: - - PUBLIC_URL=https://meet.jeffemmett.com + - PUBLIC_URL=https://jeffsi.localvibe.live - TZ=${TZ:-UTC} - ENABLE_COLIBRI_WEBSOCKET=1 - ENABLE_XMPP_WEBSOCKET=1 @@ -68,7 +82,7 @@ services: - ${CONFIG}/prosody/config:/config:Z - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z environment: - - PUBLIC_URL=https://meet.jeffemmett.com + - PUBLIC_URL=https://jeffsi.localvibe.live - TZ=${TZ:-UTC} - AUTH_TYPE=${AUTH_TYPE:-internal} - ENABLE_AUTH=${ENABLE_AUTH:-0} @@ -130,7 +144,7 @@ services: - ${CONFIG}/jvb:/config:Z environment: - TZ=${TZ:-UTC} - - PUBLIC_URL=https://meet.jeffemmett.com + - PUBLIC_URL=https://jeffsi.localvibe.live - JVB_AUTH_USER - JVB_AUTH_PASSWORD - JVB_BREWERY_MUC=jvbbrewery @@ -138,7 +152,7 @@ services: - JVB_PORT=10200 - JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443 - ENABLE_COLIBRI_WEBSOCKET=1 - - JVB_WS_DOMAIN=meet.jeffemmett.com + - JVB_WS_DOMAIN=jeffsi.localvibe.live - JVB_WS_SERVER_ID=default-id - XMPP_AUTH_DOMAIN=auth.meet.jitsi - XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi