server {
    listen 80;
    server_name conf.example.com;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl http2;
    server_name conf.example.com;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";

    add_header Strict-Transport-Security "max-age=31536000";
    ssl_certificate /etc/letsencrypt/live/conf.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/conf.example.com/privkey.pem; # managed by Certbot

    root /usr/share/jitsi-meet;
    index index.html index.htm;
    error_page 404 /static/404.html;

    location /config.js {
        alias /etc/jitsi/meet/conf.example.com-config.js;
    }

    location ~ ^/([a-zA-Z0-9=\?]+)$ {
        rewrite ^/(.*)$ / break;
    }

    location / {
        ssi on;
    }

    # Backward compatibility
    location ~ /external_api.* {
        root /usr/share/jitsi-meet/libs;
    }

    # BOSH
    location /http-bind {
        proxy_pass      http://localhost:5280/http-bind;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }

}