This directory contains the Dockerized Nginx edge for Undefined Meet.
Dockerfile: buildsweb/distand packages it into the Nginx imagenginx.conf: base Nginx configurationentrypoint.sh: derives domains from env vars and renders templatestemplates/*.template: vhosts for the app, Jitsi, whiteboard, and default host
- App host is derived from
WEB_PUBLIC_URL - Jitsi host is derived from
WEB_JITSI_DOMAIN - Whiteboard host is derived from
WHITEBOARD_COLLAB_SERVER_PUBLIC_URL - TLS paths are provided via:
NGINX_TLS_CERT_PATHNGINX_TLS_KEY_PATHNGINX_TLS_OPTIONS_PATHNGINX_TLS_DHPARAM_PATH
- Optional runtime vars:
SERVER_PORTdefaults to4062NGINX_RELOAD_INTERVAL_SECONDSdefaults to21600CERTBOT_RENEW_INTERVAL_SECONDSdefaults to43200
The container fails fast if required Nginx env vars are missing.
- Safe to commit: templates, Docker Compose wiring, and placeholder env names
- Do not commit: real
.envvalues, TLS private keys, certificate archives, OAuth secrets, JWT secrets, or service passwords - Certificate material must be mounted at runtime, typically from
/etc/letsencrypt - Public exposure is limited to Nginx (
80,443) and JVB media UDP;serverandwhiteboardstay internal-only
docker compose config
docker compose build nginx
docker compose run --rm nginx nginx -tdocker-compose.prod.yml contains production-only overrides:
- host certificate mounts for
nginxandcertbot - server runtime hardening (
read_only,tmpfs, dropped capabilities)
docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d --build