Files
avc-phone-ai/deploy/nginx-voip.activeblue.net.conf
2026-06-23 22:38:22 +00:00

59 lines
2.2 KiB
Plaintext

# nginx reverse proxy for the AVC phone agent.
# Terminates TLS for voip.activeblue.net and proxies to the app on 127.0.0.1:8200,
# forwarding the /ws WebSocket (Twilio Media Stream) with long timeouts.
#
# Install:
# sudo cp deploy/nginx-voip.activeblue.net.conf /etc/nginx/sites-available/voip.activeblue.net
# sudo cp deploy/nginx-ws-upgrade.conf /etc/nginx/conf.d/ws-upgrade.conf
# sudo ln -s /etc/nginx/sites-available/voip.activeblue.net /etc/nginx/sites-enabled/
# sudo nginx -t && sudo systemctl reload nginx
# (Get the cert FIRST — see README — or the 443 block fails to load.)
# ── HTTP :80 — ACME challenge + redirect everything else to HTTPS ─────────────
server {
listen 80;
listen [::]:80;
server_name voip.activeblue.net;
# Let's Encrypt HTTP-01 webroot challenge (served, not redirected).
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
# ── HTTPS :443 — TLS termination + proxy to the app ──────────────────────────
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name voip.activeblue.net;
ssl_certificate /etc/letsencrypt/live/voip.activeblue.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voip.activeblue.net/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Twilio Media Streams hold the WebSocket open for the whole call — allow it.
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
location / {
proxy_pass http://127.0.0.1:8200;
proxy_http_version 1.1;
# WebSocket upgrade (for /ws). $connection_upgrade comes from ws-upgrade.conf.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}