nginx: align webrtc/signaling proxy with SUBFOLDERwebsocket, honour SUBFOLDER

DL6ER · DL6ER · commit 112435d0b4e8 · 2026-04-25T18:06:37.000+02:00
Two issues raised in review (both server blocks, :3000 and :3001):

1. The signaling regex was anchored at root: `^/webrtc/signaling/?$`. With
   a non-default SUBFOLDER deployment (e.g. SUBFOLDER=/foo/), the request
   path `/foo/webrtc/signaling/` would not match and would fall through
   to the static handler. Replace the leading `/` with the SUBFOLDER
   placeholder so the same sed substitution that processes every other
   location block also applies here. Default `SUBFOLDER=/` keeps the
   regex equivalent to before.

2. The new WebSocket location was missing the long timeouts and
   forwarded client headers that `SUBFOLDERwebsocket` already sets.
   Without them, signaling sessions can be cut by nginx defaults and
   selkies upstream sees only 127.0.0.1 as the client IP. Mirror the
   full set: X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, the three
   3600s timeouts, and client_max_body_size 10M. /turn gains the same
   forwarded headers (no timeouts — short HTTP request).
diff --git a/root/defaults/default.conf b/root/defaults/default.conf
@@ -56,16 +56,26 @@ server {
   # streamMode is "webrtc", and fetches /turn for TURN credentials.
   location SUBFOLDERturn {
     proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
     proxy_http_version      1.1;
     proxy_buffering         off;
     proxy_pass              http://127.0.0.1:CWS;
   }
-  location ~ ^/webrtc/signaling/?$ {
+  location ~ ^SUBFOLDERwebrtc/signaling/?$ {
     proxy_set_header        Upgrade $http_upgrade;
     proxy_set_header        Connection "upgrade";
     proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
     proxy_http_version      1.1;
+    proxy_read_timeout      3600s;
+    proxy_send_timeout      3600s;
+    proxy_connect_timeout   3600s;
     proxy_buffering         off;
+    client_max_body_size    10M;
     proxy_pass              http://127.0.0.1:CWS;
   }
   error_page 500 502 503 504 /50x.html;
@@ -134,16 +144,26 @@ server {
   # streamMode is "webrtc", and fetches /turn for TURN credentials.
   location SUBFOLDERturn {
     proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
     proxy_http_version      1.1;
     proxy_buffering         off;
     proxy_pass              http://127.0.0.1:CWS;
   }
-  location ~ ^/webrtc/signaling/?$ {
+  location ~ ^SUBFOLDERwebrtc/signaling/?$ {
     proxy_set_header        Upgrade $http_upgrade;
     proxy_set_header        Connection "upgrade";
     proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
     proxy_http_version      1.1;
+    proxy_read_timeout      3600s;
+    proxy_send_timeout      3600s;
+    proxy_connect_timeout   3600s;
     proxy_buffering         off;
+    client_max_body_size    10M;
     proxy_pass              http://127.0.0.1:CWS;
   }
   error_page 500 502 503 504 /50x.html;
