The Mividas system can be deployed in various configurations to fit your organization’s network environment. For detailed deployment instructions, refer to the Deployment Guide.
To optimize traffic filtering for services across different network zones, Mividas Core and Mividas Rooms support unique domain names and URL prefixes for different service types.
URL Prefix Guide: External Access Beyond LAN/DMZ
If Mividas Core Scheduling API or Separate Domain for Rooms Endpoint Event Requests are enabled, these services are automatically filtered by domain. Otherwise, all traffic should be routed through the main management hostname, with selective URL prefixes open to external systems and edge nodes.
| Service | URL Prefix | Description |
|---|---|---|
| Mividas Core | /cdr/ | Call detail records and external policy requests from CMS and Pexip Infinity nodes. |
/json-api/v1/ | Management API (Consider restricting specific API endpoints in your load balancer configuration). | |
| Core Scheduling API | /api/v1/ | API for meeting scheduling (can use a dedicated domain). |
| Mividas Rooms | /tms/, /ep/ | HTTP feedback events and passive provisioning from Cisco video conferencing systems. |
/site_media/media/firmware/ | Media and firmware files. | |
/tms/firmware/download/ | Firmware downloads for Cisco endpoints. | |
| Mividas Core Meeting Portal | /outlook/v1/, /saml/ | Outlook add-in, scheduling API requests, and SAML2 SSO authentication. |
Reverse Proxy Configuration for Satellite Offices with Local Firmware Cache
Requirements:
- Split DNS: Domain names for the Mividas Core/Mividas Rooms server should be resolved locally at remote offices to point to the load balancer or reverse proxy.
- SSL Certificates: Valid SSL certificates are required.
- Configuration: Replace
123.123.123.123with the server’s IP address and replacemividas.example.orgwith the FQDN of the Mividas Core/Mividas Rooms server. If “Separate Domain for Rooms Endpoint Event Requests” is enabled, replaceendpoints.example.orgwith the configured FQDN; otherwise, remove the relevant block.
Example with Docker: Save the configuration file as mividas.conf and place SSL certificates in a directory named ssl. Run the following command:
docker run --rm -p 80:80 -p 443:443 -v `pwd`/mividas.conf:/etc/nginx/conf.d/default.conf -v `pwd`/ssl/:/etc/nginx/ssl/:ro nginxConfiguration File (mividas.conf):
proxy_cache_path /var/cache/nginx keys_zone=mividas_static:100m inactive=10h max_size=30g;
limit_conn_zone $server_name zone=firmware:1m;
upstream mividasvm {
server 123.123.123.123:443;
}
server {
listen 80;
server_name mividas.example.org;
server_name endpoints.example.org;
location / {
rewrite ^/?(.*) https://$http_host/$1;
}
}
server {
listen 443 ssl http2;
server_name mividas.example.org;
ssl_certificate /etc/nginx/ssl/mividas.example.org.fullchain.crt;
ssl_certificate_key /etc/nginx/ssl/mividas.example.org.key;
# set_real_ip_from 234.234.234.234; # Uncomment this to pass client IP from upstream proxies
proxy_set_header Host mividas.example.org;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
underscores_in_headers on;
proxy_http_version 1.0;
proxy_ssl_session_reuse on;
# Add your access rules here (ip/geoip etc)
location / {
proxy_pass https://mividasvm;
}
location ~ ^(/site_media/media/firmware/|/(tms|ep)/firmware/download/) {
proxy_cache mividas_static;
proxy_cache_valid 200 7d;
proxy_cache_revalidate on;
proxy_cache_lock on;
proxy_cache_lock_age 60s;
proxy_buffering off;
limit_conn firmware 10;
proxy_pass https://mividasvm;
}
location /site_media/ {
proxy_cache mividas_static;
proxy_cache_valid 200 60s;
proxy_cache_revalidate on;
proxy_cache_lock on;
proxy_cache_lock_age 60s;
proxy_buffering off;
proxy_pass https://mividasvm;
}
}
# Only needed if using "Separate domain name for Rooms Endpoint event requests" in your installation:
server {
listen 443 ssl http2;
server_name endpoints.example.org;
ssl_certificate /etc/nginx/ssl/endpoints.example.org.fullchain.crt;
ssl_certificate_key /etc/nginx/ssl/endpoints.example.org.key;
# set_real_ip_from 234.234.234.234; # Uncomment this to pass client IP from upstream proxies
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
underscores_in_headers on;
proxy_http_version 1.0;
proxy_ssl_session_reuse on;
# Add your access rules here (ip/geoip etc)
location / {
proxy_pass https://mividasvm;
}
location ~ ^(/site_media/media/firmware/|/(tms|ep)/firmware/download/) {
proxy_cache mividas_static;
proxy_cache_valid 200 7d;
proxy_cache_revalidate on;
proxy_cache_lock on;
proxy_cache_lock_age 60s;
proxy_buffering off;
limit_conn firmware 10;
proxy_pass https://mividasvm;
}
}Mividas Rooms Proxy Client TCP Port Forwarding
To configure Mividas Rooms Proxy-client TCP port forwarding, add the following outside the http configuration (e.g., in /etc/nginx.conf or in /etc/nginx/mods-enabled/mividas_proxy.conf):
# Mividas Rooms Proxy client (optional). Replace 2222 with your configured port number
stream {
server {
listen 2222;
# Add your access rules here (ip/geoip etc)
proxy_pass 123.123.123.123:2222;
}
}