system/nginx/02/matrix.conf

80 lines
2.4 KiB
Plaintext
Raw Normal View History

##WEBSERVER DEFINITIONS FOR ALL MATRIX SERVICES ON LYSERGIC.DEV
##SYNAPSE
server {
listen 202.61.255.116:443 ssl;
listen [2a03:4000:55:d20::]:443 ssl;
# For the federation port
listen 202.61.255.116:8448 ssl default_server;
listen [2a03:4000:55:d20::]:8448 ssl;
listen 192.168.0.115:8448 ssl;
ssl_certificate /etc/ssl/lysergic/fullchain.pem;
ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.4;
server_name matrix.lysergic.dev;
location ~* ^(\/_matrix|\/_synapse\/client) {
proxy_pass http://[::1]:8763;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 100M;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.lysergic.dev"}, "m.identity_server": {"base_url": "https://ident.matrix.liberta.casa"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.lysergic.dev:8448"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location / {
proxy_pass http://[::1]:8763/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 100M;
}
}
#ELEMENT
server {
listen 202.61.255.116:443 ssl;
listen [2a03:4000:55:d20::]:443 ssl;
server_name element.lysergic.dev;
root /mnt/gluster01/web/matrix/element-lysergic;
ssl_certificate /etc/ssl/lysergic/fullchain.pem;
ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.4;
}