##WEBSERVER DEFINITIONS FOR ALL MATRIX SERVICES ON LIBERTA.CASA ##SYNAPSE server { listen 81.16.19.64:443 ssl; # For the federation port listen 81.16.19.64:8448 ssl default_server; listen 192.168.0.110:8448 ssl; # For bridge listen 127.0.0.2:443 ssl; ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; resolver 127.0.0.4; server_name matrix.liberta.casa; location ~* ^(\/_matrix|\/_synapse\/client) { proxy_pass http://[::1]:8077; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; client_max_body_size 50M; } location /.well-known/matrix/client { return 200 '{"m.homeserver": {"base_url": "https://matrix.liberta.casa"}, "m.identity_server": {"base_url": "https://ident.matrix.liberta.casa"}}'; default_type application/json; add_header Access-Control-Allow-Origin *; } location /.well-known/matrix/server { return 200 '{"m.server": "matrix.liberta.casa:8448"}'; default_type application/json; add_header Access-Control-Allow-Origin *; } location / { proxy_pass http://[::1]:8077/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; } access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_synapse graylog; error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_synapse debug; } #ELEMENT server { listen 81.16.19.64:443 ssl; server_name element.liberta.casa; root /mnt/gluster01/web/matrix/element-libertacasa; ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; resolver 127.0.0.4; access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_element graylog; error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_element debug; } server { listen 81.16.19.64:443 ssl; server_name m.liberta.casa; ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; return 301 https://element.liberta.casa$request_uri; access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_element graylog; error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_element debug; } #SYDENT server { listen 81.16.19.64:443 ssl; ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; resolver 127.0.0.4; server_name ident.matrix.liberta.casa; location / { proxy_pass http://127.0.0.4:8074/; proxy_set_header X-Forwarded-For $remote_addr; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 20M; } access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_sydent graylog; error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_sydent debug; } #DIMENSION server { server_name integrations.matrix.liberta.casa; listen 81.16.19.64:443 ssl; ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; resolver 127.0.0.4; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8184; } access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_dimension graylog; error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_dimension debug; } #KEYS server { server_name keys.matrix.liberta.casa; listen 81.16.19.64:443 ssl; ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; resolver 127.0.0.4; location / { # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.2:8076; } location /.well-known/matrix/client { return 200 '{"m.homeserver": {"base_url": "https://keys.matrix.liberta.casa"}, "m.identity_server": {"base_url": "https://ident.matrix.liberta.casa"}}'; default_type application/json; add_header Access-Control-Allow-Origin *; } location /.well-known/matrix/server { return 200 '{"m.server": "keys.matrix.liberta.casa:443"}'; default_type application/json; add_header Access-Control-Allow-Origin *; } access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_keys graylog; error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_keys debug; } #MAUBOT server { server_name maubot.matrix.liberta.casa; listen 81.16.19.64:443 ssl; ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; resolver 127.0.0.4; # location /_matrix/maubot/v1/logs { # proxy_pass http://127.0.0.2:29419; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "Upgrade"; # proxy_set_header X-Forwarded-For $remote_addr; # } location / { proxy_pass http://127.0.0.2:29419; proxy_set_header X-Forwarded-For $remote_addr; } access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_maubot graylog; error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_maubot debug; }