##WEBSERVER DEFINITIONS FOR ALL MATRIX SERVICES ON LYSERGIC.DEV

##SYNAPSE
server {
    listen 202.61.255.116:443 ssl;
    listen [2a03:4000:55:d20::]:443 ssl;

    # For the federation port
    listen 202.61.255.116:8448 ssl default_server;
    listen [2a03:4000:55:d20::]:8448 ssl;
    listen 192.168.0.115:8448 ssl;

    ssl_certificate /etc/ssl/lysergic/fullchain.pem;
    ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_prefer_server_ciphers off;
    add_header Strict-Transport-Security "max-age=63072000" always;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 127.0.0.4;

    server_name matrix.lysergic.dev;

    location ~* ^(\/_matrix|\/_synapse\/client) {
        proxy_pass http://[::1]:8763;
        proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        client_max_body_size 100M;
    }

    location /.well-known/matrix/client {
        return 200 '{"m.homeserver": {"base_url": "https://matrix.lysergic.dev"}, "m.identity_server": {"base_url": "https://ident.matrix.liberta.casa"}}';
        default_type application/json;
        add_header Access-Control-Allow-Origin *;
    }

    location /.well-known/matrix/server {
        return 200 '{"m.server": "matrix.lysergic.dev:8448"}';
        default_type application/json;
        add_header Access-Control-Allow-Origin *;
    }


     location / {
        proxy_pass http://[::1]:8763/;
        proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        client_max_body_size 100M;
    }
}

#ELEMENT
server {
    listen 202.61.255.116:443 ssl;
    listen [2a03:4000:55:d20::]:443 ssl;
    server_name element.lysergic.dev;

    root /mnt/gluster01/web/matrix/element-lysergic;

    ssl_certificate /etc/ssl/lysergic/fullchain.pem;
    ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;
    add_header Strict-Transport-Security "max-age=63072000" always;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 127.0.0.4;
}