system/nginx/01/matrix.conf
Georg 89f7cffd73
Initial nginx run 01/05
Signed-off-by: Georg <georg@lysergic.dev>
2021-08-30 20:38:56 +02:00

241 lines
7.9 KiB
Plaintext

##WEBSERVER DEFINITIONS FOR ALL MATRIX SERVICES ON LIBERTA.CASA
##SYNAPSE
server {
listen 81.16.19.64:443 ssl;
# For the federation port
listen 81.16.19.64:8448 ssl default_server;
listen 192.168.0.110:8448 ssl;
# For bridge
listen 127.0.0.2:443 ssl;
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.4;
server_name matrix.liberta.casa;
location ~* ^(\/_matrix|\/_synapse\/client) {
proxy_pass http://[::1]:8077;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 50M;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.liberta.casa"}, "m.identity_server": {"base_url": "https://ident.matrix.liberta.casa"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.liberta.casa:8448"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location / {
proxy_pass http://[::1]:8077/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_synapse graylog;
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_synapse debug;
}
#ELEMENT
server {
listen 81.16.19.64:443 ssl;
server_name element.liberta.casa;
root /mnt/gluster01/web/matrix/element-libertacasa;
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.4;
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_element graylog;
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_element debug;
}
server {
listen 81.16.19.64:443 ssl;
server_name m.liberta.casa;
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
return 301 https://element.liberta.casa$request_uri;
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_element graylog;
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_element debug;
}
#SYDENT
server {
listen 81.16.19.64:443 ssl;
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.4;
server_name ident.matrix.liberta.casa;
location / {
proxy_pass http://127.0.0.4:8074/;
proxy_set_header X-Forwarded-For $remote_addr;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 20M;
}
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_sydent graylog;
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_sydent debug;
}
#DIMENSION
server {
server_name integrations.matrix.liberta.casa;
listen 81.16.19.64:443 ssl;
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.4;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8184;
}
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_dimension graylog;
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_dimension debug;
}
#KEYS
server {
server_name keys.matrix.liberta.casa;
listen 81.16.19.64:443 ssl;
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.4;
location / {
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.2:8076;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://keys.matrix.liberta.casa"}, "m.identity_server": {"base_url": "https://ident.matrix.liberta.casa"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "keys.matrix.liberta.casa:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_keys graylog;
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_keys debug;
}
#MAUBOT
server {
server_name maubot.matrix.liberta.casa;
listen 81.16.19.64:443 ssl;
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.4;
# location /_matrix/maubot/v1/logs {
# proxy_pass http://127.0.0.2:29419;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_set_header X-Forwarded-For $remote_addr;
# }
location / {
proxy_pass http://127.0.0.2:29419;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_maubot graylog;
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_maubot debug;
}