--- /dev/null
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+server {
+ server_name matrix.${private_domain};
+
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ # For the federation port
+ listen 8448 ssl http2 default_server;
+ listen [::]:8448 ssl http2 default_server;
+ ssl_certificate ${private_ssl_cert_dir}/fullchain.pem;
+ ssl_certificate_key ${private_ssl_cert_dir}/privkey.pem;
+
+ location ~ ^(/_matrix|/_synapse/client) {
+ # note: do not add a path (even a single /) after the port in
+ # `proxy_pass`, otherwise nginx will canonicalise the URI and cause
+ # signature verification errors.
+ proxy_pass http://localhost:8008;
+ proxy_set_header X-Forwarded-For ${dollar}remote_addr;
+ proxy_set_header X-Forwarded-Proto ${dollar}scheme;
+ proxy_set_header Host ${dollar}host;
+
+ # Nginx by default only allows file uploads up to 1M in size.
+ # Increase client_max_body_size to match max_upload_size defined in
+ # homeserver.yaml.
+ client_max_body_size 50M;
+ }
+}
--- /dev/null
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+server {
+ server_name www.${private_domain} ${private_domain};
+
+ listen [::]:443 ssl http2;
+ listen 443 ssl http2;
+
+ ssl_certificate ${private_ssl_cert_dir}/fullchain.pem;
+ ssl_certificate_key ${private_ssl_cert_dir}/privkey.pem;
+
+ location /.well-known/matrix/server {
+ default_type application/json;
+ return 200 '{"m.server": "matrix.${dollar}{host}:443"}';
+ }
+
+ location /.well-known/matrix/client {
+ default_type application/json;
+ return 200 '{"m.homeserver": {"base_url": "https://matrix.${private_domain}"}}';
+ }
+}
+
+server {
+ server_name www.${private_domain} ${private_domain};
+
+ listen [::]:80;
+ listen 80;
+
+ if (${dollar}host = ${private_domain}) {
+ return 301 https://${dollar}host${dollar}request_uri;
+ }
+
+ return 404;
+}
projects / server.git / commitdiff