From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Thu, 23 Nov 2023 21:05:19 +0000 (+0100)
Subject: [matrix] Serve files with nginx.
X-Git-Url: https://git.ekhem.eu.org/?a=commitdiff_plain;h=c7711fe18bf1ae11328f22c48f018f0368499ae6;p=server.git

[matrix] Serve files with nginx.
---

diff --git a/matrix/matrix.conf b/matrix/matrix.conf
new file mode 100644
index 0000000..483509d
--- /dev/null
+++ b/matrix/matrix.conf
@@ -0,0 +1,30 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+server {
+    server_name matrix.${private_domain};
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    # For the federation port
+    listen 8448 ssl http2 default_server;
+    listen [::]:8448 ssl http2 default_server;
+    ssl_certificate ${private_ssl_cert_dir}/fullchain.pem;
+    ssl_certificate_key ${private_ssl_cert_dir}/privkey.pem;
+
+    location ~ ^(/_matrix|/_synapse/client) {
+        # note: do not add a path (even a single /) after the port in
+	# `proxy_pass`, otherwise nginx will canonicalise the URI and cause
+	# signature verification errors.
+        proxy_pass http://localhost:8008;
+        proxy_set_header X-Forwarded-For ${dollar}remote_addr;
+        proxy_set_header X-Forwarded-Proto ${dollar}scheme;
+        proxy_set_header Host ${dollar}host;
+
+        # Nginx by default only allows file uploads up to 1M in size.
+        # Increase client_max_body_size to match max_upload_size defined in
+	# homeserver.yaml.
+        client_max_body_size 50M;
+    }
+}
diff --git a/matrix/private.conf b/matrix/private.conf
new file mode 100644
index 0000000..ec4e6cb
--- /dev/null
+++ b/matrix/private.conf
@@ -0,0 +1,35 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+server {
+    server_name www.${private_domain} ${private_domain};
+
+    listen [::]:443 ssl http2;
+    listen 443 ssl http2;
+
+    ssl_certificate ${private_ssl_cert_dir}/fullchain.pem;
+    ssl_certificate_key ${private_ssl_cert_dir}/privkey.pem;
+
+    location /.well-known/matrix/server {
+        default_type application/json;
+        return 200 '{"m.server": "matrix.${dollar}{host}:443"}';
+    }
+
+    location /.well-known/matrix/client {
+        default_type application/json;
+        return 200 '{"m.homeserver": {"base_url": "https://matrix.${private_domain}"}}';
+    }
+}
+
+server {
+    server_name www.${private_domain} ${private_domain};
+
+    listen [::]:80;
+    listen 80;
+
+    if (${dollar}host = ${private_domain}) {
+        return 301 https://${dollar}host${dollar}request_uri;
+    }
+
+    return 404;
+}