overmind
/
matrix-docker-ansible-deploy
огледало от https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Разклонения 0
Код Задачи 0 Версии 0 Уики Activity
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11199 Ревизии
12 Клонове
271 MiB
 
 
Клон: master
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от 'master'
${ noResults }
matrix-docker-ansible-deploy/examples/reverse-proxies/nginx/matrix.conf

146 lines
5.9 KiB
Директен файл Постоянна връзка Blame История 

  1. # SPDX-FileCopyrightText: 2023 - 2024 Jost Alemann

  2. # SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

  3. # SPDX-FileCopyrightText: 2024 Slavi Pantaleev

  4. #

  5. # SPDX-License-Identifier: AGPL-3.0-or-later

  6. 

  7. server {

  8.     # TODO: once per IP and port you should add `reuseport`, if you don't have that in any other nginx config file, add it here by uncommenting the lines below and commenting the one after with `quic` but without `reuseport`

  9.     #listen 443 quic reuseport;

  10.     listen 443 quic;

  11.     listen 443 ssl;

  12. 	# TODO: if you replaced the line above for port 443 and IPv4, you probably want to do the same for port 443 IPv6 by switching the two lines below

  13. 	#listen [::]:443 quic reuseport;

  14.     listen [::]:443 quic;

  15.     listen [::]:443 ssl;

  16.     http2 on;

  17.     http3 on;

  18. 

  19.     # TODO: add/remove services and their subdomains if you use/don't use them

  20.     # this example is using hosting something on the base domain and an Element Web client, so example.com and element.example.com are listed in addition to matrix.example.com

  21.     # if you don't use those, you can remove them

  22.     # if you use e.g. Etherpad on etherpad.example.com, add etherpad.example.com to the server_name list

  23.     server_name example.com matrix.example.com element.example.com;

  24. 

  25.     # Required for Matrix RTC (WebSocket proxying to LiveKit Server).

  26.     # See: ../../../docs/configuring-playbook-matrix-rtc.md#fronting-the-integrated-reverse-proxy-with-another-reverse-proxy

  27.     location /livekit-server/ {

  28.         proxy_pass http://localhost:81/livekit-server/;

  29.         proxy_http_version 1.1;

  30.         proxy_set_header Upgrade $http_upgrade;

  31.         proxy_set_header Connection "upgrade";

  32.         proxy_set_header X-Forwarded-For $remote_addr;

  33.         proxy_set_header X-Forwarded-Proto $scheme;

  34.         proxy_set_header Host $host;

  35.         proxy_set_header X-Real-IP $remote_addr;

  36. 

  37.         # Long timeouts for persistent WebSocket connections

  38.         proxy_read_timeout 86400s;

  39.         proxy_send_timeout 86400s;

  40.         proxy_buffering off;

  41. 

  42.         access_log /var/log/nginx/matrix.access.log;

  43.         error_log /var/log/nginx/matrix.error.log;

  44.     }

  45. 

  46.     location / {

  47.         # note: do not add a path (even a single /) after the port in `proxy_pass`,

  48.         # otherwise, nginx will canonicalise the URI and cause signature verification

  49.         # errors.

  50.         proxy_pass http://localhost:81;

  51.         proxy_set_header X-Forwarded-For $remote_addr;

  52.         proxy_set_header X-Forwarded-Proto $scheme;

  53.         proxy_set_header Host $host;

  54.         proxy_set_header X-Real-IP $remote_addr;

  55. 

  56.         access_log /var/log/nginx/matrix.access.log;

  57.         error_log /var/log/nginx/matrix.error.log;

  58. 

  59.         # Nginx by default only allows file uploads up to 1M in size

  60.         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml

  61.         client_max_body_size 50M;

  62. 

  63.         # required for browsers to direct them to quic port

  64.         add_header Alt-Svc 'h3=":443"; ma=86400';

  65.     }

  66. 

  67.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  68.     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot

  69.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  70.     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

  71.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  72.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  73. }

  74. 

  75. # settings for Matrix federation

  76. server {

  77.     # For the federation port

  78.     # TODO: once per IP and port you should add `reuseport`, if you don't have that in any other nginx config file, add it here by uncommenting the lines below and commenting the one after with `quic` but without `reuseport`

  79.     #listen 8448 quic reuseport;

  80.     listen 8448 quic;

  81.     listen 8448 ssl default_server;

  82.     # TODO: if you replaced the line above for port 8448 and IPv4, you probably want to do the same for port 8448 IPv6 by switching the two lines below

  83.     #listen [::]:8448 quic reuseport;

  84.     listen [::]:8448 quic;

  85.     listen [::]:8448 ssl default_server;

  86.     http2 on;

  87.     http3 on;

  88. 

  89.     server_name matrix.example.com;

  90. 

  91.     location / {

  92.         proxy_pass http://localhost:8449;

  93.         proxy_set_header X-Forwarded-For $remote_addr;

  94.         proxy_set_header X-Forwarded-Proto $scheme;

  95.         proxy_set_header Host $host;

  96. 

  97.         access_log /var/log/nginx/matrix.access.log;

  98.         error_log /var/log/nginx/matrix.error.log;

  99. 

  100.         # Nginx by default only allows file uploads up to 1M in size

  101.         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml

  102.         client_max_body_size 50M;

  103. 

  104. 		# required for browsers to direct them to quic port

  105.         add_header Alt-Svc 'h3=":8448"; ma=86400';

  106.     }

  107.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  108.     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot

  109.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  110.     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

  111.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  112.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  113. }

  114. 

  115. # ensure using https

  116. # TODO: remove server blocks that you don't use / add server blocks for domains you do use

  117. server {

  118.     if ($host = example.com) {

  119.         return 301 https://$host$request_uri;

  120.     } # managed by Certbot

  121. 

  122.     server_name example.com;

  123.     listen 80;

  124.     return 404; # managed by Certbot

  125. }

  126. 

  127. server {

  128.     if ($host = matrix.example.com) {

  129.         return 301 https://$host$request_uri;

  130.     } # managed by Certbot

  131. 

  132.     server_name matrix.example.com;

  133.     listen 80;

  134.     return 404; # managed by Certbot

  135. }

  136. 

  137. server {

  138.     if ($host = element.example.com) {

  139.         return 301 https://$host$request_uri;

  140.     } # managed by Certbot

  141. 

  142.     server_name element.example.com;

  143.     listen 80;

  144.     return 404; # managed by Certbot

  145. }