|
- # This is a sample file demonstrating how to set up reverse-proxy for matrix.DOMAIN
-
- <VirtualHost *:80>
- ServerName matrix.DOMAIN
-
- # You may wish to handle the /.well-known/acme-challenge paths here somehow,
- # if you're using ACME (Let's Encrypt) certificates.
-
- Redirect permanent / https://matrix.DOMAIN/
- </VirtualHost>
-
- # Client-Server API
- <VirtualHost *:443>
- ServerName matrix.DOMAIN
-
- SSLEngine On
-
- # If you manage SSL certificates by yourself, these paths will differ.
- SSLCertificateFile /path/to/matrix.DOMAIN/fullchain.pem
- SSLCertificateKeyFile /path/to/matrix.DOMAIN/privkey.pem
-
- SSLProxyEngine on
- SSLProxyProtocol +TLSv1.2 +TLSv1.3
- SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
-
- ProxyPreserveHost On
- ProxyRequests Off
- ProxyVia On
- RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
-
- AllowEncodedSlashes NoDecode
- ProxyPass / http://127.0.0.1:81 retry=0 nocanon
- ProxyPassReverse / http://127.0.0.1:81/
-
- ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
- CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined
- </VirtualHost>
-
- # Server-Server (federation) API
- Listen 8448
- <VirtualHost *:8448>
- ServerName matrix.DOMAIN
-
- SSLEngine On
-
- # If you manage SSL certificates by yourself, these paths will differ.
- SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem
- SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
-
- SSLProxyEngine on
- SSLProxyProtocol +TLSv1.2 +TLSv1.3
- SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
-
- ProxyPreserveHost On
- ProxyRequests Off
- ProxyVia On
- RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
-
- AllowEncodedSlashes NoDecode
- ProxyPass / http://127.0.0.1:8449/ retry=0 nocanon
- ProxyPassReverse / http://127.0.0.1:8449/
-
- ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
- CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined
- </VirtualHost>
|
