overmind
/
matrix-docker-ansible-deploy
огледало од https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Креирај огранак 0
Код Дискусије 0 Издања 0 Вики Activity
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8109 Комити
13 Гране
487 MiB
 
 
Дрво: b6571fc4fd
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from 'b6571fc4fd'
${ noResults }
matrix-docker-ansible-deploy/examples/reverse-proxies/nginx/matrix.conf

119 lines
4.9 KiB
Датотека Blame Историја 

  1. server {

  2.     # TODO: once per IP and port you should add `reuseport`, if you don't have that in any other nginx config file, add it here by uncommenting the lines below and commenting the one after with `quic` but without `reuseport`

  3.     #listen 443 quic reuseport;

  4.     listen 443 quic;

  5.     listen 443 ssl;

  6. 	# TODO: if you replaced the line above for port 443 and IPv4, you probably want to do the same for port 443 IPv6 by switching the two lines below

  7. 	#listen [::]:443 quic reuseport;

  8.     listen [::]:443 quic;

  9.     listen [::]:443 ssl;

  10.     http2 on;

  11.     http3 on;

  12. 

  13.     # TODO: add/remove services and their subdomains if you use/don't use them

  14.     # this example is using hosting something on the base domain and an element web client, so example.com and element.example.com are listed in addition to matrix.example.com

  15.     # if you don't use those, you can remove them

  16.     # if you use e.g. dimension on dimension.example.com, add dimension.example.com to the server_name list

  17.     server_name example.com matrix.example.com element.example.com;

  18. 

  19.     location / {

  20.         # note: do not add a path (even a single /) after the port in `proxy_pass`,

  21.         # otherwise, nginx will canonicalise the URI and cause signature verification

  22.         # errors.

  23.         proxy_pass http://localhost:81;

  24.         proxy_set_header X-Forwarded-For $remote_addr;

  25.         proxy_set_header X-Forwarded-Proto $scheme;

  26.         proxy_set_header Host $host;

  27.         proxy_set_header X-Real-IP $remote_addr;

  28. 

  29.         access_log /var/log/nginx/matrix.access.log;

  30.         error_log /var/log/nginx/matrix.error.log;

  31. 

  32.         # Nginx by default only allows file uploads up to 1M in size

  33.         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml

  34.         client_max_body_size 50M;

  35. 

  36.         # required for browsers to direct them to quic port

  37.         add_header Alt-Svc 'h3=":443"; ma=86400';

  38.     }

  39. 

  40.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  41.     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot

  42.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  43.     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

  44.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  45.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  46. }

  47. 

  48. # settings for matrix federation

  49. server {

  50.     # For the federation port

  51.     # TODO: once per IP and port you should add `reuseport`, if you don't have that in any other nginx config file, add it here by uncommenting the lines below and commenting the one after with `quic` but without `reuseport`

  52.     #listen 8448 quic reuseport;

  53.     listen 8448 quic;

  54.     listen 8448 ssl default_server;

  55.     # TODO: if you replaced the line above for port 8448 and IPv4, you probably want to do the same for port 8448 IPv6 by switching the two lines below

  56.     #listen [::]:8448 quic reuseport;

  57.     listen [::]:8448 quic;

  58.     listen [::]:8448 ssl default_server;

  59.     http2 on;

  60.     http3 on;

  61. 

  62.     server_name matrix.example.com;

  63. 

  64.     location / {

  65.         proxy_pass http://localhost:8449;

  66.         proxy_set_header X-Forwarded-For $remote_addr;

  67.         proxy_set_header X-Forwarded-Proto $scheme;

  68.         proxy_set_header Host $host;

  69. 

  70.         access_log /var/log/nginx/matrix.access.log;

  71.         error_log /var/log/nginx/matrix.error.log;

  72. 

  73.         # Nginx by default only allows file uploads up to 1M in size

  74.         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml

  75.         client_max_body_size 50M;

  76. 

  77. 		# required for browsers to direct them to quic port

  78.         add_header Alt-Svc 'h3=":8448"; ma=86400';

  79.     }

  80.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  81.     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot

  82.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  83.     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

  84.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  85.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  86. }

  87. 

  88. # ensure using https

  89. # TODO: remove server blocks that you don't use / add server blocks for domains you do use

  90. server {

  91.     if ($host = example.com) {

  92.         return 301 https://$host$request_uri;

  93.     } # managed by Certbot

  94. 

  95.     server_name example.com;

  96.     listen 80;

  97.     return 404; # managed by Certbot

  98. }

  99. 

  100. server {

  101.     if ($host = matrix.example.com) {

  102.         return 301 https://$host$request_uri;

  103.     } # managed by Certbot

  104. 

  105.     server_name matrix.example.com;

  106.     listen 80;

  107.     return 404; # managed by Certbot

  108. }

  109. 

  110. server {

  111.     if ($host = element.example.com) {

  112.         return 301 https://$host$request_uri;

  113.     } # managed by Certbot

  114. 

  115.     server_name element.example.com;

  116.     listen 80;

  117.     return 404; # managed by Certbot

  118. }