Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

99 lines
3.7 KiB

  1. server {
  2. listen 443 ssl;
  3. listen [::]:443 ssl;
  4. http2 on;
  5. # TODO: add/remove services and their subdomains if you use/don't use them
  6. # this example is using hosting something on the base domain and an element web client, so example.com and element.example.com are listed in addition to matrix.example.com
  7. # if you don't use those, you can remove them
  8. # if you use e.g. dimension on dimension.example.com, add dimension.example.com to the server_name list
  9. server_name example.com matrix.example.com element.example.com;
  10. location / {
  11. # note: do not add a path (even a single /) after the port in `proxy_pass`,
  12. # otherwise, nginx will canonicalise the URI and cause signature verification
  13. # errors.
  14. proxy_pass http://localhost:81;
  15. proxy_set_header X-Forwarded-For $remote_addr;
  16. proxy_set_header X-Forwarded-Proto $scheme;
  17. proxy_set_header Host $host;
  18. proxy_set_header X-Real-IP $remote_addr;
  19. access_log /var/log/nginx/matrix.access.log;
  20. error_log /var/log/nginx/matrix.error.log;
  21. # Nginx by default only allows file uploads up to 1M in size
  22. # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
  23. client_max_body_size 50M;
  24. }
  25. # TODO: adapt the path to your ssl certificate for the domains listed on server_name
  26. ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
  27. # TODO: adapt the path to your ssl certificate for the domains listed on server_name
  28. ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
  29. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  30. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
  31. }
  32. # settings for matrix federation
  33. server {
  34. # For the federation port
  35. listen 8448 ssl default_server;
  36. listen [::]:8448 ssl default_server;
  37. http2 on;
  38. server_name matrix.example.com;
  39. location / {
  40. proxy_pass http://localhost:8449;
  41. proxy_set_header X-Forwarded-For $remote_addr;
  42. proxy_set_header X-Forwarded-Proto $scheme;
  43. proxy_set_header Host $host;
  44. access_log /var/log/nginx/matrix.access.log;
  45. error_log /var/log/nginx/matrix.error.log;
  46. # Nginx by default only allows file uploads up to 1M in size
  47. # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
  48. client_max_body_size 50M;
  49. }
  50. # TODO: adapt the path to your ssl certificate for the domains listed on server_name
  51. ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
  52. # TODO: adapt the path to your ssl certificate for the domains listed on server_name
  53. ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
  54. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  55. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
  56. }
  57. # ensure using https
  58. # TODO: remove server blocks that you don't use / add server blocks for domains you do use
  59. server {
  60. if ($host = example.com) {
  61. return 301 https://$host$request_uri;
  62. } # managed by Certbot
  63. server_name example.com;
  64. listen 80;
  65. return 404; # managed by Certbot
  66. }
  67. server {
  68. if ($host = matrix.example.com) {
  69. return 301 https://$host$request_uri;
  70. } # managed by Certbot
  71. server_name matrix.example.com;
  72. listen 80;
  73. return 404; # managed by Certbot
  74. }
  75. server {
  76. if ($host = element.example.com) {
  77. return 301 https://$host$request_uri;
  78. } # managed by Certbot
  79. server_name element.example.com;
  80. listen 80;
  81. return 404; # managed by Certbot
  82. }