overmind
/
matrix-docker-ansible-deploy
огледало од https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Креирај огранак 0
Код Дискусије 0 Издања 0 Вики Activity
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10808 Комити
13 Гране
487 MiB
 
 
Дрво: baa740fcda
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from 'baa740fcda'
${ noResults }
matrix-docker-ansible-deploy/examples/reverse-proxies/nginx/matrix.conf

125 lines
5.1 KiB
Датотека Blame Историја 

  1. # SPDX-FileCopyrightText: 2023 - 2024 Jost Alemann

  2. # SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

  3. # SPDX-FileCopyrightText: 2024 Slavi Pantaleev

  4. #

  5. # SPDX-License-Identifier: AGPL-3.0-or-later

  6. 

  7. server {

  8.     # TODO: once per IP and port you should add `reuseport`, if you don't have that in any other nginx config file, add it here by uncommenting the lines below and commenting the one after with `quic` but without `reuseport`

  9.     #listen 443 quic reuseport;

  10.     listen 443 quic;

  11.     listen 443 ssl;

  12. 	# TODO: if you replaced the line above for port 443 and IPv4, you probably want to do the same for port 443 IPv6 by switching the two lines below

  13. 	#listen [::]:443 quic reuseport;

  14.     listen [::]:443 quic;

  15.     listen [::]:443 ssl;

  16.     http2 on;

  17.     http3 on;

  18. 

  19.     # TODO: add/remove services and their subdomains if you use/don't use them

  20.     # this example is using hosting something on the base domain and an Element Web client, so example.com and element.example.com are listed in addition to matrix.example.com

  21.     # if you don't use those, you can remove them

  22.     # if you use e.g. Dimension on dimension.example.com, add dimension.example.com to the server_name list

  23.     server_name example.com matrix.example.com element.example.com;

  24. 

  25.     location / {

  26.         # note: do not add a path (even a single /) after the port in `proxy_pass`,

  27.         # otherwise, nginx will canonicalise the URI and cause signature verification

  28.         # errors.

  29.         proxy_pass http://localhost:81;

  30.         proxy_set_header X-Forwarded-For $remote_addr;

  31.         proxy_set_header X-Forwarded-Proto $scheme;

  32.         proxy_set_header Host $host;

  33.         proxy_set_header X-Real-IP $remote_addr;

  34. 

  35.         access_log /var/log/nginx/matrix.access.log;

  36.         error_log /var/log/nginx/matrix.error.log;

  37. 

  38.         # Nginx by default only allows file uploads up to 1M in size

  39.         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml

  40.         client_max_body_size 50M;

  41. 

  42.         # required for browsers to direct them to quic port

  43.         add_header Alt-Svc 'h3=":443"; ma=86400';

  44.     }

  45. 

  46.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  47.     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot

  48.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  49.     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

  50.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  51.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  52. }

  53. 

  54. # settings for Matrix federation

  55. server {

  56.     # For the federation port

  57.     # TODO: once per IP and port you should add `reuseport`, if you don't have that in any other nginx config file, add it here by uncommenting the lines below and commenting the one after with `quic` but without `reuseport`

  58.     #listen 8448 quic reuseport;

  59.     listen 8448 quic;

  60.     listen 8448 ssl default_server;

  61.     # TODO: if you replaced the line above for port 8448 and IPv4, you probably want to do the same for port 8448 IPv6 by switching the two lines below

  62.     #listen [::]:8448 quic reuseport;

  63.     listen [::]:8448 quic;

  64.     listen [::]:8448 ssl default_server;

  65.     http2 on;

  66.     http3 on;

  67. 

  68.     server_name matrix.example.com;

  69. 

  70.     location / {

  71.         proxy_pass http://localhost:8449;

  72.         proxy_set_header X-Forwarded-For $remote_addr;

  73.         proxy_set_header X-Forwarded-Proto $scheme;

  74.         proxy_set_header Host $host;

  75. 

  76.         access_log /var/log/nginx/matrix.access.log;

  77.         error_log /var/log/nginx/matrix.error.log;

  78. 

  79.         # Nginx by default only allows file uploads up to 1M in size

  80.         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml

  81.         client_max_body_size 50M;

  82. 

  83. 		# required for browsers to direct them to quic port

  84.         add_header Alt-Svc 'h3=":8448"; ma=86400';

  85.     }

  86.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  87.     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot

  88.     # TODO: adapt the path to your ssl certificate for the domains listed on server_name

  89.     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

  90.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  91.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  92. }

  93. 

  94. # ensure using https

  95. # TODO: remove server blocks that you don't use / add server blocks for domains you do use

  96. server {

  97.     if ($host = example.com) {

  98.         return 301 https://$host$request_uri;

  99.     } # managed by Certbot

  100. 

  101.     server_name example.com;

  102.     listen 80;

  103.     return 404; # managed by Certbot

  104. }

  105. 

  106. server {

  107.     if ($host = matrix.example.com) {

  108.         return 301 https://$host$request_uri;

  109.     } # managed by Certbot

  110. 

  111.     server_name matrix.example.com;

  112.     listen 80;

  113.     return 404; # managed by Certbot

  114. }

  115. 

  116. server {

  117.     if ($host = element.example.com) {

  118.         return 301 https://$host$request_uri;

  119.     } # managed by Certbot

  120. 

  121.     server_name element.example.com;

  122.     listen 80;

  123.     return 404; # managed by Certbot

  124. }