Merge pull request #137 from jdreichmann/master

Add some examples for caddy as an external webserver
5 years ago · d4f2cb91d7
parent 9c401efb2d aba8327991
commit d4f2cb91d7
5 changed files with 53 additions and 0 deletions
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@ -49,6 +49,9 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"

 Once you've followed the [Preparation](#preparation) guide above, you can take a look at the [examples/apache](../examples/apache) directory for a sample configuration.

+## Using your own external caddy webserver
+
+After following  the [Preparation](#preparation) guide above, you can take a look at the [examples/caddy](../examples/caddy) directory for a sample configuration.

 ## Using another external webserver

--- a/examples/caddy/matrix-dimension
+++ b/examples/caddy/matrix-dimension
@ -0,0 +1,7 @@
+https://dimension.DOMAIN {
+	tls /matrix/ssl/config/live/dimension.DOMAIN/fullchain.pem /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem
+
+	proxy / http://127.0.0.1:8134/ {
+		transparent
+	}
+}
--- a/examples/caddy/matrix-riot-web
+++ b/examples/caddy/matrix-riot-web
@ -0,0 +1,8 @@
+https://riot.DOMAIN {
+	# These might differ if you are supplying your own certificates
+	tls /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
+
+	proxy / http://127.0.0.1:8765 {
+		transparent
+	}
+}
--- a/examples/caddy/matrix-synapse
+++ b/examples/caddy/matrix-synapse
@ -0,0 +1,28 @@
+https://matrix.DOMAIN {
+	# If you use your own certificates, your path may differ
+	tls /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
+
+	root /matrix/static-files
+
+	header {
+		Access-Control-Allow-Origin *
+		Strict-Transport-Security "mag=age=31536000;"
+		X-Frame-Options "DENY"
+		X-XSS-Protection "1; mode=block"
+	}
+
+	# Identity server traffic
+	proxy /_matrix/identity matrix-msisd:8090 {
+		transparent
+	}
+	proxy /_matrix/client/r0/user_directory/search matrix-msisd:8090 {
+		transparent
+	}
+
+	# Synapse Client<>Server API
+	proxy / matrix-synapse:8008 {
+		transparent
+		without /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search
+	}
+
+}
--- a/examples/caddy/matrix-util
+++ b/examples/caddy/matrix-util
@ -0,0 +1,7 @@
+:80 {
+	# Redirect ACME-Challenge traffic to port 2402
+	proxy /.well-known/acme-challenge http://127.0.0.1:2402
+
+	# Redirect all other traffic to HTTPS
+	redir /  https://{host}{uri} 301
+}