# This is a sample file demonstrating how to set up reverse-proxy for matrix.DOMAIN ServerName matrix.DOMAIN ProxyVia On # Map /.well-known/acme-challenge to the certbot server # If you manage SSL certificates by yourself, this will differ. ProxyPreserveHost On ProxyPass http://127.0.0.1:2402/.well-known/acme-challenge Redirect permanent / https://matrix.DOMAIN/ ServerName matrix.DOMAIN SSLEngine On # If you manage SSL certificates by yourself, these paths will differ. SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem SSLProxyEngine on SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH ProxyPreserveHost On ProxyRequests Off ProxyVia On # Keep some URIs free for different proxy/location ProxyPassMatch ^/.well-known/matrix/client ! ProxyPassMatch ^/_matrix/identity ! ProxyPassMatch ^/_matrix/client/r0/user_directory/search ! # Proxy all remaining traffic to Synapse ProxyPass / http://127.0.0.1:8008/ ProxyPassReverse / http://127.0.0.1:8008/ # Map /.well-known/matrix/client for client discovery Alias /.well-known/matrix/client /matrix/static-files/.well-known/matrix/client Require all granted Header always set Content-Type "application/json" Header always set Access-Control-Allow-Origin "*" AllowOverride All # Apache 2.4: Require all granted # Or for Apache 2.2: #order allow,deny # Map /_matrix/identity to the identity server ProxyPass http://127.0.0.1:8090/_matrix/identity # Map /_matrix/client/r0/user_directory/search to the identity server ProxyPass http://127.0.0.1:8090/_matrix/client/r0/user_directory/search ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined