You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

96 lines
3.7 KiB

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# TODO: add/remove services and their subdomains if you use/don't use them
# this example is using hosting something on the base domain and an element web client, so example.com and element.example.com are listed in addition to matrix.example.com
# if you don't use those, you can remove them
# if you use e.g. dimension on dimension.example.com, add dimension.example.com to the server_name list
server_name example.com matrix.example.com element.example.com;
location / {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise, nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://localhost:81;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
access_log /var/log/nginx/matrix.access.log;
error_log /var/log/nginx/matrix.error.log;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# settings for matrix federation
server {
# For the federation port
listen 8448 ssl http2 default_server;
listen [::]:8448 ssl http2 default_server;
server_name matrix.example.com;
location / {
proxy_pass http://localhost:8449;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
access_log /var/log/nginx/matrix.access.log;
error_log /var/log/nginx/matrix.error.log;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# ensure using https
# TODO: remove server blocks that you don't use / add server blocks for domains you do use
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = matrix.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name matrix.example.com;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = element.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name element.example.com;
listen 80;
return 404; # managed by Certbot
}