matrix-docker-ansible-deploy/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2

64 lines
1.9 KiB
Plaintext
Raw Normal View History

server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_base_domain_hostname }};
server_tokens off;
2019-04-23 07:44:02 +00:00
{% if matrix_nginx_proxy_nginx_status_enabled %}
location /nginx_status {
stub_status on;
access_log off;
{% for address in matrix_nginx_proxy_nginx_status_allowed_addresses %}
allow {{ address }};
{% endfor %}
deny all;
}
{% endif %}
2019-04-17 11:42:09 +00:00
location /.well-known/acme-challenge {
2019-04-23 07:44:02 +00:00
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-certbot:8080";
proxy_pass http://$backend;
2019-04-23 07:44:02 +00:00
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
2019-04-23 07:44:02 +00:00
{% endif %}
}
location / {
return 301 https://$http_host$request_uri;
}
}
server {
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
server_name {{ matrix_nginx_proxy_base_domain_hostname }};
server_tokens off;
root /nginx-data/matrix-domain;
gzip on;
gzip_types text/plain application/json;
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/fullchain.pem;
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/privkey.pem;
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location /.well-known/matrix {
root {{ matrix_static_files_base_path }};
{#
A somewhat long expires value is used to prevent outages
in case this is unreachable due to network failure.
#}
expires 4h;
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
}