Basic reverse proxy (nginx) documentation added.
This commit is contained in:
parent
417acb59b4
commit
f2c9761bb9
GPG key ID:
43DBCC37BFDEFD72
41
nginx/README.md
Normal file
41
nginx/README.md
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
gitea: none
|
||||||
|
include_toc: true
|
||||||
|
---
|
||||||
|
|
||||||
|
# Reverse proxy with nginx
|
||||||
|
|
||||||
|
Clients connecting from the Internet to our Matrix environment will usually
|
||||||
|
use SSL/TLS to encrypt whatever they want to send. This is one thing that
|
||||||
|
nginx does better than Synapse.
|
||||||
|
|
||||||
|
Furthermore, granting or denying access to specific endpoints is much easier
|
||||||
|
in nginx.
|
||||||
|
|
||||||
|
Synapse listens only on localhost, so nginx has to pass connections on from
|
||||||
|
the wild west that is the Internet to our server listening on the inside.
|
||||||
|
|
||||||
|
|
||||||
|
# Installing
|
||||||
|
|
||||||
|
Installing nginx and the [Let's Encrypt](https://letsencrypt.org/) plugin is
|
||||||
|
easy:
|
||||||
|
|
||||||
|
```
|
||||||
|
apt install nginx python3-certbot-nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
# Configuration
|
||||||
|
|
||||||
|
Almost all traffic should be encrypted, so a redirect from http to https seems
|
||||||
|
like a good idea.
|
||||||
|
|
||||||
|
However, `.well-known/matrix/client` has to be available via http and https,
|
||||||
|
so that should *NOT* be redirected to https. Some clients don't understand the
|
||||||
|
redirect and will therefore not find the server if you redirect everything.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Firewall
|
||||||
|
|
||||||
|
For normal use, at least ports 80 and 443 must be openend, see [Firewall](../firewall).
|
||||||
Reference in a new issue