diff --git a/nginx/README.md b/nginx/README.md index 62185a5e..c6128468 100644 --- a/nginx/README.md +++ b/nginx/README.md @@ -43,6 +43,53 @@ However, `.well-known/matrix/client` has to be available via http and https, so that should *NOT* be redirected to https. Some clients don't understand the redirect and will therefore not find the server if you redirect everything. +Under the `server_name` (the "domain name", the part after the username) you +will need a configuration like this: + +``` +server { + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/letsencrypt/live/matrixdev.procolix.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/matrixdev.procolix.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/ssl/dhparams.pem; + + server_name matrixdev.procolix.com; + + location /.well-known/matrix/client { + return 200 '{ + "m.homeserver": {"base_url": "https://vm02199.procolix.com"}, + "org.matrix.msc3575.proxy": {"url": "https://vm02199.procolix.com"} + }'; + default_type application/json; + } + + location /.well-known/matrix/server { + return 200 '{"m.server": "vm02199.procolix.com"}'; + default_type application/json; + } + + location / { + if ($scheme = http) { + return 301 https://$host$request_uri; + } + } + + access_log /var/log/nginx/matrixdev-access.log; + error_log /var/log/nginx/matrixdev-error.log; +} +``` + +This defines a server that listens on both http and https. It hands out two +.well-known entries over both http and https, and every other request over +http is forwarded to https. + +Be sure to substitute the correct values for `server_name`, `base_url` and the +certificate files. # Firewall