forked from Fediversity/Fediversity
Cleaned up stuff that isn't necessary.
This commit is contained in:
parent
f2da1e8ed1
commit
017e368035
|
@ -28,7 +28,7 @@ apt install nginx python3-certbot-nginx
|
|||
Get your certificate:
|
||||
|
||||
```
|
||||
certbot certonly --nginx --agree-tos -m systeemmail@procolix.com --non-interactive -d matrixdev.procolix.com
|
||||
certbot certonly --nginx --agree-tos -m system@example.com --non-interactive -d matrixdev.example.com
|
||||
```
|
||||
|
||||
Substitute the correct e-mailaddress and FQDN, or course.
|
||||
|
@ -53,27 +53,22 @@ server {
|
|||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/matrixdev.procolix.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/matrixdev.procolix.com/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/matrixdev.example.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/matrixdev.example.com/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/ssl/dhparams.pem;
|
||||
|
||||
server_name matrixdev.procolix.com;
|
||||
server_name matrixdev.example.com;
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
return 200 '{
|
||||
"m.homeserver": {"base_url": "https://vm02199.procolix.com"},
|
||||
"org.matrix.msc3575.proxy": {"url": "https://vm02199.procolix.com"}
|
||||
"m.homeserver": {"base_url": "https://vm02199.examples.com"},
|
||||
}';
|
||||
default_type application/json;
|
||||
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Content-Type, Authorization';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{"m.server": "vm02199.procolix.com"}';
|
||||
return 200 '{"m.server": "vm02199.examples.com"}';
|
||||
default_type application/json;
|
||||
}
|
||||
|
||||
|
|
|
@ -28,6 +28,22 @@ server {
|
|||
return 200 '{"m.server": "vm02199.example.com"}';
|
||||
default_type application/json;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/support {
|
||||
return 200 '{ "contacts":
|
||||
[
|
||||
{ "email_address": "admin@example.com",
|
||||
"matrix_id": "@admin:example.com",
|
||||
"role": "m.role.admin" },
|
||||
{ "email_address": "security@example.com",
|
||||
"matrix_id": "@john:example.com",
|
||||
"role": "m.role.security" }
|
||||
],
|
||||
"support_page": "https://www.example.com/matrix-support"
|
||||
}';
|
||||
default_type application/json;
|
||||
}
|
||||
|
||||
|
||||
location /.well-known/element/element.json {
|
||||
return 200 '{"call": {"widget_url": "https://call.example.com"}}';
|
||||
|
|
|
@ -13,11 +13,50 @@ server {
|
|||
|
||||
server_name vm02199.example.com;
|
||||
|
||||
# Abuse reports get forwarded to Draupnir, listening on port 8082
|
||||
location ~ ^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$ {
|
||||
# The r0 endpoint is deprecated but still used by many clients.
|
||||
# As of this writing, the v3 endpoint is the up-to-date version.
|
||||
|
||||
# Alias the regexps, to ensure that they're not rewritten.
|
||||
set $room_id $2;
|
||||
set $event_id $3;
|
||||
proxy_pass http://[::1]:8082/api/1/report/$room_id/$event_id;
|
||||
}
|
||||
|
||||
# Reports that need to reach Synapse (not sure...)
|
||||
location /_synapse/admin/v1/event_reports {
|
||||
proxy_pass http://localhost:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
client_max_body_size 50M;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
location ~ ^/_synapse/admin/v1/rooms/[^/]*/context/(.*)$ {
|
||||
proxy_pass http://localhost:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
client_max_body_size 50M;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
# If you want the server version to be public:
|
||||
location ~ ^/_synapse/admin/v1/server_version$ {
|
||||
proxy_pass http://localhost:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
client_max_body_size 50M;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
# The rest of the admin endpoint shouldn't be public
|
||||
location ~ ^/_synapse/admin {
|
||||
allow 127.0.0.1;
|
||||
allow ::1;
|
||||
allow 111.222.111.222;
|
||||
allow dead:beef::/64;
|
||||
allow dead:beef::/48;
|
||||
deny all;
|
||||
|
||||
proxy_pass http://localhost:8008;
|
||||
|
@ -39,5 +78,5 @@ server {
|
|||
|
||||
access_log /var/log/nginx/vm02199-access.log;
|
||||
error_log /var/log/nginx/vm02199-error.log;
|
||||
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue