Cleaned up stuff that isn't necessary.

This commit is contained in:
Hans van Zijst 2024-12-02 17:55:49 +01:00
parent f2da1e8ed1
commit 017e368035
Signed by: hans
GPG key ID: 43DBCC37BFDEFD72
3 changed files with 63 additions and 13 deletions

View file

@ -28,7 +28,7 @@ apt install nginx python3-certbot-nginx
Get your certificate: Get your certificate:
``` ```
certbot certonly --nginx --agree-tos -m systeemmail@procolix.com --non-interactive -d matrixdev.procolix.com certbot certonly --nginx --agree-tos -m system@example.com --non-interactive -d matrixdev.example.com
``` ```
Substitute the correct e-mailaddress and FQDN, or course. Substitute the correct e-mailaddress and FQDN, or course.
@ -53,27 +53,22 @@ server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/matrixdev.procolix.com/fullchain.pem; ssl_certificate /etc/letsencrypt/live/matrixdev.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrixdev.procolix.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/matrixdev.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem; ssl_dhparam /etc/ssl/dhparams.pem;
server_name matrixdev.procolix.com; server_name matrixdev.example.com;
location /.well-known/matrix/client { location /.well-known/matrix/client {
return 200 '{ return 200 '{
"m.homeserver": {"base_url": "https://vm02199.procolix.com"}, "m.homeserver": {"base_url": "https://vm02199.examples.com"},
"org.matrix.msc3575.proxy": {"url": "https://vm02199.procolix.com"}
}'; }';
default_type application/json; default_type application/json;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Content-Type, Authorization';
} }
location /.well-known/matrix/server { location /.well-known/matrix/server {
return 200 '{"m.server": "vm02199.procolix.com"}'; return 200 '{"m.server": "vm02199.examples.com"}';
default_type application/json; default_type application/json;
} }

View file

@ -29,6 +29,22 @@ server {
default_type application/json; default_type application/json;
} }
location /.well-known/matrix/support {
return 200 '{ "contacts":
[
{ "email_address": "admin@example.com",
"matrix_id": "@admin:example.com",
"role": "m.role.admin" },
{ "email_address": "security@example.com",
"matrix_id": "@john:example.com",
"role": "m.role.security" }
],
"support_page": "https://www.example.com/matrix-support"
}';
default_type application/json;
}
location /.well-known/element/element.json { location /.well-known/element/element.json {
return 200 '{"call": {"widget_url": "https://call.example.com"}}'; return 200 '{"call": {"widget_url": "https://call.example.com"}}';
default_type application/json; default_type application/json;

View file

@ -13,11 +13,50 @@ server {
server_name vm02199.example.com; server_name vm02199.example.com;
# Abuse reports get forwarded to Draupnir, listening on port 8082
location ~ ^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$ {
# The r0 endpoint is deprecated but still used by many clients.
# As of this writing, the v3 endpoint is the up-to-date version.
# Alias the regexps, to ensure that they're not rewritten.
set $room_id $2;
set $event_id $3;
proxy_pass http://[::1]:8082/api/1/report/$room_id/$event_id;
}
# Reports that need to reach Synapse (not sure...)
location /_synapse/admin/v1/event_reports {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 50M;
proxy_http_version 1.1;
}
location ~ ^/_synapse/admin/v1/rooms/[^/]*/context/(.*)$ {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 50M;
proxy_http_version 1.1;
}
# If you want the server version to be public:
location ~ ^/_synapse/admin/v1/server_version$ {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 50M;
proxy_http_version 1.1;
}
# The rest of the admin endpoint shouldn't be public
location ~ ^/_synapse/admin { location ~ ^/_synapse/admin {
allow 127.0.0.1; allow 127.0.0.1;
allow ::1; allow ::1;
allow 111.222.111.222; allow 111.222.111.222;
allow dead:beef::/64; allow dead:beef::/48;
deny all; deny all;
proxy_pass http://localhost:8008; proxy_pass http://localhost:8008;
@ -39,5 +78,5 @@ server {
access_log /var/log/nginx/vm02199-access.log; access_log /var/log/nginx/vm02199-access.log;
error_log /var/log/nginx/vm02199-error.log; error_log /var/log/nginx/vm02199-error.log;
} }