forked from Fediversity/Fediversity
Cleaned up stuff that isn't necessary.
This commit is contained in:
parent
f2da1e8ed1
commit
017e368035
|
@ -28,7 +28,7 @@ apt install nginx python3-certbot-nginx
|
||||||
Get your certificate:
|
Get your certificate:
|
||||||
|
|
||||||
```
|
```
|
||||||
certbot certonly --nginx --agree-tos -m systeemmail@procolix.com --non-interactive -d matrixdev.procolix.com
|
certbot certonly --nginx --agree-tos -m system@example.com --non-interactive -d matrixdev.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
Substitute the correct e-mailaddress and FQDN, or course.
|
Substitute the correct e-mailaddress and FQDN, or course.
|
||||||
|
@ -53,27 +53,22 @@ server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/matrixdev.procolix.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/matrixdev.example.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/matrixdev.procolix.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/matrixdev.example.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/ssl/dhparams.pem;
|
ssl_dhparam /etc/ssl/dhparams.pem;
|
||||||
|
|
||||||
server_name matrixdev.procolix.com;
|
server_name matrixdev.example.com;
|
||||||
|
|
||||||
location /.well-known/matrix/client {
|
location /.well-known/matrix/client {
|
||||||
return 200 '{
|
return 200 '{
|
||||||
"m.homeserver": {"base_url": "https://vm02199.procolix.com"},
|
"m.homeserver": {"base_url": "https://vm02199.examples.com"},
|
||||||
"org.matrix.msc3575.proxy": {"url": "https://vm02199.procolix.com"}
|
|
||||||
}';
|
}';
|
||||||
default_type application/json;
|
default_type application/json;
|
||||||
|
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
|
|
||||||
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Content-Type, Authorization';
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location /.well-known/matrix/server {
|
location /.well-known/matrix/server {
|
||||||
return 200 '{"m.server": "vm02199.procolix.com"}';
|
return 200 '{"m.server": "vm02199.examples.com"}';
|
||||||
default_type application/json;
|
default_type application/json;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,22 @@ server {
|
||||||
default_type application/json;
|
default_type application/json;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/support {
|
||||||
|
return 200 '{ "contacts":
|
||||||
|
[
|
||||||
|
{ "email_address": "admin@example.com",
|
||||||
|
"matrix_id": "@admin:example.com",
|
||||||
|
"role": "m.role.admin" },
|
||||||
|
{ "email_address": "security@example.com",
|
||||||
|
"matrix_id": "@john:example.com",
|
||||||
|
"role": "m.role.security" }
|
||||||
|
],
|
||||||
|
"support_page": "https://www.example.com/matrix-support"
|
||||||
|
}';
|
||||||
|
default_type application/json;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
location /.well-known/element/element.json {
|
location /.well-known/element/element.json {
|
||||||
return 200 '{"call": {"widget_url": "https://call.example.com"}}';
|
return 200 '{"call": {"widget_url": "https://call.example.com"}}';
|
||||||
default_type application/json;
|
default_type application/json;
|
||||||
|
|
|
@ -13,11 +13,50 @@ server {
|
||||||
|
|
||||||
server_name vm02199.example.com;
|
server_name vm02199.example.com;
|
||||||
|
|
||||||
|
# Abuse reports get forwarded to Draupnir, listening on port 8082
|
||||||
|
location ~ ^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$ {
|
||||||
|
# The r0 endpoint is deprecated but still used by many clients.
|
||||||
|
# As of this writing, the v3 endpoint is the up-to-date version.
|
||||||
|
|
||||||
|
# Alias the regexps, to ensure that they're not rewritten.
|
||||||
|
set $room_id $2;
|
||||||
|
set $event_id $3;
|
||||||
|
proxy_pass http://[::1]:8082/api/1/report/$room_id/$event_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Reports that need to reach Synapse (not sure...)
|
||||||
|
location /_synapse/admin/v1/event_reports {
|
||||||
|
proxy_pass http://localhost:8008;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
client_max_body_size 50M;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
}
|
||||||
|
location ~ ^/_synapse/admin/v1/rooms/[^/]*/context/(.*)$ {
|
||||||
|
proxy_pass http://localhost:8008;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
client_max_body_size 50M;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
}
|
||||||
|
# If you want the server version to be public:
|
||||||
|
location ~ ^/_synapse/admin/v1/server_version$ {
|
||||||
|
proxy_pass http://localhost:8008;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
client_max_body_size 50M;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
}
|
||||||
|
|
||||||
|
# The rest of the admin endpoint shouldn't be public
|
||||||
location ~ ^/_synapse/admin {
|
location ~ ^/_synapse/admin {
|
||||||
allow 127.0.0.1;
|
allow 127.0.0.1;
|
||||||
allow ::1;
|
allow ::1;
|
||||||
allow 111.222.111.222;
|
allow 111.222.111.222;
|
||||||
allow dead:beef::/64;
|
allow dead:beef::/48;
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://localhost:8008;
|
proxy_pass http://localhost:8008;
|
||||||
|
@ -39,5 +78,5 @@ server {
|
||||||
|
|
||||||
access_log /var/log/nginx/vm02199-access.log;
|
access_log /var/log/nginx/vm02199-access.log;
|
||||||
error_log /var/log/nginx/vm02199-error.log;
|
error_log /var/log/nginx/vm02199-error.log;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue