diff --git a/matrix/nginx/call.conf b/matrix/nginx/call.conf index 1fdc36c..7f542d4 100644 --- a/matrix/nginx/call.conf +++ b/matrix/nginx/call.conf @@ -1,34 +1,34 @@ server { - listen 443 ssl; - listen [::]:443 ssl; - - ssl_certificate /etc/letsencrypt/live/call.example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/call.example.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/ssl/dhparams.pem; - - server_name call.example.com; - - root /var/www/element-call; - - location /assets { - add_header Cache-Control "public, immutable, max-age=31536000"; - } - - location /apple-app-site-association { - default_type application/json; - } - - location /^config.json$ { - alias public/config.json; - default_type application/json; - } - - location / { - try_files $uri /$uri /index.html; - add_header Cache-Control "public, max-age=30, stale-while-revalidate=30"; - } - - access_log /var/log/nginx/call-access.log; - error_log /var/log/nginx/call-error.log; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/letsencrypt/live/call.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/call.example.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/ssl/dhparams.pem; + + server_name call.example.com; + + root /var/www/element-call; + + location /assets { + add_header Cache-Control "public, immutable, max-age=31536000"; + } + + location /apple-app-site-association { + default_type application/json; + } + + location /^config.json$ { + alias public/config.json; + default_type application/json; + } + + location / { + try_files $uri /$uri /index.html; + add_header Cache-Control "public, max-age=30, stale-while-revalidate=30"; + } + + access_log /var/log/nginx/call-access.log; + error_log /var/log/nginx/call-error.log; } diff --git a/matrix/nginx/elementweb.conf b/matrix/nginx/elementweb.conf index dded994..79181e3 100644 --- a/matrix/nginx/elementweb.conf +++ b/matrix/nginx/elementweb.conf @@ -1,29 +1,29 @@ server { - listen 80; - listen [::]:80; - listen 443 ssl; - listen [::]:443 ssl; - - ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/ssl/dhparams.pem; - - server_name element.example.com; - - location / { - if ($scheme = http) { - return 301 https://$host$request_uri; - } - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header Content-Security-Policy "frame-ancestors 'self'"; - } - - root /usr/share/element-web; - index index.html; - - access_log /var/log/nginx/element-access.log; - error_log /var/log/nginx/element-error.log; + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/ssl/dhparams.pem; + + server_name element.example.com; + + location / { + if ($scheme = http) { + return 301 https://$host$request_uri; + } + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Content-Security-Policy "frame-ancestors 'self'"; + } + + root /usr/share/element-web; + index index.html; + + access_log /var/log/nginx/element-access.log; + error_log /var/log/nginx/element-error.log; } diff --git a/matrix/nginx/livekit.conf b/matrix/nginx/livekit.conf index 679e3c4..33a9691 100644 --- a/matrix/nginx/livekit.conf +++ b/matrix/nginx/livekit.conf @@ -1,37 +1,37 @@ server { - listen 443 ssl; - listen [::]:443 ssl; - - ssl_certificate /etc/letsencrypt/live/livekit.example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/livekit.example.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/ssl/dhparams.pem; - - server_name livekit.example.com; - - # This is lk-jwt-service - location ~ ^(/sfu/get|/healthz) { - proxy_pass http://[::1]:8080; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location / { - proxy_pass http://[::1]:7880; - proxy_set_header Connection "upgrade"; - proxy_set_header Upgrade $http_upgrade; - #add_header Access-Control-Allow-Origin "*" always; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - access_log /var/log/nginx/livekit-access.log; - error_log /var/log/nginx/livekit-error.log; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/letsencrypt/live/livekit.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/livekit.example.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/ssl/dhparams.pem; + + server_name livekit.example.com; + + # This is lk-jwt-service + location ~ ^(/sfu/get|/healthz) { + proxy_pass http://[::1]:8080; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location / { + proxy_pass http://[::1]:7880; + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + #add_header Access-Control-Allow-Origin "*" always; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + access_log /var/log/nginx/livekit-access.log; + error_log /var/log/nginx/livekit-error.log; } diff --git a/matrix/nginx/proxy.conf b/matrix/nginx/proxy.conf index 0bf5a9c..a48e13e 100644 --- a/matrix/nginx/proxy.conf +++ b/matrix/nginx/proxy.conf @@ -1,45 +1,45 @@ server { - listen 80; - listen [::]:80; - listen 443 ssl; - listen [::]:443 ssl; - - ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/ssl/dhparams.pem; - - server_name example.com; - - location /.well-known/matrix/client { - return 200 '{ - "m.homeserver": {"base_url": "https://vm02199.example.com"}, - "org.matrix.msc3575.proxy": {"url": "https://vm02199.example.com"}, - "org.matrix.msc4143.rtc_foci":[ - {"type": "livekit", - "livekit_service_url": "https://livekit.example.com"} - ] - }'; - default_type application/json; - add_header 'Access-Control-Allow-Origin' '*'; + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/ssl/dhparams.pem; + + server_name example.com; + + location /.well-known/matrix/client { + return 200 '{ + "m.homeserver": {"base_url": "https://vm02199.example.com"}, + "org.matrix.msc3575.proxy": {"url": "https://vm02199.example.com"}, + "org.matrix.msc4143.rtc_foci":[ + {"type": "livekit", + "livekit_service_url": "https://livekit.example.com"} + ] + }'; + default_type application/json; + add_header 'Access-Control-Allow-Origin' '*'; + } + + location /.well-known/matrix/server { + return 200 '{"m.server": "vm02199.example.com"}'; + default_type application/json; + } + + location /.well-known/element/element.json { + return 200 '{"call": {"widget_url": "https://call.example.com"}}'; + default_type application/json; + } + + location / { + if ($scheme = http) { + return 301 https://$host$request_uri; } - - location /.well-known/matrix/server { - return 200 '{"m.server": "vm02199.example.com"}'; - default_type application/json; - } - - location /.well-known/element/element.json { - return 200 '{"call": {"widget_url": "https://call.example.com"}}'; - default_type application/json; - } - - location / { - if ($scheme = http) { - return 301 https://$host$request_uri; - } - } - - access_log /var/log/nginx/example-access.log; - error_log /var/log/nginx/example-error.log; + } + + access_log /var/log/nginx/example-access.log; + error_log /var/log/nginx/example-error.log; } diff --git a/matrix/nginx/synapse-admin.conf b/matrix/nginx/synapse-admin.conf index 31254f5..2005841 100644 --- a/matrix/nginx/synapse-admin.conf +++ b/matrix/nginx/synapse-admin.conf @@ -1,16 +1,16 @@ server { - listen 443 ssl; - listen [::]:443 ssl; - - ssl_certificate /etc/letsencrypt/live/admin.example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/ssl/dhparams.pem; - - server_name admin.example.com; - - root /var/www/synapse-admin; - - access_log /var/log/nginx/admin-access.log; - error_log /var/log/nginx/admin-error.log; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/letsencrypt/live/admin.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/ssl/dhparams.pem; + + server_name admin.example.com; + + root /var/www/synapse-admin; + + access_log /var/log/nginx/admin-access.log; + error_log /var/log/nginx/admin-error.log; }