Cleaned up nginx configuration.

matrix/element-web/README.md

@@ -42,18 +42,14 @@ it's something like this:
 ```
 "default_server_config": {
     "m.homeserver": {
-        "base_url": "https://vm02199.example.com",
+        "base_url": "https://matrix.example.com",
         "server_name": "example.com"
-    },
-    "org.matrix.msc3575.proxy": {
-        "url": "https://vm02199.example.com"
-    },
+    }
 },
 ```
 
-Of course, substitute the correct domain and server name. The `msc3575.proxy`
-is for SSS and may not be necessary. But it won't hurt, so let's just put it
-there.
+Of course, substitute the correct domain and server name.
+
 
 # Browser notes {#browsernotes}
 

matrix/nginx/README.md

@@ -25,10 +25,17 @@ easy:
 apt install nginx python3-certbot-nginx
 ```
 
-Get your certificate:
+Get your certificate for the base domain (which is probably not the machine on which
+we're going to run Synapse):
 
 ```
-certbot certonly --nginx --agree-tos -m system@example.com --non-interactive -d matrixdev.example.com
+certbot certonly --nginx --agree-tos -m system@example.com --non-interactive -d example.com
+```
+
+Get one for the machine on which we are going to run Synapse too:
+
+```
+certbot certonly --nginx --agree-tos -m system@example.com --non-interactive -d matrix.example.com
 ```
 
 Substitute the correct e-mailaddress and FQDN, or course.
@@ -53,22 +60,22 @@ server {
     listen 443 ssl;
     listen [::]:443 ssl;
 
-    ssl_certificate /etc/letsencrypt/live/matrixdev.example.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/matrixdev.example.com/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf;
     ssl_dhparam /etc/ssl/dhparams.pem;
 
-    server_name matrixdev.example.com;
+    server_name example.com;
 
     location /.well-known/matrix/client {
        return 200 '{
-          "m.homeserver": {"base_url": "https://vm02199.examples.com"},
+          "m.homeserver": {"base_url": "https://matrix.examples.com"},
        }';
        default_type application/json;
     }
 
     location /.well-known/matrix/server {
-       return 200 '{"m.server": "vm02199.examples.com"}';
+       return 200 '{"m.server": "matrix.examples.com"}';
        default_type application/json;
     }
 
@@ -78,8 +85,8 @@ server {
       }
     }
 
-    access_log /var/log/nginx/matrixdev-access.log;
-    error_log /var/log/nginx/matrixdev-error.log;
+    access_log /var/log/nginx/example_com-access.log;
+    error_log /var/log/nginx/example_com-error.log;
 
 }
 ```
@@ -91,9 +98,6 @@ http is forwarded to https.
 Be sure to substitute the correct values for `server_name`, `base_url` and the
 certificate files.
 
-The three `add_header` lines are absolutely necessary, but probably need some
-tweaking. This is a TODO for this page.
-
 For the actual proxy in front of Synapse, this is what you need:
 
 ```
@@ -105,12 +109,12 @@ server {
 	listen 8448 ssl default_server;
 	listen [::]:8448 ssl default_server;
 
-	ssl_certificate /etc/letsencrypt/live/vm02199.procolix.com/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/vm02199.procolix.com/privkey.pem;
+	ssl_certificate /etc/letsencrypt/live/matrix.procolix.com/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/matrix.procolix.com/privkey.pem;
 	include /etc/letsencrypt/options-ssl-nginx.conf;
 	ssl_dhparam /etc/ssl/dhparams.pem;
 
-	server_name vm02199.procolix.com;
+	server_name matrix.procolix.com;
 
 	location ~ ^(/_matrix|/_synapse/client) {
 		proxy_pass http://localhost:8008;