forked from Fediversity/Fediversity
Cleaned up nginx configuration.
This commit is contained in:
parent
65e551b74b
commit
8d500aac00
|
@ -42,18 +42,14 @@ it's something like this:
|
||||||
```
|
```
|
||||||
"default_server_config": {
|
"default_server_config": {
|
||||||
"m.homeserver": {
|
"m.homeserver": {
|
||||||
"base_url": "https://vm02199.example.com",
|
"base_url": "https://matrix.example.com",
|
||||||
"server_name": "example.com"
|
"server_name": "example.com"
|
||||||
},
|
}
|
||||||
"org.matrix.msc3575.proxy": {
|
|
||||||
"url": "https://vm02199.example.com"
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
```
|
```
|
||||||
|
|
||||||
Of course, substitute the correct domain and server name. The `msc3575.proxy`
|
Of course, substitute the correct domain and server name.
|
||||||
is for SSS and may not be necessary. But it won't hurt, so let's just put it
|
|
||||||
there.
|
|
||||||
|
|
||||||
# Browser notes {#browsernotes}
|
# Browser notes {#browsernotes}
|
||||||
|
|
||||||
|
|
|
@ -25,10 +25,17 @@ easy:
|
||||||
apt install nginx python3-certbot-nginx
|
apt install nginx python3-certbot-nginx
|
||||||
```
|
```
|
||||||
|
|
||||||
Get your certificate:
|
Get your certificate for the base domain (which is probably not the machine on which
|
||||||
|
we're going to run Synapse):
|
||||||
|
|
||||||
```
|
```
|
||||||
certbot certonly --nginx --agree-tos -m system@example.com --non-interactive -d matrixdev.example.com
|
certbot certonly --nginx --agree-tos -m system@example.com --non-interactive -d example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
Get one for the machine on which we are going to run Synapse too:
|
||||||
|
|
||||||
|
```
|
||||||
|
certbot certonly --nginx --agree-tos -m system@example.com --non-interactive -d matrix.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
Substitute the correct e-mailaddress and FQDN, or course.
|
Substitute the correct e-mailaddress and FQDN, or course.
|
||||||
|
@ -53,22 +60,22 @@ server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/matrixdev.example.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/matrixdev.example.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/ssl/dhparams.pem;
|
ssl_dhparam /etc/ssl/dhparams.pem;
|
||||||
|
|
||||||
server_name matrixdev.example.com;
|
server_name example.com;
|
||||||
|
|
||||||
location /.well-known/matrix/client {
|
location /.well-known/matrix/client {
|
||||||
return 200 '{
|
return 200 '{
|
||||||
"m.homeserver": {"base_url": "https://vm02199.examples.com"},
|
"m.homeserver": {"base_url": "https://matrix.examples.com"},
|
||||||
}';
|
}';
|
||||||
default_type application/json;
|
default_type application/json;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /.well-known/matrix/server {
|
location /.well-known/matrix/server {
|
||||||
return 200 '{"m.server": "vm02199.examples.com"}';
|
return 200 '{"m.server": "matrix.examples.com"}';
|
||||||
default_type application/json;
|
default_type application/json;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -78,8 +85,8 @@ server {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
access_log /var/log/nginx/matrixdev-access.log;
|
access_log /var/log/nginx/example_com-access.log;
|
||||||
error_log /var/log/nginx/matrixdev-error.log;
|
error_log /var/log/nginx/example_com-error.log;
|
||||||
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
@ -91,9 +98,6 @@ http is forwarded to https.
|
||||||
Be sure to substitute the correct values for `server_name`, `base_url` and the
|
Be sure to substitute the correct values for `server_name`, `base_url` and the
|
||||||
certificate files.
|
certificate files.
|
||||||
|
|
||||||
The three `add_header` lines are absolutely necessary, but probably need some
|
|
||||||
tweaking. This is a TODO for this page.
|
|
||||||
|
|
||||||
For the actual proxy in front of Synapse, this is what you need:
|
For the actual proxy in front of Synapse, this is what you need:
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -105,12 +109,12 @@ server {
|
||||||
listen 8448 ssl default_server;
|
listen 8448 ssl default_server;
|
||||||
listen [::]:8448 ssl default_server;
|
listen [::]:8448 ssl default_server;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/vm02199.procolix.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/matrix.procolix.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/vm02199.procolix.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/matrix.procolix.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/ssl/dhparams.pem;
|
ssl_dhparam /etc/ssl/dhparams.pem;
|
||||||
|
|
||||||
server_name vm02199.procolix.com;
|
server_name matrix.procolix.com;
|
||||||
|
|
||||||
location ~ ^(/_matrix|/_synapse/client) {
|
location ~ ^(/_matrix|/_synapse/client) {
|
||||||
proxy_pass http://localhost:8008;
|
proxy_pass http://localhost:8008;
|
||||||
|
|
Loading…
Reference in a new issue