forked from Fediversity/Fediversity
Added nginx configuration for Element Web.
This commit is contained in:
parent
4f7b1b5468
commit
94e11a362a
|
@ -167,6 +167,54 @@ This is a very, very basic configuration; just enough to give us a working
|
||||||
service. See this [complete example](revproxy.conf) which also includes
|
service. See this [complete example](revproxy.conf) which also includes
|
||||||
[Draupnir](../draupnir) and a protected admin endpoint.
|
[Draupnir](../draupnir) and a protected admin endpoint.
|
||||||
|
|
||||||
|
# Element Web
|
||||||
|
|
||||||
|
You can host the webclient on a different machine, but we'll run it on the
|
||||||
|
same one in this documentation. You do need a different FQDN however, you
|
||||||
|
can't host it under the same name as Synapse, such as:
|
||||||
|
```
|
||||||
|
https://matrix.example.com/element-web
|
||||||
|
```
|
||||||
|
So you'll need to create an entry in DNS and get a TLS-certificate for it (as
|
||||||
|
mentioned in the [checklist](../checklist.md)).
|
||||||
|
|
||||||
|
Other than that, configuration is quite simple. We'll listen on both http and
|
||||||
|
https, and redirect http to https:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
ssl_dhparam /etc/ssl/dhparams.pem;
|
||||||
|
|
||||||
|
server_name element.example.com;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
if ($scheme = http) {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||||
|
}
|
||||||
|
|
||||||
|
root /usr/share/element-web;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/elementweb-access.log;
|
||||||
|
error_log /var/log/nginx/elementweb-error.log;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
This assumes Element Web is installed under `/usr/share/element-web`, as done
|
||||||
|
by the Debian package provided by Element.io.
|
||||||
|
|
||||||
# Synapse-admin {#synapse-admin}
|
# Synapse-admin {#synapse-admin}
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
listen 443 ssl;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
|
||||||
|
@ -14,7 +14,7 @@ server {
|
||||||
location / {
|
location / {
|
||||||
if ($scheme = http) {
|
if ($scheme = http) {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
add_header X-Frame-Options SAMEORIGIN;
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
@ -24,6 +24,6 @@ server {
|
||||||
root /usr/share/element-web;
|
root /usr/share/element-web;
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
access_log /var/log/nginx/element-access.log;
|
access_log /var/log/nginx/elementweb-access.log;
|
||||||
error_log /var/log/nginx/element-error.log;
|
error_log /var/log/nginx/elementweb-error.log;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue