Added nginx configuration for Element Web.

This commit is contained in:
Hans van Zijst 2025-01-08 19:31:34 +01:00
parent 4f7b1b5468
commit 94e11a362a
Signed by: hans
GPG key ID: 43DBCC37BFDEFD72
2 changed files with 54 additions and 6 deletions

View file

@ -167,6 +167,54 @@ This is a very, very basic configuration; just enough to give us a working
service. See this [complete example](revproxy.conf) which also includes service. See this [complete example](revproxy.conf) which also includes
[Draupnir](../draupnir) and a protected admin endpoint. [Draupnir](../draupnir) and a protected admin endpoint.
# Element Web
You can host the webclient on a different machine, but we'll run it on the
same one in this documentation. You do need a different FQDN however, you
can't host it under the same name as Synapse, such as:
```
https://matrix.example.com/element-web
```
So you'll need to create an entry in DNS and get a TLS-certificate for it (as
mentioned in the [checklist](../checklist.md)).
Other than that, configuration is quite simple. We'll listen on both http and
https, and redirect http to https:
```
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name element.example.com;
location / {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'self'";
}
root /usr/share/element-web;
index index.html;
access_log /var/log/nginx/elementweb-access.log;
error_log /var/log/nginx/elementweb-error.log;
}
```
This assumes Element Web is installed under `/usr/share/element-web`, as done
by the Debian package provided by Element.io.
# Synapse-admin {#synapse-admin} # Synapse-admin {#synapse-admin}

View file

@ -1,8 +1,8 @@
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem; ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
@ -14,7 +14,7 @@ server {
location / { location / {
if ($scheme = http) { if ($scheme = http) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
@ -24,6 +24,6 @@ server {
root /usr/share/element-web; root /usr/share/element-web;
index index.html; index index.html;
access_log /var/log/nginx/element-access.log; access_log /var/log/nginx/elementweb-access.log;
error_log /var/log/nginx/element-error.log; error_log /var/log/nginx/elementweb-error.log;
} }