Added nginx configuration for Element Web.

2025-01-08 19:31:34 +01:00 · 2025-01-08 19:31:34 +01:00 · 94e11a362a
parent 4f7b1b5468
commit 94e11a362a
2 changed files with 54 additions and 6 deletions
--- a/matrix/nginx/README.md
+++ b/matrix/nginx/README.md
@ -167,6 +167,54 @@ This is a very, very basic configuration; just enough to give us a working
 service. See this [complete example](revproxy.conf) which also includes
 [Draupnir](../draupnir) and a protected admin endpoint.

+# Element Web
+
+You can host the webclient on a different machine, but we'll run it on the
+same one in this documentation. You do need a different FQDN however, you
+can't host it under the same name as Synapse, such as:
+```
+https://matrix.example.com/element-web
+```
+So you'll need to create an entry in DNS and get a TLS-certificate for it (as
+mentioned in the [checklist](../checklist.md)).
+
+Other than that, configuration is quite simple. We'll listen on both http and
+https, and redirect http to https:
+
+```
+server {
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    
+    ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/ssl/dhparams.pem;
+    
+    server_name element.example.com;
+    
+    location / {
+        if ($scheme = http) {
+            return 301 https://$host$request_uri;
+        }
+        add_header X-Frame-Options SAMEORIGIN;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+        add_header Content-Security-Policy "frame-ancestors 'self'";
+    }
+    
+    root /usr/share/element-web;
+    index index.html;
+    
+    access_log /var/log/nginx/elementweb-access.log;
+    error_log /var/log/nginx/elementweb-error.log;
+}
+```
+
+This assumes Element Web is installed under `/usr/share/element-web`, as done
+by the Debian package provided by Element.io.

 # Synapse-admin {#synapse-admin}

--- a/matrix/nginx/conf/elementweb.conf
+++ b/matrix/nginx/conf/elementweb.conf
@ -1,8 +1,8 @@
 server {
    listen 80;
    listen [::]:80;
-    listen 443 ssl;
-    listen [::]:443 ssl;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
    
    ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
@ -14,7 +14,7 @@ server {
    location / {
        if ($scheme = http) {
            return 301 https://$host$request_uri;
-    	}
+        }
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff; 
        add_header X-XSS-Protection "1; mode=block";
@ -24,6 +24,6 @@ server {
    root /usr/share/element-web;
    index index.html;
    
-    access_log /var/log/nginx/element-access.log;
-    error_log /var/log/nginx/element-error.log;
+    access_log /var/log/nginx/elementweb-access.log;
+    error_log /var/log/nginx/elementweb-error.log;
 }