Basic reverse proxy (nginx) documentation added.

This commit is contained in:
Hans van Zijst 2024-11-04 18:13:40 +01:00
parent 417acb59b4
commit f2c9761bb9
Signed by: hans
GPG key ID: 43DBCC37BFDEFD72

41
nginx/README.md Normal file
View file

@ -0,0 +1,41 @@
---
gitea: none
include_toc: true
---
# Reverse proxy with nginx
Clients connecting from the Internet to our Matrix environment will usually
use SSL/TLS to encrypt whatever they want to send. This is one thing that
nginx does better than Synapse.
Furthermore, granting or denying access to specific endpoints is much easier
in nginx.
Synapse listens only on localhost, so nginx has to pass connections on from
the wild west that is the Internet to our server listening on the inside.
# Installing
Installing nginx and the [Let's Encrypt](https://letsencrypt.org/) plugin is
easy:
```
apt install nginx python3-certbot-nginx
```
# Configuration
Almost all traffic should be encrypted, so a redirect from http to https seems
like a good idea.
However, `.well-known/matrix/client` has to be available via http and https,
so that should *NOT* be redirected to https. Some clients don't understand the
redirect and will therefore not find the server if you redirect everything.
# Firewall
For normal use, at least ports 80 and 443 must be openend, see [Firewall](../firewall).