forked from fediversity/fediversity
Cleaned up example configs for nginx.
This commit is contained in:
Hans van Zijst
parent
8d34516c93
commit
438682dabf
1 changed files with 92 additions and 70 deletions
|
|
@ -143,19 +143,17 @@ server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
ssl_certificate
|
ssl_certificate /etc/letsencrypt/live/admin.example.com/fullchain.pem;
|
||||||
/etc/letsencrypt/live/admin.example.procolix.com/fullchain.pem;
|
ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem;
|
||||||
ssl_certificate_key
|
|
||||||
/etc/letsencrypt/live/admin.example.procolix.com/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/ssl/dhparams.pem;
|
ssl_dhparam /etc/ssl/dhparams.pem;
|
||||||
|
|
||||||
server_name admin.example.procolix.com;
|
server_name admin.example.com;
|
||||||
|
|
||||||
root /var/www/synapse-admin;
|
root /var/www/synapse-admin;
|
||||||
|
|
||||||
access_log /var/log/nginx/admin-example-access.log;
|
access_log /var/log/nginx/admin-access.log;
|
||||||
error_log /var/log/nginx/admin-example-error.log;
|
error_log /var/log/nginx/admin-error.log;
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
@ -172,10 +170,8 @@ In `/etc/nginx/sites-available/synapse` you want to add this bit:
|
||||||
location ~ ^/_synapse/admin {
|
location ~ ^/_synapse/admin {
|
||||||
allow 127.0.0.1;
|
allow 127.0.0.1;
|
||||||
allow ::1;
|
allow ::1;
|
||||||
allow 185.206.232.60; # this host
|
allow 111.222.111.222;
|
||||||
allow 2a00:51c0:12:1201::2a; # this host
|
allow dead:beef::/64;
|
||||||
allow 45.142.234.216; # kantoor
|
|
||||||
allow 2a10:3781:2bc3::/64; # kantoor
|
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://localhost:8008;
|
proxy_pass http://localhost:8008;
|
||||||
|
|
@ -203,12 +199,12 @@ server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/livekit.matrixdev.example.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/livekit.example.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/livekit.matrixdev.example.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/livekit.example.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/ssl/dhparams.pem;
|
ssl_dhparam /etc/ssl/dhparams.pem;
|
||||||
|
|
||||||
server_name livekit.matrixdev.example.com;
|
server_name livekit.example.com;
|
||||||
|
|
||||||
# This is lk-jwt-service
|
# This is lk-jwt-service
|
||||||
location ~ ^(/sfu/get|/healthz) {
|
location ~ ^(/sfu/get|/healthz) {
|
||||||
|
|
@ -220,10 +216,22 @@ server {
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
access_log /var/log/nginx/livekit.matrixdev-access.log;
|
location / {
|
||||||
error_log /var/log/nginx/livekit.matrixdev-error.log;
|
proxy_pass http://[::1]:7880;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
#add_header Access-Control-Allow-Origin "*" always;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
access_log /var/log/nginx/livekit-access.log;
|
||||||
|
error_log /var/log/nginx/livekit-error.log;
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -237,18 +245,32 @@ server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
ssl_certificate
|
ssl_certificate /etc/letsencrypt/live/call.example.com/fullchain.pem;
|
||||||
/etc/letsencrypt/live/call.matrixdev.example.com/fullchain.pem;
|
ssl_certificate_key /etc/letsencrypt/live/call.example.com/privkey.pem;
|
||||||
ssl_certificate_key
|
|
||||||
/etc/letsencrypt/live/call.matrixdev.example.com/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
ssl_dhparam /etc/ssl/dhparams.pem;
|
ssl_dhparam /etc/ssl/dhparams.pem;
|
||||||
|
|
||||||
server_name call.matrixdev.example.com;
|
server_name call.example.com;
|
||||||
|
|
||||||
root /var/www/element-call;
|
root /var/www/element-call;
|
||||||
try_files $uri /$uri /index.html;
|
|
||||||
|
|
||||||
|
location /assets {
|
||||||
|
add_header Cache-Control "public, immutable, max-age=31536000";
|
||||||
|
}
|
||||||
|
|
||||||
|
location /apple-app-site-association {
|
||||||
|
default_type application/json;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /^config.json$ {
|
||||||
|
alias public/config.json;
|
||||||
|
default_type application/json;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri /$uri /index.html;
|
||||||
|
add_header Cache-Control "public, max-age=30, stale-while-revalidate=30";
|
||||||
|
}
|
||||||
|
|
||||||
access_log /var/log/nginx/call-access.log;
|
access_log /var/log/nginx/call-access.log;
|
||||||
error_log /var/log/nginx/call-error.log;
|
error_log /var/log/nginx/call-error.log;
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue