forked from fediversity/fediversity
		
	
		
			
				
	
	
		
			85 lines
		
	
	
	
		
			2.5 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			85 lines
		
	
	
	
		
			2.5 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| server {
 | |
| 	listen 443 ssl;
 | |
| 	listen [::]:443 ssl;
 | |
| 
 | |
| 	# For the federation port
 | |
| 	listen 8448 ssl;
 | |
| 	listen [::]:8448 ssl;
 | |
| 
 | |
| 	ssl_certificate /etc/letsencrypt/live/matrix.example.com/fullchain.pem;
 | |
| 	ssl_certificate_key /etc/letsencrypt/live/matrix.example.com/privkey.pem;
 | |
| 	include /etc/letsencrypt/options-ssl-nginx.conf;
 | |
| 	ssl_dhparam /etc/ssl/dhparams.pem;
 | |
| 
 | |
| 	server_name matrix.example.com;
 | |
| 
 | |
| 	# Abuse reports get forwarded to Draupnir, listening on port 8082
 | |
| 	location ~ ^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$ {
 | |
| 		# The r0 endpoint is deprecated but still used by many clients.
 | |
| 		# As of this writing, the v3 endpoint is the up-to-date version.
 | |
| 
 | |
| 		# Alias the regexps, to ensure that they're not rewritten.
 | |
| 		set $room_id $2;
 | |
| 		set $event_id $3;
 | |
| 		proxy_pass http://[::1]:8082/api/1/report/$room_id/$event_id;
 | |
| 	}
 | |
| 
 | |
| 	# Reports that need to reach Synapse (not really sure if this is used)
 | |
| 	location /_synapse/admin/v1/event_reports {
 | |
| 		proxy_pass http://localhost:8008;
 | |
| 		proxy_set_header X-Forwarded-For $remote_addr;
 | |
| 		proxy_set_header X-Forwarded-Proto $scheme;
 | |
| 		proxy_set_header Host $host;
 | |
| 		client_max_body_size 50M;
 | |
| 		proxy_http_version 1.1;
 | |
| 	}
 | |
| 	location ~ ^/_synapse/admin/v1/rooms/([^/]*)/context/(.*)$ {
 | |
| 		set $room_id $2;
 | |
| 		set $event_id $3;
 | |
| 		proxy_pass http://localhost:8008/_synapse/admin/v1/rooms/$room_id/context/$event_id;
 | |
| 		proxy_set_header X-Forwarded-For $remote_addr;
 | |
| 		proxy_set_header X-Forwarded-Proto $scheme;
 | |
| 		proxy_set_header Host $host;
 | |
| 		client_max_body_size 50M;
 | |
| 		proxy_http_version 1.1;
 | |
| 	}
 | |
| 
 | |
| 	# If you want the server version to be public:
 | |
| 	location ~ ^/_synapse/admin/v1/server_version$ {
 | |
| 		proxy_pass http://localhost:8008;
 | |
| 		proxy_set_header X-Forwarded-For $remote_addr;
 | |
| 		proxy_set_header X-Forwarded-Proto $scheme;
 | |
| 		proxy_set_header Host $host;
 | |
| 		client_max_body_size 50M;
 | |
| 		proxy_http_version 1.1;
 | |
| 	}
 | |
| 
 | |
| 	# The rest of the admin endpoint shouldn't be public
 | |
| 	location ~ ^/_synapse/admin {
 | |
| 		allow 127.0.0.1;
 | |
| 		allow ::1;
 | |
| 		allow 111.222.111.222;
 | |
| 		allow dead:beef::/48;
 | |
| 		deny all;
 | |
| 
 | |
| 		proxy_pass http://localhost:8008;
 | |
| 		proxy_set_header X-Forwarded-For $remote_addr;
 | |
| 		proxy_set_header X-Forwarded-Proto $scheme;
 | |
| 		proxy_set_header Host $host;
 | |
| 		client_max_body_size 50M;
 | |
| 		proxy_http_version 1.1;
 | |
| 	}
 | |
| 
 | |
| 	location ~ ^(/_matrix|/_synapse/client) {
 | |
| 		proxy_pass http://localhost:8008;
 | |
| 		proxy_set_header X-Forwarded-For $remote_addr;
 | |
| 		proxy_set_header X-Forwarded-Proto $scheme;
 | |
| 		proxy_set_header Host $host;
 | |
| 		client_max_body_size 50M;
 | |
| 		proxy_http_version 1.1;
 | |
| 	}
 | |
| 
 | |
| 	access_log /var/log/nginx/matrix-access.log;
 | |
| 	error_log /var/log/nginx/matrix-error.log;
 | |
| }
 | |
| 
 |