ben
/
infra
1
1
Fork 2
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
infra/roles/matrix-nginx/templates/01-matrix.j2

151 lines
4.3 KiB
Django/Jinja
Raw Permalink Blame History

server {
listen 443 ssl http2;
{% if inventory_hostname in wg_clients -%}
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
{% endif -%}
## For the federation port (not needed according to logs)
# listen 8448 ssl http2 default_server;
# ipv6
#listen [::]:443 ssl http2;
#listen [::]:8448 ssl http2 default_server;
include listen-proxy-protocol.conf;
server_name {{ matrix_url }};
root {{ systemuserlist.matrix.home }}/html/;
client_body_buffer_size 1024m;
proxy_max_temp_file_size 0;
include /etc/nginx/sudo-known.conf;
location = /.well-known/matrix/client {
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver":{"base_url":"https://{{ matrix_url }}"}}';
}
location = /.well-known/matrix/server {
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.server": "{{ matrix_url }}:443"}';
}
location = /_health {
proxy_pass http://{{ bridgewithdns.matrix }}:{{ matrix_synapse_port }}/health;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
location ~* ^(\/_matrix|\/_synapse\/client) {
# working around this issue that seems to still be hapening
# https://github.com/matrix-org/synapse/issues/2748
if ($args ~ (^|.*&)height=0(.*)) {
set $args $1height=400$2;
}
if ($args ~ (^|.*&)width=0(.*)) {
set $args $1width=400$2;
}
proxy_pass http://{{ bridgewithdns.matrix }}:{{ matrix_synapse_port }};
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined
# in homeserver.yaml
client_max_body_size {{ matrix_upload_size }};
}
{% if matrix_registration_enabled -%}
location ~ ^/(static|register) {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://{{ bridgewithdns.matrix_reg }}:{{ matrix_registration_port }};
}
{% endif %}
{% if matrix_webhook_enabled -%}
location /_webhook {
proxy_pass http://10.102.47.128:3033/_webhook;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
{% endif %}
{% if matrix_hydrogen_enabled -%}
location /hydrogen {
alias /usr/local/share/hydrogen-web/;
charset utf-8;
index index.html;
autoindex off;
}
{% endif %}
include /etc/nginx/authelia_internal.conf;
location /_synapse/admin {
include /etc/nginx/require_auth.conf;
proxy_pass http://{{ bridgewithdns.matrix }}:{{ matrix_synapse_port }};
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
{% if matrix_admin_enabled -%}
# to work around authelia not matching /_a/ requests, with this error:
#
# No matching rule for subject https://{{ matrix_url }}/_a/... Applying default policy.
location = /_a {
return 302 https://{{ matrix_url }}/_a/index.html;
}
location /_a/ {
include /etc/nginx/require_auth.conf;
alias /usr/local/share/synapse-admin/;
charset utf-8;
index index.html;
autoindex off;
}
{% endif %}
{% if matrix_bridges_enabled -%}
location /_telegram/public {
proxy_pass http://{{ bridgewithdns.matrix_telegram }}:{{ matrix_telegram_port }};
}
{% endif %}
ssl_certificate /usr/local/etc/certs/{{ matrix_url }}/fullchain.pem;
ssl_certificate_key /usr/local/etc/certs/{{ matrix_url }}/privkey.pem;
access_log /var/log/nginx/access_{{ matrix_url }}.log main;
error_log /var/log/nginx/error_{{ matrix_url }}.log warn;
}
{# server {
# listen 443 ssl http2;
#
# server_name {{ matrix_maubot_url }};
#
# location /_matrix/maubot/v1/logs {
# proxy_pass http://{{ bridgewithdns.matrix_maubot }}:29316;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_set_header X-Forwarded-For $remote_addr;
# }
#
# location /_matrix/maubot {
# proxy_pass http://{{ bridgewithdns.matrix_maubot }}:29316;
# proxy_set_header X-Forwarded-For $remote_addr;
# }
# } #}
View Git Blame Copy Permalink