mirror of
https://github.com/element-hq/element-docker-demo.git
synced 2026-01-25 22:37:00 +03:00
182 lines
4.9 KiB
Plaintext
182 lines
4.9 KiB
Plaintext
${CONFIG_HEADER}
|
|
|
|
# taken from https://element-hq.github.io/synapse/latest/reverse_proxy.html
|
|
# mixed with https://github.com/wmnnd/nginx-certbot/tree/master/etc/nginx/conf.d/nginx
|
|
|
|
# log_format vhosts '$host $remote_addr - $remote_user [$time_local] '
|
|
# '"$request" $status $body_bytes_sent '
|
|
# '"$http_referer" "$http_user_agent"';
|
|
# access_log /dev/stdout vhosts;
|
|
|
|
server {
|
|
server_name ${DOMAIN};
|
|
server_tokens off;
|
|
|
|
listen 80;
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
root /var/www/certbot;
|
|
}
|
|
|
|
location /.well-known/matrix/ {
|
|
root /var/www;
|
|
}
|
|
|
|
# XXX: is this right? or should auth.$DOMAIN be the issuer?
|
|
location /.well-known/openid-configuration {
|
|
proxy_pass http://mas:8080;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
}
|
|
|
|
location / {
|
|
return 301 https://${DOLLAR}host${DOLLAR}request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name ${DOMAIN};
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/conf.d/include/ssl.conf;
|
|
|
|
location = / {
|
|
return 302 https://${ELEMENT_WEB_FQDN};
|
|
}
|
|
|
|
location /.well-known/matrix/ {
|
|
root /var/www;
|
|
}
|
|
|
|
# XXX: is this right? or should auth.$DOMAIN be the issuer?
|
|
location /.well-known/openid-configuration {
|
|
proxy_pass http://mas:8080;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name ${ELEMENT_WEB_FQDN};
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/conf.d/include/ssl.conf;
|
|
|
|
location / {
|
|
proxy_pass http://element-web;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name ${ELEMENT_CALL_FQDN};
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/conf.d/include/ssl.conf;
|
|
|
|
location / {
|
|
proxy_pass http://element-call:8080;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name ${MAS_FQDN};
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/conf.d/include/ssl.conf;
|
|
|
|
location / {
|
|
proxy_pass http://mas:8080;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name ${LIVEKIT_FQDN};
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/conf.d/include/ssl.conf;
|
|
|
|
location / {
|
|
proxy_pass http://livekit:7880;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ${DOLLAR}http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host ${DOLLAR}host;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name ${LIVEKIT_JWT_FQDN};
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/conf.d/include/ssl.conf;
|
|
|
|
location / {
|
|
proxy_pass http://livekit-jwt:8080;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name ${HOMESERVER_FQDN};
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/conf.d/include/ssl.conf;
|
|
|
|
# For the federation port
|
|
listen 8448 ssl default_server;
|
|
listen [::]:8448 ssl default_server;
|
|
|
|
# pass auth to MAS
|
|
location ~ ^/_matrix/client/(.*)/(login|logout|refresh) {
|
|
proxy_pass http://mas:8080;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
}
|
|
|
|
# use the generic worker as a synchrotron:
|
|
# taken from https://element-hq.github.io/synapse/latest/workers.html#synapseappgeneric_worker
|
|
|
|
location ~ ^/_matrix/client/(r0|v3)/sync${DOLLAR} {
|
|
proxy_pass http://synapse-generic-worker-1:8081;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
|
|
}
|
|
|
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/events${DOLLAR} {
|
|
proxy_pass http://synapse-generic-worker-1:8081;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
|
|
}
|
|
|
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync${DOLLAR} {
|
|
proxy_pass http://synapse-generic-worker-1:8081;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
|
|
}
|
|
|
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync${DOLLAR} {
|
|
proxy_pass http://synapse-generic-worker-1:8081;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://synapse:8008;
|
|
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
|
|
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
|
|
proxy_set_header Host ${DOLLAR}host;
|
|
|
|
# Nginx by default only allows file uploads up to 1M in size
|
|
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
# Synapse responses may be chunked, which is an HTTP/1.1 feature.
|
|
proxy_http_version 1.1;
|
|
}
|
|
|