blob: 4819b4d28a34b5f378a0e598b8803031129c3257 (
plain) (
tree)
|
|
server {
listen ${synapse_federation_port} ssl default_server;
listen [::]:${synapse_federation_port} ssl default_server;
http2 on;
ssl_certificate ${synapse_https_cert};
ssl_certificate_key ${synapse_https_key};
ssl_trusted_certificate ${synapse_https_cacert};
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_pass http://127.0.0.1:${synapse_local_federation_port};
}
}
server {
listen 443 ssl default_server;
listen [::]:433 ssl default_server;
http2 on;
ssl_certificate ${synapse_https_cert};
ssl_certificate_key ${synapse_https_key};
ssl_trusted_certificate ${synapse_https_cacert};
root ${synapse_element_webroot};
add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size ${synapse_upload_sizelimit};
location ~ ^(/_matrix|/_synapse/client) {
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_pass http://127.0.0.1:${synapse_local_client_port};
}
}
|
