1 files changed, 46 insertions, 0 deletions

diff --git a/files/usr/local/etc/nginx/vhosts.conf.matrix_server b/files/usr/local/etc/nginx/vhosts.conf.matrix_server
new file mode 100644
index 0000000..4819b4d
--- /dev/null
+++ b/files/usr/local/etc/nginx/vhosts.conf.matrix_server
@@ -0,0 +1,46 @@
+server {
+  listen ${synapse_federation_port}      ssl default_server;
+  listen [::]:${synapse_federation_port} ssl default_server;
+
+  http2 on;
+
+  ssl_certificate         ${synapse_https_cert};
+  ssl_certificate_key     ${synapse_https_key};
+  ssl_trusted_certificate ${synapse_https_cacert};
+
+  add_header Strict-Transport-Security "max-age=63072000" always;
+
+  location / {
+    proxy_http_version 1.1;
+    proxy_set_header Host \$host;
+    proxy_set_header X-Real-IP \$remote_addr;
+    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto \$scheme;
+    proxy_pass http://127.0.0.1:${synapse_local_federation_port};
+  }
+}
+
+server {
+  listen 443      ssl default_server;
+  listen [::]:433 ssl default_server;
+
+  http2 on;
+
+  ssl_certificate         ${synapse_https_cert};
+  ssl_certificate_key     ${synapse_https_key};
+  ssl_trusted_certificate ${synapse_https_cacert};
+
+  root ${synapse_element_webroot};
+
+  add_header Strict-Transport-Security "max-age=63072000" always;
+  client_max_body_size ${synapse_upload_sizelimit};
+
+  location ~ ^(/_matrix|/_synapse/client) {
+    proxy_http_version 1.1;
+    proxy_set_header Host \$host;
+    proxy_set_header X-Real-IP \$remote_addr;
+    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto \$scheme;
+    proxy_pass http://127.0.0.1:${synapse_local_client_port};
+  }
+}