blob: 4819b4d28a34b5f378a0e598b8803031129c3257 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
server {
listen ${synapse_federation_port} ssl default_server;
listen [::]:${synapse_federation_port} ssl default_server;
http2 on;
ssl_certificate ${synapse_https_cert};
ssl_certificate_key ${synapse_https_key};
ssl_trusted_certificate ${synapse_https_cacert};
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_pass http://127.0.0.1:${synapse_local_federation_port};
}
}
server {
listen 443 ssl default_server;
listen [::]:433 ssl default_server;
http2 on;
ssl_certificate ${synapse_https_cert};
ssl_certificate_key ${synapse_https_key};
ssl_trusted_certificate ${synapse_https_cacert};
root ${synapse_element_webroot};
add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size ${synapse_upload_sizelimit};
location ~ ^(/_matrix|/_synapse/client) {
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_pass http://127.0.0.1:${synapse_local_client_port};
}
}
|
