From 6e3d46b57df39e56dc46f9abeba76421e4eeca13 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 Jun 2025 13:25:04 +0200 Subject: [PATCH] neu aufbau (zusammenfuehrung) der datei mit dem offiziellen beispiel von synapse --- sites-available/matrix.conf | 89 ++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 41 deletions(-) diff --git a/sites-available/matrix.conf b/sites-available/matrix.conf index 45df521..e00cca6 100644 --- a/sites-available/matrix.conf +++ b/sites-available/matrix.conf @@ -1,52 +1,59 @@ -add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; +add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; - -server{ - listen 10.0.0.29:80; - server_name matrix.egonetix.de; - return 301 https://$server_name$request_uri; +# Redirect HTTP to HTTPS +server { + listen 10.0.0.29:80; + server_name matrix.egonetix.de; + return 301 https://$server_name$request_uri; } +# HTTPS for client traffic (port 443) server { - listen 10.0.0.29:443 http2 ssl; - # SSL config - ssl on; - ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem; - ssl_dhparam /etc/ssl/certs/dhparam.pem; + listen 10.0.0.29:443 ssl http2; + server_name matrix.egonetix.de; - # Make site accessible from http://localhost/ - server_name matrix.egonetix.de; - access_log /var/log/nginx/matrix-access.log; - error_log /var/log/nginx/matrix-error.log; + ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem; + ssl_dhparam /etc/ssl/certs/dhparam.pem; - set $upstream 10.0.0.48; + access_log /var/log/nginx/matrix-access.log; + error_log /var/log/nginx/matrix-error.log; - location /_matrix { - - proxy_pass http://$upstream:8008; - proxy_set_header X-Forwarded-For $remote_addr; - } -} - -server { - listen 10.0.0.29:8448 http2 ssl; - # SSL config - ssl on; - ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - - # Make site accessible from http://localhost/ - server_name matrix.egonetix.de; - access_log /var/log/nginx/matrix-access.log; - error_log /var/log/nginx/matrix-error.log; - - set $upstream 10.0.0.48; - - location /_matrix { + set $upstream 10.0.0.48; + location ~ ^(/_matrix|/_synapse/client) { proxy_pass http://$upstream:8008; proxy_set_header X-Forwarded-For $remote_addr; - } + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + + client_max_body_size 50M; + proxy_http_version 1.1; + } } + +# HTTPS for federation traffic (port 8448) +server { + listen 10.0.0.29:8448 ssl http2; + server_name matrix.egonetix.de; + + ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + + access_log /var/log/nginx/matrix-access.log; + error_log /var/log/nginx/matrix-error.log; + + set $upstream 10.0.0.48; + + location ~ ^(/_matrix|/_synapse/client) { + proxy_pass http://$upstream:8008; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + + client_max_body_size 50M; + proxy_http_version 1.1; + } +} +