freedom-messenger.net

Translations of this page:

Trace: matrix_nginx

Matrix_nginx

NGINX Anbindung an Matrix

server {

  listen <ip Adresse des Servers>:80 ;
  set_real_ip_from <IP Adresse des Matrix Servers>;
      real_ip_header X-Real-IP;
      real_ip_recursive on;
  root /var/www/html;
  index index.html index.htm index.nginx-debian.html;
  server_name <Domain> <FQDN>;
  return 301 https://$host$request_uri;

} server {

  listen 443 ssl ;
  client_max_body_size 8M;

ssl on; ssl_certificate /<Pfad zum Zertifikat>/<Zertifikat Datei>;

  ssl_certificate_key       /<Pfad zum Zertifikat>/<Zertifikat Datei>/<Zertifikat Keys>;
  root /var/www/html;
  index index.html index.htm index.nginx-debian.html;
  server_name matrix.westchat.de westchat.de;
  location /_matrix {
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;

# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  proxy_set_header  X-Forwarded-Host $remote_addr;
   proxy_set_header X-Forwarded-For $remote_addr;
  proxy_read_timeout 180;
  expires 1d;
  proxy_pass 127.0.0.1/_matrix;
  }
  location ~ /.well-known {
      allow all;
  }

}

server {

  listen <IP Adresse des Servers>:8448 ssl ;

# listen [::]:443 ssl;

      client_max_body_size 8M;
      set_real_ip_from <IP adresse des Servers>;
      real_ip_header X-Real-IP;
      real_ip_recursive on;

ssl on; ssl_certificate /<Pfad zum Zertifikat>/<Zertifikat Datei>;

  ssl_certificate_key       /<Pfad zum Zertifikat>/<Zertifikat Datei>/<Zertifikat Keys>;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate

  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;
  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  ssl_dhparam /etc/matrix-synapse//westchat.de.tls.dh;
  # modern configuration. tweak to your needs.
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;

# # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) # add_header Strict-Transport-Security max-age=15768000; #

  # OCSP Stapling ---
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;

ssl_stapling_verify on;

  root /var/www/html;
  index index.html index.htm index.nginx-debian.html;
  server_name <Domain> <FQDN>;
  location / {
  proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  X-Forwarded-Host $remote_addr;
      proxy_set_header X-Forwarded-For $remote_addr;
  proxy_read_timeout 180;
  expires 1d;
      proxy_pass 127.0.0.1;
  
  }

# location ~ /.well-known { # allow all; # } } server {

  listen <IP adresse des Servers>:8443 ssl http2;
      client_max_body_size 8M;
      set_real_ip_from <IP Adresse ddesa Servers>;
      real_ip_header X-Real-IP;
      real_ip_recursive on;

ssl on; ssl_certificate /<Pfad zum Zertifikat>/<Zertifikat Datei>;

  ssl_certificate_key       /<Pfad zum Zertifikat>/<Zertifikat Datei>/<Zertifikat Keys>;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate

  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;
  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  ssl_dhparam /etc/matrix-synapse//westchat.de.tls.dh;
  # modern configuration. tweak to your needs.
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;

# # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) # add_header Strict-Transport-Security max-age=15768000; #

  # OCSP Stapling ---
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;

ssl_stapling_verify on;

  root /var/www/html;
  index index.html index.htm index.nginx-debian.html;
  server_name <Domain> <FQDN>;
  location / {
  proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  X-Forwarded-Host $remote_addr;
      proxy_set_header X-Forwarded-For $remote_addr;
  proxy_read_timeout 180;
  expires 1d;
      proxy_pass 127.0.0.1;
  
  }

# location ~ /.well-known { # allow all; # } }

server {

  listen <IP Adresse des Servers>:8008 ;
      client_max_body_size 8M;
      set_real_ip_from <IP adresse des Servers>;
      real_ip_header X-Real-IP;
      real_ip_recursive on;
  root /var/www/html;
  index index.html index.htm index.nginx-debian.html;
  server_name <Domain> <FQDN>;
  location / {
  proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  X-Forwarded-Host $remote_addr;
       proxy_set_header X-Forwarded-For $remote_addr;
  proxy_read_timeout 180;
  expires 1d;
      proxy_pass 127.0.0.1;
  }

# location ~ /.well-known { # allow all; # } }