# SPDX-FileCopyrightText: 2024 MDAD project contributors
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# This is a sample file demonstrating how to set up reverse-proxy for matrix.example.com
	ServerName matrix.example.com
	# You may wish to handle the /.well-known/acme-challenge paths here somehow,
	# if you're using ACME (Let's Encrypt) certificates.
	Redirect permanent / https://matrix.example.com/
# Client-Server API
	ServerName matrix.example.com
	SSLEngine On
	# If you manage SSL certificates by yourself, these paths will differ.
	SSLCertificateFile /path/to/matrix.example.com/fullchain.pem
	SSLCertificateKeyFile /path/to/matrix.example.com/privkey.pem
	SSLProxyEngine on
	SSLProxyProtocol +TLSv1.2 +TLSv1.3
	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
	ProxyPreserveHost On
	ProxyRequests Off
	ProxyVia On
	RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
	AllowEncodedSlashes NoDecode
	ProxyPass / http://127.0.0.1:81/ retry=0 nocanon
	ProxyPassReverse / http://127.0.0.1:81/
	ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
	CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined
# Server-Server (federation) API
Listen 8448
	ServerName matrix.example.com
	SSLEngine On
	# If you manage SSL certificates by yourself, these paths will differ.
	SSLCertificateFile /matrix/ssl/config/live/matrix.example.com/fullchain.pem
	SSLCertificateKeyFile /matrix/ssl/config/live/matrix.example.com/privkey.pem
	SSLProxyEngine on
	SSLProxyProtocol +TLSv1.2 +TLSv1.3
	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
	ProxyPreserveHost On
	ProxyRequests Off
	ProxyVia On
	RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
	AllowEncodedSlashes NoDecode
	ProxyPass / http://127.0.0.1:8449/ retry=0 nocanon
	ProxyPassReverse / http://127.0.0.1:8449/
	ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
	CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined