mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 18:13:23 +00:00 
			
		
		
		
	Continuation of 1f0cc92b33.
As an explanation for the problem:
when saying `localhost` on the host, it sometimes gets resolved to `::1`
and sometimes to `127.0.0.1`. On the unfortunate occassions that
it gets resolved to `::1`, the container won't be able to serve the
request, because Docker containers don't have IPv6 enabled by default.
To avoid this problem, we simply prevent any lookups from happening
and explicitly use `127.0.0.1`.
		
	
		
			
				
	
	
		
			74 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			74 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| # This is a sample file demonstrating how to set up reverse-proxy for the matrix.DOMAIN
 | |
| 
 | |
| <VirtualHost *:80>
 | |
| 	ServerName matrix.DOMAIN
 | |
| 
 | |
| 	# Map /.well-known/acme-challenge to the certbot server
 | |
| 	# If you manage SSL certificates by yourself, this will differ.
 | |
| 	<Location /.well-known/acme-challenge>
 | |
| 		ProxyPreserveHost On
 | |
| 		ProxyRequests Off
 | |
| 		ProxyVia On
 | |
| 		ProxyPass http://127.0.0.1:2402/.well-known/acme-challenge
 | |
| 	</Location>
 | |
| 
 | |
| 	Redirect permanent / https://matrix.DOMAIN/
 | |
| </VirtualHost>
 | |
| 
 | |
| <VirtualHost *:443>
 | |
| 	ServerName matrix.DOMAIN
 | |
| 
 | |
| 	SSLEngine On
 | |
| 
 | |
| 	# If you manage SSL certificates by yourself, these paths will differ.
 | |
| 	SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem
 | |
| 	SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
 | |
| 
 | |
| 	SSLProxyEngine on
 | |
| 	SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
 | |
| 	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 | |
| 
 | |
| 	ProxyPreserveHost On
 | |
| 	ProxyRequests Off
 | |
| 	ProxyVia On
 | |
| 
 | |
| 	# Keep some URIs free for different proxy/location
 | |
| 	ProxyPassMatch ^/.well-known/matrix/client !
 | |
| 	ProxyPassMatch ^/_matrix/identity !
 | |
| 	ProxyPassMatch ^/_matrix/client/r0/user_directory/search !
 | |
| 
 | |
| 	# Proxy all remaining traffic to Synapse
 | |
| 	ProxyPass / http://127.0.0.1:8008/
 | |
| 	ProxyPassReverse / http://127.0.0.1:8008/
 | |
| 
 | |
| 	# Map /.well-known/matrix/client for client discovery
 | |
| 	Alias /.well-known/matrix/client /matrix/static-files/.well-known/matrix/client
 | |
| 	<Files "/matrix/static-files/.well-known/matrix/client">
 | |
| 		Require all granted
 | |
| 	</Files>
 | |
| 	<Location "/.well-known/matrix/client>
 | |
| 		Header always set Content-Type "application/json"
 | |
| 		Header always set Access-Control-Allow-Origin "*"
 | |
| 	</Location>
 | |
| 	<Directory /matrix/static-files/.well-known/matrix/>
 | |
| 		AllowOverride All
 | |
| 		# Apache 2.4:
 | |
| 		Require all granted
 | |
| 		# Or for Apache 2.2:
 | |
| 		#order allow,deny
 | |
| 	</Directory>
 | |
| 
 | |
| 	# Map /_matrix/identity to the identity server
 | |
| 	<Location /_matrix/identity>
 | |
| 		ProxyPass http://127.0.0.1:8090/_matrix/identity
 | |
| 	</Location>
 | |
| 
 | |
| 	# Map /_matrix/client/r0/user_directory/search to the identity server
 | |
| 	<Location /_matrix/client/r0/user_directory/search>
 | |
| 		ProxyPass http://127.0.0.1:8090/_matrix/client/r0/user_directory/search
 | |
| 	</Location>
 | |
| 
 | |
| 	ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
 | |
| 	CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined
 | |
| </VirtualHost>
 |