mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-10-24 00:53:23 +00:00
78 lines
2.3 KiB
Plaintext
78 lines
2.3 KiB
Plaintext
# SPDX-FileCopyrightText: 2024 MDAD project contributors
|
|
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
|
|
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
# This is a sample file demonstrating how to set up reverse-proxy for matrix.example.com
|
|
|
|
<VirtualHost *:80>
|
|
ServerName matrix.example.com
|
|
|
|
# You may wish to handle the /.well-known/acme-challenge paths here somehow,
|
|
# if you're using ACME (Let's Encrypt) certificates.
|
|
|
|
Redirect permanent / https://matrix.example.com/
|
|
</VirtualHost>
|
|
|
|
# Client-Server API
|
|
<VirtualHost *:443>
|
|
ServerName matrix.example.com
|
|
|
|
SSLEngine On
|
|
|
|
# If you manage SSL certificates by yourself, these paths will differ.
|
|
SSLCertificateFile /path/to/matrix.example.com/fullchain.pem
|
|
SSLCertificateKeyFile /path/to/matrix.example.com/privkey.pem
|
|
|
|
SSLProxyEngine on
|
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
|
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
ProxyVia On
|
|
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
|
ProxyTimeout 86400
|
|
|
|
RewriteEngine On
|
|
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
|
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
|
RewriteRule /(.*) ws://127.0.0.1:81/$1 [P,L]
|
|
|
|
AllowEncodedSlashes NoDecode
|
|
ProxyPass / http://127.0.0.1:81/ retry=0 nocanon
|
|
ProxyPassReverse / http://127.0.0.1:81/
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined
|
|
</VirtualHost>
|
|
|
|
# Server-Server (federation) API
|
|
Listen 8448
|
|
<VirtualHost *:8448>
|
|
ServerName matrix.example.com
|
|
|
|
SSLEngine On
|
|
|
|
# If you manage SSL certificates by yourself, these paths will differ.
|
|
SSLCertificateFile /matrix/ssl/config/live/matrix.example.com/fullchain.pem
|
|
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.example.com/privkey.pem
|
|
|
|
SSLProxyEngine on
|
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
|
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
ProxyVia On
|
|
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
|
|
|
AllowEncodedSlashes NoDecode
|
|
ProxyPass / http://127.0.0.1:8449/ retry=0 nocanon
|
|
ProxyPassReverse / http://127.0.0.1:8449/
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined
|
|
</VirtualHost>
|