3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-25 01:23:24 +00:00
Files
matrix-docker-ansible-deploy/examples/reverse-proxies/apache/matrix-domain.conf

78 lines
2.3 KiB
Plaintext

# SPDX-FileCopyrightText: 2024 MDAD project contributors
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# This is a sample file demonstrating how to set up reverse-proxy for matrix.example.com
<VirtualHost *:80>
ServerName matrix.example.com
# You may wish to handle the /.well-known/acme-challenge paths here somehow,
# if you're using ACME (Let's Encrypt) certificates.
Redirect permanent / https://matrix.example.com/
</VirtualHost>
# Client-Server API
<VirtualHost *:443>
ServerName matrix.example.com
SSLEngine On
# If you manage SSL certificates by yourself, these paths will differ.
SSLCertificateFile /path/to/matrix.example.com/fullchain.pem
SSLCertificateKeyFile /path/to/matrix.example.com/privkey.pem
SSLProxyEngine on
SSLProxyProtocol +TLSv1.2 +TLSv1.3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ProxyPreserveHost On
ProxyRequests Off
ProxyVia On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
ProxyTimeout 86400
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:81/$1 [P,L]
AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:81/ retry=0 nocanon
ProxyPassReverse / http://127.0.0.1:81/
ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined
</VirtualHost>
# Server-Server (federation) API
Listen 8448
<VirtualHost *:8448>
ServerName matrix.example.com
SSLEngine On
# If you manage SSL certificates by yourself, these paths will differ.
SSLCertificateFile /matrix/ssl/config/live/matrix.example.com/fullchain.pem
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.example.com/privkey.pem
SSLProxyEngine on
SSLProxyProtocol +TLSv1.2 +TLSv1.3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ProxyPreserveHost On
ProxyRequests Off
ProxyVia On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:8449/ retry=0 nocanon
ProxyPassReverse / http://127.0.0.1:8449/
ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined
</VirtualHost>