server { listen 80 default_server; #listen [::]:80; server_name matrix.envs.net turn.envs.net; location / { return 307 https://$host$request_uri; } location /.well-known/acme-challenge/ { alias /var/lib/letsencrypt/.well-known/acme-challenge/; } } map $http_origin $DO_CORS { # indicates all map values are hostnames and should be parsed as such hostnames; # default value default 'true'; # blocked domains renaissance.eu.org 'false'; element.renaissance.eu.org 'false'; } upstream generic_worker_rr { server localhost:8510; server localhost:8511; server localhost:8512; } upstream generic_worker_ih { ip_hash; server localhost:8510; server localhost:8511; server localhost:8512; } upstream generic_worker_lc { least_conn; server localhost:8510; server localhost:8511; server localhost:8512; } server { listen 443 ssl http2 default_server; #listen [::]:443 ssl; server_name matrix.envs.net; include snippets/ssl.conf; ## well-known location /.well-known/matrix/support { add_header Access-Control-Allow-Origin "$DO_CORS"; add_header Content-Type application/json; return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}'; } location /.well-known/matrix/ { add_header Access-Control-Allow-Origin "$DO_CORS"; add_header Content-Type application/json; return 200 '{"m.server": "matrix.envs.net:443", "m.homeserver": {"base_url": "https://matrix.envs.net"}}'; } ## workers include include.d/generic_worker.conf; ## location ~* ^(\/_matrix|\/_synapse\/client) { proxy_pass http://localhost:8008; include include.d/synapse-proxy.conf; } # /synapse/admin include include.d/synapse_admin.conf; ## media-repo location ^~ /_matrix/media { proxy_pass http://localhost:8000; client_max_body_size 100M; proxy_set_header Host envs.net; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_read_timeout 3600; } ## location / { proxy_pass http://localhost:8008; include include.d/synapse-proxy.conf; } }