server { listen 80 default_server; listen [::]:80 default_server; server_name hackliberty.org paste.* ots.* element.* git.* chat.*; location / { return 307 https://$host$request_uri; } } #Workers include /config/nginx/include.d/upstream_workers.conf; server { listen 443 ssl http2; listen [::]:443 ssl http2; listen 8448 ssl http2 default_server; listen [::]:8448 ssl http2 default_server; server_name hackliberty.org www.*; include /config/nginx/ssl.conf; client_max_body_size 1024M; # Well-Known location /.well-known/matrix/server { default_type application/json; add_header Access-Control-Allow-Origin *; return 200 '{"m.server": "hackliberty.org:443"}'; } location /.well-known/matrix/client { default_type application/json; add_header Access-Control-Allow-Origin *; # Add the new configuration block return 200 ' { "m.homeserver": { "base_url": "https://hackliberty.org" }, "org.matrix.msc3575.proxy": { "url": "https://hackliberty.org" } } '; } #Home Page include /config/nginx/include.d/homepage.conf; # Mjolnir Reports include /config/nginx/include.d/mjolnir-reports.conf; # Maubot include /config/nginx/include.d/maubot.conf; # Federation_Worker include /config/nginx/include.d/federation_worker.conf; # Encryption_Worker include /config/nginx/include.d/encryption_worker.conf; # Client_Worker include /config/nginx/include.d/client_worker.conf; # Register include /config/nginx/include.d/register.conf; # Additional1_Worker | Typing Device Account #include /config/nginx/include.d/additional1_worker.conf; # Additional2_Worker | Reciept #include /config/nginx/include.d/additional2_worker.conf; # Event_worker #include /config/nginx/include.d/event_worker.conf; # Extra Workers #include /config/nginx/include.d/extra_worker.conf; # Media Repo #include /config/nginx/include.d/media-repo.conf; # /synapse/admin #include /config/nginx/include.d/synapse-admin.conf; # Sync_Worker #include /config/nginx/include.d/sync_worker.conf; location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) { include /config/nginx/include.d/synapse-proxy.conf; set $upstream_app sliding-sync; set $upstream_port 8009; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ ^(/_matrix.*) { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; include /config/nginx/include.d/synapse-proxy.conf; set $upstream_app synapse; set $upstream_port 8008; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } server { listen 8899; server_name kj3wvs3wyfhm3uhhuqxlrhhcp6dneuau4mmvptlor27ghmrqx63fqnid.onion; location ~ ^/.*$ { root /config/www/hackliberty.org; include /config/nginx/gzip.conf; include /config/nginx/security-headers.conf; # Add Onion-Location Header add_header Onion-Location http://kj3wvs3wyfhm3uhhuqxlrhhcp6dneuau4mmvptlor27ghmrqx63fqnid.onion$request_uri; add_header Content-Security-Policy "default-src 'none'; frame-src https://trocador.app/; connect-src 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none'"; } }