From 934a7113f8a91ac2d2899700e1b8c86969b2d978 Mon Sep 17 00:00:00 2001 From: Lukas Post Date: Sat, 2 Oct 2021 22:52:07 +0200 Subject: [PATCH 1/7] Added config sample for the Synapse Matrix Server --- synapse.subdomain.conf.sample | 44 +++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 synapse.subdomain.conf.sample diff --git a/synapse.subdomain.conf.sample b/synapse.subdomain.conf.sample new file mode 100644 index 0000000..e3a1e99 --- /dev/null +++ b/synapse.subdomain.conf.sample @@ -0,0 +1,44 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + # For the federation port + listen 8448 ssl; + listen [::]:8448 ssl; + + server_name matrix.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location ~* ^(\/_matrix|\/_synapse\/client) { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app synapse; + set $upstream_port 8008; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + } +} \ No newline at end of file From 611090d330c8e529732749aaded4ed5ffd7f9d40 Mon Sep 17 00:00:00 2001 From: Lukas Post <18466902+deutschepost@users.noreply.github.com> Date: Sat, 2 Oct 2021 23:38:16 +0200 Subject: [PATCH 2/7] Added Version Comment --- synapse.subdomain.conf.sample | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/synapse.subdomain.conf.sample b/synapse.subdomain.conf.sample index e3a1e99..6c5d5b2 100644 --- a/synapse.subdomain.conf.sample +++ b/synapse.subdomain.conf.sample @@ -1,3 +1,5 @@ +## Version 2021/10/02 + server { listen 443 ssl; listen [::]:443 ssl; @@ -41,4 +43,4 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; } -} \ No newline at end of file +} From 8b4d4da7beca437e1624dcafa025970c9f29e475 Mon Sep 17 00:00:00 2001 From: Lukas Post <18466902+deutschepost@users.noreply.github.com> Date: Sat, 2 Oct 2021 23:57:25 +0200 Subject: [PATCH 3/7] delete redundant proxy headers --- synapse.subdomain.conf.sample | 4 ---- 1 file changed, 4 deletions(-) diff --git a/synapse.subdomain.conf.sample b/synapse.subdomain.conf.sample index 6c5d5b2..0bc3e62 100644 --- a/synapse.subdomain.conf.sample +++ b/synapse.subdomain.conf.sample @@ -38,9 +38,5 @@ server { set $upstream_port 8008; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; } } From 3812a54c0fa0ead6c74f6f039b9733f8891270f9 Mon Sep 17 00:00:00 2001 From: Lukas Post <18466902+deutschepost@users.noreply.github.com> Date: Sun, 3 Oct 2021 00:41:21 +0200 Subject: [PATCH 4/7] replaced location with / --- synapse.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse.subdomain.conf.sample b/synapse.subdomain.conf.sample index 0bc3e62..ca01b50 100644 --- a/synapse.subdomain.conf.sample +++ b/synapse.subdomain.conf.sample @@ -20,7 +20,7 @@ server { # enable for Authelia #include /config/nginx/authelia-server.conf; - location ~* ^(\/_matrix|\/_synapse\/client) { + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; From 3053d18c0776c1c12647752fc80e83e4fe9c3de0 Mon Sep 17 00:00:00 2001 From: Lukas Post <18466902+deutschepost@users.noreply.github.com> Date: Sun, 3 Oct 2021 01:39:43 +0200 Subject: [PATCH 5/7] readded http2 support --- synapse.subdomain.conf.sample | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/synapse.subdomain.conf.sample b/synapse.subdomain.conf.sample index ca01b50..dadcb1e 100644 --- a/synapse.subdomain.conf.sample +++ b/synapse.subdomain.conf.sample @@ -5,8 +5,8 @@ server { listen [::]:443 ssl; # For the federation port - listen 8448 ssl; - listen [::]:8448 ssl; + listen 8448 ssl http2 default_server; + listen [::]:8448 ssl http2 default_server; server_name matrix.*; From f377cd1efc9df5695d6cf5bbb819abbf473a5a4a Mon Sep 17 00:00:00 2001 From: Lukas Post <18466902+deutschepost@users.noreply.github.com> Date: Sun, 3 Oct 2021 02:56:28 +0200 Subject: [PATCH 6/7] Update Version and missing http2 --- synapse.subdomain.conf.sample | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/synapse.subdomain.conf.sample b/synapse.subdomain.conf.sample index dadcb1e..d92e4dc 100644 --- a/synapse.subdomain.conf.sample +++ b/synapse.subdomain.conf.sample @@ -1,8 +1,8 @@ -## Version 2021/10/02 +## Version 2021/10/03 server { - listen 443 ssl; - listen [::]:443 ssl; + listen 443 ssl http2; + listen [::]:443 ssl http2; # For the federation port listen 8448 ssl http2 default_server; From 6f768d117ca06e2e91dc2e9221cf21ed8d2a7499 Mon Sep 17 00:00:00 2001 From: Lukas Post <18466902+deutschepost@users.noreply.github.com> Date: Tue, 5 Oct 2021 19:48:26 +0200 Subject: [PATCH 7/7] Change lineendings to UNIX --- synapse.subdomain.conf.sample | 84 +++++++++++++++++------------------ 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/synapse.subdomain.conf.sample b/synapse.subdomain.conf.sample index d92e4dc..6107f7f 100644 --- a/synapse.subdomain.conf.sample +++ b/synapse.subdomain.conf.sample @@ -1,42 +1,42 @@ -## Version 2021/10/03 - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - # For the federation port - listen 8448 ssl http2 default_server; - listen [::]:8448 ssl http2 default_server; - - server_name matrix.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; - - # enable for Authelia - #include /config/nginx/authelia-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; - - # enable for Authelia - #include /config/nginx/authelia-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app synapse; - set $upstream_port 8008; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} +## Version 2021/10/03 + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + # For the federation port + listen 8448 ssl http2 default_server; + listen [::]:8448 ssl http2 default_server; + + server_name matrix.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app synapse; + set $upstream_port 8008; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +}