Relocate reverse-proxy example configurations and update docs/configuring-playbook-own-webserver.md with more details
This commit is contained in:
Slavi Pantaleev
14
examples/reverse-proxies/apache/README.md
Normal file
14
examples/reverse-proxies/apache/README.md
Normal file
@ -0,0 +1,14 @@
|
||||
# Apache reverse-proxy
|
||||
|
||||
This directory contains sample files that show you how to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with your Apache reverse-proxy.
|
||||
|
||||
## Prerequisite configuration
|
||||
|
||||
To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
|
||||
|
||||
## Using the Apache configuration
|
||||
|
||||
`matrix-domain.conf` contains configuration for the Matrix domain, which handles both the Client-Server API (port `443`) and the Matrix Federation API (port `8448`).
|
||||
|
||||
`matrix-client-element.conf` is an example for when you're hosting Element at `element.DOMAIN`.
|
||||
This configuration can also be used as an example for handling other domains, depending on the services you enable with the playbook (e.g. `dimension.DOMAIN`, etc).
|
||||
35
examples/reverse-proxies/apache/matrix-client-element.conf
Normal file
35
examples/reverse-proxies/apache/matrix-client-element.conf
Normal file
@ -0,0 +1,35 @@
|
||||
# This is a sample file demonstrating how to set up reverse-proxy for element.DOMAIN.
|
||||
# If you're not using Element (`matrix_client_element_enabled: false`), you won't need this.
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerName element.DOMAIN
|
||||
|
||||
# You may wish to handle the /.well-known/acme-challenge paths here somehow,
|
||||
# if you're using ACME (Let's Encrypt) certificates.
|
||||
|
||||
Redirect permanent / https://element.DOMAIN/
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerName element.DOMAIN
|
||||
|
||||
SSLEngine On
|
||||
|
||||
# If you manage SSL certificates by yourself, these paths will differ.
|
||||
SSLCertificateFile /matrix/ssl/config/live/element.DOMAIN/fullchain.pem
|
||||
SSLCertificateKeyFile /matrix/ssl/config/live/element.DOMAIN/privkey.pem
|
||||
|
||||
SSLProxyEngine on
|
||||
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyRequests Off
|
||||
ProxyVia On
|
||||
|
||||
ProxyPass / http://127.0.0.1:81/
|
||||
ProxyPassReverse / http://127.0.0.1:81/
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/element.DOMAIN-error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/element.DOMAIN-access.log combined
|
||||
</VirtualHost>
|
||||
65
examples/reverse-proxies/apache/matrix-domain.conf
Normal file
65
examples/reverse-proxies/apache/matrix-domain.conf
Normal file
@ -0,0 +1,65 @@
|
||||
# This is a sample file demonstrating how to set up reverse-proxy for matrix.DOMAIN
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerName matrix.DOMAIN
|
||||
|
||||
# You may wish to handle the /.well-known/acme-challenge paths here somehow,
|
||||
# if you're using ACME (Let's Encrypt) certificates.
|
||||
|
||||
Redirect permanent / https://matrix.DOMAIN/
|
||||
</VirtualHost>
|
||||
|
||||
# Client-Server API
|
||||
<VirtualHost *:443>
|
||||
ServerName matrix.DOMAIN
|
||||
|
||||
SSLEngine On
|
||||
|
||||
# If you manage SSL certificates by yourself, these paths will differ.
|
||||
SSLCertificateFile /path/to/matrix.DOMAIN/fullchain.pem
|
||||
SSLCertificateKeyFile /path/to/matrix.DOMAIN/privkey.pem
|
||||
|
||||
SSLProxyEngine on
|
||||
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyRequests Off
|
||||
ProxyVia On
|
||||
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
||||
|
||||
AllowEncodedSlashes NoDecode
|
||||
ProxyPass / http://127.0.0.1:81 retry=0 nocanon
|
||||
ProxyPassReverse / http://127.0.0.1:81/
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined
|
||||
</VirtualHost>
|
||||
|
||||
# Server-Server (federation) API
|
||||
Listen 8448
|
||||
<VirtualHost *:8448>
|
||||
ServerName matrix.DOMAIN
|
||||
|
||||
SSLEngine On
|
||||
|
||||
# If you manage SSL certificates by yourself, these paths will differ.
|
||||
SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem
|
||||
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
|
||||
|
||||
SSLProxyEngine on
|
||||
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyRequests Off
|
||||
ProxyVia On
|
||||
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
||||
|
||||
AllowEncodedSlashes NoDecode
|
||||
ProxyPass / http://127.0.0.1:8449/ retry=0 nocanon
|
||||
ProxyPassReverse / http://127.0.0.1:8449/
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined
|
||||
</VirtualHost>
|
||||
Reference in New Issue
Block a user