.config
.github
LICENSES
bin
collections
docs
examples
reverse-proxies
apache
README.md
matrix-client-element.conf
matrix-domain.conf
caddy2
caddy2-in-container
haproxy
nginx
nginx-proxy-manager
README.md
host.yml
hosts
hosts.license
vars.yml
vars.yml.license
group_vars
i18n
roles
.editorconfig
.envrc
.gitattributes
.gitignore
.yamllint
CHANGELOG.md
CHANGELOG.md.license
LICENSE
Makefile
README.md
README.md.license
REUSE.toml
YEAR-IN-REVIEW.md
ansible.cfg
conf.py
flake.lock
flake.nix
jitsi_jvb.yml
justfile
requirements.yml
setup.yml
setup.yml.license
72 lines
2.1 KiB
Plaintext
72 lines
2.1 KiB
Plaintext
# SPDX-FileCopyrightText: 2024 MDAD project contributors
|
|
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
|
|
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
# This is a sample file demonstrating how to set up reverse-proxy for matrix.example.com
|
|
|
|
<VirtualHost *:80>
|
|
ServerName matrix.example.com
|
|
|
|
# You may wish to handle the /.well-known/acme-challenge paths here somehow,
|
|
# if you're using ACME (Let's Encrypt) certificates.
|
|
|
|
Redirect permanent / https://matrix.example.com/
|
|
</VirtualHost>
|
|
|
|
# Client-Server API
|
|
<VirtualHost *:443>
|
|
ServerName matrix.example.com
|
|
|
|
SSLEngine On
|
|
|
|
# If you manage SSL certificates by yourself, these paths will differ.
|
|
SSLCertificateFile /path/to/matrix.example.com/fullchain.pem
|
|
SSLCertificateKeyFile /path/to/matrix.example.com/privkey.pem
|
|
|
|
SSLProxyEngine on
|
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
|
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
ProxyVia On
|
|
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
|
|
|
AllowEncodedSlashes NoDecode
|
|
ProxyPass / http://127.0.0.1:81/ retry=0 nocanon
|
|
ProxyPassReverse / http://127.0.0.1:81/
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined
|
|
</VirtualHost>
|
|
|
|
# Server-Server (federation) API
|
|
Listen 8448
|
|
<VirtualHost *:8448>
|
|
ServerName matrix.example.com
|
|
|
|
SSLEngine On
|
|
|
|
# If you manage SSL certificates by yourself, these paths will differ.
|
|
SSLCertificateFile /matrix/ssl/config/live/matrix.example.com/fullchain.pem
|
|
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.example.com/privkey.pem
|
|
|
|
SSLProxyEngine on
|
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
|
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
ProxyVia On
|
|
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
|
|
|
AllowEncodedSlashes NoDecode
|
|
ProxyPass / http://127.0.0.1:8449/ retry=0 nocanon
|
|
ProxyPassReverse / http://127.0.0.1:8449/
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined
|
|
</VirtualHost>
|