111 lines
5.5 KiB
Django/Jinja
111 lines
5.5 KiB
Django/Jinja
https://{{ matrix_server_fqn_matrix }} {
|
|
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
|
|
encode zstd gzip
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000;"
|
|
X-Frame-Options "DENY"
|
|
X-XSS-Protection "1; mode=block"
|
|
}
|
|
# matrix-ma1sd
|
|
reverse_proxy /_matrix/identity/* {{ matrix_ma1sd_container_http_host_bind_port }} {
|
|
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
|
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
|
}
|
|
reverse_proxy /_matrix/client/r0/user_directory/search/* {{ matrix_ma1sd_container_http_host_bind_port }} {
|
|
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
|
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
|
}
|
|
reverse_proxy /_matrix/federation/* http://{{ matrix_synapse_container_federation_api_plain_host_bind_port }}
|
|
reverse_proxy /_matrix/key/* http://{{ matrix_synapse_container_federation_api_plain_host_bind_port }}
|
|
reverse_proxy /_matrix/* {{ matrix_synapse_container_client_api_host_bind_port }} {
|
|
import proxyheaders
|
|
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
|
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
|
}
|
|
route /synapse-admin/* {
|
|
uri strip_prefix /synapse-admin
|
|
reverse_proxy http://127.0.0.1{{ matrix_synapse_admin_container_http_host_bind_port }}
|
|
}
|
|
reverse_proxy /_synapse/* http://{{ matrix_synapse_container_client_api_host_bind_port }}
|
|
basicauth /metrics/* bcrypt monitoring {
|
|
monitoring JDJhJDE0JGdQRlNHVFpSQmRiaWlPem9LdXlkS09HN2E3LklZS05YZmtXTEY1NlFXbkMxd3hBUmwwbVZl
|
|
}
|
|
route /metrics/synapse {
|
|
uri replace /metrics/synapse /_synapse/metrics
|
|
reverse_proxy http://{{ matrix_synapse_container_metrics_api_host_bind_port }}
|
|
}
|
|
route /metrics/synapse/worker/appservice {
|
|
uri replace /metrics/synapse/worker/appservice /_synapse/metrics
|
|
reverse_proxy http://127.0.0.1:{{ matrix_synapse_workers_appservice_workers_metrics_range_start }}
|
|
}
|
|
route /metrics/synapse/worker/federation-sender {
|
|
uri replace /metrics/synapse/worker/federation-sender /_synapse/metrics
|
|
reverse_proxy http://127.0.0.1:{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start }}
|
|
}
|
|
route /metrics/bridge/* {
|
|
uri strip_prefix /metrics/bridge
|
|
route /mautrix-telegram {
|
|
uri replace /mautrix-telegram /metrics
|
|
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
|
|
}
|
|
route /mautrix-whatsapp {
|
|
uri replace /mautrix-whatsapp /metrics
|
|
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
|
|
}
|
|
route /mautrix-signal {
|
|
uri replace /mautrix-signal /metrics
|
|
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
|
|
}
|
|
route /mx-puppet-instagram {
|
|
uri replace /mx-puppet-instagram /metrics
|
|
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
|
|
}
|
|
route /mx-puppet-discord {
|
|
uri replace /mx-puppet-discord /metrics
|
|
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
|
|
}
|
|
route /mx-puppet-skype {
|
|
uri replace /mx-puppet-skype /metrics
|
|
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
|
|
}
|
|
route /mx-puppet-slack {
|
|
uri replace /mx-puppet-slack /metrics
|
|
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
|
|
}
|
|
}
|
|
reverse_proxy /bridge/telegram/* http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}
|
|
reverse_proxy /bridge/slack/* http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}
|
|
}
|
|
|
|
https://{{ matrix_server_fqn_dimension }} {
|
|
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
|
|
encode zstd gzip
|
|
reverse_proxy http://{{ matrix_dimension_container_http_host_bind_port }} {
|
|
#header_up X-Forwarded-For {remote}
|
|
import proxyheaders
|
|
#header_up Host {host}
|
|
}
|
|
}
|
|
|
|
https://{{ matrix_server_fqn_element }} {
|
|
tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
|
|
encode zstd gzip
|
|
reverse_proxy http://{{ matrix_client_element_container_http_host_bind_port }}
|
|
}
|
|
|
|
https://{{ matrix_domain }}/.well-known/matrix/* {
|
|
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
|
|
route {
|
|
uri strip_prefix /.well-known/matrix
|
|
root * /matrix_static
|
|
file_server
|
|
}
|
|
header {
|
|
Content-Type "application/json"
|
|
X-Content-Type-Options "nosniff"
|
|
Access-Control-Allow-Origin *
|
|
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
|
Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
|
}
|
|
}
|