diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..740f611 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3" +services: + web: + image: registry.gitlab.com/jcgruenhage/docker-caddy:latest + container_name: web + volumes: + - /opt/docker/Caddy:/caddy:z + - /opt/docker/Caddy/Caddyfile:/etc/caddy/Caddyfile:z + - /nas/services/web/webhosts:/webhosts:z + - /nas/services/certMgmt/certData/certs:/tls_certs:z + - /nas/services/matrix/ssl/config:/matrix_tls_certs:z + - /nas/services/matrix/static-files:/matrix_static:z + - /nas/users/jreichmann/public:/public/transcaffeine:z + - /opt/docker/Caddy/webroot:/var/webroot:z + - /nas/services/masto_dark/public:/services/mastodon/public:z + environment: + - GID=1001 + - UID=1001 + ports: + - "443:443" + - "8448:8448" + networks: + - frontend + - matrix + +networks: + frontend: + external: + name: frontend + matrix: + external: + name: matrix diff --git a/webhosts/matrix/Caddyfile b/webhosts/matrix/Caddyfile index 0980cb0..37fbce9 100755 --- a/webhosts/matrix/Caddyfile +++ b/webhosts/matrix/Caddyfile @@ -1,16 +1,22 @@ https://matrix.finallycoffee.eu { tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem - root /matrix_static header / { Access-Control-Allow-Origin * Strict-Transport-Security "max-age=31536000;" X-Frame-Options "DENY" X-XSS-Protection "1; mode=block" } - proxy /_matrix/identity matrix-mxisd:8090 { + proxy /_matrix/identity matrix-ma1sd:8090 { + header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" + header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" + transparent + } + proxy /_matrix/federation matrix-synapse:8048 { transparent } proxy /_matrix matrix-synapse:8008 { + header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" + header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" transparent } } @@ -35,6 +41,19 @@ https://chat.finallycoffee.eu { } } +https://finallycoffee.eu/.well-known/matrix/ { + tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem + root /matrix_static + mime . application/json + header / { + Content-Type "application/json" + X-Content-Type-Options "nosniff" + Access-Control-Allow-Origin * + Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" + Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" + } +} + # Federation listens on all IPs because older Synapse versions do not support SNI https://:8448 { tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem