matrix: correct /.well-known/matrix/, /_matrix/identity and /_matrix/federation paths

2020-04-20 20:55:48 +02:00 · 2020-04-20 20:55:48 +02:00 · 966482c47d
commit 966482c47d
parent 8d3de8b430
2 changed files with 53 additions and 2 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,32 @@
+version: "3"
+services:
+  web:
+    image: registry.gitlab.com/jcgruenhage/docker-caddy:latest
+    container_name: web
+    volumes:
+      - /opt/docker/Caddy:/caddy:z
+      - /opt/docker/Caddy/Caddyfile:/etc/caddy/Caddyfile:z
+      - /nas/services/web/webhosts:/webhosts:z
+      - /nas/services/certMgmt/certData/certs:/tls_certs:z
+      - /nas/services/matrix/ssl/config:/matrix_tls_certs:z
+      - /nas/services/matrix/static-files:/matrix_static:z
+      - /nas/users/jreichmann/public:/public/transcaffeine:z
+      - /opt/docker/Caddy/webroot:/var/webroot:z
+      - /nas/services/masto_dark/public:/services/mastodon/public:z
+    environment:
+      - GID=1001
+      - UID=1001
+    ports:
+      - "443:443"
+      - "8448:8448"
+    networks:
+      - frontend
+      - matrix
+
+networks:
+  frontend:
+    external:
+      name: frontend
+  matrix:
+    external:
+      name: matrix
--- a/webhosts/matrix/Caddyfile
+++ b/webhosts/matrix/Caddyfile
@ -1,16 +1,22 @@
 https://matrix.finallycoffee.eu {
 	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
-	root /matrix_static
 	header / {
 		Access-Control-Allow-Origin *
 		Strict-Transport-Security "max-age=31536000;"
 		X-Frame-Options "DENY"
 		X-XSS-Protection "1; mode=block"
 	}
-	proxy /_matrix/identity matrix-mxisd:8090 {
+	proxy /_matrix/identity matrix-ma1sd:8090 {
+		header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+		transparent
+	}
+	proxy /_matrix/federation matrix-synapse:8048 {
 		transparent
 	}
 	proxy /_matrix matrix-synapse:8008 {
+		header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
 		transparent
 	}
 }
@ -35,6 +41,19 @@ https://chat.finallycoffee.eu {
 	}
 }

+https://finallycoffee.eu/.well-known/matrix/ {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	root /matrix_static
+	mime . application/json
+	header / {
+		Content-Type "application/json"
+		X-Content-Type-Options "nosniff"
+		Access-Control-Allow-Origin *
+		Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+	}
+}
+
 # Federation listens on all IPs because older Synapse versions do not support SNI
 https://:8448 {
 	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem