matrix.org: more secure reverse proxy
This commit is contained in:
parent
4471ad5f45
commit
9945f51154
|
@ -346,10 +346,18 @@ server {
|
|||
try_files /matrix.html /matrix.html;
|
||||
}
|
||||
|
||||
location /_matrix {
|
||||
location ~ ^(/_matrix|/_synapse/client) {
|
||||
proxy_pass http://127.0.0.1:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
# Nginx by default only allows file uploads up to 1M in size
|
||||
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
||||
client_max_body_size 50M;
|
||||
}
|
||||
# Synapse responses may be chunked, which is an HTTP/1.1 feature.
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
EOF
|
||||
|
||||
|
@ -358,6 +366,8 @@ certbot certonly -n --keep --agree-tos --email ${matrix_email} --webroot -w /var
|
|||
service nginx reload
|
||||
```
|
||||
|
||||
src https://matrix-org.github.io/synapse/latest/reverse_proxy.html
|
||||
|
||||
### use reverse proxy server (nginx) as the endpoint for federation
|
||||
|
||||
you need to specify where is the federation port, by default seems to be looking for the 8448 matrix server port, to override it, add this (with your matrix URL):
|
||||
|
|
Reference in a new issue