more secure reverse proxy

This commit is contained in:
pedro 2022-12-22 02:06:52 +01:00
parent 4471ad5f45
commit 9945f51154

View file

@ -346,10 +346,18 @@ server {
try_files /matrix.html /matrix.html;
location /_matrix {
location ~ ^(/_matrix|/_synapse/client) {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
# Synapse responses may be chunked, which is an HTTP/1.1 feature.
proxy_http_version 1.1;
@ -358,6 +366,8 @@ certbot certonly -n --keep --agree-tos --email ${matrix_email} --webroot -w /var
service nginx reload
### use reverse proxy server (nginx) as the endpoint for federation
you need to specify where is the federation port, by default seems to be looking for the 8448 matrix server port, to override it, add this (with your matrix URL):