upstream eifeldc_server { server eifeldc:3000; } upstream synapse_server { server synapse:8008; } server { listen 80; server_name eifeldc.local; return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name eifeldc.local; ssl_certificate /etc/letsencrypt/live/eifeldc.local/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/eifeldc.local/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; client_max_body_size 50M; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy strict-origin-when-cross-origin; location /.well-known/matrix/server { default_type application/json; return 200 '{"m.server": "eifeldc.local:443"}'; } location /.well-known/matrix/client { default_type application/json; return 200 '{"m.homeserver": {"base_url": "https://eifeldc.local"}}'; } location ~ ^/_matrix/(client|media|federation|key|v2) { proxy_pass http://synapse_server; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 600s; proxy_send_timeout 600s; } location /_synapse { proxy_pass http://synapse_server; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } location /api/ { proxy_pass http://eifeldc_server; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location / { proxy_pass http://eifeldc_server; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } }