Merge pull request #137 from jdreichmann/master

Add some examples for caddy as an external webserver
This commit is contained in:
Slavi Pantaleev 2019-04-16 22:16:53 +03:00 committed by GitHub
commit d4f2cb91d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 53 additions and 0 deletions

View file

@ -49,6 +49,9 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"
Once you've followed the [Preparation](#preparation) guide above, you can take a look at the [examples/apache](../examples/apache) directory for a sample configuration.
## Using your own external caddy webserver
After following the [Preparation](#preparation) guide above, you can take a look at the [examples/caddy](../examples/caddy) directory for a sample configuration.
## Using another external webserver

View file

@ -0,0 +1,7 @@
https://dimension.DOMAIN {
tls /matrix/ssl/config/live/dimension.DOMAIN/fullchain.pem /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem
proxy / http://127.0.0.1:8134/ {
transparent
}
}

View file

@ -0,0 +1,8 @@
https://riot.DOMAIN {
# These might differ if you are supplying your own certificates
tls /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
proxy / http://127.0.0.1:8765 {
transparent
}
}

View file

@ -0,0 +1,28 @@
https://matrix.DOMAIN {
# If you use your own certificates, your path may differ
tls /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
root /matrix/static-files
header {
Access-Control-Allow-Origin *
Strict-Transport-Security "mag=age=31536000;"
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
}
# Identity server traffic
proxy /_matrix/identity matrix-msisd:8090 {
transparent
}
proxy /_matrix/client/r0/user_directory/search matrix-msisd:8090 {
transparent
}
# Synapse Client<>Server API
proxy / matrix-synapse:8008 {
transparent
without /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search
}
}

View file

@ -0,0 +1,7 @@
:80 {
# Redirect ACME-Challenge traffic to port 2402
proxy /.well-known/acme-challenge http://127.0.0.1:2402
# Redirect all other traffic to HTTPS
redir / https://{host}{uri} 301
}