From e22672911d1146df7c6bca82867e03a48782ef55 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 16 Aug 2019 10:06:53 +0300
Subject: [PATCH] Add Server-Server API proxying to Apache example
 configuration

Contributed by @ralfi.
---
 examples/apache/matrix-synapse.conf | 37 +++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf
index 7ed712ab..88e24305 100644
--- a/examples/apache/matrix-synapse.conf
+++ b/examples/apache/matrix-synapse.conf
@@ -15,6 +15,7 @@
 	Redirect permanent / https://matrix.DOMAIN/
 </VirtualHost>
 
+# Client-Server API
 <VirtualHost *:443>
 	ServerName matrix.DOMAIN
 
@@ -80,3 +81,39 @@
 	ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
 	CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined
 </VirtualHost>
+
+# Server-Server (federation) API
+# Use this apache reverse proxy template to enable matrix server-to-server federation traffic
+# Be sure that network traffic on port 8448 is possible
+#
+# You can check your federation config at https://federationtester.matrix.org/
+# Enter there your base DOMAIN address, NOT your matrix.DOMAIN address, ex. https://DOMAIN
+#
+# In this example we use all services on the same machine (127.0.0.1) but you can do this with different machines.
+# If you do so be sure to reach the destinated IPADRESS and the correspondending port. Check this with netstat, nmap or your favourite tool.
+<VirtualHost *:8448>
+	ServerName matrix.DOMAIN
+
+	SSLEngine On
+
+	# If you manage SSL certificates by yourself, these paths will differ.
+	SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem
+	SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
+
+	SSLProxyEngine on
+	SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
+	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+
+	ProxyPreserveHost On
+	ProxyRequests Off
+	ProxyVia On
+
+	# Proxy all remaining traffic to the Synapse port
+	# Beware: In this example the local traffic goes to the local synapse server at 127.0.0.1
+	# Of course you can use another IPADRESS in case of using other synapse servers in your network
+	ProxyPass / http://127.0.0.1:8048/
+	ProxyPassReverse / http://127.0.0.1:8048/
+
+	ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
+	CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined
+</VirtualHost>