# This is a sample file demonstrating how to set up reverse-proxy for the matrix.DOMAIN
ServerName matrix.DOMAIN
# Map /.well-known/acme-challenge to the certbot server
# If you manage SSL certificates by yourself, this will differ.
ProxyPreserveHost On
ProxyRequests Off
ProxyVia On
ProxyPass http://localhost:2402/.well-known/acme-challenge
Redirect permanent / https://matrix.DOMAIN/
ServerName matrix.DOMAIN
SSLEngine On
# If you manage SSL certificates by yourself, these paths will differ.
SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
SSLProxyEngine on
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ProxyPreserveHost On
ProxyRequests Off
ProxyVia On
# Keep some URIs free for different proxy/location
ProxyPassMatch ^/.well-known/matrix/client !
ProxyPassMatch ^/_matrix/identity !
ProxyPassMatch ^/_matrix/client/r0/user_directory/search !
# Proxy all remaining traffic to Synapse
ProxyPass / http://localhost:8008/
ProxyPassReverse / http://localhost:8008/
# Map /.well-known/matrix/client for client discovery
Alias /.well-known/matrix/client /matrix/static-files/.well-known/matrix/client
Require all granted
Header always set Content-Type "application/json"
Header always set Access-Control-Allow-Origin "*"
AllowOverride All
# Apache 2.4:
Require all granted
# Or for Apache 2.2:
#order allow,deny
# Map /_matrix/identity to the identity server
ProxyPass http://localhost:8090/_matrix/identity
# Map /_matrix/client/r0/user_directory/search to the identity server
ProxyPass http://localhost:8090/_matrix/client/r0/user_directory/search
ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log
CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined