2024-10-17 15:17:56 +02:00
|
|
|
# This is a sample file demonstrating how to set up reverse-proxy for matrix.example.com
|
2024-01-14 16:23:28 +01:00
|
|
|
|
|
|
|
<VirtualHost *:80>
|
2024-10-17 15:17:56 +02:00
|
|
|
ServerName matrix.example.com
|
2024-01-14 16:23:28 +01:00
|
|
|
|
|
|
|
# You may wish to handle the /.well-known/acme-challenge paths here somehow,
|
|
|
|
# if you're using ACME (Let's Encrypt) certificates.
|
|
|
|
|
2024-10-17 15:17:56 +02:00
|
|
|
Redirect permanent / https://matrix.example.com/
|
2024-01-14 16:23:28 +01:00
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
# Client-Server API
|
|
|
|
<VirtualHost *:443>
|
2024-10-17 15:17:56 +02:00
|
|
|
ServerName matrix.example.com
|
2024-01-14 16:23:28 +01:00
|
|
|
|
|
|
|
SSLEngine On
|
|
|
|
|
|
|
|
# If you manage SSL certificates by yourself, these paths will differ.
|
2024-10-17 15:17:56 +02:00
|
|
|
SSLCertificateFile /path/to/matrix.example.com/fullchain.pem
|
|
|
|
SSLCertificateKeyFile /path/to/matrix.example.com/privkey.pem
|
2024-01-14 16:23:28 +01:00
|
|
|
|
|
|
|
SSLProxyEngine on
|
|
|
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
|
|
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
|
|
|
|
|
|
|
ProxyPreserveHost On
|
|
|
|
ProxyRequests Off
|
|
|
|
ProxyVia On
|
|
|
|
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
|
|
|
|
|
|
|
AllowEncodedSlashes NoDecode
|
2024-01-18 11:16:01 +01:00
|
|
|
ProxyPass / http://127.0.0.1:81/ retry=0 nocanon
|
2024-01-14 16:23:28 +01:00
|
|
|
ProxyPassReverse / http://127.0.0.1:81/
|
|
|
|
|
2024-10-17 15:17:56 +02:00
|
|
|
ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined
|
2024-01-14 16:23:28 +01:00
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
# Server-Server (federation) API
|
|
|
|
Listen 8448
|
|
|
|
<VirtualHost *:8448>
|
2024-10-17 15:17:56 +02:00
|
|
|
ServerName matrix.example.com
|
2024-01-14 16:23:28 +01:00
|
|
|
|
|
|
|
SSLEngine On
|
|
|
|
|
|
|
|
# If you manage SSL certificates by yourself, these paths will differ.
|
2024-10-17 15:17:56 +02:00
|
|
|
SSLCertificateFile /matrix/ssl/config/live/matrix.example.com/fullchain.pem
|
|
|
|
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.example.com/privkey.pem
|
2024-01-14 16:23:28 +01:00
|
|
|
|
|
|
|
SSLProxyEngine on
|
|
|
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
|
|
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
|
|
|
|
|
|
|
ProxyPreserveHost On
|
|
|
|
ProxyRequests Off
|
|
|
|
ProxyVia On
|
|
|
|
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
|
|
|
|
|
|
|
AllowEncodedSlashes NoDecode
|
|
|
|
ProxyPass / http://127.0.0.1:8449/ retry=0 nocanon
|
|
|
|
ProxyPassReverse / http://127.0.0.1:8449/
|
|
|
|
|
2024-10-17 15:17:56 +02:00
|
|
|
ErrorLog ${APACHE_LOG_DIR}/matrix.example.com-error.log
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/matrix.example.com-access.log combined
|
2024-01-14 16:23:28 +01:00
|
|
|
</VirtualHost>
|