From 265dc2949d411a868b65955dd3702ea1c2861ab3 Mon Sep 17 00:00:00 2001 From: jreichmann Date: Tue, 16 Apr 2019 19:36:03 +0200 Subject: [PATCH] Added example Caddyfiles for the containers --- examples/caddy/Caddyfile | 46 +++++++++++++++++++++++++++++++++ examples/caddy/matrix-dimension | 7 +++++ examples/caddy/matrix-riot-web | 7 +++++ examples/caddy/matrix-synapse | 26 +++++++++++++++++++ examples/caddy/matrix-util | 7 +++++ 5 files changed, 93 insertions(+) create mode 100755 examples/caddy/Caddyfile create mode 100644 examples/caddy/matrix-dimension create mode 100644 examples/caddy/matrix-riot-web create mode 100644 examples/caddy/matrix-synapse create mode 100644 examples/caddy/matrix-util diff --git a/examples/caddy/Caddyfile b/examples/caddy/Caddyfile new file mode 100755 index 000000000..3a2e247ba --- /dev/null +++ b/examples/caddy/Caddyfile @@ -0,0 +1,46 @@ +https://matrix.finallycoffee.eu { + tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem + root /matrix_static + header / { + Access-Control-Allow-Origin * + Strict-Transport-Security "max-age=31536000;" + X-Frame-Options "DENY" + X-XSS-Protection "1; mode=block" + } + proxy /_matrix/identity matrix-mxisd:8090 { + transparent + } + proxy /_matrix matrix-synapse:8008 { + transparent + } +} + +https://dimension.matrix.finallycoffee.eu { + tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem + header / { + Access-Control-Allow-Origin * + } + proxy / http://matrix-dimension:8184 { + transparent + header_upstream X-Forwarded-For {remote} + header_upstream Host {host} + websocket + } +} + +https://chat.finallycoffee.eu { + tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem + proxy / matrix-riot-web:8080 { + transparent + } +} + +# Federation listens on all IPs because older Synapse versions do not support SNI +https://:8448 { + tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem + proxy /_matrix matrix-synapse:8048 { + transparent + } +} + + diff --git a/examples/caddy/matrix-dimension b/examples/caddy/matrix-dimension new file mode 100644 index 000000000..6defb0d25 --- /dev/null +++ b/examples/caddy/matrix-dimension @@ -0,0 +1,7 @@ +https://dimension.DOMAIN { + tls /matrix/ssl/config/live/dimension.DOMAIN/fullchain.pem /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem + + proxy / http://127.0.0.1:8134/ { + transparent + } +} diff --git a/examples/caddy/matrix-riot-web b/examples/caddy/matrix-riot-web new file mode 100644 index 000000000..28df6cd29 --- /dev/null +++ b/examples/caddy/matrix-riot-web @@ -0,0 +1,7 @@ +https://riot.DOMAIN { + tls /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem /matrix/ssl/config/live/riot.DOMAIN/privkey.pem + + proxy / http://127.0.0.1:8765 { + transparent + } +} diff --git a/examples/caddy/matrix-synapse b/examples/caddy/matrix-synapse new file mode 100644 index 000000000..800d7f7b8 --- /dev/null +++ b/examples/caddy/matrix-synapse @@ -0,0 +1,26 @@ +https://matrix.DOMAIN { + tls /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem + + root /matrix/static-files + + header { + Access-Control-Allow-Origin * + Strict-Transport-Security "mag=age=31536000;" + X-Frame-Options "DENY" + X-XSS-Protection "1; mode=block" + } + + proxy /_matrix/identity matrix-msisd:8090 { + transparent + } + + proxy /_matrix/client/r0/user_directory/search matrix-msisd:8090 { + transparent + } + + proxy / matrix-synapse:8008 { + transparent + without /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search + } + +} diff --git a/examples/caddy/matrix-util b/examples/caddy/matrix-util new file mode 100644 index 000000000..191f7758f --- /dev/null +++ b/examples/caddy/matrix-util @@ -0,0 +1,7 @@ +:80 { + # Redirect ACME-Challenge traffic to port 2402 + proxy /.well-known/acme-challenge http://127.0.0.1:2402 + + # Redirect all other traffic to HTTPS + redir / https://{host}{uri} 301 +}