# This is a sample file demonstrating how to set up reverse-proxy for matrix.DOMAIN ServerName matrix.DOMAIN # You may wish to handle the /.well-known/acme-challenge paths here somehow, # if you're using ACME (Let's Encrypt) certificates. Redirect permanent / https://matrix.DOMAIN/ # Client-Server API ServerName matrix.DOMAIN SSLEngine On # If you manage SSL certificates by yourself, these paths will differ. SSLCertificateFile /path/to/matrix.DOMAIN/fullchain.pem SSLCertificateKeyFile /path/to/matrix.DOMAIN/privkey.pem SSLProxyEngine on SSLProxyProtocol +TLSv1.2 +TLSv1.3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH ProxyPreserveHost On ProxyRequests Off ProxyVia On RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} AllowEncodedSlashes NoDecode ProxyPass / http://127.0.0.1:81 retry=0 nocanon ProxyPassReverse / http://127.0.0.1:81/ ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined # Server-Server (federation) API Listen 8448 ServerName matrix.DOMAIN SSLEngine On # If you manage SSL certificates by yourself, these paths will differ. SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem SSLProxyEngine on SSLProxyProtocol +TLSv1.2 +TLSv1.3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH ProxyPreserveHost On ProxyRequests Off ProxyVia On RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} AllowEncodedSlashes NoDecode ProxyPass / http://127.0.0.1:8449/ retry=0 nocanon ProxyPassReverse / http://127.0.0.1:8449/ ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined