diff --git a/html/index.html b/html/index.html
new file mode 100644
index 0000000..5647090
--- /dev/null
+++ b/html/index.html
@@ -0,0 +1,3 @@
+hackerspace.zone
+
+Home page.
diff --git a/nginx/docker-compose.yaml b/nginx/docker-compose.yaml
index 2f5c93f..5516e96 100644
--- a/nginx/docker-compose.yaml
+++ b/nginx/docker-compose.yaml
@@ -9,6 +9,7 @@ services:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/templates:/etc/nginx/templates
- ./nginx/includes:/etc/nginx/includes
+ - ../html:/var/www
- ./data/certbot/www:/var/www/certbot
- ./data/certbot/conf:/etc/letsencrypt
env_file:
diff --git a/nginx/nginx/templates/000-default.conf.template b/nginx/nginx/templates/000-default.conf.template
index 47b26a6..491ca2b 100644
--- a/nginx/nginx/templates/000-default.conf.template
+++ b/nginx/nginx/templates/000-default.conf.template
@@ -1,13 +1,13 @@
+# Redirect *all* port 80 traffic to the same thing on port 443
server {
- listen 80;
- server_name ${DOMAIN_NAME};
+ listen 80 default_server;
location / {
return 301 https://$host$request_uri;
}
}
server {
- server_name ${DOMAIN_NAME};
+ #server_name ${DOMAIN_NAME} default;
client_max_body_size 128m;
sendfile on;
@@ -27,9 +27,14 @@ server {
chunked_transfer_encoding on;
location / {
+ root /var/www;
}
- listen 443 ssl;
+ location /.well-known/matrix {
+ proxy_pass https://${MATRIX_HOSTNAME};
+ }
+
+ listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
include /etc/nginx/includes/options-ssl-nginx.conf;
diff --git a/nginx/nginx/templates/chat.conf.template b/nginx/nginx/templates/chat.conf.template
new file mode 100644
index 0000000..54da46c
--- /dev/null
+++ b/nginx/nginx/templates/chat.conf.template
@@ -0,0 +1,73 @@
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+
+server {
+ server_name ${MATRIX_HOSTNAME};
+ client_max_body_size 128m;
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ #include /etc/nginx/mime.types;
+ #default_type application/octet-stream;
+
+ gzip on;
+ gzip_disable "msie6";
+
+ proxy_read_timeout 1800s;
+
+ # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
+ chunked_transfer_encoding on;
+
+ location / {
+ proxy_pass http://host.docker.internal:5000;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+
+ location ~ ^(/_matrix|/_synapse/client) {
+ # note: do not add a path (even a single /) after the port in `proxy_pass`,
+ # otherwise nginx will canonicalise the URI and cause signature verification
+ # errors.
+ proxy_pass http://host.docker.internal:5008;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Host $host;
+
+ # Nginx by default only allows file uploads up to 1M in size
+ # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+ client_max_body_size 50M;
+ }
+
+ # serve the static content for the well known files
+ location /.well-known/matrix/server {
+ default_type application/json;
+ return 200 '{"m.server": "${MATRIX_HOSTNAME}:443"}';
+ }
+
+ location /.well-known/matrix/client {
+ default_type application/json;
+ return 200 '{"m.homeserver":{"base_url": "https://${MATRIX_HOSTNAME}"}}';
+ }
+
+ # The federation port is not enabled; go through 443
+ #listen 8448 ssl http2 default_server;
+ #listen [::]:8448 ssl http2 default_server;
+
+ # For the user connection
+ listen 443 ssl http2;
+
+ ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+ include /etc/nginx/includes/options-ssl-nginx.conf;
+ include /etc/nginx/includes/challenge.conf;
+ ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem;
+}
+
+
diff --git a/nginx/nginx/templates/cloud.conf.template b/nginx/nginx/templates/cloud.conf.template
index ccf30fe..306003a 100644
--- a/nginx/nginx/templates/cloud.conf.template
+++ b/nginx/nginx/templates/cloud.conf.template
@@ -1,11 +1,3 @@
-server {
- listen 80;
- server_name ${NEXTCLOUD_HOSTNAME};
- location / {
- return 301 https://$host$request_uri;
- }
-}
-
server {
server_name ${NEXTCLOUD_HOSTNAME};
client_max_body_size 128m;
diff --git a/nginx/nginx/templates/dashboard.conf.template b/nginx/nginx/templates/dashboard.conf.template
index f6eba64..c4327d2 100644
--- a/nginx/nginx/templates/dashboard.conf.template
+++ b/nginx/nginx/templates/dashboard.conf.template
@@ -1,11 +1,3 @@
-server {
- listen 80;
- server_name ${GRAFANA_HOSTNAME};
- location / {
- return 301 https://$host$request_uri;
- }
-}
-
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
diff --git a/nginx/nginx/templates/docs.conf.template b/nginx/nginx/templates/docs.conf.template
index ef4244a..c5e8241 100644
--- a/nginx/nginx/templates/docs.conf.template
+++ b/nginx/nginx/templates/docs.conf.template
@@ -1,11 +1,3 @@
-server {
- listen 80;
- server_name ${HEDGEDOC_HOSTNAME};
- location / {
- return 301 https://$host$request_uri;
- }
-}
-
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
diff --git a/nginx/nginx/templates/login.conf.template b/nginx/nginx/templates/login.conf.template
index d51c0ab..397b5c6 100644
--- a/nginx/nginx/templates/login.conf.template
+++ b/nginx/nginx/templates/login.conf.template
@@ -1,11 +1,3 @@
-server {
- listen 80;
- server_name login.${DOMAIN_NAME};
- location / {
- return 301 https://$host$request_uri;
- }
-}
-
server {
server_name login.${DOMAIN_NAME};
client_max_body_size 128m;
diff --git a/nginx/nginx/templates/social.conf.template b/nginx/nginx/templates/social.conf.template
index a18f404..9170395 100644
--- a/nginx/nginx/templates/social.conf.template
+++ b/nginx/nginx/templates/social.conf.template
@@ -1,11 +1,3 @@
-server {
- listen 80;
- server_name social.${DOMAIN_NAME};
- location / {
- return 301 https://$host$request_uri;
- }
-}
-
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;