map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { server_name ${MATRIX_HOSTNAME} ${MATRIX_HOSTNAME}.${DOMAIN_NAME}; client_max_body_size 128m; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; #include /etc/nginx/mime.types; #default_type application/octet-stream; gzip on; gzip_disable "msie6"; proxy_read_timeout 1800s; # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486) chunked_transfer_encoding on; location / { proxy_pass http://matrix-element:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location ~ ^(/_matrix|/_synapse/client) { # note: do not add a path (even a single /) after the port in `proxy_pass`, # otherwise nginx will canonicalise the URI and cause signature verification # errors. proxy_pass http://matrix-synapse:8008; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; } # serve the static content for the well known files location /.well-known/matrix/server { default_type application/json; return 200 '{"m.server": "${MATRIX_HOSTNAME}.${DOMAIN_NAME}:443"}'; } location /.well-known/matrix/client { default_type application/json; return 200 '{"m.homeserver":{"base_url": "https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}"}}'; } # The federation port is also enabled, although it can also go through 443 listen 8448 ssl http2 default_server; #listen [::]:8448 ssl http2 default_server; # For the user connection listen 443 ssl http2; ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; include /etc/nginx/includes/options-ssl-nginx.conf; include /etc/nginx/includes/challenge.conf; ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem; }