kotovalexarian
/
fedihub-ansible
Archived
1
0
Fork 0
Code
This repository has been archived on 2023-03-28. You can view files and clone it, but cannot push or open issues or pull requests.
fedihub-ansible/roles/matrix/templates/nginx/matrix.conf

141 lines
4.1 KiB
Plaintext
Raw Blame History

server {
listen 80;
listen [::]:80;
server_name {{ matrix__base_host }} {{ matrix__web_host }};
set $CSP "";
set $CSP "${CSP}object-src 'none';";
set $CSP "${CSP}frame-src 'none';";
set $CSP "${CSP}connect-src 'none';";
set $CSP "${CSP}form-action 'none';";
add_header Content-Security-Policy $CSP always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ matrix__web_host }};
ssl_certificate {{ matrix__nginx__ssl_cert }};
ssl_certificate_key {{ matrix__nginx__ssl_key }};
set $CSP "";
set $CSP "${CSP}object-src 'none';";
set $CSP "${CSP}frame-src 'none';";
set $CSP "${CSP}connect-src 'self';";
set $CSP "${CSP}form-action 'none';";
add_header Content-Security-Policy $CSP always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
client_max_body_size 100M;
if_modified_since off;
expires off;
etag off;
sendfile off;
root {{ matrix__element__src_dir }};
index index.html;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ matrix__base_host }};
ssl_certificate {{ matrix__nginx__ssl_cert }};
ssl_certificate_key {{ matrix__nginx__ssl_key }};
set $CSP "";
set $CSP "${CSP}object-src 'none';";
set $CSP "${CSP}frame-src 'none';";
set $CSP "${CSP}connect-src 'none';";
set $CSP "${CSP}form-action 'none';";
add_header Content-Security-Policy $CSP always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
client_max_body_size 100M;
location /_matrix/media {
proxy_read_timeout 60s;
proxy_set_header Host {{ matrix__site_host }};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass https://{{ matrix__media_host }};
}
location /_matrix {
proxy_read_timeout 60s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:{{ matrix__synapse__port }};
}
location / {
proxy_read_timeout 60s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:{{ matrix__static__port }};
}
}
server {
listen 8448 ssl;
listen [::]:8448 ssl;
server_name {{ matrix__base_host }};
ssl_certificate {{ matrix__nginx__ssl_cert }};
ssl_certificate_key {{ matrix__nginx__ssl_key }};
set $CSP "";
set $CSP "${CSP}object-src 'none';";
set $CSP "${CSP}frame-src 'none';";
set $CSP "${CSP}connect-src 'none';";
set $CSP "${CSP}form-action 'none';";
add_header Content-Security-Policy $CSP always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
client_max_body_size 100M;
location /_matrix/media {
proxy_read_timeout 60s;
proxy_set_header Host {{ matrix__site_host }};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass https://{{ matrix__media_host }};
}
location / {
proxy_read_timeout 60s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:{{ matrix__synapse__port }};
}
}
View Git Blame Copy Permalink