cat /etc/nginx/sites-available/matrix
# ============================================
# HTTP -> HTTPS redirect
# ============================================
server {
listen 80;
listen [::]:80;
server_name matrix.mydomain.com;
location ^~ /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
# ============================================
# Основной сервер Matrix / Element / MAS
# ============================================
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name matrix.mydomain.com;
ssl_certificate /etc/letsencrypt/live/matrix.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.mydomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
client_max_body_size 50M;
proxy_read_timeout 600s;
# Element Web
location / {
proxy_pass http://127.0.0.1:8765/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Frame-Options SAMEORIGIN;
}
# Well-known для Matrix клиентов
location = /.well-known/matrix/client {
default_type application/json;
add_header Access-Control-Allow-Origin * always;
return 200 '{
"m.homeserver": {"base_url": "https://matrix.mydomain.com"},
"org.matrix.msc4143.rtc_foci": [
{
"type": "livekit",
"livekit_service_url": "https://matrix.mydomain.com/livekit/jwt"
}
]
}';
}
# # MAS / OAuth2
# location ~ ^/(oauth2|authorize|login|callback|account|graphql|upstream) {
# proxy_pass http://127.0.0.1:8081;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# }
# LiveKit JWT
location /livekit/jwt/ {
proxy_pass http://127.0.0.1:8088/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Synapse API
location ~ ^(/_matrix|/_synapse/client|/_synapse/admin|/_synapse/mas) {
proxy_pass http://127.0.0.1:8008;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# ============================================
# LiveKit
# ============================================
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name livekit.mydomain.com;
ssl_certificate /etc/letsencrypt/live/livekit.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/livekit.mydomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://localhost:7880;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# ============================================
# Matrix Federation / OpenID for Element X
# ============================================
server {
listen 8448 ssl;
listen [::]:8448 ssl;
http2 on;
server_name matrix.mydomain.com;
ssl_certificate /etc/letsencrypt/live/matrix.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.mydomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://127.0.0.1:8008;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}