# HTTP with HTTPS redirect server { listen 80; server_name www.domain.tld domain.tld; return 301 https://domain.tld$request_uri; } # Main domain server { listen 443 ssl http2; # Matrix server # For the federation port listen 8448 ssl default_server; listen [::]:8448 ssl default_server; server_name domain.tld; access_log /var/log/nginx/domain.tld.access; error_log /var/log/nginx/domain.tld.error; # Certificate config include ssl/domain.tld.conf; # ========= Web-site section ========= # Site files directory root /var/www/domain.tld/web; charset utf-8; include config/wordpress.conf; #include config/static_max_cache.conf; #include config/gzip.conf; # ========= Matrix server section ========= # Sliding Sync Proxy location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) { proxy_pass http://localhost:8889; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; } # Synapse # https://github.com/matrix-org/sliding-sync?tab=readme-ov-file#same-hostname location ~ ^(\/_matrix|\/_synapse\/client) { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; proxy_pass http://localhost:8008; } # Matrix WKD # Client location /.well-known/matrix/client { add_header Content-Type application/json; return 200 '{"m.homeserver": {"base_url":"https://domain.tld/"}, "org.matrix.msc3575.proxy": {"url": "https://domain.tld"}}'; } # Server # https://matrix-org.github.io/synapse/latest/delegate.html#well-known-delegation # https://spec.matrix.org/latest/server-server-api/#server-discovery location /.well-known/matrix/server { add_header Content-Type application/json; return 200 '{"m.server": "domain.tld:8448"}'; } }