Synapse configuration advice needed

General Discussion
1

Hi there,
just installed the DietPi-software synapse server on my running nginx-certbot-nextcloud machine.
As the documentation is unusual lightweight, I’m stuck on howto configure my /etc/nginx/sites-available/default to reverse proxy Synapse via https.
If I understood correctly, this is needed to run Synapse with https encryption.
Any hints on how to configure nginx without breaking nextcloud would be greatly appreciated.
Thanks, Frans

server {

        root /var/www;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name www.mydomain.com;

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }

    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = www.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 default_server;
        listen [::]:80 default_server;

        server_name www.mydomain.com;
    return 404; # managed by Certbot


}
2

Answering myself, (found the answer here):

Just added these 'location" lines to my nginx.conf:

location ~ ^(/_matrix|/_synapse/client) {
        # note: do not add a path (even a single /) after the port in `proxy_pass`,
        # otherwise nginx will canonicalise the URI and cause signature verification
        # errors.
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
	
	# Synapse responses may be chunked, which is an HTTP/1.1 feature.
	proxy_http_version 1.1;
    }

Perhaps it would be useful to expand the installation docs, or modify the installation scripts for nginx and apache?

3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.