diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 448f5d03..1f4ff863 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -49,6 +49,9 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2" Once you've followed the [Preparation](#preparation) guide above, you can take a look at the [examples/apache](../examples/apache) directory for a sample configuration. +## Using your own external caddy webserver + +After following the [Preparation](#preparation) guide above, you can take a look at the [examples/caddy](../examples/caddy) directory for a sample configuration. ## Using another external webserver diff --git a/examples/caddy/matrix-dimension b/examples/caddy/matrix-dimension new file mode 100644 index 00000000..6defb0d2 --- /dev/null +++ b/examples/caddy/matrix-dimension @@ -0,0 +1,7 @@ +https://dimension.DOMAIN { + tls /matrix/ssl/config/live/dimension.DOMAIN/fullchain.pem /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem + + proxy / http://127.0.0.1:8134/ { + transparent + } +} diff --git a/examples/caddy/matrix-riot-web b/examples/caddy/matrix-riot-web new file mode 100644 index 00000000..8c195725 --- /dev/null +++ b/examples/caddy/matrix-riot-web @@ -0,0 +1,8 @@ +https://riot.DOMAIN { + # These might differ if you are supplying your own certificates + tls /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem /matrix/ssl/config/live/riot.DOMAIN/privkey.pem + + proxy / http://127.0.0.1:8765 { + transparent + } +} diff --git a/examples/caddy/matrix-synapse b/examples/caddy/matrix-synapse new file mode 100644 index 00000000..8cb9805a --- /dev/null +++ b/examples/caddy/matrix-synapse @@ -0,0 +1,28 @@ +https://matrix.DOMAIN { + # If you use your own certificates, your path may differ + tls /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem + + root /matrix/static-files + + header { + Access-Control-Allow-Origin * + Strict-Transport-Security "mag=age=31536000;" + X-Frame-Options "DENY" + X-XSS-Protection "1; mode=block" + } + + # Identity server traffic + proxy /_matrix/identity matrix-msisd:8090 { + transparent + } + proxy /_matrix/client/r0/user_directory/search matrix-msisd:8090 { + transparent + } + + # Synapse Client<>Server API + proxy / matrix-synapse:8008 { + transparent + without /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search + } + +} diff --git a/examples/caddy/matrix-util b/examples/caddy/matrix-util new file mode 100644 index 00000000..191f7758 --- /dev/null +++ b/examples/caddy/matrix-util @@ -0,0 +1,7 @@ +:80 { + # Redirect ACME-Challenge traffic to port 2402 + proxy /.well-known/acme-challenge http://127.0.0.1:2402 + + # Redirect all other traffic to HTTPS + redir / https://{host}{uri} 301 +}