64 lines
1.6 KiB
Text
64 lines
1.6 KiB
Text
|
{{ ansible_managed | comment }}
|
||
|
|
|
||
|
|
{{ synapse_server_domain }} {
|
||
|
|
encode gzip
|
||
|
|
|
||
|
|
header {
|
||
|
|
# enable HSTS
|
||
|
|
Strict-Transport-Security "max-age=31536000; preload;"
|
||
|
|
|
||
|
|
# disable clients from sniffing the media type
|
||
|
|
X-Content-Type-Options nosniff
|
||
|
|
|
||
|
|
# clickjacking protection
|
||
|
|
X-Frame-Options DENY
|
||
|
|
|
||
|
|
# keep referrer data off of HTTP connections
|
||
|
|
Referrer-Policy no-referrer-when-downgrade
|
||
|
|
|
||
|
|
# Server name removing
|
||
|
|
-Server
|
||
|
|
}
|
||
|
|
|
||
|
|
reverse_proxy synapse:8008
|
||
|
|
}
|
||
|
|
|
||
|
|
{{ synapse_domain }} {
|
||
|
|
encode gzip
|
||
|
|
|
||
|
|
header {
|
||
|
|
# enable HSTS
|
||
|
|
Strict-Transport-Security "max-age=31536000; preload;"
|
||
|
|
|
||
|
|
# disable clients from sniffing the media type
|
||
|
|
X-Content-Type-Options nosniff
|
||
|
|
|
||
|
|
# clickjacking protection
|
||
|
|
X-Frame-Options DENY
|
||
|
|
|
||
|
|
# keep referrer data off of HTTP connections
|
||
|
|
Referrer-Policy no-referrer-when-downgrade
|
||
|
|
|
||
|
|
# Server name removing
|
||
|
|
-Server
|
||
|
|
}
|
||
|
|
|
||
|
|
## matrix client/server delegation
|
||
|
|
handle_path /.well-known/matrix/* {
|
||
|
|
|
||
|
|
header Access-Control-Allow-Origin *
|
||
|
|
|
||
|
|
## `Content-Type: application/json` isn't required by the matrix spec
|
||
|
|
## but some browsers (firefox) and some other tooling might preview json
|
||
|
|
## content prettier when they are made aware via Content-Type
|
||
|
|
header Content-Type application/json
|
||
|
|
|
||
|
|
respond /client `{ "m.homeserver": { "base_url": "https://{{ synapse_server_domain }}" } }`
|
||
|
|
|
||
|
|
respond /server `{ "m.server": "{{ synapse_server_domain }}:443" }`
|
||
|
|
|
||
|
|
## return http/404 if nothing matches
|
||
|
|
respond 404
|
||
|
|
}
|
||
|
|
}
|