server { listen 80 default_server; location /security.txt { return 301 https://{{ domain_name_pim }}/.well-known/security.txt; } location /.well-known/security.txt { return 301 https://{{ domain_name_pim }}/.well-known/security.txt; } } server { # For the federation port listen 8448 http2 default_server; listen [::]:8448 http2 default_server; server_name matrix.pim.kunis.nl; location ~ ^(/_matrix|/_synapse/client) { # note: do not add a path (even a single /) after the port in `proxy_pass`, # otherwise nginx will canonicalise the URI and cause signature verification # errors. proxy_pass http://host.docker.internal:{{ internal_matrix_port }}; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; # Synapse responses may be chunked, which is an HTTP/1.1 feature. proxy_http_version 1.1; } } server { listen 80; server_name {{ domain_name_pim }}; index index.html index.htm; root /var/www/blog; location /security.txt { return 301 https://$host/.well-known/security.txt; } location /.well-known/security.txt { add_header Content-Type 'text/plain'; add_header Cache-Control 'no-cache, no-store, must-revalidate'; add_header Pragma 'no-cache'; add_header Expires '0'; add_header Vary '*'; return 200 "Contact: mailto:pim@kunis.nl\nExpires: 1970-01-01T00:00:00.000Z\nPreferred-Languages: en,nl\n"; } location / { try_files $uri $uri/ /index.html; } location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { expires 30d; add_header Pragma public; add_header Cache-Control "public"; } error_page 404 /404.html; }