I have been using Swag/letsencrypt for years now and it has been rock solid.
Now I need to set up Matrix (https://matrix.org) behind it, it has special needs this app. As seen here
So I followed the nginx part of it all and got this proxy-conf:
server {
listen 443 ssl;
listen [::]:443 ssl;
#8008?
listen 8448 ssl http2 default_server;
listen [::]:8448 ssl http2 default_server;
server_name matrix.*;
include /config/nginx/ssl.conf;
location ~* ^(\/_matrix|\/_synapse\/client) {
proxy_pass http://10.1.1.200:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 50M;
}
}
I have opened 8008 and 8448 in the firewall to let traffic pass through to the server.
Synapse it setup using docker-compose:
version: "3.3"
services:
synapse:
image: "matrixdotorg/synapse:latest"
container_name: "synapse"
volumes:
- "./data:/data"
environment:
VIRTUAL_HOST: "mysub.domain.com"
VIRTUAL_PORT: 8008
LETSENCRYPT_HOST: "sub.domain.com"
SYNAPSE_SERVER_NAME: "mysub.domain.com"
SYNAPSE_REPORT_STATS: "yes"
networks: ["server"]
postgresql:
image: postgres:latest
container_name: postgresql
restart: always
environment:
POSTGRES_PASSWORD: super-advanced-password
POSTGRES_USER: postgresqladmin
POSTGRES_DB: synapse
POSTGRES_INITDB_ARGS: "--encoding='UTF8' --lc-collate='C' --lc-ctype='C'"
volumes:
- "postgresdata:/var/lib/postgresql/"
networks: ["server"]
volumes:
postgresdata:
networks:
server:
external: true