nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-03-11 09:04:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

matrixsynapse: Update apache config to proxy Synapse client API

Browse Source 
- Use the recommended configuration from Matrix Synapse documentation.

  - Preserve Host: header.

  - Set the X-Forwarded-Proto header.

  - Don't decode encoded slashes in the URLs during proxying.

- Also proxy Synapse client API.

Tests:

- Web app at app.element.io is able to connect to a local server using browser.
Two client can chat with each other.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2025-11-12 20:30:45 -08:00 committed by James Valleroy
parent bf83cb5a5b
commit 778c35f2bc
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
plinth/modules/matrixsynapse/data/usr/share/freedombox/etc/apache2/conf-available/matrix-synapse-plinth.conf
View File

@ -1,9 +1,24 @@
##
## On all sites, provide Matrix Synapse on a default path: /_matrix. This is
## only useful for clients to login without specifying a server port. This is
## not useful for federation which requires SRV record or listening on port
## 8448. Further, federation requires same TLS public key to be provided to
## Apache and Matrix Synapse server.
## On all sites, provide Matrix API on a default path: /_matrix and Synapse
## Client API on path: /_synapse/client. This configuration as recommended at
## https://element-hq.github.io/synapse/latest/reverse_proxy.html . This is
## useful for clients to login without specifying a server port. This is not
## useful for federation which requires SRV record or listening on port 8448.
## Further, federation requires same TLS public key to be provided to Apache and
## Matrix Synapse server.
##
ProxyPass /_matrix http://localhost:8008/_matrix nocanon
ProxyPassReverse /_matrix http://localhost:8008/_matrix
AllowEncodedSlashes NoDecode
<Location /_matrix>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
ProxyPreserveHost on
ProxyPass http://127.0.0.1:8008/_matrix nocanon
ProxyPassReverse http://127.0.0.1:8008/_matrix
</Location>
<Location /_synapse/client>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
ProxyPreserveHost on
ProxyPass http://127.0.0.1:8008/_synapse/client nocanon
ProxyPassReverse http://127.0.0.1:8008/_synapse/client
</Location>