add nginx reverse proxy

2025-01-18 17:45:46 +00:00 · 2022-01-29 00:48:09 +00:00 · 2022-01-29 00:48:09 +00:00 · 4f1dbe2b07
commit 4f1dbe2b07
parent e658d71853
5 changed files with 62 additions and 4 deletions
--- a/.env.example
+++ b/.env.example
@ -1,11 +1,17 @@
 # synapse
 SYNAPSE_IMAGE_TAG=latest
 SERVER_NAME=localhost
-HTTP_PORT=8008
 CONFIG_DIR=/data
 CONFIG_FILE_NAME=homeserver.yaml
 UID=991
 GID=991
 TZ=UTC

-POSTGRESQL_IMAGE_TAG=14
+# postgres
+POSTGRESQL_IMAGE_TAG=14
+
+# nginx
+HTTPS_PORT=443
+FEDERATION_HTTPS_PORT=8448
+SSL_CERT_PATH=/etc/ssl/certs/ssl-cert-snakeoil.pem
+SSL_KEY_PATH=/etc/ssl/private/ssl-cert-snakeoil.key
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -25,13 +25,31 @@ services:
    restart: unless-stopped
    volumes:
      - synapse-data:${CONFIG_DIR}
+    ports:
+      - 8008:8008
    environment:
      SYNAPSE_CONFIG_DIR: ${CONFIG_DIR}
      SYNAPSE_CONFIG_PATH: ${CONFIG_DIR}/${CONFIG_FILE_NAME}
      UID: ${UID}
      GID: ${GID}
      TZ: ${TZ}
-    ports:
-      - ${HTTP_PORT}:8008
    depends_on:
      - postgres
+
+  nginx:
+    build: nginx
+    restart: unless-stopped
+    ports:
+      - 443:443
+      - 8448:8448
+    volumes:
+      - ${SSL_CERT_PATH}:${SSL_CERT_PATH}
+      - ${SSL_KEY_PATH}:${SSL_KEY_PATH}
+    environment:
+      SERVER_NAME: ${SERVER_NAME}
+      HTTPS_PORT: ${HTTPS_PORT}
+      FEDERATION_HTTPS_PORT: ${FEDERATION_HTTPS_PORT}
+      SSL_CERT_PATH: ${SSL_CERT_PATH}
+      SSL_KEY_PATH: ${SSL_KEY_PATH}
+    depends_on:
+      - synapse
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@ -0,0 +1,9 @@
+FROM nginx:latest
+
+COPY default.conf /tmp/nginx/default.conf
+
+COPY docker-entrypoint.sh /tmp/docker-entrypoint.sh
+RUN chmod 755 /tmp/docker-entrypoint.sh
+ENTRYPOINT [ "/tmp/docker-entrypoint.sh" ]
+
+CMD ["nginx", "-g", "daemon off;"]
--- a/nginx/default.conf
+++ b/nginx/default.conf
@ -0,0 +1,19 @@
+server {
+    listen      ${HTTPS_PORT} ssl http2;
+
+	# For the federation port
+	listen 		${FEDERATION_HTTPS_PORT} ssl http2 default_server;
+    
+	server_name ${SERVER_NAME};
+
+	ssl_certificate ${SSL_CERT_PATH};
+	ssl_certificate_key ${SSL_KEY_PATH};
+
+    location ~ ^(/_matrix|/_synapse/client) {
+        proxy_pass http://synapse:8008;
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        client_max_body_size 50M;
+    }
+}
--- a/nginx/docker-entrypoint.sh
+++ b/nginx/docker-entrypoint.sh
@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+set -eu
+
+envsubst '${SERVER_NAME} ${HTTPS_PORT} ${FEDERATION_HTTPS_PORT} ${SSL_CERT_PATH} ${SSL_KEY_PATH}' < /tmp/nginx/default.conf > /etc/nginx/conf.d/default.conf
+
+exec "$@"