summary refs log tree commit diff
path: root/docker/conf-workers/nginx.conf.j2
diff options
context:
space:
mode:
authorreivilibre <oliverw@matrix.org>2022-05-23 10:29:24 +0100
committerGitHub <noreply@github.com>2022-05-23 10:29:24 +0100
commit4fef76ca348209b7c9dd3c17d5f3d8ef12623c1b (patch)
treedf2a67b7def987985377656b72ca30f3e5aff045 /docker/conf-workers/nginx.conf.j2
parentFix media thumbnails being unusable before the index had been added in the ba... (diff)
downloadsynapse-4fef76ca348209b7c9dd3c17d5f3d8ef12623c1b.tar.xz
Remove Caddy from the Synapse workers image used in Complement. (#12818)
Diffstat (limited to 'docker/conf-workers/nginx.conf.j2')
-rw-r--r--docker/conf-workers/nginx.conf.j216
1 files changed, 16 insertions, 0 deletions
diff --git a/docker/conf-workers/nginx.conf.j2 b/docker/conf-workers/nginx.conf.j2
index 1081979e06..967fc65e79 100644
--- a/docker/conf-workers/nginx.conf.j2
+++ b/docker/conf-workers/nginx.conf.j2
@@ -9,6 +9,22 @@ server {
     listen 8008;
     listen [::]:8008;
 
+    {% if tls_cert_path is not none and tls_key_path is not none %}
+        listen 8448 ssl;
+        listen [::]:8448 ssl;
+
+        ssl_certificate {{ tls_cert_path }};
+        ssl_certificate_key {{ tls_key_path }};
+
+        # Some directives from cipherlist.eu (fka cipherli.st):
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+        ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_tickets off; # Requires nginx >= 1.5.9
+    {% endif %}
+
     server_name localhost;
 
     # Nginx by default only allows file uploads up to 1M in size