diff options
author | reivilibre <oliverw@matrix.org> | 2022-05-23 10:29:24 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-23 10:29:24 +0100 |
commit | 4fef76ca348209b7c9dd3c17d5f3d8ef12623c1b (patch) | |
tree | df2a67b7def987985377656b72ca30f3e5aff045 /docker/conf-workers/nginx.conf.j2 | |
parent | Fix media thumbnails being unusable before the index had been added in the ba... (diff) | |
download | synapse-4fef76ca348209b7c9dd3c17d5f3d8ef12623c1b.tar.xz |
Remove Caddy from the Synapse workers image used in Complement. (#12818)
Diffstat (limited to 'docker/conf-workers/nginx.conf.j2')
-rw-r--r-- | docker/conf-workers/nginx.conf.j2 | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/docker/conf-workers/nginx.conf.j2 b/docker/conf-workers/nginx.conf.j2 index 1081979e06..967fc65e79 100644 --- a/docker/conf-workers/nginx.conf.j2 +++ b/docker/conf-workers/nginx.conf.j2 @@ -9,6 +9,22 @@ server { listen 8008; listen [::]:8008; + {% if tls_cert_path is not none and tls_key_path is not none %} + listen 8448 ssl; + listen [::]:8448 ssl; + + ssl_certificate {{ tls_cert_path }}; + ssl_certificate_key {{ tls_key_path }}; + + # Some directives from cipherlist.eu (fka cipherli.st): + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; # Requires nginx >= 1.5.9 + {% endif %} + server_name localhost; # Nginx by default only allows file uploads up to 1M in size |