diff options
| author | Erik Johnston <erik@matrix.org> | 2019-03-04 11:54:58 +0000 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2019-03-04 11:54:58 +0000 |
| commit | fbc047f2a5f12ee934e5ccbe7274100aa72166b5 (patch) | |
| tree | 2eabc4f13032883ff61fc635d0be43292a5ad131 /docs/reverse_proxy.rst | |
| parent | Update newsfile to have a full stop (diff) | |
| parent | Update test_typing to use HomeserverTestCase. (#4771) (diff) | |
| download | synapse-fbc047f2a5f12ee934e5ccbe7274100aa72166b5.tar.xz | |
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/stop_fed_not_in_room
Diffstat (limited to 'docs/reverse_proxy.rst')
| -rw-r--r-- | docs/reverse_proxy.rst | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/docs/reverse_proxy.rst b/docs/reverse_proxy.rst index d8aaac8a08..4706061eba 100644 --- a/docs/reverse_proxy.rst +++ b/docs/reverse_proxy.rst @@ -79,12 +79,30 @@ Let's assume that we expect clients to connect to our server at SSLEngine on ServerName example.com; - <Location /> + <Location /_matrix> ProxyPass http://127.0.0.1:8008/_matrix nocanon ProxyPassReverse http://127.0.0.1:8008/_matrix </Location> </VirtualHost> +* HAProxy:: + + frontend https + bind 0.0.0.0:443 v4v6 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1 + bind :::443 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1 + + # Matrix client traffic + acl matrix hdr(host) -i matrix.example.com + use_backend matrix if matrix + + frontend matrix-federation + bind 0.0.0.0:8448 v4v6 ssl crt /etc/ssl/haproxy/synapse.pem alpn h2,http/1.1 + bind :::8448 ssl crt /etc/ssl/haproxy/synapse.pem alpn h2,http/1.1 + default_backend matrix + + backend matrix + server matrix 127.0.0.1:8008 + You will also want to set ``bind_addresses: ['127.0.0.1']`` and ``x_forwarded: true`` for port 8008 in ``homeserver.yaml`` to ensure that client IP addresses are recorded correctly. |