Skip to content

Add nginx example reverse proxy config #486

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 27, 2025
Merged

Add nginx example reverse proxy config #486

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d1cb8c7
Add nginx example reverse proxy config
p-rintz May 23, 2025
78b8527
Remove federation port and resolver in nginx config
p-rintz May 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,63 @@ Find below a minimal example of an Apache2 vhost to work as a reverse proxy with
```
</details>

<details><summary>Nginx</summary>

Below is a simple, but complete example of a Nginx reverse proxy config for ESS Community with TLS termination.
```
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

access_log /var/log/nginx/ess.log main;
error_log /var/log/nginx/ess.errors;

ssl_certificate /etc/nginx/certs/certificate.full;
ssl_certificate_key /etc/nginx/certs/certificate.key;

#TLSv1.2 is required for iOS support for now
ssl_protocols TLSv1.2 TLSv1.3;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_buffer_size 4k;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;

server_name chat.example.com matrix.example.com account.example.com mrtc.example.com;

location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;

client_max_body_size 50M;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_buffering off;
}
}

server {
listen 80;
listen [::]:80;
server_name chat.example.com matrix.example.com account.example.com mrtc.example.com;
return 301 https://$host$request_uri;
}

```
</details>

### Configuring the database

You can either use the database provided with ESS Community or you use a dedicated PostgreSQL Server. We recommend [using a PostgreSQL server](./docs/advanced.md#using-a-dedicated-postgresql-database) installed with your own distribution packages. For a quick set up, feel free to use the internal PostgreSQL database. The chart will configure it automatically for you by default.
Expand Down
1 change: 1 addition & 0 deletions newsfragments/486.changed.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add example config for Nginx reverse proxy.
Loading