ansol
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git
7
0
Fork 0
Code Issues Projects Releases Wiki Activity
matrix-docker-ansible-deploy/examples/reverse-proxies/nginx-proxy-manager/README.md

3.1 KiB
Raw Blame History

Nginx Proxy Manager fronting the playbook's integrated Traefik reverse-proxy

Similar to standard nginx, Nginx Proxy Manager provides nginx capabilities but inside a pre-built Docker container. With the ability for managing proxy hosts and automatic SSL certificates via a simple web interface.

This page summarizes how to use Nginx Proxy Manager (NPM) to front the integrated Traefik reverse-proxy webserver with another reverse-proxy.

Prerequisite configuration

To get started, first follow the front the integrated reverse-proxy webserver with another reverse-proxy instructions and update your playbook's configuration (inventory/host_vars/matrix.<your-domain>/vars.yml).

If Matrix federation is enabled, then you will need to make changes to NPM's Docker configuration. By default NPM has access to ports 443, 80 and 81, but you would also need to provide access to the federation ports 8448 and 8449.

Using Nginx Proxy Manager

You'll need to create two proxy hosts in NPM for matrix web and federation traffic.

Open the 'Proxy Hosts' page in the NPM web interface and select Add Proxy Host, the first being for matrix web traffic. Apply the proxys configuration like this:

# Details
# Matrix web proxy config
Domain Names: matrix.DOMAIN
Scheme: http
Forward Hostname/IP: IP-ADDRESS-OF-YOUR-MATRIX
Forward Port: 81

# Custom locations
# Add one custom location
Define location: /
Scheme: http
Forward Hostname/IP: IP-ADDRESS-OF-YOUR-MATRIX
Forward Port: 81
Custom config:
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    client_max_body_size 50M;

# SSL
# Either 'Request a new certificate' or select an existing one
SSL Certificate: matrix.DOMAIN or *.DOMAIN
Force SSL: true
HTTP/2 Support: true

Again, under the 'Proxy Hosts' page select Add Proxy Host, this time for your federation traffic. Apply the proxys configuration like this:

# Details
# Matrix Federation proxy config
Domain Names: matrix.DOMAIN:8448
Scheme: http
Forward Hostname/IP: IP-ADDRESS-OF-YOUR-MATRIX
Forward Port: 8449

# Custom locations
# Add one custom location
Define location: /
Scheme: http
Forward Hostname/IP: IP-ADDRESS-OF-YOUR-MATRIX
Forward Port: 8449
Custom config:
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    client_max_body_size 50M;

# SSL
# Either 'Request a new certificate' or select an existing one
SSL Certificate: matrix.DOMAIN or *.DOMAIN
Force SSL: true
HTTP/2 Support: true

# Advanced
# Allows NPM to listen on the federation port
Custom Nginx Configuration: listen 8448 ssl http2;

Also note, NPM would need to be configured for whatever other services you are using. For example, you would need to create additional proxy hosts for element.DOMAIN or jitsi.DOMAIN, which would use the forwarding port 81.