server { listen 443 ssl http2; listen [::]:443 ssl http2; listen 8448 ssl http2 default_server; listen [::]:8448 ssl http2 default_server; server_name matrix.thelyoncompany.com; root /var/www/matrix.thelyoncompany.com/public/; ssl_certificate /etc/letsencrypt/live/email.thelyoncompany.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/email.thelyoncompany.com/privkey.pem; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; include /etc/nginx/snippets/ssl.conf; ssl_trusted_certificate /etc/letsencrypt/live/email.thelyoncompany.com/chain.pem; include /etc/nginx/snippets/headers.conf; include /etc/nginx/snippets/letsencrypt.conf; error_page 404 /index.html; if ($http_referer ~ "semalt\.com|badsite\.net|youtube\.com|leakix\.net|example\.com") { return 404; } location / { try_files $uri $uri/ $uri.html =404; } location /.well-known/matrix/client { return 200 '{"m.homeserver": {"base_url": "https://matrix.thelyoncompany.com"}}'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; add_header Timing-Allow-Origin 1h; } location /_matrix { proxy_pass http://localhost:8008; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; client_max_body_size 10M; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; } location ~ /\. { deny all; access_log off; log_not_found off; } location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ { deny all; } }