(systems aisaka): configure NGINX to allow Matrix federationHEAD test master

author: Marek Paśnikowski <marek@marekpasnikowski.pl> 2026-04-11 15:49:36 +0200
committer: Marek Paśnikowski <marek@marekpasnikowski.pl> 2026-04-12 20:25:44 +0200
commit: 8f0dbc602a520c779a901c78217bb7902b2d9605 (patch)
tree: 06b9a2b1ce867a867854d60ffe452f4346d39d70 /deployment/systems
parent: 79351dee1cf13ceaa00fadd7603447134271dd10 (diff)
1 files changed, 17 insertions, 5 deletions
diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
index 5a99b18..64fd07b 100644
--- a/deployment/systems/aisaka.scm
+++ b/deployment/systems/aisaka.scm
@@ -269,6 +269,13 @@
    (body (list "root /srv/www/marek/marekpasnikowski.pl ;"))
    (uri  "/.well-known")))
 
+(define nginx-location-well-known-matrix-client
+  (gnu:services:web:nginx-location-configuration
+   (body (list "return 200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.marekpasnikowski.pl\"}}' ;"
+               "default_type application/json ;"
+               "add_header Access-Control-Allow-Origin * ;"))
+   (uri  "/.well-known/matrix/client")))
+
 (define nginx-server-cgit
   (let
       ((git-http- (gnu:services:version-control:git-http-nginx-location-configuration git-http-configuration)))
@@ -294,18 +301,23 @@
 (define nginx-server-matrix
   (gnu:services:web:nginx-server-configuration
    (locations           (list nginx-location-proxy-matrix))
-   (listen              (list "192.168.10.2:443 ssl"))
-   (root                gnu:packages:matrix:synapse)
+   (listen              (list "192.168.10.2:443 ssl"
+                              "192.168.10.2:8448 ssl default_server"))
+   (root                (file-append gnu:packages:matrix:synapse
+                                     "/lib/python3.11/site-packages/synapse/static"))
    (server-name         (list "matrix.marekpasnikowski.pl"))
    (ssl-certificate     "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
-   (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")))
+   (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")
+   (raw-content         (list "proxy_http_version 1.1 ;"))))
 
 (define nginx-server-portal
   (gnu:services:web:nginx-server-configuration
-   (locations           (list nginx-location-well-known))
+   (locations           (list nginx-location-well-known
+                              nginx-location-well-known-matrix-client))
    (listen              (list "192.168.10.2:443 ssl"))
    (root                "/home/marek/Publiczne/www")
-   (server-name         (list "marekpasnikowski.pl"))
+   (server-name         (list 'default
+                              "marekpasnikowski.pl"))
    (ssl-certificate     "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
    (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")))
author	Marek Paśnikowski <marek@marekpasnikowski.pl>	2026-04-11 15:49:36 +0200
committer	Marek Paśnikowski <marek@marekpasnikowski.pl>	2026-04-12 20:25:44 +0200
commit	8f0dbc602a520c779a901c78217bb7902b2d9605 (patch)
tree	06b9a2b1ce867a867854d60ffe452f4346d39d70 /deployment/systems
parent	79351dee1cf13ceaa00fadd7603447134271dd10 (diff)