# {{ ansible_managed }}

# Matrix Instance Proxy
server {
    
    	server_name matrix.{{ domain_name }} www.matrix.{{ domain_name }};
        
	location ~ ^(/_matrix|/_synapse/client) {
		# note: do not add a path (even a single /) after the port in `proxy_pass`,
		# otherwise nginx will canonicalise the URI and cause signature verification
		# errors.

        	proxy_pass http://10.0.0.6:8448;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
        	proxy_set_header Host $host;    # so matrix knows domain
        	proxy_http_version 1.1;     # to keep alive
        	#proxy_set_header Connection ""; # to keep alive
        	include proxy_params;
    	}

    client_max_body_size 512M;

    listen [::]:443 ssl http2; 
    listen 443 ssl http2; 

    # For the federation port
    listen 8448 ssl http2 default_server;
    listen [::]:8448 ssl http2 default_server;

    ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 


}



server {
    if ($host = www.matrix.{{ domain_name }}) {
        return 301 https://$host$request_uri;
    } 


    if ($host = matrix.{{ domain_name }}) {
        return 301 https://$host$request_uri;
    } 


    	listen 80;
    	listen [::]:80;
    
    	server_name matrix.{{ domain_name }} www.matrix.{{ domain_name }};
    return 404; 




}