server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name matrix.harpocrates.club;
access_log /var/log/nginx/nginx.matrix.harpocrates.club.access.log;
error_log /var/log/nginx/nginx.matrix.harpocrates.club.error.log;
location / {
root /var/www/matrix.harpocrates.club/html;
index index.html;
}
ssl_certificate /etc/letsencrypt/live/harpocrates.club/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/harpocrates.club/privkey.pem;
ssl_session_timeout 1d;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/ssl/certs/dhparams.pem;
# Enable server-side protection against BEAST attacks
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# Enable OCSP stapling (http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox)
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/harpocrates.club/fullchain.pem;
# Required for LE certificate enrollment using certbot
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/html;
}
# Dendrite
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 600;
location /.well-known/matrix/server {
return 200 '{ "m.server": "matrix.harpocrates.club:443" }';
}
location /.well-known/matrix/client {
return 200 '{ "m.homeserver": { "base_url": "https://matrix.harpocrates.club" } }';
}
location /_matrix {
proxy_pass https://localhost:8448;
#proxy_set_header X-Forwarded-For $remote_addr;
}
}
Ports locally:
drpaneas@debian-s-1vcpu-1gb-fra1-01:/etc/nginx/sites-available$ sudo lsof -i:8008
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dendrite- 21301 root 17u IPv6 222175 0t0 TCP *:8008 (LISTEN)
drpaneas@debian-s-1vcpu-1gb-fra1-01:/etc/nginx/sites-available$ sudo lsof -i:8448
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dendrite- 21301 root 16u IPv6 222173 0t0 TCP *:8448 (LISTEN)
Firewall:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
4444/tcp LIMIT IN Anywhere
80,443/tcp (Nginx Full) ALLOW IN Anywhere
8448/tcp ALLOW IN Anywhere # Dendrite with SSL
8008/tcp ALLOW IN Anywhere # Dendrite without SSL
4444/tcp (v6) LIMIT IN Anywhere (v6)
80,443/tcp (Nginx Full (v6)) ALLOW IN Anywhere (v6)
8448/tcp (v6) ALLOW IN Anywhere (v6) # Dendrite with SSL
8008/tcp (v6) ALLOW IN Anywhere (v6) # Dendrite without SSL
Monolith.logs:
$ sudo tail -f /var/log/dendrite/Monolith.log
time="2021-01-04T16:53:42.007654330Z" level=info msg="Enabled perspective key fetcher" func=github.com/matrix-org/dendrite/signingkeyserver.NewInternalAPI file="github.com/matrix-org/dendrite/signingkeyserver/signingkeyserver.go:103" num_public_keys=2 server_name=matrix.org
time="2021-01-04T16:53:42.409032016Z" level=info msg="Starting external Monolith listener on :8008" func="github.com/matrix-org/dendrite/setup.(*BaseDendrite).SetupAndServeHTTP.func2" file="github.com/matrix-org/dendrite/setup/base.go:344"
time="2021-01-04T17:17:38.724164175Z" level=info msg="Dendrite version 0.3.4+05324b68" func=github.com/matrix-org/dendrite/setup.NewBaseDendrite file="github.com/matrix-org/dendrite/setup/base.go:102"
time="2021-01-04T17:17:38.769834726Z" level=info msg="Enabled perspective key fetcher" func=github.com/matrix-org/dendrite/signingkeyserver.NewInternalAPI file="github.com/matrix-org/dendrite/signingkeyserver/signingkeyserver.go:103" num_public_keys=2 server_name=matrix.org
time="2021-01-04T17:17:38.926458692Z" level=info msg="Starting external Monolith listener on :8448" func="github.com/matrix-org/dendrite/setup.(*BaseDendrite).SetupAndServeHTTP.func2" file="github.com/matrix-org/dendrite/setup/base.go:344"
time="2021-01-04T17:17:38.927320682Z" level=info msg="Starting external Monolith listener on :8008" func="github.com/matrix-org/dendrite/setup.(*BaseDendrite).SetupAndServeHTTP.func2" file="github.com/matrix-org/dendrite/setup/base.go:344"
time="2021-01-04T18:27:13.301542019Z" level=info msg="Dendrite version 0.3.4+05324b68" func=github.com/matrix-org/dendrite/setup.NewBaseDendrite file="github.com/matrix-org/dendrite/setup/base.go:102"
time="2021-01-04T18:27:13.344276591Z" level=info msg="Enabled perspective key fetcher" func=github.com/matrix-org/dendrite/signingkeyserver.NewInternalAPI file="github.com/matrix-org/dendrite/signingkeyserver/signingkeyserver.go:103" num_public_keys=2 server_name=matrix.org
time="2021-01-04T18:27:13.524455173Z" level=info msg="Starting external Monolith listener on :8448" func="github.com/matrix-org/dendrite/setup.(*BaseDendrite).SetupAndServeHTTP.func2" file="github.com/matrix-org/dendrite/setup/base.go:344"
time="2021-01-04T18:27:13.525375566Z" level=info msg="Starting external Monolith listener on :8008" func="github.com/matrix-org/dendrite/setup.(*BaseDendrite).SetupAndServeHTTP.func2" file="github.com/matrix-org/dendrite/setup/base.go:344"
Comments