docs: refactor reverse proxy setup sections (#701)

This commit is contained in:
Tamara Schmitz 2025-03-10 21:27:53 +00:00 committed by GitHub
parent 56dba8acb7
commit 1e23c95ec6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -145,25 +145,32 @@ sudo chmod 700 /var/lib/conduwuit/
## Setting up the Reverse Proxy ## Setting up the Reverse Proxy
Refer to the documentation or various guides online of your chosen reverse proxy We recommend Caddy as a reverse proxy, as it is trivial to use, handling TLS certificates, reverse proxy headers, etc transparently with proper defaults.
software. There are many examples of basic Apache/Nginx reverse proxy setups For other software, please refer to their respective documentation or online guides.
out there.
A [Caddy](https://caddyserver.com/) example will be provided as this ### Caddy
is the recommended reverse proxy for new users and is very trivial to use
(handles TLS, reverse proxy headers, etc transparently with proper defaults).
Lighttpd is not supported as it seems to mess with the `X-Matrix` Authorization After installing Caddy via your preferred method, create `/etc/caddy/conf.d/conduwuit_caddyfile`
header, making federation non-functional. If a workaround is found, feel free to share to get it added to the documentation here. and enter this (substitute for your server name).
If using Apache, you need to use `nocanon` in your `ProxyPass` directive to prevent this (note that Apache isn't very good as a general reverse proxy and we discourage the usage of it if you can). ```caddyfile
your.server.name, your.server.name:8448 {
# TCP reverse_proxy
reverse_proxy 127.0.0.1:6167
# UNIX socket
#reverse_proxy unix//run/conduwuit/conduwuit.sock
}
```
If using Nginx, you need to give conduwuit the request URI using `$request_uri`, or like so: That's it! Just start and enable the service and you're set.
- `proxy_pass http://127.0.0.1:6167$request_uri;`
- `proxy_pass http://127.0.0.1:6167;`
Nginx users need to increase `client_max_body_size` (default is 1M) to match ```bash
`max_request_size` defined in conduwuit.toml. sudo systemctl enable --now caddy
```
### Other Reverse Proxies
As we would prefer our users to use Caddy, we will not provide configuration files for other proxys.
You will need to reverse proxy everything under following routes: You will need to reverse proxy everything under following routes:
- `/_matrix/` - core Matrix C-S and S-S APIs - `/_matrix/` - core Matrix C-S and S-S APIs
@ -186,25 +193,19 @@ Examples of delegation:
- <https://puppygock.gay/.well-known/matrix/server> - <https://puppygock.gay/.well-known/matrix/server>
- <https://puppygock.gay/.well-known/matrix/client> - <https://puppygock.gay/.well-known/matrix/client>
### Caddy For Apache and Nginx there are many examples available online.
Create `/etc/caddy/conf.d/conduwuit_caddyfile` and enter this (substitute for Lighttpd is not supported as it seems to mess with the `X-Matrix` Authorization
your server name). header, making federation non-functional. If a workaround is found, feel free to share to get it added to the documentation here.
```caddyfile If using Apache, you need to use `nocanon` in your `ProxyPass` directive to prevent httpd from messing with the `X-Matrix` header (note that Apache isn't very good as a general reverse proxy and we discourage the usage of it if you can).
your.server.name, your.server.name:8448 {
# TCP reverse_proxy
reverse_proxy 127.0.0.1:6167
# UNIX socket
#reverse_proxy unix//run/conduwuit/conduwuit.sock
}
```
That's it! Just start and enable the service and you're set. If using Nginx, you need to give conduwuit the request URI using `$request_uri`, or like so:
- `proxy_pass http://127.0.0.1:6167$request_uri;`
- `proxy_pass http://127.0.0.1:6167;`
```bash Nginx users need to increase `client_max_body_size` (default is 1M) to match
sudo systemctl enable --now caddy `max_request_size` defined in conduwuit.toml.
```
## You're done ## You're done