matrix-server/Caddyfile at main · utopia-os/matrix-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Matrix Synapse Server
matrix.example.de {
    # Client-Server API
    handle /_matrix/* {
        reverse_proxy synapse:8008
    }

    # Synapse Admin API (nur wenn benötigt, ggf. einschränken)
    handle /_synapse/* {
        reverse_proxy synapse:8008
    }

    # .well-known für Client-Discovery
    handle /.well-known/matrix/client {
        header Content-Type application/json
        header Access-Control-Allow-Origin *
        respond `{"m.homeserver": {"base_url": "https://matrix.example.de"}}`
    }

    # .well-known für Server-Discovery (Federation)
    handle /.well-known/matrix/server {
        header Content-Type application/json
        respond `{"m.server": "matrix.example.de:443"}`
    }

    # Standardantwort für Root
    handle {
        respond "Matrix Homeserver" 200
    }

    # Security Headers
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "SAMEORIGIN"
        Referrer-Policy "strict-origin-when-cross-origin"
    }

    # Logging
    log {
        output file /var/log/caddy/matrix.log {
            roll_size 50mb
            roll_keep 5
        }
    }
}

# Element Web Client
element.example.de {
    reverse_proxy element-web:80

    # Security Headers
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "SAMEORIGIN"
        Referrer-Policy "strict-origin-when-cross-origin"
        Content-Security-Policy "frame-ancestors 'self'"
    }

    log {
        output file /var/log/caddy/element.log {
            roll_size 50mb
            roll_keep 5
        }
    }
}

# Federation Port (optional - wenn Port 8448 extern erreichbar sein soll)
# matrix.example.de:8448 {
#     reverse_proxy synapse:8008
# }