nginx-configs/conf.d/matrix.conf

server {
	listen 80;
	listen [::]:80;

	listen 8449 default_server;
	listen [::]:8449 default_server;

	server_name mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;

	add_header Onion-Location http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;

	subs_filter_types application/json;
	subs_filter "{\"base_url\":\"https://mtrx.vern.cc/\"}" "{\"base_url\":\"http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion/\"}";

	location ~ ^(/_matrix|/_synapse/client) {
		# note: do not add a path (even a single /) after the port in `proxy_pass`,
		# otherwise nginx will canonicalise the URI and cause signature verification
		# errors.
		proxy_pass http://localhost:8008;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $host;

		# Nginx by default only allows file uploads up to 1M in size
		# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
		client_max_body_size 1024M;
	}
	## well-known
	location /.well-known/matrix/support {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"admins": [{"matrix_id": "@root:vern.cc", "email_address": "tildemaster@vern.cc", "role": "admin"}], "support_page": "https://matrix.to/#/#vern:vern.cc"}';
	}

	location /.well-known/matrix/server {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"m.server": "mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion:80"}';
	}

	location /.well-known/matrix/client {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"m.homeserver": {"base_url": "http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion"}}';
	}
}

server {
	listen 11043;
	listen [::]:11043;

	listen 8450 default_server;
	listen [::]:8450 default_server;

	server_name verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p;

	add_header Onion-Location http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;

	subs_filter_types application/json;
	subs_filter "{\"base_url\":\"https://mtrx.vern.cc/\"}" "{\"base_url\":\"http://verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p/\"}";

	location ~ ^(/_matrix|/_synapse/client) {
		# note: do not add a path (even a single /) after the port in `proxy_pass`,
		# otherwise nginx will canonicalise the URI and cause signature verification
		# errors.
		proxy_pass http://localhost:8008;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $host;

		# Nginx by default only allows file uploads up to 1M in size
		# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
		client_max_body_size 1024M;
	}
	location /synapseadmin {
		alias /var/www/synapse-admin;
		index index.html;
	}
	## well-known
	location /.well-known/matrix/support {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"admins": [{"matrix_id": "@root:vern.cc", "email_address": "tildemaster@vern.cc", "role": "admin"}], "support_page": "https://matrix.to/#/#vern:vern.cc"}';
	}

	location /.well-known/matrix/server {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"m.server": "verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p:80"}';
	}

	location /.well-known/matrix/client {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"m.homeserver": {"base_url": "http://verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p"}}';
	}
}

server {
	listen 11049 ssl http2;
	listen [::]:11049 ssl http2;
	include snippets/lets-encrypt.conf;

#	listen 8450 default_server;
#	listen [::]:8450 default_server;

	server_name verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p;

	add_header Onion-Location http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;

	subs_filter_types application/json;
	subs_filter "{\"base_url\":\"https://mtrx.vern.cc/\"}" "{\"base_url\":\"https://verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p/\"}";

	location ~ ^(/_matrix|/_synapse/client) {
		# note: do not add a path (even a single /) after the port in `proxy_pass`,
		# otherwise nginx will canonicalise the URI and cause signature verification
		# errors.
		proxy_pass http://localhost:8008;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $host;

		# Nginx by default only allows file uploads up to 1M in size
		# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
		client_max_body_size 1024M;
	}
	location /synapseadmin {
		alias /var/www/synapse-admin;
		index index.html;
	}
	## well-known
	location /.well-known/matrix/support {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"admins": [{"matrix_id": "@root:vern.cc", "email_address": "tildemaster@vern.cc", "role": "admin"}], "support_page": "https://matrix.to/#/#vern:vern.cc"}';
	}

	location /.well-known/matrix/server {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"m.server": "verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p:80"}';
	}

	location /.well-known/matrix/client {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"m.homeserver": {"base_url": "https://verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p"}}';
	}
}


server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	# For the federation port
	listen 8448 ssl http2 default_server;
	listen [::]:8448 ssl http2 default_server;
	include snippets/lets-encrypt.conf;

	server_name mtrx.vern.cc;

	add_header Onion-Location http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;

	location ~ ^(/_matrix|/_synapse) {
		# note: do not add a path (even a single /) after the port in `proxy_pass`,
		# otherwise nginx will canonicalise the URI and cause signature verification
		# errors.
		proxy_pass http://localhost:8008;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $host;

		# Nginx by default only allows file uploads up to 1M in size
		# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
		client_max_body_size 1024M;
	}
	location /synapseadmin {
		alias /var/www/synapse-admin;
		index index.html;
	}
	## well-known
	location /.well-known/matrix/support {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"admins": [{"matrix_id": "@root:vern.cc", "email_address": "tildemaster@vern.cc", "role": "admin"}], "support_page": "https://matrix.to/#/#vern:vern.cc"}';
	}

	location /.well-known/matrix/server {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"m.server": "mtrx.vern.cc:443"}';
	}

	location /.well-known/matrix/client {
		add_header Access-Control-Allow-Origin '*' always;
		add_header Content-Type application/json;
		return 200 '{"m.homeserver": {"base_url": "https://mtrx.vern.cc"}}';
	}
}

server {
	server_name stickers.vern.cc;
	listen 443 ssl;
	listen [::]:443 ssl;

	root /var/www/matrix;
	index index.html;

	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://127.0.0.1:8082;
	}

	include snippets/lets-encrypt.conf;
}
server {
	server_name dim.vern.cc;
	listen 443 ssl;
	listen [::]:443 ssl;

	root /var/www/matrix;
	index index.html;

	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://127.0.0.1:8184;
	}

	include snippets/lets-encrypt.conf;
}

server {
	listen 80;
	listen [::]:80;
	return 301 https://$host$request_uri;
	server_name dim.vern.cc stickers.vern.cc;
}