Self-hosted Matrix server: configure nginx and Let's Encrypt
Assuming that nxginx and Let’s Encrypt are installed
-
Create nginx configuration file
/etc/nginx/sites-available/irons.nzserver { listen 80; listen [::]:80; server_name irons.nz; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; listen 8448 ssl http2; listen [::]:8448 ssl http2; ssl_certificate /etc/letsencrypt/live/irons.nz/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/irons.nz/privkey.pem; # managed by Certbot server_name irons.nz; location / { return 404; } location /_matrix { proxy_pass http://localhost:8008; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; } location /_synapse/client { proxy_pass http://localhost:8008; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; } } -
Temporarily comment-out the listen:443 lines and the certificate lines
-
Test the configuration, then restart nginx
sudo nginx -t sudo systemctl restart nginx -
Verify that it is running
curl localhost:80 -
Update DNS record for
https://irons.nz -
Create certificate for
https://irons.nzsudo certbot certonly --nginxThis is an interactive command; there might be command-line options to specify the URL.