server { listen 443 ssl; # IPv4 listen [::]:443 ssl; # IPv6 server_name my.hostname.com; ssl_certificate /path/to/fullchain.pem; ssl_certificate_key /path/to/privkey.pem; ssl_dhparam /path/to/ssl-dhparams.pem; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_read_timeout 600; location /.well-known/matrix/server { return 200 '{ "m.server": "my.hostname.com:443" }'; } location /.well-known/matrix/client { # If your sever_name here doesn't match your matrix homeserver URL # (e.g. hostname.com as server_name and matrix.hostname.com as homeserver URL) # add_header Access-Control-Allow-Origin '*'; return 200 '{ "m.homeserver": { "base_url": "https://my.hostname.com" } }'; } # route requests to: # /_matrix/client/.*/sync # /_matrix/client/.*/user/{userId}/filter # /_matrix/client/.*/user/{userId}/filter/{filterID} # /_matrix/client/.*/keys/changes # /_matrix/client/.*/rooms/{roomId}/messages # /_matrix/client/.*/rooms/{roomId}/context/{eventID} # /_matrix/client/.*/rooms/{roomId}/event/{eventID} # /_matrix/client/.*/rooms/{roomId}/relations/{eventID} # /_matrix/client/.*/rooms/{roomId}/relations/{eventID}/{relType} # /_matrix/client/.*/rooms/{roomId}/relations/{eventID}/{relType}/{eventType} # to sync_api location ~ /_matrix/client/.*?/(sync|user/.*?/filter/?.*|keys/changes|rooms/.*?/(messages|context/.*?|relations/.*?|event/.*?))$ { proxy_pass http://sync_api:8073; } location /_matrix/client { proxy_pass http://client_api:8071; } location /_matrix/federation { proxy_pass http://federation_api:8072; } location /_matrix/key { proxy_pass http://federation_api:8072; } location /_matrix/media { proxy_pass http://media_api:8074; } }