1 server {

     2     listen 80;

     3     server_name {{nginx_server_name}};

     4     return 301 https://$host$request_uri;

     5 }

     6 

     7 # Enable SSL session caching for improved performance

     8 ssl_session_cache shared:ssl_session_cache:10m;

     9 

    10 server {

    11     listen {{nginx_server_port}} ssl http2;

    12     server_name {{nginx_server_name}};

    13 

    14     ssl_certificate {{nginx_ssl_cert}};

    15     ssl_certificate_key {{nginx_ssl_privkey}};

    16     include /etc/letsencrypt/options-ssl-nginx.conf;

    17     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    18 

    19     ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;

    20     ssl_stapling on;

    21     ssl_stapling_verify on;

    22 

    23     gzip_vary on;

    24     gzip_proxied any;

    25     gzip_comp_level 6;

    26     gzip_buffers 16 8k;

    27     gzip_http_version 1.1;

    28     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;

    29 

    30     # the nginx default is 1m, not enough for large media uploads

    31     client_max_body_size 16m;

    32 

    33     proxy_set_header Host              $host;

    34     proxy_set_header X-Real-IP         $remote_addr;

    35     proxy_set_header X-Forwarded-For   $remote_addr;

    36     proxy_set_header X-Forwarded-Proto $scheme;

    37     proxy_read_timeout                 600;

    38 

    39     location /_matrix {

    40         proxy_pass http://127.0.0.1:{{nginx_proxy_port}};

    41     }

    42 }