Added scrypted role.
server {
listen 80;
server_name {{nginx_server_name}};
return 301 https://$host$request_uri;
}
# Enable SSL session caching for improved performance
ssl_session_cache shared:ssl_session_cache:10m;
server {
listen {{nginx_server_port}} ssl http2;
server_name {{nginx_server_name}};
ssl_certificate {{nginx_ssl_cert}};
ssl_certificate_key {{nginx_ssl_privkey}};
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600;
location /_matrix {
proxy_pass http://127.0.0.1:{{nginx_proxy_port}};
}
root /var/www/{{nginx_server_name}};
index index.html;
location / {
try_files $uri $uri/ =404;
}
}