mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-21 03:42:55 +03:00
b257c7ab19
Be able to test `/login/sso/redirect` in Complement
Spawning from
https://github.com/element-hq/sbg/pull/421#discussion_r1854926218 where
we have a proxy that intercepts responses to
`/_matrix/client/v3/login/sso/redirect(/{idpId})` in order to upgrade
them to use OAuth 2.0 Pushed Authorization Requests (PAR). We have some
Complement tests in that codebase that go over this flow and these
changes are required [in order for the URL's to line
up](d648c8ce3f/synapse/rest/client/login.py (L652-L673)
).
47 lines
1.6 KiB
Django/Jinja
47 lines
1.6 KiB
Django/Jinja
# This file contains the base config for the reverse proxy, as part of ../Dockerfile-workers.
|
|
# configure_workers_and_start.py uses and amends to this file depending on the workers
|
|
# that have been selected.
|
|
|
|
{{ upstream_directives }}
|
|
|
|
server {
|
|
# Listen on an unoccupied port number
|
|
listen 8008;
|
|
listen [::]:8008;
|
|
|
|
{% if tls_cert_path is not none and tls_key_path is not none %}
|
|
listen 8448 ssl;
|
|
listen [::]:8448 ssl;
|
|
|
|
ssl_certificate {{ tls_cert_path }};
|
|
ssl_certificate_key {{ tls_key_path }};
|
|
|
|
# Some directives from cipherlist.eu (fka cipherli.st):
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_tickets off; # Requires nginx >= 1.5.9
|
|
{% endif %}
|
|
|
|
server_name localhost;
|
|
|
|
# Nginx by default only allows file uploads up to 1M in size
|
|
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
|
client_max_body_size 100M;
|
|
|
|
{{ worker_locations }}
|
|
|
|
# Send all other traffic to the main process
|
|
location ~* ^(\\/_matrix|\\/_synapse) {
|
|
{% if using_unix_sockets %}
|
|
proxy_pass http://unix:/run/main_public.sock;
|
|
{% else %}
|
|
proxy_pass http://localhost:8080;
|
|
{% endif %}
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $host:$server_port;
|
|
}
|
|
}
|