tyrm/wtf-synapse.conf

## wtf-synapse.conf
upstream pettingzoo-co_leader {
  server localhost:28008;
}

upstream pettingzoo-co_worker_client {
  hash $upstream_http_authentication;
  server localhost:28081;
  server localhost:28082;
}

upstream pettingzoo-co_worker_server {
  ip_hash;
  server localhost:28081;
  server localhost:28082;
}

upstream pettingzoo-co_media {
  server localhost:28085;
}

server {
  listen              448 ssl http2;
  listen              [::]:448 ssl http2;
  listen              8448 ssl http2;
  listen              [::]:8448 ssl http2;

  server_name         matrix.pettingzoo.co;

  ssl_certificate     /etc/letsencrypt/live/matrix.pettingzoo.co/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/matrix.pettingzoo.co/privkey.pem;

  ssl_protocols       TLSv1.2 TLSv1.3;
  #ssl_ciphers         HIGH:!aNULL:!MD5;

  #ssl_protocols TLSv1.2;
  ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;

  access_log /var/log/nginx/pettingzoo_co-server-access.log main;
  error_log /var/log/nginx/pettingzoo_co-server-error.log;

  keepalive_timeout    70;
  sendfile             on;
  client_max_body_size 80m;

  # media-repository
  location ~ ^(/_matrix/media|/_synapse/admin/v1/(purge_media_cache$|room/.*/media.*$|user/.*/media.*$|media/.*$|quarantine_media/.*$|users/.*/media$)) {
    proxy_pass http://pettingzoo-co_media;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # federation requests
  location ~ ^/_matrix/(federation/(v1|v2)/(event/|state/|state_ids/|backfill/|get_missing_events/|publicRooms|query/|make_join/|make_leave/|send_join/|send_leave/|invite/|event_auth/|exchange_third_party_invite/|user/devices/|hierarchy/)|key/v2/query) {
    proxy_pass http://pettingzoo-co_worker_server;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # inbound federation transaction request
  location ~ ^/_matrix/federation/v1/send/ {
    proxy_pass http://pettingzoo-co_worker_server;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # direct other requests to leader
  location ~ ^(/_matrix|/_synapse/admin/v[12]) {
    proxy_pass http://pettingzoo-co_leader;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }
}

server {
  listen              8448 ssl http2;
  listen              [::]:8448 ssl http2;

  server_name         client.matrix.pettingzoo.co;

  ssl_certificate     /etc/letsencrypt/live/matrix.pettingzoo.co/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/matrix.pettingzoo.co/privkey.pem;

  ssl_protocols              TLSv1.2 TLSv1.3;
  ssl_ciphers                HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
  ssl_prefer_server_ciphers  on;
  ssl_session_cache          shared:SSL:10m;

  access_log /var/log/nginx/pettingzoo_co-client-access.log main;
  error_log /var/log/nginx/pettingzoo_co-client-error.log;

  keepalive_timeout    70;
  sendfile             on;
  client_max_body_size 80m;

  # media-repository
  location ~ ^(/_matrix/media|/_synapse/admin/v1/(purge_media_cache$|room/.*/media.*$|user/.*/media.*$|media/.*$|quarantine_media/.*$|users/.*/media$)) {
    proxy_pass http://pettingzoo-co_media;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # sync requests
  location ~ ^/_matrix/client/((r0|v3)/sync|(api/v1|r0|v3)/events|(api/v1|r0|v3)/initialSync|(api/v1|r0|v3)/rooms/[^/]+/initialSync)$ {
    proxy_pass http://pettingzoo-co_worker_client;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # client API requests
  location ~ ^/_matrix/client/((api/v1|r0|v3|unstable)/(createRoom$|publicRooms$|rooms/.*/joined_members$|rooms/.*/context/.*$|rooms/.*/members$|rooms/.*/state$|org\.matrix\.msc2716/rooms/.*/batch_send$|im\.nheko\.summary/rooms/.*/summary$|account/3pid$|account/whoami$|devices$|voip/turnServer$|rooms/.*/event/|joined_rooms$|search$)|v1/rooms/.*/hierarchy$|versions$) {
    proxy_pass http://pettingzoo-co_worker_client;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # encryption requests
  location ~ ^/_matrix/client/(r0|v3|unstable)/(keys/query$|keys/changes$|keys/claim$|room_keys/) {
    proxy_pass http://pettingzoo-co_worker_client;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # registration/login requests
  location ~ ^/_matrix/client/(api/v1|v1|r0|v3|unstable)/(login$|register$|register/m\.login\.registration_token/validity$) {
    proxy_pass http://pettingzoo-co_worker_client;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # event sending requests
  location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/(rooms/.*/redact|rooms/.*/send|rooms/.*/state/|rooms/.*/(join|invite|leave|ban|unban|kick)$|join/|profile/) {
    proxy_pass http://pettingzoo-co_worker_client;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # account data requests
  location ~ ^/_matrix/client/(r0|v3|unstable)/.*/(tags|account_data) {
    proxy_pass http://pettingzoo-co_worker_client;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # receipts requests
  location ~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt {
    proxy_pass http://pettingzoo-co_worker_client;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # presence requests
  location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ {
    proxy_pass http://pettingzoo-co_worker_client;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # user directory search requests
  location ~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ {
    proxy_pass http://pettingzoo-co_worker_client;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }

  # direct other requests to leader
  location ~ ^(/_matrix|/_synapse/client) {
    proxy_pass http://pettingzoo-co_leader;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;

    client_max_body_size 50M;
  }
}
	upstream pettingzoo-co_leader {
	server localhost:28008;
	}

	upstream pettingzoo-co_worker_client {
	hash $upstream_http_authentication;
	server localhost:28081;
	server localhost:28082;
	}

	upstream pettingzoo-co_worker_server {
	ip_hash;
	server localhost:28081;
	server localhost:28082;
	}

	upstream pettingzoo-co_media {
	server localhost:28085;
	}

	server {
	listen 448 ssl http2;
	listen [::]:448 ssl http2;
	listen 8448 ssl http2;
	listen [::]:8448 ssl http2;

	server_name matrix.pettingzoo.co;

	ssl_certificate /etc/letsencrypt/live/matrix.pettingzoo.co/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/matrix.pettingzoo.co/privkey.pem;

	ssl_protocols TLSv1.2 TLSv1.3;
	#ssl_ciphers HIGH:!aNULL:!MD5;

	#ssl_protocols TLSv1.2;
	ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;

	access_log /var/log/nginx/pettingzoo_co-server-access.log main;
	error_log /var/log/nginx/pettingzoo_co-server-error.log;

	keepalive_timeout 70;
	sendfile on;
	client_max_body_size 80m;

	# media-repository
	location ~ ^(/_matrix/media\|/_synapse/admin/v1/(purge_media_cache$\|room/./media.$\|user/./media.$\|media/.$\|quarantine_media/.$\|users/.*/media$)) {
	proxy_pass http://pettingzoo-co_media;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# federation requests
	location ~ ^/_matrix/(federation/(v1\|v2)/(event/\|state/\|state_ids/\|backfill/\|get_missing_events/\|publicRooms\|query/\|make_join/\|make_leave/\|send_join/\|send_leave/\|invite/\|event_auth/\|exchange_third_party_invite/\|user/devices/\|hierarchy/)\|key/v2/query) {
	proxy_pass http://pettingzoo-co_worker_server;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# inbound federation transaction request
	location ~ ^/_matrix/federation/v1/send/ {
	proxy_pass http://pettingzoo-co_worker_server;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# direct other requests to leader
	location ~ ^(/_matrix\|/_synapse/admin/v[12]) {
	proxy_pass http://pettingzoo-co_leader;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}
	}

	server {
	listen 8448 ssl http2;
	listen [::]:8448 ssl http2;

	server_name client.matrix.pettingzoo.co;

	ssl_certificate /etc/letsencrypt/live/matrix.pettingzoo.co/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/matrix.pettingzoo.co/privkey.pem;

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;

	access_log /var/log/nginx/pettingzoo_co-client-access.log main;
	error_log /var/log/nginx/pettingzoo_co-client-error.log;

	keepalive_timeout 70;
	sendfile on;
	client_max_body_size 80m;

	# media-repository
	location ~ ^(/_matrix/media\|/_synapse/admin/v1/(purge_media_cache$\|room/./media.$\|user/./media.$\|media/.$\|quarantine_media/.$\|users/.*/media$)) {
	proxy_pass http://pettingzoo-co_media;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# sync requests
	location ~ ^/_matrix/client/((r0\|v3)/sync\|(api/v1\|r0\|v3)/events\|(api/v1\|r0\|v3)/initialSync\|(api/v1\|r0\|v3)/rooms/[^/]+/initialSync)$ {
	proxy_pass http://pettingzoo-co_worker_client;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# client API requests
	location ~ ^/_matrix/client/((api/v1\|r0\|v3\|unstable)/(createRoom$\|publicRooms$\|rooms/./joined_members$\|rooms/./context/.$\|rooms/./members$\|rooms/./state$\|org\.matrix\.msc2716/rooms/./batch_send$\|im\.nheko\.summary/rooms/./summary$\|account/3pid$\|account/whoami$\|devices$\|voip/turnServer$\|rooms/./event/\|joined_rooms$\|search$)\|v1/rooms/.*/hierarchy$\|versions$) {
	proxy_pass http://pettingzoo-co_worker_client;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# encryption requests
	location ~ ^/_matrix/client/(r0\|v3\|unstable)/(keys/query$\|keys/changes$\|keys/claim$\|room_keys/) {
	proxy_pass http://pettingzoo-co_worker_client;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# registration/login requests
	location ~ ^/_matrix/client/(api/v1\|v1\|r0\|v3\|unstable)/(login$\|register$\|register/m\.login\.registration_token/validity$) {
	proxy_pass http://pettingzoo-co_worker_client;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# event sending requests
	location ~ ^/_matrix/client/(api/v1\|r0\|v3\|unstable)/(rooms/./redact\|rooms/./send\|rooms/./state/\|rooms/./(join\|invite\|leave\|ban\|unban\|kick)$\|join/\|profile/) {
	proxy_pass http://pettingzoo-co_worker_client;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# account data requests
	location ~ ^/_matrix/client/(r0\|v3\|unstable)/.*/(tags\|account_data) {
	proxy_pass http://pettingzoo-co_worker_client;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# receipts requests
	location ~ ^/_matrix/client/(r0\|v3\|unstable)/rooms/.*/receipt {
	proxy_pass http://pettingzoo-co_worker_client;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# presence requests
	location ~ ^/_matrix/client/(api/v1\|r0\|v3\|unstable)/presence/ {
	proxy_pass http://pettingzoo-co_worker_client;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# user directory search requests
	location ~ ^/_matrix/client/(r0\|v3\|unstable)/user_directory/search$ {
	proxy_pass http://pettingzoo-co_worker_client;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}

	# direct other requests to leader
	location ~ ^(/_matrix\|/_synapse/client) {
	proxy_pass http://pettingzoo-co_leader;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $host;

	client_max_body_size 50M;
	}
	}