server {
	listen 80;
	listen [::]:80;

	listen 443 ssl;
	listen [::]:443 ssl;
	http2 on;

	server_name chat.quietlife.nl;

	access_log /var/log/nginx/chat.quietlife.nl-access.log;
	error_log /var/log/nginx/chat.quietlife.nl-error.log;

	ssl_certificate /etc/letsencrypt/live/chat.quietlife.nl/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/chat.quietlife.nl/privkey.pem;

	if ($scheme != "https") {
	 return 301 https://$host$request_uri;
	}

	location /.well-known/matrix/client {
	 add_header Access-Control-Allow-Origin * always;
	 add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
	 add_header Access-Control-Allow-Headers "Authorization,Content-Type" always;
	 add_header Access-Control-Allow-Credentials true always;
	 default_type application/json;
	 return 200 '{"m.homeserver":{"base_url":"https://chat.quietlife.nl"}}';
	}

	location /.well-known/matrix/server {
	 add_header Access-Control-Allow-Origin * always;
	 add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
	 add_header Access-Control-Allow-Headers "Authorization,Content-Type" always;
	 add_header Access-Control-Allow-Credentials true always;
	 default_type application/json;
	 return 200 '{"m.server":"chat.quietlife.nl:443"}';
	}

	location ~ ^(/_matrix|/_synapse/client) {
	 client_max_body_size 50M;
	 proxy_http_version 1.1;
	 proxy_pass http://localhost:8008;
	 proxy_set_header Host $host;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 proxy_set_header X-Forwarded-Proto $scheme;
	 proxy_set_header X-Real-IP $remote_addr;
	}

	location / {
	 add_header X-Content-Type-Options nosniff;
	 add_header X-Frame-Options SAMEORIGIN;
	 add_header X-XSS-Protection "1; mode=block";
	 proxy_pass http://localhost:8088;
	 proxy_set_header Host $host;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 proxy_set_header X-Forwarded-Proto $scheme;
	 proxy_set_header X-Real-IP $remote_addr;
	}
}