From 3613d80cc743984615701f57e2d3d6e8fff4d8ab Mon Sep 17 00:00:00 2001
From: creme <creme@envs.net>
Date: Sat, 11 Jan 2020 13:59:34 +0000
Subject: [PATCH] update for matrix

---
 etc/init.d/S41firewall                        | 12 +++++---
 etc/nginx/sites-available/envs.net.conf       |  6 ++++
 .../sites-available/matrix.envs.net.conf      | 29 +++++++++++++++++++
 3 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/etc/init.d/S41firewall b/etc/init.d/S41firewall
index 7799090..5315b6e 100755
--- a/etc/init.d/S41firewall
+++ b/etc/init.d/S41firewall
@@ -220,10 +220,14 @@ if [ "$1" = "start" ]; then
 	#
 	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 8448 -j DNAT --to-destination 192.168.1.14:8448
 	$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 8448 -j ACCEPT
-	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
-	$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 3478 -j ACCEPT
-	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
-	$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 3478 -j ACCEPT
+	#
+	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
+	$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 5349 -j ACCEPT
+	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
+	$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 5349 -j ACCEPT
+	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 64000:65535 -j DNAT --to-destination 192.168.1.14 --sport 64000:65535
+	$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 64000:65535 -j ACCEPT
+	#
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.14 -j SNAT --to 89.163.145.170
 
 	# 0x0
diff --git a/etc/nginx/sites-available/envs.net.conf b/etc/nginx/sites-available/envs.net.conf
index 00a5b12..16a514d 100644
--- a/etc/nginx/sites-available/envs.net.conf
+++ b/etc/nginx/sites-available/envs.net.conf
@@ -59,6 +59,12 @@ server {
         proxy_pass https://matrix.envs.net;
     }
 
+	location /.well-known/matrix/ {
+		add_header Access-Control-Allow-Origin *;
+		add_header Content-Type application/json;
+		return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://matrix.envs.net"}}';
+	}
+
 	# users
 	location ~ ^/(~|u/)(?<user>[\w-]+)(?<user_uri>/.*)?$ {
 		alias /home/$user/public_html$user_uri;
diff --git a/etc/nginx/sites-available/matrix.envs.net.conf b/etc/nginx/sites-available/matrix.envs.net.conf
index a2da78b..da3d1cd 100644
--- a/etc/nginx/sites-available/matrix.envs.net.conf
+++ b/etc/nginx/sites-available/matrix.envs.net.conf
@@ -25,3 +25,32 @@ server {
         proxy_pass https://matrix.envs.net;
     }
 }
+
+
+### RIOT.ENVS.NET - WUI ###
+server {
+	include snippets/listen.conf;
+#	include snippets/ddos_mid.conf;
+    server_name riot.envs.net;
+
+	return 307 https://$host$request_uri;
+}
+
+# SSL
+server {
+	include snippets/listen_ssl.conf;
+#	include snippets/ddos_mid.conf;
+    server_name riot.envs.net;
+
+    include snippets/ssl.conf;
+	include ssl/envs_net_wild.conf;
+
+    error_log /var/log/nginx/matrix.envs.net-error.log crit;
+
+    location / {
+		include proxy_params;
+		proxy_ssl_name $http_host;
+		proxy_ssl_server_name on;
+        proxy_pass https://matrix.envs.net;
+    }
+}