ansible/roles/matrix/templates/vhost.j2

server {
	listen 80;
	listen [::]:80;

	server_name {{ matrix_domain }};

	location /.well-known/acme-challenge {
		default_type "text/plain";
		alias /var/www/acme-challenge;
	}

	location / {
		return 301 https://{{ matrix_domain }}$request_uri;
	}
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name {{ matrix_domain }};

	ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
	ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;

	location / {
		proxy_pass http://localhost:8008;
		proxy_set_header X-Forwarded-For $remote_addr;
	}
}

server {
	listen 8448 ssl http2 default_server;
	listen [::]:8448 ssl http2 default_server;

	server_name {{ matrix_domain }};

	ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
	ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;

	location / {
		proxy_pass http://localhost:8008;
		proxy_set_header X-Forwarded-For $remote_addr;
	}
}