server {
    listen                  80;
    listen                  [::]:80;
    listen                  443 ssl;
    listen                  8448 ssl;
    listen                  [::]:443 ssl;
    listen                  [::]:8448 ssl;
    server_name             synapse.localhost;
    ssl_certificate         /root/ssl/cert.pem;
    ssl_certificate_key     /root/ssl/key.pem;

    # well-known config adding rtc_foci backend
    # Note well-known is currently not effective due to:
    # https://spec.matrix.org/v1.12/client-server-api/#well-known-uri the spec
    # says it must be at https://$server_name/... (implied port 443) Hence, we
    # currently rely for local development environment on deprecated config.json
    # setting for livekit_service_url
    location /.well-known/matrix/client {
        return 200 '{"m.homeserver": {"base_url": "http://synapse.localhost:8008"}, "org.matrix.msc4143.rtc_foci": [{"type": "livekit", "livekit_service_url": "http://localhost:8080"}]}';
        default_type application/json;
        add_header Access-Control-Allow-Origin *;
    }

    # Reverse proxy for Matrix Synapse Homeserver
    # This is also required for development environment.
    # Reason: the lk-jwt-service uses the federation API for the openid token
    #         verification, which requires TLS
    location / {
        proxy_pass "http://homeserver:8008";
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    error_page   500 502 503 504  /50x.html;

}