server {
    listen                  80;
    listen                  [::]:80;
    listen                  443 ssl;
    listen                  8448 ssl;
    listen                  [::]:443 ssl;
    listen                  [::]:8448 ssl;
    server_name             synapse.localhost;
    ssl_certificate         /root/ssl/cert.pem;
    ssl_certificate_key     /root/ssl/key.pem;

    # Reverse proxy for Matrix Synapse Homeserver
    # This is also required for development environment.
    # Reason: the lk-jwt-service uses the federation API for the openid token
    #         verification, which requires TLS
    location / {
        proxy_pass "http://homeserver:8008";
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    error_page   500 502 503 504  /50x.html;

}