server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name matrix.swee.codes;
    # Element instance hosted on Sugarcane
    location / {
        proxy_pass http://sugarcane.node.swee.codes;
        proxy_set_header Host $host;
    }

    # Forward matrix specs and synapse client
    location ~ ^/_(matrix/client|matrix/media|synapse/client) {
        proxy_pass https://peppermint.node.swee.codes:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host:$server_port;
        proxy_http_version 1.1;
    }

    # Federation is on a different port on my setup.
    location ~ ^/_matrix/federation {
        proxy_pass https://peppermint.node.swee.codes:8448;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host:$server_port;
        proxy_http_version 1.1;
    }
    
    # n.swee.codes has an iframe to the Element instance
    proxy_hide_header X-Frame-Options;
    add_header X-Frame-Options "";

    ssl_certificate /etc/letsencrypt/live/matrix.swee.codes/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/matrix.swee.codes/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}