Add comments and move matrix config to root

homepage.conf

@@ -1,51 +1,81 @@
 server {
+    # Server name, root and index
     server_name shoebottom.ca; # managed by Certbot
     root /home/isaac/www/shoebottom.ca;
     index index.html;
 
-
+    # Listen on https
     listen [::]:443 ssl ipv6only=on default_server; # managed by Certbot
     listen 443 ssl default_server; # managed by Certbot
+
+    # Listen for matrix port
+    listen 8448 ssl http2;
+    listen [::]:8448 ssl http2;
+
+
+    # SSL configuration
     ssl_certificate /etc/letsencrypt/live/shoebottom.ca/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/shoebottom.ca/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    ssl_trusted_certificate /etc/letsencrypt/live/shoebottom.ca/chain.pem; # managed by Certbot
+    ssl_stapling on; # managed by Certbot
+    ssl_stapling_verify on; # managed by Certbot
 
-
+    # Security / HSTS Headers
     add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
 
     # Security / XSS Mitigation Headers
     add_header X-Frame-Options "SAMEORIGIN";
     add_header X-XSS-Protection "1";
     add_header X-Content-Type-Options "nosniff";
+
+    # Disabled header for content security policy, because I want to load images and content from other sites
     # add_header Content-Security-Policy "default-src 'self' https://i.imgur.com;" always;	
 
-    ssl_trusted_certificate /etc/letsencrypt/live/shoebottom.ca/chain.pem; # managed by Certbot
+
-    ssl_stapling on; # managed by Certbot
+    # Disable merge slashes, non-standard and needed for matrix
-    ssl_stapling_verify on; # managed by Certbot
+    merge_slashes off;
-    
+
+    # Nginx defaults to only allow 1MB uploads
+    client_max_body_size 20M;
+
+    # Matrix subdirectory
+    location /_matrix/ {
+        proxy_pass http://127.0.0.1:6167$request_uri;
+        proxy_set_header Host $http_host;
+        proxy_buffering off;
+    }
+
+    # Music subdirectory
     location /music {
         autoindex on;
         sendfile on;
         alias /home/isaac/Media/Music;
     }
 
+    # Movies subdirectory
     location /movies {
         autoindex on;
         sendfile on;
         alias /home/isaac/Media/Movies;
     }
+
+    # TV subdirectory
     location /tv {
         autoindex on;
         sendfile on;
         alias /home/isaac/Media/TV;
     }
+
+    # Anime subdirectory
     location /anime {
         autoindex on;
         sendfile on;
         alias /home/isaac/Media/Anime;
     }
 
+    # File hosting subdirectory
     location /host {
         autoindex off;
         sendfile on;
@@ -53,11 +83,13 @@ server {
     }      
 }
 server {
+    # Redirect http to https
     if ($host = shoebottom.ca) {
         return 301 https://$host$request_uri;
     } # managed by Certbot
 
 
+    # Listen on http, no ssl. Needed for certbot
     listen 80 default_server;
     listen [::]:80 default_server;
     server_name shoebottom.ca; # managed by Certbot