Closed ne20002 closed 2 years ago
p1gp1g
commented
2 years ago /index.php/apps/uppush must be accessible by your client./_matrix/push/v1/notify must be accessible by your matrix client and your matrix server./index.php/apps/uppush/push must be accessible by other servers (mastodon server for instance) if you need it.
ne20002
commented
2 years ago Hmm, having my Friendica, Synapse and Nextcloud running in my dmz and having all my clients within my network... I can limit access to all three path to my network only, not accessible from outside/Internet. Thank you
p1gp1g
commented
2 years ago You're welcome :)
Hi
I wonder how I should/can secure the paths used for NextPush.
For my Matrix Synapse server I have two locations defined in the reverse proxy: /_matrix allowed for all /_matrix/client only allowed from within my network.
I can do this as all my Element clients are inside my network. The /_matrix/client path does not need to be accessible from outside.
For NextPush I wonder if I can do similar.
For Matrix the path /_matrix/push/v1/notify, is this needed from outside? Who is using this endpoint? The clients? Other matrix server?
Also, for Nextpush: /index.php/apps/uppush
I assume this is only used by the clients and also called from e.g. the Matrix server as forwarded in the reverse proxy. So it does not need to be accessible fromoutside if all my clients are inside my network?