From 1cd9b7980e71b50f878bfe0898f440ce3a5e4d05 Mon Sep 17 00:00:00 2001
From: Eric Eastwood <erice@element.io>
Date: Tue, 3 Dec 2024 19:14:19 -0600
Subject: [PATCH] Update docs with what we've learned from #17986

See https://github.com/element-hq/synapse/pull/17986
---
 docker/conf-workers/nginx.conf.j2 | 3 +++
 docs/reverse_proxy.md             | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/docker/conf-workers/nginx.conf.j2 b/docker/conf-workers/nginx.conf.j2
index c3f9b584d2..95d2f760d2 100644
--- a/docker/conf-workers/nginx.conf.j2
+++ b/docker/conf-workers/nginx.conf.j2
@@ -38,6 +38,9 @@ server {
 {% if using_unix_sockets %}
         proxy_pass http://unix:/run/main_public.sock;
 {% else %}
+        # note: do not add a path (even a single /) after the port in `proxy_pass`,
+        # otherwise nginx will canonicalise the URI and cause signature verification
+        # errors.
         proxy_pass http://localhost:8080;
 {% endif %}
         proxy_set_header X-Forwarded-For $remote_addr;
diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md
index 7128af114e..45de2b1f65 100644
--- a/docs/reverse_proxy.md
+++ b/docs/reverse_proxy.md
@@ -74,7 +74,7 @@ server {
         proxy_pass http://localhost:8008;
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $host;
+        proxy_set_header Host $host:$server_port;
 
         # Nginx by default only allows file uploads up to 1M in size
         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml