NEW: For the very impatient I have a console only section. There are only commands, no explanations.
Last updated:
Generally, such service should be set up in its own environment. This makes not only security, but also maintenance much easier. Jails can be backed up relatively easily and only the packages that are absolutely necessary are installed.
The setup including all optional possibilities looks like this:
┌──────────────────────────┐
│ FreeBSD │
┌────────────────────────────────┐ │ ┌──────────────────────┐ │
│ OPNsense │ │ │ Matrix │ │
WAN: 0.0.0.0:80 ─────────┼─► acme.sh:80 │ │ │ postgresql-server │ │
WAN: 0.0.0.0:8448 ┌────────┼─► HAProxy:8448 ┐ │ │ │ ▲ │ │
WAN: 0.0.0.0:443 ┘ │ " :443/_matrix ├─┼─ 192.168.178.101:8008 ─┼─┼─► matrix-synapse │ │
│ " :443/_synapse/client┘ │ │ │ │ │
│ " :443 ─────────────────┼─ 192.168.178.101:80 ─┼─┼─► nginx │ │
└────────────────────────────────┘ │ │ ▼ │ │
│ │ element-web │ │
│ └──────────────────────┘ │
└──────────────────────────┘[Link to the code on Github, I'm always happy about suggestions for improvement!]()
Voilá