Make nginx proxy config (when disabled) obey matrix_federation_public_port

People who were disabling matrix-nginx-proxy (in favor of their own
nginx webserver) and also overriding `matrix_federation_public_port`,
found that the generated nginx configuration still hardcoded `8448`,
which forced their nginx server to use that, regardless of the fact
that `matrix_federation_public_port` was pointing elsewhere.

We now allow for the in-container federation port to be configurable,
and also automatically wire things properly.
This commit is contained in:
Slavi Pantaleev 2021-02-24 08:17:53 +02:00
parent 2ef1d9c537
commit 1ef683d366
4 changed files with 12 additions and 5 deletions

View file

@ -1074,6 +1074,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1
matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}"
# When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter.
matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}"
matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
# This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore.
@ -1224,7 +1227,7 @@ matrix_postgres_additional_databases: |
'username': matrix_mautrix_instagram_database_username,
'password': matrix_mautrix_instagram_database_password,
}] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == 'matrix-postgres') else [])
+
+
([{
'name': matrix_mautrix_signal_database_name,
'username': matrix_mautrix_signal_database_username,

View file

@ -111,6 +111,10 @@ matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
# Controls whether proxying the matrix domain should be done.
matrix_nginx_proxy_proxy_matrix_enabled: false
matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
# The port name used for federation in the nginx configuration.
# This is not necessarily the port that it's actually on,
# as port-mapping happens (`-p ..`) for the `matrix-nginx-proxy` container.
matrix_nginx_proxy_proxy_matrix_federation_port: 8448
# Controls whether proxying the dimension domain should be done.
matrix_nginx_proxy_proxy_dimension_enabled: false

View file

@ -199,10 +199,10 @@ server {
#}
server {
{% if matrix_nginx_proxy_https_enabled %}
listen 8448 ssl http2;
listen [::]:8448 ssl http2;
listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }} ssl http2;
listen [::]:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} ssl http2;
{% else %}
listen 8448;
listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }};
{% endif %}
server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};

View file

@ -30,7 +30,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
-p {{ matrix_nginx_proxy_container_https_host_bind_port }}:8443 \
{% endif %}
{% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled and matrix_nginx_proxy_container_federation_host_bind_port %}
-p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:8448 \
-p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} \
{% endif %}
--mount type=bind,src={{ matrix_nginx_proxy_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
--mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/nginx-data,ro \