Add support for not serving Dendrite federation APIs on the client port

Seems like Dendrite encourages serving both the Client and Federation
API at the same port.

Coming from Synapse and how things are done there, we have separate
ports. Using separate ports probably makes matrix-corporal (etc.)
integration easier, so separating the APIs by default probably makes
sense.
This commit is contained in:
Slavi Pantaleev 2021-12-18 13:26:31 +02:00
parent ecc237bbad
commit 3b9d5b13e9
2 changed files with 13 additions and 0 deletions

View file

@ -128,6 +128,9 @@ matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks: []
matrix_nginx_proxy_proxy_dendrite_enabled: false
matrix_nginx_proxy_proxy_dendrite_hostname: "matrix-nginx-proxy"
matrix_nginx_proxy_proxy_dendrite_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}"
# Controls whether the Client API server (usually at matrix.DOMAIN:443) should explicitly reject `/_matrix/federation` endpoints.
# Normally, Dendrite Monolith serves both APIs (Client & Federation) at the same port, so we can serve federation at `matrix.DOMAIN:443` too.
matrix_nginx_proxy_proxy_dendrite_block_federation_api_on_client_port: true
# The addresses where the Matrix Client API is, when using Dendrite.
matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: ""
matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: ""

View file

@ -14,6 +14,16 @@ server {
{{- configuration_block }}
{% endfor %}
{% if matrix_nginx_proxy_proxy_dendrite_block_federation_api_on_client_port %}
location /_matrix/federation {
{% if matrix_nginx_proxy_proxy_dendrite_federation_api_enabled %}
return 404 'The Federation API is served at https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}';
{% else %}
return 404 'This Matrix server is running with federation disabled';
{% endif %}
}
{% endif %}
{# Everything else just goes to the API server ##}
location / {
{% if matrix_nginx_proxy_enabled %}