Add matrix_synapse_admin_hostname and rename matrix_synapse_admin_public_endpoint (to matrix_synapse_admin_path_prefix)

This commit is contained in:
Slavi Pantaleev 2023-02-14 11:05:39 +02:00
parent 2e74187050
commit 3bace0c7b9
4 changed files with 14 additions and 36 deletions

View file

@ -35,34 +35,6 @@ To use Synapse Admin, you need to have [registered at least one administrator ac
The Homeserver URL to use on Synapse Admin's login page is: `https://matrix.DOMAIN`
### Sample configuration for running behind Traefik 2.0
Below is a sample configuration for using this playbook with a [Traefik](https://traefik.io/) 2.0 reverse proxy.
This an extension to Traefik config sample in [own-webserver-documentation](./configuring-playbook-own-webserver.md).
```yaml
# Don't bind any HTTP or federation port to the host
# (Traefik will proxy directly into the containers)
matrix_synapse_admin_container_http_host_bind_port: ""
matrix_synapse_admin_container_extra_arguments:
# May be unnecessary depending on Traefik config, but can't hurt
- '--label "traefik.enable=true"'
# The Synapse Admin container will only receive traffic from this subdomain and path
- '--label "traefik.http.routers.matrix-synapse-admin.rule=(Host(`{{ matrix_server_fqn_matrix }}`) && Path(`{{matrix_synapse_admin_public_endpoint}}`))"'
# (Define your entrypoint)
- '--label "traefik.http.routers.matrix-synapse-admin.entrypoints=web-secure"'
# (The 'default' certificate resolver must be defined in Traefik config)
- '--label "traefik.http.routers.matrix-synapse-admin.tls.certResolver=default"'
# The Synapse Admin container uses port 80 by default
- '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"'
```
### Sample configuration for running behind Caddy v2
Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`).

View file

@ -41,9 +41,9 @@ matrix_synapse_admin_container_extra_arguments: []
# To inject your own other container labels, see `matrix_synapse_admin_container_labels_additional_labels`.
matrix_synapse_admin_container_labels_traefik_enabled: true
matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_synapse_admin_container_network }}"
matrix_synapse_admin_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_synapse_admin_container_labels_traefik_hostname: "{{ matrix_synapse_admin_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/synapse-admin`).
matrix_synapse_admin_container_labels_traefik_path_prefix: "{{ matrix_synapse_admin_public_endpoint }}"
matrix_synapse_admin_container_labels_traefik_path_prefix: "{{ matrix_synapse_admin_path_prefix }}"
matrix_synapse_admin_container_labels_traefik_rule: "Host(`{{ matrix_synapse_admin_container_labels_traefik_hostname }}`){% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_synapse_admin_container_labels_traefik_path_prefix | quote }}`){% endif %}"
matrix_synapse_admin_container_labels_traefik_priority: 0
matrix_synapse_admin_container_labels_traefik_entrypoints: web-secure
@ -131,9 +131,14 @@ matrix_synapse_admin_floc_optout_enabled: true
# See: `matrix_synapse_admin_http_header_strict_transport_security`
matrix_synapse_admin_hsts_preload_enabled: false
# The path at which Synapse Admin will be exposed on `matrix.DOMAIN` when matrix-nginx-proxy is used.
# A path of `/` is likely not a good choice when matrix-nginx-proxy is used.
# The hostname at which Synapse Admin is served.
# Only works with with Traefik reverse-proxying.
# For matrix-nginx-proxy, `matrix_server_fqn_matrix` is used and this variable has no effect.
matrix_synapse_admin_hostname: "{{ matrix_server_fqn_matrix }}"
# The path at which Synapse Admin is exposed.
# When matrix-nginx-proxy is used, setting this to values other than `/` will cause configuration mismatches and trouble.
#
# If Traefik is used, the hostname is also configurable - see `matrix_synapse_admin_container_labels_traefik_hostname`.
# This value must either be `/` or not end with a slash (e.g. `/synapse-admin`).
matrix_synapse_admin_public_endpoint: /synapse-admin
matrix_synapse_admin_path_prefix: /synapse-admin

View file

@ -12,9 +12,9 @@
- name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_synapse_admin_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;
rewrite ^{{ matrix_synapse_admin_path_prefix }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_path_prefix }}/ permanent;
location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
location ~ ^{{ matrix_synapse_admin_path_prefix }}/(.*) {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
@ -40,7 +40,7 @@
msg: >-
NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}`
Please make sure that you're proxying the `{{ matrix_synapse_admin_path_prefix }}`
URL endpoint to the matrix-synapse-admin container.
You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

View file

@ -10,6 +10,7 @@
- {'old': 'matrix_synapse_admin_docker_repo', 'new': 'matrix_synapse_admin_container_self_build_repo'}
- {'old': 'matrix_synapse_admin_container_self_build', 'new': 'matrix_synapse_admin_container_image_self_build'}
- {'old': 'matrix_synapse_admin_container_self_build_repo', 'new': 'matrix_synapse_admin_container_image_self_build_repo'}
- {'old': 'matrix_synapse_admin_public_endpoint', 'new': 'matrix_synapse_admin_path_prefix'}
- when: matrix_synapse_admin_container_labels_traefik_enabled | bool
block: