Add support for reverse-proxying Matric (Client & Federation) via Traefik

This commit is contained in:
Slavi Pantaleev 2023-02-06 13:08:11 +02:00
parent f983604695
commit 8155f780e5
5 changed files with 44 additions and 1 deletions

View file

@ -2215,6 +2215,7 @@ matrix_nginx_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik
matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_nginx_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_config_entrypoint_primary }}"
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: true
matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}"
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}"
@ -3349,6 +3350,12 @@ devture_traefik_enabled: "{{ matrix_playbook_traefik_role_enabled }}"
devture_traefik_uid: "{{ matrix_user_uid }}"
devture_traefik_gid: "{{ matrix_user_gid }}"
devture_traefik_additional_entrypoints_auto:
- name: matrix-federation
port: "{{ matrix_federation_public_port }}"
host_bind_port: "{{ matrix_federation_public_port }}"
config: {}
########################################################################
# #
# /com.devture.ansible.role.traefik #

View file

@ -37,4 +37,4 @@
version: v0.11.1-2
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: 407af71a3667b1d8083beb10bf22423ecf013f58
version: b8609fd07c26c89a72fe2934d183af5fd964bc1c

View file

@ -92,6 +92,9 @@ matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
matrix_federation_public_port: 8448
# The name of the Traefik entrypoint for handling Matrix Federation
matrix_federation_traefik_entrypoint: matrix-federation
# The architecture that your server runs.
# Recognized values by us are 'amd64', 'arm32' and 'arm64'.
# Not all architectures support all services, so your experience (on non-amd64) may vary.

View file

@ -49,6 +49,13 @@ matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_nginx_pro
matrix_nginx_proxy_container_labels_traefik_entrypoints: web-secure
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: default # noqa var-naming
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname }}`)"
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint: "{{ matrix_federation_traefik_entrypoint }}"
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints: "{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint }}"
matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: false
matrix_nginx_proxy_container_labels_traefik_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
matrix_nginx_proxy_container_labels_traefik_proxy_element_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"

View file

@ -6,6 +6,27 @@ traefik.docker.network={{ matrix_nginx_proxy_container_labels_traefik_docker_net
{% endif %}
{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled %}
# Matrix Client
traefik.http.routers.matrix-nginx-proxy-matrix-client.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
traefik.http.routers.matrix-nginx-proxy-matrix-client.service=matrix-nginx-proxy-web
traefik.http.routers.matrix-nginx-proxy-matrix-client.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}
traefik.http.routers.matrix-nginx-proxy-matrix-client.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
{% endif %}
traefik.http.routers.matrix-nginx-proxy-matrix-client.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
# Matrix Federation
traefik.http.routers.matrix-nginx-proxy-matrix-federation.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
traefik.http.routers.matrix-nginx-proxy-matrix-federation.service=matrix-nginx-proxy-federation
traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}
traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
{% endif %}
traefik.http.routers.matrix-nginx-proxy-matrix-federation.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints }}
{% endif %}
{% if matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled %}
# Element
traefik.http.routers.matrix-nginx-proxy-element.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_element_rule }}
@ -139,6 +160,11 @@ traefik.http.routers.matrix-nginx-proxy-ntfy.entrypoints={{ matrix_nginx_proxy_c
traefik.http.services.matrix-nginx-proxy-web.loadbalancer.server.port=8080
{% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %}
traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }}
{% endif %}
{% endif %}
{{ matrix_nginx_proxy_container_labels_additional_labels }}