From a14b9c09adee37282b2deb7d0ff63594b5174107 Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Sat, 11 Apr 2020 03:08:59 +0200 Subject: [PATCH] Add to synapse nginx template conditional URL rewrites for workers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit · 😅 How to keep this in sync with the matrix-synapse documentation? · regex location matching is expensive · nginx syntax limit: one location only per block / statement · thus, lots of duplicate statements in this file --- .../nginx/conf.d/matrix-synapse.conf.j2 | 110 ++++++++++++++++++ 1 file changed, 110 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 99662515..0f4982cc 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -101,6 +101,93 @@ } {% endif %} + {% if synchrotron_workers %} + {# c.f. https://github.com/matrix-org/synapse/blame/master/docs/workers.md#L134 #} + location /_matrix/client/r0/sync { + proxy_pass http://synchrotron$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + location /_matrix/client/r0/events { + proxy_pass http://synchrotron$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + location /_matrix/client/r0/initialSync { + proxy_pass http://synchrotron$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + location ~ ^/_matrix/client/r0/rooms/[^/]+/initialSync$ { + proxy_pass http://synchrotron$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} + + {% set client_reader_worker = matrix_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'client_reader')|first %} + {% if client_reader_worker %} + {# c.f. https://github.com/matrix-org/synapse/blame/master/docs/workers.md#L252 #} + location ^/_matrix/client/(versions$|(api/v1|r0|unstable)/(publicRooms$|rooms/.*/joined_me|rooms/.*/context/.|rooms/.*/members$|rooms/.*/messages$|rooms/.*/state$|login$|account/3pid$|keys/query$|keys/changes$|voip/turnServer$|joined_groups$|publicised_groups$|publicised_groups/|pushrules/.*$|groups/.*$|register$|auth/.*/fallback/web$)) { + proxy_pass http://127.0.0.1:{{ client_reader_worker.port }}$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} + + {% set media_repository_worker = matrix_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'media_repository')|first %} + {% if media_repository_worker %} + {# c.f. https://github.com/matrix-org/synapse/blame/master/docs/workers.md#L219 #} + location /_matrix/media/ { + proxy_pass http://127.0.0.1:{{ media_repository_worker.port }}$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + {# c.f. https://github.com/matrix-org/synapse/blame/master/docs/workers.md#L223 #} + location ~ ^/_synapse/admin/v1/(purge_media_cache|room/.*/media.*|user/.*/media.*|media/.*|quarantine_media/.*)$ { + proxy_pass http://127.0.0.1:{{ media_repository_worker.port }}$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} + + {% set event_creator_worker = matrix_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'event_creator')|first %} + {% if event_creator_worker %} + {# c.f. https://github.com/matrix-org/synapse/blame/master/docs/workers.md#L323 #} + location ~ ^/_matrix/client/(api/v1|r0|unstable)/(rooms/.*/send|rooms/.*/state/|rooms/.*/(join|invite|leave|ban|unban|kick)$|join/|profile/) { + proxy_pass http://127.0.0.1:{{ event_creator_worker.port }}$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} + + {% set frontend_proxy_worker = matrix_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'frontend_proxy')|first %} + {% if frontend_proxy_worker %} + {# c.f. https://github.com/matrix-org/synapse/blame/master/docs/workers.md#L302 #} + location ~ ^/_matrix/client/(api/v1|r0|unstable)/keys/upload { + proxy_pass http://127.0.0.1:{{ frontend_proxy_worker.port }}$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% if not matrix_synapse_use_presence %} + location ~ ^/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status { + proxy_pass http://127.0.0.1:{{ frontend_proxy_worker.port }}$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} + {% endif %} + + {% set user_dir_worker = matrix_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'user_dir')|first %} + {% if user_dir_worker %} + {# c.f. https://github.com/matrix-org/synapse/blame/master/docs/workers.md#L290 #} + location ~ ^/_matrix/client/(api/v1|r0|unstable)/user_directory/search$ { + proxy_pass http://127.0.0.1:{{ user_dir_worker.port }}$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} + {% for configuration_block in matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks %} {{- configuration_block }} {% endfor %} @@ -174,6 +261,19 @@ } {% endmacro %} +{% set synchrotron_workers = matrix_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'synchrotron')|list %} +{% if synchrotron_workers %} +upstream synchrotron { + # ensures that requests from the same client will always be passed + # to the same server (except when this server is unavailable) + ip_hash; + + {% for worker in synchrotron_workers %} + server 127.0.0.1:{{ worker.port }}; + {% endfor %} +} +{% endif %} + server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }}; @@ -255,6 +355,16 @@ server { ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; {% endif %} + {% set federation_worker = matrix_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'federation_reader')|first %} + {% if federation_worker %} + {# c.f. https://github.com/matrix-org/synapse/blame/master/docs/workers.md#L160 #} + location ~ ^(/_matrix/federation/v1/event/|/_matrix/federation/v1/state/|/_matrix/federation/v1/state_ids/|/_matrix/federation/v1/backfill/|/_matrix/federation/v1/get_missing_events/|/_matrix/federation/v1/publicRooms|/_matrix/federation/v1/query/|/_matrix/federation/v1/make_join/|/_matrix/federation/v1/make_leave/|/_matrix/federation/v1/send_join/|/_matrix/federation/v2/send_join/|/_matrix/federation/v1/send_leave/|/_matrix/federation/v2/send_leave/|/_matrix/federation/v1/invite/|/_matrix/federation/v2/invite/|/_matrix/federation/v1/query_auth/|/_matrix/federation/v1/event_auth/|/_matrix/federation/v1/exchange_third_party_invite/|/_matrix/federation/v1/user/devices/|/_matrix/federation/v1/send/|/_matrix/federation/v1/get_groups_publicised$|/_matrix/key/v2/query|/_matrix/federation/v1/groups/) { + proxy_pass http://127.0.0.1:{{ federation_worker.port }}$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} + location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #}