Commit graph

3576 commits

Author SHA1 Message Date
Slavi Pantaleev 7310498f71 Update certbot 2018-09-06 18:23:16 +03:00
Slavi Pantaleev 49e0d0e6db Update dependencies 2018-09-06 18:13:06 +03:00
Slavi Pantaleev 7428b941c8 Remove old s3fs stuff
We've been using Goofys for a long time instead.
2018-08-29 10:14:48 +03:00
Slavi Pantaleev e2c25bbb02 Update README 2018-08-29 10:12:48 +03:00
Slavi Pantaleev 09a41dd3ea Fix systemctl command to avoid wildcard expansion 2018-08-29 09:42:59 +03:00
Slavi Pantaleev 9e91d5059f Fix wording 2018-08-29 09:41:24 +03:00
Slavi Pantaleev 23e4a4734b Switch from acmetool to certbot for SSL certificate retrieval 2018-08-29 09:37:44 +03:00
Slavi Pantaleev d5346656e3 Use 0.16.1 for riot-web, as the image for 0.16.2 is still unavailable 2018-08-29 08:46:21 +03:00
Slavi Pantaleev e9d2e7455b Update README 2018-08-26 18:12:24 +03:00
Slavi Pantaleev 51ac3421b5 Update matrix-corporal (1.0.1 -> 1.1) 2018-08-24 17:13:58 +03:00
Slavi Pantaleev 314ff09846 Update dependencies 2018-08-24 10:01:25 +03:00
Slavi Pantaleev 92e6fdd279 Update dependencies 2018-08-23 08:35:38 +03:00
Slavi Pantaleev 861957b6f1 Add missing when statement 2018-08-23 08:35:30 +03:00
Slavi Pantaleev 5398d80f01 Add support for matrix-corporal 2018-08-21 13:34:34 +03:00
Slavi Pantaleev 76e904eb70 Fix broken link in changelog 2018-08-20 21:27:19 +03:00
Slavi Pantaleev 02d5b54fa5 Add controls for influencing Matrix Synapse's rate-limiting 2018-08-20 21:25:06 +03:00
Slavi Pantaleev 3577a42f61 Update README 2018-08-20 17:30:05 +03:00
Slavi Pantaleev 14d7d3e670 Add support for matrix-synapse-shared-secret-auth 2018-08-20 17:11:55 +03:00
Slavi Pantaleev f72882fe1a Fix user registration regression
Regression since a302a7d748,
which made the Matrix Client API only available on
the http port (8008) and not over the federation port (8448).
2018-08-17 12:23:25 +03:00
Slavi Pantaleev b0f1a1c80f Fix nginx warning: adding already-default text/html to gzip_types 2018-08-17 10:44:34 +03:00
Slavi Pantaleev 832a4d71c1 Default to INFO logging for matrix-synapse-rest-auth, not DEBUG 2018-08-17 09:35:52 +03:00
Slavi Pantaleev 21a108262f Remove some leftover debug statements 2018-08-17 09:30:41 +03:00
Slavi Pantaleev 25becc63d5 Minor fixups for the matrix-synapse-rest-auth handling 2018-08-17 09:25:54 +03:00
Slavi Pantaleev 2b2e996cf9 Fix typo 2018-08-17 09:04:20 +03:00
Slavi Pantaleev ea43d46b70 Add matrix-synapse-rest-auth support 2018-08-17 09:02:17 +03:00
Slavi Pantaleev 7e543f32d9 Add LICENSE file 2018-08-17 09:01:06 +03:00
Slavi Pantaleev df79901f8b Improve compression support 2018-08-17 08:00:38 +03:00
Slavi Pantaleev a302a7d748 Only run federation on 8448 and client on 80
This disables federation on the 80 port, as it's
not necessary. We also disable the old Angular webclient.

For the federation port (8448), we disable the client APIs
as those are not necessary. Those can even cause trouble
if one doesn't know about them and thinks that guarding the client
APIs at the 80 port is enough.
2018-08-17 07:55:58 +03:00
Slavi Pantaleev 1a97a30019 Update README 2018-08-15 11:41:53 +03:00
Slavi Pantaleev 74093dfb15 Add mxisd Identity Server support 2018-08-15 10:46:13 +03:00
Slavi Pantaleev 617712000e Minor wording improvements 2018-08-15 10:19:31 +03:00
Slavi Pantaleev dcf19154b2 Update README 2018-08-15 09:02:29 +03:00
Slavi Pantaleev f3267479b8 Update README 2018-08-15 09:01:41 +03:00
Slavi Pantaleev 1c71cb110e Change SSL certificate obtaining a bit 2018-08-14 14:50:10 +03:00
Slavi Pantaleev 21da2f572b Add email-sending support 2018-08-14 14:47:44 +03:00
Slavi Pantaleev cab54879d1 Update dependencies 2018-08-11 09:44:11 +03:00
Slavi Pantaleev 084a0a0e53 Minor consistency improvement 2018-08-08 10:47:03 +03:00
Slavi Pantaleev f254aaf44a Improve wording a bit 2018-08-08 10:10:16 +03:00
Slavi Pantaleev 30c53cdea2 Split README into a bunch of files in docs/ 2018-08-08 10:07:02 +03:00
Slavi Pantaleev 700602eed3 Rename a bunch of playbook variables for better consistency 2018-08-08 09:17:18 +03:00
Slavi Pantaleev 336785d1ed Rename Ansible playbook tag (setup-main -> setup-all) 2018-08-08 09:03:37 +03:00
Slavi Pantaleev 3fd6fd647f Put all containers in their own isolated Docker network (matrix)
Moving away from using the default bridge network to using our own.
This isolates our services from other Docker containers running
on the default network on the same host.

The benefits are that:

- isolation is a little better - we no longer share a default
bridge network with any other containers that might be running on the host

- there are no longer hard dependencies - we do service discovery
by DNS name, and not via explicit `--link` usage during container start,
so containers can start out of order and fail without bringing down others
with them
(`matrix-nginx-proxy` can continue running, even if one of the other services dies)

In the future, when other services get introduced,
the increased resilience and simplicity will help as well.
2018-08-08 08:57:48 +03:00
Slavi Pantaleev b88fe971d6 Fix matrix-nginx-proxy.service dependency on riot-web, if riot-web disabled 2018-08-07 15:39:57 +03:00
Slavi Pantaleev cdf4eefdf9 Fix typos 2018-08-07 15:08:46 +03:00
Slavi Pantaleev f6950612a5 Upgrade dependencies 2018-08-02 21:26:25 +03:00
Slavi Pantaleev 6cb14be162 Upgrade dependencies 2018-07-30 16:18:17 +03:00
Slavi Pantaleev ae7e8e61c6 Update dependencies 2018-07-20 08:28:02 -04:00
Slavi Pantaleev e4d0a68460 Update riot-web (0.15.5 -> 0.15.6) 2018-06-30 18:51:25 +03:00
Slavi Pantaleev 839b401b28 Set up Synapse configuration using a template (not line/regexp replacements)
Until now, we were starting from a fresh configuration, as generated
by Synapse and manipulating it with regex and line replacements,
until we made it work.

This is more fragile and less predictable, so we're moving to a static
configuration file generated from a Jinja template.

The upside is that configuration will be stable and predictable.

The downside of this new approach is that any manual configuration changes
after the playbook is done, will be thrown away on future playbook
invocations.

There are 2 ways to work around the need for manual configuration
changes though:
- making them part of this playbook and its default template
configuration files (which benefits everyone)
- going your own way for a given host and overriding the template files
that gets used (that is, the
`matrix_synapse_template_synapse_homeserver` or
`matrix_synapse_template_synapse_log` variables)
2018-06-26 21:05:59 +03:00
Slavi Pantaleev add8169c33 Remove deprecated "ssl" directive from nginx configuration 2018-06-26 20:43:57 +03:00