teutat3s
3da97e4750
Merge branch 'master' into pub.solar
2021-05-22 17:51:13 +02:00
Slavi Pantaleev
6f80292745
Add OCSP stapling support and other SSL optimizations to Hydrogen vhost
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-21 13:40:37 +03:00
Aaron Raimist
04548f8df2
Merge branch 'master' into hydrogen
2021-05-21 04:09:18 -05:00
Aaron Raimist
9437f78c9e
Build using custom config.json, add CSP, update to 0.1.53
2021-05-21 03:45:21 -05:00
teutat3s
431fcfd9d3
Merge branch 'master' into pub.solar
2021-05-19 02:40:02 +02:00
sakkiii
e9b878b9e9
Optimize SSL session
2021-05-18 19:39:43 +05:30
Slavi Pantaleev
e6afa05f7b
Enable OCSP stapling for the federation port
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
Not sure if this is beneficial though.
2021-05-18 08:15:42 +03:00
Slavi Pantaleev
57a6a98a50
Fix incorrect SSL certificate path
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-18 07:58:47 +03:00
Slavi Pantaleev
b9c4e8ce16
Merge pull request #1057 from sakkiii/ssl_staple
...
Enable OCSP Stapling
2021-05-18 07:50:35 +03:00
sakkiii
d31b55b2a7
SSL-enabled block only
2021-05-18 03:24:06 +05:30
Slavi Pantaleev
e4dd933cf0
Make missing /_synapse/admin correctly return 404 responses
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058
We may try to capture such calls and return a friendlier response (HTML
or JSON) saying "The Synapse Admin API is not enabled", but that may not
be desirable.
For now, we stick to what "upstream" recommends: "simply
don't proxy these APIs", which should lead to the same kind of 404 that
we have now.
See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints)
2021-05-17 11:45:35 +03:00
sakkiii
c05021640d
Enable OCSP Stapling
2021-05-15 15:57:05 +05:30
Aaron Raimist
ca361af616
Add Hydrogen
2021-05-15 04:23:36 -05:00
Jhonas Wernery
f1d6fbce35
Merge branch 'master' into pub.solar
2021-05-11 01:40:47 +02:00
Béla Becker
b10655ebb1
Jitsi XMPP Websocket support
...
Jitsi-meet enabled websockets by default, claiming better reliability.
Matrix-nginx-proxy configuration has been set up according to the
Prosody documentation: https://prosody.im/doc/websocket
2021-05-05 19:10:58 +02:00
Jhonas Wernery
be8e588001
Merge branch 'master' into pub.solar
2021-05-03 21:58:28 +02:00
Slavi Pantaleev
389dc26615
Fix Synapse generic worker balancing
...
Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022
2021-04-24 11:52:45 +03:00
Slavi Pantaleev
e00ef04b57
Add opt-out-of-FLoC headers by default
2021-04-21 13:58:24 +03:00
Slavi Pantaleev
4a1739f604
Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version
...
Don't expose nginx version with each response
2021-04-18 21:33:11 +03:00
teutat3s
2bf7c26cfa
Don't expose nginx version with each response
2021-04-18 16:24:13 +02:00
sakkiii
1958d0792d
Update matrix-client-element.conf.j2
2021-04-17 21:33:07 +05:30
sakkiii
b6d45c5fd8
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
2021-04-17 21:03:26 +05:30
sakkiii
05042f5ff1
Improve security grafana
...
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy )
2021-04-17 21:03:05 +05:30
sakkiii
5dc642ace1
Nginx element web: XSS protection & nosniff header
...
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
2021-04-16 14:45:04 +05:30
teutat3s
7ac348e705
Add mastodon .well-known redirect for pub.solar
2021-04-07 23:41:37 +02:00
teutat3s
9f45a11f84
Merge branch 'master' into pub.solar
2021-04-07 23:10:22 +02:00
teutat3s
8c261b296b
Merge branch 'master' into pub.solar
2021-03-30 19:59:14 +02:00
Christoph Johannes Kleine
fcd66b2889
rename variables
2021-03-30 16:41:32 +02:00
Christoph Johannes Kleine
3a772f2f65
matrix-nginx-proxy: add custom nginx options to nginx.conf.j2
2021-03-30 14:11:20 +02:00
Slavi Pantaleev
9a0222fa47
Add Sygnal support
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
2021-03-20 13:32:22 +02:00
Aaron Raimist
32b3650c12
Set X-Forwarded-Proto on federation requests
2021-03-17 18:51:10 -05:00
Slavi Pantaleev
011e95c1d2
Merge pull request #893 from GoMatrixHosting/master
...
matrix-awx - the GoMatrixHosting v0.3.0 initial PR
2021-03-16 08:40:15 +02:00
Yannick Goossens
51e2547484
Added support for the Go-NEB bot
2021-03-11 19:23:01 +01:00
teutat3s
4e1ddb23cf
Merge branch 'master' into pub.solar
2021-03-08 19:26:17 +01:00
Slavi Pantaleev
9b72384df7
Upgrade Synapse (1.28.0 -> 1.29.0)
2021-03-08 17:24:09 +02:00
Slavi Pantaleev
f0698ee641
Do not overwrite X-Forwarded-For when reverse-proxying to Synapse
...
We have a flow like this:
1. matrix.DOMAIN vhost (matrix-domain.conf)
2. matrix-synapse vhost (matrix-synapse.conf); or matrix-corporal container, if enabled
3. (optional) matrix-synapse vhost (matrix-synapse.conf), if matrix-corporal enabled
4. matrix-synapse container
We are setting `X-Forwarded-For` correctly in step #1 , but were
overwriting it in step #2 with something inaccurate.
Not doing anything in step #2 is better than doing the wrong thing.
It's probably best if we append another reverse-proxy address there
though, although what we're doing now (with this patch) seems to yield
the correct result (when matrix-corporal is not enabled).
When matrix-corporal is enabled, we still seem to do the wrong thing for
some reason. It's something to be fixed later on.
2021-03-08 17:24:09 +02:00
SierraKiloBravo
0de0716527
Added nginx proxy worker configuration to template and defaults
2021-03-02 11:30:09 +01:00
Slavi Pantaleev
a25b8135b8
Fix point overlap between matrix-domain and Jitsi
...
Mostly affects people who disable the integrated `matrix-nginx-proxy`.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456
and more specifically 4d62a75f6f
.
2021-03-01 20:27:45 +02:00
Michael
33ec5710d9
0.2.1 revision
2021-02-28 22:21:40 +08:00
Hardy Erlinger
f4930d789e
Run Let's Encrypt renewal checks daily instead of weekly.
...
This ensures more timely updates of certifcates.
2021-02-27 21:11:22 +01:00
Slavi Pantaleev
1ef683d366
Make nginx proxy config (when disabled) obey matrix_federation_public_port
...
People who were disabling matrix-nginx-proxy (in favor of their own
nginx webserver) and also overriding `matrix_federation_public_port`,
found that the generated nginx configuration still hardcoded `8448`,
which forced their nginx server to use that, regardless of the fact
that `matrix_federation_public_port` was pointing elsewhere.
We now allow for the in-container federation port to be configurable,
and also automatically wire things properly.
2021-02-24 08:19:20 +02:00
teutat3s
e740692807
Merge branch 'master' into pub.solar
2021-02-23 19:46:19 +01:00
Michael
4c882c513b
initial PR
2021-02-20 17:19:17 +08:00
Slavi Pantaleev
eaea215282
Allow Synapse workers to be used with an external nginx webserver
...
We're talking about a webserver running on the same machine, which
imports the configuration files generated by the `matrix-nginx-proxy`
in the `/matrix/nginx-proxy/conf.d` directory.
Users who run an nginx webserver on some other machine will need to do
something different.
2021-02-19 11:36:48 +02:00
Slavi Pantaleev
d6c4d41c2b
Define instanceId property on workers
...
This give us the possibility to run multiple instances of
workers that that don't expose a port.
Right now, we don't support that, but in the future we could
run multiple `federation_sender` or `pusher` workers, without
them fighting over naming (previously, they'd all be named
something like `matrix-synapse-worker-pusher-0`, because
they'd all define `port` as `0`).
2021-02-18 18:19:51 +02:00
Slavi Pantaleev
5cfeae806b
Merge branch 'master' into synapse-workers
2021-02-14 13:00:57 +02:00
Peetz0r
989100b1c1
Grafana nginx proxy config
2021-02-10 22:54:14 +01:00
teutat3s
831aabaa87
Merge branch 'master' into pub.solar
2021-02-05 14:51:51 +01:00
Slavi Pantaleev
889b299bc2
Merge pull request #804 from pushytoxin/matrix-etherpad
...
Self-hosted Etherpad
2021-01-31 09:55:46 +02:00
Slavi Pantaleev
d98a1ceadd
Merge branch 'master' into synapse-workers
2021-01-27 10:27:17 +02:00