Slavi Pantaleev
49da9c76ac
Merge pull request #1782 from etkecc/matrix-bot-buscarron
...
add matrix-bot-buscarron
2022-04-25 09:44:35 +03:00
Aine
290754371a
add matrix-bot-buscarron
2022-04-23 16:19:24 +03:00
Andrea Tartaglia
68424e68e5
feat: make synapse htpasswd file path configurable
...
When setting `matrix_nginx_proxy_enabled: false` and enabling authentication on the metrics endpoint, the htpasswd file is hardcoded to the nginx-proxy container dir, this changes the hardcoded value to a variable so the path can be updated
2022-04-23 11:13:36 +01:00
borisrunakov
acaebfbf67
optional media cache with range requests support ( #1759 )
2022-04-21 10:31:26 +03:00
Slavi Pantaleev
3b9d5b13e9
Add support for not serving Dendrite federation APIs on the client port
...
Seems like Dendrite encourages serving both the Client and Federation
API at the same port.
Coming from Synapse and how things are done there, we have separate
ports. Using separate ports probably makes matrix-corporal (etc.)
integration easier, so separating the APIs by default probably makes
sense.
2022-01-07 15:59:35 +02:00
Slavi Pantaleev
ecc237bbad
Initial work on getting nginx reverse proxying working with Dendrite
2022-01-07 15:59:35 +02:00
rakshazi
5788a16a2e
added matrix-client-cinny
2022-01-05 18:33:21 +02:00
Slavi Pantaleev
3a9fe48deb
Make matrix-nginx-proxy's X-Forwarded-For header customizable
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1393
2021-11-24 11:32:06 +02:00
Aaron Raimist
f8fe68b385
Allow workers to serve new v3 APIs
...
1f196f59cb
2021-11-17 14:54:49 +00:00
JokerGermany
c0656448f7
Port 80 for IPv6
2021-11-13 01:18:22 +01:00
b
6eaa8ac65a
add server_name to matrix-synapsel.conf only if matrix_nginx_proxy_enabled
2021-11-05 15:31:10 +02:00
Kim Brose
5f6bbafa17
fix space before tab in indent
2021-10-24 16:00:42 +02:00
HarHarLinks
4209c4208c
add own variable for worker metrics
...
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1311#issuecomment-945718866
2021-10-20 12:51:00 +02:00
HarHarLinks
d9fa2f7ed4
add auto proxy synapse worker metrics
...
when matrix_nginx_proxy_proxy_synapse_metrics is enabled
2021-10-04 21:44:50 +02:00
Slavi Pantaleev
31396f0615
Merge pull request #1295 from nogweii/feat-support-upstream-https-forwarded
...
Support trusting the upstream server when it says the protocol is HTTPS
2021-09-26 09:54:15 +03:00
Aaron Raimist
a676b5358c
Fix hydrogen OCSP typo
...
From 6f80292745
2021-09-24 20:09:06 -05:00
Colin Shea
2578ca4cee
rename matrix_nginx_proxy_x_forwarded_header_value -> matrix_nginx_proxy_x_forwarded_proto_value
2021-09-24 05:22:30 -07:00
Colin Shea
d0cd67044e
replace $scheme with X-Forwarded-Proto when enabled
2021-09-24 05:14:38 -07:00
Michael Collins
2e30802b87
use group variables instead
2021-08-11 15:21:09 +08:00
Michael Collins
8238d65e5f
simplify template conditional
2021-08-11 14:19:19 +08:00
Michael Collins
bfb61e776e
GMH v0.5.7... maybe!
2021-08-10 12:58:10 +08:00
Slavi Pantaleev
4105ba854b
Merge pull request #1147 from datenkollektiv-net/allow-custom-federation-fqn
...
Make federation domain customizable
2021-07-20 09:12:16 +03:00
JokerGermany
9345d840be
root path for the base domain is wrong ( #1189 )
...
* root path for the base domain
* Fix path when running in a container
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2021-07-20 08:48:11 +03:00
Slavi Pantaleev
6294e58304
Fix Content-Security-Policy for Element
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154
According to
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ,
having both a header and the `<meta>`-tag provided by Element itself is
not a problem. The 2 CSP policies get combined.
2021-07-01 12:41:05 +03:00
oxmie
5df4d68829
Make federation domain customizable
2021-06-30 23:02:27 +02:00
sakkiii
0217644b48
Content-Security-Policy For Element Web
...
https://github.com/vector-im/element-web#configuration-best-practices
2021-06-18 23:27:23 +05:30
Slavi Pantaleev
4880dcceb0
Fix OCSP-stapling-related errors due to missing resolver
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-28 11:14:33 +03:00
Slavi Pantaleev
1ed0857019
Fix syntax error
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024
2021-05-25 11:45:17 +03:00
sakkiii
4a4a7f136e
changes added to hydrogen client
2021-05-25 11:42:51 +05:30
sakkiii
25e67b51d1
Merge branch 'spantaleev:master' into master
2021-05-25 11:40:56 +05:30
sakkiii
3436f9c10a
rename to matrix_nginx_proxy_hsts_preload_enabled
2021-05-25 00:56:59 +05:30
sakkiii
df2d91970d
matrix_nginx_proxy_xss_protection
2021-05-24 17:02:47 +05:30
Slavi Pantaleev
6f80292745
Add OCSP stapling support and other SSL optimizations to Hydrogen vhost
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-21 13:40:37 +03:00
Aaron Raimist
04548f8df2
Merge branch 'master' into hydrogen
2021-05-21 04:09:18 -05:00
Aaron Raimist
9437f78c9e
Build using custom config.json, add CSP, update to 0.1.53
2021-05-21 03:45:21 -05:00
sakkiii
e9b878b9e9
Optimize SSL session
2021-05-18 19:39:43 +05:30
Slavi Pantaleev
e6afa05f7b
Enable OCSP stapling for the federation port
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
Not sure if this is beneficial though.
2021-05-18 08:15:42 +03:00
Slavi Pantaleev
57a6a98a50
Fix incorrect SSL certificate path
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-18 07:58:47 +03:00
Slavi Pantaleev
b9c4e8ce16
Merge pull request #1057 from sakkiii/ssl_staple
...
Enable OCSP Stapling
2021-05-18 07:50:35 +03:00
sakkiii
d31b55b2a7
SSL-enabled block only
2021-05-18 03:24:06 +05:30
Slavi Pantaleev
e4dd933cf0
Make missing /_synapse/admin correctly return 404 responses
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058
We may try to capture such calls and return a friendlier response (HTML
or JSON) saying "The Synapse Admin API is not enabled", but that may not
be desirable.
For now, we stick to what "upstream" recommends: "simply
don't proxy these APIs", which should lead to the same kind of 404 that
we have now.
See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints)
2021-05-17 11:45:35 +03:00
sakkiii
c05021640d
Enable OCSP Stapling
2021-05-15 15:57:05 +05:30
Aaron Raimist
ca361af616
Add Hydrogen
2021-05-15 04:23:36 -05:00
sakkiii
29cf6a0087
Merge branch 'spantaleev:master' into master
2021-05-10 15:10:18 +05:30
sakkiii
bb0810302d
Merge branch 'spantaleev:master' into master
2021-05-07 23:03:55 +05:30
Béla Becker
b10655ebb1
Jitsi XMPP Websocket support
...
Jitsi-meet enabled websockets by default, claiming better reliability.
Matrix-nginx-proxy configuration has been set up according to the
Prosody documentation: https://prosody.im/doc/websocket
2021-05-05 19:10:58 +02:00
sakkiii
40fe6bd5c1
variable matrix_nginx_proxy_hsts_preload_enable added
2021-04-24 20:04:20 +05:30
Slavi Pantaleev
389dc26615
Fix Synapse generic worker balancing
...
Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022
2021-04-24 11:52:45 +03:00
sakkiii
5b4fdf9b87
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
2021-04-24 12:15:34 +05:30
sakkiii
0ccf0fbf1c
HSTS preload + X-XSS enables
...
**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts ) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.
2021-04-24 12:12:34 +05:30