Commit graph

2653 commits

Author SHA1 Message Date
Slavi Pantaleev c7e9f04756
Merge pull request #936 from irregulator/nginx_check_cors
matrix-nginx-proxy: specify Origin header, comply with CORS
2021-03-15 14:49:23 +02:00
Alexandros Afentoulis 28c255539c matrix-nginx-proxy: specify Origin header, comply with CORS
Self-checks against the .well-known URIs look for the HTTP header
"Access-Control-Allow-Origin" indicating that the remode endpoint
supports CORS. But the remote server is not required to include
said header in the response if the HTTP request does not include
the "Origin" header. This is in accordance with the specification
[1] stating: 'A CORS request is an HTTP request that includes an
"Origin" header.'

This is in fact true for Gitlab pages hosting and that's why the
issue was identified.

Let's specify "Origin" header in the respective uri tasks performing
the HTTP request and ensure a CORS request.

[1] https://fetch.spec.whatwg.org/#http-requests
2021-03-15 14:24:55 +02:00
Yannick Goossens 9f95cef494 Change value of client_secret to avoid confusion 2021-03-15 13:08:59 +01:00
Yannick Goossens bfe0ca6cf8 Update docs, remove hard coded matrix_domain 2021-03-15 13:04:31 +01:00
Slavi Pantaleev 7215fd4319
Merge pull request #933 from pmontepagano/fork/require-auth-synapse-configs
Adding vars to synapse for private servers
2021-03-15 08:03:43 +02:00
Michael 5a1f3b7d67 GMH v0.3.0 2021-03-14 14:35:38 +08:00
Pablo Montepagano 52fe8a05b0 Adding vars to synapse for private servers. 2021-03-14 00:39:44 -03:00
Yannick Goossens 7d6bf446a3 Added a link to the doc in the README 2021-03-12 16:57:49 +01:00
Yannick Goossens 86cf5d8c74 api_key doesn't seem to work for the imgur service, using client_id works 2021-03-12 15:57:23 +01:00
Yannick Goossens a640d8f9a6 Remove hard coded references to homeserver and matrix domain 2021-03-12 15:36:13 +01:00
Yannick Goossens 9689948e73 Use the matrix_domain var for the AcceptVerificationFromUsers field 2021-03-12 14:59:42 +01:00
Yannick Goossens 49028f1b05 Added |to_json to the config.yaml template 2021-03-12 14:55:57 +01:00
Yannick Goossens aaf93cb9fd Fix indentation spaces to tabs 2021-03-12 11:11:10 +01:00
Yannick Goossens 20c6bd686e Added the matrix_bot_go_neb_container_http_host_bind_port variable to allow the container to expose its listen port 2021-03-12 11:10:00 +01:00
Yannick Goossens ce14e3e8af Enable the bot in the role and disable it in the group_vars 2021-03-12 11:03:13 +01:00
Yannick Goossens 7d1d3b47bc Fix the description on the service file 2021-03-12 10:31:08 +01:00
Yannick Goossens 51e2547484 Added support for the Go-NEB bot 2021-03-11 19:23:01 +01:00
Slavi Pantaleev 9b72384df7 Upgrade Synapse (1.28.0 -> 1.29.0) 2021-03-08 17:24:09 +02:00
Slavi Pantaleev f0698ee641 Do not overwrite X-Forwarded-For when reverse-proxying to Synapse
We have a flow like this:
1. matrix.DOMAIN vhost (matrix-domain.conf)
2. matrix-synapse vhost (matrix-synapse.conf); or matrix-corporal container, if enabled
3. (optional) matrix-synapse vhost (matrix-synapse.conf), if matrix-corporal enabled
4. matrix-synapse container

We are setting `X-Forwarded-For` correctly in step #1, but were
overwriting it in step #2 with something inaccurate.

Not doing anything in step #2 is better than doing the wrong thing.
It's probably best if we append another reverse-proxy address there
though, although what we're doing now (with this patch) seems to yield
the correct result (when matrix-corporal is not enabled).

When matrix-corporal is enabled, we still seem to do the wrong thing for
some reason. It's something to be fixed later on.
2021-03-08 17:24:09 +02:00
Slavi Pantaleev 5516bc8896
Merge pull request #923 from aaronraimist/patch-1
Make steps in configuring-playbook.md numbered
2021-03-07 09:53:49 +02:00
Aaron Raimist df5cbcc2e1
Make steps in configuring-playbook.md numbered
instead of bullet points which make it more difficult to tell whether or not you completed all of the steps
2021-03-06 12:35:12 -06:00
foxcris 88d59f97c2 - 2021-03-06 11:43:59 +01:00
Slavi Pantaleev 11f8b5f3a7
Merge pull request #916 from jokey2k/patch-2
Adjust wait timeout
2021-03-05 10:43:36 +02:00
Markus Ullmann be23249f4b
Adjust wait timeout
During first setup postgres takes its time to get up and running, resulting in "postgres in startup" exceptions from synapse if you run without additional services that come in between. Hence suggesting increasing the time a bit to avoid having an error which heals itself and thus is hard to spot for newcomers.
2021-03-02 20:07:59 +01:00
Slavi Pantaleev 7d1522d884 Add Ko-fi donation link 2021-03-02 13:29:04 +02:00
Slavi Pantaleev 0f647594ac
Merge pull request #915 from SierraKiloBravo/add-nginx-worker-config
Added nginx proxy worker configuration to template and defaults
2021-03-02 13:04:28 +02:00
SierraKiloBravo 0de0716527 Added nginx proxy worker configuration to template and defaults 2021-03-02 11:30:09 +01:00
Slavi Pantaleev 31d2e013f7 Fix typo 2021-03-02 08:02:31 +02:00
Slavi Pantaleev 009efdad49 Fix matrix.DOMAIN/_synapse/metrics exposing
This is something that got lost during
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456
and more specifically 4d62a75f6f.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/914
2021-03-02 07:59:59 +02:00
Slavi Pantaleev a25b8135b8 Fix point overlap between matrix-domain and Jitsi
Mostly affects people who disable the integrated `matrix-nginx-proxy`.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456
and more specifically 4d62a75f6f.
2021-03-01 20:27:45 +02:00
Slavi Pantaleev c527f2930e Upgrade Element (1.7.21 -> 1.7.22) 2021-03-01 15:53:54 +02:00
Slavi Pantaleev fef6d57626 Remove alembic migrations for mautrix-facebook
They're gone now: b8ce80e476
2021-02-28 18:42:31 +02:00
Michael f4e462af51 Merge remote-tracking branch 'upstream/master' 2021-02-28 22:37:49 +08:00
Michael 33ec5710d9 0.2.1 revision 2021-02-28 22:21:40 +08:00
Slavi Pantaleev c8d4a42367
Merge pull request #910 from hardye/le-timers-update
Run Let's Encrypt renewal checks daily instead of weekly.
2021-02-28 11:55:00 +02:00
Hardy Erlinger f4930d789e Run Let's Encrypt renewal checks daily instead of weekly.
This ensures more timely updates of certifcates.
2021-02-27 21:11:22 +01:00
Slavi Pantaleev 6baa91dd9f Do not delete matrix-ssl-lets-encrypt-certificates-renew only to recreate it later
This seems to have been added to the list of "deprecated files to
remove" by mistake.
2021-02-26 13:37:51 +02:00
Slavi Pantaleev ccf5915874 Upgrade Synapse for ARM64 (v1.26.0 -> v1.28.0) 2021-02-25 19:09:46 +02:00
Slavi Pantaleev ae091d7b2d Upgrade Synapse (v1.27.0 -> v1.28.0) 2021-02-25 13:40:35 +02:00
Slavi Pantaleev 1ef683d366 Make nginx proxy config (when disabled) obey matrix_federation_public_port
People who were disabling matrix-nginx-proxy (in favor of their own
nginx webserver) and also overriding `matrix_federation_public_port`,
found that the generated nginx configuration still hardcoded `8448`,
which forced their nginx server to use that, regardless of the fact
that `matrix_federation_public_port` was pointing elsewhere.

We now allow for the in-container federation port to be configurable,
and also automatically wire things properly.
2021-02-24 08:19:20 +02:00
Slavi Pantaleev 2ef1d9c537 Make healthchecks work for Synapse worker containers
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456
2021-02-24 07:59:14 +02:00
Slavi Pantaleev f9a0ec6fd1 Fix some bridges failing when Synapse workers enabled
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/904
2021-02-23 13:17:52 +02:00
Slavi Pantaleev 8f7f45d6e4 Revert "trust the reverse proxy by default"
This reverts commit fd3d48bb6d.

Normally this environment variable gets referred to from `settings.json.docker`,
but we have our own full configuration, which hardcodes `"trustProxy": true`,
thus making this useless.

This has been pointed out here:
fd3d48bb6d (commitcomment-47403097)
2021-02-22 13:03:09 +02:00
Slavi Pantaleev 50ec607433
Merge pull request #902 from tctovsli/patch-2
Added paragraph about updating DNS to get stats
2021-02-22 11:54:06 +02:00
tctovsli 2b96fb0cf1
Added paragraph about updating DNS to get stats
This document didn't describe that it is necessary to have a DNS-entry for stats sub-domain.
2021-02-22 10:32:02 +01:00
Slavi Pantaleev fd18769e55
Merge pull request #901 from marcquark/backup_postgres
Recommend a better way of backing up postgres
2021-02-22 08:37:21 +02:00
Slavi Pantaleev ca22355910
Update backup docs a bit 2021-02-22 08:36:42 +02:00
Marc Leuser 53869ac14a recommend a better way of backing up postgres
don't spawn an extra container
run pg_dumpall within matrix-postgres instead, ensures correct version
store under /matrix so a backup of the folder will contain a DB dump
use absolute paths just in case something in the ENV is messed up
2021-02-21 21:38:20 +01:00
Slavi Pantaleev 994afcfeb0
Merge pull request #899 from gsouquet/patch-2
Update lower power config example
2021-02-21 14:05:56 +02:00
Germain 6768bdcf81
Update lower power config example
All other examples show the config to lower the memory usage on the server
2021-02-21 11:57:05 +00:00