pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
5251 commits 2 branches 0 tags 16 MiB
Commit graph

445 commits

Author SHA1 Message Date
borisrunakov acaebfbf67
optional media cache with range requests support (#1759) 2022-04-21 10:31:26 +03:00
teutat3s 1f15b4cad2
Merge branch 'master' into pub.solar 2022-04-18 18:28:31 +02:00
Slavi Pantaleev 0364c6c634 Suppress old container cleanup (kill/rm) failures 
People often report and ask about these "failures".
More-so previously, when the `docker kill/rm` output was collected,
but it still happens now when people do `systemctl status
matrix-something` and notice that it says "FAILURE".

Suppressing to avoid further time being wasted on saying "this is
expected".
 2022-04-11 09:05:33 +03:00
Yan Minagawa b982733a8a
fix typo in document path for the proxy 2022-04-09 19:41:48 +07:00
teutat3s 80f94fd344
Merge branch 'master' into pub.solar 2022-03-23 13:32:55 +01:00
Slavi Pantaleev 0d6c0f5df2
Merge pull request #1705 from HarHarLinks/master 
Fix index in external_prometheus.yml.example.j2
 2022-03-18 08:46:15 +02:00
Kim Brose 5ed23e81ef
Fix index in external_prometheus.yml.example.j2 
For an unknown reason prometheus ignored the given "numeric" index and replaced it by 1. This made it not work properly, plus multiple workers of same types were not differentiable. With a "string" index, it works as intended.
 2022-03-17 18:37:37 +01:00
Aine 2da3768b20
Added retries to the docker pulls (#1701) 2022-03-17 17:37:11 +02:00
Alejo Diaz 4ec24ec344
Add support for obtain ECDSA keys (#1667) 
* Add support for obtain ECDSA keys

* Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type
 2022-03-03 18:15:39 +02:00
teutat3s 1378e779ce
Merge branch 'master' into pub.solar 2022-02-23 11:35:26 +01:00
GoliathLabs e53cc026d0
Updated: certbot to v1.23.0 2022-02-22 12:50:21 +01:00
teutat3s 5816d61793
Merge branch 'master' into pub.solar 2022-02-09 17:23:27 +01:00
Marko Weltzer 819574b8ba
Merge branch 'spantaleev:master' into master 2022-02-05 21:37:53 +01:00
Marko Weltzer 7e5b88c3b7 fix: all praise the allmighty yamllinter 2022-02-05 21:32:54 +01:00
Slavi Pantaleev 86c36523df Replace ExecStopPost with ExecStop 
Reverts b1b4ba501f, 90c9801c56, a3c84f78ca, ..

I haven't really traced it (yet), but on some servers, I'm observing
`ansible-playbook ... --tags=start` completing very slowly, waiting
to stop services. I can't reproduce this on all Matrix servers I manage.
I suspect that either the systemd version is to blame or that some
specific service is not responding well to some `docker kill/rm` command.

`ExecStop` seems to work great in all cases and it's what we've been
using for a very long time, so I'm reverting to that.
 2022-02-05 12:13:36 +02:00
GoliathLabs 33851f1dfa
Updated: nginx to 1.21.6-alpine 2022-02-05 10:58:09 +01:00
teutat3s 3b82cf959d
Merge branch 'master' into pub.solar 2022-01-21 17:22:05 +01:00
Wm Salt Hale 3aa8c1f62c only enable openssl if necessary 2022-01-19 21:58:39 -08:00
GoliathLabs b608c3d342
Updated: worker_processes to auto 2022-01-17 10:55:36 +01:00
GoliathLabs 8a66db850e
Updated: Certbot to v1.22.0 2022-01-17 10:53:15 +01:00
teutat3s 3b4880cd68
Merge branch 'master' into pub.solar 2022-01-11 21:04:21 +01:00
Slavi Pantaleev 29bc22a085 Add matrix_nginx_proxy_container_additional_networks 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1498
 2022-01-10 11:51:57 +02:00
Slavi Pantaleev 27a4871aea Fix variable name typo 2022-01-09 12:14:23 +02:00
Slavi Pantaleev 3b9d5b13e9 Add support for not serving Dendrite federation APIs on the client port 
Seems like Dendrite encourages serving both the Client and Federation
API at the same port.

Coming from Synapse and how things are done there, we have separate
ports. Using separate ports probably makes matrix-corporal (etc.)
integration easier, so separating the APIs by default probably makes
sense.
 2022-01-07 15:59:35 +02:00
Slavi Pantaleev ecc237bbad Initial work on getting nginx reverse proxying working with Dendrite 2022-01-07 15:59:35 +02:00
rakshazi 5788a16a2e
added matrix-client-cinny 2022-01-05 18:33:21 +02:00
Slavi Pantaleev b1b4ba501f Replace ExecStop with ExecStopPost 
ExecStopPost should allow us to clean up (docker kill + docker rm)
even if the ExecStart (docker run ..) command failed, and not just after
a graceful service stop was initiated.

Source: https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStopPost=
 2022-01-04 17:27:25 +02:00
Slavi Pantaleev 8515ac55e6 Upgrade nginx (1.21.4 -> 1.21.5) 2022-01-04 17:04:01 +02:00
Slavi Pantaleev 948c411106 Remove sudo requirement for generating SSL certificates 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1492
 2021-12-30 10:47:06 +02:00
teutat3s 0d0bdb4f7c
Merge branch 'master' into pub.solar 2021-12-22 15:24:11 +01:00
Slavi Pantaleev afd7f03bb5 Minor comment changes 2021-12-17 17:30:40 +02:00
Slavi Pantaleev fa704f104b Add support for using custom ACME CA servers (other than Let's Encrypt') 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1468
 2021-12-17 17:30:21 +02:00
teutat3s 6607221deb
Merge branch 'master' into pub.solar 2021-12-14 10:48:14 +01:00
Slavi Pantaleev 3a9fe48deb Make matrix-nginx-proxy's X-Forwarded-For header customizable 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1393
 2021-11-24 11:32:06 +02:00
teutat3s 8eefd29ec9
Merge branch 'master' into pub.solar 2021-11-23 14:35:44 +01:00
Slavi Pantaleev 3b27ce2ff6
Merge pull request #1404 from aaronraimist/v3 
Allow workers to serve new v3 APIs
 2021-11-19 10:54:47 +02:00
Aaron Raimist f8fe68b385
Allow workers to serve new v3 APIs 
1f196f59cb
 2021-11-17 14:54:49 +00:00
Slavi Pantaleev b4fb819481
Merge pull request #1403 from borisrunakov/rename-matrix-ma1sd-default-port 
remove default from variable name
 2021-11-17 10:35:54 +02:00
boris runakov 394ecb0acc remove default from variable name 2021-11-16 21:14:28 +02:00
boris runakov d3a9ec98de refactoring 2021-11-16 21:03:21 +02:00
boris runakov 1ec67f49b0 replaced 8008 where possible 2021-11-15 22:43:05 +02:00
Slavi Pantaleev 994c0e504c Ensure some matrix-nginx-proxy variables are defined 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1397
 2021-11-15 14:46:44 +02:00
b 07496069c8 rellocating variables for consistency 2021-11-15 12:07:54 +02:00
b 7756cc4c8e replace port 8048 with matrix_synapse_container_default_federation_port 2021-11-14 20:30:13 +02:00
JokerGermany c0656448f7 Port 80 for IPv6 2021-11-13 01:18:22 +01:00
sakkiii cd26af2f6f
Certbot Update (v1.20.0 -> v1.21.0) 2021-11-10 22:58:45 +05:30
sakkiii 7a4f49c457
Nginx Minio Update (1.21.3 -> 1.21.4) 2021-11-10 22:52:23 +05:30
Slavi Pantaleev 735c966ab6 Disable systemd services when stopping to uninstall them 
Until now, we were leaving services "enabled"
(symlinks in /etc/systemd/system/multi-user.target.wants/).

We clean these up now. Broken symlinks may still exist in older
installations that enabled/disabled services. We're not taking care
to fix these up. It's just a cosmetic defect anyway.
 2021-11-10 17:39:21 +02:00
teutat3s 5fd4c7c8a6
Merge branch 'master' into pub.solar 2021-11-09 15:02:53 +01:00
b 6eaa8ac65a add server_name to matrix-synapsel.conf only if matrix_nginx_proxy_enabled 2021-11-05 15:31:10 +02:00
b dcda17595a change port 8090 to matrix_ma1sd_default_port 2021-10-31 21:06:22 +02:00
teutat3s 8960625173
Merge branch 'master' into pub.solar 2021-10-29 13:07:48 +02:00
Slavi Pantaleev 06bcdcf9d2
Merge pull request #1311 from HarHarLinks/master 
add auto proxy synapse worker metrics
 2021-10-25 09:21:11 +03:00
Kim Brose 5f6bbafa17
fix space before tab in indent 2021-10-24 16:00:42 +02:00
HarHarLinks 7b33fc8e19 fixup! auto-generate prometheus.yml for workers metrics 2021-10-20 13:30:38 +02:00
HarHarLinks ce41674e61 auto-generate prometheus.yml for workers metrics 2021-10-20 12:51:00 +02:00
HarHarLinks 4209c4208c add own variable for worker metrics 
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1311#issuecomment-945718866
 2021-10-20 12:51:00 +02:00
teutat3s 646fd386ac
Merge branch 'master' into pub.solar 2021-10-08 01:29:20 +02:00
Slavi Pantaleev 2bf052369d Upgrade certbot (v1.19.0 -> v1.20.0) 2021-10-06 15:14:38 +03:00
Kim Brose 1ba7760ea4
add how to generate htpasswd 
for matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key
resolves #1308
 2021-10-04 22:18:05 +02:00
HarHarLinks d9fa2f7ed4 add auto proxy synapse worker metrics 
when matrix_nginx_proxy_proxy_synapse_metrics is enabled
 2021-10-04 21:44:50 +02:00
Slavi Pantaleev 31396f0615
Merge pull request #1295 from nogweii/feat-support-upstream-https-forwarded 
Support trusting the upstream server when it says the protocol is HTTPS
 2021-09-26 09:54:15 +03:00
Aaron Raimist a676b5358c
Fix hydrogen OCSP typo 
From 6f80292745
 2021-09-24 20:09:06 -05:00
Colin Shea 2578ca4cee rename matrix_nginx_proxy_x_forwarded_header_value -> matrix_nginx_proxy_x_forwarded_proto_value 2021-09-24 05:22:30 -07:00
Colin Shea d0cd67044e replace $scheme with X-Forwarded-Proto when enabled 2021-09-24 05:14:38 -07:00
teutat3s 129bdfc50b
Merge branch 'master' into pub.solar 2021-09-21 16:31:52 +02:00
sakkiii 3055b3996e
Updates Certbot -> v1.19.0, nginx ->1.21.3-alpine 2021-09-14 16:51:01 +05:30
teutat3s 95480b1702
Merge branch 'master' into pub.solar 2021-09-13 15:41:28 +02:00
sakkiii ae6caf158a
Added variable matrix_nginx_proxy_request_timeout (#1265) 
* add timeout param for nginx proxy

default value matrix_nginx_proxy_request_timeout is 60s

* default matrix_nginx_proxy_request_timeout - 60s

* few more variables for request timeout

* Update nginx.conf.j2

* Update nginx.conf.j2
 2021-09-03 10:00:45 +03:00
Slavi Pantaleev a911207854 Revert "nginx update v1.21.2" 
This reverts commit 732051b8fc.

There's no such container image published yet.
 2021-09-03 09:07:58 +03:00
sakkiii 732051b8fc
nginx update v1.21.2 
http://nginx.org/en/CHANGES
 2021-09-03 10:46:21 +05:30
teutat3s 0400690e44
Merge branch 'master' into pub.solar 2021-09-02 12:13:17 +02:00
sakkiii f5a7e6d78b
Certbot update v1.18.0 2021-08-20 19:47:11 +05:30
teutat3s bdac31e10b
Merge branch 'master' into pub.solar 2021-08-17 14:07:17 +02:00
Michael Collins 4d57a41b3f remove matrix_awx_enabled from these 2021-08-11 17:18:57 +08:00
Michael Collins 2e30802b87 use group variables instead 2021-08-11 15:21:09 +08:00
Michael Collins 8238d65e5f simplify template conditional 2021-08-11 14:19:19 +08:00
Michael Collins bfb61e776e GMH v0.5.7... maybe! 2021-08-10 12:58:10 +08:00
teutat3s 9af287513d
Merge branch 'master' into pub.solar 2021-07-28 15:08:06 +02:00
Slavi Pantaleev 4105ba854b
Merge pull request #1147 from datenkollektiv-net/allow-custom-federation-fqn 
Make federation domain customizable
 2021-07-20 09:12:16 +03:00
JokerGermany 9345d840be
root path for the base domain is wrong (#1189) 
* root path for the base domain

* Fix path when running in a container

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2021-07-20 08:48:11 +03:00
teutat3s a501786ce6
Merge branch 'master' into pub.solar 2021-07-16 16:36:51 +02:00
sakkiii 7a51268dfc
Upgrade certbot & nginx 
Upgrade certbot (v1.16.0 -> v1.17.0) nginx (1.21.0 -> 1.21.1)
 2021-07-09 17:51:27 +05:30
teutat3s 67b1b33d39
Merge branch 'master' into pub.solar 2021-07-03 16:06:42 +02:00
Slavi Pantaleev 6294e58304 Fix Content-Security-Policy for Element 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154

According to
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy,
having both a header and the `<meta>`-tag provided by Element itself is
not a problem. The 2 CSP policies get combined.
 2021-07-01 12:41:05 +03:00
oxmie 5df4d68829 Make federation domain customizable 2021-06-30 23:02:27 +02:00
teutat3s 02d578bfa9
Merge branch 'master' into pub.solar 2021-06-27 18:06:08 +02:00
sakkiii 0217644b48
Content-Security-Policy For Element Web 
https://github.com/vector-im/element-web#configuration-best-practices
 2021-06-18 23:27:23 +05:30
teutat3s 8d67ccfae0
Merge branch 'master' into pub.solar 2021-06-18 16:35:44 +02:00
Slavi Pantaleev 963f38ee7b Upgrade certbot (v1.14.0 -> v1.16.0) 2021-06-10 12:18:42 +03:00
teutat3s 061cf83998
Merge branch 'master' into pub.solar 2021-06-06 15:33:23 +02:00
pushytoxin bee14550ab Fix local/bin scripts autocompletion by adding rx perms to everyone 
It's mildly annoying when trying to execute these scripts while logged
in as a regular user, as the missing execute permissions will hinder
autocompletion even when trying to use with sudo.

These shell scripts don't contain secrets, but may fail when ran by a
regular user. The failure is due to the lack of access to the /matrix
directory, and does not result in any damage.
 2021-05-28 10:39:27 +02:00
Slavi Pantaleev 4880dcceb0 Fix OCSP-stapling-related errors due to missing resolver 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
 2021-05-28 11:14:33 +03:00
rakshazi 4ddd8bbb84
Updated nginx-proxy (1.20.0 -> 1.21.0) 2021-05-25 17:06:39 +00:00
Slavi Pantaleev 1ed0857019 Fix syntax error 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024
 2021-05-25 11:45:17 +03:00
sakkiii 4a4a7f136e changes added to hydrogen client 2021-05-25 11:42:51 +05:30
sakkiii 25e67b51d1 Merge branch 'spantaleev:master' into master 2021-05-25 11:40:56 +05:30
sakkiii 3436f9c10a rename to matrix_nginx_proxy_hsts_preload_enabled 2021-05-25 00:56:59 +05:30
sakkiii 7cc5328ede Comments & Ref 2021-05-24 17:20:54 +05:30
sakkiii df2d91970d matrix_nginx_proxy_xss_protection 2021-05-24 17:02:47 +05:30