Commit graph

189 commits

Author SHA1 Message Date
Slavi Pantaleev f12206676f Upgrade Synapse (v1.66.0 -> 1.67.0) and remove frontend_proxy workers
`frontend_proxy` workers have been superseded by `generic_worker` workers.
Related to https://github.com/matrix-org/synapse/pull/13645
2022-09-13 15:45:50 +03:00
Slavi Pantaleev 04f224e634
Merge branch 'master' into conduit 2022-08-09 10:46:03 +03:00
Charles Wright 20767b5149 Fixes to enable Conduit in setup-all 2022-08-04 14:35:41 -05:00
Slavi Pantaleev d073c7ecb3 More ansible-lint fixes 2022-07-18 13:01:19 +03:00
Julian Foad 25b343c8c8 matrix-ntfy: without nginx, bind to 127.0.0.1:2586 2022-07-08 12:02:06 +01:00
Julian Foad 2a516a16fb matrix-ntfy: enable WebSocket proxying 2022-07-04 15:31:37 +01:00
Julian Foad ec9f8e2931 Add a role to install 'ntfy' push-notification server.
This commit adds a 'matrix-ntfy' role that runs Ntfy server in Docker with
simple configuration, and plumbing to add the role to the playbook.

TODO: documentation, self-check, database persistence.
2022-07-04 15:31:29 +01:00
Slavi Pantaleev ba51997f7b (BC Break) Redo how metrics are exposed to external Prometheus servers 2022-06-23 17:55:07 +03:00
Slavi Pantaleev 49da9c76ac
Merge pull request #1782 from etkecc/matrix-bot-buscarron
add matrix-bot-buscarron
2022-04-25 09:44:35 +03:00
Aine 290754371a
add matrix-bot-buscarron 2022-04-23 16:19:24 +03:00
Andrea Tartaglia 68424e68e5 feat: make synapse htpasswd file path configurable
When setting `matrix_nginx_proxy_enabled: false` and enabling authentication on the metrics endpoint, the htpasswd file is hardcoded to the nginx-proxy container dir, this changes the hardcoded value to a variable so the path can be updated
2022-04-23 11:13:36 +01:00
borisrunakov acaebfbf67
optional media cache with range requests support (#1759) 2022-04-21 10:31:26 +03:00
Slavi Pantaleev 0364c6c634 Suppress old container cleanup (kill/rm) failures
People often report and ask about these "failures".
More-so previously, when the `docker kill/rm` output was collected,
but it still happens now when people do `systemctl status
matrix-something` and notice that it says "FAILURE".

Suppressing to avoid further time being wasted on saying "this is
expected".
2022-04-11 09:05:33 +03:00
Kim Brose 5ed23e81ef
Fix index in external_prometheus.yml.example.j2
For an unknown reason prometheus ignored the given "numeric" index and replaced it by 1. This made it not work properly, plus multiple workers of same types were not differentiable. With a "string" index, it works as intended.
2022-03-17 18:37:37 +01:00
Alejo Diaz 4ec24ec344
Add support for obtain ECDSA keys (#1667)
* Add support for obtain ECDSA keys

* Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type
2022-03-03 18:15:39 +02:00
Slavi Pantaleev 86c36523df Replace ExecStopPost with ExecStop
Reverts b1b4ba501f, 90c9801c56, a3c84f78ca, ..

I haven't really traced it (yet), but on some servers, I'm observing
`ansible-playbook ... --tags=start` completing very slowly, waiting
to stop services. I can't reproduce this on all Matrix servers I manage.
I suspect that either the systemd version is to blame or that some
specific service is not responding well to some `docker kill/rm` command.

`ExecStop` seems to work great in all cases and it's what we've been
using for a very long time, so I'm reverting to that.
2022-02-05 12:13:36 +02:00
Slavi Pantaleev 29bc22a085 Add matrix_nginx_proxy_container_additional_networks
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1498
2022-01-10 11:51:57 +02:00
Slavi Pantaleev 3b9d5b13e9 Add support for not serving Dendrite federation APIs on the client port
Seems like Dendrite encourages serving both the Client and Federation
API at the same port.

Coming from Synapse and how things are done there, we have separate
ports. Using separate ports probably makes matrix-corporal (etc.)
integration easier, so separating the APIs by default probably makes
sense.
2022-01-07 15:59:35 +02:00
Slavi Pantaleev ecc237bbad Initial work on getting nginx reverse proxying working with Dendrite 2022-01-07 15:59:35 +02:00
rakshazi 5788a16a2e
added matrix-client-cinny 2022-01-05 18:33:21 +02:00
Slavi Pantaleev b1b4ba501f Replace ExecStop with ExecStopPost
ExecStopPost should allow us to clean up (docker kill + docker rm)
even if the ExecStart (docker run ..) command failed, and not just after
a graceful service stop was initiated.

Source: https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStopPost=
2022-01-04 17:27:25 +02:00
Slavi Pantaleev 3a9fe48deb Make matrix-nginx-proxy's X-Forwarded-For header customizable
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1393
2021-11-24 11:32:06 +02:00
Aaron Raimist f8fe68b385
Allow workers to serve new v3 APIs
1f196f59cb
2021-11-17 14:54:49 +00:00
JokerGermany c0656448f7 Port 80 for IPv6 2021-11-13 01:18:22 +01:00
b 6eaa8ac65a add server_name to matrix-synapsel.conf only if matrix_nginx_proxy_enabled 2021-11-05 15:31:10 +02:00
Kim Brose 5f6bbafa17
fix space before tab in indent 2021-10-24 16:00:42 +02:00
HarHarLinks 7b33fc8e19 fixup! auto-generate prometheus.yml for workers metrics 2021-10-20 13:30:38 +02:00
HarHarLinks ce41674e61 auto-generate prometheus.yml for workers metrics 2021-10-20 12:51:00 +02:00
HarHarLinks 4209c4208c add own variable for worker metrics
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1311#issuecomment-945718866
2021-10-20 12:51:00 +02:00
HarHarLinks d9fa2f7ed4 add auto proxy synapse worker metrics
when matrix_nginx_proxy_proxy_synapse_metrics is enabled
2021-10-04 21:44:50 +02:00
Slavi Pantaleev 31396f0615
Merge pull request #1295 from nogweii/feat-support-upstream-https-forwarded
Support trusting the upstream server when it says the protocol is HTTPS
2021-09-26 09:54:15 +03:00
Aaron Raimist a676b5358c
Fix hydrogen OCSP typo
From 6f80292745
2021-09-24 20:09:06 -05:00
Colin Shea 2578ca4cee rename matrix_nginx_proxy_x_forwarded_header_value -> matrix_nginx_proxy_x_forwarded_proto_value 2021-09-24 05:22:30 -07:00
Colin Shea d0cd67044e replace $scheme with X-Forwarded-Proto when enabled 2021-09-24 05:14:38 -07:00
sakkiii ae6caf158a
Added variable matrix_nginx_proxy_request_timeout (#1265)
* add timeout param for nginx proxy

default value matrix_nginx_proxy_request_timeout is 60s

* default matrix_nginx_proxy_request_timeout - 60s

* few more variables for request timeout

* Update nginx.conf.j2

* Update nginx.conf.j2
2021-09-03 10:00:45 +03:00
Michael Collins 2e30802b87 use group variables instead 2021-08-11 15:21:09 +08:00
Michael Collins 8238d65e5f simplify template conditional 2021-08-11 14:19:19 +08:00
Michael Collins bfb61e776e GMH v0.5.7... maybe! 2021-08-10 12:58:10 +08:00
Slavi Pantaleev 4105ba854b
Merge pull request #1147 from datenkollektiv-net/allow-custom-federation-fqn
Make federation domain customizable
2021-07-20 09:12:16 +03:00
JokerGermany 9345d840be
root path for the base domain is wrong (#1189)
* root path for the base domain

* Fix path when running in a container

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2021-07-20 08:48:11 +03:00
Slavi Pantaleev 6294e58304 Fix Content-Security-Policy for Element
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154

According to
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy,
having both a header and the `<meta>`-tag provided by Element itself is
not a problem. The 2 CSP policies get combined.
2021-07-01 12:41:05 +03:00
oxmie 5df4d68829 Make federation domain customizable 2021-06-30 23:02:27 +02:00
sakkiii 0217644b48
Content-Security-Policy For Element Web
https://github.com/vector-im/element-web#configuration-best-practices
2021-06-18 23:27:23 +05:30
Slavi Pantaleev 4880dcceb0 Fix OCSP-stapling-related errors due to missing resolver
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-28 11:14:33 +03:00
Slavi Pantaleev 1ed0857019 Fix syntax error
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024
2021-05-25 11:45:17 +03:00
sakkiii 4a4a7f136e changes added to hydrogen client 2021-05-25 11:42:51 +05:30
sakkiii 25e67b51d1 Merge branch 'spantaleev:master' into master 2021-05-25 11:40:56 +05:30
sakkiii 3436f9c10a rename to matrix_nginx_proxy_hsts_preload_enabled 2021-05-25 00:56:59 +05:30
sakkiii df2d91970d matrix_nginx_proxy_xss_protection 2021-05-24 17:02:47 +05:30
Slavi Pantaleev 6f80292745
Add OCSP stapling support and other SSL optimizations to Hydrogen vhost
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-21 13:40:37 +03:00