Add matrix_synapse_admin_hostname and rename matrix_synapse_admin_public_endpoint (to matrix_synapse_admin_path_prefix)

This commit is contained in:
Slavi Pantaleev 2023-02-14 11:05:39 +02:00
parent 2e74187050
commit 3bace0c7b9
4 changed files with 14 additions and 36 deletions

View File

@ -35,34 +35,6 @@ To use Synapse Admin, you need to have [registered at least one administrator ac
The Homeserver URL to use on Synapse Admin's login page is: `https://matrix.DOMAIN` The Homeserver URL to use on Synapse Admin's login page is: `https://matrix.DOMAIN`
### Sample configuration for running behind Traefik 2.0
Below is a sample configuration for using this playbook with a [Traefik](https://traefik.io/) 2.0 reverse proxy.
This an extension to Traefik config sample in [own-webserver-documentation](./configuring-playbook-own-webserver.md).
```yaml
# Don't bind any HTTP or federation port to the host
# (Traefik will proxy directly into the containers)
matrix_synapse_admin_container_http_host_bind_port: ""
matrix_synapse_admin_container_extra_arguments:
# May be unnecessary depending on Traefik config, but can't hurt
- '--label "traefik.enable=true"'
# The Synapse Admin container will only receive traffic from this subdomain and path
- '--label "traefik.http.routers.matrix-synapse-admin.rule=(Host(`{{ matrix_server_fqn_matrix }}`) && Path(`{{matrix_synapse_admin_public_endpoint}}`))"'
# (Define your entrypoint)
- '--label "traefik.http.routers.matrix-synapse-admin.entrypoints=web-secure"'
# (The 'default' certificate resolver must be defined in Traefik config)
- '--label "traefik.http.routers.matrix-synapse-admin.tls.certResolver=default"'
# The Synapse Admin container uses port 80 by default
- '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"'
```
### Sample configuration for running behind Caddy v2 ### Sample configuration for running behind Caddy v2
Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`). Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`).

View File

@ -41,9 +41,9 @@ matrix_synapse_admin_container_extra_arguments: []
# To inject your own other container labels, see `matrix_synapse_admin_container_labels_additional_labels`. # To inject your own other container labels, see `matrix_synapse_admin_container_labels_additional_labels`.
matrix_synapse_admin_container_labels_traefik_enabled: true matrix_synapse_admin_container_labels_traefik_enabled: true
matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_synapse_admin_container_network }}" matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_synapse_admin_container_network }}"
matrix_synapse_admin_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}" matrix_synapse_admin_container_labels_traefik_hostname: "{{ matrix_synapse_admin_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/synapse-admin`). # The path prefix must either be `/` or not end with a slash (e.g. `/synapse-admin`).
matrix_synapse_admin_container_labels_traefik_path_prefix: "{{ matrix_synapse_admin_public_endpoint }}" matrix_synapse_admin_container_labels_traefik_path_prefix: "{{ matrix_synapse_admin_path_prefix }}"
matrix_synapse_admin_container_labels_traefik_rule: "Host(`{{ matrix_synapse_admin_container_labels_traefik_hostname }}`){% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_synapse_admin_container_labels_traefik_path_prefix | quote }}`){% endif %}" matrix_synapse_admin_container_labels_traefik_rule: "Host(`{{ matrix_synapse_admin_container_labels_traefik_hostname }}`){% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_synapse_admin_container_labels_traefik_path_prefix | quote }}`){% endif %}"
matrix_synapse_admin_container_labels_traefik_priority: 0 matrix_synapse_admin_container_labels_traefik_priority: 0
matrix_synapse_admin_container_labels_traefik_entrypoints: web-secure matrix_synapse_admin_container_labels_traefik_entrypoints: web-secure
@ -131,9 +131,14 @@ matrix_synapse_admin_floc_optout_enabled: true
# See: `matrix_synapse_admin_http_header_strict_transport_security` # See: `matrix_synapse_admin_http_header_strict_transport_security`
matrix_synapse_admin_hsts_preload_enabled: false matrix_synapse_admin_hsts_preload_enabled: false
# The path at which Synapse Admin will be exposed on `matrix.DOMAIN` when matrix-nginx-proxy is used. # The hostname at which Synapse Admin is served.
# A path of `/` is likely not a good choice when matrix-nginx-proxy is used. # Only works with with Traefik reverse-proxying.
# For matrix-nginx-proxy, `matrix_server_fqn_matrix` is used and this variable has no effect.
matrix_synapse_admin_hostname: "{{ matrix_server_fqn_matrix }}"
# The path at which Synapse Admin is exposed.
# When matrix-nginx-proxy is used, setting this to values other than `/` will cause configuration mismatches and trouble.
# #
# If Traefik is used, the hostname is also configurable - see `matrix_synapse_admin_container_labels_traefik_hostname`. # If Traefik is used, the hostname is also configurable - see `matrix_synapse_admin_container_labels_traefik_hostname`.
# This value must either be `/` or not end with a slash (e.g. `/synapse-admin`). # This value must either be `/` or not end with a slash (e.g. `/synapse-admin`).
matrix_synapse_admin_public_endpoint: /synapse-admin matrix_synapse_admin_path_prefix: /synapse-admin

View File

@ -12,9 +12,9 @@
- name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact: ansible.builtin.set_fact:
matrix_synapse_admin_matrix_nginx_proxy_configuration: | matrix_synapse_admin_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; rewrite ^{{ matrix_synapse_admin_path_prefix }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_path_prefix }}/ permanent;
location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { location ~ ^{{ matrix_synapse_admin_path_prefix }}/(.*) {
{% if matrix_nginx_proxy_enabled | default(False) %} {% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #} {# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s; resolver 127.0.0.11 valid=5s;
@ -40,7 +40,7 @@
msg: >- msg: >-
NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
reverse proxy. reverse proxy.
Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` Please make sure that you're proxying the `{{ matrix_synapse_admin_path_prefix }}`
URL endpoint to the matrix-synapse-admin container. URL endpoint to the matrix-synapse-admin container.
You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool" when: "not matrix_nginx_proxy_enabled | default(False) | bool"

View File

@ -10,6 +10,7 @@
- {'old': 'matrix_synapse_admin_docker_repo', 'new': 'matrix_synapse_admin_container_self_build_repo'} - {'old': 'matrix_synapse_admin_docker_repo', 'new': 'matrix_synapse_admin_container_self_build_repo'}
- {'old': 'matrix_synapse_admin_container_self_build', 'new': 'matrix_synapse_admin_container_image_self_build'} - {'old': 'matrix_synapse_admin_container_self_build', 'new': 'matrix_synapse_admin_container_image_self_build'}
- {'old': 'matrix_synapse_admin_container_self_build_repo', 'new': 'matrix_synapse_admin_container_image_self_build_repo'} - {'old': 'matrix_synapse_admin_container_self_build_repo', 'new': 'matrix_synapse_admin_container_image_self_build_repo'}
- {'old': 'matrix_synapse_admin_public_endpoint', 'new': 'matrix_synapse_admin_path_prefix'}
- when: matrix_synapse_admin_container_labels_traefik_enabled | bool - when: matrix_synapse_admin_container_labels_traefik_enabled | bool
block: block: