diff --git a/CHANGELOG.md b/CHANGELOG.md index 83ccb5920..21b59f9d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -927,7 +927,7 @@ Until now, we've been doing the migration gradually and keeping full backward co Each change we do and each new feature that comes in needs to support all these different ways of reverse-proxying. Because `matrix-nginx-proxy` was the default and pretty much everyone was (and still is) using it, means that new PRs also come with `matrix-nginx-proxy` as their main focus and Traefik as an afterthought, which means we need to spend hours fixing up Traefik support. -We can't spend all this time maintaining so many different configurations anymore. Traefik support has been an option for 2 weeks and lots of people have already migrated their server and have tested things out. Traefik is what we use and preferentially test for. +We can't spend all this time maintaining so many different configurations anymore. Traefik support has been an option for 2 weeks and lots of people have already migrated their server and have tested things out. Traefik is what we use and preferentially test for. It's time for the **next step in our migration process** to Traefik and elimination of `matrix-nginx-proxy`: diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 720424425..f818dc672 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -10,7 +10,7 @@ over to `matrix.example.com`. As we discuss in [Server Delegation](howto-server-delegation.md), there are 2 different ways to set up such delegation: - either by serving a `https://example.com/.well-known/matrix/server` file (from the base domain!) -- or by using a `_matrix._tcp` DNS SRV record (don't confuse this with the `_matrix-identity._tcp` SRV record described below) +- or by using a `_matrix._tcp` DNS SRV record (don't confuse this with the `_matrix-identity._tcp` SRV record described below) This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates. If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do. diff --git a/examples/reverse-proxies/caddy2-in-container/Caddyfile b/examples/reverse-proxies/caddy2-in-container/Caddyfile index 10df00d46..0a3d1df07 100644 --- a/examples/reverse-proxies/caddy2-in-container/Caddyfile +++ b/examples/reverse-proxies/caddy2-in-container/Caddyfile @@ -3,8 +3,8 @@ matrix.example.com { handle { encode zstd gzip - # Use the docker service name instead of localhost or 127.0.0.1 here - matrix-traefik:8080 { + # Use the docker service name instead of localhost or 127.0.0.1 here + matrix-traefik:8080 { header_up X-Forwarded-Port {http.request.port} header_up X-Forwarded-TlsProto {tls_protocol} header_up X-Forwarded-TlsCipher {tls_cipher} @@ -13,12 +13,12 @@ matrix.example.com { } } -# Put `https://` at the beginning to enforce https protocol as 8448 is not the default https port (which is 443) +# Put `https://` at the beginning to enforce https protocol as 8448 is not the default https port (which is 443) https://matrix.example.com:8448 { handle { encode zstd gzip - # Use the docker service name instead of localhost or 127.0.0.1 here + # Use the docker service name instead of localhost or 127.0.0.1 here reverse_proxy matrix-traefik:8448 { header_up X-Forwarded-Port {http.request.port} header_up X-Forwarded-TlsProto {tls_protocol} diff --git a/examples/reverse-proxies/haproxy/haproxy.cfg b/examples/reverse-proxies/haproxy/haproxy.cfg index b3e176a89..57c562bdd 100644 --- a/examples/reverse-proxies/haproxy/haproxy.cfg +++ b/examples/reverse-proxies/haproxy/haproxy.cfg @@ -24,8 +24,8 @@ defaults option forwardfor option redispatch timeout connect 5000 - timeout client 50000 - timeout server 50000 + timeout client 50000 + timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http @@ -71,11 +71,10 @@ backend matrix-federation backend nginx-static capture request header origin len 128 http-response add-header Access-Control-Allow-Origin * - rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found } - rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found } + rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found } + rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found } rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found } server nginx 127.0.0.1:40888 check backend element server element 127.0.0.1:8765 check - diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1d89b451c..eecdf9264 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4063,7 +4063,7 @@ postgres_managed_databases_auto: | 'name': matrix_bot_maubot_database_name, 'username': matrix_bot_maubot_database_username, 'password': matrix_bot_maubot_database_password, - }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == postgres_connection_hostname) else []) + }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_buscarron_database_name, @@ -4231,7 +4231,7 @@ postgres_managed_databases_auto: | 'name': matrix_mx_puppet_discord_database_name, 'username': matrix_mx_puppet_discord_database_username, 'password': matrix_mx_puppet_discord_database_password, - }] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname) else []) + }] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_steam_database_name, diff --git a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index c5a01535f..531adfd98 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -87,7 +87,7 @@ manhole: # Bridge config bridge: - # Localpart template of MXIDs for LinkedIn users. + # Localpart template of MXIDs for LinkedIn users. # {userid} is replaced with the user ID of the LinkedIn user username_template: "linkedin_{userid}" # Settings for creating a space for every user. @@ -263,4 +263,3 @@ logging: root: level: {{ matrix_beeper_linkedin_logging_level|to_json }} handlers: [console] -