ansol/matrix-docker-ansible-deploy
7
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2024-11-17 12:44:53 +00:00
Code Issues Projects Releases Wiki Activity

Always send /rendezvous routes to the same Synapse worker process (main) to fix QR code login

Browse Source 
Related to https://github.com/matrix-org/matrix-spec-proposals/pull/4108
This commit is contained in:
Slavi Pantaleev 2024-11-01 09:52:10 +02:00
parent 1be9944282
commit 8a6b822bbd
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
View File

@ -230,6 +230,9 @@ matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: []
matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: []
matrix_synapse_reverse_proxy_companion_client_server_main_override_locations_regex: ^/_matrix/client/(api/v1|r0|v3|unstable)/(account/3pid/|directory/list/room/|pushrules/|rooms/[^/]+/(forget|upgrade|report)|login/sso/redirect/|register)
matrix_synapse_reverse_proxy_companion_client_server_sso_override_locations_regex: ^(/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect|/_synapse/client/(pick_username|(new_user_consent|oidc/callback|pick_idp|sso_register)$))
# Related to MSC4108 (https://github.com/matrix-org/matrix-spec-proposals/pull/4108)
matrix_synapse_reverse_proxy_companion_client_server_qr_code_login_locations_regex: ^(/_matrix/client/(unstable|v1)/org.matrix.msc4108/rendezvous|/_synapse/client/rendezvous)$
matrix_synapse_reverse_proxy_companion_federation_override_locations_regex: ^/_matrix/federation/v1/openid/userinfo$
# synapse content caching

17
roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2
View File

@ -125,6 +125,23 @@ server {
proxy_max_temp_file_size 0;
}
# QR code login (`rendezvous`) locations need to go to the same Synapse process.
# It doesn't necessarily need to be the main process, but it needs to be consistent.
# For simplicity, we'll send them to the main process though.
location ~ {{ matrix_synapse_reverse_proxy_companion_client_server_qr_code_login_locations_regex }} {
{# FIXME: This block was copied from the main Synapse fallback below. It would be better to have it in one place and avoid duplication. #}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }} valid=5s;
set $backend "{{ matrix_synapse_reverse_proxy_companion_client_api_addr }}";
proxy_pass http://$backend;
proxy_set_header Host $host;
client_body_buffer_size 25M;
client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
proxy_max_temp_file_size 0;
}
{# Workers redirects BEGIN #}
{% if generic_workers | length > 0 %}