diff --git a/CHANGELOG.md b/CHANGELOG.md index 35493c06c..127d5b751 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,49 @@ +# 2024-11-14 + +## HTTP-compression support for Traefik-based setups + +The playbook now **automatically enables HTTP-compression support** for major services powered by the playbook, like [Cinny](./docs/configuring-playbook-client-cinny.md), [Element Web](./docs/configuring-playbook-client-element-web.md), [Hydrogen](./docs/configuring-playbook-client-hydrogen.md), as well as for Matrix Client-Server and Federation APIs (`matrix.example.com`). + +Other services installed by the playbook are currently not compression-enabled, but may become so over time. +This change is rolled out on a per-service basis (as opposed to doing it globally, at the Traefik entrypoint level) to allow certain services or route endpoints which do not behave well when compressed (e.g. [issue 3749](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3749)) to be excluded from compression. + +A long time ago, various services were operating with `gzip`-compression enabled at the nginx level. Since the switch to Traefik (see [Goodbye, `matrix-nginx-proxy` 🪦](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/57c5271d9d6265a34a9d9cceb93365f685074f96/CHANGELOG.md#goodbye-matrix-nginx-proxy-)), all services (with the exception of Matrix APIs for Synapse worker-enabled setups which are powered by `nginx` via `synapse-reverse-proxy-companion`) have been operating without HTTP-compression support. + +HTTP-compression is now done via Traefik's [compress](https://doc.traefik.io/traefik/middlewares/http/compress/) middleware. We use the default configuration for this middleware, which enables `zstd`, `br` and `gzip` support (in this order). +This middleware's configuration can be configured via variables in the Traefik role (see `traefik_config_http_middlewares_compression_middleware_options`). + +If you're using your own Traefik reverse-proxy server ([Traefik managed by you](./docs/configuring-playbook-own-webserver.md#traefik-managed-by-you)) instead of the playbook's integrated Traefik service, you can benefit from the same by: + +- defining a [compress](https://doc.traefik.io/traefik/middlewares/http/compress/) middleware (via the [file](https://doc.traefik.io/traefik/providers/file/) or [Docker](https://doc.traefik.io/traefik/providers/docker/) providers) +- setting `matrix_playbook_reverse_proxy_traefik_middleware_compession_enabled` to `true` +- specifying the middleware's name in `matrix_playbook_reverse_proxy_traefik_middleware_compession_name` (e.g. `matrix_playbook_reverse_proxy_traefik_middleware_compession_name: my-compression-middleware@file`) + +## Timeout adjustments for Traefik-based setups + +The playbook now supports configuring various [transport.respondingTimeouts](https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts) timeout values (`readTimeout`, `writeTimeout`, `idleTimeout`) for the `web`, `web-secure` and `matrix-federation` entrypoints. + +If you're using your own Traefik reverse-proxy server ([Traefik managed by you](./docs/configuring-playbook-own-webserver.md#traefik-managed-by-you)) instead of the playbook's integrated Traefik service, you may wish to do similar configuration changes to your setup manually. + +The most interesting of these is the `readTimeout` configuration value (the maximum duration for reading the entire request, including the body), which used to default to `60s`. +For large and slowly progressing file uploads, `60s` would often not be enough for the transfer to finish and uploads would end up being interrupted. +The playbook now raises the `readTimeout` value to 5 minutes (`300s`) to improve this use-case. + +The `traefik_config_entrypoint_web_transport_respondingTimeouts_*` variables (for the `web` entrypoint) cascade to affecting the timeout values for the `web-secure` and `matrix-federation` entrypoints, so you can easily adjust all timeout values using them. + +Example of the default timeout values used by the playbook: + +```yml +traefik_config_entrypoint_web_transport_respondingTimeouts_readTimeout: 300s + +# 0s means "no timeout" +traefik_config_entrypoint_web_transport_respondingTimeouts_writeTimeout: 0s + +traefik_config_entrypoint_web_transport_respondingTimeouts_idleTimeout: 180s +``` + +Alternatively, you may adjust the timeout values for specific entrypoints (like `web-secure` and `matrix-federation`) using dedicated variables (like `traefik_config_entrypoint_web_secure_transport_respondingTimeouts_readTimeout` and `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_transport_respondingTimeouts_readTimeout`). + + # 2024-11-08 ## Support for synapse-admin auto-configuration via /.well-known/matrix/client diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index c31c1852d..3a0d70c3c 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -41,6 +41,14 @@ traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory" # Uncomment and adjust the variable below if the name of your federation entrypoint is different # than the default value (matrix-federation). # matrix_federation_traefik_entrypoint_name: matrix-federation + +# Uncomment and adjust the variables below if you'd like to enable HTTP-compression. +# +# For this to work, you will need to define a compress middleware (https://doc.traefik.io/traefik/middlewares/http/compress/) for your Traefik instance +# using a file (https://doc.traefik.io/traefik/providers/file/) or Docker (https://doc.traefik.io/traefik/providers/docker/) configuration provider. +# +# matrix_playbook_reverse_proxy_traefik_middleware_compession_enabled: true +# matrix_playbook_reverse_proxy_traefik_middleware_compession_name: my-compression-middleware@file ``` In this mode all roles will still have Traefik labels attached. You will, however, need to configure your Traefik instance and its entrypoints. @@ -84,7 +92,7 @@ version: "3.3" services: traefik: - image: "docker.io/traefik:v2.9.6" + image: "docker.io/traefik:v3.2.0" restart: always container_name: "traefik" networks: