From 9b5be6825d1c9661de847fb0708e0ab6dfeff963 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 6 Jul 2024 11:00:59 +0300 Subject: [PATCH] Enable HTTP/3 by default for web-secure and matrix-federation HTTP/3 is no longer considered experimental in Traefik v3, so it's a good time to enable it. --- group_vars/matrix_servers | 3 +++ roles/custom/matrix-base/defaults/main.yml | 12 +++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f84bf4e55..bd851c675 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -38,6 +38,9 @@ matrix_playbook_reverse_proxy_hostname: "{{ devture_traefik_identifier if devtur # A separate Matrix Federation entrypoint is always enabled, unless the federation port matches one of the ports for existing (default) entrypoints matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: "{{ matrix_federation_public_port not in [devture_traefik_config_entrypoint_web_port, devture_traefik_config_entrypoint_web_secure_port] }}" +# We only enable HTTP/3 on the federation entrypoint if the main web-secure entrypoint has it enabled. +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: "{{ devture_traefik_config_entrypoint_web_secure_http3_enabled }}" + # `devture_traefik_config_entrypoint_web_secure_enabled` is the variable we currently follow to determine if SSL is enabled or not. # `matrix_playbook_ssl_enabled` is merely an indicator if (when looked at it publicly), the server supports SSL or not, # and affects how services configure their public URLs. diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 393063980..ba5efa26a 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -263,7 +263,16 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: true matrix_playbook_public_matrix_federation_api_traefik_entrypoint_name: "{{ matrix_federation_traefik_entrypoint_name }}" matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port: "{{ matrix_federation_public_port }}" matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: "{{ matrix_federation_public_port }}" -matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}" +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled else '' }}" +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}" +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: true +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}" +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default: | + {{ + ({'http3': {'advertisedPort': matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort | int}}) + if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled + else {} + }} matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto: {} matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom: {} @@ -271,6 +280,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition: name: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_name }}" port: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}" host_bind_port: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port }}" + host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp }}" config: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config }}" # Controls whether to enable an additional Traefik entrypoint for the purpose of serving the homeserver's Client-Server API internally.