Commit Graph

59 Commits

Author SHA1 Message Date
Slavi Pantaleev
95346f3117 Reorganize Postgres access (breaking change)
In short, this makes Synapse a 2nd class citizen,
preparing for a future where it's just one-of-many homeserver software
options.

We also no longer have a default Postgres superuser password,
which improves security.

The changelog explains more as to why this was done
and how to proceed from here.
2021-01-22 13:26:12 +02:00
Slavi Pantaleev
a47813585d Rename file to prevent common mistake
Prompted by this: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/779#issuecomment-764807507
2021-01-21 19:24:05 +02:00
0hlov3
f86d781244
Updates the the caddy2 Readme and comment lines for dimension 2020-12-29 14:07:32 +01:00
0hlov3
a1ecaf54ef
Adds Example for Caddy2 Jitsi 2020-12-29 12:00:01 +01:00
Slavi Pantaleev
e2e6cfaa8b Document Ansible's Python interpreter discovery some more
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/570

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/641
2020-12-16 18:14:52 +02:00
Slavi Pantaleev
63a49bb2dc Do not expose /_synapse/admin publicly by default
Fixes #685 (Github Issue).
2020-10-26 10:36:38 +02:00
Panagiotis Vasilopoulos
8370ee0647
caddy2: removed unknown tls directive 2020-10-04 19:28:22 +00:00
0hlov3
bd69e4fdef Merge branch 'master' of github.com:0hlov3/matrix-docker-ansible-deploy 2020-09-15 14:54:59 +02:00
0hlov3
59e1abb072 Corrects the Caddyfile 2020-09-15 14:54:47 +02:00
Slavi Pantaleev
6fefbc248a
Fix typo and wording 2020-09-13 09:51:04 +03:00
0hlov3
c366e26360 Updates exempes/caddy2/Caddyfile to SSL Grade A+ 2020-09-13 03:11:37 +02:00
Olaf Schoenwald
e7921e305b Comment in host-cars 2020-09-12 11:04:16 +02:00
Olaf Schoenwald
abf70f7772 Adds example for Caddy2 Caddyfile 2020-09-12 10:52:25 +02:00
Slavi Pantaleev
c6ab1c6a90 Riot is now Element
Fixes #586 (Github Issue)
2020-07-17 11:31:20 +03:00
Slavi Pantaleev
f18037ae42 Disable TLSv1.1 by default 2020-01-30 12:56:20 +02:00
Aaron Raimist
5366aef0da
Fix Caddy example config for Dimension 2019-12-05 17:33:08 -06:00
Marcel Ackermann
cb900d64dd
Listen 8448 required for apache
Listen 8448 directive makes apache listen on that port, without it federation does not work.
2019-10-23 15:12:31 +02:00
Slavi Pantaleev
d90e11213f
Update comment to make it accurate 2019-09-02 09:47:33 +03:00
liquidat
72d3514408 Move pipelining option to ansible.cfg 2019-09-01 01:56:02 +02:00
Julian Foad
3b69db3c1e
More Apache ProxyPass directives need 'nocanon'
Invitations weren't working for me until I added 'nocanon' to these additional places. Until then, invitations failed with "Invalid signature for server ..." errors, as in https://github.com/matrix-org/synapse/issues/3294 .

I didn't check whether the user_directory/search proxy line also needs it, I just assumed it should have it too.

The other two proxy lines in this example also include a 'retry=0' parameter. That's a separate issue; I haven't touched it here.
2019-08-30 12:22:08 +01:00
muccid
2793e24b5b Addresses comments in PR. Fixes typo in docker-compose. Changes mount of static files to RO. Adds example and brief explaination for haproxy certificates. Fixes whitespaces in nginx.conf 2019-08-26 09:04:47 +03:00
sudneo
7f0b52e9e1 Formatting of haproxy.cfg 2019-08-25 22:59:47 +03:00
sudneo
f1a64df339 Formatting of haproxy.cfg 2019-08-25 22:58:55 +03:00
sudneo
06e8056173 Formatting of haproxy.cfg 2019-08-25 22:56:32 +03:00
sudneo
3dfa6a28f9 Typo 2019-08-25 22:55:27 +03:00
sudneo
b2e0e4efe3 Adds doc for HAproxy 2019-08-25 22:53:34 +03:00
Slavi Pantaleev
fcd96b5dee Add missing options to ProxyPass 2019-08-17 10:14:40 +03:00
Slavi Pantaleev
3cb34e6998 Improve Synapse reverse-proxying Apache examples
Thanks to @ralfi!
2019-08-17 10:13:45 +03:00
Slavi Pantaleev
e22672911d Add Server-Server API proxying to Apache example configuration
Contributed by @ralfi.
2019-08-16 10:08:09 +03:00
Slavi Pantaleev
d675cb3d4b
Serve /.well-known/matrix/server with proper Content-Type 2019-08-16 10:00:26 +03:00
Marcel Ackermann
d55db2bee2
quotes, simplify 2019-08-14 08:49:06 +02:00
Marcel Ackermann
18a2377472
missing Map /.well-known/matrix/server for server discovery 2019-08-13 20:40:04 +02:00
Slavi Pantaleev
b88db88cec Mention ansible_connection=local 2019-06-04 19:24:39 +03:00
Slavi Pantaleev
5bfd22d13b Fix incorrect inventory host_vars paths 2019-05-24 08:06:42 +09:00
Dan Arnfield
093859d926 Fix TRANSFORM_INVALID_GROUP_CHARS deprecation warning 2019-05-21 10:39:33 -05:00
Brendan Abolivier
cdac997ddb Improve comments for Caddy's TLS instructions 2019-05-09 13:22:23 +01:00
Brendan Abolivier
e067db613c Fix exception to proxying 2019-05-09 13:20:26 +01:00
jreichmann
084be8a194
Added comments noting that the TLS Certs might differ when using own certs 2019-04-16 19:41:38 +02:00
jreichmann
6d49fdea21
Remove single all-host config file (used as source for examples) 2019-04-16 19:38:43 +02:00
jreichmann
265dc2949d
Added example Caddyfiles for the containers 2019-04-16 19:36:03 +02:00
Slavi Pantaleev
c1a9549d54 Mention matrix_coturn_turn_external_ip_address in examples/hosts 2019-04-16 13:10:31 +03:00
Slavi Pantaleev
382e53bdee Make examples/hosts look cleaner
Putting a lot of comments inbetween `[matrix-servers]` and the example
host line may make someone decide to clean up the comment
and accidentally skip-over the `[matrix-servers]` part.
2019-04-11 09:54:42 +03:00
Slavi Pantaleev
841b525e7f Suggest ansible_ssh_pipelining=yes for hosts 2019-04-05 11:06:49 +03:00
Slavi Pantaleev
8660cd421e Add example Apache configuration for Dimension
Discussed in #121 (Github Issue).
2019-03-18 21:17:42 +02:00
Slavi Pantaleev
d18fe3610f Fix syntax problems in example Apache configuration
Related to #121 (Github Issue)
2019-03-18 20:45:20 +02:00
Slavi Pantaleev
a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
Slavi Pantaleev
9a251e4e46 Remove some more references to localhost
Continuation of 1f0cc92b33.

As an explanation for the problem:
when saying `localhost` on the host, it sometimes gets resolved to `::1`
and sometimes to `127.0.0.1`. On the unfortunate occassions that
it gets resolved to `::1`, the container won't be able to serve the
request, because Docker containers don't have IPv6 enabled by default.

To avoid this problem, we simply prevent any lookups from happening
and explicitly use `127.0.0.1`.
2019-02-05 11:11:28 +02:00
Slavi Pantaleev
5e8a7fd05b Update own-webserver guide and add sample Apache configuration
This supersedes #59 (Github Pull Request),
which was greatly beneficial in creating our sample Apache configuration.
2019-02-01 16:58:11 +02:00
Slavi Pantaleev
e09b7435d1 Update documentation a bit 2019-02-01 12:26:43 +02:00
Slavi Pantaleev
c10182e5a6 Make roles more independent of one another
With this change, the following roles are now only dependent
on the minimal `matrix-base` role:
- `matrix-corporal`
- `matrix-coturn`
- `matrix-mailer`
- `matrix-mxisd`
- `matrix-postgres`
- `matrix-riot-web`
- `matrix-synapse`

The `matrix-nginx-proxy` role still does too much and remains
dependent on the others.

Wiring up the various (now-independent) roles happens
via a glue variables file (`group_vars/matrix-servers`).
It's triggered for all hosts in the `matrix-servers` group.

According to Ansible's rules of priority, we have the following
chain of inclusion/overriding now:
- role defaults (mostly empty or good for independent usage)
- playbook glue variables (`group_vars/matrix-servers`)
- inventory host variables (`inventory/host_vars/matrix.<your-domain>`)

All roles default to enabling their main component
(e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`).
Reasoning: if a role is included in a playbook (especially separately,
in another playbook), it should "work" by default.

Our playbook disables some of those if they are not generally useful
(e.g. `matrix_corporal_enabled: false`).
2019-01-16 18:05:48 +02:00