From 12a8d535e81ad95fef232aa997c1afc5aa7dc624 Mon Sep 17 00:00:00 2001 From: Charles Wright Date: Tue, 16 Jan 2024 10:53:20 -0600 Subject: [PATCH] Move maps inside the if-workers block; Add Tom's map to extract access token from the URI arg --- ...ix-synapse-reverse-proxy-companion.conf.j2 | 45 ++++++++++--------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 index f44823aa8..11619f204 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 @@ -13,27 +13,6 @@ {% set media_repository_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} {% set user_dir_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} - -# Maps from https://tcpipuk.github.io/synapse/deployment/nginx.html#mapsconf -# Client username from MXID -map $http_authorization $mxid_localpart { - default $http_authorization; - "~Bearer syt_(?.*?)_.*" $username; - "" $accesstoken_from_urlparam; -} - -# Whether to upgrade HTTP connection -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -#Extract room name from URI -map $request_uri $room_name { - ~^/_matrix/(client|federation)/.*?(?:%21|!)(?[A-Za-z0-9._=\-\/]+)(?::|%3A)[A-Za-z0-9._=\-\/]+ $room; -} -# End maps - {% macro render_worker_upstream(name, workers, load_balance) %} {% if workers | length > 0 %} upstream {{ name }} { @@ -58,6 +37,30 @@ map $request_uri $room_name { {% endmacro %} {% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %} + +# Maps from https://tcpipuk.github.io/synapse/deployment/nginx.html#mapsconf +# Client username from access token +map $arg_access_token $accesstoken_from_urlparam { + default $arg_access_token; + "~syt_(?.*?)_.*" $username; +} +# Client username from MXID +map $http_authorization $mxid_localpart { + default $http_authorization; + "~Bearer syt_(?.*?)_.*" $username; + "" $accesstoken_from_urlparam; +} +# Whether to upgrade HTTP connection +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} +#Extract room name from URI +map $request_uri $room_name { + ~^/_matrix/(client|federation)/.*?(?:%21|!)(?[A-Za-z0-9._=\-\/]+)(?::|%3A)[A-Za-z0-9._=\-\/]+ $room; +} +# End maps + {% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %} proxy_cache_path {{ matrix_synapse_reverse_proxy_companion_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }}:{{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_size }} inactive={{ matrix_synapse_reverse_proxy_companion_synapse_cache_inactive_time }} max_size={{ matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb }}m; {% endif %}