From 1ef683d366f5721f502539b0449e64daf2579d9a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 24 Feb 2021 08:17:53 +0200 Subject: [PATCH] Make nginx proxy config (when disabled) obey matrix_federation_public_port People who were disabling matrix-nginx-proxy (in favor of their own nginx webserver) and also overriding `matrix_federation_public_port`, found that the generated nginx configuration still hardcoded `8448`, which forced their nginx server to use that, regardless of the fact that `matrix_federation_public_port` was pointing elsewhere. We now allow for the in-container federation port to be configurable, and also automatically wire things properly. --- group_vars/matrix_servers | 5 ++++- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++++ .../templates/nginx/conf.d/matrix-domain.conf.j2 | 6 +++--- .../templates/systemd/matrix-nginx-proxy.service.j2 | 2 +- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 07900778e..13172a63b 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1074,6 +1074,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1 matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}" +# When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. +matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" + matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}" # This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore. @@ -1224,7 +1227,7 @@ matrix_postgres_additional_databases: | 'username': matrix_mautrix_instagram_database_username, 'password': matrix_mautrix_instagram_database_password, }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == 'matrix-postgres') else []) - + + + ([{ 'name': matrix_mautrix_signal_database_name, 'username': matrix_mautrix_signal_database_username, diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 1b1391834..a4fbd0024 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -111,6 +111,10 @@ matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}" # Controls whether proxying the matrix domain should be done. matrix_nginx_proxy_proxy_matrix_enabled: false matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" +# The port name used for federation in the nginx configuration. +# This is not necessarily the port that it's actually on, +# as port-mapping happens (`-p ..`) for the `matrix-nginx-proxy` container. +matrix_nginx_proxy_proxy_matrix_federation_port: 8448 # Controls whether proxying the dimension domain should be done. matrix_nginx_proxy_proxy_dimension_enabled: false diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 2ab78a1b5..414974168 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -199,10 +199,10 @@ server { #} server { {% if matrix_nginx_proxy_https_enabled %} - listen 8448 ssl http2; - listen [::]:8448 ssl http2; + listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }} ssl http2; + listen [::]:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} ssl http2; {% else %} - listen 8448; + listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }}; {% endif %} server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }}; diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index bd3070ac3..38bc64a85 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -30,7 +30,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ -p {{ matrix_nginx_proxy_container_https_host_bind_port }}:8443 \ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled and matrix_nginx_proxy_container_federation_host_bind_port %} - -p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:8448 \ + -p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} \ {% endif %} --mount type=bind,src={{ matrix_nginx_proxy_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \ --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/nginx-data,ro \