Merge branch 'spantaleev:master' into master
This commit is contained in:
commit
29cf6a0087
@ -55,6 +55,8 @@ Note that if your nginx version is old, it might not like our default choice of
|
||||
matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
|
||||
```
|
||||
|
||||
If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue.
|
||||
|
||||
|
||||
### Using your own external Apache webserver
|
||||
|
||||
|
@ -14,11 +14,7 @@ Table of contents:
|
||||
|
||||
## Purging old data with the Purge History API
|
||||
|
||||
You can use the **Purge History API** to delete in-use (but old) data.
|
||||
|
||||
**This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
|
||||
|
||||
Synapse's [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) can be used to purge on a per-room basis.
|
||||
You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
|
||||
|
||||
To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
|
||||
Alternatively, you can log in and obtain a new access token like this:
|
||||
@ -29,6 +25,8 @@ curl \
|
||||
https://matrix.DOMAIN/_matrix/client/r0/login
|
||||
```
|
||||
|
||||
Synapse's Admin API is not exposed to the internet by default. To expose it you will need to add `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` to your `vars.yml` file.
|
||||
|
||||
Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) documentation page for the actual purging instructions.
|
||||
|
||||
After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintenance-postgres.md#vacuuming-postgresql).
|
||||
@ -36,7 +34,7 @@ After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintena
|
||||
|
||||
## Compressing state with rust-synapse-compress-state
|
||||
|
||||
[rust-synapse-compress-state](https://github.com/matrix-org/rust-synapse-compress-state) can be used to optimize some `_state` tables used by Synapse.
|
||||
[rust-synapse-compress-state](https://github.com/matrix-org/rust-synapse-compress-state) can be used to optimize some `_state` tables used by Synapse. If your server participates in large rooms this is the most effective way to reduce the size of your database.
|
||||
|
||||
This tool should be safe to use (even when Synapse is running), but it's always a good idea to [make Postgres backups](./maintenance-postgres.md#backing-up-postgresql) first.
|
||||
|
||||
@ -54,7 +52,10 @@ After state compression, you may wish to run a [`FULL` Postgres `VACUUM`](./main
|
||||
|
||||
## Browse and manipulate the database
|
||||
|
||||
When the [matrix admin API](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) and the other tools do not provide a more convenient way, having a look at synapse's postgresql database can satisfy a lot of admins' needs.
|
||||
When the [Synapse Admin API](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) and the other tools do not provide a more convenient way, having a look at synapse's postgresql database can satisfy a lot of admins' needs.
|
||||
|
||||
Editing the database manually is not recommended or supported by the Synapse developers. If you are going to do so you should [make a database backup](./maintenance-postgres.md#backing-up-postgresql).
|
||||
|
||||
First, set up an SSH tunnel to your matrix server (skip if it is your local machine):
|
||||
|
||||
```
|
||||
|
@ -2,7 +2,7 @@ matrix_coturn_enabled: true
|
||||
|
||||
matrix_coturn_container_image_self_build: false
|
||||
matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
|
||||
matrix_coturn_container_image_self_build_repo_version: "upstream/{{ matrix_coturn_version }}"
|
||||
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r0"
|
||||
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
|
||||
|
||||
matrix_coturn_version: 4.5.2
|
||||
|
@ -37,6 +37,13 @@ matrix_grafana_default_admin_password: admin
|
||||
# [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
|
||||
matrix_grafana_content_security_policy: true
|
||||
|
||||
# specify content security policy template to customized template
|
||||
# added 'unsafe-inline' (ignored by browsers supporting nonces/hashes) to be backward compatible with older browsers.
|
||||
# added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers.
|
||||
# [Content Security Policy Browser Test] (https://content-security-policy.com/browser-test/)
|
||||
# [Content Security Policy Reference](https://content-security-policy.com/script-src/)
|
||||
matrix_grafana_content_security_policy_customized: true
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_grafana_container_extra_arguments: []
|
||||
|
||||
|
@ -8,6 +8,11 @@ admin_password = """{{ matrix_grafana_default_admin_password }}"""
|
||||
# specify content_security_policy to add the Content-Security-Policy header to your requests
|
||||
content_security_policy = "{{ matrix_grafana_content_security_policy }}"
|
||||
|
||||
# specify content security policy template to customized template
|
||||
{% if matrix_grafana_content_security_policy_customized %}
|
||||
content_security_policy_template = """script-src http: https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
|
||||
{% endif %}
|
||||
|
||||
[auth.anonymous]
|
||||
# enable anonymous access
|
||||
enabled = {{ matrix_grafana_anonymous_access }}
|
||||
|
@ -52,7 +52,7 @@ matrix_jitsi_jibri_recorder_password: ''
|
||||
|
||||
matrix_jitsi_enable_lobby: false
|
||||
|
||||
matrix_jitsi_version: stable-5142
|
||||
matrix_jitsi_version: stable-5765-1
|
||||
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
|
||||
|
||||
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
|
||||
|
@ -3,6 +3,8 @@ AUTH_TYPE={{ matrix_jitsi_auth_type }}
|
||||
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
|
||||
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
|
||||
|
||||
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
|
||||
|
||||
LDAP_URL={{ matrix_jitsi_ldap_url }}
|
||||
LDAP_BASE={{ matrix_jitsi_ldap_base }}
|
||||
LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }}
|
||||
|
@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
|
||||
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
|
||||
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
|
||||
|
||||
matrix_mailer_version: 4.94-r0
|
||||
matrix_mailer_version: 4.94.2-r0
|
||||
matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
|
||||
matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
|
||||
|
@ -18,7 +18,6 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
|
||||
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--init \
|
||||
--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--env-file={{ matrix_mailer_base_path }}/env-mailer \
|
||||
|
@ -53,6 +53,27 @@
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# XMPP websocket
|
||||
location = /xmpp-websocket {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend {{ matrix_jitsi_xmpp_bosh_url_base }};
|
||||
proxy_pass $backend/xmpp-websocket;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:5280;
|
||||
{% endif %}
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_read_timeout 900s;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
{% endmacro %}
|
||||
|
||||
server {
|
||||
|
@ -8,7 +8,7 @@ matrix_synapse_admin_container_self_build_repo: "https://github.com/Awesome-Tech
|
||||
|
||||
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
|
||||
|
||||
matrix_synapse_admin_version: 0.7.2
|
||||
matrix_synapse_admin_version: 0.8.0
|
||||
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
|
||||
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
|
||||
|
Loading…
Reference in New Issue
Block a user