Merge branch 'spantaleev:master' into master

This commit is contained in:
sakkiii 2021-05-10 15:10:18 +05:30
commit 29cf6a0087
11 changed files with 49 additions and 12 deletions

View File

@ -55,6 +55,8 @@ Note that if your nginx version is old, it might not like our default choice of
matrix_nginx_proxy_ssl_protocols: "TLSv1.2" matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
``` ```
If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue.
### Using your own external Apache webserver ### Using your own external Apache webserver

View File

@ -14,11 +14,7 @@ Table of contents:
## Purging old data with the Purge History API ## Purging old data with the Purge History API
You can use the **Purge History API** to delete in-use (but old) data. You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
**This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
Synapse's [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) can be used to purge on a per-room basis.
To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element). To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
Alternatively, you can log in and obtain a new access token like this: Alternatively, you can log in and obtain a new access token like this:
@ -29,6 +25,8 @@ curl \
https://matrix.DOMAIN/_matrix/client/r0/login https://matrix.DOMAIN/_matrix/client/r0/login
``` ```
Synapse's Admin API is not exposed to the internet by default. To expose it you will need to add `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` to your `vars.yml` file.
Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) documentation page for the actual purging instructions. Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) documentation page for the actual purging instructions.
After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintenance-postgres.md#vacuuming-postgresql). After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintenance-postgres.md#vacuuming-postgresql).
@ -36,7 +34,7 @@ After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintena
## Compressing state with rust-synapse-compress-state ## Compressing state with rust-synapse-compress-state
[rust-synapse-compress-state](https://github.com/matrix-org/rust-synapse-compress-state) can be used to optimize some `_state` tables used by Synapse. [rust-synapse-compress-state](https://github.com/matrix-org/rust-synapse-compress-state) can be used to optimize some `_state` tables used by Synapse. If your server participates in large rooms this is the most effective way to reduce the size of your database.
This tool should be safe to use (even when Synapse is running), but it's always a good idea to [make Postgres backups](./maintenance-postgres.md#backing-up-postgresql) first. This tool should be safe to use (even when Synapse is running), but it's always a good idea to [make Postgres backups](./maintenance-postgres.md#backing-up-postgresql) first.
@ -54,7 +52,10 @@ After state compression, you may wish to run a [`FULL` Postgres `VACUUM`](./main
## Browse and manipulate the database ## Browse and manipulate the database
When the [matrix admin API](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) and the other tools do not provide a more convenient way, having a look at synapse's postgresql database can satisfy a lot of admins' needs. When the [Synapse Admin API](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) and the other tools do not provide a more convenient way, having a look at synapse's postgresql database can satisfy a lot of admins' needs.
Editing the database manually is not recommended or supported by the Synapse developers. If you are going to do so you should [make a database backup](./maintenance-postgres.md#backing-up-postgresql).
First, set up an SSH tunnel to your matrix server (skip if it is your local machine): First, set up an SSH tunnel to your matrix server (skip if it is your local machine):
``` ```

View File

@ -2,7 +2,7 @@ matrix_coturn_enabled: true
matrix_coturn_container_image_self_build: false matrix_coturn_container_image_self_build: false
matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn" matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
matrix_coturn_container_image_self_build_repo_version: "upstream/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r0"
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
matrix_coturn_version: 4.5.2 matrix_coturn_version: 4.5.2

View File

@ -37,6 +37,13 @@ matrix_grafana_default_admin_password: admin
# [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy) # [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
matrix_grafana_content_security_policy: true matrix_grafana_content_security_policy: true
# specify content security policy template to customized template
# added 'unsafe-inline' (ignored by browsers supporting nonces/hashes) to be backward compatible with older browsers.
# added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers.
# [Content Security Policy Browser Test] (https://content-security-policy.com/browser-test/)
# [Content Security Policy Reference](https://content-security-policy.com/script-src/)
matrix_grafana_content_security_policy_customized: true
# A list of extra arguments to pass to the container # A list of extra arguments to pass to the container
matrix_grafana_container_extra_arguments: [] matrix_grafana_container_extra_arguments: []

View File

@ -8,6 +8,11 @@ admin_password = """{{ matrix_grafana_default_admin_password }}"""
# specify content_security_policy to add the Content-Security-Policy header to your requests # specify content_security_policy to add the Content-Security-Policy header to your requests
content_security_policy = "{{ matrix_grafana_content_security_policy }}" content_security_policy = "{{ matrix_grafana_content_security_policy }}"
# specify content security policy template to customized template
{% if matrix_grafana_content_security_policy_customized %}
content_security_policy_template = """script-src http: https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
{% endif %}
[auth.anonymous] [auth.anonymous]
# enable anonymous access # enable anonymous access
enabled = {{ matrix_grafana_anonymous_access }} enabled = {{ matrix_grafana_anonymous_access }}

View File

@ -52,7 +52,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-5142 matrix_jitsi_version: stable-5765-1
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"

View File

@ -3,6 +3,8 @@ AUTH_TYPE={{ matrix_jitsi_auth_type }}
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
LDAP_URL={{ matrix_jitsi_ldap_url }} LDAP_URL={{ matrix_jitsi_ldap_url }}
LDAP_BASE={{ matrix_jitsi_ldap_base }} LDAP_BASE={{ matrix_jitsi_ldap_base }}
LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }} LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }}

View File

@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
matrix_mailer_version: 4.94-r0 matrix_mailer_version: 4.94.2-r0
matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"

View File

@ -18,7 +18,6 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \ --user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
--cap-drop=ALL \ --cap-drop=ALL \
--read-only \ --read-only \
--init \
--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \ --tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
--network={{ matrix_docker_network }} \ --network={{ matrix_docker_network }} \
--env-file={{ matrix_mailer_base_path }}/env-mailer \ --env-file={{ matrix_mailer_base_path }}/env-mailer \

View File

@ -53,6 +53,27 @@
tcp_nodelay on; tcp_nodelay on;
} }
# XMPP websocket
location = /xmpp-websocket {
{% if matrix_nginx_proxy_enabled %}
resolver 127.0.0.11 valid=5s;
set $backend {{ matrix_jitsi_xmpp_bosh_url_base }};
proxy_pass $backend/xmpp-websocket;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:5280;
{% endif %}
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_read_timeout 900s;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
tcp_nodelay on;
}
{% endmacro %} {% endmacro %}
server { server {

View File

@ -8,7 +8,7 @@ matrix_synapse_admin_container_self_build_repo: "https://github.com/Awesome-Tech
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
matrix_synapse_admin_version: 0.7.2 matrix_synapse_admin_version: 0.8.0
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_self_build else matrix_container_global_registry_prefix }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"