From 3e57a1463a8f5b39be35da6167da860569430401 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 7 Aug 2019 12:53:53 +0300 Subject: [PATCH] Serve nginx status page over HTTPS as well Continuation of #234 (Github Pull Request). I had unintentionally updated the documentation for the feature, saying the page is available at `https://matrix.DOMAIN/nginx_status`. Looks like it wasn't the case, going against my expectations. I'm correcting this with this patch. The status page is being made available on both HTTP and HTTPS. Serving over HTTP is likely necessary for services like Longview (https://www.linode.com/docs/platform/longview/longview-app-for-nginx/) --- docs/configuring-playbook-ngnix.md | 4 ++- .../nginx/conf.d/matrix-synapse.conf.j2 | 30 ++++++++++++------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md index cc4a64940..14ae8b1d3 100644 --- a/docs/configuring-playbook-ngnix.md +++ b/docs/configuring-playbook-ngnix.md @@ -12,7 +12,9 @@ This will serve a statuspage to the hosting machine only. Useful for monitoring matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: true ``` -This will serve the status page under ```https://matrix.DOMAIN/nginx_status``` +This will serve the status page under the following addresses: +- `http://matrix.DOMAIN/nginx_status` (using HTTP) +- `https://matrix.DOMAIN/nginx_status` (using HTTPS) By default, if ```matrix_nginx_proxy_nginx_status_enabled``` is enabled, access to the status page would be allowed from the local IP address of the server. If you wish to allow access from other IP addresses, you can provide them as a list: diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 356c9f3a7..b3efd7009 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -1,4 +1,17 @@ #jinja2: lstrip_blocks: "True" +{% macro render_nginx_status_location_block(addresses) %} + {# Empty first line to make indentation prettier. #} + + location /nginx_status { + stub_status on; + access_log off; + {% for address in addresses %} + allow {{ address }}; + {% endfor %} + deny all; + } +{% endmacro %} + server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }}; @@ -17,16 +30,9 @@ server { {% endif %} } -{% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} - location /nginx_status { - stub_status on; - access_log off; -{% for address in matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses %} - allow {{ address }}; -{% endfor %} - deny all; - } -{% endif %} + {% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} + {% endif %} location / { return 301 https://$http_host$request_uri; @@ -63,6 +69,10 @@ server { add_header Access-Control-Allow-Origin *; } + {% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location /_matrix/corporal { {% if matrix_nginx_proxy_enabled %}