Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy

roles/matrix-nginx-proxy/defaults/main.yml

@@ -21,6 +21,9 @@ matrix_nginx_proxy_systemd_wanted_services_list: []
 # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
 matrix_nginx_proxy_container_additional_volumes: []
 
+# A list of extra arguments to pass to the container
+matrix_nginx_proxy_container_extra_arguments: []
+
 # Controls whether matrix-nginx-proxy should serve the base domain.
 #
 # This is useful for when you only have your Matrix server, but you need to serve
@@ -66,6 +69,13 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-mxisd:8090"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:8090"
 
+# Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain).
+# This allows another service to control registrations involving 3PIDs.
+# To learn more, see: https://github.com/kamax-matrix/mxisd/blob/master/docs/features/registration.md
+matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false
+matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-mxisd:8090"
+matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:8090"
+
 # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain)
 matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
 matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: "True"
 server {
 	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
 	server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }};

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: "True"
 server {
 	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
 	server_name {{ matrix_nginx_proxy_base_domain_hostname }};

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: "True"
 server {
 	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
 	server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: "True"
 server {
 	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
 	server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};
@@ -102,6 +103,23 @@ server {
 	}
 	{% endif %}
 
+	{% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %}
+	location ~ ^/_matrix/client/r0/register/(email|msisdn)/requestToken$ {
+		{% if matrix_nginx_proxy_enabled %}
+			{# Use the embedded DNS resolver in Docker containers to discover the service #}
+			resolver 127.0.0.11 valid=5s;
+			set $backend "{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container }}";
+			proxy_pass http://$backend;
+		{% else %}
+			{# Generic configuration for use outside of our container setup #}
+			proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container }};
+		{% endif %}
+
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+	}
+	{% endif %}
+
 	{% for configuration_block in matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks %}
 		{{- configuration_block }}
 	{% endfor %}

roles/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: "True"
 # The default is aligned to the CPU's cache size,
 # which can sometimes be too low to handle our 2 vhosts (Synapse and Riot).
 #

roles/matrix-nginx-proxy/templates/nginx/matrix-synapse-metrics-htpasswd.j2

@@ -1,2 +1,3 @@
+#jinja2: lstrip_blocks: "True"
 # User and password for protecting /_synapse/metrics URI
 prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }}

roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: "True"
 # This is a custom nginx configuration file that we use in the container (instead of the default one),
 # because it allows us to run nginx with a non-root user.
 #

roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix nginx-proxy server
 {% for service in matrix_nginx_proxy_systemd_required_services_list %}
@@ -33,6 +34,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
 			{% for volume in matrix_nginx_proxy_container_additional_volumes %}
 			-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
 			{% endfor %}
+			{% for arg in matrix_nginx_proxy_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			{{ matrix_nginx_proxy_docker_image }}
 
 ExecStop=-/usr/bin/docker kill matrix-nginx-proxy

roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: "True"
 #!/bin/bash
 
 # For renewal to work, matrix-nginx-proxy (or another webserver, if matrix-nginx-proxy is disabled)