Move matrix-ldap-registration-proxy to its own container network and add native Traefik support

This also makes it handle the `/_matrix/client/v3/register` endpoint, not just `/_matrix/client/r0/register`
2024-01-09 11:26:46 +02:00
parent 9171b8df91
commit 61216d51cc
9 changed files with 150 additions and 71 deletions
--- a/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2
+++ b/roles/custom/matrix-ldap-registration-proxy/templates/labels.j2
@ -0,0 +1,39 @@
+{% if matrix_ldap_registration_proxy_container_labels_traefik_enabled %}
+traefik.enable=true
+
+{% if matrix_ldap_registration_proxy_container_labels_traefik_docker_network %}
+traefik.docker.network={{ matrix_ldap_registration_proxy_container_labels_traefik_docker_network }}
+{% endif %}
+
+{#
+	Registration
+#}
+{% if matrix_ldap_registration_proxy_container_labels_public_endpoint_enabled %}
+
+traefik.http.middlewares.matrix-ldap-registration-proxy-registration-endpoint-replacepath.replacepath.path=/register
+
+traefik.http.routers.matrix-ldap-registration-proxy-registration-endpoint.rule={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_rule }}
+
+traefik.http.routers.matrix-ldap-registration-proxy-registration-endpoint.middlewares=matrix-ldap-registration-proxy-registration-endpoint-replacepath
+
+{% if matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-ldap-registration-proxy-registration-endpoint.priority={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-ldap-registration-proxy-registration-endpoint.service=matrix-ldap-registration-proxy
+traefik.http.routers.matrix-ldap-registration-proxy-registration-endpoint.entrypoints={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_entrypoints }}
+
+traefik.http.routers.matrix-ldap-registration-proxy-registration-endpoint.tls={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_tls | to_json }}
+{% if matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_tls %}
+traefik.http.routers.matrix-ldap-registration-proxy-registration-endpoint.tls.certResolver={{ matrix_ldap_registration_proxy_container_labels_public_endpoint_traefik_tls_certResolver }}
+{% endif %}
+
+traefik.http.services.matrix-ldap-registration-proxy.loadbalancer.server.port={{ matrix_ldap_registration_listen_port }}
+{% endif %}
+{#
+	/Registration
+#}
+
+{% endif %}
+
+{{ matrix_ldap_registration_proxy_container_labels_additional_labels }}
--- a/roles/custom/matrix-ldap-registration-proxy/templates/ldap-registration-proxy.env.j2
+++ b/roles/custom/matrix-ldap-registration-proxy/templates/ldap-registration-proxy.env.j2
@ -29,7 +29,7 @@ MATRIX_SERVER_URL={{ matrix_ldap_registration_proxy_matrix_server_url }}
 # these settings are optional:

 # Specify the port to listen on. Default to 8080
-LISTEN_PORT={{ matrix_ldap_registration_proxy_container_port }}
+LISTEN_PORT={{ matrix_ldap_registration_listen_port }}

 # Use this to extend the configuration with custom variables
 {{ matrix_ldap_registration_proxy_env_variables_extension }}
--- a/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2
+++ b/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2
@ -18,21 +18,30 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s

 # matrix_ldap_registration_proxy writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
 # so /tmp needs to be mounted with an exec option.
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ldap-registration-proxy \
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+			--rm \
+			--name=matrix-ldap-registration-proxy \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
-			--network={{ matrix_docker_network }} \
+			--network={{ matrix_ldap_registration_proxy_container_network }} \
 			{% if matrix_ldap_registration_proxy_container_http_host_bind_port %}
-			-p {{ matrix_ldap_registration_proxy_container_http_host_bind_port }}:{{ matrix_ldap_registration_proxy_container_port }} \
+			-p {{ matrix_ldap_registration_proxy_container_http_host_bind_port }}:{{ matrix_ldap_registration_listen_port }} \
 			{% endif %}
 			--env-file {{ matrix_ldap_registration_proxy_config_path }}/ldap-registration-proxy.env \
+			--label-file={{ matrix_ldap_registration_proxy_base_path }}/labels \
 			{% for arg in matrix_ldap_registration_proxy_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_ldap_registration_proxy_docker_image }}

+{% for network in matrix_ldap_registration_proxy_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-ldap-registration-proxy
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-ldap-registration-proxy
+
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ldap-registration-proxy 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true'
 Restart=always