Improvements around Synapse worker/metrics ports exposure
There was a `matrix_nginx_proxy_enabled|default(False)` check, but: - it didn't seem to work reliably for some reason (hmm) - referring to a `matrix_nginx_proxy_*` variable from within the `matrix-synapse` role is not ideal - exposing always happened on `127.0.0.1`, which may not be good enough for some rarer setups (where the own webserver is external to the host)
This commit is contained in:
parent
f66a6b066b
commit
63301b0ef1
@ -1276,6 +1276,9 @@ matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (ma
|
|||||||
#
|
#
|
||||||
# For exposing the Synapse Manhole port (plain HTTP) to the local host.
|
# For exposing the Synapse Manhole port (plain HTTP) to the local host.
|
||||||
matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if matrix_synapse_manhole_enabled else '' }}"
|
matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if matrix_synapse_manhole_enabled else '' }}"
|
||||||
|
#
|
||||||
|
# For exposing the Synapse worker (and metrics) ports to the local host.
|
||||||
|
matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}"
|
||||||
|
|
||||||
matrix_synapse_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'synapse.db') | to_uuid }}"
|
matrix_synapse_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'synapse.db') | to_uuid }}"
|
||||||
|
|
||||||
|
@ -301,6 +301,14 @@ matrix_synapse_manhole_enabled: false
|
|||||||
# Enable support for Synapse workers
|
# Enable support for Synapse workers
|
||||||
matrix_synapse_workers_enabled: false
|
matrix_synapse_workers_enabled: false
|
||||||
|
|
||||||
|
|
||||||
|
# Controls whether the matrix-synapse container exposes the various worker ports
|
||||||
|
# (see `port` and `metrics_port` in `matrix_synapse_workers_enabled_list`) outside of the container.
|
||||||
|
#
|
||||||
|
# Takes an "<ip>" value (e.g. "127.0.0.1", "0.0.0.0", etc), or empty string to not expose.
|
||||||
|
# It takes "*" to signify "bind on all interfaces" ("0.0.0.0" is IPv4-only).
|
||||||
|
matrix_synapse_workers_container_host_bind_address: ''
|
||||||
|
|
||||||
# Default list of workers to spawn (order in accord to docs)
|
# Default list of workers to spawn (order in accord to docs)
|
||||||
# - no endpoints / doesn't need port mapping if port ends on 0
|
# - no endpoints / doesn't need port mapping if port ends on 0
|
||||||
# - single-instance-only if 2nd last digit of port number is 0
|
# - single-instance-only if 2nd last digit of port number is 0
|
||||||
|
@ -45,19 +45,16 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
|
|||||||
{% if matrix_synapse_manhole_enabled and matrix_synapse_container_manhole_api_host_bind_port %}
|
{% if matrix_synapse_manhole_enabled and matrix_synapse_container_manhole_api_host_bind_port %}
|
||||||
-p {{ matrix_synapse_container_manhole_api_host_bind_port }}:9000 \
|
-p {{ matrix_synapse_container_manhole_api_host_bind_port }}:9000 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if matrix_synapse_workers_enabled and matrix_synapse_workers_container_host_bind_address %}
|
||||||
{% for worker in matrix_synapse_workers_enabled_list %}
|
{% for worker in matrix_synapse_workers_enabled_list %}
|
||||||
{% if matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled|default(False) %}
|
|
||||||
{# Expose worker ports (by default in 18xxx range) on localhost, f.e. when using
|
|
||||||
an external reverse proxy outside the matrix docker network #}
|
|
||||||
{% if worker.port != 0 %}
|
{% if worker.port != 0 %}
|
||||||
-p 127.0.0.1:{{ worker.port }}:{{ worker.port }} \
|
-p {{ '' if matrix_synapse_workers_container_host_bind_address == '*' else (matrix_synapse_workers_container_host_bind_address + ':') }}{{ worker.port }}:{{ worker.port }} \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
|
||||||
{# Expose worker metrics ports on localhost #}
|
|
||||||
{% if worker.metrics_port != 0 %}
|
{% if worker.metrics_port != 0 %}
|
||||||
-p 127.0.0.1:{{ worker.metrics_port }}:{{ worker.metrics_port }} \
|
-p {{ '' if matrix_synapse_workers_container_host_bind_address == '*' else (matrix_synapse_workers_container_host_bind_address + ':') }}{{ worker.metrics_port }}:{{ worker.metrics_port }} \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data,ro \
|
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data,ro \
|
||||||
--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
|
--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
|
||||||
{% for volume in matrix_synapse_container_additional_volumes %}
|
{% for volume in matrix_synapse_container_additional_volumes %}
|
||||||
|
Loading…
Reference in New Issue
Block a user