finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Do not expose /_synapse/admin publicly by default

Browse Source 
Fixes #685 (Github Issue).
This commit is contained in:
Slavi Pantaleev
2020-10-26 10:36:38 +02:00
parent 24c6d7e81f
commit 63a49bb2dc
5 changed files with 48 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
View File

@ -105,29 +105,6 @@
{{- configuration_block }}
{% endfor %}
{#
This handles the Matrix Client API only.
The Matrix Federation API is handled by a separate vhost.
#}
location /_matrix {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container }};
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
client_body_buffer_size 25M;
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
proxy_max_temp_file_size 0;
}
{% if matrix_nginx_proxy_proxy_synapse_metrics %}
location /_synapse/metrics {
{% if matrix_nginx_proxy_enabled %}
@ -150,7 +127,11 @@
}
{% endif %}
location /_synapse {
{#
This handles the Matrix Client API only.
The Matrix Federation API is handled by a separate vhost.
#}
location ~* ^({{ matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes|join('|') }}) {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;