Add support for reverse-proxying Matric (Client & Federation) via Traefik

group_vars/matrix_servers

@@ -2215,6 +2215,7 @@ matrix_nginx_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik
 matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 matrix_nginx_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_config_entrypoint_primary }}"
 
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: true
 matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}"
@@ -3349,6 +3350,12 @@ devture_traefik_enabled: "{{ matrix_playbook_traefik_role_enabled }}"
 devture_traefik_uid: "{{ matrix_user_uid }}"
 devture_traefik_gid: "{{ matrix_user_gid }}"
 
+devture_traefik_additional_entrypoints_auto:
+  - name: matrix-federation
+    port: "{{ matrix_federation_public_port }}"
+    host_bind_port: "{{ matrix_federation_public_port }}"
+    config: {}
+
 ########################################################################
 #                                                                      #
 # /com.devture.ansible.role.traefik                                    #

requirements.yml

@@ -37,4 +37,4 @@
   version: v0.11.1-2
 
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
-  version: 407af71a3667b1d8083beb10bf22423ecf013f58
+  version: b8609fd07c26c89a72fe2934d183af5fd964bc1c

roles/custom/matrix-base/defaults/main.yml

@@ -92,6 +92,9 @@ matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
 
 matrix_federation_public_port: 8448
 
+# The name of the Traefik entrypoint for handling Matrix Federation
+matrix_federation_traefik_entrypoint: matrix-federation
+
 # The architecture that your server runs.
 # Recognized values by us are 'amd64', 'arm32' and 'arm64'.
 # Not all architectures support all services, so your experience (on non-amd64) may vary.

roles/custom/matrix-nginx-proxy/defaults/main.yml

@@ -49,6 +49,13 @@ matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_nginx_pro
 matrix_nginx_proxy_container_labels_traefik_entrypoints: web-secure
 matrix_nginx_proxy_container_labels_traefik_tls_certResolver: default  # noqa var-naming
 
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: false
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname }}`)"
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint: "{{ matrix_federation_traefik_entrypoint }}"
+matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints: "{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint }}"
+
 matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: false
 matrix_nginx_proxy_container_labels_traefik_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_element_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"

roles/custom/matrix-nginx-proxy/templates/labels.j2

@@ -6,6 +6,27 @@ traefik.docker.network={{ matrix_nginx_proxy_container_labels_traefik_docker_net
 {% endif %}
 
 
+{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled %}
+# Matrix Client
+traefik.http.routers.matrix-nginx-proxy-matrix-client.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
+traefik.http.routers.matrix-nginx-proxy-matrix-client.service=matrix-nginx-proxy-web
+traefik.http.routers.matrix-nginx-proxy-matrix-client.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
+{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}
+traefik.http.routers.matrix-nginx-proxy-matrix-client.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
+{% endif %}
+traefik.http.routers.matrix-nginx-proxy-matrix-client.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
+
+# Matrix Federation
+traefik.http.routers.matrix-nginx-proxy-matrix-federation.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
+traefik.http.routers.matrix-nginx-proxy-matrix-federation.service=matrix-nginx-proxy-federation
+traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
+{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}
+traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
+{% endif %}
+traefik.http.routers.matrix-nginx-proxy-matrix-federation.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints }}
+{% endif %}
+
+
 {% if matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled %}
 # Element
 traefik.http.routers.matrix-nginx-proxy-element.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_element_rule }}
@@ -139,6 +160,11 @@ traefik.http.routers.matrix-nginx-proxy-ntfy.entrypoints={{ matrix_nginx_proxy_c
 
 
 traefik.http.services.matrix-nginx-proxy-web.loadbalancer.server.port=8080
+
+{% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %}
+traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }}
+{% endif %}
+
 {% endif %}
 
 {{ matrix_nginx_proxy_container_labels_additional_labels }}