From 28a26dde4e511d47fc73a273baae39b9021755aa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 17 Jan 2024 16:57:06 +0200 Subject: [PATCH 01/14] Make it safer to reference variables from alternative homeserver implementations This allows people to not include the `matrix-conduit` or `matrix-dendrite` roles in their custom playbook (based on our roles) and still not have the playbook choke on variables from these roles missing. For getting rid of the `matrix-synapse` role in a similar way, more work is likely necessary. --- group_vars/matrix_servers | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d9456a3e8..1354a5aed 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -471,18 +471,18 @@ matrix_homeserver_systemd_services_list: |- matrix_homeserver_container_client_api_endpoint: |- {{ { - 'synapse': ('matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:'+ matrix_synapse_container_client_api_port|string), - 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port|string), - 'conduit': ('matrix-conduit:' + matrix_conduit_port_number|string), + 'synapse': ('matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled | default(false) else ('matrix-synapse:'+ matrix_synapse_container_client_api_port | default('8008') | string)), + 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), + 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), }[matrix_homeserver_implementation] }} matrix_homeserver_container_federation_api_endpoint: |- {{ { - 'synapse': ('matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string), - 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port|string), - 'conduit': ('matrix-conduit:' + matrix_conduit_port_number|string), + 'synapse': ('matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else ('matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port | default('8008') | string)), + 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), + 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), }[matrix_homeserver_implementation] }} @@ -2152,8 +2152,8 @@ matrix_bot_maubot_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }} matrix_bot_maubot_homeserver_secret: |- {{ { - 'synapse': matrix_synapse_registration_shared_secret, - 'dendrite': matrix_dendrite_client_api_registration_shared_secret, + 'synapse': matrix_synapse_registration_shared_secret | default(''), + 'dendrite': matrix_dendrite_client_api_registration_shared_secret | default(''), }[matrix_homeserver_implementation] }} @@ -4485,8 +4485,8 @@ matrix_registration_riot_instance: "{{ ('https://' + matrix_server_fqn_element) matrix_registration_shared_secret: |- {{ { - 'synapse': matrix_synapse_registration_shared_secret, - 'dendrite': matrix_dendrite_client_api_registration_shared_secret, + 'synapse': matrix_synapse_registration_shared_secret | default (''), + 'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''), 'conduit': '', }[matrix_homeserver_implementation] }} From f9e19e962347b21abd93d1fa6feda031c1c82ce2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 17 Jan 2024 17:22:08 +0200 Subject: [PATCH 02/14] Always uninstall matrix-nginx-proxy, if discovered This changes the behavior of `matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled` and is against what we initially described in the changelog entry, but I've discovered some problems when the `matrix-nginx-proxy` service and container remain running. They need to go. --- CHANGELOG.md | 12 +++++++----- .../matrix_playbook_migration/defaults/main.yml | 4 ++-- .../custom/matrix_playbook_migration/tasks/main.yml | 3 +-- .../tasks/uninstall_matrix_nginx_proxy.yml | 9 +++++---- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 29e692850..7bb44f665 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -205,15 +205,17 @@ If this is still not convincing enough for you and you want the best possible pe The updated playbook will automatically perform some migration tasks for you: -1. It will uninstall `matrix-nginx-proxy` for you and delete the `/matrix/nginx-proxy` directory and all files within it. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled: false` to your `vars.yml` configuration file. Doing so will leave an orphan (and unusable) `matrix-nginx-proxy` container and its data around. It will not let you continue using nginx for a while longer. You need to migrate - now! +1. It will stop and remove the `matrix-nginx-proxy` systemd service and container for you. This behavior cannot be disabled. It's essential that this service gets stopped, because it remaining running (and having container labels) may confuse Traefik as to where to route HTTP requests. -2. It will delete the `/matrix/ssl` directory and all files within it. You can disable this behavior by adding `matrix_playbook_migration_matrix_ssl_uninstallation_enabled: false` to your `vars.yml` configuration file. If you have some important certificates there for some reason, take them out or temporarily disable removal of these files until you do. +2. It will delete the `/matrix/nginx-proxy` directory and all files within it. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled: false` to your `vars.yml` configuration file. Doing so will leave its data around. -3. It will tell you about all variables (`matrix_nginx_proxy_*` and many others - even from other roles) that have changed during this large nginx-elimination upgrade. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_elimination_variable_transition_checks_enabled: false` to your `vars.yml` configuration file. +3. It will delete the `/matrix/ssl` directory and all files within it. You can disable this behavior by adding `matrix_playbook_migration_matrix_ssl_uninstallation_enabled: false` to your `vars.yml` configuration file. If you have some important certificates there for some reason, take them out or temporarily disable removal of these files until you do. -4. It will tell you about any leftover `matrix_nginx_proxy_*` variables in your `vars.yml` file. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_leftover_variable_validation_checks_enabled: false` to your `vars.yml` configuration file. +4. It will tell you about all variables (`matrix_nginx_proxy_*` and many others - even from other roles) that have changed during this large nginx-elimination upgrade. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_elimination_variable_transition_checks_enabled: false` to your `vars.yml` configuration file. -5. It will tell you about any leftover `matrix_ssl_*` variables in your `vars.yml` file. You can disable this behavior by adding `matrix_playbook_migration_matrix_ssl_leftover_variable_checks_enabled: false` to your `vars.yml` configuration file. +5. It will tell you about any leftover `matrix_nginx_proxy_*` variables in your `vars.yml` file. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_leftover_variable_validation_checks_enabled: false` to your `vars.yml` configuration file. + +6. It will tell you about any leftover `matrix_ssl_*` variables in your `vars.yml` file. You can disable this behavior by adding `matrix_playbook_migration_matrix_ssl_leftover_variable_checks_enabled: false` to your `vars.yml` configuration file. We don't recommend changing these variables and suppressing warnings, unless you know what you're doing. diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml index b870309d5..0c797cb10 100644 --- a/roles/custom/matrix_playbook_migration/defaults/main.yml +++ b/roles/custom/matrix_playbook_migration/defaults/main.yml @@ -56,8 +56,8 @@ matrix_playbook_migration_matrix_nginx_proxy_leftover_variable_validation_checks # Controls if (`matrix_ssl_`) leftover variable checks will run. matrix_playbook_migration_matrix_ssl_leftover_variable_checks_enabled: true -# Controls whether this role will try to detect and clean up after the matrix-nginx-proxy role. -# When enabled, the systemd serivce will be stopped and removed, as well as all data in `/matrix/nginx-proxy +# Controls whether this role will delete old files left over from `matrix-nginx-proxy`. +# Regardless of this value, if discovered, a `matrix-nginx-proxy.service` systemd serivce will be stopped and removed. matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled: true # Controls whether this role will try to detect and clean up the /matrix/ssl files. diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index 552b0af29..bbee3000f 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -33,8 +33,7 @@ block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/cleanup_matrix_static_files_well_known.yml" -- when: matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled | bool - tags: +- tags: - setup-all - install-all block: diff --git a/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml b/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml index f1fa4f518..adb005369 100644 --- a/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml +++ b/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml @@ -19,7 +19,8 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" state: absent - - name: Ensure matrix-proxy-files files are deleted - ansible.builtin.file: - path: "{{ matrix_base_data_path }}/nginx-proxy" - state: absent +- when: matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled | bool + name: Ensure matrix-proxy-files files are deleted + ansible.builtin.file: + path: "{{ matrix_base_data_path }}/nginx-proxy" + state: absent From 474db10238b114b3724066b1f6024c212567720f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 17 Jan 2024 17:27:31 +0200 Subject: [PATCH 03/14] Reorder Ansible task module parameters to make ansible-lint happy --- .../tasks/uninstall_matrix_nginx_proxy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml b/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml index adb005369..acfacddb0 100644 --- a/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml +++ b/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml @@ -19,8 +19,8 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" state: absent -- when: matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled | bool - name: Ensure matrix-proxy-files files are deleted +- name: Ensure matrix-proxy-files files are deleted + when: matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled | bool ansible.builtin.file: path: "{{ matrix_base_data_path }}/nginx-proxy" state: absent From 51df34e7ae3fbf2a500a10cfdf85f34b31bcfad6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 17 Jan 2024 17:56:45 +0200 Subject: [PATCH 04/14] Ensure each container labels file defines at least one service Most of these files were defining a service, usually toward the end. These lines have been moved upward. Some components (mautrix-signal, mautrix-gmessages, etc.) were defining a service conditionally (only if metrics are exposed, etc). This was causing issues like these in the Traefik logs: > level=error msg="service \"matrix-mautrix-twitter\" error: port is missing" providerName=docker container=matrix-mautrix-twitter-.. --- .../matrix-bot-buscarron/templates/labels.j2 | 3 ++- .../custom/matrix-bot-go-neb/templates/labels.j2 | 3 ++- .../matrix-bot-honoroit/templates/labels.j2 | 3 ++- .../matrix-bridge-hookshot/templates/labels.j2 | 16 ++++++---------- .../templates/labels.j2 | 7 +++---- .../templates/labels.j2 | 4 ++-- .../templates/labels.j2 | 7 +++---- .../templates/labels.j2 | 7 +++---- .../templates/labels.j2 | 4 ++-- .../templates/labels.j2 | 4 ++-- .../templates/labels.j2 | 4 ++-- .../templates/labels.j2 | 4 ++-- .../templates/labels.j2 | 4 ++-- .../templates/labels.j2 | 3 ++- .../templates/labels.j2 | 4 ++-- .../matrix-client-cinny/templates/labels.j2 | 3 ++- .../matrix-client-element/templates/labels.j2 | 3 ++- .../matrix-client-hydrogen/templates/labels.j2 | 3 ++- .../templates/labels.j2 | 3 ++- roles/custom/matrix-corporal/templates/labels.j2 | 6 ++---- .../custom/matrix-dimension/templates/labels.j2 | 3 ++- .../custom/matrix-rageshake/templates/labels.j2 | 3 ++- .../matrix-sliding-sync/templates/labels.j2 | 3 ++- roles/custom/matrix-sygnal/templates/labels.j2 | 3 ++- .../matrix-synapse-admin/templates/labels.j2 | 3 ++- 25 files changed, 57 insertions(+), 53 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/templates/labels.j2 b/roles/custom/matrix-bot-buscarron/templates/labels.j2 index 9150a44bf..b5f020a17 100644 --- a/roles/custom/matrix-bot-buscarron/templates/labels.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_bot_buscarron_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% set middlewares_metrics = [] %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-bot-buscarron.tls={{ matrix_bot_buscarron_container_ {% if matrix_bot_buscarron_container_labels_traefik_tls %} traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080 {% endif %} diff --git a/roles/custom/matrix-bot-go-neb/templates/labels.j2 b/roles/custom/matrix-bot-go-neb/templates/labels.j2 index 54aa25835..1f0123add 100644 --- a/roles/custom/matrix-bot-go-neb/templates/labels.j2 +++ b/roles/custom/matrix-bot-go-neb/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_bot_go_neb_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-bot-go-neb.loadbalancer.server.port=4050 + {% set middlewares = [] %} {% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-bot-go-neb.tls={{ matrix_bot_go_neb_container_labels traefik.http.routers.matrix-bot-go-neb.tls.certResolver={{ matrix_bot_go_neb_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-bot-go-neb.loadbalancer.server.port=4050 {% endif %} {{ matrix_bot_go_neb_container_labels_additional_labels }} diff --git a/roles/custom/matrix-bot-honoroit/templates/labels.j2 b/roles/custom/matrix-bot-honoroit/templates/labels.j2 index 8e20ea459..ef210c49d 100644 --- a/roles/custom/matrix-bot-honoroit/templates/labels.j2 +++ b/roles/custom/matrix-bot-honoroit/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_bot_honoroit_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-bot-honoroit-metrics.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% set middlewares_metrics = [] %} @@ -43,7 +45,6 @@ traefik.http.routers.matrix-bot-honoroit-metrics.tls={{ matrix_bot_honoroit_cont {% if matrix_bot_honoroit_container_labels_traefik_tls %} traefik.http.routers.matrix-bot-honoroit-metrics.tls.certResolver={{ matrix_bot_honoroit_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-bot-honoroit-metrics.loadbalancer.server.port=8080 {% endif %} {% endif %} diff --git a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 index 35d47b9fd..07f015723 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 @@ -5,6 +5,12 @@ traefik.enable=true traefik.docker.network={{ matrix_hookshot_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-hookshot-webhooks.loadbalancer.server.port={{ matrix_hookshot_webhook_port }} +traefik.http.services.matrix-hookshot-appservice.loadbalancer.server.port={{ matrix_hookshot_appservice_port }} +traefik.http.services.matrix-hookshot-widgets.loadbalancer.server.port={{ matrix_hookshot_widgets_port }} +traefik.http.services.matrix-hookshot-provisioning.loadbalancer.server.port={{ matrix_hookshot_provisioning_port }} +traefik.http.services.matrix-hookshot-metrics.loadbalancer.server.port={{ matrix_hookshot_metrics_port }} + {% if matrix_hookshot_container_labels_webhooks_enabled %} ############################################################ # # @@ -12,8 +18,6 @@ traefik.docker.network={{ matrix_hookshot_container_labels_traefik_docker_networ # # ############################################################ -traefik.http.services.matrix-hookshot-webhooks.loadbalancer.server.port={{ matrix_hookshot_webhook_port }} - traefik.http.middlewares.matrix-hookshot-webhooks-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_webhook_endpoint }} traefik.http.routers.matrix-hookshot-webhooks.rule={{ matrix_hookshot_container_labels_webhooks_traefik_rule }} @@ -47,8 +51,6 @@ traefik.http.routers.matrix-hookshot-webhooks.tls.certResolver={{ matrix_hooksho # # ############################################################ -traefik.http.services.matrix-hookshot-appservice.loadbalancer.server.port={{ matrix_hookshot_appservice_port }} - traefik.http.middlewares.matrix-hookshot-appservice-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_appservice_endpoint }} traefik.http.routers.matrix-hookshot-appservice.rule={{ matrix_hookshot_container_labels_appservice_traefik_rule }} @@ -81,8 +83,6 @@ traefik.http.routers.matrix-hookshot-appservice.tls.certResolver={{ matrix_hooks # # ############################################################ -traefik.http.services.matrix-hookshot-widgets.loadbalancer.server.port={{ matrix_hookshot_widgets_port }} - traefik.http.middlewares.matrix-hookshot-widgets-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_widgets_endpoint }} traefik.http.routers.matrix-hookshot-widgets.rule={{ matrix_hookshot_container_labels_widgets_traefik_rule }} @@ -114,8 +114,6 @@ traefik.http.routers.matrix-hookshot-widgets.tls.certResolver={{ matrix_hookshot # # ############################################################ -traefik.http.services.matrix-hookshot-provisioning.loadbalancer.server.port={{ matrix_hookshot_provisioning_port }} - traefik.http.middlewares.matrix-hookshot-provisioning-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_provisioning_endpoint }} traefik.http.routers.matrix-hookshot-provisioning.rule={{ matrix_hookshot_container_labels_provisioning_traefik_rule }} @@ -148,8 +146,6 @@ traefik.http.routers.matrix-hookshot-provisioning.tls.certResolver={{ matrix_hoo # # ############################################################ -traefik.http.services.matrix-hookshot-metrics.loadbalancer.server.port={{ matrix_hookshot_metrics_port }} - {% set metricsMiddlewares = ['matrix-hookshot-metrics-replace-path'] %} traefik.http.middlewares.matrix-hookshot-metrics-replace-path.replacepath.path=/metrics diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/labels.j2 index a1cce4e45..d71e7eed2 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/labels.j2 @@ -5,6 +5,9 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_facebook_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-facebook-appservice.loadbalancer.server.port=29319 +traefik.http.services.matrix-mautrix-facebook-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_facebook_container_labels_public_endpoint_enabled %} ############################################################ # # @@ -12,8 +15,6 @@ traefik.docker.network={{ matrix_mautrix_facebook_container_labels_traefik_docke # # ############################################################ -traefik.http.services.matrix-mautrix-facebook-appservice.loadbalancer.server.port=29319 - traefik.http.routers.matrix-mautrix-facebook-public.rule={{ matrix_mautrix_facebook_container_labels_public_endpoint_traefik_rule }} {% if matrix_mautrix_facebook_container_labels_public_endpoint_traefik_priority | int > 0 %} @@ -43,8 +44,6 @@ traefik.http.routers.matrix-mautrix-facebook-public.tls.certResolver={{ matrix_m # # ############################################################ -traefik.http.services.matrix-mautrix-facebook-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-facebook-metrics-basic-auth.basicauth.users={{ matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-facebook-metrics.middlewares=matrix-mautrix-facebook-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2 index f960ef01e..1beea2c1c 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_gmessages_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-gmessages-metrics.loadbalancer.server.port=8001 + {% if matrix_mautrix_gmessages_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_gmessages_container_labels_traefik_dock # # ############################################################ -traefik.http.services.matrix-mautrix-gmessages-metrics.loadbalancer.server.port=8001 - {% if matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-gmessages-metrics-basic-auth.basicauth.users={{ matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-gmessages-metrics.middlewares=matrix-mautrix-gmessages-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-googlechat/templates/labels.j2 index d43bb1ad8..8f35f5c51 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-googlechat/templates/labels.j2 @@ -5,6 +5,9 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_googlechat_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-googlechat-public.loadbalancer.server.port=8080 +traefik.http.services.matrix-mautrix-googlechat-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_googlechat_container_labels_public_endpoint_enabled %} ############################################################ # # @@ -12,8 +15,6 @@ traefik.docker.network={{ matrix_mautrix_googlechat_container_labels_traefik_doc # # ############################################################ -traefik.http.services.matrix-mautrix-googlechat-public.loadbalancer.server.port=8080 - traefik.http.routers.matrix-mautrix-googlechat-public.rule={{ matrix_mautrix_googlechat_container_labels_public_endpoint_traefik_rule }} {% if matrix_mautrix_googlechat_container_labels_public_endpoint_traefik_priority | int > 0 %} @@ -43,8 +44,6 @@ traefik.http.routers.matrix-mautrix-googlechat-public.tls.certResolver={{ matrix # # ############################################################ -traefik.http.services.matrix-mautrix-googlechat-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_googlechat_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-googlechat-metrics-basic-auth.basicauth.users={{ matrix_mautrix_googlechat_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-googlechat-metrics.middlewares=matrix-mautrix-googlechat-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-hangouts/templates/labels.j2 index b5e561fdf..31dd03e2d 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-hangouts/templates/labels.j2 @@ -5,6 +5,9 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_hangouts_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-hangouts-public.loadbalancer.server.port=8080 +traefik.http.services.matrix-mautrix-hangouts-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_hangouts_container_labels_public_endpoint_enabled %} ############################################################ # # @@ -12,8 +15,6 @@ traefik.docker.network={{ matrix_mautrix_hangouts_container_labels_traefik_docke # # ############################################################ -traefik.http.services.matrix-mautrix-hangouts-public.loadbalancer.server.port=8080 - traefik.http.routers.matrix-mautrix-hangouts-public.rule={{ matrix_mautrix_hangouts_container_labels_public_endpoint_traefik_rule }} {% if matrix_mautrix_hangouts_container_labels_public_endpoint_traefik_priority | int > 0 %} @@ -43,8 +44,6 @@ traefik.http.routers.matrix-mautrix-hangouts-public.tls.certResolver={{ matrix_m # # ############################################################ -traefik.http.services.matrix-mautrix-hangouts-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_hangouts_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-hangouts-metrics-basic-auth.basicauth.users={{ matrix_mautrix_hangouts_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-hangouts-metrics.middlewares=matrix-mautrix-hangouts-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-instagram/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/labels.j2 index e05a2162b..c67f2264d 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_instagram_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-instagram-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_instagram_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_instagram_container_labels_traefik_dock # # ############################################################ -traefik.http.services.matrix-mautrix-instagram-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-instagram-metrics-basic-auth.basicauth.users={{ matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-instagram-metrics.middlewares=matrix-mautrix-instagram-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2 index cbc35ed36..fb912080a 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_signal_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-signal-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_signal_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_signal_container_labels_traefik_docker_ # # ############################################################ -traefik.http.services.matrix-mautrix-signal-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-signal-metrics-basic-auth.basicauth.users={{ matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-signal-metrics.middlewares=matrix-mautrix-signal-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2 index 15018362f..e54502e74 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_twitter_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-twitter-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_twitter_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_twitter_container_labels_traefik_docker # # ############################################################ -traefik.http.services.matrix-mautrix-twitter-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-twitter-metrics-basic-auth.basicauth.users={{ matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-twitter-metrics.middlewares=matrix-mautrix-twitter-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2 index 1483f9305..23f94361e 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_whatsapp_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-whatsapp-metrics.loadbalancer.server.port=8001 + {% if matrix_mautrix_whatsapp_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_whatsapp_container_labels_traefik_docke # # ############################################################ -traefik.http.services.matrix-mautrix-whatsapp-metrics.loadbalancer.server.port=8001 - {% if matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-whatsapp-metrics-basic-auth.basicauth.users={{ matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-whatsapp-metrics.middlewares=matrix-mautrix-whatsapp-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 b/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 index 5f24230d3..aec01387f 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mx_puppet_slack_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mx-puppet-slack.loadbalancer.server.port={{ matrix_mx_puppet_slack_appservice_address }} + {% if matrix_mx_puppet_slack_container_labels_public_endpoint_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mx_puppet_slack_container_labels_traefik_docker # # ############################################################ -traefik.http.services.matrix-mx-puppet-slack.loadbalancer.server.port={{ matrix_mx_puppet_slack_appservice_address }} - traefik.http.routers.matrix-mx-puppet-slack-public.rule={{ matrix_mx_puppet_slack_container_labels_public_endpoint_traefik_rule }} {% if matrix_mx_puppet_slack_container_labels_public_endpoint_traefik_priority | int > 0 %} diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/templates/labels.j2 b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/labels.j2 index 1c20ab174..9aef5fe0d 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/labels.j2 @@ -5,13 +5,14 @@ traefik.enable=true traefik.docker.network={{ matrix_mx_puppet_twitter_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.martix-mx-puppet-twitter.loadbalancer.server.port={{ matrix_mx_puppet_twitter_appservice_port }} + {% if matrix_mx_puppet_twitter_container_labels_public_endpoint_enabled %} ############################################################ # # # Public # # # ############################################################ -traefik.http.services.martix-mx-puppet-twitter.loadbalancer.server.port={{ matrix_mx_puppet_twitter_appservice_port }} traefik.http.routers.matrix-mx-puppet-twitter-public.rule={{ matrix_mx_puppet_twitter_container_labels_public_endpoint_traefik_rule }} diff --git a/roles/custom/matrix-cactus-comments-client/templates/labels.j2 b/roles/custom/matrix-cactus-comments-client/templates/labels.j2 index 83c140ca7..274ba9e07 100644 --- a/roles/custom/matrix-cactus-comments-client/templates/labels.j2 +++ b/roles/custom/matrix-cactus-comments-client/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_cactus_comments_client_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-cactus-comments-client.loadbalancer.server.port={{ matrix_cactus_comments_client_environment_variable_server_port }} + {% if matrix_cactus_comments_client_container_labels_public_enabled %} ############################################################ @@ -13,8 +15,6 @@ traefik.docker.network={{ matrix_cactus_comments_client_container_labels_traefik # # ############################################################ -traefik.http.services.matrix-cactus-comments-client.loadbalancer.server.port={{ matrix_cactus_comments_client_environment_variable_server_port }} - {% set public_middlewares = [] %} {% if matrix_cactus_comments_client_container_labels_public_traefik_path_prefix != '/' %} diff --git a/roles/custom/matrix-client-cinny/templates/labels.j2 b/roles/custom/matrix-client-cinny/templates/labels.j2 index f1c4f49ad..ede967226 100644 --- a/roles/custom/matrix-client-cinny/templates/labels.j2 +++ b/roles/custom/matrix-client-cinny/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_client_cinny_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-client-cinny.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% if matrix_client_cinny_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-client-cinny.tls={{ matrix_client_cinny_container_la traefik.http.routers.matrix-client-cinny.tls.certResolver={{ matrix_client_cinny_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-client-cinny.loadbalancer.server.port=8080 {% endif %} {{ matrix_client_cinny_container_labels_additional_labels }} diff --git a/roles/custom/matrix-client-element/templates/labels.j2 b/roles/custom/matrix-client-element/templates/labels.j2 index de67299e2..8de199918 100644 --- a/roles/custom/matrix-client-element/templates/labels.j2 +++ b/roles/custom/matrix-client-element/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_client_element_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-client-element.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% if matrix_client_element_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-client-element.tls={{ matrix_client_element_containe traefik.http.routers.matrix-client-element.tls.certResolver={{ matrix_client_element_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-client-element.loadbalancer.server.port=8080 {% endif %} {{ matrix_client_element_container_labels_additional_labels }} diff --git a/roles/custom/matrix-client-hydrogen/templates/labels.j2 b/roles/custom/matrix-client-hydrogen/templates/labels.j2 index 71c3ca59e..f5ccf8c97 100644 --- a/roles/custom/matrix-client-hydrogen/templates/labels.j2 +++ b/roles/custom/matrix-client-hydrogen/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_client_hydrogen_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-client-hydrogen.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% if matrix_client_hydrogen_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-client-hydrogen.tls={{ matrix_client_hydrogen_contai traefik.http.routers.matrix-client-hydrogen.tls.certResolver={{ matrix_client_hydrogen_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-client-hydrogen.loadbalancer.server.port=8080 {% endif %} {{ matrix_client_hydrogen_container_labels_additional_labels }} diff --git a/roles/custom/matrix-client-schildichat/templates/labels.j2 b/roles/custom/matrix-client-schildichat/templates/labels.j2 index 85e279821..25f19f6b4 100644 --- a/roles/custom/matrix-client-schildichat/templates/labels.j2 +++ b/roles/custom/matrix-client-schildichat/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_client_schildichat_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-client-schildichat.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-client-schildichat.tls={{ matrix_client_schildichat_ traefik.http.routers.matrix-client-schildichat.tls.certResolver={{ matrix_client_schildichat_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-client-schildichat.loadbalancer.server.port=8080 {% endif %} {{ matrix_client_schildichat_container_labels_additional_labels }} diff --git a/roles/custom/matrix-corporal/templates/labels.j2 b/roles/custom/matrix-corporal/templates/labels.j2 index 7b650edee..e28fd7761 100644 --- a/roles/custom/matrix-corporal/templates/labels.j2 +++ b/roles/custom/matrix-corporal/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_corporal_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-corporal-api.loadbalancer.server.port=41081 +traefik.http.services.matrix-corporal-gateway.loadbalancer.server.port=41080 {% if matrix_corporal_container_labels_api_enabled %} ############################################################ @@ -13,8 +15,6 @@ traefik.docker.network={{ matrix_corporal_container_labels_traefik_docker_networ # # ############################################################ -traefik.http.services.matrix-corporal-api.loadbalancer.server.port=41081 - traefik.http.routers.matrix-corporal-api.rule={{ matrix_corporal_container_labels_api_traefik_rule }} {% if matrix_corporal_container_labels_api_traefik_priority | int > 0 %} @@ -44,8 +44,6 @@ traefik.http.routers.matrix-corporal-api.tls.certResolver={{ matrix_corporal_con # # ############################################################ -traefik.http.services.matrix-corporal-gateway.loadbalancer.server.port=41080 - traefik.http.routers.matrix-corporal-matrix-client-api.rule={{ matrix_corporal_container_labels_matrix_client_api_traefik_rule }} {% if matrix_corporal_container_labels_matrix_client_api_traefik_priority | int > 0 %} diff --git a/roles/custom/matrix-dimension/templates/labels.j2 b/roles/custom/matrix-dimension/templates/labels.j2 index 24b570cbb..09ad07b96 100644 --- a/roles/custom/matrix-dimension/templates/labels.j2 +++ b/roles/custom/matrix-dimension/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_dimension_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-dimension.loadbalancer.server.port=8184 + {% set middlewares = [] %} {% if matrix_dimension_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-dimension.tls={{ matrix_dimension_container_labels_t traefik.http.routers.matrix-dimension.tls.certResolver={{ matrix_dimension_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-dimension.loadbalancer.server.port=8184 {% endif %} {{ matrix_dimension_container_labels_additional_labels }} diff --git a/roles/custom/matrix-rageshake/templates/labels.j2 b/roles/custom/matrix-rageshake/templates/labels.j2 index cdaf5f6af..626c2fb7c 100644 --- a/roles/custom/matrix-rageshake/templates/labels.j2 +++ b/roles/custom/matrix-rageshake/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_rageshake_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-rageshake.loadbalancer.server.port=9110 + {% set middlewares = [] %} {% if matrix_rageshake_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-rageshake.tls={{ matrix_rageshake_container_labels_t traefik.http.routers.matrix-rageshake.tls.certResolver={{ matrix_rageshake_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-rageshake.loadbalancer.server.port=9110 {% endif %} {{ matrix_rageshake_container_labels_additional_labels }} diff --git a/roles/custom/matrix-sliding-sync/templates/labels.j2 b/roles/custom/matrix-sliding-sync/templates/labels.j2 index 665492499..aecc5a8a9 100644 --- a/roles/custom/matrix-sliding-sync/templates/labels.j2 +++ b/roles/custom/matrix-sliding-sync/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_sliding_sync_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-sliding-sync.loadbalancer.server.port=8008 + {% set middlewares = [] %} {% if matrix_sliding_sync_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-sliding-sync.tls={{ matrix_sliding_sync_container_la traefik.http.routers.matrix-sliding-sync.tls.certResolver={{ matrix_sliding_sync_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-sliding-sync.loadbalancer.server.port=8008 {% endif %} {{ matrix_sliding_sync_container_labels_additional_labels }} diff --git a/roles/custom/matrix-sygnal/templates/labels.j2 b/roles/custom/matrix-sygnal/templates/labels.j2 index 964805894..3ef6731c3 100644 --- a/roles/custom/matrix-sygnal/templates/labels.j2 +++ b/roles/custom/matrix-sygnal/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_sygnal_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-sygnal.loadbalancer.server.port=6000 + {% set middlewares = [] %} {% if matrix_sygnal_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-sygnal.tls={{ matrix_sygnal_container_labels_traefik traefik.http.routers.matrix-sygnal.tls.certResolver={{ matrix_sygnal_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-sygnal.loadbalancer.server.port=6000 {% endif %} {{ matrix_sygnal_container_labels_additional_labels }} diff --git a/roles/custom/matrix-synapse-admin/templates/labels.j2 b/roles/custom/matrix-synapse-admin/templates/labels.j2 index 946fd6c98..b4e973e00 100644 --- a/roles/custom/matrix-synapse-admin/templates/labels.j2 +++ b/roles/custom/matrix-synapse-admin/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_synapse_admin_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80 + {% set middlewares = [] %} {% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-synapse-admin.tls={{ matrix_synapse_admin_container_ traefik.http.routers.matrix-synapse-admin.tls.certResolver={{ matrix_synapse_admin_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80 {% endif %} {{ matrix_synapse_admin_container_labels_additional_labels }} From ce883a5fcea8f48d73fdf961d128cfaabfc78f42 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 17 Jan 2024 19:18:01 +0200 Subject: [PATCH 05/14] Upgrade Postgres (v16.1-4 -> v16.1-5) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 258ace316..9b557b48c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -40,7 +40,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.1-4 + version: v16.1-5 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 7eadc992ca952fc29bf3fab5aa6335fa82ff01e5 From 775000883a46498e368d7bcedfdb3cd81bf5527f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 18 Jan 2024 11:31:59 +0200 Subject: [PATCH 06/14] Fix Jinja issue related to Synapse workers keepalive templating Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3114 --- .../conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 index c94855d59..8b5446d91 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 @@ -12,7 +12,7 @@ {% macro render_worker_upstream(name, workers) %} {% if workers | length > 0 %} upstream {{ name }} { - keepalive {{ workers | length * 2 }}; + keepalive {{ ((workers | length) * 2) | string }}; {% for worker in workers %} server "{{ worker.name }}:{{ worker.port }}"; {% endfor %} @@ -42,7 +42,7 @@ # ensures that requests from the same client will always be passed # to the same server (except when this server is unavailable) hash $http_x_forwarded_for; - keepalive {{ generic_workers | length * 2 }}; + keepalive {{ ((generic_workers | length) * 2) | string }}; {% for worker in generic_workers %} server "{{ worker.name }}:{{ worker.port }}"; From aed641e694e2191407723a8c7578cadd96db98b3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 18 Jan 2024 12:12:41 +0200 Subject: [PATCH 07/14] Disable addons communicating with the homeserver via Traefik if there is no Traefik at all --- roles/custom/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index e2fef17bd..a4c31bfcd 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -291,7 +291,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition: # because addon services (e.g. bridges, bots) cannot properly pass a `Host` HTTP header when making # requests to the endpoint's address (e.g. `http://devture-traefik:8008/`). # This entrypoint only aims to handle a single "virtual host" - one dealing with the homeserver's Client-Server API. -matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: true +matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-internal-matrix-client-api matrix_playbook_internal_matrix_client_api_traefik_entrypoint_port: 8008 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_host_bind_port: '' From 66bf8589ae9d5a4e1fc0eed84560cba4feae398e Mon Sep 17 00:00:00 2001 From: mcnesium Date: Thu, 18 Jan 2024 11:16:01 +0100 Subject: [PATCH 08/14] fix ProxyPass directive by adding mandatory trailing slash --- examples/reverse-proxies/apache/matrix-domain.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/reverse-proxies/apache/matrix-domain.conf b/examples/reverse-proxies/apache/matrix-domain.conf index ba4af4f44..4c79558b2 100644 --- a/examples/reverse-proxies/apache/matrix-domain.conf +++ b/examples/reverse-proxies/apache/matrix-domain.conf @@ -29,7 +29,7 @@ RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} AllowEncodedSlashes NoDecode - ProxyPass / http://127.0.0.1:81 retry=0 nocanon + ProxyPass / http://127.0.0.1:81/ retry=0 nocanon ProxyPassReverse / http://127.0.0.1:81/ ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log From 0ec62855bbc259a49b9fad8adcc41e166308c109 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 18 Jan 2024 15:25:44 +0200 Subject: [PATCH 09/14] Avoid configuring SSL certificate settings for services when certs dumper is disabled Some of these variables were ending up configuring services to expect certificates.. yet there's no way they could get them. --- group_vars/matrix_servers | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1354a5aed..92653ee3b 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2314,8 +2314,8 @@ matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in matrix_bot_postmoogle_ssl_path: |- {{ { - 'playbook-managed-traefik': devture_traefik_certs_dumper_dumped_certificates_dir_path, - 'other-traefik-container': devture_traefik_certs_dumper_dumped_certificates_dir_path, + 'playbook-managed-traefik': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2326,8 +2326,8 @@ matrix_playbook_bot_postmoogle_traefik_key: "{% for domain in matrix_bot_postmoo matrix_bot_postmoogle_tls_cert: |- {{ { - 'playbook-managed-traefik': matrix_playbook_bot_postmoogle_traefik_tls_cert, - 'other-traefik-container': matrix_playbook_bot_postmoogle_traefik_tls_cert, + 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2335,8 +2335,8 @@ matrix_bot_postmoogle_tls_cert: |- matrix_bot_postmoogle_tls_key: |- {{ { - 'playbook-managed-traefik': matrix_playbook_bot_postmoogle_traefik_key, - 'other-traefik-container': matrix_playbook_bot_postmoogle_traefik_key, + 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2724,8 +2724,8 @@ matrix_coturn_tls_enabled: "{{ matrix_playbook_ssl_enabled }}" matrix_coturn_tls_cert_path: |- {{ { - 'playbook-managed-traefik': '/certificate.crt', - 'other-traefik-container': '/certificate.crt', + 'playbook-managed-traefik': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2733,8 +2733,8 @@ matrix_coturn_tls_cert_path: |- matrix_coturn_tls_key_path: |- {{ { - 'playbook-managed-traefik': '/privatekey.key', - 'other-traefik-container': '/privatekey.key', + 'playbook-managed-traefik': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2753,7 +2753,7 @@ matrix_coturn_container_additional_volumes: | 'dst': '/privatekey.key', 'options': 'ro', }, - ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] + ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled and (matrix_coturn_tls_cert_path and matrix_coturn_tls_key_path)) else [] ) }} From dbebe7c59825ad439ccf0939acf94bd01efbedbc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 19 Jan 2024 08:19:28 +0200 Subject: [PATCH 10/14] Add variable for controlling force_disable in io.element.e2ee in /.well-known/matrix/client --- roles/custom/matrix-static-files/defaults/main.yml | 6 ++++++ .../templates/public/.well-known/matrix/client.j2 | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index 966d04437..75c87494a 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -176,6 +176,12 @@ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_re # See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods: [] +# Controls the io.element.e2ee/force_disable property in the /.well-known/matrix/client file, +# which can be set to `true` to instruct Element whether to disable End-to-End Encryption by default +# and to not show encryption related-settings in room settings. +# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md +matrix_static_files_file_matrix_client_property_io_element_e2ee_force_disable: false + # Default /.well-known/matrix/client configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 index ca272fe35..5a3deb6a2 100644 --- a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 +++ b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 @@ -39,7 +39,8 @@ "io.element.e2ee": { "default": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_default|to_json }}, "secure_backup_required": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required|to_json }}, - "secure_backup_setup_methods": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods|to_json }} + "secure_backup_setup_methods": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods|to_json }}, + "force_disable": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_force_disable|to_json }} } {% endif %} {% if matrix_static_files_file_matrix_client_property_io_element_e2ee_entries_enabled %}, From db7ed0e830e46e032e6ce04f0e85092911a3cfba Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 19 Jan 2024 12:13:22 +0200 Subject: [PATCH 11/14] Fix Traefik load balancer port for matrix-mx-puppet-slack --- roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 b/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 index aec01387f..0937c9d75 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 @@ -5,7 +5,7 @@ traefik.enable=true traefik.docker.network={{ matrix_mx_puppet_slack_container_labels_traefik_docker_network }} {% endif %} -traefik.http.services.matrix-mx-puppet-slack.loadbalancer.server.port={{ matrix_mx_puppet_slack_appservice_address }} +traefik.http.services.matrix-mx-puppet-slack.loadbalancer.server.port={{ matrix_mx_puppet_slack_appservice_port }} {% if matrix_mx_puppet_slack_container_labels_public_endpoint_enabled %} ############################################################ From f953dd2cd6c8cef1121728077d793bd4c255116f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 19 Jan 2024 17:02:16 +0200 Subject: [PATCH 12/14] Only strip /hookshot prefix for Hookshot widgetapi Public URLs are like: `/hookshot/widgetapi/v1/static/` .. which get translated to requests for: `/widgetapi/v1/static/` Previously, we were stripping the whole `/hookshot/widgetapi` prefix, which is wrong. --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 1 - roles/custom/matrix-bridge-hookshot/templates/labels.j2 | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 6d9210245..1c1ab4c5c 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -201,7 +201,6 @@ matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false # noqa var-naming # - fec0::/10 matrix_hookshot_widgets_disallowedIpRanges: '' # noqa var-naming matrix_hookshot_widgets_internal: "/widgetapi" -# Default value of matrix_hookshot_widgets_endpoint: "/hookshot/widgetapi" matrix_hookshot_widgets_hostname: "{{ matrix_hookshot_public_hostname }}" matrix_hookshot_widgets_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_internal }}" matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" # noqa var-naming diff --git a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 index 07f015723..4aa3f6420 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 @@ -83,7 +83,7 @@ traefik.http.routers.matrix-hookshot-appservice.tls.certResolver={{ matrix_hooks # # ############################################################ -traefik.http.middlewares.matrix-hookshot-widgets-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_widgets_endpoint }} +traefik.http.middlewares.matrix-hookshot-widgets-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_public_endpoint }} traefik.http.routers.matrix-hookshot-widgets.rule={{ matrix_hookshot_container_labels_widgets_traefik_rule }} traefik.http.routers.matrix-hookshot-widgets.middlewares=matrix-hookshot-widgets-strip-prefix From 90332f8c3d75c75a53d6a097ddd2c0a5b2f83397 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 19 Jan 2024 17:08:14 +0200 Subject: [PATCH 13/14] Fix problematic Hookshot redirect for /hookshot/widgetapi/v1/static Hookshot wants a trailing slash for this route. If we let Hookshot redirect, it goes to `/widgetapi/v1/static/`, instead of `/hookshot/widgetapi/v1/static/`, so we take this matter into our own hands. --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- roles/custom/matrix-bridge-hookshot/templates/labels.j2 | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 1c1ab4c5c..e7f46a7cc 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -203,7 +203,7 @@ matrix_hookshot_widgets_disallowedIpRanges: '' # noqa var-naming matrix_hookshot_widgets_internal: "/widgetapi" matrix_hookshot_widgets_hostname: "{{ matrix_hookshot_public_hostname }}" matrix_hookshot_widgets_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_internal }}" -matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" # noqa var-naming +matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static/" # noqa var-naming matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration" # noqa var-naming diff --git a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 index 4aa3f6420..31c035300 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 @@ -83,10 +83,15 @@ traefik.http.routers.matrix-hookshot-appservice.tls.certResolver={{ matrix_hooks # # ############################################################ +# Redirect `{PREFIX}/widgetapi/v1/static` to `{PREFIX}/widgetapi/v1/static/`. +# Hookshot does it too, but does not obey the prefix, which leads people elsewhere. +traefik.http.middlewares.matrix-hookshot-widgets-slashless-redirect.redirectregex.regex=({{ matrix_hookshot_widgets_endpoint | quote }}/v1/static)$ +traefik.http.middlewares.matrix-hookshot-widgets-slashless-redirect.redirectregex.replacement=${1}/ + traefik.http.middlewares.matrix-hookshot-widgets-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_public_endpoint }} traefik.http.routers.matrix-hookshot-widgets.rule={{ matrix_hookshot_container_labels_widgets_traefik_rule }} -traefik.http.routers.matrix-hookshot-widgets.middlewares=matrix-hookshot-widgets-strip-prefix +traefik.http.routers.matrix-hookshot-widgets.middlewares=matrix-hookshot-widgets-slashless-redirect,matrix-hookshot-widgets-strip-prefix {% if matrix_hookshot_container_labels_widgets_traefik_priority | int > 0 %} traefik.http.routers.matrix-hookshot-widgets.priority={{ matrix_hookshot_container_labels_widgets_traefik_priority }} From 0823efe22e5a9878471091db796c07a61ff7e53f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 15:31:02 +0000 Subject: [PATCH 14/14] Update vectorim/element-web Docker tag to v1.11.55 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 4fb7b2eeb..305deae19 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.54 +matrix_client_element_version: v1.11.55 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"