finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

feat: add automatic creation of reverse-proxy routing

Browse Source
This commit is contained in:
transcaffeine 2021-04-18 11:55:40 +02:00 committed by transcaffeine
parent 8543f4dbdf
commit 9363a9f930
Signed by: transcaffeine
GPG Key ID: 03624C433676E465
3 changed files with 120 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
inventory/host_vars/matrix.finallycoffee.eu/vars.yml
View File

@ -27,6 +27,7 @@ web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d" revproxy_autoload_dir: "/vault/services/web/sites.d"
postgres_dump_dir: /vault/temp postgres_dump_dir: /vault/temp
# #
# General Synapse config # General Synapse config
# #
@ -245,15 +246,16 @@ matrix_mx_puppet_instagram_configuration_extension_yaml: |
# mx-puppet-skype configuration # mx-puppet-skype configuration
# #
matrix_mx_puppet_skype_enabled: true matrix_mx_puppet_skype_enabled: true
matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
matrix_mx_puppet_skype_container_extra_arguments: matrix_mx_puppet_skype_container_extra_arguments:
- "-p 127.0.0.1:9405:9405" - "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_skype_configuration_extension_yaml: | matrix_mx_puppet_skype_configuration_extension_yaml: |
bridge: bridge:
enableGroupSync: true enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
metrics: metrics:
enabled: true enabled: true
port: 9405 port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
path: /metrics path: /metrics
@ -289,15 +291,17 @@ matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}" matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}" matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth' matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
matrix_mx_puppet_slack_container_extra_arguments: matrix_mx_puppet_slack_container_extra_arguments:
- "-p 127.0.0.1:9406:9406" - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:8981:8008" - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
matrix_mx_puppet_slack_configuration_extension_yaml: | matrix_mx_puppet_slack_configuration_extension_yaml: |
bridge: bridge:
enableGroupSync: true enableGroupSync: true
metrics: metrics:
enabled: true enabled: true
port: 9406 port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
path: /metrics path: /metrics
limits: limits:
maxAutojoinUsers: 500 maxAutojoinUsers: 500

2
roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -155,9 +155,9 @@ matrix_mautrix_telegram_registration_yaml: |
# See https://github.com/mautrix/signal/issues/43 # See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }} sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
url: {{ matrix_mautrix_telegram_appservice_address }} url: {{ matrix_mautrix_telegram_appservice_address }}
# sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
rate_limited: false rate_limited: false
de.sorunome.msc2409.push_ephemeral: true de.sorunome.msc2409.push_ephemeral: true
# sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml | from_yaml }}" matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml | from_yaml }}"

110
templates/Caddyfile.j2 Normal file
View File

@ -0,0 +1,110 @@
https://{{ matrix_server_fqn_matrix }} {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
encode zstd gzip
header {
Strict-Transport-Security "max-age=31536000;"
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
}
basicauth /metrics/* bcrypt monitoring {
monitoring JDJhJDE0JGdQRlNHVFpSQmRiaWlPem9LdXlkS09HN2E3LklZS05YZmtXTEY1NlFXbkMxd3hBUmwwbVZl
}
route /metrics/synapse {
uri replace /metrics/synapse /_synapse/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/appservice {
uri replace /metrics/synapse/worker/appservice /_synapse-worker-appservice-0/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/federation-sender-0 {
uri replace /metrics/synapse/worker/federation-sender-0 /_synapse-worker-federation_sender-0/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/federation-sender-1 {
uri replace /metrics/synapse/worker/federation-sender-1 /_synapse-worker-federation_sender-1/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/federation-sender-2 {
uri replace /metrics/synapse/worker/federation-sender-2 /_synapse-worker-federation_sender-2/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/generic-0 {
uri replace /metrics/synapse/worker/generic-0 /_synapse-worker-generic_worker-{{ (matrix_synapse_workers_generic_workers_port_range_start)|int}}/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/generic-1 {
uri replace /metrics/synapse/worker/generic-1 /_synapse-worker-generic_worker-{{ (matrix_synapse_workers_generic_workers_port_range_start + 1)|int}}/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/media-0 {
uri replace /metrics/synapse/worker/media-0 /_synapse-worker-media_repository-{{ (matrix_synapse_workers_media_repository_workers_port_range_start)|int }}/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/media-1 {
uri replace /metrics/synapse/worker/media-1 /_synapse-worker-media_repository-{{ (matrix_synapse_workers_media_repository_workers_port_range_start + 1)|int }}/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/bridge/* {
uri strip_prefix /metrics/bridge
route /mautrix-telegram {
uri replace /mautrix-telegram /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
}
route /mautrix-whatsapp {
uri replace /mautrix-whatsapp /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
}
route /mautrix-signal {
uri replace /mautrix-signal /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-instagram {
uri replace /mx-puppet-instagram /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-discord {
uri replace /mx-puppet-discord /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-skype {
uri replace /mx-puppet-skype /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-slack {
uri replace /mx-puppet-slack /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
}
}
reverse_proxy /_matrix/federation/* http://{{ matrix_nginx_proxy_container_federation_host_bind_port }}
reverse_proxy /_matrix/key/* http://{{ matrix_nginx_proxy_container_federation_host_bind_port }}
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
https://{{ matrix_server_fqn_dimension }} {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
encode zstd gzip
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
https://{{ matrix_server_fqn_element }} {
tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
encode zstd gzip
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
https://{{ matrix_domain }}/.well-known/matrix/* {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
route {
uri strip_prefix /.well-known/matrix
root * /matrix_static
file_server
}
header {
Content-Type "application/json"
X-Content-Type-Options "nosniff"
Access-Control-Allow-Origin *
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
}