From b0f1a1c80f10bec087549de200c5826d5ce58575 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Aug 2018 10:44:34 +0300 Subject: [PATCH] Fix nginx warning: adding already-default text/html to gzip_types --- .../matrix-server/tasks/setup_synapse_ext.yml | 4 +- .../setup_synapse_ext_shared_secret_auth.yml | 43 +++++++++++++++++++ .../nginx-conf.d/matrix-riot-web.conf.j2 | 2 +- .../nginx-conf.d/matrix-synapse.conf.j2 | 2 +- .../templates/synapse/homeserver.yaml.j2 | 5 +++ 5 files changed, 53 insertions(+), 3 deletions(-) create mode 100644 roles/matrix-server/tasks/setup_synapse_ext_shared_secret_auth.yml diff --git a/roles/matrix-server/tasks/setup_synapse_ext.yml b/roles/matrix-server/tasks/setup_synapse_ext.yml index dd36b09c2..e55cd1957 100644 --- a/roles/matrix-server/tasks/setup_synapse_ext.yml +++ b/roles/matrix-server/tasks/setup_synapse_ext.yml @@ -1,3 +1,5 @@ --- -- include: tasks/setup_synapse_ext_rest_auth.yml \ No newline at end of file +- include: tasks/setup_synapse_ext_rest_auth.yml + +- include: tasks/setup_synapse_ext_shared_secret_auth.yml \ No newline at end of file diff --git a/roles/matrix-server/tasks/setup_synapse_ext_shared_secret_auth.yml b/roles/matrix-server/tasks/setup_synapse_ext_shared_secret_auth.yml new file mode 100644 index 000000000..f96a5ce0c --- /dev/null +++ b/roles/matrix-server/tasks/setup_synapse_ext_shared_secret_auth.yml @@ -0,0 +1,43 @@ +--- + +# +# Tasks related to setting up matrix-synapse-shared-secret-auth +# + +- name: Download matrix-synapse-shared-secret-auth + get_url: + url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}" + dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py" + force: true + mode: 0440 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled" + +- set_fact: + matrix_synapse_password_providers_enabled: true + when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled" + +- set_fact: + matrix_synapse_container_additional_volumes: > + {{ matrix_synapse_container_additional_volumes }} + + + {{ [{'src': '{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py', 'dst': '/usr/local/lib/python2.7/site-packages/shared_secret_authenticator.py', 'options': 'ro'}] }} + when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled" + +- set_fact: + matrix_synapse_additional_loggers: > + {{ matrix_synapse_additional_loggers }} + + + {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }} + when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled" + +# +# Tasks related to getting rid of matrix-synapse-shared-secret-auth (if it was previously enabled) +# + +- name: Ensure matrix-synapse-shared-secret-auth doesn't exist + file: + path: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py" + state: absent + when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled" \ No newline at end of file diff --git a/roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2 b/roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2 index 3affc577e..9d6829801 100644 --- a/roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2 +++ b/roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2 @@ -34,7 +34,7 @@ server { root /dev/null; gzip on; - gzip_types text/plain text/html application/json application/javascript text/css image/x-icon font/ttf image/gif; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; ssl_certificate {{ matrix_ssl_certs_path }}/live/{{ hostname_riot }}/fullchain; ssl_certificate_key {{ matrix_ssl_certs_path }}/live/{{ hostname_riot }}/privkey; diff --git a/roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2 b/roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2 index f22eebcca..b636080a0 100644 --- a/roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2 @@ -34,7 +34,7 @@ server { root /dev/null; gzip on; - gzip_types text/plain text/html application/json; + gzip_types text/plain application/json; ssl_certificate {{ matrix_ssl_certs_path }}/live/{{ hostname_matrix }}/fullchain; ssl_certificate_key {{ matrix_ssl_certs_path }}/live/{{ hostname_matrix }}/privkey; diff --git a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 index 22cdef0bd..4a60a6be3 100644 --- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 @@ -596,6 +596,11 @@ password_providers: profile: name: {{ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill }} {% endif %} +{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %} + - module: "shared_secret_authenticator.SharedSecretAuthenticator" + config: + sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}" +{% endif %} {% endif %}