From e678adfedad131d77f5e4a7221f941f16d86c20b Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 4 Jan 2024 10:24:33 +0200
Subject: [PATCH] Add root path (/) handling to
 matrix-synapse-reverse-proxy-companion (redirect or /_matrix/static/ serving)

---
 group_vars/matrix_servers                     |  4 ++
 .../defaults/main.yml                         | 11 ++++++
 .../tasks/validate_config.yml                 |  5 +++
 .../templates/labels.j2                       | 38 +++++++++++++++++++
 4 files changed, 58 insertions(+)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index abe30e9e5..df94f0817 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -3967,6 +3967,10 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_docker_network:
 matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_enabled: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_url != '' }}"
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
+
 matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
 
 matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
index 3678e99a0..441d70c77 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
@@ -71,6 +71,17 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_docker_network:
 matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: web-secure
 matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: default
 
+# Controls whether labels will be added for handling the root (/) path
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_enabled: true
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_hostname: ''
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_hostname }}`) && Path(`/`)"
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_priority: 0
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}"
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_entrypoints != 'web' }}"
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_enabled: false
+matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_url: ""
+
 # Controls whether labels will be added that expose the Client-Server API.
 matrix_synapse_reverse_proxy_companion_container_labels_client_api_enabled: true
 matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_hostname: ''
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml
index ec87338d3..af8081675 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml
@@ -7,7 +7,12 @@
   when: "item.when | bool and vars[item.name] == ''"
   with_items:
     - {'name': 'matrix_synapse_reverse_proxy_companion_container_network', when: true}
+
+    - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_enabled }}"}
+    - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_url', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_enabled }}"}
+
     - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_enabled }}"}
+
     - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_enabled }}"}
     - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_entrypoints', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_enabled }}"}
 
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2
index 9ad96a69a..072277ec4 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2
@@ -9,6 +9,44 @@ traefik.http.services.matrix-synapse-reverse-proxy-companion-client-api.loadbala
 traefik.http.services.matrix-synapse-reverse-proxy-companion-federation-api.loadbalancer.server.port=8048
 
 
+{#
+	Root path (/)
+#}
+{% if matrix_synapse_reverse_proxy_companion_container_labels_client_root_enabled %}
+
+{% set client_root_middlewares = [] %}
+
+{% if matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_enabled %}
+{% set client_root_middlewares = client_root_middlewares + ['matrix-synapse-reverse-proxy-companion-client-root-redirect'] %}
+traefik.http.middlewares.matrix-synapse-reverse-proxy-companion-client-root-redirect.redirectregex.regex=(.*)
+traefik.http.middlewares.matrix-synapse-reverse-proxy-companion-client-root-redirect.redirectregex.replacement={{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_redirection_url }}
+{% else %}
+{% set client_root_middlewares = client_root_middlewares + ['matrix-synapse-reverse-proxy-companion-client-root-replacepath'] %}
+traefik.http.middlewares.matrix-synapse-reverse-proxy-companion-client-root-replacepath.replacepath.path=/_matrix/static/
+{% endif %}
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-root.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_rule }}
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-root.middlewares={{ client_root_middlewares | join(',') }}
+
+{% if matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-root.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-root.service=matrix-synapse-reverse-proxy-companion-client-api
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-root.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_entrypoints }}
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-root.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_tls | to_json }}
+
+{% if matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_tls %}
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-root.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_client_root_traefik_tls_certResolver }}
+{% endif %}
+
+{% endif %}
+{#
+	/Root path (/)
+#}
+
+
 {#
 	Client-API
 #}