Add support for the internal Traefik entrypoint to Dendrite
This commit is contained in:
Slavi Pantaleev
parent
b2aeb8cde9
commit
ee0eb59dc6
@ -4906,6 +4906,9 @@ matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints: "{{
|
||||
matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
|
||||
matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
|
||||
|
||||
matrix_dendrite_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
|
||||
matrix_dendrite_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
|
||||
|
||||
matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
|
||||
|
||||
matrix_dendrite_metrics_enabled: "{{ prometheus_enabled }}"
|
||||
|
||||
@ -90,6 +90,14 @@ matrix_dendrite_container_labels_public_client_api_traefik_entrypoints: "{{ matr
|
||||
matrix_dendrite_container_labels_public_client_api_traefik_tls: "{{ matrix_dendrite_container_labels_public_client_api_traefik_entrypoints != 'web' }}"
|
||||
matrix_dendrite_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming
|
||||
|
||||
# Controls whether labels will be added that expose the Client-Server API on the internal Traefik entrypoint.
|
||||
# This is similar to `matrix_dendrite_container_labels_public_client_api_enabled`, but the entrypoint and intent is different.
|
||||
matrix_dendrite_container_labels_internal_client_api_enabled: false
|
||||
matrix_dendrite_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_dendrite_container_labels_public_client_api_traefik_path_prefix }}"
|
||||
matrix_dendrite_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_dendrite_container_labels_internal_client_api_traefik_path_prefix }}`)"
|
||||
matrix_dendrite_container_labels_internal_client_api_traefik_priority: "{{ matrix_dendrite_container_labels_public_client_api_traefik_priority }}"
|
||||
matrix_dendrite_container_labels_internal_client_api_traefik_entrypoints: ""
|
||||
|
||||
# Controls whether labels will be added that expose the /_synapse/admin paths on a public Traefik entrypoint.
|
||||
# Following these recommendations (https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md), by default, we don't.
|
||||
# Dendrite exposes some admin APIs under a Synapse-specific prefix.
|
||||
|
||||
@ -1,15 +1,6 @@
|
||||
---
|
||||
- name: Fail if required Dendrite settings not defined
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
You need to define a required configuration setting (`{{ item }}`) for using Dendrite.
|
||||
when: "vars[item] == ''"
|
||||
with_items:
|
||||
- matrix_dendrite_hostname
|
||||
- matrix_dendrite_client_api_registration_shared_secret
|
||||
- matrix_dendrite_database_hostname
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
- name: (Deprecation) Catch and report renamed Dendrite settings
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
@ -36,3 +27,14 @@
|
||||
- {'old': 'matrix_dendrite_pushserver_database', 'new': 'matrix_dendrite_push_server_database'}
|
||||
- {'old': 'matrix_dendrite_relayapi_database', 'new': 'matrix_dendrite_relay_api_database'}
|
||||
- {'old': 'matrix_dendrite_keyserver_database', 'new': 'matrix_dendrite_key_server_database'}
|
||||
|
||||
- name: Fail if required Dendrite settings not defined
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
You need to define a required configuration setting (`{{ item.name }}`).
|
||||
when: "item.when | bool and vars[item.name] == ''"
|
||||
with_items:
|
||||
- {'name': 'matrix_dendrite_hostname', when: true}
|
||||
- {'name': 'matrix_dendrite_client_api_registration_shared_secret', when: true}
|
||||
- {'name': 'matrix_dendrite_database_hostname', when: true}
|
||||
- {'name': 'matrix_dendrite_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_dendrite_container_labels_internal_client_api_enabled }}"}
|
||||
|
||||
@ -21,20 +21,20 @@ traefik.http.middlewares.matrix-dendrite-client-root-redirect.redirectregex.rege
|
||||
traefik.http.middlewares.matrix-dendrite-client-root-redirect.redirectregex.replacement={{ matrix_dendrite_container_labels_public_client_root_redirection_url }}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-client-root.rule={{ matrix_dendrite_container_labels_public_client_root_traefik_rule }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-root.rule={{ matrix_dendrite_container_labels_public_client_root_traefik_rule }}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-client-root.middlewares={{ client_root_middlewares | join(',') }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-root.middlewares={{ client_root_middlewares | join(',') }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_client_root_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.matrix-dendrite-client-root.priority={{ matrix_dendrite_container_labels_public_client_root_traefik_priority }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-root.priority={{ matrix_dendrite_container_labels_public_client_root_traefik_priority }}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-client-root.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-client-root.entrypoints={{ matrix_dendrite_container_labels_public_client_root_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-client-root.tls={{ matrix_dendrite_container_labels_public_client_root_traefik_tls | to_json }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-root.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-public-client-root.entrypoints={{ matrix_dendrite_container_labels_public_client_root_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-root.tls={{ matrix_dendrite_container_labels_public_client_root_traefik_tls | to_json }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_client_root_traefik_tls %}
|
||||
traefik.http.routers.matrix-dendrite-client-root.tls.certResolver={{ matrix_dendrite_container_labels_public_client_root_traefik_tls_certResolver }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-root.tls.certResolver={{ matrix_dendrite_container_labels_public_client_root_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
@ -48,18 +48,18 @@ traefik.http.routers.matrix-dendrite-client-root.tls.certResolver={{ matrix_dend
|
||||
#}
|
||||
{% if matrix_dendrite_container_labels_public_client_api_enabled %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-client-api.rule={{ matrix_dendrite_container_labels_public_client_api_traefik_rule }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-api.rule={{ matrix_dendrite_container_labels_public_client_api_traefik_rule }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_client_api_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.matrix-dendrite-client-api.priority={{ matrix_dendrite_container_labels_public_client_api_traefik_priority }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-api.priority={{ matrix_dendrite_container_labels_public_client_api_traefik_priority }}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-client-api.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-client-api.entrypoints={{ matrix_dendrite_container_labels_public_client_api_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-client-api.tls={{ matrix_dendrite_container_labels_public_client_api_traefik_tls | to_json }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-api.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-public-client-api.entrypoints={{ matrix_dendrite_container_labels_public_client_api_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-api.tls={{ matrix_dendrite_container_labels_public_client_api_traefik_tls | to_json }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_client_api_traefik_tls %}
|
||||
traefik.http.routers.matrix-dendrite-client-api.tls.certResolver={{ matrix_dendrite_container_labels_public_client_api_traefik_tls_certResolver }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-api.tls.certResolver={{ matrix_dendrite_container_labels_public_client_api_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
@ -68,23 +68,43 @@ traefik.http.routers.matrix-dendrite-client-api.tls.certResolver={{ matrix_dendr
|
||||
#}
|
||||
|
||||
|
||||
{#
|
||||
Internal Client-API (/_matrix)
|
||||
#}
|
||||
{% if matrix_dendrite_container_labels_internal_client_api_enabled %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-internal-client-api.rule={{ matrix_dendrite_container_labels_internal_client_api_traefik_rule }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_internal_client_api_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.matrix-dendrite-internal-client-api.priority={{ matrix_dendrite_container_labels_internal_client_api_traefik_priority }}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-internal-client-api.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-internal-client-api.entrypoints={{ matrix_dendrite_container_labels_internal_client_api_traefik_entrypoints }}
|
||||
|
||||
{% endif %}
|
||||
{#
|
||||
/Internal Client-API (/_matrix)
|
||||
#}
|
||||
|
||||
|
||||
{#
|
||||
Public Synapse Admin API (/_synapse/admin)
|
||||
#}
|
||||
{% if matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.rule={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_rule }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.rule={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_rule }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.priority={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_priority }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.priority={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_priority }}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.entrypoints={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls | to_json }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.entrypoints={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.tls={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls | to_json }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls %}
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls.certResolver={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.tls.certResolver={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
@ -98,18 +118,18 @@ traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls.certResolver={
|
||||
#}
|
||||
{% if matrix_dendrite_container_labels_public_client_dendrite_admin_api_enabled %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.rule={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_rule }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.rule={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_rule }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.priority={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_priority }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.priority={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_priority }}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.entrypoints={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls | to_json }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.entrypoints={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.tls={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls | to_json }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls %}
|
||||
traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls.certResolver={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls_certResolver }}
|
||||
traefik.http.routers.matrix-dendrite-public-client-synapse-admin-api.tls.certResolver={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
@ -123,18 +143,18 @@ traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls.certResolver={
|
||||
#}
|
||||
{% if matrix_dendrite_container_labels_public_federation_api_enabled %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-federation-api.rule={{ matrix_dendrite_container_labels_public_federation_api_traefik_rule }}
|
||||
traefik.http.routers.matrix-dendrite-public-federation-api.rule={{ matrix_dendrite_container_labels_public_federation_api_traefik_rule }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_federation_api_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.matrix-dendrite-federation-api.priority={{ matrix_dendrite_container_labels_public_federation_api_traefik_priority }}
|
||||
traefik.http.routers.matrix-dendrite-public-federation-api.priority={{ matrix_dendrite_container_labels_public_federation_api_traefik_priority }}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.matrix-dendrite-federation-api.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-federation-api.entrypoints={{ matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-federation-api.tls={{ matrix_dendrite_container_labels_public_federation_api_traefik_tls | to_json }}
|
||||
traefik.http.routers.matrix-dendrite-public-federation-api.service=matrix-dendrite
|
||||
traefik.http.routers.matrix-dendrite-public-federation-api.entrypoints={{ matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints }}
|
||||
traefik.http.routers.matrix-dendrite-public-federation-api.tls={{ matrix_dendrite_container_labels_public_federation_api_traefik_tls | to_json }}
|
||||
|
||||
{% if matrix_dendrite_container_labels_public_federation_api_traefik_tls %}
|
||||
traefik.http.routers.matrix-dendrite-federation-api.tls.certResolver={{ matrix_dendrite_container_labels_public_federation_api_traefik_tls_certResolver }}
|
||||
traefik.http.routers.matrix-dendrite-public-federation-api.tls.certResolver={{ matrix_dendrite_container_labels_public_federation_api_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
@ -206,8 +206,7 @@ matrix_synapse_container_labels_public_client_api_traefik_tls_certResolver: "{{
|
||||
# Regardless of whether this is enabled, it may or may not take effect due to the value of other variables.
|
||||
# See `matrix_synapse_container_labels_traefik_enabled` or `matrix_synapse_container_labels_matrix_related_labels_enabled`
|
||||
matrix_synapse_container_labels_internal_client_api_enabled: false
|
||||
matrix_synapse_container_labels_internal_client_api_traefik_hostname: "{{ matrix_synapse_container_labels_traefik_hostname }}"
|
||||
matrix_synapse_container_labels_internal_client_api_traefik_path_prefix: /_matrix
|
||||
matrix_synapse_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_synapse_container_labels_public_client_api_traefik_path_prefix }}"
|
||||
matrix_synapse_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_synapse_container_labels_internal_client_api_traefik_path_prefix }}`)"
|
||||
matrix_synapse_container_labels_internal_client_api_traefik_priority: "{{ matrix_synapse_container_labels_public_client_api_traefik_priority }}"
|
||||
matrix_synapse_container_labels_internal_client_api_traefik_entrypoints: ""
|
||||
|
||||
Loading…
Reference in New Issue
Block a user