Merge pull request #2464 from spantaleev/traefik
Reverse-proxy configuration changes and initial Traefik support
This commit is contained in:
Slavi Pantaleev
GitHub
@ -92,6 +92,9 @@ matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
|
||||
|
||||
matrix_federation_public_port: 8448
|
||||
|
||||
# The name of the Traefik entrypoint for handling Matrix Federation
|
||||
matrix_federation_traefik_entrypoint: matrix-federation
|
||||
|
||||
# The architecture that your server runs.
|
||||
# Recognized values by us are 'amd64', 'arm32' and 'arm64'.
|
||||
# Not all architectures support all services, so your experience (on non-amd64) may vary.
|
||||
@ -262,6 +265,53 @@ matrix_well_known_matrix_support_enabled: false
|
||||
matrix_homeserver_container_extra_arguments_auto: []
|
||||
matrix_homeserver_app_service_config_files_auto: []
|
||||
|
||||
# Specifies the type of reverse-proxy used by the playbook.
|
||||
#
|
||||
# Changing this has an effect on whether a reverse-proxy is installed at all and what its type is,
|
||||
# as well as how all other services are configured.
|
||||
#
|
||||
# Valid options and a description of their behavior:
|
||||
#
|
||||
# - `playbook-managed-traefik`
|
||||
# - the playbook will install devture-traefik
|
||||
# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`)
|
||||
# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_ssl_email_address`
|
||||
# - it will also install matrix-nginx-proxy in local-only mode, while we migrate the rest of the services to a Traefik-native mode of working
|
||||
#
|
||||
# - `playbook-managed-nginx`
|
||||
# - the playbook will install matrix-nginx-proxy
|
||||
# - matrix-nginx-proxy will do SSL termination with Certbot, unless you change that (see `matrix_ssl_retrieval_method`)
|
||||
# - if SSL termination is enabled (as it is by default), you need to populate: `matrix_ssl_lets_encrypt_support_email`
|
||||
#
|
||||
# - `other-traefik-container`
|
||||
# - this playbook will not install Traefik
|
||||
# - nevertheless, the playbook expects that you would install Traefik yourself via other means
|
||||
# - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.)
|
||||
# - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network
|
||||
# - Traefik certs dumper will be enabled by default (`devture_traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`devture_traefik_certs_dumper_ssl_dir_path`)
|
||||
#
|
||||
# - `other-nginx-non-container`
|
||||
# - the playbook will not install matrix-nginx-proxy
|
||||
# - however, it will still dump some nginx configuration in /matrix/nginx/conf.d
|
||||
# - these configs are meant to be included into a locally-installed (without a container) nginx server
|
||||
# - all container services are exposed locally (e.g. `-p 127.0.0.1:8080:8080`)
|
||||
#
|
||||
# - `other-on-same-host`
|
||||
# - like other-nginx-non-container, but supposedly won't generate useless configuration in /matrix/nginx/conf.d in the future
|
||||
#
|
||||
# - `other-on-another-host`
|
||||
# - like other-on-same-host, but services are exposed on all interfaces (e.g. `-p 0.0.0.0:8080:8080`)
|
||||
# - configurable via `matrix_playbook_service_host_bind_interface_prefix`
|
||||
#
|
||||
# - `none`
|
||||
# - no reverse-proxy will be installed
|
||||
# - no nginx configuration will be dumped in /matrix/nginx/conf.d
|
||||
# - no port exposure will be done for any of the container services
|
||||
# - it's up to you to expose the ports you want, etc.
|
||||
matrix_playbook_reverse_proxy_type: playbook-managed-nginx
|
||||
|
||||
matrix_playbook_service_host_bind_interface_prefix: "{{ '' if matrix_playbook_reverse_proxy_type not in ['other-nginx-non-container', 'other-on-same-host', 'other-on-another-host'] else ('0.0.0.0:' if matrix_playbook_reverse_proxy_type == 'other-on-another-host' else '127.0.0.1:') }}"
|
||||
|
||||
# Variables to Control which parts of our roles run.
|
||||
run_postgres_import: true
|
||||
run_postgres_upgrade: true
|
||||
|
||||
@ -51,6 +51,11 @@
|
||||
msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
|
||||
when: matrix_architecture not in ['amd64', 'arm32', 'arm64']
|
||||
|
||||
- name: Fail if matrix_playbook_reverse_proxy_type is set incorrectly
|
||||
ansible.builtin.fail:
|
||||
msg: "Detected that variable matrix_playbook_reverse_proxy_type (current value: `{{ matrix_playbook_reverse_proxy_type }}`) appears to be set incorrectly. See roles/custom/matrix-base/defaults/main.yml for valid choices."
|
||||
when: matrix_playbook_reverse_proxy_type not in ['playbook-managed-traefik', 'playbook-managed-nginx', 'other-traefik-container', 'other-nginx-non-container', 'other-on-same-host', 'other-on-another-host', 'none']
|
||||
|
||||
- name: Fail if uppercase domain used
|
||||
ansible.builtin.fail:
|
||||
msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
|
||||
|
||||
@ -35,7 +35,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_coturn_config_path }},dst=/turnserver.conf,ro \
|
||||
{% for volume in matrix_coturn_container_additional_volumes %}
|
||||
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
||||
--mount type=bind,src={{ volume.src }},dst={{ volume.dst }}{{ (',' + volume.options) if volume.options else '' }} \
|
||||
{% endfor %}
|
||||
{% for arg in matrix_coturn_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
|
||||
@ -84,7 +84,7 @@ matrix_dendrite_max_file_size_bytes: 10485760
|
||||
|
||||
# Controls which HTTP header (e.g. 'X-Forwarded-For', 'X-Real-IP') to inspect to find the real remote IP address of the client.
|
||||
# This is likely required if Dendrite is running behind a reverse proxy server.
|
||||
matrix_dendrite_sync_api_real_ip_header: ''
|
||||
matrix_dendrite_sync_api_real_ip_header: 'X-Forwarded-For'
|
||||
|
||||
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
||||
matrix_dendrite_tmp_directory_size_mb: 500
|
||||
|
||||
@ -40,6 +40,92 @@ matrix_nginx_proxy_container_additional_networks: []
|
||||
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
||||
matrix_nginx_proxy_container_additional_volumes: []
|
||||
|
||||
# matrix_nginx_proxy_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
|
||||
# See `../templates/labels.j2` for details.
|
||||
#
|
||||
# To inject your own other container labels, see `matrix_nginx_proxy_container_labels_additional_labels`.
|
||||
matrix_nginx_proxy_container_labels_traefik_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_nginx_proxy_container_network }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_entrypoints: web-secure
|
||||
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: default # noqa var-naming
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_enabled: "{{ matrix_nginx_proxy_base_domain_serving_enabled }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_hostname: "{{ matrix_nginx_proxy_base_domain_hostname }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname }}`)"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint: "{{ matrix_federation_traefik_entrypoint }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints: "{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint }}"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_element_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_element_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_element_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_cinny_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_cinny_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_dimension_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_grafana_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_grafana_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname }}`)"
|
||||
|
||||
# matrix_nginx_proxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
|
||||
# See `../templates/labels.j2` for details.
|
||||
#
|
||||
# Example:
|
||||
# matrix_nginx_proxy_container_labels_additional_labels: |
|
||||
# my.label=1
|
||||
# another.label="here"
|
||||
matrix_nginx_proxy_container_labels_additional_labels: ''
|
||||
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_nginx_proxy_container_extra_arguments: []
|
||||
|
||||
|
||||
@ -22,6 +22,14 @@
|
||||
- "{{ matrix_nginx_proxy_data_path }}"
|
||||
- "{{ matrix_nginx_proxy_confd_path }}"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy labels file is created
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/labels.j2"
|
||||
dest: "{{ matrix_nginx_proxy_base_path }}/labels"
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
mode: 0640
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configured (main config override)
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
||||
|
||||
182
roles/custom/matrix-nginx-proxy/templates/labels.j2
Normal file
182
roles/custom/matrix-nginx-proxy/templates/labels.j2
Normal file
@ -0,0 +1,182 @@
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_enabled %}
|
||||
traefik.enable=true
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_docker_network %}
|
||||
traefik.docker.network={{ matrix_nginx_proxy_container_labels_traefik_docker_network }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_enabled %}
|
||||
# Base domain
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled %}
|
||||
# Matrix Client
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-client.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-client.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-client.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-client.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-client.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
|
||||
# Matrix Federation
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-federation.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-federation.service=matrix-nginx-proxy-federation
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-federation.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled %}
|
||||
# Element
|
||||
traefik.http.routers.matrix-nginx-proxy-element.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_element_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-element.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-element.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_element_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_element_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-element.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-element.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_enabled %}
|
||||
# Hydrogen
|
||||
traefik.http.routers.matrix-nginx-proxy-hydrogen.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-hydrogen.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-hydrogen.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-hydrogen.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-hydrogen.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_cinny_enabled %}
|
||||
# Cinny
|
||||
traefik.http.routers.matrix-nginx-proxy-cinny.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_cinny_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-cinny.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-cinny.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_cinny_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_cinny_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-cinny.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-cinny.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_enabled %}
|
||||
# Buscarron
|
||||
traefik.http.routers.matrix-nginx-proxy-buscarron.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-buscarron.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-buscarron.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-buscarron.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-buscarron.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_dimension_enabled %}
|
||||
# Dimension
|
||||
traefik.http.routers.matrix-nginx-proxy-dimension.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_dimension_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-dimension.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-dimension.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_dimension_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_dimension_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-dimension.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-dimension.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled %}
|
||||
# Etherpad
|
||||
traefik.http.routers.matrix-nginx-proxy-etherpad.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-etherpad.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-etherpad.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-etherpad.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-etherpad.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled %}
|
||||
# Go NEB bot
|
||||
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-bot_go_neb.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled %}
|
||||
# Jitsi
|
||||
traefik.http.routers.matrix-nginx-proxy-jitsi.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-jitsi.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-jitsi.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-jitsi.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-jitsi.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_grafana_enabled %}
|
||||
# Grafana
|
||||
traefik.http.routers.matrix-nginx-proxy-grafana.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_grafana_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-grafana.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-grafana.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_grafana_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_grafana_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-grafana.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-grafana.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_enabled %}
|
||||
# Sygnal
|
||||
traefik.http.routers.matrix-nginx-proxy-sygnal.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-sygnal.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-sygnal.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-sygnal.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-sygnal.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled %}
|
||||
# ntfy
|
||||
traefik.http.routers.matrix-nginx-proxy-ntfy.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-ntfy.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-ntfy.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-ntfy.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-ntfy.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
traefik.http.services.matrix-nginx-proxy-web.loadbalancer.server.port=8080
|
||||
|
||||
{% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %}
|
||||
traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
{{ matrix_nginx_proxy_container_labels_additional_labels }}
|
||||
@ -24,6 +24,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \
|
||||
--label-file={{ matrix_nginx_proxy_base_path }}/labels \
|
||||
--network={{ matrix_nginx_proxy_container_network }} \
|
||||
{% if matrix_nginx_proxy_container_http_host_bind_port %}
|
||||
-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \
|
||||
|
||||
Reference in New Issue
Block a user