finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,901 Commits 3 Branches 0 Tags 168 MiB
18533b5000
Commit Graph

1782 Commits

Author SHA1 Message Date
Slavi Pantaleev
6f80292745
Add OCSP stapling support and other SSL optimizations to Hydrogen vhost 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
 2021-05-21 13:40:37 +03:00
Slavi Pantaleev
d0de21ab34
Delete Hydrogen nginx configuration file when disabled 2021-05-21 12:58:32 +03:00
Aaron Raimist
ac4ede20af
Add docs 2021-05-21 04:43:04 -05:00
Aaron Raimist
1633f61018
Only install config.json when self building 2021-05-21 04:23:06 -05:00
Aaron Raimist
04548f8df2
Merge branch 'master' into hydrogen 2021-05-21 04:09:18 -05:00
Aaron Raimist
9437f78c9e
Build using custom config.json, add CSP, update to 0.1.53 2021-05-21 03:45:21 -05:00
Slavi Pantaleev
47b4608b96 Fail in a friendlier way when trying to self-build on Ansible <= 2.8 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070

Related discussion here: 1ab507349c (commitcomment-51108407)
 2021-05-21 11:15:05 +03:00
Slavi Pantaleev
1ab507349c Fix self-building for various components on Ansible < 2.8 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
 2021-05-20 08:43:20 +03:00
Slavi Pantaleev
66615c43a3
Merge pull request #1065 from sakkiii/patch-1 
Update grafana (7.5.6->7.5.7)
 2021-05-19 22:07:59 +03:00
Tobias K
3dcbed6353
roles/matrix-grafana: Set root_url in granafa.ini 2021-05-19 19:52:58 +02:00
sakkiii
8529ca4c17
Update grafana (7.5.6->7.5.7) 2021-05-19 22:30:03 +05:30
Slavi Pantaleev
073d920a62
Merge pull request #1061 from sakkiii/ssl_enhancement 
Optimize SSL session
 2021-05-19 17:14:52 +03:00
Toni Spets
544915ff76 Add Heisenbridge 2021-05-19 10:42:21 +03:00
Slavi Pantaleev
21eb39f986 Mention matrix_common_after_systemd_service_start_wait_for_timeout_seconds in failure message 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1062
 2021-05-19 08:46:13 +03:00
Slavi Pantaleev
ee46fabdca Make waiting time for --tags=start configurable 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1062
 2021-05-19 08:39:55 +03:00
sakkiii
e9b878b9e9 Optimize SSL session 2021-05-18 19:39:43 +05:30
Slavi Pantaleev
e6afa05f7b Enable OCSP stapling for the federation port 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057

Not sure if this is beneficial though.
 2021-05-18 08:15:42 +03:00
Slavi Pantaleev
57a6a98a50 Fix incorrect SSL certificate path 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
 2021-05-18 07:58:47 +03:00
Slavi Pantaleev
b9c4e8ce16
Merge pull request #1057 from sakkiii/ssl_staple 
Enable OCSP Stapling
 2021-05-18 07:50:35 +03:00
sakkiii
d31b55b2a7 SSL-enabled block only 2021-05-18 03:24:06 +05:30
rakshazi
400371f6dd
Updated Element version (1.7.27 -> 1.7.28) 2021-05-17 13:15:12 +00:00
Slavi Pantaleev
d156c8caa2 Upgrade Synapse (1.33.2 -> 1.34.0) 2021-05-17 14:58:07 +03:00
Slavi Pantaleev
e4dd933cf0 Make missing /_synapse/admin correctly return 404 responses 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058

We may try to capture such calls and return a friendlier response (HTML
or JSON) saying "The Synapse Admin API is not enabled", but that may not
be desirable.

For now, we stick to what "upstream" recommends: "simply
don't proxy these APIs", which should lead to the same kind of 404 that
we have now.
See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints)
 2021-05-17 11:45:35 +03:00
sakkiii
2c3da6599b Added warning 2021-05-15 16:07:52 +05:30
sakkiii
0dd4459799 matrix_nginx_proxy_ocsp_stapling_enabled variable added 2021-05-15 16:01:49 +05:30
sakkiii
c05021640d Enable OCSP Stapling 2021-05-15 15:57:05 +05:30
Aaron Raimist
ca361af616
Add Hydrogen 2021-05-15 04:23:36 -05:00
sakkiii
b191e461a5 Merge branch 'spantaleev:master' into master 2021-05-15 12:20:02 +05:30
sakkiii
4bd7d8b5e4
Update grafana (7.5.5->7.5.6) 2021-05-14 18:59:21 +05:30
sakkiii
d5cd3d443d
Update prometheus (2.26.0->2.27.0) 2021-05-14 18:56:33 +05:30
sakkiii
322b750aad Merge branch 'spantaleev:master' into master 2021-05-14 18:54:47 +05:30
Slavi Pantaleev
f481b1a84b Upgrade matrix-mailer (4.94.2-r0 -> 4.94.2-r0-1) 
Related to https://github.com/devture/exim-relay/pull/9
 2021-05-12 18:09:08 +03:00
Slavi Pantaleev
8e6f1876f5 Switch to :latest version of synapse-admin 
Related to https://github.com/Awesome-Technologies/synapse-admin/issues/132

We should switch back when >0.8.0 gets released.
 2021-05-11 19:25:12 +03:00
sakkiii
8fc55b30c5
Upgrade Synapse (1.33.1 -> 1.33.2) 
This release fixes a denial of service attack (CVE-2021-29471) against Synapse's push rules implementation. Server admins are encouraged to upgrade.

Ref: https://github.com/matrix-org/synapse/releases/tag/v1.33.2
 2021-05-11 19:06:30 +05:30
Slavi Pantaleev
2d4b039c55
Merge pull request #1046 from GoMatrixHosting/master 
GoMatrixHosting v0.4.6
 2021-05-11 09:07:48 +03:00
Michael-GMH
2b4bada72a fix conditional 2021-05-11 14:05:45 +08:00
Michael-GMH
0adcef65e6 fix conditional 2021-05-11 13:58:42 +08:00
Michael-GMH
f70102e40c no dashes in usernames 2021-05-11 13:55:13 +08:00
Slavi Pantaleev
f4657b2cdb Upgrade Element (1.7.26 -> 1.7.27) 2021-05-11 08:22:43 +03:00
Michael-GMH
4e6f6e179b GMH 0.4.6 update 2021-05-10 18:50:10 +08:00
sakkiii
29cf6a0087 Merge branch 'spantaleev:master' into master 2021-05-10 15:10:18 +05:30
Slavi Pantaleev
3dcc006932 Fix self-building for Coturn 
689dcea773 wasn't enough. The `upstream/..` tags are
just upstream sources, without the alpine-based Dockerfile.
We need to use the `docker/..` tags for that (or `master`)

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1032

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1023

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1009
 2021-05-10 11:35:53 +03:00
Slavi Pantaleev
33f0074862 Upgrade matrix-mailer (4.94-r0 -> 4.94.2-r0) 
Related to https://github.com/devture/exim-relay/issues/6
 2021-05-10 11:23:44 +03:00
Slavi Pantaleev
c19508087a
Merge pull request #1036 from sakkiii/grafana-csp 
Grafana csp template backward compatible with older browsers
 2021-05-10 10:09:13 +03:00
Slavi Pantaleev
a198b87455 Upgrade synapse-admin (0.7.2 -> 0.8.0) 
Related to https://github.com/Awesome-Technologies/synapse-admin/issues/132
 2021-05-10 10:06:12 +03:00
Slavi Pantaleev
867ebb52ab
Merge pull request #1037 from pushytoxin/jitsi-5765-1 
Update Jitsi (5142 -> 5765-1)
 2021-05-08 12:35:29 +03:00
sakkiii
bb0810302d Merge branch 'spantaleev:master' into master 2021-05-07 23:03:55 +05:30
Slavi Pantaleev
61220ea487 Upgrade Synapse (1.33.0 -> 1.33.1) 2021-05-06 20:47:09 +03:00
sakkiii
9174448e5e get rid of this {% else %} 2021-05-06 12:46:17 +05:30
sakkiii
0d5fe2d9f7
Update roles/matrix-grafana/templates/grafana.ini.j2 
Co-authored-by: Aaron Raimist <aaron@raim.ist>
 2021-05-06 12:38:40 +05:30
Béla Becker
b10655ebb1 Jitsi XMPP Websocket support 
Jitsi-meet enabled websockets by default, claiming better reliability.
Matrix-nginx-proxy configuration has been set up according to the
Prosody documentation: https://prosody.im/doc/websocket
 2021-05-05 19:10:58 +02:00
Béla Becker
116bcaa13b Update jitsi to stable-5765-1 
Changelog:
https://github.com/jitsi/docker-jitsi-meet/blob/stable-5765-1/CHANGELOG.md
 2021-05-05 19:10:58 +02:00
sakkiii
37de7fc96a Updated Reference 2021-05-05 22:25:38 +05:30
sakkiii
303de935d5 grafana CSP backward compatible with older browsers 2021-05-05 22:12:56 +05:30
Slavi Pantaleev
d4d1e2e922 Upgrade Synapse (1.32.2 -> 1.33.0) 2021-05-05 19:18:53 +03:00
Slavi Pantaleev
b09a805939
Merge pull request #1031 from thedanbob/nginx-1.20.0 
Update nginx (1.19.10 -> 1.20.0)
 2021-05-04 10:41:02 +03:00
Slavi Pantaleev
6fdc71c40b
Merge pull request #1030 from thedanbob/grafana-7.5.5 
Update grafana (7.5.4 -> 7.5.5)
 2021-05-04 10:40:21 +03:00
Dan Arnfield
cfaa3e598a Update nginx (1.19.10 -> 1.20.0) 2021-05-03 16:00:11 -05:00
Dan Arnfield
bec5933db4 Update grafana (7.5.4 -> 7.5.5) 2021-05-03 15:57:06 -05:00
Michael-GMH
067b61e779 GoMatrixHosting v0.4.5 update 2021-04-29 08:06:45 +08:00
Slavi Pantaleev
2409c33ea2 Upgrade Element (1.7.25 -> 1.7.26) 2021-04-27 17:21:31 +03:00
benkuly
49cb2635a2
updated matrix-sms-bridge 2021-04-27 14:39:58 +02:00
Michael-GMH
a14bf6c2ed GoMatrixHosting v0.4.4 update 2021-04-26 20:00:32 +08:00
Slavi Pantaleev
689dcea773 Fix self-building for Coturn 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1023

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1009
 2021-04-24 20:31:25 +03:00
sakkiii
40fe6bd5c1 variable matrix_nginx_proxy_hsts_preload_enable added 2021-04-24 20:04:20 +05:30
Slavi Pantaleev
389dc26615 Fix Synapse generic worker balancing 
Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022
 2021-04-24 11:52:45 +03:00
sakkiii
5b4fdf9b87 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-24 12:15:34 +05:30
sakkiii
0ccf0fbf1c HSTS preload + X-XSS enables 
**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.
 2021-04-24 12:12:34 +05:30
sakkiii
3564635f0f
Merge branch 'master' into master 2021-04-24 11:46:52 +05:30
sakkiii
29bba5161b Element More security headers 
More Production ready nginx headers for Matrix client element.
 2021-04-24 11:10:40 +05:30
Slavi Pantaleev
f6b371164c Remove useless variable 2021-04-23 07:07:18 +03:00
Slavi Pantaleev
62c0587b6a Use Alpine-based Coturn 2021-04-22 15:05:37 +03:00
Slavi Pantaleev
72a7cb4145
Merge pull request #1018 from GoMatrixHosting/master 
GoMatrixHosting v0.4.3
 2021-04-22 14:23:30 +03:00
Slavi Pantaleev
e3fa3e12bc Upgrade Synapse (1.31 -> 1.32.2) 2021-04-22 14:22:07 +03:00
Michael-GMH
50d7209c5b GMH v04.3 2021-04-22 11:45:59 +08:00
Slavi Pantaleev
378fabf177 Revert "Upgrade Synapse (1.31 -> 1.32.1)" 
This reverts commit 1fb54a37cb.

Seems like it's been pulled or something. It used to exist, but not
anymore. Not sure what's going on.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1017

Related to
https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
 2021-04-21 23:36:58 +03:00
Slavi Pantaleev
1fb54a37cb Upgrade Synapse (1.31 -> 1.32.1) 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
 2021-04-21 18:47:15 +03:00
Slavi Pantaleev
d691cc0920 Move variable definition a bit 2021-04-21 13:59:20 +03:00
Slavi Pantaleev
e00ef04b57 Add opt-out-of-FLoC headers by default 2021-04-21 13:58:24 +03:00
Slavi Pantaleev
42783972fd
Merge pull request #1011 from aaronraimist/synapse-admin 
Upgrade synapse-admin (0.7.0 -> 0.7.2)
 2021-04-21 09:24:30 +03:00
Slavi Pantaleev
ca786cc343 Revert "Upgrade Synapse (1.31 -> 1.32)" 
This reverts commit f825c7c263.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
 2021-04-20 23:40:55 +03:00
Aaron Raimist
bb64b80697
Upgrade synapse-admin (0.7.0 -> 0.7.2) 2021-04-20 15:14:08 -05:00
Slavi Pantaleev
f825c7c263 Upgrade Synapse (1.31 -> 1.32) 2021-04-20 17:47:34 +03:00
Slavi Pantaleev
7eda6a3c12
Merge pull request #1009 from thedanbob/coturn-official 
Switch to official coturn image
 2021-04-19 18:41:17 +03:00
Slavi Pantaleev
adcecaffaf Fix connectivity between prometheus and prometheus-node-exporter 
Expected to have regressed after https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008

This patch comes with its own downsides (as described in the comments
for matrix_prometheus_node_exporter_container_http_host_bind_port),
but at least there's:
- no security issue
- metrics remain readable from matrix-prometheus (even if the network metrics are inaccurate)

A better patch is certainly welcome.
 2021-04-19 18:29:03 +03:00
Dan Arnfield
b2ca1f2829 Add capability required by new image 2021-04-19 10:16:26 -05:00
Slavi Pantaleev
398b9f5d66
Merge pull request #1008 from sakkiii/master 
security** node-exporter data & port publicly exposed
 2021-04-19 17:31:00 +03:00
Dan Arnfield
29177d4922 Switch to official coturn docker image 2021-04-19 09:04:08 -05:00
sak
88a30fb5ed security** node-exporter data & port publicly exposed 2021-04-19 15:35:23 +05:30
sak
0f9a455719 Revert "security** node-exporter data & port publicly exposed" 
This reverts commit d0cd709c08.
 2021-04-19 15:24:36 +05:30
sak
d0cd709c08 security** node-exporter data & port publicly exposed 2021-04-19 15:15:59 +05:30
Slavi Pantaleev
4a1739f604
Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version 
Don't expose nginx version with each response
 2021-04-18 21:33:11 +03:00
teutat3s
2bf7c26cfa
Don't expose nginx version with each response 2021-04-18 16:24:13 +02:00
Slavi Pantaleev
c565e72f0d
Merge pull request #1003 from sakkiii/patch-2 
updated matrix_grafana_docker_image to v7.5.4
 2021-04-18 09:56:12 +03:00
Slavi Pantaleev
51b46697c5
Merge pull request #1005 from sakkiii/master 
Improve security for grafana
 2021-04-18 09:50:59 +03:00
Dan Arnfield
f04614a993 Fix prometheus network for ansible < 2.8 2021-04-17 20:15:26 -05:00
Slavi Pantaleev
badd81e0ec Revert "Attempt to fix docker_network result discrepancy between Ansible versions" 
This reverts commit 68ca81c8c2.
 2021-04-17 19:31:20 +03:00
sakkiii
1958d0792d Update matrix-client-element.conf.j2 2021-04-17 21:33:07 +05:30
sakkiii
b6d45c5fd8 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-17 21:03:26 +05:30
sakkiii
05042f5ff1 Improve security grafana 
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
 2021-04-17 21:03:05 +05:30