Charles Wright 
							
						 
					 
					
						
						
							
						
						20767b5149 
					 
					
						
						
							
							Fixes to enable Conduit in setup-all  
						
						
						
						
					 
					
						2022-08-04 14:35:41 -05:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						3b9d5b13e9 
					 
					
						
						
							
							Add support for not serving Dendrite federation APIs on the client port  
						
						... 
						
						
						
						Seems like Dendrite encourages serving both the Client and Federation
API at the same port.
Coming from Synapse and how things are done there, we have separate
ports. Using separate ports probably makes matrix-corporal (etc.)
integration easier, so separating the APIs by default probably makes
sense. 
						
						
					 
					
						2022-01-07 15:59:35 +02:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						ecc237bbad 
					 
					
						
						
							
							Initial work on getting nginx reverse proxying working with Dendrite  
						
						
						
						
					 
					
						2022-01-07 15:59:35 +02:00 
						 
				 
			
				
					
						
							
							
								rakshazi 
							
						 
					 
					
						
						
							
						
						5788a16a2e 
					 
					
						
						
							
							added matrix-client-cinny  
						
						
						
						
					 
					
						2022-01-05 18:33:21 +02:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						3a9fe48deb 
					 
					
						
						
							
							Make matrix-nginx-proxy's X-Forwarded-For header customizable  
						
						... 
						
						
						
						Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1393  
						
						
					 
					
						2021-11-24 11:32:06 +02:00 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						f8fe68b385 
					 
					
						
						
							
							Allow workers to serve new v3 APIs  
						
						... 
						
						
						
						1f196f59cb 
					
						2021-11-17 14:54:49 +00:00 
						 
				 
			
				
					
						
							
							
								JokerGermany 
							
						 
					 
					
						
						
							
						
						c0656448f7 
					 
					
						
						
							
							Port 80 for IPv6  
						
						
						
						
					 
					
						2021-11-13 01:18:22 +01:00 
						 
				 
			
				
					
						
							
							
								b 
							
						 
					 
					
						
						
							
						
						6eaa8ac65a 
					 
					
						
						
							
							add server_name to matrix-synapsel.conf only if matrix_nginx_proxy_enabled  
						
						
						
						
					 
					
						2021-11-05 15:31:10 +02:00 
						 
				 
			
				
					
						
							
							
								Kim Brose 
							
						 
					 
					
						
						
							
						
						5f6bbafa17 
					 
					
						
						
							
							fix space before tab in indent  
						
						
						
						
					 
					
						2021-10-24 16:00:42 +02:00 
						 
				 
			
				
					
						
							
							
								HarHarLinks 
							
						 
					 
					
						
						
							
						
						4209c4208c 
					 
					
						
						
							
							add own variable for worker metrics  
						
						... 
						
						
						
						https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1311#issuecomment-945718866  
					
						2021-10-20 12:51:00 +02:00 
						 
				 
			
				
					
						
							
							
								HarHarLinks 
							
						 
					 
					
						
						
							
						
						d9fa2f7ed4 
					 
					
						
						
							
							add auto proxy synapse worker metrics  
						
						... 
						
						
						
						when matrix_nginx_proxy_proxy_synapse_metrics is enabled 
						
						
					 
					
						2021-10-04 21:44:50 +02:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						31396f0615 
					 
					
						
						
							
							Merge pull request  #1295  from nogweii/feat-support-upstream-https-forwarded  
						
						... 
						
						
						
						Support trusting the upstream server when it says the protocol is HTTPS 
						
						
					 
					
						2021-09-26 09:54:15 +03:00 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						a676b5358c 
					 
					
						
						
							
							Fix hydrogen OCSP typo  
						
						... 
						
						
						
						From 6f80292745 
						
						
					 
					
						2021-09-24 20:09:06 -05:00 
						 
				 
			
				
					
						
							
							
								Colin Shea 
							
						 
					 
					
						
						
							
						
						2578ca4cee 
					 
					
						
						
							
							rename matrix_nginx_proxy_x_forwarded_header_value -> matrix_nginx_proxy_x_forwarded_proto_value  
						
						
						
						
					 
					
						2021-09-24 05:22:30 -07:00 
						 
				 
			
				
					
						
							
							
								Colin Shea 
							
						 
					 
					
						
						
							
						
						d0cd67044e 
					 
					
						
						
							
							replace $scheme with X-Forwarded-Proto when enabled  
						
						
						
						
					 
					
						2021-09-24 05:14:38 -07:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						ae6caf158a 
					 
					
						
						
							
							Added variable matrix_nginx_proxy_request_timeout ( #1265 )  
						
						... 
						
						
						
						* add timeout param for nginx proxy
default value matrix_nginx_proxy_request_timeout is 60s
* default matrix_nginx_proxy_request_timeout - 60s
* few more variables for request timeout
* Update nginx.conf.j2
* Update nginx.conf.j2 
						
						
					 
					
						2021-09-03 10:00:45 +03:00 
						 
				 
			
				
					
						
							
							
								Michael Collins 
							
						 
					 
					
						
						
							
						
						2e30802b87 
					 
					
						
						
							
							use group variables instead  
						
						
						
						
					 
					
						2021-08-11 15:21:09 +08:00 
						 
				 
			
				
					
						
							
							
								Michael Collins 
							
						 
					 
					
						
						
							
						
						8238d65e5f 
					 
					
						
						
							
							simplify template conditional  
						
						
						
						
					 
					
						2021-08-11 14:19:19 +08:00 
						 
				 
			
				
					
						
							
							
								Michael Collins 
							
						 
					 
					
						
						
							
						
						bfb61e776e 
					 
					
						
						
							
							GMH v0.5.7... maybe!  
						
						
						
						
					 
					
						2021-08-10 12:58:10 +08:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						4105ba854b 
					 
					
						
						
							
							Merge pull request  #1147  from datenkollektiv-net/allow-custom-federation-fqn  
						
						... 
						
						
						
						Make federation domain customizable 
						
						
					 
					
						2021-07-20 09:12:16 +03:00 
						 
				 
			
				
					
						
							
							
								JokerGermany 
							
						 
					 
					
						
						
							
						
						9345d840be 
					 
					
						
						
							
							root path for the base domain is wrong ( #1189 )  
						
						... 
						
						
						
						* root path for the base domain
* Fix path when running in a container
Co-authored-by: Slavi Pantaleev <slavi@devture.com > 
						
						
					 
					
						2021-07-20 08:48:11 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						6294e58304 
					 
					
						
						
							
							Fix Content-Security-Policy for Element  
						
						... 
						
						
						
						Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154 
According to
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ,
having both a header and the `<meta>`-tag provided by Element itself is
not a problem. The 2 CSP policies get combined. 
						
						
					 
					
						2021-07-01 12:41:05 +03:00 
						 
				 
			
				
					
						
							
							
								oxmie 
							
						 
					 
					
						
						
							
						
						5df4d68829 
					 
					
						
						
							
							Make federation domain customizable  
						
						
						
						
					 
					
						2021-06-30 23:02:27 +02:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						0217644b48 
					 
					
						
						
							
							Content-Security-Policy For Element Web  
						
						... 
						
						
						
						https://github.com/vector-im/element-web#configuration-best-practices  
					
						2021-06-18 23:27:23 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						4880dcceb0 
					 
					
						
						
							
							Fix OCSP-stapling-related errors due to missing resolver  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057  
						
						
					 
					
						2021-05-28 11:14:33 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						1ed0857019 
					 
					
						
						
							
							Fix syntax error  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024  
						
						
					 
					
						2021-05-25 11:45:17 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						4a4a7f136e 
					 
					
						
						
							
							changes added to hydrogen client  
						
						
						
						
					 
					
						2021-05-25 11:42:51 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						25e67b51d1 
					 
					
						
						
							
							Merge branch 'spantaleev:master' into master  
						
						
						
						
					 
					
						2021-05-25 11:40:56 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						3436f9c10a 
					 
					
						
						
							
							rename to matrix_nginx_proxy_hsts_preload_enabled  
						
						
						
						
					 
					
						2021-05-25 00:56:59 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						df2d91970d 
					 
					
						
						
							
							matrix_nginx_proxy_xss_protection  
						
						
						
						
					 
					
						2021-05-24 17:02:47 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						6f80292745 
					 
					
						
						
							
							Add OCSP stapling support and other SSL optimizations to Hydrogen vhost  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061 
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057  
						
						
					 
					
						2021-05-21 13:40:37 +03:00 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						04548f8df2 
					 
					
						
						
							
							Merge branch 'master' into hydrogen  
						
						
						
						
					 
					
						2021-05-21 04:09:18 -05:00 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						9437f78c9e 
					 
					
						
						
							
							Build using custom config.json, add CSP, update to 0.1.53  
						
						
						
						
					 
					
						2021-05-21 03:45:21 -05:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						e9b878b9e9 
					 
					
						
						
							
							Optimize SSL session  
						
						
						
						
					 
					
						2021-05-18 19:39:43 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						e6afa05f7b 
					 
					
						
						
							
							Enable OCSP stapling for the federation port  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057 
Not sure if this is beneficial though. 
						
						
					 
					
						2021-05-18 08:15:42 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						57a6a98a50 
					 
					
						
						
							
							Fix incorrect SSL certificate path  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057  
						
						
					 
					
						2021-05-18 07:58:47 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						b9c4e8ce16 
					 
					
						
						
							
							Merge pull request  #1057  from sakkiii/ssl_staple  
						
						... 
						
						
						
						Enable OCSP Stapling 
						
						
					 
					
						2021-05-18 07:50:35 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						d31b55b2a7 
					 
					
						
						
							
							SSL-enabled block only  
						
						
						
						
					 
					
						2021-05-18 03:24:06 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						e4dd933cf0 
					 
					
						
						
							
							Make missing /_synapse/admin correctly return 404 responses  
						
						... 
						
						
						
						Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058 
We may try to capture such calls and return a friendlier response (HTML
or JSON) saying "The Synapse Admin API is not enabled", but that may not
be desirable.
For now, we stick to what "upstream" recommends: "simply
don't proxy these APIs", which should lead to the same kind of 404 that
we have now.
See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints) 
						
						
					 
					
						2021-05-17 11:45:35 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						c05021640d 
					 
					
						
						
							
							Enable  OCSP Stapling  
						
						
						
						
					 
					
						2021-05-15 15:57:05 +05:30 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						ca361af616 
					 
					
						
						
							
							Add Hydrogen  
						
						
						
						
					 
					
						2021-05-15 04:23:36 -05:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						29cf6a0087 
					 
					
						
						
							
							Merge branch 'spantaleev:master' into master  
						
						
						
						
					 
					
						2021-05-10 15:10:18 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						bb0810302d 
					 
					
						
						
							
							Merge branch 'spantaleev:master' into master  
						
						
						
						
					 
					
						2021-05-07 23:03:55 +05:30 
						 
				 
			
				
					
						
							
							
								Béla Becker 
							
						 
					 
					
						
						
							
						
						b10655ebb1 
					 
					
						
						
							
							Jitsi XMPP Websocket support  
						
						... 
						
						
						
						Jitsi-meet enabled websockets by default, claiming better reliability.
Matrix-nginx-proxy configuration has been set up according to the
Prosody documentation: https://prosody.im/doc/websocket  
						
						
					 
					
						2021-05-05 19:10:58 +02:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						40fe6bd5c1 
					 
					
						
						
							
							variable matrix_nginx_proxy_hsts_preload_enable added  
						
						
						
						
					 
					
						2021-04-24 20:04:20 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						389dc26615 
					 
					
						
						
							
							Fix Synapse generic worker balancing  
						
						... 
						
						
						
						Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022  
						
						
					 
					
						2021-04-24 11:52:45 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						5b4fdf9b87 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/sakkiii/matrix-docker-ansible-deploy  
						
						
						
						
					 
					
						2021-04-24 12:15:34 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						0ccf0fbf1c 
					 
					
						
						
							
							HSTS preload + X-XSS enables  
						
						... 
						
						
						
						**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts ) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script. 
						
						
					 
					
						2021-04-24 12:12:34 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						3564635f0f 
					 
					
						
						
							
							Merge branch 'master' into master  
						
						
						
						
					 
					
						2021-04-24 11:46:52 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						29bba5161b 
					 
					
						
						
							
							Element More security headers  
						
						... 
						
						
						
						More Production ready nginx headers for Matrix client element. 
						
						
					 
					
						2021-04-24 11:10:40 +05:30