Commit Graph

752 Commits

Author SHA1 Message Date
b91ad453be Adjust TLS variables for homeservers to follow devture_traefik_config_entrypoint_web_secure_enabled (via matrix_federation_traefik_entrypoint_tls) 2024-01-15 09:39:36 +02:00
3fa21d19be Wire matrix_bot_maubot_hostname via group vars 2024-01-14 21:33:09 +02:00
25697861d7 Fix some variable typos in matrix-prometheus-nginxlog-exporter 2024-01-14 21:32:02 +02:00
4f9b7ba656 Add missing container label wiring for mautrix-googlechat and mautrix-hangouts 2024-01-14 21:22:08 +02:00
f4f3d57520 Remove all traces of matrix-nginx-proxy, add validation & uninstallation tasks 2024-01-14 18:42:14 +02:00
bdc573d1b1 Wire some matrix-synapse-reverse-proxy-companion label variables based on matrix-synapse variables 2024-01-14 12:31:05 +02:00
038c63888a Remove definition of old variable (matrix_synapse_admin_nginx_proxy_integration_enabled) 2024-01-14 12:12:15 +02:00
69ca30d1b1 Add support for the internal Traefik entrypoint to matrix-media-repo 2024-01-14 11:57:51 +02:00
6b5f42fa81 Indirectly make use of matrix_homeserver_federation_enabled in matrix-media-repo and add some comments around Traefik labels 2024-01-14 11:54:02 +02:00
c238978ac8 Add new global variable for controlling federation regardless of homeserver implementation
The old variables still work. The global lets us avoid
auto-detection logic like we're currently doing for
`matrix_nginx_proxy_proxy_matrix_federation_api_enabled`.

In the future, we'd just be able to reference
`matrix_homeserver_federation_enabled` and know the up-to-date value
regardless of homeserver.
2024-01-14 11:52:40 +02:00
df5d8bfc04 Remove matrix-homeserver-proxy role in favor of the new internal Traefik entrypoint
This was meant to serve as an intermediary for services needing to reach
the homeserver. It was used like that for a while in this
`bye-bye-nginx-proxy` branch, but was never actually public.

It has recently been superseded by homeserver-like services injecting
themselves into a new internal Traefik entrypoint
(see `matrix_playbook_internal_matrix_client_api_traefik_entrypoint_*`),
so `matrix-homeserver-proxy` is no longer necessary.

---

This is probably a good moment to share some benchmarks and reasons
for going with the internal Traefik entrypoint as opposed to this nginx
service.

1. (1400 rps) Directly to Synapse (`ab -n 1000 -c 100 http://matrix-synapse:8008/_matrix/client/versions`
2. (~900 rps) Via `matrix-homeserver-proxy` (nginx) proxying to Synapse (`ab -n 1000 -c 100 http://matrix-homeserver-proxy:8008/_matrix/client/versions`)
3. (~1200 rps) Via the new internal entrypoint of Traefik (`matrix-internal-matrix-client-api`) proxying to Synapse (`ab -n 1000 -c 100 http://matrix-traefik:8008/_matrix/client/versions`)

Besides Traefik being quicker for some reason, there are also other
benefits to not having this `matrix-homeserver-proxy` component:

- we can reuse what we have in terms of labels. Services can register a few extra labels on the new Traefik entrypoint
- we don't need services (like `matrix-media-repo`) to inject custom nginx configs into `matrix-homeserver-proxy`. They just need to register labels, like they do already.
- Traefik seems faster than nginx on this benchmark for some reason, which is a nice bonus
- no need to run one extra container (`matrix-homeserver-proxy`) and execute one extra Ansible role
- no need to maintain a setup where some people run the `matrix-homeserver-proxy` component (because they have route-stealing services like `matrix-media-repo` enabled) and others run an optimized setup without this component and everything needs to be rewired to talk to the homeserver directly. Now, everyone can go through Traefik and we can all run an identical setup

Downsides of the new Traefik entrypoint setup are that:

- all addon services that need to talk to the homeserver now depend on Traefik
- people running their own Traefik setup will be inconvenienced - they
  need to manage one additional entrypoint
2024-01-14 10:53:14 +02:00
17c9e3f168 Add support for the internal Traefik entrypoint to synapse-reverse-proxy-companion 2024-01-14 10:48:55 +02:00
4d66c14fd5 Add support for the internal Traefik entrypoint to Conduit 2024-01-14 10:48:55 +02:00
ee0eb59dc6 Add support for the internal Traefik entrypoint to Dendrite 2024-01-14 10:48:54 +02:00
b2aeb8cde9 Rename label-related variables for homeservers
We'd be adding integration with an internal Traefik entrypoint
(`matrix_playbook_internal_matrix_client_api_traefik_entrypoint`),
so renaming helps disambiguate things.

There's no need for deperecation tasks, because the old names
have only been part of this `bye-bye-nginx-proxy` branch and not used by
anyone publicly.
2024-01-14 10:48:54 +02:00
39bddefd39 Make addons communicate with the homeserver via a new internal Traefik entrypoint
This also adds labels for Synapse. Support for other homeservers and
components will be added later.
2024-01-14 10:48:54 +02:00
533dc711ad Merge branch 'master' into bye-bye-nginx-proxy 2024-01-14 09:23:43 +02:00
95e5a5c62e Deprecate direct usage of devture_traefik_additional_entrypoints_auto 2024-01-14 09:23:36 +02:00
bfd93adb20 Fix variable name typo 2024-01-13 20:11:43 +02:00
d7b5b65b0c Connect postgres-backup directly to Postgres network, if integrated Postgres is used
This saves us one container network in the ideal case.
2024-01-13 20:10:41 +02:00
d48a70b052 Connect matrix-synapse-auto-compressor directly to Postgres network, if integrated Postgres is used
This saves us one container network in the ideal case.
2024-01-13 20:01:06 +02:00
130f9ad0a3 Move prometheus to matrix_monitoring_container_network 2024-01-13 19:55:27 +02:00
17d80cb9e8 Move wsproxy to the matrix-addons network and adjust its Postgres connectivity
This is a bit of a compatibility break.
The role was defaulting the Postgres password to `some-password` and we
auto-generate it now.

However, rebuilding both Postgres and this service should unify the
database credentials and the service configs to the new value.
2024-01-13 18:13:06 +02:00
ed63068e22 Make maubot talk to the homeserver via matrix_addons_homeserver_client_api_url 2024-01-13 18:04:21 +02:00
c79f354dce Move Dimension to the addons network and connect to Homeserver via matrix_addons_homeserver_client_api_url 2024-01-13 17:58:41 +02:00
0ceea3895e Move all monitoring-related services to their own container network (matrix_monitoring_container_network) 2024-01-13 17:46:52 +02:00
782f1f5b1c Run postgres-backup in its own container network (not in matrix_docker_network) 2024-01-13 17:42:01 +02:00
cdf28c39d3 Move matrix-user-verification service to its own container network 2024-01-13 17:31:03 +02:00
0921087a21 Make Rageshake use its own container network 2024-01-13 17:29:14 +02:00
c96a0156c0 Make matrix-dynamic-dns use its own container network 2024-01-13 17:18:22 +02:00
c86cff2708 Fix NeDB to Postgres importing task for matrix-bridge-appservice-slack
Same as 250b91a40968e, but for Slack
2024-01-13 17:18:22 +02:00
6b73073012 Fix NeDB to Postgres importing task for matrix-bridge-appservice-irc
Postgres is not in `matrix_docker_network` anymore, so what we had
before could not possibly work anymore.
2024-01-13 17:18:22 +02:00
3f212feb1f Move matrix-email2matrix to its own container network 2024-01-13 17:18:22 +02:00
e2157517af Hook matrix-homeserver-proxy to matrix-prometheus-nginxlog-exporter 2024-01-13 16:51:09 +02:00
262caf0d59 Add native Traefik support to matrix-prometheus-nginxlog-exporter 2024-01-13 16:50:44 +02:00
5d76b91dc2 Restore matrix-corporal functionality when matrix-nginx-proxy is not involved 2024-01-13 15:29:47 +02:00
c23022ff86 Merge branch 'master' into bye-bye-nginx-proxy 2024-01-13 15:07:07 +02:00
71e0022d9a Upgrade prometheus-postgres-exporter (v0.14.0-2 -> v0.14.0-3) and stop using prometheus_postgres_exporter_server_fqn 2024-01-13 15:06:29 +02:00
48e6344c9e Merge branch 'master' into bye-bye-nginx-proxy 2024-01-13 10:25:35 +02:00
22dce1d4cc Upgrade matrix-reminder-bot and lock it down via the new allowlist setting 2024-01-13 10:22:06 +02:00
48311bb96a Stop using deprecated variable name (prometheus_node_exporter_server_fqn) 2024-01-13 09:05:43 +02:00
3c81d0b06a Only expose prometheus-node-exporter/prometheus-postgres-exporter metrics publicly if matrix_metrics_exposure_enabled 2024-01-12 17:58:11 +02:00
c468a860f8 Switch to exposing prometheus-postgres-exporter via native Traefik labels, not via matrix-prometheus-services-proxy-connect.. and remove matrix-prometheus-services-proxy-connect role
This requires at least `v0.14.0-2` of the `prometheus-postgres-exporter`
Ansible role.
2024-01-12 17:54:54 +02:00
beb0f2387d Switch to exposing prometheus-node-exporter via native Traefik labels, not via matrix-prometheus-services-proxy-connect
This requires at least `v1.7.0-2` of the `prometheus-node-exporter`
Ansible role.
2024-01-12 17:41:54 +02:00
7fba83924c Remove etherpad-proxy-connect role 2024-01-12 17:22:46 +02:00
4018aa38b3 Move matrix-registration service to its own network and add native Traefik support 2024-01-12 17:17:12 +02:00
41a52945d6 Add support for exposing metrics for Synapse workers 2024-01-12 12:16:06 +02:00
22f5f0ba75 Add support for exposing metrics for Synapse (without workers) 2024-01-12 12:15:57 +02:00
18254cd0b2 Remvoe all Traefik labels from matrix-nginx-proxy and update docs for delegation via SRV 2024-01-11 12:31:56 +02:00
c4d6144bb9 Add metrics-exposure support for Dendrite 2024-01-11 12:02:15 +02:00