* Update matrix-domain.conf.j2
exchanged "^~" with "~" as a pattern matching in the location part.
I am very sure, that it only works using "~". I am not quite sure though, if this is the right way to do it, because "~" is probably more expensive than "^~"
the rewrite has to be behind the definition of the $backend. Otherwise nginx will fail to work. This is probably because "break" goes directly to the proxy_pass which uses $backend.
* Update matrix-domain.conf.j2
also change the order of "set $backend" and "rewrite" here in the 3pid registration section
* Update matrix-domain.conf.j2 - repeat v3_to_r0 rewrite in else-statement
as you said: repeat it for the else-case, where the ma1sd might be running on sans_container.
* Update matrix-domain.conf.j2 - corrected wrong variable
atrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled
is the right variable to check (twice) in the corresponding branch.
* matrix-domain.conf.j2 - fix-2954: change all whitespaces to tabs as you do it
---------
Co-authored-by: Tobias Küchel <t.kuechel@humboldt-ka.de>
The variable matrix_nginx_proxy_proxy_jitsi_additional_jvbs isn't
needed, as this information is already in the inventory.
This contribution is provided by GRNET S.A. (grnet.gr).
* Inital work, copeid from mautrix-amp PR
* Some fixes leftover code copeid over from whatsapp
* Got it to run and register
* Fixed service issue with docker image
* I now realize I need 2 roles wsproxy and imessage
* Got someting working, still rough
* Closer to working but still not working
* reverting ports
* Update main.yml
* Add matrix-nginx-proxy config for mautrix-wsproxy
* Changed
* Add back file
* fix for error hopefully
* Changed the the way nginx was recieved
* basically did not add anything ugh
* Added some arguments
* just trying stuff now
* Ugh i messed up port number
* Changed docs
* Change dns config
* changed generic secret key
* Testing new nginx proxy
* test
* Fix linting errors
* Add mautrix syncproxy to wsproxy for Android SMS
* WIP
* Move wsproxy to custom
* Squashed commit of the following:
commit 943189a9aa
Merge: 4a229d68f5a09f30
Author: Slavi Pantaleev <slavi@devture.com>
Date: Sun Nov 13 08:54:32 2022 +0200
Merge pull request #2259 from throny/patch-3
warn users about upgrading to pg15 when using borg
commit 4a229d6870
Merge: 9b326e08c68def08
Author: Slavi Pantaleev <slavi@devture.com>
Date: Sun Nov 13 08:53:13 2022 +0200
Merge pull request #2260 from etkecc/patch-117
Update ntfy 1.28.0 -> 1.29.0
commit f5a09f30b7
Author: throny <m.throne12@gmail.com>
Date: Sat Nov 12 23:48:57 2022 +0100
Update maintenance-postgres.md
commit b12cdbd99d
Author: throny <m.throne12@gmail.com>
Date: Sat Nov 12 23:40:46 2022 +0100
Update maintenance-postgres.md
commit c68def0809
Author: Aine <97398200+etkecc@users.noreply.github.com>
Date: Sat Nov 12 22:01:31 2022 +0000
Update ntfy 1.28.0 -> 1.29.0
commit adbc09f152
Author: throny <m.throne12@gmail.com>
Date: Sat Nov 12 11:20:43 2022 +0100
warn users about upgrading to pg15 when using borg
* Fix linting errors
* Cleanup after merge
* Correct outdated variable names
* Enable both Android and iMessage with wsproxy
* Restructure wsproxy service defs and nginx config
* Fix linter errors
* Apply suggestions from code review
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Fix comments for documentation, volumes and ports
* Correct mount syntax
* Complete network and traefik support for wsproxy
* Remove wsproxy data_path
* Fix wsproxy service definitions
* Actually include syncproxy service
* Remove wsproxy PathPrefix, it needs a subdomain
There's no setting in the iMessage bridge that allows a path.
Also don't bind port by default, wsproxy has no TLS.
Syncproxy should never expose a port, it's only internal.
---------
Co-authored-by: hanthor <jreilly112@gmail.com>
Co-authored-by: Miguel Alatzar <miguel@natrx.io>
Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
The newly extracted role also has native Traefik support,
so we no longer need to rely on `matrix-nginx-proxy` for
reverse-proxying to Ntfy.
The new role uses port `80` inside the container (not `8080`, like
before), because that's the default assumption of the officially
published container image. Using a custom port (like `8080`), means the
default healthcheck command (which hardcodes port `80`) doesn't work.
Instead of fiddling to override the healthcheck command, we've decided
to stick to the default port instead. This only affects the
inside-the-container port, not any external ports.
The new role also supports adding the network ranges of the container's
multiple additional networks as "exempt hosts". Previously, only one
network's address range was added to "exempt hosts".
This gets us started on adding a Traefik role and hooking Traefik:
- directly to services which support Traefik - we only have a few of
these right now, but the list will grow
- to matrix-nginx-proxy for most services that integrate with
matrix-nginx-proxy right now
Traefik usage should be disabled by default for now and nothing should
change for people just yet.
Enabling these experiments requires additional configuration like this:
```yaml
devture_traefik_ssl_email_address: '.....'
matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true
matrix_ssl_retrieval_method: none
matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''
matrix_nginx_proxy_trust_forwarded_proto: true
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
matrix_coturn_enabled: false
```
What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
Switching from doing "post-start" loop hacks to running the container
in 3 steps: `create` + potentially connect to additional networks + `start`.
This way, the container would be connected to all its networks even at
the very beginning of its life.
This extends the collection with support for seamless authentication at the Jitsi server using Matrix OpenID.
1. New role for installing the [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)
2. Changes to Jitsi role: Installing Jitsi Prosody Mods and configuring Jitsi Auth
3. Changes to Jitsi and nginx-proxy roles: Serving .well-known/element/jitsi from jitsi.DOMAIN
4. We updated the Jitsi documentation on authentication and added documentation for the user verification service.
* add prometheus-nginxlog-exporter role
* Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname
* avoid referencing variables from other roles, handover info using group_vars/matrix_servers
* fix: stop service when uninstalling
fix: typo
move available arch's into a var
fix: text
* fix: prometheus enabled condition
Co-authored-by: ikkemaniac <ikkemaniac@localhost>