use tmpfs if matrix_nginx_proxy_enabled

3 years ago · 0f391dbffb
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -275,7 +275,7 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_trusted_certificate: "{{ matr

 # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
 matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}"

 matrix_nginx_proxy_tmp_cache_directory_size_mb: "{{ (matrix_nginx_proxy_synapse_cache_max_size | int) * 2 }}"
 # A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf).
 # for big matrixservers to enlarge the number of open files to prevent timeouts
 # matrix_nginx_proxy_proxy_additional_configuration_blocks:
@@ -559,11 +559,11 @@ matrix_nginx_proxy_synapse_frontend_proxy_locations: []

 # synapse content caching
 matrix_nginx_proxy_synapse_cache_enabled: false
 matrix_nginx_proxy_synapse_cache_path: "{{ matrix_nginx_proxy_base_path }}/data/cache"
 matrix_nginx_proxy_synapse_cache_path: "{{ matrix_nginx_proxy_base_path+'/cache' if matrix_nginx_proxy_synapse_cache_enabled else '/tmp/cache' }}"
 matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC"
 matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m"
 matrix_nginx_proxy_synapse_cache_inactive_time: "48h"
 matrix_nginx_proxy_synapse_cache_max_size: "1g"
 matrix_nginx_proxy_synapse_cache_max_size: 1024
 matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h"


--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
@@ -6,7 +6,11 @@
 {% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'frontend_proxy')|list %}
 {% if matrix_nginx_proxy_synapse_workers_enabled %}
 	{% if matrix_nginx_proxy_synapse_cache_enabled %}
    	proxy_cache_path  {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }}  max_size={{ matrix_nginx_proxy_synapse_cache_max_size }};
    	proxy_cache_path  {{ matrix_nginx_proxy_synapse_cache_path }} \
 		levels=1:2 \
 		keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} \
 		inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} \
 		max_size={{ matrix_nginx_proxy_synapse_cache_max_size }}m;
 	{% endif %}
 	# Round Robin "upstream" pools for workers

--- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
+++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
@@ -22,6 +22,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
 			--cap-drop=ALL \
 			--read-only \
 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \
 			{% if matrix_nginx_proxy_enabled and matrix_nginx_proxy_synapse_cache_enabled %}
 			--tmpfs=/tmp/cache:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_cache_directory_size_mb }}m\
 			{% endif %}
 			--network={{ matrix_docker_network }} \
 			{% if matrix_nginx_proxy_container_http_host_bind_port %}
 			-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \