Add support for the internal Traefik entrypoint to synapse-reverse-proxy-companion

2 лет назад · 17c9e3f168
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -4384,6 +4384,9 @@ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_ad

 matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}"

 matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
 matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

 matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
 matrix_synapse_reverse_proxy_companion_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
 matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
@@ -61,7 +61,7 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: web
 matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: default  # noqa var-naming
 matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: ''

 # Controls whether labels will be added that expose the Client-Server API.
 # Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint.
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_enabled: true
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}"
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_path_prefix: /_matrix
@@ -71,6 +71,14 @@ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefi
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_entrypoints != 'web' }}"
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}"  # noqa var-naming

 # Controls whether labels will be added that expose the Client-Server API on the internal Traefik entrypoint.
 # This is similar to `matrix_synapse_container_labels_public_client_api_enabled`, but the entrypoint and intent is different.
 matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled: false
 matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_synapse_container_labels_public_client_api_traefik_path_prefix }}"
 matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_path_prefix }}`)"
 matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_priority: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority }}"
 matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints: ""

 # Controls whether labels will be added that expose the /_synapse/client paths
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: true
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}"
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml
@@ -16,3 +16,5 @@

    - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled }}"}
    - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled }}"}

    - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled }}"}
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2
@@ -14,18 +14,18 @@ traefik.http.services.matrix-synapse-reverse-proxy-companion-federation-api.load
 #}
 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_enabled %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_rule }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_rule }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority }}
 {% endif %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.service=matrix-synapse-reverse-proxy-companion-client-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls | to_json }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.service=matrix-synapse-reverse-proxy-companion-client-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls | to_json }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls_certResolver }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls_certResolver }}
 {% endif %}

 {% endif %}
@@ -34,23 +34,43 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls.certR
 #}


 {#
 	Internal Client-API (/_matrix)
 #}
 {% if matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_rule }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_priority }}
 {% endif %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-api.service=matrix-synapse-reverse-proxy-companion-client-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints }}

 {% endif %}
 {#
 	/Internal Client-API (/_matrix)
 #}


 {#
 	Public Synapse Admin API (/_synapse/client)
 #}
 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_rule }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_rule }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_priority }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_priority }}
 {% endif %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.service=matrix-synapse-reverse-proxy-companion-client-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls | to_json }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.service=matrix-synapse-reverse-proxy-companion-client-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls | to_json }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls_certResolver }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls_certResolver }}
 {% endif %}

 {% endif %}
@@ -64,18 +84,18 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-clien
 #}
 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_rule }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_rule }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority }}
 {% endif %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.service=matrix-synapse-reverse-proxy-companion-client-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls | to_json }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.service=matrix-synapse-reverse-proxy-companion-client-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls | to_json }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver }}
 {% endif %}

 {% endif %}
@@ -89,18 +109,18 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-
 #}
 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_rule }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_rule }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_priority }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_priority }}
 {% endif %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.service=matrix-synapse-reverse-proxy-companion-client-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls | to_json }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.service=matrix-synapse-reverse-proxy-companion-client-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls | to_json }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver }}
 {% endif %}

 {% endif %}
@@ -114,18 +134,18 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin
 #}
 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_rule }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_rule }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_priority }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_priority }}
 {% endif %}

 traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.service=matrix-synapse-reverse-proxy-companion-federation-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls | to_json }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.service=matrix-synapse-reverse-proxy-companion-federation-api
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls | to_json }}

 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls %}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls_certResolver }}
 traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls_certResolver }}
 {% endif %}

 {% endif %}