Make nginx proxy config (when disabled) obey matrix_federation_public_port

People who were disabling matrix-nginx-proxy (in favor of their own
nginx webserver) and also overriding `matrix_federation_public_port`,
found that the generated nginx configuration still hardcoded `8448`,
which forced their nginx server to use that, regardless of the fact
that `matrix_federation_public_port` was pointing elsewhere.

We now allow for the in-container federation port to be configurable,
and also automatically wire things properly.

group_vars/matrix_servers

@@ -1074,6 +1074,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1
 matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
 matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}"
 
+# When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter.
+matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}"
+
 matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
 
 # This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore.
@@ -1224,7 +1227,7 @@ matrix_postgres_additional_databases: |
       'username': matrix_mautrix_instagram_database_username,
       'password': matrix_mautrix_instagram_database_password,
     }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == 'matrix-postgres') else [])
-    +    
+    +
     ([{
       'name': matrix_mautrix_signal_database_name,
       'username': matrix_mautrix_signal_database_username,

roles/matrix-nginx-proxy/defaults/main.yml

@@ -111,6 +111,10 @@ matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
 # Controls whether proxying the matrix domain should be done.
 matrix_nginx_proxy_proxy_matrix_enabled: false
 matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
+# The port name used for federation in the nginx configuration.
+# This is not necessarily the port that it's actually on,
+# as port-mapping happens (`-p ..`) for the `matrix-nginx-proxy` container.
+matrix_nginx_proxy_proxy_matrix_federation_port: 8448
 
 # Controls whether proxying the dimension domain should be done.
 matrix_nginx_proxy_proxy_dimension_enabled: false

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2

@@ -199,10 +199,10 @@ server {
 #}
 server {
 	{% if matrix_nginx_proxy_https_enabled %}
-		listen 8448 ssl http2;
-		listen [::]:8448 ssl http2;
+		listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }} ssl http2;
+		listen [::]:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} ssl http2;
 	{% else %}
-		listen 8448;
+		listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }};
 	{% endif %}
 
 	server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};

roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2

@@ -30,7 +30,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
 			-p {{ matrix_nginx_proxy_container_https_host_bind_port }}:8443 \
 			{% endif %}
 			{% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled and matrix_nginx_proxy_container_federation_host_bind_port %}
-			-p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:8448 \
+			-p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} \
 			{% endif %}
 			--mount type=bind,src={{ matrix_nginx_proxy_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
 			--mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/nginx-data,ro \