Add matrix_synapse_admin_hostname and rename matrix_synapse_admin_public_endpoint (to matrix_synapse_admin_path_prefix)

docs/configuring-playbook-synapse-admin.md

@@ -35,34 +35,6 @@ To use Synapse Admin, you need to have [registered at least one administrator ac
 
 The Homeserver URL to use on Synapse Admin's login page is: `https://matrix.DOMAIN`
 
-### Sample configuration for running behind Traefik 2.0
-
-Below is a sample configuration for using this playbook with a [Traefik](https://traefik.io/) 2.0 reverse proxy.
-
-This an extension to Traefik config sample in [own-webserver-documentation](./configuring-playbook-own-webserver.md).
-
-```yaml
-# Don't bind any HTTP or federation port to the host
-# (Traefik will proxy directly into the containers)
-matrix_synapse_admin_container_http_host_bind_port: ""
-
-matrix_synapse_admin_container_extra_arguments:
-    # May be unnecessary depending on Traefik config, but can't hurt
-    - '--label "traefik.enable=true"'
-
-    # The Synapse Admin container will only receive traffic from this subdomain and path
-    - '--label "traefik.http.routers.matrix-synapse-admin.rule=(Host(`{{ matrix_server_fqn_matrix }}`) && Path(`{{matrix_synapse_admin_public_endpoint}}`))"'
-
-    # (Define your entrypoint)
-    - '--label "traefik.http.routers.matrix-synapse-admin.entrypoints=web-secure"'
-
-    # (The 'default' certificate resolver must be defined in Traefik config)
-    - '--label "traefik.http.routers.matrix-synapse-admin.tls.certResolver=default"'
-
-    # The Synapse Admin container uses port 80 by default
-    - '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"'
-```
-
 ### Sample configuration for running behind Caddy v2
 
 Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`).

roles/custom/matrix-synapse-admin/defaults/main.yml

@@ -41,9 +41,9 @@ matrix_synapse_admin_container_extra_arguments: []
 # To inject your own other container labels, see `matrix_synapse_admin_container_labels_additional_labels`.
 matrix_synapse_admin_container_labels_traefik_enabled: true
 matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_synapse_admin_container_network }}"
-matrix_synapse_admin_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
+matrix_synapse_admin_container_labels_traefik_hostname: "{{ matrix_synapse_admin_hostname }}"
 # The path prefix must either be `/` or not end with a slash (e.g. `/synapse-admin`).
-matrix_synapse_admin_container_labels_traefik_path_prefix: "{{ matrix_synapse_admin_public_endpoint }}"
+matrix_synapse_admin_container_labels_traefik_path_prefix: "{{ matrix_synapse_admin_path_prefix }}"
 matrix_synapse_admin_container_labels_traefik_rule: "Host(`{{ matrix_synapse_admin_container_labels_traefik_hostname }}`){% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_synapse_admin_container_labels_traefik_path_prefix | quote }}`){% endif %}"
 matrix_synapse_admin_container_labels_traefik_priority: 0
 matrix_synapse_admin_container_labels_traefik_entrypoints: web-secure
@@ -131,9 +131,14 @@ matrix_synapse_admin_floc_optout_enabled: true
 # See: `matrix_synapse_admin_http_header_strict_transport_security`
 matrix_synapse_admin_hsts_preload_enabled: false
 
-# The path at which Synapse Admin will be exposed on `matrix.DOMAIN` when matrix-nginx-proxy is used.
-# A path of `/` is likely not a good choice when matrix-nginx-proxy is used.
+# The hostname at which Synapse Admin is served.
+# Only works with with Traefik reverse-proxying.
+# For matrix-nginx-proxy, `matrix_server_fqn_matrix` is used and this variable has no effect.
+matrix_synapse_admin_hostname: "{{ matrix_server_fqn_matrix }}"
+
+# The path at which Synapse Admin is exposed.
+# When matrix-nginx-proxy is used, setting this to values other than `/` will cause configuration mismatches and trouble.
 #
 # If Traefik is used, the hostname is also configurable - see `matrix_synapse_admin_container_labels_traefik_hostname`.
 # This value must either be `/` or not end with a slash (e.g. `/synapse-admin`).
-matrix_synapse_admin_public_endpoint: /synapse-admin
+matrix_synapse_admin_path_prefix: /synapse-admin

roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml

@@ -12,9 +12,9 @@
 - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
   ansible.builtin.set_fact:
     matrix_synapse_admin_matrix_nginx_proxy_configuration: |
-      rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;
+      rewrite ^{{ matrix_synapse_admin_path_prefix }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_path_prefix }}/ permanent;
 
-      location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
+      location ~ ^{{ matrix_synapse_admin_path_prefix }}/(.*) {
       {% if matrix_nginx_proxy_enabled | default(False) %}
         {# Use the embedded DNS resolver in Docker containers to discover the service #}
         resolver 127.0.0.11 valid=5s;
@@ -40,7 +40,7 @@
     msg: >-
       NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
       reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}`
+      Please make sure that you're proxying the `{{ matrix_synapse_admin_path_prefix }}`
       URL endpoint to the matrix-synapse-admin container.
       You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
   when: "not matrix_nginx_proxy_enabled | default(False) | bool"

roles/custom/matrix-synapse-admin/tasks/validate_config.yml

@@ -10,6 +10,7 @@
     - {'old': 'matrix_synapse_admin_docker_repo', 'new': 'matrix_synapse_admin_container_self_build_repo'}
     - {'old': 'matrix_synapse_admin_container_self_build', 'new': 'matrix_synapse_admin_container_image_self_build'}
     - {'old': 'matrix_synapse_admin_container_self_build_repo', 'new': 'matrix_synapse_admin_container_image_self_build_repo'}
+    - {'old': 'matrix_synapse_admin_public_endpoint', 'new': 'matrix_synapse_admin_path_prefix'}
 
 - when: matrix_synapse_admin_container_labels_traefik_enabled | bool
   block: