Просмотр исходного кода
Add matrix_synapse_admin_hostname and rename matrix_synapse_admin_public_endpoint (to matrix_synapse_admin_path_prefix)
pull/2483/head
Slavi Pantaleev
3 лет назад
4 измененных файлов: 14 добавлений и 36 удалений
-
+0 -28docs/configuring-playbook-synapse-admin.md
-
+10 -5roles/custom/matrix-synapse-admin/defaults/main.yml
-
+3 -3roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml
-
+1 -0roles/custom/matrix-synapse-admin/tasks/validate_config.yml
+ 0
- 28
docs/configuring-playbook-synapse-admin.md
Просмотреть файл
| @@ -35,34 +35,6 @@ To use Synapse Admin, you need to have [registered at least one administrator ac | |||||
| The Homeserver URL to use on Synapse Admin's login page is: `https://matrix.DOMAIN` | The Homeserver URL to use on Synapse Admin's login page is: `https://matrix.DOMAIN` | ||||
| ### Sample configuration for running behind Traefik 2.0 | |||||
| Below is a sample configuration for using this playbook with a [Traefik](https://traefik.io/) 2.0 reverse proxy. | |||||
| This an extension to Traefik config sample in [own-webserver-documentation](./configuring-playbook-own-webserver.md). | |||||
| ```yaml | |||||
| # Don't bind any HTTP or federation port to the host | |||||
| # (Traefik will proxy directly into the containers) | |||||
| matrix_synapse_admin_container_http_host_bind_port: "" | |||||
| matrix_synapse_admin_container_extra_arguments: | |||||
| # May be unnecessary depending on Traefik config, but can't hurt | |||||
| - '--label "traefik.enable=true"' | |||||
| # The Synapse Admin container will only receive traffic from this subdomain and path | |||||
| - '--label "traefik.http.routers.matrix-synapse-admin.rule=(Host(`{{ matrix_server_fqn_matrix }}`) && Path(`{{matrix_synapse_admin_public_endpoint}}`))"' | |||||
| # (Define your entrypoint) | |||||
| - '--label "traefik.http.routers.matrix-synapse-admin.entrypoints=web-secure"' | |||||
| # (The 'default' certificate resolver must be defined in Traefik config) | |||||
| - '--label "traefik.http.routers.matrix-synapse-admin.tls.certResolver=default"' | |||||
| # The Synapse Admin container uses port 80 by default | |||||
| - '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"' | |||||
| ``` | |||||
| ### Sample configuration for running behind Caddy v2 | ### Sample configuration for running behind Caddy v2 | ||||
| Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`). | Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`). | ||||
+ 10
- 5
roles/custom/matrix-synapse-admin/defaults/main.yml
Просмотреть файл
| @@ -41,9 +41,9 @@ matrix_synapse_admin_container_extra_arguments: [] | |||||
| # To inject your own other container labels, see `matrix_synapse_admin_container_labels_additional_labels`. | # To inject your own other container labels, see `matrix_synapse_admin_container_labels_additional_labels`. | ||||
| matrix_synapse_admin_container_labels_traefik_enabled: true | matrix_synapse_admin_container_labels_traefik_enabled: true | ||||
| matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_synapse_admin_container_network }}" | matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_synapse_admin_container_network }}" | ||||
| matrix_synapse_admin_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}" | |||||
| matrix_synapse_admin_container_labels_traefik_hostname: "{{ matrix_synapse_admin_hostname }}" | |||||
| # The path prefix must either be `/` or not end with a slash (e.g. `/synapse-admin`). | # The path prefix must either be `/` or not end with a slash (e.g. `/synapse-admin`). | ||||
| matrix_synapse_admin_container_labels_traefik_path_prefix: "{{ matrix_synapse_admin_public_endpoint }}" | |||||
| matrix_synapse_admin_container_labels_traefik_path_prefix: "{{ matrix_synapse_admin_path_prefix }}" | |||||
| matrix_synapse_admin_container_labels_traefik_rule: "Host(`{{ matrix_synapse_admin_container_labels_traefik_hostname }}`){% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_synapse_admin_container_labels_traefik_path_prefix | quote }}`){% endif %}" | matrix_synapse_admin_container_labels_traefik_rule: "Host(`{{ matrix_synapse_admin_container_labels_traefik_hostname }}`){% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_synapse_admin_container_labels_traefik_path_prefix | quote }}`){% endif %}" | ||||
| matrix_synapse_admin_container_labels_traefik_priority: 0 | matrix_synapse_admin_container_labels_traefik_priority: 0 | ||||
| matrix_synapse_admin_container_labels_traefik_entrypoints: web-secure | matrix_synapse_admin_container_labels_traefik_entrypoints: web-secure | ||||
| @@ -131,9 +131,14 @@ matrix_synapse_admin_floc_optout_enabled: true | |||||
| # See: `matrix_synapse_admin_http_header_strict_transport_security` | # See: `matrix_synapse_admin_http_header_strict_transport_security` | ||||
| matrix_synapse_admin_hsts_preload_enabled: false | matrix_synapse_admin_hsts_preload_enabled: false | ||||
| # The path at which Synapse Admin will be exposed on `matrix.DOMAIN` when matrix-nginx-proxy is used. | |||||
| # A path of `/` is likely not a good choice when matrix-nginx-proxy is used. | |||||
| # The hostname at which Synapse Admin is served. | |||||
| # Only works with with Traefik reverse-proxying. | |||||
| # For matrix-nginx-proxy, `matrix_server_fqn_matrix` is used and this variable has no effect. | |||||
| matrix_synapse_admin_hostname: "{{ matrix_server_fqn_matrix }}" | |||||
| # The path at which Synapse Admin is exposed. | |||||
| # When matrix-nginx-proxy is used, setting this to values other than `/` will cause configuration mismatches and trouble. | |||||
| # | # | ||||
| # If Traefik is used, the hostname is also configurable - see `matrix_synapse_admin_container_labels_traefik_hostname`. | # If Traefik is used, the hostname is also configurable - see `matrix_synapse_admin_container_labels_traefik_hostname`. | ||||
| # This value must either be `/` or not end with a slash (e.g. `/synapse-admin`). | # This value must either be `/` or not end with a slash (e.g. `/synapse-admin`). | ||||
| matrix_synapse_admin_public_endpoint: /synapse-admin | |||||
| matrix_synapse_admin_path_prefix: /synapse-admin | |||||
+ 3
- 3
roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml
Просмотреть файл
| @@ -12,9 +12,9 @@ | |||||
| - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy | - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy | ||||
| ansible.builtin.set_fact: | ansible.builtin.set_fact: | ||||
| matrix_synapse_admin_matrix_nginx_proxy_configuration: | | matrix_synapse_admin_matrix_nginx_proxy_configuration: | | ||||
| rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; | |||||
| rewrite ^{{ matrix_synapse_admin_path_prefix }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_path_prefix }}/ permanent; | |||||
| location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { | |||||
| location ~ ^{{ matrix_synapse_admin_path_prefix }}/(.*) { | |||||
| {% if matrix_nginx_proxy_enabled | default(False) %} | {% if matrix_nginx_proxy_enabled | default(False) %} | ||||
| {# Use the embedded DNS resolver in Docker containers to discover the service #} | {# Use the embedded DNS resolver in Docker containers to discover the service #} | ||||
| resolver 127.0.0.11 valid=5s; | resolver 127.0.0.11 valid=5s; | ||||
| @@ -40,7 +40,7 @@ | |||||
| msg: >- | msg: >- | ||||
| NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy | NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy | ||||
| reverse proxy. | reverse proxy. | ||||
| Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` | |||||
| Please make sure that you're proxying the `{{ matrix_synapse_admin_path_prefix }}` | |||||
| URL endpoint to the matrix-synapse-admin container. | URL endpoint to the matrix-synapse-admin container. | ||||
| You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. | You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. | ||||
| when: "not matrix_nginx_proxy_enabled | default(False) | bool" | when: "not matrix_nginx_proxy_enabled | default(False) | bool" | ||||
+ 1
- 0
roles/custom/matrix-synapse-admin/tasks/validate_config.yml
Просмотреть файл
| @@ -10,6 +10,7 @@ | |||||
| - {'old': 'matrix_synapse_admin_docker_repo', 'new': 'matrix_synapse_admin_container_self_build_repo'} | - {'old': 'matrix_synapse_admin_docker_repo', 'new': 'matrix_synapse_admin_container_self_build_repo'} | ||||
| - {'old': 'matrix_synapse_admin_container_self_build', 'new': 'matrix_synapse_admin_container_image_self_build'} | - {'old': 'matrix_synapse_admin_container_self_build', 'new': 'matrix_synapse_admin_container_image_self_build'} | ||||
| - {'old': 'matrix_synapse_admin_container_self_build_repo', 'new': 'matrix_synapse_admin_container_image_self_build_repo'} | - {'old': 'matrix_synapse_admin_container_self_build_repo', 'new': 'matrix_synapse_admin_container_image_self_build_repo'} | ||||
| - {'old': 'matrix_synapse_admin_public_endpoint', 'new': 'matrix_synapse_admin_path_prefix'} | |||||
| - when: matrix_synapse_admin_container_labels_traefik_enabled | bool | - when: matrix_synapse_admin_container_labels_traefik_enabled | bool | ||||
| block: | block: | ||||