From 67fc739fba74563f9ba3ccd0f936d6b433d99d94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johan=20Swetz=C3=A9n?= <johan@swetzen.se>
Date: Sat, 19 Aug 2023 22:11:24 +0200
Subject: [PATCH] Remove wsproxy PathPrefix, it needs a subdomain

There's no setting in the iMessage bridge that allows a path.
Also don't bind port by default, wsproxy has no TLS.
Syncproxy should never expose a port, it's only internal.
---
 group_vars/matrix_servers                           |  3 +--
 .../matrix-bridge-mautrix-wsproxy/defaults/main.yml |  7 ++-----
 .../matrix-mautrix-wsproxy-syncproxy.service.j2     |  3 ---
 .../templates/wsproxy-labels.j2                     | 13 +------------
 4 files changed, 4 insertions(+), 22 deletions(-)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index c604c764d..d271f05b7 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1239,8 +1239,7 @@ matrix_mautrix_wsproxy_systemd_required_services_list: |
 matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}"
 
 matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_homeserver_container_url }}"
-matrix_mautrix_wsproxy_hostname: "{{ matrix_server_fqn_matrix }}"
-matrix_mautrix_wsproxy_path_prefix: /_matrix/wsproxy
+matrix_mautrix_wsproxy_hostname: "wsproxy.{{ matrix_mautrix_wsproxy_homeserver_domain }}"
 
 matrix_mautrix_wsproxy_container_additional_networks: |
   {{
diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml
index 4acfc6923..b7cd06d6b 100644
--- a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml
@@ -15,13 +15,12 @@ matrix_mautrix_wsproxy_config_path: "{{ matrix_mautrix_wsproxy_base_path }}/conf
 matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_homeserver_container_url }}"
 matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}"
 
-matrix_mautrix_wsproxy_bind_port: true
+matrix_mautrix_wsproxy_bind_port: false
 matrix_mautrix_wsproxy_port: 29331
 
 matrix_mautrix_wsproxy_appservice_address: "http://matrix-mautrix-wsproxy:{{ matrix_mautrix_wsproxy_port }}"
 
 matrix_mautrix_wsproxy_hostname: ""
-matrix_mautrix_wsproxy_path_prefix: ""
 
 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_mautrix_wsproxy_container_network: matrix-mautrix-wsproxy
@@ -34,8 +33,7 @@ matrix_mautrix_wsproxy_container_labels_traefik_enabled: true
 matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_mautrix_wsproxy_container_network }}"
 matrix_mautrix_wsproxy_container_labels_traefik_hostname: "{{ matrix_mautrix_wsproxy_hostname }}"
 # The path prefix must either be `/` or not end with a slash (e.g. `/wsproxy`).
-matrix_mautrix_wsproxy_container_labels_traefik_path_prefix: "{{ matrix_mautrix_wsproxy_path_prefix }}"
-matrix_mautrix_wsproxy_container_labels_traefik_rule: "Host(`{{ matrix_mautrix_wsproxy_container_labels_traefik_hostname }}`){% if matrix_mautrix_wsproxy_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_mautrix_wsproxy_container_labels_traefik_path_prefix }}`){% endif %}"
+matrix_mautrix_wsproxy_container_labels_traefik_rule: "Host(`{{ matrix_mautrix_wsproxy_container_labels_traefik_hostname }}`)"
 matrix_mautrix_wsproxy_container_labels_traefik_priority: 0
 matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: web-secure
 matrix_mautrix_wsproxy_container_labels_traefik_tls: "{{ matrix_mautrix_wsproxy_container_labels_traefik_entrypoints != 'web' }}"
@@ -140,7 +138,6 @@ matrix_mautrix_wsproxy_syncproxy_systemd_wanted_services_list: []
 
 matrix_mautrix_wsproxy_syncproxy_shared_secret: ''
 matrix_mautrix_wsproxy_syncproxy_port: 29332
-matrix_mautrix_wsproxy_syncproxy_bind_port: true
 matrix_mautrix_wsproxy_syncproxy_appservice_address: "http://matrix-mautrix-wsproxy-syncproxy:{{ matrix_mautrix_wsproxy_syncproxy_port }}"
 
 # Database-related configuration fields
diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2
index 81de0c614..4531e12e3 100644
--- a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2
@@ -24,9 +24,6 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
-			{% if matrix_mautrix_wsproxy_syncproxy_bind_port %}
-			-p {{ matrix_mautrix_wsproxy_syncproxy_port }}:29331 \
-			{% endif %}
 			--env-file={{ matrix_mautrix_wsproxy_base_path }}/syncproxy-env \
 			{% for arg in matrix_mautrix_wsproxy_syncproxy_container_extra_arguments %}
 			{{ arg }} \
diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2
index d2dd72ea2..f16a631e8 100644
--- a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2
+++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2
@@ -7,17 +7,6 @@ traefik.docker.network={{ matrix_mautrix_wsproxy_container_labels_traefik_docker
 
 {% set middlewares = [] %}
 
-{% if matrix_mautrix_wsproxy_container_labels_traefik_path_prefix != '/' %}
-traefik.http.middlewares.matrix-mautrix-wsproxy-slashless-redirect.redirectregex.regex=({{ matrix_mautrix_wsproxy_container_labels_traefik_path_prefix | quote }})$
-traefik.http.middlewares.matrix-mautrix-wsproxy-slashless-redirect.redirectregex.replacement=${1}/
-{% set middlewares = middlewares + ['matrix-mautrix-wsproxy-slashless-redirect'] %}
-{% endif %}
-
-{% if matrix_mautrix_wsproxy_container_labels_traefik_path_prefix != '/' %}
-traefik.http.middlewares.matrix-mautrix-wsproxy-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_wsproxy_container_labels_traefik_path_prefix }}
-{% set middlewares = middlewares + ['matrix-mautrix-wsproxy-strip-prefix'] %}
-{% endif %}
-
 {% if matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
 {% for name, value in matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers.items() %}
 traefik.http.middlewares.matrix-mautrix-wsproxy-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
@@ -39,7 +28,7 @@ traefik.http.routers.matrix-mautrix-wsproxy.tls={{ matrix_mautrix_wsproxy_contai
 traefik.http.routers.matrix-mautrix-wsproxy.tls.certResolver={{ matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver }}
 {% endif %}
 
-traefik.http.services.matrix-sliding-sync.loadbalancer.server.port=8008
+traefik.http.services.matrix-mautrix-wsproxy.loadbalancer.server.port={{ matrix_mautrix_wsproxy_port }}
 {% endif %}
 
 {{ matrix_mautrix_wsproxy_container_labels_additional_labels }}