Split Traefik rules for Matrix Client and Matrix Federation APIs

This helps people who run federation on another domain (etc.). They should now easily be able to add a custom rule for federation traffic.
3 years ago · 7716c306f1
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -57,7 +57,10 @@ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_rule: "Host(`{{ ma
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: false
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname }}`)"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_hostname }}`)"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname }}`)"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint: "{{ matrix_federation_traefik_entrypoint }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints: "{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint }}"

--- a/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml
@@ -14,6 +14,8 @@
    - {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'}
    - {'old': 'matrix_ssl_lets_encrypt_renew_cron_time_definition', 'new': '<not configurable anymore>'}
    - {'old': 'matrix_nginx_proxy_reload_cron_time_definition', 'new': '<not configurable anymore>'}
    - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule', 'new': '<split into matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_rule and matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_rule>'}
    - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname', 'new': '<split into matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_hostname and matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname>'}

 - name: Fail on unknown matrix_ssl_retrieval_method
  ansible.builtin.fail:
--- a/roles/custom/matrix-nginx-proxy/templates/labels.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/labels.j2
@@ -20,7 +20,7 @@ traefik.http.routers.matrix-nginx-proxy-base-domain.entrypoints={{ matrix_nginx_

 {% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled %}
 # Matrix Client
 traefik.http.routers.matrix-nginx-proxy-matrix-client.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
 traefik.http.routers.matrix-nginx-proxy-matrix-client.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_rule }}
 traefik.http.routers.matrix-nginx-proxy-matrix-client.service=matrix-nginx-proxy-web
 traefik.http.routers.matrix-nginx-proxy-matrix-client.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
 {% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}
@@ -29,7 +29,7 @@ traefik.http.routers.matrix-nginx-proxy-matrix-client.tls.certResolver={{ matrix
 traefik.http.routers.matrix-nginx-proxy-matrix-client.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}

 # Matrix Federation
 traefik.http.routers.matrix-nginx-proxy-matrix-federation.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }}
 traefik.http.routers.matrix-nginx-proxy-matrix-federation.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_rule }}
 traefik.http.routers.matrix-nginx-proxy-matrix-federation.service=matrix-nginx-proxy-federation
 traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }}
 {% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %}