Slavi Pantaleev
1 年之前
共有 6 個檔案被更改,包括 13 行新增 和 15 行删除
統一視圖
Diff Options
-
+1 -1CHANGELOG.md
-
+1 -1docs/configuring-dns.md
-
+4 -4examples/reverse-proxies/caddy2-in-container/Caddyfile
-
+4 -5examples/reverse-proxies/haproxy/haproxy.cfg
-
+2 -2group_vars/matrix_servers
-
+1 -2roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
+ 1
- 1
CHANGELOG.md
查看文件
| @@ -927,7 +927,7 @@ Until now, we've been doing the migration gradually and keeping full backward co | |||||
| Each change we do and each new feature that comes in needs to support all these different ways of reverse-proxying. Because `matrix-nginx-proxy` was the default and pretty much everyone was (and still is) using it, means that new PRs also come with `matrix-nginx-proxy` as their main focus and Traefik as an afterthought, which means we need to spend hours fixing up Traefik support. | Each change we do and each new feature that comes in needs to support all these different ways of reverse-proxying. Because `matrix-nginx-proxy` was the default and pretty much everyone was (and still is) using it, means that new PRs also come with `matrix-nginx-proxy` as their main focus and Traefik as an afterthought, which means we need to spend hours fixing up Traefik support. | ||||
| We can't spend all this time maintaining so many different configurations anymore. Traefik support has been an option for 2 weeks and lots of people have already migrated their server and have tested things out. Traefik is what we use and preferentially test for. | |||||
| We can't spend all this time maintaining so many different configurations anymore. Traefik support has been an option for 2 weeks and lots of people have already migrated their server and have tested things out. Traefik is what we use and preferentially test for. | |||||
| It's time for the **next step in our migration process** to Traefik and elimination of `matrix-nginx-proxy`: | It's time for the **next step in our migration process** to Traefik and elimination of `matrix-nginx-proxy`: | ||||
+ 1
- 1
docs/configuring-dns.md
查看文件
| @@ -10,7 +10,7 @@ over to `matrix.example.com`. | |||||
| As we discuss in [Server Delegation](howto-server-delegation.md), there are 2 different ways to set up such delegation: | As we discuss in [Server Delegation](howto-server-delegation.md), there are 2 different ways to set up such delegation: | ||||
| - either by serving a `https://example.com/.well-known/matrix/server` file (from the base domain!) | - either by serving a `https://example.com/.well-known/matrix/server` file (from the base domain!) | ||||
| - or by using a `_matrix._tcp` DNS SRV record (don't confuse this with the `_matrix-identity._tcp` SRV record described below) | |||||
| - or by using a `_matrix._tcp` DNS SRV record (don't confuse this with the `_matrix-identity._tcp` SRV record described below) | |||||
| This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates. | This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates. | ||||
| If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do. | If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do. | ||||
+ 4
- 4
examples/reverse-proxies/caddy2-in-container/Caddyfile
查看文件
| @@ -3,8 +3,8 @@ matrix.example.com { | |||||
| handle { | handle { | ||||
| encode zstd gzip | encode zstd gzip | ||||
| # Use the docker service name instead of localhost or 127.0.0.1 here | |||||
| matrix-traefik:8080 { | |||||
| # Use the docker service name instead of localhost or 127.0.0.1 here | |||||
| matrix-traefik:8080 { | |||||
| header_up X-Forwarded-Port {http.request.port} | header_up X-Forwarded-Port {http.request.port} | ||||
| header_up X-Forwarded-TlsProto {tls_protocol} | header_up X-Forwarded-TlsProto {tls_protocol} | ||||
| header_up X-Forwarded-TlsCipher {tls_cipher} | header_up X-Forwarded-TlsCipher {tls_cipher} | ||||
| @@ -13,12 +13,12 @@ matrix.example.com { | |||||
| } | } | ||||
| } | } | ||||
| # Put `https://` at the beginning to enforce https protocol as 8448 is not the default https port (which is 443) | |||||
| # Put `https://` at the beginning to enforce https protocol as 8448 is not the default https port (which is 443) | |||||
| https://matrix.example.com:8448 { | https://matrix.example.com:8448 { | ||||
| handle { | handle { | ||||
| encode zstd gzip | encode zstd gzip | ||||
| # Use the docker service name instead of localhost or 127.0.0.1 here | |||||
| # Use the docker service name instead of localhost or 127.0.0.1 here | |||||
| reverse_proxy matrix-traefik:8448 { | reverse_proxy matrix-traefik:8448 { | ||||
| header_up X-Forwarded-Port {http.request.port} | header_up X-Forwarded-Port {http.request.port} | ||||
| header_up X-Forwarded-TlsProto {tls_protocol} | header_up X-Forwarded-TlsProto {tls_protocol} | ||||
+ 4
- 5
examples/reverse-proxies/haproxy/haproxy.cfg
查看文件
| @@ -24,8 +24,8 @@ defaults | |||||
| option forwardfor | option forwardfor | ||||
| option redispatch | option redispatch | ||||
| timeout connect 5000 | timeout connect 5000 | ||||
| timeout client 50000 | |||||
| timeout server 50000 | |||||
| timeout client 50000 | |||||
| timeout server 50000 | |||||
| errorfile 400 /etc/haproxy/errors/400.http | errorfile 400 /etc/haproxy/errors/400.http | ||||
| errorfile 403 /etc/haproxy/errors/403.http | errorfile 403 /etc/haproxy/errors/403.http | ||||
| errorfile 408 /etc/haproxy/errors/408.http | errorfile 408 /etc/haproxy/errors/408.http | ||||
| @@ -71,11 +71,10 @@ backend matrix-federation | |||||
| backend nginx-static | backend nginx-static | ||||
| capture request header origin len 128 | capture request header origin len 128 | ||||
| http-response add-header Access-Control-Allow-Origin * | http-response add-header Access-Control-Allow-Origin * | ||||
| rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found } | |||||
| rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found } | |||||
| rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found } | |||||
| rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found } | |||||
| rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found } | rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found } | ||||
| server nginx 127.0.0.1:40888 check | server nginx 127.0.0.1:40888 check | ||||
| backend element | backend element | ||||
| server element 127.0.0.1:8765 check | server element 127.0.0.1:8765 check | ||||
+ 2
- 2
group_vars/matrix_servers
查看文件
| @@ -4063,7 +4063,7 @@ postgres_managed_databases_auto: | | |||||
| 'name': matrix_bot_maubot_database_name, | 'name': matrix_bot_maubot_database_name, | ||||
| 'username': matrix_bot_maubot_database_username, | 'username': matrix_bot_maubot_database_username, | ||||
| 'password': matrix_bot_maubot_database_password, | 'password': matrix_bot_maubot_database_password, | ||||
| }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == postgres_connection_hostname) else []) | |||||
| }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == postgres_connection_hostname) else []) | |||||
| + | + | ||||
| ([{ | ([{ | ||||
| 'name': matrix_bot_buscarron_database_name, | 'name': matrix_bot_buscarron_database_name, | ||||
| @@ -4231,7 +4231,7 @@ postgres_managed_databases_auto: | | |||||
| 'name': matrix_mx_puppet_discord_database_name, | 'name': matrix_mx_puppet_discord_database_name, | ||||
| 'username': matrix_mx_puppet_discord_database_username, | 'username': matrix_mx_puppet_discord_database_username, | ||||
| 'password': matrix_mx_puppet_discord_database_password, | 'password': matrix_mx_puppet_discord_database_password, | ||||
| }] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname) else []) | |||||
| }] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname) else []) | |||||
| + | + | ||||
| ([{ | ([{ | ||||
| 'name': matrix_mx_puppet_steam_database_name, | 'name': matrix_mx_puppet_steam_database_name, | ||||
+ 1
- 2
roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
查看文件
| @@ -87,7 +87,7 @@ manhole: | |||||
| # Bridge config | # Bridge config | ||||
| bridge: | bridge: | ||||
| # Localpart template of MXIDs for LinkedIn users. | |||||
| # Localpart template of MXIDs for LinkedIn users. | |||||
| # {userid} is replaced with the user ID of the LinkedIn user | # {userid} is replaced with the user ID of the LinkedIn user | ||||
| username_template: "linkedin_{userid}" | username_template: "linkedin_{userid}" | ||||
| # Settings for creating a space for every user. | # Settings for creating a space for every user. | ||||
| @@ -263,4 +263,3 @@ logging: | |||||
| root: | root: | ||||
| level: {{ matrix_beeper_linkedin_logging_level|to_json }} | level: {{ matrix_beeper_linkedin_logging_level|to_json }} | ||||
| handlers: [console] | handlers: [console] | ||||