Просмотр исходного кода
Rename label-related variables for homeservers
We'd be adding integration with an internal Traefik entrypoint (`matrix_playbook_internal_matrix_client_api_traefik_entrypoint`), so renaming helps disambiguate things. There's no need for deperecation tasks, because the old names have only been part of this `bye-bye-nginx-proxy` branch and not used by anyone publicly.pull/3093/head
Slavi Pantaleev
2 лет назад
13 измененных файлов: 318 добавлений и 318 удалений
-
+1 -1docs/configuring-playbook-synapse-admin.md
-
+13 -13group_vars/matrix_servers
-
+30 -30roles/custom/matrix-conduit/defaults/main.yml
-
+32 -32roles/custom/matrix-conduit/templates/labels.j2
-
+60 -60roles/custom/matrix-dendrite/defaults/main.yml
-
+64 -64roles/custom/matrix-dendrite/templates/labels.j2
-
+40 -40roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
-
+6 -6roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml
-
+50 -50roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2
-
+9 -9roles/custom/matrix-synapse/defaults/main.yml
-
+1 -1roles/custom/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2
-
+10 -10roles/custom/matrix-synapse/templates/synapse/worker-labels.j2
-
+2 -2roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+ 1
- 1
docs/configuring-playbook-synapse-admin.md
Просмотреть файл
| @@ -18,7 +18,7 @@ matrix_synapse_admin_enabled: true | |||
| **Note**: Synapse Admin requires Synapse's [Admin APIs](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, the playbook **automatically** exposes the Synapse Admin API publicly for you. Depending on the homeserver implementation you're using (Synapse, Dendrite), this is equivalent to: | |||
| - for Synapse (our default homeserver implementation): `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true` | |||
| - for [Dendrite](./configuring-playbook-dendrite.md): `matrix_dendrite_container_labels_client_synapse_admin_api_enabled: true` | |||
| - for [Dendrite](./configuring-playbook-dendrite.md): `matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: true` | |||
| ## Installing | |||
+ 13
- 13
group_vars/matrix_servers
Просмотреть файл
| @@ -4378,11 +4378,11 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: "{{ | |||
| matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_oidc_api_enabled }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_oidc_api_enabled }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}" | |||
| matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}" | |||
| matrix_synapse_reverse_proxy_companion_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}" | |||
| @@ -4896,15 +4896,15 @@ matrix_dendrite_container_labels_traefik_docker_network: "{{ matrix_playbook_rev | |||
| matrix_dendrite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" | |||
| matrix_dendrite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" | |||
| matrix_dendrite_container_labels_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}" | |||
| matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}" | |||
| matrix_dendrite_container_labels_client_root_redirection_enabled: "{{ matrix_dendrite_container_labels_client_root_redirection_url != '' }}" | |||
| matrix_dendrite_container_labels_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" | |||
| matrix_dendrite_container_labels_public_client_root_redirection_enabled: "{{ matrix_dendrite_container_labels_public_client_root_redirection_url != '' }}" | |||
| matrix_dendrite_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" | |||
| matrix_dendrite_container_labels_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}" | |||
| matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}" | |||
| matrix_dendrite_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" | |||
| matrix_dendrite_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" | |||
| matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" | |||
| matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" | |||
| matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" | |||
| @@ -4987,10 +4987,10 @@ matrix_conduit_container_labels_traefik_docker_network: "{{ matrix_playbook_reve | |||
| matrix_conduit_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" | |||
| matrix_conduit_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" | |||
| matrix_conduit_container_labels_client_root_redirection_enabled: "{{ matrix_conduit_container_labels_client_root_redirection_url != '' }}" | |||
| matrix_conduit_container_labels_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" | |||
| matrix_conduit_container_labels_public_client_root_redirection_enabled: "{{ matrix_conduit_container_labels_public_client_root_redirection_url != '' }}" | |||
| matrix_conduit_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" | |||
| matrix_conduit_container_labels_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}" | |||
| matrix_conduit_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}" | |||
| # Even if TURN doesn't support TLS (it does by default), | |||
| # it doesn't hurt to try a secure connection anyway. | |||
+ 30
- 30
roles/custom/matrix-conduit/defaults/main.yml
Просмотреть файл
| @@ -49,36 +49,36 @@ matrix_conduit_container_labels_traefik_docker_network: "{{ matrix_conduit_conta | |||
| matrix_conduit_container_labels_traefik_entrypoints: web-secure | |||
| matrix_conduit_container_labels_traefik_tls_certResolver: default # noqa var-naming | |||
| # Controls whether labels will be added for handling the root (/) path | |||
| matrix_conduit_container_labels_client_root_enabled: true | |||
| matrix_conduit_container_labels_client_root_traefik_hostname: "{{ matrix_conduit_hostname }}" | |||
| matrix_conduit_container_labels_client_root_traefik_rule: "Host(`{{ matrix_conduit_container_labels_client_root_traefik_hostname }}`) && Path(`/`)" | |||
| matrix_conduit_container_labels_client_root_traefik_priority: 0 | |||
| matrix_conduit_container_labels_client_root_traefik_entrypoints: "{{ matrix_conduit_container_labels_traefik_entrypoints }}" | |||
| matrix_conduit_container_labels_client_root_traefik_tls: "{{ matrix_conduit_container_labels_client_root_traefik_entrypoints != 'web' }}" | |||
| matrix_conduit_container_labels_client_root_traefik_tls_certResolver: "{{ matrix_conduit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_conduit_container_labels_client_root_redirection_enabled: false | |||
| matrix_conduit_container_labels_client_root_redirection_url: "" | |||
| # Controls whether labels will be added that expose the Client-Server API. | |||
| matrix_conduit_container_labels_client_api_enabled: true | |||
| matrix_conduit_container_labels_client_api_traefik_hostname: "{{ matrix_conduit_hostname }}" | |||
| matrix_conduit_container_labels_client_api_traefik_path_prefix: /_matrix | |||
| matrix_conduit_container_labels_client_api_traefik_rule: "Host(`{{ matrix_conduit_container_labels_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduit_container_labels_client_api_traefik_path_prefix }}`)" | |||
| matrix_conduit_container_labels_client_api_traefik_priority: 0 | |||
| matrix_conduit_container_labels_client_api_traefik_entrypoints: "{{ matrix_conduit_container_labels_traefik_entrypoints }}" | |||
| matrix_conduit_container_labels_client_api_traefik_tls: "{{ matrix_conduit_container_labels_client_api_traefik_entrypoints != 'web' }}" | |||
| matrix_conduit_container_labels_client_api_traefik_tls_certResolver: "{{ matrix_conduit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the Server-Server API (Federation API). | |||
| matrix_conduit_container_labels_federation_api_enabled: "{{ matrix_conduit_allow_federation }}" | |||
| matrix_conduit_container_labels_federation_api_traefik_hostname: "{{ matrix_conduit_hostname }}" | |||
| matrix_conduit_container_labels_federation_api_traefik_path_prefix: /_matrix | |||
| matrix_conduit_container_labels_federation_api_traefik_rule: "Host(`{{ matrix_conduit_container_labels_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduit_container_labels_federation_api_traefik_path_prefix }}`)" | |||
| matrix_conduit_container_labels_federation_api_traefik_priority: 0 | |||
| matrix_conduit_container_labels_federation_api_traefik_entrypoints: '' | |||
| matrix_conduit_container_labels_federation_api_traefik_tls: "{{ matrix_conduit_container_labels_federation_api_traefik_entrypoints != 'web' }}" | |||
| matrix_conduit_container_labels_federation_api_traefik_tls_certResolver: "{{ matrix_conduit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added for handling the root (/) path on a public Traefik entrypoint. | |||
| matrix_conduit_container_labels_public_client_root_enabled: true | |||
| matrix_conduit_container_labels_public_client_root_traefik_hostname: "{{ matrix_conduit_hostname }}" | |||
| matrix_conduit_container_labels_public_client_root_traefik_rule: "Host(`{{ matrix_conduit_container_labels_public_client_root_traefik_hostname }}`) && Path(`/`)" | |||
| matrix_conduit_container_labels_public_client_root_traefik_priority: 0 | |||
| matrix_conduit_container_labels_public_client_root_traefik_entrypoints: "{{ matrix_conduit_container_labels_traefik_entrypoints }}" | |||
| matrix_conduit_container_labels_public_client_root_traefik_tls: "{{ matrix_conduit_container_labels_public_client_root_traefik_entrypoints != 'web' }}" | |||
| matrix_conduit_container_labels_public_client_root_traefik_tls_certResolver: "{{ matrix_conduit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_conduit_container_labels_public_client_root_redirection_enabled: false | |||
| matrix_conduit_container_labels_public_client_root_redirection_url: "" | |||
| # Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint. | |||
| matrix_conduit_container_labels_public_client_api_enabled: true | |||
| matrix_conduit_container_labels_public_client_api_traefik_hostname: "{{ matrix_conduit_hostname }}" | |||
| matrix_conduit_container_labels_public_client_api_traefik_path_prefix: /_matrix | |||
| matrix_conduit_container_labels_public_client_api_traefik_rule: "Host(`{{ matrix_conduit_container_labels_public_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduit_container_labels_public_client_api_traefik_path_prefix }}`)" | |||
| matrix_conduit_container_labels_public_client_api_traefik_priority: 0 | |||
| matrix_conduit_container_labels_public_client_api_traefik_entrypoints: "{{ matrix_conduit_container_labels_traefik_entrypoints }}" | |||
| matrix_conduit_container_labels_public_client_api_traefik_tls: "{{ matrix_conduit_container_labels_public_client_api_traefik_entrypoints != 'web' }}" | |||
| matrix_conduit_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_conduit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the Server-Server API (Federation API) on a public Traefik entrypoint. | |||
| matrix_conduit_container_labels_public_federation_api_enabled: "{{ matrix_conduit_allow_federation }}" | |||
| matrix_conduit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_conduit_hostname }}" | |||
| matrix_conduit_container_labels_public_federation_api_traefik_path_prefix: /_matrix | |||
| matrix_conduit_container_labels_public_federation_api_traefik_rule: "Host(`{{ matrix_conduit_container_labels_public_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduit_container_labels_public_federation_api_traefik_path_prefix }}`)" | |||
| matrix_conduit_container_labels_public_federation_api_traefik_priority: 0 | |||
| matrix_conduit_container_labels_public_federation_api_traefik_entrypoints: '' | |||
| matrix_conduit_container_labels_public_federation_api_traefik_tls: "{{ matrix_conduit_container_labels_public_federation_api_traefik_entrypoints != 'web' }}" | |||
| matrix_conduit_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_conduit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # matrix_conduit_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. | |||
| # See `../templates/labels.j2` for details. | |||
+ 32
- 32
roles/custom/matrix-conduit/templates/labels.j2
Просмотреть файл
| @@ -9,87 +9,87 @@ traefik.http.services.matrix-conduit.loadbalancer.server.port={{ matrix_conduit_ | |||
| {# | |||
| Root path (/) | |||
| Public Root path (/) | |||
| #} | |||
| {% if matrix_conduit_container_labels_client_root_enabled %} | |||
| {% if matrix_conduit_container_labels_public_client_root_enabled %} | |||
| {% set client_root_middlewares = [] %} | |||
| {% if matrix_conduit_container_labels_client_root_redirection_enabled %} | |||
| {% if matrix_conduit_container_labels_public_client_root_redirection_enabled %} | |||
| {% set client_root_middlewares = client_root_middlewares + ['matrix-conduit-client-root-redirect'] %} | |||
| traefik.http.middlewares.matrix-conduit-client-root-redirect.redirectregex.regex=(.*) | |||
| traefik.http.middlewares.matrix-conduit-client-root-redirect.redirectregex.replacement={{ matrix_conduit_container_labels_client_root_redirection_url }} | |||
| traefik.http.middlewares.matrix-conduit-client-root-redirect.redirectregex.replacement={{ matrix_conduit_container_labels_public_client_root_redirection_url }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduit-client-root.rule={{ matrix_conduit_container_labels_client_root_traefik_rule }} | |||
| traefik.http.routers.matrix-conduit-client-root.rule={{ matrix_conduit_container_labels_public_client_root_traefik_rule }} | |||
| traefik.http.routers.matrix-conduit-client-root.middlewares={{ client_root_middlewares | join(',') }} | |||
| {% if matrix_conduit_container_labels_client_root_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduit-client-root.priority={{ matrix_conduit_container_labels_client_root_traefik_priority }} | |||
| {% if matrix_conduit_container_labels_public_client_root_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduit-client-root.priority={{ matrix_conduit_container_labels_public_client_root_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduit-client-root.service=matrix-conduit | |||
| traefik.http.routers.matrix-conduit-client-root.entrypoints={{ matrix_conduit_container_labels_client_root_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduit-client-root.tls={{ matrix_conduit_container_labels_client_root_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-conduit-client-root.entrypoints={{ matrix_conduit_container_labels_public_client_root_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduit-client-root.tls={{ matrix_conduit_container_labels_public_client_root_traefik_tls | to_json }} | |||
| {% if matrix_conduit_container_labels_client_root_traefik_tls %} | |||
| traefik.http.routers.matrix-conduit-client-root.tls.certResolver={{ matrix_conduit_container_labels_client_root_traefik_tls_certResolver }} | |||
| {% if matrix_conduit_container_labels_public_client_root_traefik_tls %} | |||
| traefik.http.routers.matrix-conduit-client-root.tls.certResolver={{ matrix_conduit_container_labels_public_client_root_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Root path (/) | |||
| /Public Root path (/) | |||
| #} | |||
| {# | |||
| Client-API (/_matrix) | |||
| Public Client-API (/_matrix) | |||
| #} | |||
| {% if matrix_conduit_container_labels_client_api_enabled %} | |||
| {% if matrix_conduit_container_labels_public_client_api_enabled %} | |||
| traefik.http.routers.matrix-conduit-client-api.rule={{ matrix_conduit_container_labels_client_api_traefik_rule }} | |||
| traefik.http.routers.matrix-conduit-client-api.rule={{ matrix_conduit_container_labels_public_client_api_traefik_rule }} | |||
| {% if matrix_conduit_container_labels_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduit-client-api.priority={{ matrix_conduit_container_labels_client_api_traefik_priority }} | |||
| {% if matrix_conduit_container_labels_public_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduit-client-api.priority={{ matrix_conduit_container_labels_public_client_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduit-client-api.service=matrix-conduit | |||
| traefik.http.routers.matrix-conduit-client-api.entrypoints={{ matrix_conduit_container_labels_client_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduit-client-api.tls={{ matrix_conduit_container_labels_client_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-conduit-client-api.entrypoints={{ matrix_conduit_container_labels_public_client_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduit-client-api.tls={{ matrix_conduit_container_labels_public_client_api_traefik_tls | to_json }} | |||
| {% if matrix_conduit_container_labels_client_api_traefik_tls %} | |||
| traefik.http.routers.matrix-conduit-client-api.tls.certResolver={{ matrix_conduit_container_labels_client_api_traefik_tls_certResolver }} | |||
| {% if matrix_conduit_container_labels_public_client_api_traefik_tls %} | |||
| traefik.http.routers.matrix-conduit-client-api.tls.certResolver={{ matrix_conduit_container_labels_public_client_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Client-API (/_matrix) | |||
| /Public Client-API (/_matrix) | |||
| #} | |||
| {# | |||
| Federation-API (/_matrix) | |||
| Public Federation-API (/_matrix) | |||
| #} | |||
| {% if matrix_conduit_container_labels_federation_api_enabled %} | |||
| {% if matrix_conduit_container_labels_public_federation_api_enabled %} | |||
| traefik.http.routers.matrix-conduit-federation-api.rule={{ matrix_conduit_container_labels_federation_api_traefik_rule }} | |||
| traefik.http.routers.matrix-conduit-federation-api.rule={{ matrix_conduit_container_labels_public_federation_api_traefik_rule }} | |||
| {% if matrix_conduit_container_labels_federation_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduit-federation-api.priority={{ matrix_conduit_container_labels_federation_api_traefik_priority }} | |||
| {% if matrix_conduit_container_labels_public_federation_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduit-federation-api.priority={{ matrix_conduit_container_labels_public_federation_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduit-federation-api.service=matrix-conduit | |||
| traefik.http.routers.matrix-conduit-federation-api.entrypoints={{ matrix_conduit_container_labels_federation_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduit-federation-api.tls={{ matrix_conduit_container_labels_federation_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-conduit-federation-api.entrypoints={{ matrix_conduit_container_labels_public_federation_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduit-federation-api.tls={{ matrix_conduit_container_labels_public_federation_api_traefik_tls | to_json }} | |||
| {% if matrix_conduit_container_labels_federation_api_traefik_tls %} | |||
| traefik.http.routers.matrix-conduit-federation-api.tls.certResolver={{ matrix_conduit_container_labels_federation_api_traefik_tls_certResolver }} | |||
| {% if matrix_conduit_container_labels_public_federation_api_traefik_tls %} | |||
| traefik.http.routers.matrix-conduit-federation-api.tls.certResolver={{ matrix_conduit_container_labels_public_federation_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Federation-API (/_matrix) | |||
| /Public Federation-API (/_matrix) | |||
| #} | |||
| {% endif %} | |||
+ 60
- 60
roles/custom/matrix-dendrite/defaults/main.yml
Просмотреть файл
| @@ -69,71 +69,71 @@ matrix_dendrite_container_labels_traefik_docker_network: "{{ matrix_dendrite_con | |||
| matrix_dendrite_container_labels_traefik_entrypoints: web-secure | |||
| matrix_dendrite_container_labels_traefik_tls_certResolver: default # noqa var-naming | |||
| # Controls whether labels will be added for handling the root (/) path | |||
| matrix_dendrite_container_labels_client_root_enabled: true | |||
| matrix_dendrite_container_labels_client_root_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_client_root_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_client_root_traefik_hostname }}`) && Path(`/`)" | |||
| matrix_dendrite_container_labels_client_root_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_client_root_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_client_root_traefik_tls: "{{ matrix_dendrite_container_labels_client_root_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_client_root_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_dendrite_container_labels_client_root_redirection_enabled: false | |||
| matrix_dendrite_container_labels_client_root_redirection_url: "" | |||
| # Controls whether labels will be added that expose the Client-Server API. | |||
| matrix_dendrite_container_labels_client_api_enabled: true | |||
| matrix_dendrite_container_labels_client_api_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_client_api_traefik_path_prefix: /_matrix | |||
| matrix_dendrite_container_labels_client_api_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_dendrite_container_labels_client_api_traefik_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_client_api_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_client_api_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_client_api_traefik_tls: "{{ matrix_dendrite_container_labels_client_api_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_client_api_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the /_synapse/admin paths. | |||
| # Controls whether labels will be added for handling the root (/) path on a public Traefik entrypoint. | |||
| matrix_dendrite_container_labels_public_client_root_enabled: true | |||
| matrix_dendrite_container_labels_public_client_root_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_public_client_root_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_public_client_root_traefik_hostname }}`) && Path(`/`)" | |||
| matrix_dendrite_container_labels_public_client_root_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_public_client_root_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_public_client_root_traefik_tls: "{{ matrix_dendrite_container_labels_public_client_root_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_public_client_root_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_dendrite_container_labels_public_client_root_redirection_enabled: false | |||
| matrix_dendrite_container_labels_public_client_root_redirection_url: "" | |||
| # Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint. | |||
| matrix_dendrite_container_labels_public_client_api_enabled: true | |||
| matrix_dendrite_container_labels_public_client_api_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_public_client_api_traefik_path_prefix: /_matrix | |||
| matrix_dendrite_container_labels_public_client_api_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_public_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_dendrite_container_labels_public_client_api_traefik_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_public_client_api_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_public_client_api_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_public_client_api_traefik_tls: "{{ matrix_dendrite_container_labels_public_client_api_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the /_synapse/admin paths on a public Traefik entrypoint. | |||
| # Following these recommendations (https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md), by default, we don't. | |||
| # Dendrite exposes some admin APIs under a Synapse-specific prefix. | |||
| # See: https://matrix-org.github.io/dendrite/administration/adminapi | |||
| matrix_dendrite_container_labels_client_synapse_admin_api_enabled: false | |||
| matrix_dendrite_container_labels_client_synapse_admin_api_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_client_synapse_admin_api_traefik_path_prefix: /_synapse/admin | |||
| matrix_dendrite_container_labels_client_synapse_admin_api_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_client_synapse_admin_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_dendrite_container_labels_client_synapse_admin_api_traefik_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_client_synapse_admin_api_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_client_synapse_admin_api_traefik_tls: "{{ matrix_dendrite_container_labels_client_synapse_admin_api_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_client_synapse_admin_api_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the /_dendrite/admin paths. | |||
| matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: false | |||
| matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_path_prefix: /_synapse/admin | |||
| matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls: "{{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the /_dendrite/admin paths on a public Traefik entrypoint. | |||
| # See: https://matrix-org.github.io/dendrite/administration/adminapi | |||
| matrix_dendrite_container_labels_client_dendrite_admin_api_enabled: false | |||
| matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_path_prefix: /_dendrite/admin | |||
| matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_tls: "{{ matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the Server-Server API (Federation API). | |||
| matrix_dendrite_container_labels_federation_api_enabled: "{{ matrix_dendrite_federation_enabled }}" | |||
| matrix_dendrite_container_labels_federation_api_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_federation_api_traefik_path_prefix: /_matrix | |||
| matrix_dendrite_container_labels_federation_api_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_dendrite_container_labels_federation_api_traefik_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_federation_api_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_federation_api_traefik_entrypoints: '' | |||
| matrix_dendrite_container_labels_federation_api_traefik_tls: "{{ matrix_dendrite_container_labels_federation_api_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_federation_api_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose mautrix-facebook's metrics | |||
| matrix_dendrite_container_labels_metrics_enabled: "{{ matrix_dendrite_metrics_enabled and matrix_dendrite_metrics_proxying_enabled }}" | |||
| matrix_dendrite_container_labels_metrics_traefik_rule: "Host(`{{ matrix_dendrite_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_dendrite_metrics_proxying_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_metrics_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_metrics_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_metrics_traefik_tls: "{{ matrix_dendrite_container_labels_metrics_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_metrics_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_dendrite_container_labels_metrics_middleware_basic_auth_enabled: false | |||
| matrix_dendrite_container_labels_public_client_dendrite_admin_api_enabled: false | |||
| matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_path_prefix: /_dendrite/admin | |||
| matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls: "{{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the Server-Server API (Federation API) on a public Traefik entrypoint. | |||
| matrix_dendrite_container_labels_public_federation_api_enabled: "{{ matrix_dendrite_federation_enabled }}" | |||
| matrix_dendrite_container_labels_public_federation_api_traefik_hostname: "{{ matrix_dendrite_hostname }}" | |||
| matrix_dendrite_container_labels_public_federation_api_traefik_path_prefix: /_matrix | |||
| matrix_dendrite_container_labels_public_federation_api_traefik_rule: "Host(`{{ matrix_dendrite_container_labels_public_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_dendrite_container_labels_public_federation_api_traefik_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_public_federation_api_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints: '' | |||
| matrix_dendrite_container_labels_public_federation_api_traefik_tls: "{{ matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose Dendrite's metrics on a public Traefik entrypoint. | |||
| matrix_dendrite_container_labels_public_metrics_enabled: "{{ matrix_dendrite_metrics_enabled and matrix_dendrite_metrics_proxying_enabled }}" | |||
| matrix_dendrite_container_labels_public_metrics_traefik_rule: "Host(`{{ matrix_dendrite_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_dendrite_metrics_proxying_path_prefix }}`)" | |||
| matrix_dendrite_container_labels_public_metrics_traefik_priority: 0 | |||
| matrix_dendrite_container_labels_public_metrics_traefik_entrypoints: "{{ matrix_dendrite_container_labels_traefik_entrypoints }}" | |||
| matrix_dendrite_container_labels_public_metrics_traefik_tls: "{{ matrix_dendrite_container_labels_public_metrics_traefik_entrypoints != 'web' }}" | |||
| matrix_dendrite_container_labels_public_metrics_traefik_tls_certResolver: "{{ matrix_dendrite_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_enabled: false | |||
| # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users | |||
| matrix_dendrite_container_labels_metrics_middleware_basic_auth_users: '' | |||
| matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_users: '' | |||
| # matrix_dendrite_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. | |||
| # See `../templates/labels.j2` for details. | |||
+ 64
- 64
roles/custom/matrix-dendrite/templates/labels.j2
Просмотреть файл
| @@ -9,175 +9,175 @@ traefik.http.services.matrix-dendrite.loadbalancer.server.port={{ matrix_dendrit | |||
| {# | |||
| Root path (/) | |||
| Public Root path (/) | |||
| #} | |||
| {% if matrix_dendrite_container_labels_client_root_enabled %} | |||
| {% if matrix_dendrite_container_labels_public_client_root_enabled %} | |||
| {% set client_root_middlewares = [] %} | |||
| {% if matrix_dendrite_container_labels_client_root_redirection_enabled %} | |||
| {% if matrix_dendrite_container_labels_public_client_root_redirection_enabled %} | |||
| {% set client_root_middlewares = client_root_middlewares + ['matrix-dendrite-client-root-redirect'] %} | |||
| traefik.http.middlewares.matrix-dendrite-client-root-redirect.redirectregex.regex=(.*) | |||
| traefik.http.middlewares.matrix-dendrite-client-root-redirect.redirectregex.replacement={{ matrix_dendrite_container_labels_client_root_redirection_url }} | |||
| traefik.http.middlewares.matrix-dendrite-client-root-redirect.redirectregex.replacement={{ matrix_dendrite_container_labels_public_client_root_redirection_url }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-dendrite-client-root.rule={{ matrix_dendrite_container_labels_client_root_traefik_rule }} | |||
| traefik.http.routers.matrix-dendrite-client-root.rule={{ matrix_dendrite_container_labels_public_client_root_traefik_rule }} | |||
| traefik.http.routers.matrix-dendrite-client-root.middlewares={{ client_root_middlewares | join(',') }} | |||
| {% if matrix_dendrite_container_labels_client_root_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-client-root.priority={{ matrix_dendrite_container_labels_client_root_traefik_priority }} | |||
| {% if matrix_dendrite_container_labels_public_client_root_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-client-root.priority={{ matrix_dendrite_container_labels_public_client_root_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-dendrite-client-root.service=matrix-dendrite | |||
| traefik.http.routers.matrix-dendrite-client-root.entrypoints={{ matrix_dendrite_container_labels_client_root_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-client-root.tls={{ matrix_dendrite_container_labels_client_root_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-dendrite-client-root.entrypoints={{ matrix_dendrite_container_labels_public_client_root_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-client-root.tls={{ matrix_dendrite_container_labels_public_client_root_traefik_tls | to_json }} | |||
| {% if matrix_dendrite_container_labels_client_root_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-client-root.tls.certResolver={{ matrix_dendrite_container_labels_client_root_traefik_tls_certResolver }} | |||
| {% if matrix_dendrite_container_labels_public_client_root_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-client-root.tls.certResolver={{ matrix_dendrite_container_labels_public_client_root_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Root path (/) | |||
| /Public Root path (/) | |||
| #} | |||
| {# | |||
| Client-API (/_matrix) | |||
| Public Client-API (/_matrix) | |||
| #} | |||
| {% if matrix_dendrite_container_labels_client_api_enabled %} | |||
| {% if matrix_dendrite_container_labels_public_client_api_enabled %} | |||
| traefik.http.routers.matrix-dendrite-client-api.rule={{ matrix_dendrite_container_labels_client_api_traefik_rule }} | |||
| traefik.http.routers.matrix-dendrite-client-api.rule={{ matrix_dendrite_container_labels_public_client_api_traefik_rule }} | |||
| {% if matrix_dendrite_container_labels_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-client-api.priority={{ matrix_dendrite_container_labels_client_api_traefik_priority }} | |||
| {% if matrix_dendrite_container_labels_public_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-client-api.priority={{ matrix_dendrite_container_labels_public_client_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-dendrite-client-api.service=matrix-dendrite | |||
| traefik.http.routers.matrix-dendrite-client-api.entrypoints={{ matrix_dendrite_container_labels_client_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-client-api.tls={{ matrix_dendrite_container_labels_client_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-dendrite-client-api.entrypoints={{ matrix_dendrite_container_labels_public_client_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-client-api.tls={{ matrix_dendrite_container_labels_public_client_api_traefik_tls | to_json }} | |||
| {% if matrix_dendrite_container_labels_client_api_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-client-api.tls.certResolver={{ matrix_dendrite_container_labels_client_api_traefik_tls_certResolver }} | |||
| {% if matrix_dendrite_container_labels_public_client_api_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-client-api.tls.certResolver={{ matrix_dendrite_container_labels_public_client_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Client-API (/_matrix) | |||
| /Public Client-API (/_matrix) | |||
| #} | |||
| {# | |||
| Synapse Admin API (/_synapse/admin) | |||
| Public Synapse Admin API (/_synapse/admin) | |||
| #} | |||
| {% if matrix_dendrite_container_labels_client_synapse_admin_api_enabled %} | |||
| {% if matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.rule={{ matrix_dendrite_container_labels_client_synapse_admin_api_traefik_rule }} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.rule={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_rule }} | |||
| {% if matrix_dendrite_container_labels_client_synapse_admin_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.priority={{ matrix_dendrite_container_labels_client_synapse_admin_api_traefik_priority }} | |||
| {% if matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.priority={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.service=matrix-dendrite | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.entrypoints={{ matrix_dendrite_container_labels_client_synapse_admin_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls={{ matrix_dendrite_container_labels_client_synapse_admin_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.entrypoints={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls | to_json }} | |||
| {% if matrix_dendrite_container_labels_client_synapse_admin_api_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls.certResolver={{ matrix_dendrite_container_labels_client_synapse_admin_api_traefik_tls_certResolver }} | |||
| {% if matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls.certResolver={{ matrix_dendrite_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Synapse Admin API (/_synapse/admin) | |||
| /Public Synapse Admin API (/_synapse/admin) | |||
| #} | |||
| {# | |||
| Dendrite Admin API (/_dendrite/admin) | |||
| Public Dendrite Admin API (/_dendrite/admin) | |||
| #} | |||
| {% if matrix_dendrite_container_labels_client_dendrite_admin_api_enabled %} | |||
| {% if matrix_dendrite_container_labels_public_client_dendrite_admin_api_enabled %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.rule={{ matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_rule }} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.rule={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_rule }} | |||
| {% if matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.priority={{ matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_priority }} | |||
| {% if matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.priority={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.service=matrix-dendrite | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.entrypoints={{ matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls={{ matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.entrypoints={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls | to_json }} | |||
| {% if matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls.certResolver={{ matrix_dendrite_container_labels_client_dendrite_admin_api_traefik_tls_certResolver }} | |||
| {% if matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-client-synapse-admin-api.tls.certResolver={{ matrix_dendrite_container_labels_public_client_dendrite_admin_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Dendrite Admin API (/_dendrite/admin) | |||
| /Public Dendrite Admin API (/_dendrite/admin) | |||
| #} | |||
| {# | |||
| Federation-API (/_matrix) | |||
| Public Federation-API (/_matrix) | |||
| #} | |||
| {% if matrix_dendrite_container_labels_federation_api_enabled %} | |||
| {% if matrix_dendrite_container_labels_public_federation_api_enabled %} | |||
| traefik.http.routers.matrix-dendrite-federation-api.rule={{ matrix_dendrite_container_labels_federation_api_traefik_rule }} | |||
| traefik.http.routers.matrix-dendrite-federation-api.rule={{ matrix_dendrite_container_labels_public_federation_api_traefik_rule }} | |||
| {% if matrix_dendrite_container_labels_federation_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-federation-api.priority={{ matrix_dendrite_container_labels_federation_api_traefik_priority }} | |||
| {% if matrix_dendrite_container_labels_public_federation_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-federation-api.priority={{ matrix_dendrite_container_labels_public_federation_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-dendrite-federation-api.service=matrix-dendrite | |||
| traefik.http.routers.matrix-dendrite-federation-api.entrypoints={{ matrix_dendrite_container_labels_federation_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-federation-api.tls={{ matrix_dendrite_container_labels_federation_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-dendrite-federation-api.entrypoints={{ matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-federation-api.tls={{ matrix_dendrite_container_labels_public_federation_api_traefik_tls | to_json }} | |||
| {% if matrix_dendrite_container_labels_federation_api_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-federation-api.tls.certResolver={{ matrix_dendrite_container_labels_federation_api_traefik_tls_certResolver }} | |||
| {% if matrix_dendrite_container_labels_public_federation_api_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-federation-api.tls.certResolver={{ matrix_dendrite_container_labels_public_federation_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Federation-API (/_matrix) | |||
| /Public Federation-API (/_matrix) | |||
| #} | |||
| {# | |||
| Metrics | |||
| Public Metrics | |||
| #} | |||
| {% if matrix_dendrite_container_labels_metrics_enabled %} | |||
| {% if matrix_dendrite_container_labels_public_metrics_enabled %} | |||
| {% set metrics_middlewares = [] %} | |||
| {% if matrix_dendrite_container_labels_metrics_middleware_basic_auth_enabled %} | |||
| {% if matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_enabled %} | |||
| {% set metrics_middlewares = metrics_middlewares + ['matrix-dendrite-metrics-basic-auth'] %} | |||
| traefik.http.middlewares.matrix-dendrite-metrics-basic-auth.basicauth.users={{ matrix_dendrite_container_labels_metrics_middleware_basic_auth_users }} | |||
| traefik.http.middlewares.matrix-dendrite-metrics-basic-auth.basicauth.users={{ matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_users }} | |||
| {% endif %} | |||
| {% set metrics_middlewares = metrics_middlewares + ['matrix-dendrite-metrics-replacepath'] %} | |||
| traefik.http.middlewares.matrix-dendrite-metrics-replacepath.replacepath.path=/metrics | |||
| traefik.http.routers.matrix-dendrite-metrics.rule={{ matrix_dendrite_container_labels_metrics_traefik_rule }} | |||
| traefik.http.routers.matrix-dendrite-metrics.rule={{ matrix_dendrite_container_labels_public_metrics_traefik_rule }} | |||
| {% if metrics_middlewares | length > 0 %} | |||
| traefik.http.routers.matrix-dendrite-metrics.middlewares={{ metrics_middlewares | join(',') }} | |||
| {% endif %} | |||
| {% if matrix_dendrite_container_labels_metrics_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-metrics.priority={{ matrix_dendrite_container_labels_metrics_traefik_priority }} | |||
| {% if matrix_dendrite_container_labels_public_metrics_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-dendrite-metrics.priority={{ matrix_dendrite_container_labels_public_metrics_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-dendrite-metrics.service=matrix-dendrite | |||
| traefik.http.routers.matrix-dendrite-metrics.entrypoints={{ matrix_dendrite_container_labels_metrics_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-metrics.entrypoints={{ matrix_dendrite_container_labels_public_metrics_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-dendrite-metrics.tls={{ matrix_dendrite_container_labels_metrics_traefik_tls | to_json }} | |||
| {% if matrix_dendrite_container_labels_metrics_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-metrics.tls.certResolver={{ matrix_dendrite_container_labels_metrics_traefik_tls_certResolver }} | |||
| traefik.http.routers.matrix-dendrite-metrics.tls={{ matrix_dendrite_container_labels_public_metrics_traefik_tls | to_json }} | |||
| {% if matrix_dendrite_container_labels_public_metrics_traefik_tls %} | |||
| traefik.http.routers.matrix-dendrite-metrics.tls.certResolver={{ matrix_dendrite_container_labels_public_metrics_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Metrics | |||
| /Public Metrics | |||
| #} | |||
| {% endif %} | |||
+ 40
- 40
roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
Просмотреть файл
| @@ -62,56 +62,56 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver | |||
| matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: '' | |||
| # Controls whether labels will be added that expose the Client-Server API. | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_api_enabled: true | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_path_prefix: /_matrix | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_enabled: true | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_path_prefix: /_matrix | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the /_synapse/client paths | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_enabled: true | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_path_prefix: /_synapse/client | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: true | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_path_prefix: /_synapse/client | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the /_synapse/oidc paths | |||
| # Enable this if you need OpenID Connect authentication support. | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_enabled: false | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_path_prefix: /_synapse/oidc | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled: false | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_path_prefix: /_synapse/oidc | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the /_synapse/admin paths | |||
| # Following these recommendations (https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md), by default, we don't. | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_enabled: false | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_path_prefix: /_synapse/admin | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: false | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_path_prefix: /_synapse/admin | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the Server-Server API (Federation API). | |||
| matrix_synapse_reverse_proxy_companion_container_labels_federation_api_enabled: "{{ matrix_synapse_reverse_proxy_companion_federation_api_enabled }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_path_prefix: /_matrix | |||
| matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_entrypoints: '' | |||
| matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled: "{{ matrix_synapse_reverse_proxy_companion_federation_api_enabled }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_path_prefix: /_matrix | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_rule: "Host(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_path_prefix }}`)" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_priority: 0 | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: '' | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # matrix_synapse_reverse_proxy_companion_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. | |||
| # See `../templates/labels.j2` for details. | |||
+ 6
- 6
roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml
Просмотреть файл
| @@ -8,11 +8,11 @@ | |||
| with_items: | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_network', when: true} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_entrypoints', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled }}"} | |||
| - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled }}"} | |||
+ 50
- 50
roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2
Просмотреть файл
| @@ -10,127 +10,127 @@ traefik.http.services.matrix-synapse-reverse-proxy-companion-federation-api.load | |||
| {# | |||
| Client-API (/_matrix) | |||
| Public Client-API (/_matrix) | |||
| #} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_api_enabled %} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_enabled %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_rule }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_rule }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_priority }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.service=matrix-synapse-reverse-proxy-companion-client-api | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls | to_json }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_client_api_traefik_tls_certResolver }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Client-API (/_matrix) | |||
| /Public Client-API (/_matrix) | |||
| #} | |||
| {# | |||
| Synapse Admin API (/_synapse/client) | |||
| Public Synapse Admin API (/_synapse/client) | |||
| #} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_enabled %} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_rule }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_rule }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_priority }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.service=matrix-synapse-reverse-proxy-companion-client-api | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls | to_json }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_client_api_traefik_tls_certResolver }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Synapse Admin API (/_synapse/client) | |||
| /Public Synapse Admin API (/_synapse/client) | |||
| #} | |||
| {# | |||
| Synapse OIDC API (/_synapse/oidc) | |||
| Public Synapse OIDC API (/_synapse/oidc) | |||
| #} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_enabled %} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_rule }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_rule }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_priority }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.service=matrix-synapse-reverse-proxy-companion-client-api | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls | to_json }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_oidc_api_traefik_tls_certResolver }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Synapse OIDC API (/_synapse/oidc) | |||
| /Public Synapse OIDC API (/_synapse/oidc) | |||
| #} | |||
| {# | |||
| Synapse Admin API (/_synapse/admin) | |||
| Public Synapse Admin API (/_synapse/admin) | |||
| #} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_enabled %} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_rule }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_rule }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_priority }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.service=matrix-synapse-reverse-proxy-companion-client-api | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls | to_json }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_client_synapse_admin_api_traefik_tls_certResolver }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Synapse Admin API (/_synapse/admin) | |||
| /Public Synapse Admin API (/_synapse/admin) | |||
| #} | |||
| {# | |||
| Federation-API (/_matrix) | |||
| Public Federation-API (/_matrix) | |||
| #} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_federation_api_enabled %} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_rule }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_rule }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_priority }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.service=matrix-synapse-reverse-proxy-companion-federation-api | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_tls | to_json }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls | to_json }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_federation_api_traefik_tls_certResolver }} | |||
| {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls %} | |||
| traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {# | |||
| /Federation-API (/_matrix) | |||
| /Public Federation-API (/_matrix) | |||
| #} | |||
| {% endif %} | |||
+ 9
- 9
roles/custom/matrix-synapse/defaults/main.yml
Просмотреть файл
| @@ -712,17 +712,17 @@ matrix_synapse_worker_container_labels_traefik_tls_certResolver: "{{ matrix_syna | |||
| matrix_synapse_worker_container_labels_traefik_hostname: "{{ matrix_synapse_container_labels_traefik_hostname }}" | |||
| # Controls whether labels will be added that expose metrics (see `matrix_synapse_metrics_proxying_enabled`) | |||
| matrix_synapse_worker_container_labels_metrics_enabled: "{{ matrix_synapse_metrics_enabled and matrix_synapse_metrics_proxying_enabled }}" | |||
| matrix_synapse_worker_container_labels_public_metrics_enabled: "{{ matrix_synapse_metrics_enabled and matrix_synapse_metrics_proxying_enabled }}" | |||
| # The `__WORKER_ID__` placeholder will be replaced with the actual worker id during label-file generation (see `../templates/worker-labels.j2`). | |||
| matrix_synapse_worker_container_labels_metrics_traefik_path: "{{ matrix_synapse_metrics_proxying_path_prefix }}/__WORKER_ID__" | |||
| matrix_synapse_worker_container_labels_metrics_traefik_rule: "Host(`{{ matrix_synapse_metrics_proxying_hostname }}`) && Path(`{{ matrix_synapse_worker_container_labels_metrics_traefik_path }}`)" | |||
| matrix_synapse_worker_container_labels_metrics_traefik_priority: 0 | |||
| matrix_synapse_worker_container_labels_metrics_traefik_entrypoints: "{{ matrix_synapse_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_worker_container_labels_metrics_traefik_tls: "{{ matrix_synapse_container_labels_public_metrics_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_worker_container_labels_metrics_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_synapse_worker_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_synapse_container_labels_public_metrics_middleware_basic_auth_enabled }}" | |||
| matrix_synapse_worker_container_labels_public_metrics_traefik_path: "{{ matrix_synapse_metrics_proxying_path_prefix }}/__WORKER_ID__" | |||
| matrix_synapse_worker_container_labels_public_metrics_traefik_rule: "Host(`{{ matrix_synapse_metrics_proxying_hostname }}`) && Path(`{{ matrix_synapse_worker_container_labels_public_metrics_traefik_path }}`)" | |||
| matrix_synapse_worker_container_labels_public_metrics_traefik_priority: 0 | |||
| matrix_synapse_worker_container_labels_public_metrics_traefik_entrypoints: "{{ matrix_synapse_container_labels_traefik_entrypoints }}" | |||
| matrix_synapse_worker_container_labels_public_metrics_traefik_tls: "{{ matrix_synapse_container_labels_public_metrics_traefik_entrypoints != 'web' }}" | |||
| matrix_synapse_worker_container_labels_public_metrics_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_synapse_worker_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_synapse_container_labels_public_metrics_middleware_basic_auth_enabled }}" | |||
| # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users | |||
| matrix_synapse_worker_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users }}" | |||
| matrix_synapse_worker_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users }}" | |||
| # matrix_synapse_worker_container_labels_additional_labels contains a multiline string with additional labels to add to the label files for Synapse worker containers. | |||
| # See `../templates/labels.j2` for details. | |||
+ 1
- 1
roles/custom/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2
Просмотреть файл
| @@ -27,7 +27,7 @@ scrape_configs: | |||
| - job_name: '{{ worker.name }}' | |||
| metrics_path: /metrics/synapse/worker/{{ worker.id }} | |||
| scheme: https | |||
| {% if matrix_synapse_worker_container_labels_metrics_middleware_basic_auth_enabled|default(true) %} | |||
| {% if matrix_synapse_worker_container_labels_public_metrics_middleware_basic_auth_enabled|default(true) %} | |||
| basic_auth: | |||
| username: prometheus | |||
| password_file: /path/to/your/passwordfile.pwd | |||
+ 10
- 10
roles/custom/matrix-synapse/templates/synapse/worker-labels.j2
Просмотреть файл
| @@ -10,34 +10,34 @@ traefik.http.services.{{ matrix_synapse_worker_container_name }}-metrics.loadbal | |||
| {# | |||
| Metrics (e.g. /metrics/synapse/__WORKER_ID__) | |||
| #} | |||
| {% if matrix_synapse_worker_container_labels_metrics_enabled %} | |||
| {% if matrix_synapse_worker_container_labels_public_metrics_enabled %} | |||
| {% set metrics_middlewares = [] %} | |||
| {% if matrix_synapse_worker_container_labels_metrics_middleware_basic_auth_enabled %} | |||
| {% if matrix_synapse_worker_container_labels_public_metrics_middleware_basic_auth_enabled %} | |||
| {% set metrics_middlewares = metrics_middlewares + [matrix_synapse_worker_container_name + '-metrics-basic-auth'] %} | |||
| traefik.http.middlewares.{{ matrix_synapse_worker_container_name }}-metrics-basic-auth.basicauth.users={{ matrix_synapse_worker_container_labels_metrics_middleware_basic_auth_users }} | |||
| traefik.http.middlewares.{{ matrix_synapse_worker_container_name }}-metrics-basic-auth.basicauth.users={{ matrix_synapse_worker_container_labels_public_metrics_middleware_basic_auth_users }} | |||
| {% endif %} | |||
| {% set metrics_middlewares = metrics_middlewares + [matrix_synapse_worker_container_name + '-metrics-replacepath'] %} | |||
| traefik.http.middlewares.{{ matrix_synapse_worker_container_name }}-metrics-replacepath.replacepath.path=/_synapse/metrics | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.rule={{ matrix_synapse_worker_container_labels_metrics_traefik_rule | replace('__WORKER_ID__', matrix_synapse_worker_details.id) }} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.rule={{ matrix_synapse_worker_container_labels_public_metrics_traefik_rule | replace('__WORKER_ID__', matrix_synapse_worker_details.id) }} | |||
| {% if metrics_middlewares | length > 0 %} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.middlewares={{ metrics_middlewares | join(',') }} | |||
| {% endif %} | |||
| {% if matrix_synapse_worker_container_labels_metrics_traefik_priority | int > 0 %} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.priority={{ matrix_synapse_worker_container_labels_metrics_traefik_priority }} | |||
| {% if matrix_synapse_worker_container_labels_public_metrics_traefik_priority | int > 0 %} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.priority={{ matrix_synapse_worker_container_labels_public_metrics_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.service={{ matrix_synapse_worker_container_name }}-metrics | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.entrypoints={{ matrix_synapse_worker_container_labels_metrics_traefik_entrypoints }} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.entrypoints={{ matrix_synapse_worker_container_labels_public_metrics_traefik_entrypoints }} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.tls={{ matrix_synapse_worker_container_labels_metrics_traefik_tls | to_json }} | |||
| {% if matrix_synapse_worker_container_labels_metrics_traefik_tls %} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.tls.certResolver={{ matrix_synapse_worker_container_labels_metrics_traefik_tls_certResolver }} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.tls={{ matrix_synapse_worker_container_labels_public_metrics_traefik_tls | to_json }} | |||
| {% if matrix_synapse_worker_container_labels_public_metrics_traefik_tls %} | |||
| traefik.http.routers.{{ matrix_synapse_worker_container_name }}-metrics.tls.certResolver={{ matrix_synapse_worker_container_labels_public_metrics_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| {% endif %} | |||
+ 2
- 2
roles/custom/matrix_playbook_migration/tasks/validate_config.yml
Просмотреть файл
| @@ -107,7 +107,7 @@ | |||
| - {'old': 'matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled', 'new': '<superseded by matrix_ma1sd_container_labels_matrix_client_3pid_registration_path>'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_conduit_enabled', 'new': 'matrix_conduit_container_labels_traefik_enabled'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_conduit_block_federation_api_on_client_port', 'new': '<not supported anymore - the /_matrix/federation endpoints are now also being served on the Client-Server API port>'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_conduit_federation_api_enabled', 'new': 'matrix_conduit_container_labels_federation_api_enabled'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_conduit_federation_api_enabled', 'new': 'matrix_conduit_container_labels_public_federation_api_enabled'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_conduit_client_api_addr_with_container', 'new': '<removed>'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_conduit_client_api_addr_sans_container', 'new': '<removed>'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_conduit_federation_api_addr_with_container', 'new': '<removed>'} | |||
| @@ -115,7 +115,7 @@ | |||
| - {'old': 'matrix_nginx_proxy_proxy_conduit_additional_server_configuration_blocks', 'new': '<removed>'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_dendrite_enabled', 'new': 'matrix_dendrite_container_labels_traefik_enabled'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_dendrite_block_federation_api_on_client_port', 'new': '<not supported anymore - the /_matrix/federation endpoints are now also being served on the Client-Server API port>'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_dendrite_federation_api_enabled', 'new': 'matrix_dendrite_container_labels_federation_api_enabled'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_dendrite_federation_api_enabled', 'new': 'matrix_dendrite_container_labels_public_federation_api_enabled'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container', 'new': '<removed>'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container', 'new': '<removed>'} | |||
| - {'old': 'matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container', 'new': '<removed>'} | |||