Add some variables for controlling `x_forwarded` settings for Synapse listeners

пре 5 месеци · d8eed6bfd3
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -135,10 +135,22 @@ matrix_synapse_ext_s3_storage_provider_data_path: "{{ matrix_synapse_ext_s3_stor

 matrix_synapse_container_client_api_port: 8008

 # Controls the `x_forwarded` setting for the "Insecure HTTP listener (Client API)".
 # We default this to `true`, because such insecure HTTP listeners are most likely behind a reverse-proxy (that handles TLS).
 matrix_synapse_container_client_api_x_forwarded: true

 matrix_synapse_container_federation_api_tls_port: 8448

 # Controls the `x_forwarded` setting for the "TLS-enabled federation listener".
 # We default this to `false`, because TLS-enabled listeners are likely to be exposed directly (instead of being behind a reverse-proxy).
 matrix_synapse_container_federation_api_tls_x_forwarded: false

 matrix_synapse_container_federation_api_plain_port: 8048

 # Controls the `x_forwarded` setting for the "Insecure federation listener".
 # We default this to `true`, because such insecure HTTP listeners are most likely behind a reverse-proxy (that handles TLS).
 matrix_synapse_container_federation_api_plain_x_forwarded: true

 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_synapse_container_network: ''

@@ -838,6 +850,10 @@ matrix_synapse_manhole_enabled: false
 # Enable support for Synapse workers
 matrix_synapse_workers_enabled: false

 # Controls the `x_forwarded` setting for the main `http` listener for Synapse workers.
 # We default this to `true`, because such insecure HTTP listeners are most likely behind a reverse-proxy (that handles TLS).
 matrix_synapse_worker_listeners_http_main_x_forwarded: true

 # Specifies worker configuration that should be used when workers are enabled.
 #
 # The possible values (as seen in `matrix_synapse_workers_presets`) are:
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -298,7 +298,7 @@ listeners:
    tls: true
    bind_addresses: ['::']
    type: http
    x_forwarded: false
    x_forwarded: {{ matrix_synapse_container_federation_api_tls_x_forwarded | to_json }}

    resources:
      - names: {{ matrix_synapse_federation_listener_resource_names|to_json }}
@@ -311,7 +311,7 @@ listeners:
    tls: false
    bind_addresses: ['::']
    type: http
    x_forwarded: true
    x_forwarded: {{ matrix_synapse_container_client_api_x_forwarded | to_json }}

    resources:
      - names: {{ matrix_synapse_http_listener_resource_names|to_json }}
@@ -324,7 +324,7 @@ listeners:
    tls: false
    bind_addresses: ['::']
    type: http
    x_forwarded: true
    x_forwarded: {{ matrix_synapse_container_federation_api_plain_x_forwarded | to_json }}

    resources:
      - names: {{ matrix_synapse_federation_listener_resource_names|to_json }}
--- a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2
@@ -46,7 +46,7 @@ worker_listeners:
 {% if http_resources|length > 0 %}
  - type: http
    bind_addresses: ['::']
    x_forwarded: true
    x_forwarded: {{ matrix_synapse_worker_listeners_http_main_x_forwarded | to_json }}
    port: {{ matrix_synapse_worker_details.port }}
    resources:
      - names: {{ http_resources|to_json }}