Merge branch 'master' into matrix-federation-api-port

hace 4 años · dc4452ac21
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1047,6 +1047,8 @@ matrix_dimension_enabled: false
 # the Dimension HTTP port to the local host.
 matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8184' }}"

 matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{matrix_synapse_container_federation_port|string}}"

 matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}"
 matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}"

@@ -1306,6 +1308,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1
 # Settings controlling matrix-synapse-proxy.conf
 matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"

 matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_port|string}}"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_port|string}}"

 # When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter.
 matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}"

@@ -1720,7 +1725,7 @@ matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + m
 matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}"
 #
 # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host.
 matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
 matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_port|string }}"
 #
 # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
 matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
--- a/roles/matrix-dimension/defaults/main.yml
+++ b/roles/matrix-dimension/defaults/main.yml
@@ -39,7 +39,7 @@ matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension
 matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"]
 matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"

 matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048"
 matrix_dimension_homeserver_federationUrl: ""


 # Database-related configuration fields.
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -115,9 +115,10 @@ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname: "riot.{{ matrix_domain }
 matrix_nginx_proxy_proxy_synapse_enabled: false
 matrix_nginx_proxy_proxy_synapse_hostname: "matrix-nginx-proxy"
 matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}"

 # The addresses where the Federation API is, when using Synapse.
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:8048"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:8048"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: ""
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: ""

 # Controls whether proxying the Element domain should be done.
 matrix_nginx_proxy_proxy_element_enabled: false
--- a/roles/matrix-nginx-proxy/tasks/validate_config.yml
+++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml
@@ -43,5 +43,7 @@
        msg: "The `{{ item }}` variable must be defined and have a non-null value"
      with_items:
        - "matrix_ssl_lets_encrypt_support_email"
        - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container"
        - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container"
      when: "vars[item] == '' or vars[item] is none"
  when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -27,7 +27,9 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
 matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
 matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"

 matrix_synapse_container_federation_api_port: 8448
 matrix_synapse_container_federation_api_port: 8448

 matrix_synapse_container_federation_port: 8048

 # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container).
 #
@@ -148,7 +150,7 @@ matrix_synapse_federation_rr_transactions_per_room_per_second: 50

 # Controls whether the TLS federation listener is enabled (tcp/8448).
 # Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`).
 # Note that federation may potentially be enabled as non-TLS on tcp/8048 as well.
 # Note that federation may potentially be enabled as non-TLS on `matrix_synapse_container_federation_port` as well.
 # If you're serving Synapse behind an HTTPS-capable reverse-proxy,
 # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`).
 matrix_synapse_tls_federation_listener_enabled: true
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -302,7 +302,7 @@ listeners:
 {% if matrix_synapse_federation_port_enabled %}
  # Unsecure HTTP listener (Federation API): for when matrix traffic passes through a reverse proxy
  # that unwraps TLS.
  - port: 8048
  - port: {{ matrix_synapse_container_default_federation_port|to_json }}
    tls: false
    bind_addresses: ['::']
    type: http
--- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2
+++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2
@@ -46,7 +46,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
 			-p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_port }} \
 			{% endif %}
 			{% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %}
 			-p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:8048 \
 			-p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:{{ matrix_synapse_container_federation_port }} \
 			{% endif %}
 			{% if matrix_synapse_metrics_enabled and matrix_synapse_container_metrics_api_host_bind_port %}
 			-p {{ matrix_synapse_container_metrics_api_host_bind_port }}:{{ matrix_synapse_metrics_port }} \