From 5ab5f28d14c442091192c7c0ad3d4a64f64003d6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Feb 2023 08:42:50 +0200 Subject: [PATCH] Add support for running synapse-admin (on Traefik) at the root path Previously, we had to run it at a subpath, like `/synapse-admin`. We can now dedicate a whole domain and the `/` path to it, should we wish to do so. --- .../custom/matrix-synapse-admin/defaults/main.yml | 4 ++-- .../matrix-synapse-admin/tasks/validate_config.yml | 5 ++--- .../matrix-synapse-admin/templates/labels.j2 | 14 ++++++++++++-- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index 11b89818..cb64b549 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -37,9 +37,9 @@ matrix_synapse_admin_container_extra_arguments: [] matrix_synapse_admin_container_labels_traefik_enabled: true matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_synapse_admin_container_network }}" matrix_synapse_admin_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}" -# The path prefix must not end with a slash +# The path prefix must either be `/` or not end with a slash (e.g. `/synapse-admin`). matrix_synapse_admin_container_labels_traefik_path_prefix: /synapse-admin -matrix_synapse_admin_container_labels_traefik_rule: "Host(`{{ matrix_synapse_admin_container_labels_traefik_hostname }}`) && PathPrefix(`{{ matrix_synapse_admin_container_labels_traefik_path_prefix | quote }}`)" +matrix_synapse_admin_container_labels_traefik_rule: "Host(`{{ matrix_synapse_admin_container_labels_traefik_hostname }}`){% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_synapse_admin_container_labels_traefik_path_prefix | quote }}`){% endif %}" matrix_synapse_admin_container_labels_traefik_entrypoints: web-secure matrix_synapse_admin_container_labels_traefik_tls: "{{ matrix_synapse_admin_container_labels_traefik_entrypoints != 'web' }}" matrix_synapse_admin_container_labels_traefik_tls_certResolver: default # noqa var-naming diff --git a/roles/custom/matrix-synapse-admin/tasks/validate_config.yml b/roles/custom/matrix-synapse-admin/tasks/validate_config.yml index 41f19b75..48243555 100644 --- a/roles/custom/matrix-synapse-admin/tasks/validate_config.yml +++ b/roles/custom/matrix-synapse-admin/tasks/validate_config.yml @@ -28,6 +28,5 @@ - name: Fail if matrix_synapse_admin_container_labels_traefik_path_prefix ends with a slash ansible.builtin.fail: msg: >- - matrix_synapse_admin_container_labels_traefik_path_prefix (`{{ matrix_synapse_admin_container_labels_traefik_path_prefix }}`) must not end with a slash. - Example: `/synapse-admin`. - when: "matrix_synapse_admin_container_labels_traefik_path_prefix[-1] == '/'" + matrix_synapse_admin_container_labels_traefik_path_prefix (`{{ matrix_synapse_admin_container_labels_traefik_path_prefix }}`) must either be `/` or not end with a slash (e.g. `/synapse-admin`). + when: "matrix_synapse_admin_container_labels_traefik_path_prefix != '/' and matrix_synapse_admin_container_labels_traefik_path_prefix[-1] == '/'" diff --git a/roles/custom/matrix-synapse-admin/templates/labels.j2 b/roles/custom/matrix-synapse-admin/templates/labels.j2 index 772fdad8..c70892a8 100644 --- a/roles/custom/matrix-synapse-admin/templates/labels.j2 +++ b/roles/custom/matrix-synapse-admin/templates/labels.j2 @@ -5,13 +5,23 @@ traefik.enable=true traefik.docker.network={{ matrix_synapse_admin_container_labels_traefik_docker_network }} {% endif %} +{% set middlewares = [] %} + +{% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} traefik.http.middlewares.matrix-synapse-admin-slashless-redirect.redirectregex.regex=({{ matrix_synapse_admin_container_labels_traefik_path_prefix | quote }})$ traefik.http.middlewares.matrix-synapse-admin-slashless-redirect.redirectregex.replacement=${1}/ +{% set middlewares = middlewares + ['matrix-synapse-admin-slashless-redirect'] %} +{% endif %} -traefik.http.middlewares.matrix-synapse-admin-replacepath.replacepath.path=/ +{% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} +traefik.http.middlewares.matrix-synapse-admin-strip-prefix.stripprefix.prefixes={{ matrix_synapse_admin_container_labels_traefik_path_prefix }} +{% set middlewares = middlewares + ['matrix-synapse-admin-strip-prefix'] %} +{% endif %} traefik.http.routers.matrix-synapse-admin.rule={{ matrix_synapse_admin_container_labels_traefik_rule }} -traefik.http.routers.matrix-synapse-admin.middlewares=matrix-synapse-admin-slashless-redirect,matrix-synapse-admin-replacepath +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-synapse-admin.middlewares={{ middlewares | join(',') }} +{% endif %} traefik.http.routers.matrix-synapse-admin.service=matrix-synapse-admin traefik.http.routers.matrix-synapse-admin.entrypoints={{ matrix_synapse_admin_container_labels_traefik_entrypoints }} traefik.http.routers.matrix-synapse-admin.tls={{ matrix_synapse_admin_container_labels_traefik_tls | to_json }}