## Support for exposing container ports publicly (not just to the host)
Until now, various roles supported a `matrix_*_expose_port` variable, which would expose their container's port to the host. This was mostly useful for reverse-proxying manually (in case `matrix-nginx-proxy` was disabled). It could also be used for installing some playbook services (e.g. bridges, etc.) and wiring them to a separate (manual) Matrix setup.
`matrix_*_expose_port` variables were not granular enough - sometimes they would expose one port, other times multiple. They also didn't provide control over **where** to expose (to which port number and to which network interface), because they would usually hardcode something like `127.0.0.1:8080`.
All such variables have been superseded by a better (more flexible) way to do it.
**Most** people (including those not using `matrix-nginx-proxy`), **don't need** to bother with this.
Porting examples follow for people having more customized setups:
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it,
# to the local host.
# you can expose Synapse's ports to the host.
#
#
# For exposing the Matrix Client API's port (plain HTTP) to the local host (`127.0.0.1:8008`).
# For exposing the Matrix Client API's port (plain HTTP) to the local host.
matrix_synapse_container_expose_client_api_port: "{{ not matrix_nginx_proxy_enabled }}"
matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}"
# For exposing the Matrix Federation API's port (plain HTTP) to the local host (`127.0.0.1:8048`).
#
matrix_synapse_container_expose_federation_api_port: "{{ not matrix_nginx_proxy_enabled }}"
# For exposing the Matrix Federation API's plain port (plain HTTP) to the local host.
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
matrix_synapse_container_expose_metrics_port: "{{ not matrix_nginx_proxy_enabled }}"
#
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ '8448' if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
#
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}"
You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`.
You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`.
when:"matrix_appservice_irc_configuration.ircService|default(none) is none"
when:"matrix_appservice_irc_configuration.ircService|default(none) is none"
- name:(Deprecation) Catch and report renamed appservice-irc variables
fail:
msg:>-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when:"item.old in vars"
with_items:
- {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new':'<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
- name:Fail if required matrix-corporal settings not defined
- name:Fail if required matrix-corporal settings not defined
fail:
fail:
msg:>
msg:>-
You need to define a required configuration setting (`{{ item }}`) for using matrix-corporal.
You need to define a required configuration setting (`{{ item }}`) for using matrix-corporal.
when:"vars[item] == ''"
when:"vars[item] == ''"
with_items:
with_items:
@ -15,3 +15,13 @@
fail:
fail:
msg:"The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`"
msg:"The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`"
when:"matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''"
when:"matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''"
- name:(Deprecation) Catch and report renamed corporal variables
fail:
msg:>-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when:"item.old in vars"
with_items:
- {'old': 'matrix_corporal_container_expose_ports', 'new':'<superseded by matrix_corporal_container_http_gateway_host_bind_port and matrix_corporal_container_http_api_host_bind_port>'}
{% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled %}
{% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %}