diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d58f4dda..e67403b3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1047,6 +1047,8 @@ matrix_dimension_enabled: false # the Dimension HTTP port to the local host. matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8184' }}" +matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{matrix_synapse_container_federation_port|string}}" + matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}" matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}" @@ -1306,6 +1308,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1 # Settings controlling matrix-synapse-proxy.conf matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_port|string}}" + # When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" @@ -1720,7 +1725,7 @@ matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + m matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" # # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. -matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}" +matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_port|string }}" # # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index f7a84ca1..fc1f17a6 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -39,7 +39,7 @@ matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi" -matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048" +matrix_dimension_homeserver_federationUrl: "" # Database-related configuration fields. diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 3bb2723d..ea26084e 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -115,9 +115,10 @@ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname: "riot.{{ matrix_domain } matrix_nginx_proxy_proxy_synapse_enabled: false matrix_nginx_proxy_proxy_synapse_hostname: "matrix-nginx-proxy" matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}" + # The addresses where the Federation API is, when using Synapse. -matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:8048" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:8048" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "" # Controls whether proxying the Element domain should be done. matrix_nginx_proxy_proxy_element_enabled: false diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index 9661ae5e..39a2dfe5 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -43,5 +43,7 @@ msg: "The `{{ item }}` variable must be defined and have a non-null value" with_items: - "matrix_ssl_lets_encrypt_support_email" + - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container" + - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container" when: "vars[item] == '' or vars[item] is none" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 7a889fbd..cfc985b4 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -27,7 +27,9 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" - matrix_synapse_container_federation_api_port: 8448 +matrix_synapse_container_federation_api_port: 8448 + +matrix_synapse_container_federation_port: 8048 # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container). # @@ -148,7 +150,7 @@ matrix_synapse_federation_rr_transactions_per_room_per_second: 50 # Controls whether the TLS federation listener is enabled (tcp/8448). # Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`). -# Note that federation may potentially be enabled as non-TLS on tcp/8048 as well. +# Note that federation may potentially be enabled as non-TLS on `matrix_synapse_container_federation_port` as well. # If you're serving Synapse behind an HTTPS-capable reverse-proxy, # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`). matrix_synapse_tls_federation_listener_enabled: true diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 4e5ddea3..e88ed256 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -302,7 +302,7 @@ listeners: {% if matrix_synapse_federation_port_enabled %} # Unsecure HTTP listener (Federation API): for when matrix traffic passes through a reverse proxy # that unwraps TLS. - - port: 8048 + - port: {{ matrix_synapse_container_default_federation_port|to_json }} tls: false bind_addresses: ['::'] type: http diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index f4e62936..011d30f7 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -46,7 +46,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_port }} \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} - -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:8048 \ + -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:{{ matrix_synapse_container_federation_port }} \ {% endif %} {% if matrix_synapse_metrics_enabled and matrix_synapse_container_metrics_api_host_bind_port %} -p {{ matrix_synapse_container_metrics_api_host_bind_port }}:{{ matrix_synapse_metrics_port }} \