364 Commits (309a2393c3dc37b5d07c63af65a909567e003c75)

Author SHA1 Message Date
Slavi Pantaleev 6f80292745
Add OCSP stapling support and other SSL optimizations to Hydrogen vhost
4 years ago
Slavi Pantaleev d0de21ab34
Delete Hydrogen nginx configuration file when disabled
4 years ago
Aaron Raimist 04548f8df2
Merge branch 'master' into hydrogen
4 years ago
Aaron Raimist 9437f78c9e
Build using custom config.json, add CSP, update to 0.1.53
4 years ago
sakkiii e9b878b9e9 Optimize SSL session
4 years ago
Slavi Pantaleev e6afa05f7b Enable OCSP stapling for the federation port
4 years ago
Slavi Pantaleev 57a6a98a50 Fix incorrect SSL certificate path
4 years ago
Slavi Pantaleev b9c4e8ce16
Merge pull request #1057 from sakkiii/ssl_staple
4 years ago
sakkiii d31b55b2a7 SSL-enabled block only
4 years ago
Slavi Pantaleev e4dd933cf0 Make missing /_synapse/admin correctly return 404 responses
4 years ago
sakkiii 2c3da6599b Added warning
4 years ago
sakkiii 0dd4459799 matrix_nginx_proxy_ocsp_stapling_enabled variable added
4 years ago
sakkiii c05021640d Enable OCSP Stapling
4 years ago
Aaron Raimist ca361af616
Add Hydrogen
4 years ago
sakkiii 29cf6a0087 Merge branch 'spantaleev:master' into master
4 years ago
sakkiii bb0810302d Merge branch 'spantaleev:master' into master
4 years ago
Béla Becker b10655ebb1 Jitsi XMPP Websocket support
4 years ago
Dan Arnfield cfaa3e598a Update nginx (1.19.10 -> 1.20.0)
4 years ago
sakkiii 40fe6bd5c1 variable matrix_nginx_proxy_hsts_preload_enable added
4 years ago
Slavi Pantaleev 389dc26615 Fix Synapse generic worker balancing
4 years ago
sakkiii 5b4fdf9b87 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
4 years ago
sakkiii 0ccf0fbf1c HSTS preload + X-XSS enables
4 years ago
sakkiii 3564635f0f
Merge branch 'master' into master
4 years ago
sakkiii 29bba5161b Element More security headers
4 years ago
Slavi Pantaleev d691cc0920 Move variable definition a bit
4 years ago
Slavi Pantaleev e00ef04b57 Add opt-out-of-FLoC headers by default
4 years ago
Slavi Pantaleev 4a1739f604
Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version
4 years ago
teutat3s 2bf7c26cfa
Don't expose nginx version with each response
4 years ago
sakkiii 1958d0792d Update matrix-client-element.conf.j2
4 years ago
sakkiii b6d45c5fd8 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
4 years ago
sakkiii 05042f5ff1 Improve security grafana
4 years ago
sakkiii 5dc642ace1
Nginx element web: XSS protection & nosniff header
4 years ago
Slavi Pantaleev c7c137df74 Upgrade nginx and certbot
4 years ago
Ahmad Haghighi e335f3fc77 rename matrix_global_registry to matrix_container_global_registry_prefix related to #990
4 years ago
Ahmad Haghighi f52a8b6484 use custom docker registry
4 years ago
Christoph Johannes Kleine fcd66b2889
rename variables
4 years ago
Christoph Johannes Kleine 8ba1105010
rename variable
4 years ago
Christoph Johannes Kleine 3a772f2f65
matrix-nginx-proxy: add custom nginx options to nginx.conf.j2
4 years ago
Dan Arnfield 97d8527e00 Update nginx (1.19.6 -> 1.19.8)
4 years ago
Slavi Pantaleev 06c74728eb Move matrix_nginx_proxy_proxy_synapse_federation_api_enabled definition to the role
4 years ago
Slavi Pantaleev 9a0222fa47 Add Sygnal support
4 years ago
Aaron Raimist 32b3650c12
Set X-Forwarded-Proto on federation requests
4 years ago
Aaron Raimist 466827139a
Also check if matrix_ssl_lets_encrypt_support_email is blank
4 years ago
Slavi Pantaleev 011e95c1d2
Merge pull request #893 from GoMatrixHosting/master
4 years ago
Slavi Pantaleev 6181861ffe
Merge pull request #929 from Zir0h/master
4 years ago
Alexandros Afentoulis 28c255539c matrix-nginx-proxy: specify Origin header, comply with CORS
4 years ago
Yannick Goossens 51e2547484 Added support for the Go-NEB bot
4 years ago
Slavi Pantaleev 9b72384df7 Upgrade Synapse (1.28.0 -> 1.29.0)
4 years ago
Slavi Pantaleev f0698ee641 Do not overwrite X-Forwarded-For when reverse-proxying to Synapse
4 years ago
SierraKiloBravo 0de0716527 Added nginx proxy worker configuration to template and defaults
4 years ago
Slavi Pantaleev 009efdad49 Fix matrix.DOMAIN/_synapse/metrics exposing
4 years ago
Slavi Pantaleev a25b8135b8 Fix point overlap between matrix-domain and Jitsi
4 years ago
Michael 33ec5710d9 0.2.1 revision
4 years ago
Hardy Erlinger f4930d789e Run Let's Encrypt renewal checks daily instead of weekly.
4 years ago
Slavi Pantaleev 6baa91dd9f Do not delete matrix-ssl-lets-encrypt-certificates-renew only to recreate it later
4 years ago
Slavi Pantaleev 1ef683d366 Make nginx proxy config (when disabled) obey matrix_federation_public_port
4 years ago
rakshazi 2f887f292c
added "matrix_%SERVICE%_version" variable to all roles, use it in "matrix_%SERVICE%_docker_image" var (preserving backward-compatibility)
4 years ago
Michael 4c882c513b initial PR
4 years ago
Slavi Pantaleev eaea215282 Allow Synapse workers to be used with an external nginx webserver
4 years ago
Slavi Pantaleev d6c4d41c2b Define instanceId property on workers
4 years ago
Slavi Pantaleev 5cfeae806b Merge branch 'master' into synapse-workers
4 years ago
Slavi Pantaleev 894679750e
Merge pull request #862 from s-thom/nginx-additional
4 years ago
Slavi Pantaleev a8e9f35708 Touch up documentation a bit
4 years ago
Peetz0r 989100b1c1 Grafana nginx proxy config
4 years ago
Stuart Thomson 064b2e533c Add variable for extra domains to get LE certs for
4 years ago
Slavi Pantaleev 889b299bc2
Merge pull request #804 from pushytoxin/matrix-etherpad
4 years ago
Slavi Pantaleev 26b287bd17 Upgrade certbot (1.10.1 -> 1.11.0)
4 years ago
Slavi Pantaleev d98a1ceadd Merge branch 'master' into synapse-workers
4 years ago
Slavi Pantaleev 512f42aa76 Do not report docker kill/rm attempts as errors
4 years ago
Béla Becker 7bc9be95cb Add map directive to the base of nginx.conf
4 years ago
Slavi Pantaleev 778b66876c Merge branch 'master' into synapse-workers
4 years ago
Slavi Pantaleev 70796703d3 Run Synapse workers in their own containers
4 years ago
Slavi Pantaleev 4d62a75f6f Get matrix-corporal to play nicely with a Synapse worker setup
4 years ago
Slavi Pantaleev 5ca68210cd Do not handle /_matrix/federation on client-server port, nor /_matrix/client stuff on federation port
4 years ago
Slavi Pantaleev 8fa913dca7 Fix Ansible warning
4 years ago
Marcel Partap 183adec3d8 Merge remote-tracking branch 'origin/master' into synapse-workers
4 years ago
pushytoxin d51ea25219 When validating LE certs, do not wait for a random time
4 years ago
Slavi Pantaleev 1692a28fe4 Work around annoying Docker warning about undefined $HOME
4 years ago
Slavi Pantaleev e1690722f7 Replace cronjobs with systemd timers
4 years ago
Slavi Pantaleev 05ca9357a8 Add .service suffix to systemd units list
4 years ago
Slavi Pantaleev 57ea43d8b0 Remove unused variable
4 years ago
Slavi Pantaleev 7a90eb6d4f Relocate some validation tasks
4 years ago
Marcel Partap cd8100544b Merge remote-tracking branch 'origin/master' into synapse-workers
4 years ago
Slavi Pantaleev f7ae050eaf Remove useless quotes around ssl_ciphers value
4 years ago
Slavi Pantaleev 5822ba0c01 Use a more natural if statement
4 years ago
Slavi Pantaleev de6ecd8818
Update inaccurate comments
4 years ago
Agustin Ferrario 5156c63a76 Clean up code
4 years ago
Agustin Ferrario 25d423e6b6 Fix errors per spantaleev suggestions
4 years ago
Agustin Ferrario 3cb71e7e84 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy
4 years ago
Dan Arnfield 10e0fa17ad Update nginx (1.19.5 -> 1.19.6)
4 years ago
louis dcd4716636 add option to disable nginx access log
4 years ago
Agustin Ferrario 2082242499 Add `matrix_nginx_proxy_ssl_config`
4 years ago
Slavi Pantaleev d08b27784f Fix systemd services autostart problem with Docker 20.10
4 years ago
Slavi Pantaleev 8c02f7b79b Upgrade services
4 years ago
Marcel Partap 851c25c47f matrix-synapse nginx template: fix invalid jinja comment syntax
4 years ago
Marcel Partap b73ac965ac Merge remote-tracking branch 'origin/master' into synapse-workers
4 years ago
Slavi Pantaleev b354155d7c Make JVB websockets reverse-proxying work
4 years ago
Slavi Pantaleev d702e74079 Fix matrix-nginx-proxy static files mounting when SSL retrieval is none
4 years ago
Slavi Pantaleev 12867e9f18 Do not try to mount /matrix/ssl when matrix_ssl_retrieval_method is 'none'
4 years ago
Slavi Pantaleev 75f9fde7a4 Remove some more -v usage
4 years ago
Slavi Pantaleev 1fca917ad1 Replace some -v instances with --mount
4 years ago
Slavi Pantaleev ccabc82d4c Use more fully-qualified container images
4 years ago
Marcel Partap 4678c5d7bd Merge remote-tracking branch 'origin/master' into synapse-workers
4 years ago
Slavi Pantaleev 4d12a6f8e9
Merge pull request #681 from scottcrossen/slc/ddclient
4 years ago
Slavi Pantaleev 1427286cec Integrate matrix-dynamic-dns with matrix-nginx-proxy without causing a dependency
4 years ago
Marcel Partap b05d298ae4 synapse workers nginx rule: add client_max_body_size on media endpoints
4 years ago
Marcel Partap e5072c20d9 synapse workers/nginx: handle media_repository worker endpoints on federation port
4 years ago
Slavi Pantaleev 235299939d Upgrade nginx (1.19.3 -> 1.19.4)
4 years ago
Scott Crossen e894befd87 Updates to reviewer comments
4 years ago
Slavi Pantaleev 350c39d745 Update comment
4 years ago
Slavi Pantaleev ef68d3d296 Add support for reverse-proxying /_synapse/oidc
4 years ago
Slavi Pantaleev 9a46647010 Make https://matrix.DOMAIN/ redirect to https://element.DOMAIN/
4 years ago
Slavi Pantaleev 4700e80389 Raise standalone default Matrix Client API client_max_body_size
4 years ago
Slavi Pantaleev ef07aa8e5d Prevent certain nginx location blocks from being ignored
4 years ago
Marcel Partap 2d1b9f2dbf synapse workers: reworkings + get endpoints from upstream docs via awk
4 years ago
Slavi Pantaleev 63a49bb2dc Do not expose /_synapse/admin publicly by default
4 years ago
Marcel Partap 87bd64ce9e Merge remote-tracking branch 'origin/master' into synapse-workers
4 years ago
Dan Arnfield b65bfc38ce Update nginx (1.19.2 -> 1.19.3)
4 years ago
Slavi Pantaleev d250727e8b Upgrade certbot (1.7.0 -> 1.9.0)
4 years ago
Max Klenk fc2edcbecf
fix media routing
4 years ago
Max Klenk 132daba1af
fix worker routes
4 years ago
Max Klenk 9a3d84b931
Merge branch 'master' into feature/add-worker-support
4 years ago
Slavi Pantaleev 2a1ec38e3a Stop using Ansible's cron module
4 years ago
Max Klenk 06bc430c7c
refactor to use new workers and routes they serve
4 years ago
Max Klenk 59d1fb76b6
only apply worker redirects if workers are enabled
4 years ago
Max Klenk 567d0318b0
Merge branch 'synapse-workers' into feature/add-worker-support
4 years ago
Slavi Pantaleev fc1655cd4b
Merge pull request #633 from thedanbob/certbot-1.7.0
4 years ago
Dan Arnfield c8754f422a Update certbot (1.6.0 -> 1.7.0)
4 years ago
Dan Arnfield 8d373409b8 Update nginx (1.19.1 -> 1.19.2)
4 years ago
Justin Croonenberghs 31e2a1f06b
Undo ill-advised change
4 years ago
Justin Croonenberghs c5d18733d2
Update CORS for ma1sd
4 years ago
Slavi Pantaleev 54195b22c7 Allow framing Jitsi
4 years ago
Slavi Pantaleev 3f8e5b4363 Allow framing Dimension
4 years ago
TwoTwenty b106a9592e
Update matrix-jitsi.conf.j2
4 years ago
TwoTwenty c97e7c5a3e
Update matrix-dimension.conf.j2
4 years ago
TwoTwenty 18ba885ca2
Update matrix-client-element.conf.j2
4 years ago
Slavi Pantaleev c6ab1c6a90 Riot is now Element
4 years ago
Dan Arnfield c47a55d170 Update nginx (1.19.0 -> 1.19.1) and certbot (1.5.0 -> 1.6.0)
4 years ago
shadow 6293f1bdb0 Run all API self checks in check_mode
4 years ago
Slavi Pantaleev 65e5020596 Proxy other /_synapse endpoints to the client API
5 years ago
Slavi Pantaleev 88a4a3ab55 Update components
5 years ago
Chris van Dijk 74df10633a Remove hardcoded command paths in playbook cron usage
5 years ago
Chris van Dijk 6e3b877dc2 Remove hardcoded command paths in playbook shell usage
5 years ago
Chris van Dijk 6334f6c1ea Remove hardcoded command paths in systemd unit files
5 years ago
Slavi Pantaleev 7a2dbdc2d7 Update components
5 years ago
Chris van Dijk 7585bcc4ac Allow the matrix user username and groupname to be configured separately
5 years ago
Slavi Pantaleev 554da8338a
Merge pull request #463 from hooger/architecture
5 years ago
Marcel Partap 46984a4f99 Nginx conf: more testing less b0rk
5 years ago
Christoph Johannes Kleine 765c046beb
add missing ; to matrix-synapse.conf.j2
5 years ago
Marcel Partap e4763c21bc nginx config: route traffic to workers on matrix-synapse
5 years ago