Kim Brose
5ed23e81ef
Fix index in external_prometheus.yml.example.j2
...
For an unknown reason prometheus ignored the given "numeric" index and replaced it by 1. This made it not work properly, plus multiple workers of same types were not differentiable. With a "string" index, it works as intended.
3 years ago
Alejo Diaz
4ec24ec344
Add support for obtain ECDSA keys ( #1667 )
...
* Add support for obtain ECDSA keys
* Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type
3 years ago
Slavi Pantaleev
86c36523df
Replace ExecStopPost with ExecStop
...
Reverts b1b4ba501f
, 90c9801c56
, a3c84f78ca
, ..
I haven't really traced it (yet), but on some servers, I'm observing
`ansible-playbook ... --tags=start` completing very slowly, waiting
to stop services. I can't reproduce this on all Matrix servers I manage.
I suspect that either the systemd version is to blame or that some
specific service is not responding well to some `docker kill/rm` command.
`ExecStop` seems to work great in all cases and it's what we've been
using for a very long time, so I'm reverting to that.
3 years ago
Slavi Pantaleev
29bc22a085
Add matrix_nginx_proxy_container_additional_networks
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1498
3 years ago
Slavi Pantaleev
3b9d5b13e9
Add support for not serving Dendrite federation APIs on the client port
...
Seems like Dendrite encourages serving both the Client and Federation
API at the same port.
Coming from Synapse and how things are done there, we have separate
ports. Using separate ports probably makes matrix-corporal (etc.)
integration easier, so separating the APIs by default probably makes
sense.
3 years ago
Slavi Pantaleev
ecc237bbad
Initial work on getting nginx reverse proxying working with Dendrite
3 years ago
rakshazi
5788a16a2e
added matrix-client-cinny
3 years ago
Slavi Pantaleev
b1b4ba501f
Replace ExecStop with ExecStopPost
...
ExecStopPost should allow us to clean up (docker kill + docker rm)
even if the ExecStart (docker run ..) command failed, and not just after
a graceful service stop was initiated.
Source: https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStopPost=
3 years ago
Slavi Pantaleev
3a9fe48deb
Make matrix-nginx-proxy's X-Forwarded-For header customizable
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1393
3 years ago
Aaron Raimist
f8fe68b385
Allow workers to serve new v3 APIs
...
1f196f59cb
3 years ago
JokerGermany
c0656448f7
Port 80 for IPv6
3 years ago
b
6eaa8ac65a
add server_name to matrix-synapsel.conf only if matrix_nginx_proxy_enabled
3 years ago
Kim Brose
5f6bbafa17
fix space before tab in indent
3 years ago
HarHarLinks
7b33fc8e19
fixup! auto-generate prometheus.yml for workers metrics
3 years ago
HarHarLinks
ce41674e61
auto-generate prometheus.yml for workers metrics
3 years ago
HarHarLinks
4209c4208c
add own variable for worker metrics
...
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1311#issuecomment-945718866
3 years ago
HarHarLinks
d9fa2f7ed4
add auto proxy synapse worker metrics
...
when matrix_nginx_proxy_proxy_synapse_metrics is enabled
3 years ago
Slavi Pantaleev
31396f0615
Merge pull request #1295 from nogweii/feat-support-upstream-https-forwarded
...
Support trusting the upstream server when it says the protocol is HTTPS
3 years ago
Aaron Raimist
a676b5358c
Fix hydrogen OCSP typo
...
From 6f80292745
3 years ago
Colin Shea
2578ca4cee
rename matrix_nginx_proxy_x_forwarded_header_value -> matrix_nginx_proxy_x_forwarded_proto_value
3 years ago
Colin Shea
d0cd67044e
replace $scheme with X-Forwarded-Proto when enabled
3 years ago
sakkiii
ae6caf158a
Added variable matrix_nginx_proxy_request_timeout ( #1265 )
...
* add timeout param for nginx proxy
default value matrix_nginx_proxy_request_timeout is 60s
* default matrix_nginx_proxy_request_timeout - 60s
* few more variables for request timeout
* Update nginx.conf.j2
* Update nginx.conf.j2
3 years ago
Michael Collins
2e30802b87
use group variables instead
3 years ago
Michael Collins
8238d65e5f
simplify template conditional
3 years ago
Michael Collins
bfb61e776e
GMH v0.5.7... maybe!
3 years ago
Slavi Pantaleev
4105ba854b
Merge pull request #1147 from datenkollektiv-net/allow-custom-federation-fqn
...
Make federation domain customizable
3 years ago
JokerGermany
9345d840be
root path for the base domain is wrong ( #1189 )
...
* root path for the base domain
* Fix path when running in a container
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
3 years ago
Slavi Pantaleev
6294e58304
Fix Content-Security-Policy for Element
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154
According to
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ,
having both a header and the `<meta>`-tag provided by Element itself is
not a problem. The 2 CSP policies get combined.
3 years ago
oxmie
5df4d68829
Make federation domain customizable
3 years ago
sakkiii
0217644b48
Content-Security-Policy For Element Web
...
https://github.com/vector-im/element-web#configuration-best-practices
4 years ago
Slavi Pantaleev
4880dcceb0
Fix OCSP-stapling-related errors due to missing resolver
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
4 years ago
Slavi Pantaleev
1ed0857019
Fix syntax error
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024
4 years ago
sakkiii
4a4a7f136e
changes added to hydrogen client
4 years ago
sakkiii
25e67b51d1
Merge branch 'spantaleev:master' into master
4 years ago
sakkiii
3436f9c10a
rename to matrix_nginx_proxy_hsts_preload_enabled
4 years ago
sakkiii
df2d91970d
matrix_nginx_proxy_xss_protection
4 years ago
Slavi Pantaleev
6f80292745
Add OCSP stapling support and other SSL optimizations to Hydrogen vhost
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
4 years ago
Aaron Raimist
04548f8df2
Merge branch 'master' into hydrogen
4 years ago
Aaron Raimist
9437f78c9e
Build using custom config.json, add CSP, update to 0.1.53
4 years ago
sakkiii
e9b878b9e9
Optimize SSL session
4 years ago
Slavi Pantaleev
e6afa05f7b
Enable OCSP stapling for the federation port
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
Not sure if this is beneficial though.
4 years ago
Slavi Pantaleev
57a6a98a50
Fix incorrect SSL certificate path
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
4 years ago
Slavi Pantaleev
b9c4e8ce16
Merge pull request #1057 from sakkiii/ssl_staple
...
Enable OCSP Stapling
4 years ago
sakkiii
d31b55b2a7
SSL-enabled block only
4 years ago
Slavi Pantaleev
e4dd933cf0
Make missing /_synapse/admin correctly return 404 responses
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058
We may try to capture such calls and return a friendlier response (HTML
or JSON) saying "The Synapse Admin API is not enabled", but that may not
be desirable.
For now, we stick to what "upstream" recommends: "simply
don't proxy these APIs", which should lead to the same kind of 404 that
we have now.
See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints)
4 years ago
sakkiii
c05021640d
Enable OCSP Stapling
4 years ago
Aaron Raimist
ca361af616
Add Hydrogen
4 years ago
sakkiii
29cf6a0087
Merge branch 'spantaleev:master' into master
4 years ago
sakkiii
bb0810302d
Merge branch 'spantaleev:master' into master
4 years ago
Béla Becker
b10655ebb1
Jitsi XMPP Websocket support
...
Jitsi-meet enabled websockets by default, claiming better reliability.
Matrix-nginx-proxy configuration has been set up according to the
Prosody documentation: https://prosody.im/doc/websocket
4 years ago