Slavi Pantaleev
1ed0857019
Fix syntax error
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024
4 years ago
sakkiii
4a4a7f136e
changes added to hydrogen client
4 years ago
sakkiii
25e67b51d1
Merge branch 'spantaleev:master' into master
4 years ago
sakkiii
3436f9c10a
rename to matrix_nginx_proxy_hsts_preload_enabled
4 years ago
Slavi Pantaleev
0648b1b618
Upgrade Element (1.7.28 -> 1.7.29)
4 years ago
sakkiii
7cc5328ede
Comments & Ref
4 years ago
sakkiii
df2d91970d
matrix_nginx_proxy_xss_protection
4 years ago
Slavi Pantaleev
d4c7a90b5c
Merge pull request #1076 from Eagle-251/Jitsi-Prosody-OwnNginxCompatibility
...
Allow Jitsi XMPP websocket support for users using own webserver.
4 years ago
ewang
409cd2b9a3
Source port binding from group vars in line other components
4 years ago
Eagle-251
ef6a7e051c
Fix missing port binding.
4 years ago
ewang
1bb6ed97ae
Make port bindings default for those disabling nginx proxy
...
I changed the conditional statement in prosody systemd template to bind the localhost port by default if people have set ```matrix_nginx_proxy_enabled == false ```.
Hopefully that should make it the default behaviour now.
4 years ago
Aaron Raimist
3c0452ff5a
Remove unnecessary bind for config.json, use proper nginx.conf
4 years ago
ewang
4a772e50f4
Allow Jitsi XMPP webscoket support for users using own webserver.
...
Added:
- Conditional localhost Port bindings for Jitsi Prosody systemd template
- Added variable to main.yml to allow overriding from vars.yml
4 years ago
Slavi Pantaleev
6f80292745
Add OCSP stapling support and other SSL optimizations to Hydrogen vhost
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
4 years ago
Slavi Pantaleev
d0de21ab34
Delete Hydrogen nginx configuration file when disabled
4 years ago
Aaron Raimist
ac4ede20af
Add docs
4 years ago
Aaron Raimist
1633f61018
Only install config.json when self building
4 years ago
Aaron Raimist
04548f8df2
Merge branch 'master' into hydrogen
4 years ago
Aaron Raimist
9437f78c9e
Build using custom config.json, add CSP, update to 0.1.53
4 years ago
Slavi Pantaleev
47b4608b96
Fail in a friendlier way when trying to self-build on Ansible <= 2.8
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
Related discussion here: 1ab507349c (commitcomment-51108407)
4 years ago
Slavi Pantaleev
1ab507349c
Fix self-building for various components on Ansible < 2.8
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
4 years ago
Slavi Pantaleev
66615c43a3
Merge pull request #1065 from sakkiii/patch-1
...
Update grafana (7.5.6->7.5.7)
4 years ago
Tobias K
3dcbed6353
roles/matrix-grafana: Set root_url in granafa.ini
4 years ago
sakkiii
8529ca4c17
Update grafana (7.5.6->7.5.7)
4 years ago
Slavi Pantaleev
073d920a62
Merge pull request #1061 from sakkiii/ssl_enhancement
...
Optimize SSL session
4 years ago
Toni Spets
544915ff76
Add Heisenbridge
4 years ago
Slavi Pantaleev
21eb39f986
Mention matrix_common_after_systemd_service_start_wait_for_timeout_seconds in failure message
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1062
4 years ago
Slavi Pantaleev
ee46fabdca
Make waiting time for --tags=start configurable
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1062
4 years ago
sakkiii
e9b878b9e9
Optimize SSL session
4 years ago
Slavi Pantaleev
e6afa05f7b
Enable OCSP stapling for the federation port
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
Not sure if this is beneficial though.
4 years ago
Slavi Pantaleev
57a6a98a50
Fix incorrect SSL certificate path
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
4 years ago
Slavi Pantaleev
b9c4e8ce16
Merge pull request #1057 from sakkiii/ssl_staple
...
Enable OCSP Stapling
4 years ago
sakkiii
d31b55b2a7
SSL-enabled block only
4 years ago
rakshazi
400371f6dd
Updated Element version (1.7.27 -> 1.7.28)
4 years ago
Slavi Pantaleev
d156c8caa2
Upgrade Synapse (1.33.2 -> 1.34.0)
4 years ago
Slavi Pantaleev
e4dd933cf0
Make missing /_synapse/admin correctly return 404 responses
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058
We may try to capture such calls and return a friendlier response (HTML
or JSON) saying "The Synapse Admin API is not enabled", but that may not
be desirable.
For now, we stick to what "upstream" recommends: "simply
don't proxy these APIs", which should lead to the same kind of 404 that
we have now.
See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints)
4 years ago
sakkiii
2c3da6599b
Added warning
4 years ago
sakkiii
0dd4459799
matrix_nginx_proxy_ocsp_stapling_enabled variable added
4 years ago
sakkiii
c05021640d
Enable OCSP Stapling
4 years ago
Aaron Raimist
ca361af616
Add Hydrogen
4 years ago
sakkiii
b191e461a5
Merge branch 'spantaleev:master' into master
4 years ago
sakkiii
4bd7d8b5e4
Update grafana (7.5.5->7.5.6)
4 years ago
sakkiii
d5cd3d443d
Update prometheus (2.26.0->2.27.0)
4 years ago
sakkiii
322b750aad
Merge branch 'spantaleev:master' into master
4 years ago
Slavi Pantaleev
f481b1a84b
Upgrade matrix-mailer (4.94.2-r0 -> 4.94.2-r0-1)
...
Related to https://github.com/devture/exim-relay/pull/9
4 years ago
Slavi Pantaleev
8e6f1876f5
Switch to :latest version of synapse-admin
...
Related to https://github.com/Awesome-Technologies/synapse-admin/issues/132
We should switch back when >0.8.0 gets released.
4 years ago
sakkiii
8fc55b30c5
Upgrade Synapse (1.33.1 -> 1.33.2)
...
This release fixes a denial of service attack (CVE-2021-29471) against Synapse's push rules implementation. Server admins are encouraged to upgrade.
Ref: https://github.com/matrix-org/synapse/releases/tag/v1.33.2
4 years ago
Slavi Pantaleev
2d4b039c55
Merge pull request #1046 from GoMatrixHosting/master
...
GoMatrixHosting v0.4.6
4 years ago
Michael-GMH
2b4bada72a
fix conditional
4 years ago
Michael-GMH
0adcef65e6
fix conditional
4 years ago
Michael-GMH
f70102e40c
no dashes in usernames
4 years ago
Slavi Pantaleev
f4657b2cdb
Upgrade Element (1.7.26 -> 1.7.27)
4 years ago
Michael-GMH
4e6f6e179b
GMH 0.4.6 update
4 years ago
sakkiii
29cf6a0087
Merge branch 'spantaleev:master' into master
4 years ago
Slavi Pantaleev
3dcc006932
Fix self-building for Coturn
...
689dcea773
wasn't enough. The `upstream/..` tags are
just upstream sources, without the alpine-based Dockerfile.
We need to use the `docker/..` tags for that (or `master`)
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1032
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1023
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1009
4 years ago
Slavi Pantaleev
33f0074862
Upgrade matrix-mailer (4.94-r0 -> 4.94.2-r0)
...
Related to https://github.com/devture/exim-relay/issues/6
4 years ago
Slavi Pantaleev
c19508087a
Merge pull request #1036 from sakkiii/grafana-csp
...
Grafana csp template backward compatible with older browsers
4 years ago
Slavi Pantaleev
a198b87455
Upgrade synapse-admin (0.7.2 -> 0.8.0)
...
Related to https://github.com/Awesome-Technologies/synapse-admin/issues/132
4 years ago
Slavi Pantaleev
867ebb52ab
Merge pull request #1037 from pushytoxin/jitsi-5765-1
...
Update Jitsi (5142 -> 5765-1)
4 years ago
sakkiii
bb0810302d
Merge branch 'spantaleev:master' into master
4 years ago
Slavi Pantaleev
61220ea487
Upgrade Synapse (1.33.0 -> 1.33.1)
4 years ago
sakkiii
9174448e5e
get rid of this {% else %}
4 years ago
sakkiii
0d5fe2d9f7
Update roles/matrix-grafana/templates/grafana.ini.j2
...
Co-authored-by: Aaron Raimist <aaron@raim.ist>
4 years ago
Béla Becker
b10655ebb1
Jitsi XMPP Websocket support
...
Jitsi-meet enabled websockets by default, claiming better reliability.
Matrix-nginx-proxy configuration has been set up according to the
Prosody documentation: https://prosody.im/doc/websocket
4 years ago
Béla Becker
116bcaa13b
Update jitsi to stable-5765-1
...
Changelog:
https://github.com/jitsi/docker-jitsi-meet/blob/stable-5765-1/CHANGELOG.md
4 years ago
sakkiii
37de7fc96a
Updated Reference
4 years ago
sakkiii
303de935d5
grafana CSP backward compatible with older browsers
4 years ago
Slavi Pantaleev
d4d1e2e922
Upgrade Synapse (1.32.2 -> 1.33.0)
4 years ago
Slavi Pantaleev
b09a805939
Merge pull request #1031 from thedanbob/nginx-1.20.0
...
Update nginx (1.19.10 -> 1.20.0)
4 years ago
Slavi Pantaleev
6fdc71c40b
Merge pull request #1030 from thedanbob/grafana-7.5.5
...
Update grafana (7.5.4 -> 7.5.5)
4 years ago
Dan Arnfield
cfaa3e598a
Update nginx (1.19.10 -> 1.20.0)
4 years ago
Dan Arnfield
bec5933db4
Update grafana (7.5.4 -> 7.5.5)
4 years ago
Michael-GMH
067b61e779
GoMatrixHosting v0.4.5 update
4 years ago
Slavi Pantaleev
2409c33ea2
Upgrade Element (1.7.25 -> 1.7.26)
4 years ago
benkuly
49cb2635a2
updated matrix-sms-bridge
4 years ago
Michael-GMH
a14bf6c2ed
GoMatrixHosting v0.4.4 update
4 years ago
Slavi Pantaleev
689dcea773
Fix self-building for Coturn
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1023
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1009
4 years ago
sakkiii
40fe6bd5c1
variable matrix_nginx_proxy_hsts_preload_enable added
4 years ago
Slavi Pantaleev
389dc26615
Fix Synapse generic worker balancing
...
Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022
4 years ago
sakkiii
5b4fdf9b87
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
4 years ago
sakkiii
0ccf0fbf1c
HSTS preload + X-XSS enables
...
**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts ) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.
4 years ago
sakkiii
3564635f0f
Merge branch 'master' into master
4 years ago
sakkiii
29bba5161b
Element More security headers
...
More Production ready nginx headers for Matrix client element.
4 years ago
Slavi Pantaleev
f6b371164c
Remove useless variable
4 years ago
Slavi Pantaleev
62c0587b6a
Use Alpine-based Coturn
4 years ago
Slavi Pantaleev
72a7cb4145
Merge pull request #1018 from GoMatrixHosting/master
...
GoMatrixHosting v0.4.3
4 years ago
Slavi Pantaleev
e3fa3e12bc
Upgrade Synapse (1.31 -> 1.32.2)
4 years ago
Michael-GMH
50d7209c5b
GMH v04.3
4 years ago
Slavi Pantaleev
378fabf177
Revert "Upgrade Synapse (1.31 -> 1.32.1)"
...
This reverts commit 1fb54a37cb
.
Seems like it's been pulled or something. It used to exist, but not
anymore. Not sure what's going on.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1017
Related to
https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
4 years ago
Slavi Pantaleev
1fb54a37cb
Upgrade Synapse (1.31 -> 1.32.1)
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
4 years ago
Slavi Pantaleev
d691cc0920
Move variable definition a bit
4 years ago
Slavi Pantaleev
e00ef04b57
Add opt-out-of-FLoC headers by default
4 years ago
Slavi Pantaleev
42783972fd
Merge pull request #1011 from aaronraimist/synapse-admin
...
Upgrade synapse-admin (0.7.0 -> 0.7.2)
4 years ago
Slavi Pantaleev
ca786cc343
Revert "Upgrade Synapse (1.31 -> 1.32)"
...
This reverts commit f825c7c263
.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
4 years ago
Aaron Raimist
bb64b80697
Upgrade synapse-admin (0.7.0 -> 0.7.2)
4 years ago
Slavi Pantaleev
f825c7c263
Upgrade Synapse (1.31 -> 1.32)
4 years ago
Slavi Pantaleev
7eda6a3c12
Merge pull request #1009 from thedanbob/coturn-official
...
Switch to official coturn image
4 years ago
Slavi Pantaleev
adcecaffaf
Fix connectivity between prometheus and prometheus-node-exporter
...
Expected to have regressed after https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008
This patch comes with its own downsides (as described in the comments
for matrix_prometheus_node_exporter_container_http_host_bind_port),
but at least there's:
- no security issue
- metrics remain readable from matrix-prometheus (even if the network metrics are inaccurate)
A better patch is certainly welcome.
4 years ago
Dan Arnfield
b2ca1f2829
Add capability required by new image
4 years ago
Slavi Pantaleev
398b9f5d66
Merge pull request #1008 from sakkiii/master
...
security** node-exporter data & port publicly exposed
4 years ago