From 17c9e3f1683c635b539be1e6bf9b0e98ec60b6a0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 14 Jan 2024 10:48:26 +0200 Subject: [PATCH] Add support for the internal Traefik entrypoint to synapse-reverse-proxy-companion --- group_vars/matrix_servers | 3 + .../defaults/main.yml | 10 ++- .../tasks/validate_config.yml | 2 + .../templates/labels.j2 | 80 ++++++++++++------- 4 files changed, 64 insertions(+), 31 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index df8d4496e..c0c497271 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4384,6 +4384,9 @@ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_ad matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint }}" +matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}" +matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" + matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}" matrix_synapse_reverse_proxy_companion_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}" matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}" diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml index 65a15aff9..5fae67754 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml @@ -61,7 +61,7 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: web matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: default # noqa var-naming matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: '' -# Controls whether labels will be added that expose the Client-Server API. +# Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint. matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_enabled: true matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_path_prefix: /_matrix @@ -71,6 +71,14 @@ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefi matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_entrypoints != 'web' }}" matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver }}" # noqa var-naming +# Controls whether labels will be added that expose the Client-Server API on the internal Traefik entrypoint. +# This is similar to `matrix_synapse_container_labels_public_client_api_enabled`, but the entrypoint and intent is different. +matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled: false +matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_synapse_container_labels_public_client_api_traefik_path_prefix }}" +matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_path_prefix }}`)" +matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_priority: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority }}" +matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints: "" + # Controls whether labels will be added that expose the /_synapse/client paths matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: true matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_hostname: "{{ matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname }}" diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml index 58c885f64..5aac71e72 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/validate_config.yml @@ -16,3 +16,5 @@ - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_hostname', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled }}"} - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled }}"} + + - {'name': 'matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled }}"} diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2 index 2ee5303d9..6fc3e35db 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2 +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2 @@ -14,18 +14,18 @@ traefik.http.services.matrix-synapse-reverse-proxy-companion-federation-api.load #} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_enabled %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_rule }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_rule }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority | int > 0 %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_priority }} {% endif %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.service=matrix-synapse-reverse-proxy-companion-client-api -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_entrypoints }} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls | to_json }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.service=matrix-synapse-reverse-proxy-companion-client-api +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_entrypoints }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls | to_json }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls_certResolver }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_api_traefik_tls_certResolver }} {% endif %} {% endif %} @@ -34,23 +34,43 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-api.tls.certR #} +{# + Internal Client-API (/_matrix) +#} +{% if matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_enabled %} + +traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_rule }} + +{% if matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_priority | int > 0 %} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_priority }} +{% endif %} + +traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-api.service=matrix-synapse-reverse-proxy-companion-client-api +traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_internal_client_api_traefik_entrypoints }} + +{% endif %} +{# + /Internal Client-API (/_matrix) +#} + + {# Public Synapse Admin API (/_synapse/client) #} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_rule }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_rule }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_priority | int > 0 %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_priority }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_priority }} {% endif %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.service=matrix-synapse-reverse-proxy-companion-client-api -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_entrypoints }} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls | to_json }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.service=matrix-synapse-reverse-proxy-companion-client-api +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_entrypoints }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls | to_json }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls_certResolver }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-client-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_traefik_tls_certResolver }} {% endif %} {% endif %} @@ -64,18 +84,18 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-clien #} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_enabled %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_rule }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_rule }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority | int > 0 %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_priority }} {% endif %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.service=matrix-synapse-reverse-proxy-companion-client-api -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints }} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls | to_json }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.service=matrix-synapse-reverse-proxy-companion-client-api +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_entrypoints }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls | to_json }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-oidc-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_api_traefik_tls_certResolver }} {% endif %} {% endif %} @@ -89,18 +109,18 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-oidc- #} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_rule }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_rule }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_priority | int > 0 %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_priority }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_priority }} {% endif %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.service=matrix-synapse-reverse-proxy-companion-client-api -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_entrypoints }} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls | to_json }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.service=matrix-synapse-reverse-proxy-companion-client-api +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_entrypoints }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls | to_json }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synapse-admin-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_traefik_tls_certResolver }} {% endif %} {% endif %} @@ -114,18 +134,18 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-client-synapse-admin #} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_rule }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.rule={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_rule }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_priority | int > 0 %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_priority }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.priority={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_priority }} {% endif %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.service=matrix-synapse-reverse-proxy-companion-federation-api -traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints }} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls | to_json }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.service=matrix-synapse-reverse-proxy-companion-federation-api +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.entrypoints={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.tls={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls | to_json }} {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls %} -traefik.http.routers.matrix-synapse-reverse-proxy-companion-federation-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls_certResolver }} +traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-federation-api.tls.certResolver={{ matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls_certResolver }} {% endif %} {% endif %}