From 10fabc32bc7cf7576418ea3e1c9e7f4c55474439 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 27 Feb 2025 18:53:56 +0200
Subject: [PATCH] Rework `client_body_buffer_size`/`client_max_body_size` and
 `proxy_max_temp_file_size` configuration for
 `matrix-synapse-reverse-proxy-companion`

Until now, most sections were specifying their own values for these.
For `client_max_body_size`, a value of 25MB was hardcoded in most places.

This was generally OK, but..
Some sections (those generated by the `render_locations_to_upstream` macro), were not specifying these options
and were ending up with a default value for configuration options for `client_max_body_size` (likely 1MB), etc.

From now on:

- we use individual variables for defining these for the Client-Server
  and Federation API and apply these once at the `server` level

- we keep auto-determining the `client_max_body_size` for the
  Client-Server API based on `matrix_synapse_max_upload_size_mb`

- we keep auto-calculating the `client_max_body_size` for the Federation
  API based on the one for the Client API, but now also add a "minimum"
  value (`matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb_minimum: 100`)
  to ensure we don't go too low

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4100
---
 .../defaults/main.yml                         | 16 ++++++-
 ...ix-synapse-reverse-proxy-companion.conf.j2 | 46 +++++--------------
 2 files changed, 26 insertions(+), 36 deletions(-)

diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
index 241f0c7e9..051684ef9 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
@@ -203,14 +203,26 @@ matrix_synapse_reverse_proxy_companion_hostname: "matrix-synapse-reverse-proxy-c
 
 # matrix_synapse_reverse_proxy_companion_client_api_addr specifies the address where the Client-Server API is
 matrix_synapse_reverse_proxy_companion_client_api_addr: 'matrix-synapse:{{ matrix_synapse_container_client_api_port }}'
+
+# The maximum body size for client requests to any of the endpoints on the Client-Server API.
 # This needs to be equal or higher than the maximum upload size accepted by Synapse.
-matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: 50
+matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: 100
+
+# The buffer size for client requests to any of the endpoints on the Client-Server API.
+matrix_synapse_reverse_proxy_companion_client_api_client_body_buffer_size_mb: "{{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}"
 
 # matrix_synapse_reverse_proxy_companion_federation_api_enabled specifies whether reverse proxying for the Federation (Server-Server) API should be done
 matrix_synapse_reverse_proxy_companion_federation_api_enabled: true
 # matrix_synapse_reverse_proxy_companion_federation_api_addr specifies the address where the Federation (Server-Server) API is
 matrix_synapse_reverse_proxy_companion_federation_api_addr: 'matrix-synapse:{{ matrix_synapse_container_federation_api_plain_port }}'
-matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb | int) * 3 }}"
+
+# The maximum body size for client requests to any of the endpoints on the Federation API.
+# We auto-calculate this based on the Client-Server API's maximum body size, but use a minimum value to ensure we don't go to low.
+matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb: "{{ [matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb_minimum, (matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb | int) * 3] | max }}"
+matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb_minimum: 100
+
+# The buffer size for client requests to any of the endpoints on the Federation API.
+matrix_synapse_reverse_proxy_companion_federation_api_client_body_buffer_size_mb: "{{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}"
 
 # A list of strings containing additional configuration blocks to add to the nginx vhost handling the Synapse Client-Server API
 matrix_synapse_reverse_proxy_companion_synapse_client_api_additional_server_configuration_blocks: []
diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2
index 5c3560ef3..4d18b380d 100644
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2
@@ -91,6 +91,12 @@ server {
 	server_tokens off;
 	root /dev/null;
 
+	client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
+	client_body_buffer_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_body_buffer_size_mb }}M;
+
+	proxy_buffering on;
+	proxy_max_temp_file_size 0;
+
 	{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
 		# Client-server overrides — These locations must go to the main Synapse process
 		location ~ {{ matrix_synapse_reverse_proxy_companion_client_server_main_override_locations_regex }} {
@@ -101,10 +107,6 @@ server {
 			proxy_pass http://$backend;
 
 			proxy_set_header Host $host;
-
-			client_body_buffer_size 25M;
-			client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
-			proxy_max_temp_file_size 0;
 		}
 
 		# Client-server SSO overrides — These locations must go to the main Synapse process
@@ -116,10 +118,6 @@ server {
 			proxy_pass http://$backend;
 
 			proxy_set_header Host $host;
-
-			client_body_buffer_size 25M;
-			client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
-			proxy_max_temp_file_size 0;
 		}
 
 		# QR code login (`rendezvous`) locations need to go to the same Synapse process.
@@ -133,10 +131,6 @@ server {
 			proxy_pass http://$backend;
 
 			proxy_set_header Host $host;
-
-			client_body_buffer_size 25M;
-			client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
-			proxy_max_temp_file_size 0;
 		}
 
 		{# Workers redirects BEGIN #}
@@ -199,12 +193,7 @@ server {
 				proxy_pass http://media_repository_workers_upstream$request_uri;
 				proxy_set_header Host $host;
 
-				client_body_buffer_size 25M;
-				client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
-				proxy_max_temp_file_size 0;
-
 				{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
-					proxy_buffering        on;
 					proxy_cache            {{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }};
 					proxy_cache_valid      any {{ matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time }};
 					proxy_force_ranges on;
@@ -233,10 +222,6 @@ server {
 		proxy_pass http://$backend;
 
 		proxy_set_header Host $host;
-
-		client_body_buffer_size 25M;
-		client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
-		proxy_max_temp_file_size 0;
 	}
 }
 
@@ -246,9 +231,14 @@ server {
 	server_name {{ matrix_synapse_reverse_proxy_companion_hostname }};
 
 	server_tokens off;
-
 	root /dev/null;
 
+	client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M;
+	client_body_buffer_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_body_buffer_size_mb }}M;
+
+	proxy_buffering on;
+	proxy_max_temp_file_size 0;
+
 	{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
 		# Federation overrides — These locations must go to the main Synapse process
 		location ~ {{ matrix_synapse_reverse_proxy_companion_federation_override_locations_regex }} {
@@ -259,10 +249,6 @@ server {
 			proxy_pass http://$backend;
 
 			proxy_set_header Host $host;
-
-			client_body_buffer_size 25M;
-			client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M;
-			proxy_max_temp_file_size 0;
 		}
 
 		{% if room_workers | length > 0 %}
@@ -282,10 +268,6 @@ server {
 				proxy_pass http://media_repository_workers_upstream$request_uri;
 				proxy_set_header Host $host;
 
-				client_body_buffer_size 25M;
-				client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M;
-				proxy_max_temp_file_size 0;
-
 				{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
 					proxy_buffering        on;
 					proxy_cache            {{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }};
@@ -323,10 +305,6 @@ server {
 		proxy_pass http://$backend;
 
 		proxy_set_header Host $host;
-
-		client_body_buffer_size 25M;
-		client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M;
-		proxy_max_temp_file_size 0;
 	}
 }
 {% endif %}