From 609cf5940e889b37bb1af292adf349ac3a3def1c Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 14 Nov 2024 16:24:30 +0200
Subject: [PATCH] Enable (Traefik compression middleware)-assisted compression
 for Synapse

This likely breaks QR code login for non-worker Synapse setups.

See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3749
---
 group_vars/matrix_servers                     |  3 ++
 roles/custom/matrix-synapse/defaults/main.yml |  5 ++
 .../matrix-synapse/tasks/validate_config.yml  |  2 +
 .../templates/synapse/labels.j2               | 48 +++++++++++++++++++
 4 files changed, 58 insertions(+)

diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index cfd383652..dd4905958 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -4676,6 +4676,9 @@ matrix_synapse_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_prim
 matrix_synapse_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 matrix_synapse_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
 
+matrix_synapse_container_labels_traefik_compression_middleware_enabled: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compession_enabled }}"
+matrix_synapse_container_labels_traefik_compression_middleware_name: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compession_name if matrix_playbook_reverse_proxy_traefik_middleware_compession_enabled else '' }}"
+
 matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_workers_enabled }}"
 
 matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_public_client_root_redirection_url != '' }}"
diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index dc8705721..cdc117443 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -186,6 +186,11 @@ matrix_synapse_container_labels_traefik_entrypoints: web-secure
 matrix_synapse_container_labels_traefik_tls_certResolver: default  # noqa var-naming
 matrix_synapse_container_labels_traefik_hostname: ''
 
+# Controls whether a compression middleware will be injected into the middlewares list.
+# This compression middleware is supposed to be defined elsewhere (using labels or a File provider, etc.) and is merely referenced by this router.
+matrix_synapse_container_labels_traefik_compression_middleware_enabled: false
+matrix_synapse_container_labels_traefik_compression_middleware_name: ""
+
 # Controls whether Matrix-related labels will be added.
 #
 # When set to false, variables like the following take no effect:
diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml
index b53566c8e..e1e6fbe27 100644
--- a/roles/custom/matrix-synapse/tasks/validate_config.yml
+++ b/roles/custom/matrix-synapse/tasks/validate_config.yml
@@ -39,6 +39,8 @@
     - {'name': 'matrix_synapse_experimental_features_msc3861_admin_token', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"}
     - {'name': 'matrix_synapse_experimental_features_msc3861_account_management_url', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"}
 
+    - {'name': 'matrix_synapse_container_labels_traefik_compression_middleware_name', when: "{{ matrix_synapse_container_labels_traefik_compression_middleware_enabled }}"}
+
 - name: Fail if asking for more than 1 instance of single-instance workers
   ansible.builtin.fail:
     msg: >-
diff --git a/roles/custom/matrix-synapse/templates/synapse/labels.j2 b/roles/custom/matrix-synapse/templates/synapse/labels.j2
index fd472b3fc..940e5b457 100644
--- a/roles/custom/matrix-synapse/templates/synapse/labels.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/labels.j2
@@ -19,6 +19,10 @@ traefik.http.services.matrix-synapse-metrics.loadbalancer.server.port={{ matrix_
 
 {% set client_root_middlewares = [] %}
 
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set client_root_middlewares = client_root_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_client_root_redirection_enabled %}
 {% set client_root_middlewares = client_root_middlewares + ['matrix-synapse-public-client-root-redirect'] %}
 traefik.http.middlewares.matrix-synapse-public-client-root-redirect.redirectregex.regex=(.*)
@@ -66,8 +70,18 @@ traefik.http.routers.matrix-synapse-public-client-root.tls.certResolver={{ matri
 #                                                          #
 ############################################################
 
+{% set client_api_middlewares = [] %}
+
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set client_api_middlewares = client_api_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 traefik.http.routers.matrix-synapse-public-client-api.rule={{ matrix_synapse_container_labels_public_client_api_traefik_rule }}
 
+{% if client_api_middlewares | length > 0 %}
+traefik.http.routers.matrix-synapse-public-client-api.middlewares={{ client_api_middlewares | join(',') }}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_client_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-public-client-api.priority={{ matrix_synapse_container_labels_public_client_api_traefik_priority }}
 {% endif %}
@@ -120,8 +134,18 @@ traefik.http.routers.matrix-synapse-internal-client-api.entrypoints={{ matrix_sy
 #                                                          #
 ############################################################
 
+{% set synapse_client_api_middlewares = [] %}
+
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set synapse_client_api_middlewares = synapse_client_api_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 traefik.http.routers.matrix-synapse-public-client-synapse-client-api.rule={{ matrix_synapse_container_labels_public_client_synapse_client_api_traefik_rule }}
 
+{% if synapse_client_api_middlewares | length > 0 %}
+traefik.http.routers.matrix-synapse-public-client-synapse-client-api.middlewares={{ synapse_client_api_middlewares | join(',') }}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_client_synapse_client_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-public-client-synapse-client-api.priority={{ matrix_synapse_container_labels_public_client_synapse_client_api_traefik_priority }}
 {% endif %}
@@ -149,8 +173,18 @@ traefik.http.routers.matrix-synapse-public-client-synapse-client-api.tls.certRes
 #                                                          #
 ############################################################
 
+{% set synapse_admin_api_middlewares = [] %}
+
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set synapse_admin_api_middlewares = synapse_admin_api_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 traefik.http.routers.matrix-synapse-public-client-synapse-admin-api.rule={{ matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_rule }}
 
+{% if synapse_admin_api_middlewares | length > 0 %}
+traefik.http.routers.matrix-synapse-public-client-synapse-admin-api.middlewares={{ synapse_admin_api_middlewares | join(',') }}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-public-client-synapse-admin-api.priority={{ matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_priority }}
 {% endif %}
@@ -178,8 +212,18 @@ traefik.http.routers.matrix-synapse-public-client-synapse-admin-api.tls.certReso
 #                                                          #
 ############################################################
 
+{% set federation_api_middlewares = [] %}
+
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set federation_api_middlewares = federation_api_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 traefik.http.routers.matrix-synapse-public-federation-api.rule={{ matrix_synapse_container_labels_public_federation_api_traefik_rule }}
 
+{% if federation_api_middlewares | length > 0 %}
+traefik.http.routers.matrix-synapse-public-federation-api.middlewares={{ federation_api_middlewares | join(',') }}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_federation_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-public-federation-api.priority={{ matrix_synapse_container_labels_public_federation_api_traefik_priority }}
 {% endif %}
@@ -216,6 +260,10 @@ traefik.http.routers.matrix-synapse-public-federation-api.tls.certResolver={{ ma
 
 {% set metrics_middlewares = [] %}
 
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set metrics_middlewares = metrics_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_metrics_middleware_basic_auth_enabled %}
 {% set metrics_middlewares = metrics_middlewares + ['matrix-synapse-metrics-basic-auth'] %}
 traefik.http.middlewares.matrix-synapse-metrics-basic-auth.basicauth.users={{ matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users }}