Announce HTTP-compression and timeout adjustments for Traefik-based setups

CHANGELOG.md

@@ -1,3 +1,49 @@
+# 2024-11-14
+
+## HTTP-compression support for Traefik-based setups
+
+The playbook now **automatically enables HTTP-compression support** for major services powered by the playbook, like [Cinny](./docs/configuring-playbook-client-cinny.md), [Element Web](./docs/configuring-playbook-client-element-web.md), [Hydrogen](./docs/configuring-playbook-client-hydrogen.md), as well as for Matrix Client-Server and Federation APIs (`matrix.example.com`).
+
+Other services installed by the playbook are currently not compression-enabled, but may become so over time.
+This change is rolled out on a per-service basis (as opposed to doing it globally, at the Traefik entrypoint level) to allow certain services or route endpoints which do not behave well when compressed (e.g. [issue 3749](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3749)) to be excluded from compression.
+
+A long time ago, various services were operating with `gzip`-compression enabled at the nginx level. Since the switch to Traefik (see [Goodbye, `matrix-nginx-proxy` 🪦](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/57c5271d9d6265a34a9d9cceb93365f685074f96/CHANGELOG.md#goodbye-matrix-nginx-proxy-)), all services (with the exception of Matrix APIs for Synapse worker-enabled setups which are powered by `nginx` via `synapse-reverse-proxy-companion`) have been operating without HTTP-compression support.
+
+HTTP-compression is now done via Traefik's [compress](https://doc.traefik.io/traefik/middlewares/http/compress/) middleware. We use the default configuration for this middleware, which enables `zstd`, `br` and `gzip` support (in this order).
+This middleware's configuration can be configured via variables in the Traefik role (see `traefik_config_http_middlewares_compression_middleware_options`).
+
+If you're using your own Traefik reverse-proxy server ([Traefik managed by you](./docs/configuring-playbook-own-webserver.md#traefik-managed-by-you)) instead of the playbook's integrated Traefik service, you can benefit from the same by:
+
+- defining a [compress](https://doc.traefik.io/traefik/middlewares/http/compress/) middleware (via the [file](https://doc.traefik.io/traefik/providers/file/) or [Docker](https://doc.traefik.io/traefik/providers/docker/) providers)
+- setting `matrix_playbook_reverse_proxy_traefik_middleware_compession_enabled` to `true`
+- specifying the middleware's name in `matrix_playbook_reverse_proxy_traefik_middleware_compession_name` (e.g. `matrix_playbook_reverse_proxy_traefik_middleware_compession_name: my-compression-middleware@file`)
+
+## Timeout adjustments for Traefik-based setups
+
+The playbook now supports configuring various [transport.respondingTimeouts](https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts) timeout values (`readTimeout`, `writeTimeout`, `idleTimeout`) for the `web`, `web-secure` and `matrix-federation` entrypoints.
+
+If you're using your own Traefik reverse-proxy server ([Traefik managed by you](./docs/configuring-playbook-own-webserver.md#traefik-managed-by-you)) instead of the playbook's integrated Traefik service, you may wish to do similar configuration changes to your setup manually.
+
+The most interesting of these is the `readTimeout` configuration value (the maximum duration for reading the entire request, including the body), which used to default to `60s`.
+For large and slowly progressing file uploads, `60s` would often not be enough for the transfer to finish and uploads would end up being interrupted.
+The playbook now raises the `readTimeout` value to 5 minutes (`300s`) to improve this use-case.
+
+The `traefik_config_entrypoint_web_transport_respondingTimeouts_*` variables (for the `web` entrypoint) cascade to affecting the timeout values for the `web-secure` and `matrix-federation` entrypoints, so you can easily adjust all timeout values using them.
+
+Example of the default timeout values used by the playbook:
+
+```yml
+traefik_config_entrypoint_web_transport_respondingTimeouts_readTimeout: 300s
+
+# 0s means "no timeout"
+traefik_config_entrypoint_web_transport_respondingTimeouts_writeTimeout: 0s
+
+traefik_config_entrypoint_web_transport_respondingTimeouts_idleTimeout: 180s
+```
+
+Alternatively, you may adjust the timeout values for specific entrypoints (like `web-secure` and `matrix-federation`) using dedicated variables (like `traefik_config_entrypoint_web_secure_transport_respondingTimeouts_readTimeout` and `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_transport_respondingTimeouts_readTimeout`).
+
+
 # 2024-11-08
 
 ## Support for synapse-admin auto-configuration via /.well-known/matrix/client

docs/configuring-playbook-own-webserver.md

@@ -41,6 +41,14 @@ traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory"
 # Uncomment and adjust the variable below if the name of your federation entrypoint is different
 # than the default value (matrix-federation).
 # matrix_federation_traefik_entrypoint_name: matrix-federation
+
+# Uncomment and adjust the variables below if you'd like to enable HTTP-compression.
+#
+# For this to work, you will need to define a compress middleware (https://doc.traefik.io/traefik/middlewares/http/compress/) for your Traefik instance
+# using a file (https://doc.traefik.io/traefik/providers/file/) or Docker (https://doc.traefik.io/traefik/providers/docker/) configuration provider.
+#
+# matrix_playbook_reverse_proxy_traefik_middleware_compession_enabled: true
+# matrix_playbook_reverse_proxy_traefik_middleware_compession_name: my-compression-middleware@file
 ```
 
 In this mode all roles will still have Traefik labels attached. You will, however, need to configure your Traefik instance and its entrypoints.
@@ -84,7 +92,7 @@ version: "3.3"
 services:
 
   traefik:
-    image: "docker.io/traefik:v2.9.6"
+    image: "docker.io/traefik:v3.2.0"
     restart: always
     container_name: "traefik"
     networks: