diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 7419f6be3..fec84c5bf 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -117,19 +117,6 @@ matrix_nginx_proxy_container_federation_host_bind_port: '8448' # Option to disable the access log matrix_nginx_proxy_access_log_enabled: true -# Controls whether proxying for Dendrite should be done. -matrix_nginx_proxy_proxy_dendrite_enabled: false -matrix_nginx_proxy_proxy_dendrite_hostname: "matrix-nginx-proxy" -matrix_nginx_proxy_proxy_dendrite_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}" -# Controls whether the Client API server (usually at matrix.DOMAIN:443) should explicitly reject `/_matrix/federation` endpoints. -# Normally, Dendrite Monolith serves both APIs (Client & Federation) at the same port, so we can serve federation at `matrix.DOMAIN:443` too. -matrix_nginx_proxy_proxy_dendrite_block_federation_api_on_client_port: true -# The addresses where the Matrix Client API is, when using Dendrite. -matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "" -matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "" -# A list of strings containing additional configuration blocks to add to the Dendrite's server configuration (matrix-dendrite.conf). -matrix_nginx_proxy_proxy_dendrite_additional_server_configuration_blocks: [] - # Controls whether proxying the Element domain should be done. matrix_nginx_proxy_proxy_element_enabled: false matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}" diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index e82b9d701..261bbf207 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -44,19 +44,6 @@ mode: 0644 when: matrix_nginx_proxy_enabled | bool -- name: Ensure Matrix nginx-proxy configuration for matrix-dendrite exists - ansible.builtin.template: - src: "{{ role_path }}/templates/nginx/conf.d/matrix-dendrite.conf.j2" - dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf" - mode: 0644 - when: matrix_nginx_proxy_proxy_dendrite_enabled | bool - -- name: Ensure Matrix nginx-proxy configuration for matrix-dendrite deleted - ansible.builtin.file: - path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf" - state: absent - when: "not matrix_nginx_proxy_proxy_dendrite_enabled | bool" - - name: Ensure Matrix nginx-proxy configuration for Element domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2" diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 deleted file mode 100644 index 10eccf373..000000000 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 +++ /dev/null @@ -1,77 +0,0 @@ -#jinja2: lstrip_blocks: "True" - -server { - listen 12080; - server_name {{ matrix_nginx_proxy_proxy_dendrite_hostname }}; - - server_tokens off; - root /dev/null; - - gzip on; - gzip_types text/plain application/json; - - {% for configuration_block in matrix_nginx_proxy_proxy_dendrite_additional_server_configuration_blocks %} - {{- configuration_block }} - {% endfor %} - - {% if matrix_nginx_proxy_proxy_dendrite_block_federation_api_on_client_port %} - location /_matrix/federation { - {% if matrix_nginx_proxy_proxy_dendrite_federation_api_enabled %} - return 404 'The Federation API is served at https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}'; - {% else %} - return 404 'This Matrix server is running with federation disabled'; - {% endif %} - } - {% endif %} - - {# Everything else just goes to the API server ##} - location / { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - } -} - -{% if matrix_nginx_proxy_proxy_dendrite_federation_api_enabled %} -server { - listen 12088; - - server_name {{ matrix_nginx_proxy_proxy_dendrite_hostname }}; - server_tokens off; - - root /dev/null; - - gzip on; - gzip_types text/plain application/json; - - location / { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - } -} -{% endif %} diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index 9516c2973..ec37a325e 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -113,7 +113,14 @@ - {'old': 'matrix_nginx_proxy_proxy_conduit_federation_api_addr_with_container', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_conduit_federation_api_addr_sans_container', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_conduit_additional_server_configuration_blocks', 'new': ''} - - {'old': 'matrix_nginx_proxy_proxy_conduit_additional_server_configuration_blocks', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_dendrite_enabled', 'new': 'matrix_dendrite_container_labels_traefik_enabled'} + - {'old': 'matrix_nginx_proxy_proxy_dendrite_block_federation_api_on_client_port', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_dendrite_federation_api_enabled', 'new': 'matrix_dendrite_container_labels_federation_api_enabled'} + - {'old': 'matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_dendrite_additional_server_configuration_blocks', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_synapse_enabled', 'new': 'matrix_synapse_container_labels_traefik_enabled'} - {'old': 'matrix_nginx_proxy_proxy_synapse_federation_api_enabled', 'new': 'matrix_synapse_container_labels_federation_api_enabled'} - {'old': 'matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container', 'new': ''} @@ -121,7 +128,6 @@ - {'old': 'matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks', 'new': ''} - - {'old': 'matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks', 'new': ''} - name: (Deprecation) Catch and report matrix_postgres variables ansible.builtin.fail: