Commit Graph

5449 Commits

Author SHA1 Message Date
Slavi Pantaleev
a302a7d748 Only run federation on 8448 and client on 80
This disables federation on the 80 port, as it's
not necessary. We also disable the old Angular webclient.

For the federation port (8448), we disable the client APIs
as those are not necessary. Those can even cause trouble
if one doesn't know about them and thinks that guarding the client
APIs at the 80 port is enough.
2018-08-17 07:55:58 +03:00
Slavi Pantaleev
1a97a30019 Update README 2018-08-15 11:41:53 +03:00
Slavi Pantaleev
74093dfb15 Add mxisd Identity Server support 2018-08-15 10:46:13 +03:00
Slavi Pantaleev
617712000e Minor wording improvements 2018-08-15 10:19:31 +03:00
Slavi Pantaleev
dcf19154b2 Update README 2018-08-15 09:02:29 +03:00
Slavi Pantaleev
f3267479b8 Update README 2018-08-15 09:01:41 +03:00
Slavi Pantaleev
1c71cb110e Change SSL certificate obtaining a bit 2018-08-14 14:50:10 +03:00
Slavi Pantaleev
21da2f572b Add email-sending support 2018-08-14 14:47:44 +03:00
Slavi Pantaleev
cab54879d1 Update dependencies 2018-08-11 09:44:11 +03:00
Slavi Pantaleev
084a0a0e53 Minor consistency improvement 2018-08-08 10:47:03 +03:00
Slavi Pantaleev
f254aaf44a Improve wording a bit 2018-08-08 10:10:16 +03:00
Slavi Pantaleev
30c53cdea2 Split README into a bunch of files in docs/ 2018-08-08 10:07:02 +03:00
Slavi Pantaleev
700602eed3 Rename a bunch of playbook variables for better consistency 2018-08-08 09:17:18 +03:00
Slavi Pantaleev
336785d1ed Rename Ansible playbook tag (setup-main -> setup-all) 2018-08-08 09:03:37 +03:00
Slavi Pantaleev
3fd6fd647f Put all containers in their own isolated Docker network (matrix)
Moving away from using the default bridge network to using our own.
This isolates our services from other Docker containers running
on the default network on the same host.

The benefits are that:

- isolation is a little better - we no longer share a default
bridge network with any other containers that might be running on the host

- there are no longer hard dependencies - we do service discovery
by DNS name, and not via explicit `--link` usage during container start,
so containers can start out of order and fail without bringing down others
with them
(`matrix-nginx-proxy` can continue running, even if one of the other services dies)

In the future, when other services get introduced,
the increased resilience and simplicity will help as well.
2018-08-08 08:57:48 +03:00
Slavi Pantaleev
b88fe971d6 Fix matrix-nginx-proxy.service dependency on riot-web, if riot-web disabled 2018-08-07 15:39:57 +03:00
Slavi Pantaleev
cdf4eefdf9 Fix typos 2018-08-07 15:08:46 +03:00
Slavi Pantaleev
f6950612a5 Upgrade dependencies 2018-08-02 21:26:25 +03:00
Slavi Pantaleev
6cb14be162 Upgrade dependencies 2018-07-30 16:18:17 +03:00
Slavi Pantaleev
ae7e8e61c6 Update dependencies 2018-07-20 08:28:02 -04:00
Slavi Pantaleev
e4d0a68460 Update riot-web (0.15.5 -> 0.15.6) 2018-06-30 18:51:25 +03:00
Slavi Pantaleev
839b401b28 Set up Synapse configuration using a template (not line/regexp replacements)
Until now, we were starting from a fresh configuration, as generated
by Synapse and manipulating it with regex and line replacements,
until we made it work.

This is more fragile and less predictable, so we're moving to a static
configuration file generated from a Jinja template.

The upside is that configuration will be stable and predictable.

The downside of this new approach is that any manual configuration changes
after the playbook is done, will be thrown away on future playbook
invocations.

There are 2 ways to work around the need for manual configuration
changes though:
- making them part of this playbook and its default template
configuration files (which benefits everyone)
- going your own way for a given host and overriding the template files
that gets used (that is, the
`matrix_synapse_template_synapse_homeserver` or
`matrix_synapse_template_synapse_log` variables)
2018-06-26 21:05:59 +03:00
Slavi Pantaleev
add8169c33 Remove deprecated "ssl" directive from nginx configuration 2018-06-26 20:43:57 +03:00
Slavi Pantaleev
053328be08 Fix nginx failing to start on certain low-cache CPUs 2018-06-26 20:40:48 +03:00
Slavi Pantaleev
1725c3e698 Upgrade riot-web (0.15.4 -> 0.15.5) 2018-06-21 09:44:38 +03:00
Slavi Pantaleev
776b374f41 Indicate that some distributions require a manual python install 2018-06-21 09:42:27 +03:00
Slavi Pantaleev
be93e97627 Revert "Indicate that Ubuntu Bionic (18.04) is not supported yet"
This reverts commit 8d774db3bc.

Docker is released in the Docker CE stable repository now.

Additionally, it's version 18.03, which doesn't suffer
any of the problems we've observed with 18.05 (edge/nightly).
2018-06-21 09:33:06 +03:00
Slavi Pantaleev
6335485ad3 Upgrade Synapse (0.31.1 -> 0.31.2) 2018-06-15 00:00:01 +03:00
Slavi Pantaleev
a5877eadd4 Upgrade Synapse (0.31.0 -> 0.31.1) 2018-06-08 18:25:12 +03:00
Slavi Pantaleev
4ebf6bbf27 Upgrade Synapse (0.30.0 -> 0.31.0) 2018-06-07 10:14:36 +03:00
Slavi Pantaleev
ff8f1bc65f Upgrade Docker images 2018-06-06 17:35:29 +03:00
Slavi Pantaleev
47446a2b26 Fix README typos 2018-06-06 17:21:04 +03:00
Slavi Pantaleev
1670a20937 Clean up riot-web UI (disable custom URLs and guest usage)
This playbook does not set up guest access in Synapse anyway,
so until the need comes (or someone asks for it), guest access
is removed from riot-web's UI too.

As for supporting custom URLs, this is also not something
that seems like it'd be useful to most deployments.
2018-05-30 15:36:09 +03:00
Slavi Pantaleev
5399e2b6bb Do not require (but want) matrix-coturn.service in matrix-synapse
It's not really a requirement, as it can function without it.
Also, restarting matrix-coturn doesn't need to restart matrix-synapse.
2018-05-29 13:38:41 +03:00
Slavi Pantaleev
62d1b13c91 Minor improvements to the Postgres-upgrade tasks 2018-05-29 11:23:17 +03:00
Slavi Pantaleev
2fa4ced6a7 Add support information 2018-05-29 09:58:36 +03:00
Slavi Pantaleev
3390165113 Document the Docker images being used 2018-05-29 09:53:01 +03:00
Slavi Pantaleev
8d774db3bc Indicate that Ubuntu Bionic (18.04) is not supported yet
We have 2 blockers that prevent us from adding support:

- the Docker CE repository does not publish a `docker-ce` package
in the `stable` channel. It's still in `edge`
(can be worked around by using `edge`, but we'd better not)

- Docker bind propagation has troubles on Docker CE 18.05,
which breaks matrix-synapse.service from starting, as it wants to do
a `:slave` mount. See https://github.com/moby/moby/issues/37032
2018-05-29 09:25:30 +03:00
Slavi Pantaleev
7527929824 Update README to reflect recent changes 2018-05-28 20:53:02 +03:00
Slavi Pantaleev
d107ab2540 Add support for upgrading Postgres
Since cbee084ac1, this playbook supports Postgres 10.x,
but keeps existing Postgres-9.x installs on 9.x.

This playbook can now also be ran with `--tags=upgrade-postgres`
to make it upgrade from Postgres 9.x to 10.x (or other versions
in the future).
2018-05-28 20:40:42 +03:00
Slavi Pantaleev
cbee084ac1 Use Postgres 10.x by default (only for new installs)
This playbook just tries to avoid trying to setup a Postgres 10
database with existing 9.x files, as that makes Postgres complain.

Due to this, existing installs (still on 9.x) are detected
and left on Postgres 9.x.
They need to be upgraded to Postgres 10.x manually.
2018-05-28 20:16:02 +03:00
Slavi Pantaleev
f1b4730e82 Update Docker images 2018-05-26 12:25:09 +03:00
Slavi Pantaleev
b3e62126db Switch Docker image to official one
Switching from from avhost/docker-matrix (silviof/docker-matrix)
to matrixdotorg/synapse.

The avhost/docker-matrix (silviof/docker-matrix) image used to bundle
in the coturn STUN/TURN server, so as part of the move,
we're separating this to a separately-ran service
(matrix-coturn.service, powered by instrumentisto/coturn-docker-image)
2018-05-25 21:58:53 +03:00
Slavi Pantaleev
3af3ef48fc Make .log.config modifications respect whitespace
A `.log.config` file may be generated with a different
level of indentation depending on which (Docker image, etc.)
generates it.

With this patch, we tolerate different levels of indentation
(2 spaces, 4 spaces, etc.) and don't break the configuration.
2018-05-25 13:15:17 +03:00
Slavi Pantaleev
67a98e51d9 Make the riot-web container run without root privileges 2018-05-14 14:31:43 +03:00
Slavi Pantaleev
bd580d3b9a Update dependencies 2018-05-14 14:31:00 +03:00
Slavi Pantaleev
a367172b67 Update dependencies 2018-04-28 13:38:44 +03:00
Slavi Pantaleev
7de11261b1 Update Docker images 2018-04-11 18:51:32 +02:00
Slavi Pantaleev
af54d60b0f Update Docker images 2018-04-03 18:49:05 +03:00
Slavi Pantaleev
5d9ddd1627 Update Docker images 2018-03-16 10:22:09 +02:00