Merge 9d24643a8f3b77ee5f4c8f8915b0889e0c84f19f into fb82b4672301b27bc5da9a9d3b668e37cd17a487

* Update docs/README.md: add "installation guides" section

Add the emoji to the link to quick-start.md only and not to full installation guide to emphasize the quick start guide

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: move a link to faq.md down

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: add "Maintenance" section

Add a hint to join the support room under "Maintenance" header.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: create the "configuration options" section and add a note

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: sort list items

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: emphasize the anchor link to faq.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: add other anchor links to the "other documentation pages" section

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: add the emoji ℹ️  before the anchor link to faq.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: explanation about FAQ

Remove the hint to check the installation guides as links to them are listed on top of this page.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: update text of the anchor link to docs/getting-the-playbook.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

---------

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

.github/workflows/close-stale-issues.yml

@@ -1,11 +1,14 @@
 ---
-name: 'Close stale issues'
+name: 'Close stale issues and PRs'
 on:  # yamllint disable-line rule:truthy
+  # Use this to do a dry run from a pull request
+  # pull_request:
   schedule:
     - cron: '30 1 * * *'
 
 permissions:
   issues: write
+  pull-requests: write
 
 jobs:
   stale:
@@ -14,14 +17,34 @@ jobs:
     steps:
       - uses: actions/stale@v9
         with:
-          # Don't process pull requests at all
-          days-before-pr-stale: -1
-          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
+          ######################################################################
+          # Issues/PRs
+          ######################################################################
+          exempt-assignees: 'spantaleev,aine-etke'
+          operations-per-run: 100
+          # Use this to do a dry run from a pull request
+          # debug-only: true
+          ######################################################################
+          # Issues
+          ######################################################################
+          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days. To exempt the issue from being marked as stale again due to inactivity, add "confirmed" label.'
           close-issue-message: 'This issue was closed because it has been stalled for 7 days with no activity. If this issue is still reproduced, feel free to provide the issue with up-to-date information.'
           stale-issue-label: 'stale'
           # Add this label to exempt the issue from being marked as stale due to inactivity
           exempt-issue-labels: 'confirmed'
           # An allow-list of label(s) to only process the issues which contain one of these label(s).
-          any-of-issue-labels: 'question,needs-info'
-          # Use this to do a dry run from a pull request
-          # debug-only: true
+          any-of-issue-labels: 'needs-info,question'
+          ######################################################################
+          # PRs
+          ######################################################################
+          days-before-pr-stale: '365'
+          days-before-pr-close: '30'
+          stale-pr-message: 'This PR is stale because it has not been provided with required information or its conflicts have not been fixed over a year. Remove stale label or this will be closed in 30 days. To exempt the PR from being marked as stale again due to inactivity, add "confirmed" label.'
+          close-pr-message: 'This PR was closed because it has been stalled for 30 days with no activity.'
+          stale-pr-label: 'stale'
+          # Add this label to exempt the PR from being marked as stale due to inactivity
+          exempt-pr-labels: 'confirmed'
+          # An allow-list of label(s) to only process the PRs which contain one of these label(s).
+          any-of-pr-labels: 'needs-info,needs-rebase'
+          # Use this to ignore updates such as comments (only to keep the PR alive by bumping)
+          ignore-pr-updates: true

docs/README.md

@@ -1,49 +1,86 @@
 # Table of Contents
 
-- [FAQ](faq.md) - lots of questions and answers. Jump to [Prerequisites](prerequisites.md) to avoid reading too much and to just start a guided installation.
+## ⬇️ Installaton guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md -->
 
-- [Quick start](quick-start.md) - follow the guide to set up minimum core services on your server
+There are two installation guides available for beginners and advanced users.
 
-- [Prerequisites](prerequisites.md) - go here to a guided installation using this Ansible playbook
+- ⚡ **[Quick start](quick-start.md) (for beginners)**: this is recommended for those who do not have an existing Matrix server and want to start quickly with "opinionated defaults".
 
-- [Configuring your DNS settings](configuring-dns.md)
+- **Full installation guide (for advanced users)**: if you need to import an existing Matrix server's data into the new server or want to learn more while setting up the server, follow this guide.
 
-- [Getting this playbook's source code](getting-the-playbook.md)
+    - [Prerequisites](prerequisites.md)
 
-- [Configuring the playbook](configuring-playbook.md)
+    - [Configuring your DNS settings](configuring-dns.md)
 
-- [Installing](installing.md)
+    - [Getting the playbook](getting-the-playbook.md)
 
-  - **Importing data from another server installation**
+    - [Configuring the playbook](configuring-playbook.md)
 
-    - [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional)
+    - [Installing](installing.md)
 
-    - [Importing an existing Postgres database (from another installation)](importing-postgres.md) (optional)
+## 🛠️ Configuration options
 
-    - [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional)
+<!--
+NOTE:
+- Avoid putting the same anchor links as configuring-playbook.md lists under the "configuration options" section. Note that most of them are linked to "configure-playbook-*.md" and their titles start with "Setting up" (e.g. "Setting up Hydrogen").
+-->
 
-  - [Server Delegation](howto-server-delegation.md)
+You can check useful documentation for configuring components here: [Configuring the playbook](configuring-playbook.md)
 
-    - Server Delegation via a well-known file (recommended): [Installing well-known files on the base domain's server](configuring-well-known.md#installing-well-known-files-on-the-base-domain-s-server)
+- [Administration](configuring-playbook.md#administration) -  services that help you in administrating and monitoring your Matrix installation
 
-      - [Serving the base domain](configuring-playbook-base-domain-serving.md)
+- [Authentication and user-related](configuring-playbook.md#authentication-and-user-related) - extend and modify how users are authenticated on your homeserver
 
-    - [Server Delegation via a DNS SRV record (advanced)](howto-srv-server-delegation.md)
+- [Bots](configuring-playbook.md#bots) - bots provide various additional functionality to your installation
+
+- [Bridges](configuring-playbook.md#bridging-other-networks) - bridges can be used to connect your Matrix installation with third-party communication networks
+
+- [Clients](configuring-playbook.md#clients) - web clients for Matrix that you can host on your own domains
+
+- [Core service adjustments](configuring-playbook.md#core-service-adjustments) - backbone of your Matrix system
+
+- [File Storage](configuring-playbook.md#file-storage) - use alternative file storage to the default `media_store` folder
+
+<!-- NOTE: sort list items above alphabetically -->
+
+- [Other specialized services](configuring-playbook.md#other-specialized-services) - various services that don't fit any other categories
+
+## 👨‍🔧 Maintenance
+
+If your server and services experience issues, feel free to come to [our support room](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) and ask for help.
+
+<!-- NOTE: sort list items alphabetically -->
+
+- [Checking if services work](maintenance-checking-services.md)
+
+- [Maintenance and Troubleshooting](maintenance-and-troubleshooting.md)
+
+- [PostgreSQL maintenance](maintenance-postgres.md)
+
+- [Synapse maintenance](maintenance-synapse.md)
+
+- [Upgrading services](maintenance-upgrading-services.md)
+
+## Other documentation pages <!-- NOTE: this header's title and the section below need optimization -->
+
+- ℹ️ **[FAQ](faq.md)** - various Frequently Asked Questions about Matrix, with a focus on this Ansible playbook
+
+<!-- NOTE: sort list items under faq.md alphabetically -->
+
+- [Alternative architectures](alternative-architectures.md)
+
+- [Container images used by the playbook](container-images.md)
+
+- [Obtaining an Access Token](obtaining-access-tokens.md)
 
 - [Playbook tags](playbook-tags.md)
 
 - [Registering users](registering-users.md)
 
-- [Updating users passwords](updating-users-passwords.md)
+- [Running `just` commands](just.md)
 
-- [Maintenance / checking if services work](maintenance-checking-services.md)
-
-- [Maintenance / upgrading services](maintenance-upgrading-services.md)
-
-- [Maintenance / Synapse](maintenance-synapse.md)
-
-- [Maintenance / PostgreSQL](maintenance-postgres.md)
-
-- [Maintenance and Troubleshooting](maintenance-and-troubleshooting.md)
+- [Self-building](self-building.md)
 
 - [Uninstalling](uninstalling.md)
+
+- [Updating users passwords](updating-users-passwords.md)

docs/maintenance-migrating.md

@@ -1,14 +1,67 @@
-> **Note**: This migration guide is applicable if you migrate from one server to another server having the same CPU architecture (e.g. both servers being `amd64`).
->
-> If you're trying to migrate between different architectures (e.g. `amd64` --> `arm64`), simply copying the complete `/matrix` directory is not possible as it would move the raw PostgreSQL data (`/matrix/postgres/data`) between different architectures. In this specific case, you can use the guide below as a reference, but you would also need to avoid syncing `/matrix/postgres/data` to the new host, and also dump the database on your current server and import it properly on the new server. See our [Backing up PostgreSQL](maintenance-postgres.md#backing-up-postgresql) docs for help with PostgreSQL backup/restore.
-
 # Migrating to new server
 
-1. Prepare by lowering DNS TTL for your domains (`matrix.example.com`, etc.), so that DNS record changes (step 4 below) would happen faster, leading to less downtime
-2. Stop all services on the old server and make sure they won't be starting again. Execute this on the old server: `systemctl disable --now matrix*` (you might have to cd to /etc/systemd/system/ first)
-3. Copy directory `/matrix` from the old server to the new server. Make sure to preserve ownership and permissions (use `cp -p` or `rsync -ar`)!
-4. Make sure your DNS records are adjusted to point to the new server's IP address
-5. Remove old server from the `inventory/hosts` file and add new server.
-6. Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-system-user`. This will create the `matrix` user and group on the new server
-7. Because the `matrix` user and group are created dynamically on each server, the user/group ID may differ between the old and new server. We suggest that you adjust ownership of `/matrix` files manually by running this on the new server: `chown -R matrix:matrix /matrix`.
-8. Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` to finish the installation and start all services
+This documentation explains how to migrate your Matrix services (server, client, bridges, etc.) and data **from an old server to a new server**.
+
+**Notes**:
+- This migration guide is applicable if you migrate from one server to another server having the same CPU architecture (e.g. both servers being `amd64`).
+
+  If you're trying to migrate between different architectures (e.g. `amd64` --> `arm64`), simply copying the complete `/matrix` directory is **not** possible as it would move the raw PostgreSQL data (`/matrix/postgres/data`) between different architectures. In this specific case, you can use the guide below as a reference, but you would also need to avoid syncing `/matrix/postgres/data` to the new host, and also dump the database on your current server and import it properly on the new server. See our [Backing up PostgreSQL](maintenance-postgres.md#backing-up-postgresql) docs for help with PostgreSQL backup/restore.
+- If you have any questions about migration or encountered an issue during migration, do not hesitate to ask for help on [our Matrix room](https://matrix.to/#/%23matrix-docker-ansible-deploy:devture.com). You probably might want to prepare a temporary/sub account on another Matrix server in case it becomes impossible to use your server due to migration failure by any chance.
+
+- You can't change the domain (specified in the `matrix_domain` variable) after the initial deployment.
+
+## Lower DNS TTL
+
+Prepare by lowering DNS TTL for your domains (`matrix.example.com`, etc.), so that DNS record changes would happen faster, leading to less downtime.
+
+## Stop services on the old server completely
+
+Before migrating, you need to stop all services on the old server and make sure they won't be starting again.
+
+To do so, it is recommended to run the `systemctl` command on the server. Running the playbook's `stop` tag also stops the services, but just once; they will start again if you reboot the server.
+
+Log in to the old server and run the command as `root` (or a user that can run it with `sudo`):
+
+```sh
+cd /etc/systemd/system/ && systemctl disable --now matrix*
+```
+
+## Copy data directory to the new server
+
+After you've confirmed that all services were stopped, copy the `/matrix` directory from the old server to the new server. When copying, make sure to preserve ownership and permissions (use `cp -p` or `rsync -ar`)!
+
+## Adjust DNS records
+
+Make sure your DNS records are adjusted to point to the new server's IP address.
+
+## Update `inventory/hosts` file
+
+Having adjusted DNS records, replace the old server's external IP address on the `inventory/hosts` file with that of the new server.
+
+## Create `matrix` user and group on the new server
+
+Then, run the command below on your local computer to create the `matrix` user and group on the new server:
+
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-system-user
+```
+
+**Note**: because the `matrix` user and group are created dynamically on each server, the user/group ID may differ between the old and new server. We suggest that you adjust ownership of `/matrix` files. To adjust the ownership, log in to the new server and run the command:
+
+```sh
+chown -R matrix:matrix /matrix
+```
+
+## Install and start all services on the new server
+
+Finally, run the command below on your local computer to finish the installation and start all services:
+
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
+```
+
+### Check if services work
+
+After starting the services, you probably might want to ensure that you've migrated things correctly and that services are running. For instructions, see: [check if services work](maintenance-checking-services.md)
+
+Having make sure that both services and federation work as expected, you can safely shutdown the old server.

docs/maintenance-upgrading-services.md

@@ -14,27 +14,37 @@ If you want to be notified when new versions of Synapse are released, you should
 
 ## Steps to upgrade the Matrix services
 
+### Check the changelog
+
 Before updating the playbook and the Ansible roles in the playbook, take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of.
 
-If it looks good to you, go to the `matrix-docker-ansible-deploy` directory, then:
+### Update the playbook and the Ansible roles
 
-- update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) using:
+If it looks good to you, go to the `matrix-docker-ansible-deploy` directory, update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) by running:
 
-  - either: `just update`
-  - or: a combination of `git pull` and `just roles` (or `make roles` if you have `make` program on your computer instead of `just`)
+- either: `just update`
+- or: a combination of `git pull` and `just roles` (or `make roles` if you have `make` program on your computer instead of `just`)
 
-  If you don't have either `just` tool or `make` program, you can run the `ansible-galaxy` tool directly: `rm -rf roles/galaxy; ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force`
+If you don't have either `just` tool or `make` program, you can run the `ansible-galaxy` tool directly: `rm -rf roles/galaxy; ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force`
 
-  For details about `just` commands, take a look at: [Running `just` commands](just.md).
+**Note**: for details about `just` commands, take a look at: [Running `just` commands](just.md).
 
-- re-run the [playbook setup](installing.md#maintaining-your-setup-in-the-future) and restart all services:
+### Re-run the playbook setup
 
-  ```sh
-  ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
-  ```
+After updating the Ansible roles, then re-run the [playbook setup](installing.md#maintaining-your-setup-in-the-future) and restart all services:
 
-Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [this page on the playbook tags](playbook-tags.md) for more information.
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
+```
 
-A way to invoke these `ansible-playbook` commands with less typing is to run the `just` "recipe": `just install-all` or `just setup-all`.
+If you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [this page on the playbook tags](playbook-tags.md) for more information.
 
-**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
+#### Run `just` to execute shortcut command
+
+If you want to invoke the `ansible-playbook` command with less typing, you can run `just` to execute the shortcut command: `just install-all` (or `just setup-all`). Note that it restarts all services automatically.
+
+## PostgreSQL major version upgrade
+
+Major version upgrades to the internal PostgreSQL database are not done automatically. Upgrades must be performed manually.
+
+For details about upgrading it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).

docs/quick-start.md

@@ -25,6 +25,8 @@ Please remember to replace `example.com` with your own domain before running any
 
 At first, **check prerequisites** and prepare for installation by setting up programs [on your own computer](prerequisites.md#your-local-computer) and [your server](prerequisites.md#server). You also need `root` access on your server (a user that could elevate to `root` via `sudo` also works).
 
+When preparing your server, make sure to check [the server specs you need](faq.md#what-kind-of-server-specs-do-i-need). We recommend starting with a server having at least 2GB of memory.
+
 <!--
 TODO: Add one liners (or instructions, a script, etc.) for easy and consistent installation of required software. See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3757
 -->
@@ -171,7 +173,7 @@ After configuring the playbook, run the command below and wait until it finishes
 ansible-playbook -i inventory/hosts setup.yml --tags=install-matrix-static-files,start
 ```
 
-💡 Running the `install-matrix-static-files` playbook tag (as done here) is an optimized version of running [the full setup command](#run-the-installation-command).
+💡 Running the `install-matrix-static-files` playbook tag (as done here) is an optimized version of running [the full setup command](#run-installation-command).
 
 After the command finishes, you can also check whether your server federates with the Matrix network by using the [Federation Tester](https://federationtester.matrix.org/) against your base domain (`example.com`), not the `matrix.example.com` subdomain.
 

group_vars/matrix_servers

@@ -3063,6 +3063,8 @@ matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in [
 
 matrix_bot_draupnir_container_network: "{{ matrix_addons_container_network }}"
 
+matrix_bot_draupnir_admin_api_enabled: "{{ matrix_bot_draupnir_room_hijack_enabled }}"
+
 matrix_bot_draupnir_container_additional_networks_auto: |-
   {{
     (
@@ -4718,6 +4720,7 @@ matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matr
 matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
 
 matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
+matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled: "{{ matrix_bot_draupnir_admin_api_enabled }}"
 
 matrix_synapse_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
 matrix_synapse_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
@@ -4909,6 +4912,7 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_compression_midd
 
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"
+matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled }}"
 
 matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_public_federation_api_traefik_entrypoints }}"
 matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls: "{{ matrix_synapse_container_labels_public_federation_api_traefik_tls }}"

requirements.yml

@@ -10,7 +10,7 @@
   version: v0.2.0-0
   name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.4.2
+  version: 7.4.3
   name: docker
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
   version: 129c8590e106b83e6f4c259649a613c6279e937a

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -84,6 +84,13 @@ matrix_bot_draupnir_raw_homeserver_url: ""
 # Its Exposed here because its common enough to be valid to expose.
 matrix_bot_draupnir_disable_server_acl: "false"
 
+# Used to control if the Synapse Admin API is exposed internally to the containers and therefore giving Draupnir Access.
+matrix_bot_draupnir_admin_api_enabled: false
+
+# Controls if the draupnir room hijack command is activated or not. This also automatically enables the internal admin API
+# in the process of activation.
+matrix_bot_draupnir_room_hijack_enabled: false
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

@@ -138,7 +138,7 @@ admin:
   # (with enough permissions) to "make" a user an admin.
   #
   # This only works if a local user with enough admin permissions is present in the room.
-  enableMakeRoomAdminCommand: false
+  enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_room_hijack_enabled | to_json }}
 
 # Misc options for command handling and commands
 commands:

roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2

@@ -149,6 +149,44 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synaps
 ############################################################
 {% endif %}
 
+{% if matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_enabled %}
+############################################################
+#                                                          #
+# Internal Synapse Admin API (/_synapse/client)            #
+#                                                          #
+############################################################
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-client-api.rule=PathPrefix(`/_synapse/client`)
+
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-client-api.service=matrix-synapse-reverse-proxy-companion-client-api
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-client-api.entrypoints=matrix-internal-matrix-client-api
+
+############################################################
+#                                                          #
+# /Internal Synapse Admin API (/_synapse/client)           #
+#                                                          #
+############################################################
+
+
+############################################################
+#                                                          #
+# Internal Synapse Admin API (/_synapse/admin)             #
+#                                                          #
+############################################################
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-admin-api.rule=PathPrefix(`/_synapse/admin`)
+
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-admin-api.service=matrix-synapse-reverse-proxy-companion-client-api
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-admin-api.entrypoints=matrix-internal-matrix-client-api
+
+############################################################
+#                                                          #
+# /Internal Synapse Admin API (/_synapse/admin)            #
+#                                                          #
+############################################################
+{% endif %}
 
 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled %}
 ############################################################