From 650e0cbc28b9e58ebb55f00887321730c42f13c1 Mon Sep 17 00:00:00 2001 From: cellarspoon Date: Sun, 12 Dec 2021 23:31:37 +0100 Subject: [PATCH] feat: proxying support Part of https://git.coopcloud.tech/coop-cloud/matrix-synapse/issues/1. --- abra.sh | 1 + compose.yml | 35 +++++++++++++++++++++++++++-------- homeserver.yaml.tmpl | 2 +- nginx.conf.tmpl | 26 ++++++++++++++++++++++++++ 4 files changed, 55 insertions(+), 9 deletions(-) create mode 100644 nginx.conf.tmpl diff --git a/abra.sh b/abra.sh index 607a440..c69a704 100644 --- a/abra.sh +++ b/abra.sh @@ -1,2 +1,3 @@ export ENTRYPOINT_CONF_VERSION=v1 export TURNSERVER_CONF_VERSION=v1 +export NGINX_CONFIG_VERSION=v1 diff --git a/compose.yml b/compose.yml index 2af1635..57c3653 100644 --- a/compose.yml +++ b/compose.yml @@ -2,6 +2,28 @@ version: "3.8" services: + web: + image: nginx:1.20.0 + networks: + - proxy + - internal + environment: + - DOMAIN + - STACK_NAME + configs: + - source: nginx_config + target: /etc/nginx/nginx.conf + deploy: + restart_policy: + condition: on-failure + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "coop-cloud.${STACK_NAME}.version=0.1.0+v1.48.0" + app: image: "matrixdotorg/synapse:v1.48.0" volumes: @@ -16,7 +38,7 @@ services: - VIRTUAL_HOST=${DOMAIN} - VIRTUAL_PORT=8008 networks: - - proxy + - internal entrypoint: /docker-entrypoint.sh configs: - source: homeserver_yaml @@ -25,13 +47,6 @@ services: target: /docker-entrypoint.sh mode: 0555 deploy: - labels: - - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8008" - - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - - "coop-cloud.${STACK_NAME}.version=0.1.0+v1.48.0" restart_policy: condition: on-failure delay: "60s" @@ -73,6 +88,10 @@ configs: name: ${STACK_NAME}_homserver_yaml_${HOMESERVER_YAML_VERSION} file: homeserver.yaml.tmpl template_driver: golang + nginx_config: + name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION} + file: nginx.conf.tmpl + template_driver: golang secrets: db_password: diff --git a/homeserver.yaml.tmpl b/homeserver.yaml.tmpl index a7ab1d9..a09c7e9 100644 --- a/homeserver.yaml.tmpl +++ b/homeserver.yaml.tmpl @@ -917,7 +917,7 @@ media_store_path: "/data/media_store" # your reverse proxy's config. Notably Nginx has a small max body size by default. # See https://matrix-org.github.io/synapse/latest/reverse_proxy.html. # -#max_upload_size: 50M +max_upload_size: 50M # Maximum number of pixels that will be thumbnailed # diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl new file mode 100644 index 0000000..6965c0a --- /dev/null +++ b/nginx.conf.tmpl @@ -0,0 +1,26 @@ +user www-data; + +events { + worker_connections 768; +} + +http { + upstream backend { + server {{ env "STACK_NAME" }}_app:8008; + } + + include /etc/nginx/mime.types; + + server { + listen 80; + server_name {{ env "DOMAIN" }}; + + location ~* ^(\/_matrix|\/_synapse\/client) { + proxy_pass http://backend; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + client_max_body_size 50M; + } + } +}