add synapse-admin

.drone.yml

@@ -27,7 +27,7 @@ steps:
       PG_BACKUP_VERSION: v1
       WK_CLIENT_VERSION: v1
       WK_SERVER_VERSION: v1
-      NGINX_CONFIG_VERSION: v7
+      NGINX_CONFIG_VERSION: v8
       SECRET_DB_PASSWORD_VERSION: v1
       SECRET_FORM_SECRET_VERSION: v1
       SECRET_MACAROON_VERSION: v1

.env.sample

@@ -174,3 +174,8 @@ RETENTION_MAX_LIFETIME=4w
 
 ## Web Client (Redirect)
 #WEB_CLIENT_LOCATION=https://element-web.example.com
+
+
+## Admin interface at /admin
+#COMPOSE_FILE="$COMPOSE_FILE:compose.admin.yml"
+#ADMIN_INTERFACE_ENABLED=1

abra.sh

@@ -5,10 +5,11 @@ export LOG_CONFIG_VERSION=v2
 export SHARED_SECRET_AUTH_VERSION=v1
 export SIGNAL_BRIDGE_YAML_VERSION=v6
 export TELEGRAM_BRIDGE_YAML_VERSION=v6
-export NGINX_CONFIG_VERSION=v7
+export NGINX_CONFIG_VERSION=v8
 export WK_SERVER_VERSION=v1
 export WK_CLIENT_VERSION=v1
 export PG_BACKUP_VERSION=v1
+export ADMIN_CONFIG_VERSION=v1
 
 set_admin () {
     admin=akadmin

admin.conf.tmpl

@@ -0,0 +1,3 @@
+{
+  "restrictBaseUrl": "https://{{ env "DOMAIN" }}"
+}

compose.admin.yml

@@ -0,0 +1,46 @@
+---
+version: "3.8"
+
+services:
+  admin:
+    image: awesometechnologies/synapse-admin:0.10.3
+    networks:
+      - proxy
+    deploy:
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.${STACK_NAME}_admin.loadbalancer.server.port=80"
+        - "traefik.http.routers.${STACK_NAME}_admin.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})&&PathPrefix(`/admin`)"
+        - "traefik.http.routers.${STACK_NAME}_admin.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}_admin.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}_admin.middlewares=admin,admin_path"
+        - "traefik.http.middlewares.admin.redirectregex.regex=^(.*)/admin/?"
+        - "traefik.http.middlewares.admin.redirectregex.replacement=$${1}/admin/"
+        - "traefik.http.middlewares.admin_path.stripprefix.prefixes=/admin"
+    environment:
+      - DOMAIN
+    configs:
+      - source: admin_config
+        target: /app/config.json
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+  web:
+    environment:
+      - ADMIN_INTERFACE_ENABLED
+
+
+networks:
+  proxy:
+    external: true
+
+configs:
+  admin_config:
+    name: ${STACK_NAME}_admin_config_${ADMIN_CONFIG_VERSION}
+    file: admin.conf.tmpl
+    template_driver: golang
+

nginx.conf.tmpl

@@ -36,5 +36,20 @@ http {
       default_type application/json;
       add_header Access-Control-Allow-Origin  *;
     }
+
+{{ if eq (env "ADMIN_INTERFACE_ENABLED") "1" }}
+    location ^~ /_synapse/admin {
+      if ($http_referer !~ "^https://{{ env "DOMAIN" }}/admin/") {
+        return 403;
+      }
+      proxy_pass http://{{ env "STACK_NAME"}}_app:8008;
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header Host $host;
+      client_max_body_size 50M;
+      proxy_http_version 1.1;
+    }
+{{ end }}
+
   }
 }