add synapse-admin

2025-01-28 17:42:07 +01:00 · 2025-01-28 17:42:07 +01:00 · a90ccaa65b
commit a90ccaa65b
parent 7c0e822940
6 changed files with 72 additions and 2 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -27,7 +27,7 @@ steps:
      PG_BACKUP_VERSION: v1
      WK_CLIENT_VERSION: v1
      WK_SERVER_VERSION: v1
-      NGINX_CONFIG_VERSION: v7
+      NGINX_CONFIG_VERSION: v8
      SECRET_DB_PASSWORD_VERSION: v1
      SECRET_FORM_SECRET_VERSION: v1
      SECRET_MACAROON_VERSION: v1
--- a/.env.sample
+++ b/.env.sample
@ -174,3 +174,8 @@ RETENTION_MAX_LIFETIME=4w

 ## Web Client (Redirect)
 #WEB_CLIENT_LOCATION=https://element-web.example.com
+
+
+## Admin interface at /admin
+#COMPOSE_FILE="$COMPOSE_FILE:compose.admin.yml"
+#ADMIN_INTERFACE_ENABLED=1
--- a/abra.sh
+++ b/abra.sh
@ -5,10 +5,11 @@ export LOG_CONFIG_VERSION=v2
 export SHARED_SECRET_AUTH_VERSION=v1
 export SIGNAL_BRIDGE_YAML_VERSION=v6
 export TELEGRAM_BRIDGE_YAML_VERSION=v6
-export NGINX_CONFIG_VERSION=v7
+export NGINX_CONFIG_VERSION=v8
 export WK_SERVER_VERSION=v1
 export WK_CLIENT_VERSION=v1
 export PG_BACKUP_VERSION=v1
+export ADMIN_CONFIG_VERSION=v1

 set_admin () {
    admin=akadmin
--- a/admin.conf.tmpl
+++ b/admin.conf.tmpl
@ -0,0 +1,3 @@
+{
+  "restrictBaseUrl": "https://{{ env "DOMAIN" }}"
+}
--- a/compose.admin.yml
+++ b/compose.admin.yml
@ -0,0 +1,46 @@
+---
+version: "3.8"
+
+services:
+  admin:
+    image: awesometechnologies/synapse-admin:0.10.3
+    networks:
+      - proxy
+    deploy:
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.${STACK_NAME}_admin.loadbalancer.server.port=80"
+        - "traefik.http.routers.${STACK_NAME}_admin.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})&&PathPrefix(`/admin`)"
+        - "traefik.http.routers.${STACK_NAME}_admin.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}_admin.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}_admin.middlewares=admin,admin_path"
+        - "traefik.http.middlewares.admin.redirectregex.regex=^(.*)/admin/?"
+        - "traefik.http.middlewares.admin.redirectregex.replacement=$${1}/admin/"
+        - "traefik.http.middlewares.admin_path.stripprefix.prefixes=/admin"
+    environment:
+      - DOMAIN
+    configs:
+      - source: admin_config
+        target: /app/config.json
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+  web:
+    environment:
+      - ADMIN_INTERFACE_ENABLED
+
+
+networks:
+  proxy:
+    external: true
+
+configs:
+  admin_config:
+    name: ${STACK_NAME}_admin_config_${ADMIN_CONFIG_VERSION}
+    file: admin.conf.tmpl
+    template_driver: golang
+
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@ -36,5 +36,20 @@ http {
      default_type application/json;
      add_header Access-Control-Allow-Origin  *;
    }
+
+{{ if eq (env "ADMIN_INTERFACE_ENABLED") "1" }}
+    location ^~ /_synapse/admin {
+      if ($http_referer !~ "^https://{{ env "DOMAIN" }}/admin/") {
+        return 403;
+      }
+      proxy_pass http://{{ env "STACK_NAME"}}_app:8008;
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header Host $host;
+      client_max_body_size 50M;
+      proxy_http_version 1.1;
+    }
+{{ end }}
+
  }
 }