From b9097c1f94e7b6776cfd31ae0c97eae33602efe8 Mon Sep 17 00:00:00 2001
From: knoflook <knoflook@disroot.org>
Date: Mon, 23 Oct 2023 20:16:37 +0200
Subject: [PATCH] fix: don't break when logging in with keycloak

---
 .env.sample           | 7 +++++++
 abra.sh               | 4 ++--
 compose.yml           | 4 +++-
 nginx.conf.tmpl       | 6 +++---
 release/5.0.1+v1.93.0 | 8 ++++++++
 5 files changed, 23 insertions(+), 6 deletions(-)
 create mode 100644 release/5.0.1+v1.93.0

diff --git a/.env.sample b/.env.sample
index e21055e..a417299 100644
--- a/.env.sample
+++ b/.env.sample
@@ -42,6 +42,13 @@ PASSWORD_LOGIN_ENABLED=true
 SQL_LOG_LEVEL=WARN
 ROOT_LOG_LEVEL=WARN
 
+# for nginx
+NGINX_ACCESS_LOG_LOCATION="/dev/null"
+NGINX_ERROR_LOG_LOCATION="/dev/null"
+# Comment the previous two lines and uncomment these to enable logging
+#NGINX_ACCESS_LOG_LOCATION="/dev/stdout"
+#NGINX_ERROR_LOG_LOCATION="/dev/stderr"
+
 ## Privacy
 
 ENABLE_3PID_LOOKUP=true
diff --git a/abra.sh b/abra.sh
index 5fa0fc9..1367097 100644
--- a/abra.sh
+++ b/abra.sh
@@ -5,7 +5,7 @@ export LOG_CONFIG_VERSION=v2
 export SHARED_SECRET_AUTH_VERSION=v1
 export SIGNAL_BRIDGE_YAML_VERSION=v4
 export TELEGRAM_BRIDGE_YAML_VERSION=v6
-export NGINX_CONFIG_VERSION=v4
+export NGINX_CONFIG_VERSION=v5
 export WK_SERVER_VERSION=v1
 export WK_CLIENT_VERSION=v1
 
@@ -13,7 +13,7 @@ set_admin () {
     admin=akadmin
     if [ -n "$1" ]
     then
-        admin=$1 
+        admin=$1
     fi
     psql -U synapse -c "UPDATE users SET admin = 1 WHERE name = '@$admin:$DOMAIN'";
 }
diff --git a/compose.yml b/compose.yml
index d924e1d..c0f40c4 100644
--- a/compose.yml
+++ b/compose.yml
@@ -9,6 +9,8 @@ services:
       - internal
     environment:
       - STACK_NAME
+      - NGINX_ACCESS_LOG_LOCATION
+      - NGINX_ERROR_LOG_LOCATION
     configs:
       - source: nginx_config
         target: /etc/nginx/nginx.conf
@@ -25,7 +27,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=5.0.0+v1.93.0"
+        - "coop-cloud.${STACK_NAME}.version=5.0.1+v1.93.0"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
     healthcheck:
       test: curl -f http://synapse:8008/health || exit 1
diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl
index 56b3987..765746c 100644
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@@ -8,15 +8,15 @@ http {
   server {
     listen 80;
 
-    access_log off;
-    error_log /dev/null;
+    access_log {{ env "NGINX_ACCESS_LOG_LOCATION" }};
+    error_log {{ env "NGINX_ERROR_LOG_LOCATION" }};
 
     server_name {{ env "DOMAIN" }};
 
     location ~* ^(\/_matrix|\/_synapse\/client) {
       proxy_pass http://{{ env "STACK_NAME"}}_synapse:8008;
       proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Proto https;
       proxy_set_header Host $host;
       client_max_body_size 50M;
       proxy_http_version 1.1;
diff --git a/release/5.0.1+v1.93.0 b/release/5.0.1+v1.93.0
new file mode 100644
index 0000000..0851e3b
--- /dev/null
+++ b/release/5.0.1+v1.93.0
@@ -0,0 +1,8 @@
+take care when upgrading! You need to add two variables to your .env file:
+use the following if you don't want any access logs (including users' IP addresses):
+NGINX_ACCESS_LOG_LOCATION="/dev/null"
+NGINX_ERROR_LOG_LOCATION="/dev/null"
+
+use the following if you want logs:
+NGINX_ACCESS_LOG_LOCATION="/dev/stdout"
+NGINX_ERROR_LOG_LOCATION="/dev/stderr"