Merge branch '6.8.1fix'

fixed MAX_UPLOAD_SIZE and AUTO_JOIN_ROOM_LIST config
chore: publish 6.8.1+v1.139.2 release
2025-10-29 13:55:54 +01:00 · 2025-10-29 13:49:02 +01:00 · 2025-10-28 17:17:22 +01:00 · 2025-10-28 16:14:38 +00:00 · 2025-10-28 16:14:13 +00:00 · 2025-10-28 17:12:33 +01:00
11 changed files with 108 additions and 22 deletions
--- a/.env.sample
+++ b/.env.sample
@ -33,13 +33,15 @@ ALLOW_PUBLIC_ROOMS_FEDERATION=false
 ENABLE_REGISTRATION=false
 PASSWORD_LOGIN_ENABLED=true
-# Token based registration. Enable ADMIN_INTERFACE_ENABLED=1 (below) to use the admin interface to generate tokens.
+# Token based registration. Enable ADMIN_INTERFACE (below) to use the admin interface to generate tokens.
 #REGISTRATION_REQUIRES_TOKEN=true
 ## Room auto-join
 #AUTO_JOIN_ROOM_ENABLED=1
 #AUTO_JOIN_ROOM is deprecated, but kept for backward compatibility. Please use only one, and prefer AUTO_JOIN_ROOM_LIST.
 #AUTO_JOIN_ROOM="#example:example.com"
 #AUTO_JOIN_ROOM_LIST="[\"#room1:example.com\",\"#room2:example.com\"]"
 ## Logging
@ -68,6 +70,14 @@ ENCRYPTED_BY_DEFAULT=all
 # Set these to keyservers you trust - usually the same as your federation allowlist
 #TRUSTED_KEYSERVERS="trusted_key_servers:\n  - server_name: 'example.com'\n  - server_name: 'example2.com'"
 # some optional configs to increase privacy and security
 #REQUIRE_AUTH_FOR_PROFILE_REQUESTS=true
 #LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS=true
 #DELETE_STALE_DEVICES_AFTER=1y
 #SESSION_LIFETIME=60d
 #TRACK_PUPPETED_USER_IPS=true
 ## Retention
 ALLOWED_LIFETIME_MAX=4w
@ -78,6 +88,13 @@ RETENTION_MAX_LIFETIME=4w
 #MEDIA_RETENTION_LOCAL_LIFETIME=30d
 #MEDIA_RETENTION_REMOTE_LIFETIME=14d
 MAX_UPLOAD_SIZE=50M
 ## Old Signing Key
 #OLD_SIGNING_KEY_ID=a_OLDKEYID
 #OLD_SIGNING_KEY=base64string
 #OLD_SIGNING_KEY_EXPIRES=123456789123
 ## Ratelimit
 #LOGIN_LIMIT_IP_PER_SECOND=5
@ -126,6 +143,13 @@ RETENTION_MAX_LIFETIME=4w
 #SMTP_USER=
 #SECRET_SMTP_PASSWORD_VERSION=v1
 ## USER-DIRECTORY
 #USER_DIRECTORY_ENABLED=true
 #USER_DIRECTORY_SEARCH_ALL_USERS=true
 #USER_DIRECTORY_PREFER_LOCAL_USERS=true
 #USER_DIRECTORY_SHOW_LOCKED_USERS=false
 ## App services
 #APP_SERVICES_ENABLED=1
--- a/abra.sh
+++ b/abra.sh
@ -1,11 +1,11 @@
 export DISCORD_BRIDGE_YAML_VERSION=v2
 export ENTRYPOINT_CONF_VERSION=v3
-export HOMESERVER_YAML_VERSION=v30
+export HOMESERVER_YAML_VERSION=v34
 export LOG_CONFIG_VERSION=v2
 export SHARED_SECRET_AUTH_VERSION=v2
 export SIGNAL_BRIDGE_YAML_VERSION=v6
 export TELEGRAM_BRIDGE_YAML_VERSION=v6
-export NGINX_CONFIG_VERSION=v8
+export NGINX_CONFIG_VERSION=v11
 export WK_SERVER_VERSION=v1
 export WK_CLIENT_VERSION=v1
 export PG_BACKUP_VERSION=v1
--- a/compose.admin.yml
+++ b/compose.admin.yml
@ -3,7 +3,7 @@ version: "3.8"
 services:
  admin:
-    image: awesometechnologies/synapse-admin:0.10.3
+    image: awesometechnologies/synapse-admin:0.11.1
    networks:
      - proxy
    deploy:
--- a/compose.signal.yml
+++ b/compose.signal.yml
@ -10,7 +10,7 @@ services:
      - signal-data:/signal-data
  signalbridge:
-    image: dock.mau.dev/mautrix/signal:v0.7.5
+    image: dock.mau.dev/mautrix/signal:v0.8.7
    depends_on:
      - signaldb
    configs:
--- a/compose.telegram.yml
+++ b/compose.telegram.yml
@ -10,7 +10,7 @@ services:
      - telegram-data:/telegram-data
  telegrambridge:
-    image: dock.mau.dev/mautrix/telegram:v0.15.2
+    image: dock.mau.dev/mautrix/telegram:v0.15.3
    depends_on:
      - telegramdb
    configs:
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"
 services:
  web:
-    image: nginx:1.27.4
+    image: nginx:1.29.2
    networks:
      - proxy
      - internal
@ -12,6 +12,7 @@ services:
      - STACK_NAME
      - NGINX_ACCESS_LOG_LOCATION
      - NGINX_ERROR_LOG_LOCATION
      - MAX_UPLOAD_SIZE
    configs:
      - source: nginx_config
        target: /etc/nginx/nginx.conf
@ -30,12 +31,12 @@ services:
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
    healthcheck:
      test: curl -f http://${STACK_NAME}_app:8008/health || exit 1
-      interval: 5s
+      interval: 20s
-      timeout: 3s
+      timeout: 15s
      retries: 20
  app:
-    image: "matrixdotorg/synapse:v1.124.0"
+    image: "matrixdotorg/synapse:v1.139.2"
    volumes:
      - "data:/data"
    secrets:
@ -47,6 +48,7 @@ services:
      - ALLOWED_LIFETIME_MAX
      - ALLOW_PUBLIC_ROOMS_FEDERATION
      - AUTO_JOIN_ROOM
      - AUTO_JOIN_ROOM_LIST
      - AUTO_JOIN_ROOM_ENABLED
      - DISABLE_FEDERATION
      - DOMAIN
@ -55,7 +57,19 @@ services:
      - ENABLE_REGISTRATION
      - REGISTRATION_REQUIRES_TOKEN
      - ENCRYPTED_BY_DEFAULT
      - OLD_SIGNING_KEY
      - OLD_SIGNING_KEY_ID
      - OLD_SIGNING_KEY_EXPIRES
      - USER_DIRECTORY_ENABLED=${USER_DIRECTORY_ENABLED:-true}
      - USER_DIRECTORY_SEARCH_ALL_USERS=${USER_DIRECTORY_SEARCH_ALL_USERS:-true}
      - USER_DIRECTORY_PREFER_LOCAL_USERS=${USER_DIRECTORY_PREFER_LOCAL_USERS:-true}
      - USER_DIRECTORY_SHOW_LOCKED_USERS=${USER_DIRECTORY_SHOW_LOCKED_USERS:-false}
      - FEDERATION_ALLOWLIST
      - REQUIRE_AUTH_FOR_PROFILE_REQUESTS=${REQUIRE_AUTH_FOR_PROFILE_REQUESTS:-false}
      - LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS=${LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS:-false}
      - DELETE_STALE_DEVICES_AFTER
      - SESSION_LIFETIME
      - TRACK_PUPPETED_USER_IPS=${TRACK_PUPPETED_USER_IPS:-false}
      - LETSENCRYPT_HOST=${DOMAIN}
      - MEDIA_RETENTION_LOCAL_LIFETIME
      - MEDIA_RETENTION_REMOTE_LIFETIME
@ -77,6 +91,7 @@ services:
      - LOGIN_LIMIT_ACCOUNT_PER_SECOND=${LOGIN_LIMIT_ACCOUNT_PER_SECOND:-0.003}
      - LOGIN_LIMIT_ACCOUNT_BURST=${LOGIN_LIMIT_ACCOUNT_BURST:-5}
      - WEB_CLIENT_LOCATION
      - MAX_UPLOAD_SIZE
    networks:
      - internal
    entrypoint: /docker-entrypoint.sh
@ -92,8 +107,8 @@ services:
      restart_policy:
        condition: on-failure
      labels:
-        - "coop-cloud.${STACK_NAME}.version=6.6.1+v1.124.0"
+        - "coop-cloud.${STACK_NAME}.version=6.8.1+v1.139.2"
-        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
+        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
      interval: 30s
--- a/homeserver.yaml.tmpl
+++ b/homeserver.yaml.tmpl
@ -16,6 +16,12 @@ server_name: {{ or (env "SERVER_NAME") (env "DOMAIN") }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#public_baseurl
 public_baseurl: https://{{ env "DOMAIN" }}/
 # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#require_auth_for_profile_requests
 require_auth_for_profile_requests: {{ env "REQUIRE_AUTH_FOR_PROFILE_REQUESTS" }}
 # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#limit_profile_requests_to_users_who_share_rooms
 limit_profile_requests_to_users_who_share_rooms: {{ env "LIMIT_PROFILE_REQUESTS_TO_USERS_WHO_SHARE_ROOMS" }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#serve_server_wellknown
 serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }}
@ -52,6 +58,11 @@ listeners:
      {{ end }}
    {{ end }}
 # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#delete_stale_devices_after
 {{ if (env "DELETE_STALE_DEVICES_AFTER") }}
 delete_stale_devices_after: {{ env "DELETE_STALE_DEVICES_AFTER" }}
 {{ end }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#admin_contact
 admin_contact: 'mailto:{{ env "ADMIN_EMAIL" }}'
@ -119,7 +130,7 @@ log_config: "/data/log.config"
 media_store_path: "/data/media_store"
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_upload_size 
-max_upload_size: 50M
+max_upload_size: {{ or (env "MAX_UPLOAD_SIZE") 50M }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#turn
 {{ if eq (env "TURN_ENABLED") "1" }}
@ -132,6 +143,7 @@ turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_registration
 enable_registration: {{ env "ENABLE_REGISTRATION" }}
 # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#registration_requires_token
 registration_requires_token: {{ env "REGISTRATION_REQUIRES_TOKEN" }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_3pid_lookup
@ -145,13 +157,28 @@ registration_shared_secret: {{ secret "registration" }}
 {{ if eq (env "AUTO_JOIN_ROOM_ENABLED") "1" }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#auto_join_rooms
 # AUTO_JOIN_ROOM only for backwards compatibility
 {{ if (env "AUTO_JOIN_ROOM") }}
 auto_join_rooms:
  - "{{ env "AUTO_JOIN_ROOM" }}"
 {{ else }}
 auto_join_rooms: {{ env "AUTO_JOIN_ROOM_LIST" }}
 {{ end }}
 {{ end }}
 # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#session_lifetime
 {{ if (env "SESSION_LIFETIME") }}
 session_lifetime: {{ env "SESSION_LIFETIME" }}
 {{ end }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#report_stats
 report_stats: false
 # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#track_puppeted_user_ips
 track_puppeted_user_ips: {{ env "TRACK_PUPPETED_USER_IPS" }}
 {{ if eq (env "APP_SERVICES_ENABLED") "1" }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#app_service_config_files
 app_service_config_files: {{ env "APP_SERVICE_CONFIGS" }}
@ -166,6 +193,12 @@ form_secret: "{{ secret "form_secret" }}"
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#signing_key_path
 signing_key_path: "/data/{{ env "DOMAIN" }}.signing.key"
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#old_signing_keys
 {{ if (and (env "OLD_SIGNING_KEY_ID") (env "OLD_SIGNING_KEY") (env "OLD_SIGNING_KEY_EXPIRES")) }}
 old_signing_keys:
  "ed25519:{{ env "OLD_SIGNING_KEY_ID" }}": { key: "{{ env "OLD_SIGNING_KEY" }}", expired_ts: {{ env "OLD_SIGNING_KEY_EXPIRES" }} }
 {{ end }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#trusted_key_servers
 {{ if eq (env "ENABLE_ALLOWLIST") "1" }}
 trusted_key_servers: [] # NOTE(d1): defaults to requesting server directly, which matches FEDERATION_ALLOWLIST
@ -248,9 +281,10 @@ encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#user_directory
 user_directory:
-  enabled: true
+  enabled: {{ env "USER_DIRECTORY_ENABLED" }}
-  search_all_users: true
+  search_all_users: {{ env "USER_DIRECTORY_SEARCH_ALL_USERS" }}
-  prefer_local_users: true
+  prefer_local_users: {{ env "USER_DIRECTORY_PREFER_LOCAL_USERS" }}
  show_locked_users: {{ env "USER_DIRECTORY_SHOW_LOCKED_USERS" }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#media_retention
 media_retention:
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@ -5,6 +5,16 @@ events {
 }
 http {
  resolver 127.0.0.11 valid=30s ipv6=off;
  resolver_timeout 5s;
  upstream matrix_upstream {
    zone matrix_upstream 64k;
    server {{ env "STACK_NAME"}}_app:8008 resolve;
    keepalive 16;
  }
  server {
    listen 80;
@ -14,20 +24,20 @@ http {
    server_name {{ env "DOMAIN" }};
    location = / {
-      proxy_pass http://{{ env "STACK_NAME"}}_app:8008;
+      proxy_pass http://matrix_upstream;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $host;
-      client_max_body_size 50M;
+      client_max_body_size {{ or (env "MAX_UPLOAD_SIZE") "50M" }};
      proxy_http_version 1.1;
    }
    location ~* ^(\/_matrix|\/_synapse\/client) {
-      proxy_pass http://{{ env "STACK_NAME"}}_app:8008;
+      proxy_pass http://matrix_upstream;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $host;
-      client_max_body_size 50M;
+      client_max_body_size {{ or (env "MAX_UPLOAD_SIZE") "50M" }};
      proxy_http_version 1.1;
    }
@ -42,11 +52,11 @@ http {
      if ($http_referer !~ "^https://{{ env "DOMAIN" }}/admin/") {
        return 403;
      }
-      proxy_pass http://{{ env "STACK_NAME"}}_app:8008;
+      proxy_pass http://matrix_upstream;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $host;
-      client_max_body_size 50M;
+      client_max_body_size {{ or (env "MAX_UPLOAD_SIZE") "50M" }};
      proxy_http_version 1.1;
    }
 {{ end }}
--- a/release/6.6.2+v1.124.0
+++ b/release/6.6.2+v1.124.0
@ -0,0 +1 @@
 new optional env vars for user_directory and privacy options
--- a/release/6.6.3+v1.124.0
+++ b/release/6.6.3+v1.124.0
@ -0,0 +1 @@
 added env for old-signing-keys
--- a/release/6.7.1+v1.133.0
+++ b/release/6.7.1+v1.133.0
@ -0,0 +1 @@
 This patch contains a critical nginx fix, to allow resolving docker internal hosts.
Author	SHA1	Message	Date
val	3e0c9063c4	Merge branch '6.8.1fix' All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	2025-10-29 13:55:54 +01:00
val	db6440b317	fixed MAX_UPLOAD_SIZE and AUTO_JOIN_ROOM_LIST config	2025-10-29 13:49:02 +01:00
vdietrich	24f7e0cb35	chore: publish 6.8.1+v1.139.2 release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-10-28 17:17:22 +01:00
lambdabundesverband	6d1397562b	Merge pull request 'added env to configure several auto_join_rooms' (#52 ) from auto_join_room_list into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #52	2025-10-28 16:14:38 +00:00
lambdabundesverband	e0c0861c16	Merge branch 'main' into auto_join_room_list	2025-10-28 16:14:13 +00:00
vdietrich	41fdcafaa0	added env to configure several auto_join_rooms	2025-10-28 17:12:33 +01:00
Cassowary	730dbc4569	Merge pull request 'Expose max_upload_size as a configurable option' (#51 ) from cas_expose_maxupload into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #51 Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>	2025-10-17 17:05:30 +00:00
Simon	809055dadb	chore: publish 6.8.0+v1.139.2 release All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	2025-10-08 16:43:20 +02:00
Cassowary	7703bbbce7	Bump config versions	2025-10-03 11:20:39 -07:00
Cassowary	e3df032bda	Expose max_upload_size as a configurable option	2025-10-02 11:40:51 -07:00
Moritz	0cf9d0a244	chore: publish 6.7.1+v1.133.0 release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-09-07 11:49:20 +02:00
Moritz	86a44afd19	fix nginx	2025-09-07 11:27:17 +02:00
carla	cf47a9c1b0	chore: publish 6.7.0+v1.133.0 release All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	2025-07-07 16:11:13 +02:00
val	aaa59a7718	chore: publish 6.6.3+v1.124.0 release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-06-12 22:28:18 +02:00
val	e072cf0766	Merge pull request 'old-signing-key - anyone an idea how to escape so it's only one env var?' (#50 ) from old-signing-key into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #50 Reviewed-by: 3wordchant <3wordchant@noreply.git.coopcloud.tech>	2025-06-12 20:23:56 +00:00
val	22cc356a56	Merge branch 'main' into old-signing-key	2025-06-12 20:23:13 +00:00
Moritz	160b0eb2cf	fix: remove full env name "ADMIN_INTERFACE_ENABLED" from comment to All checks were successful continuous-integration/drone/push Build is passing Details allow autouncomment	2025-06-11 14:48:43 +02:00
val	af7f7eca2f	typos	2025-06-10 18:47:38 +02:00
val	5808fef48d	add env	2025-06-08 12:20:46 +02:00
vdietrich	a8483dccf9	chore: publish 6.6.2+v1.124.0 release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-06-05 11:04:16 +02:00
lambdabundesverband	8e82c16e3d	Merge pull request 'added-env-vars' (#49 ) from added-env-vars into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #49	2025-06-05 08:58:39 +00:00
vdietrich	dafb17aace	added some privacy related optional env-vars	2025-06-04 18:12:01 +02:00
vdietrich	237e2c832b	user directory env vars	2025-06-04 16:59:58 +02:00
Moritz	bf4de0df97	Set healthcheck interval higher for slow systems All checks were successful continuous-integration/drone/push Build is passing Details	2025-05-15 11:06:21 +02:00
		`@ -0,0 +1 @@`
							`new optional env vars for user_directory and privacy options`
		`@ -0,0 +1 @@`
							`This patch contains a critical nginx fix, to allow resolving docker internal hosts.`