mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-25 01:23:24 +00:00 
			
		
		
		
	Merge remote-tracking branch 'github/master'
This commit is contained in:
		| @@ -1,24 +1,29 @@ | ||||
| # Alternative architectures | ||||
|  | ||||
| As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. | ||||
|  | ||||
| To that end add the following variable to your `vars.yaml` file: | ||||
|  | ||||
| ```yaml | ||||
| matrix_architecture: <your-matrix-server-architecture> | ||||
| ``` | ||||
| matrix_architecture = <your-matrix-server-architecture> | ||||
| ``` | ||||
|  | ||||
| Currently supported architectures are the following: | ||||
| - `amd64` (the default) | ||||
| - `arm64` | ||||
| - `arm32` | ||||
|  | ||||
| so for the Raspberry Pi the following should be in your `vars.yaml` file: | ||||
| ``` | ||||
| matrix_architecture = "arm32" | ||||
| so for the Raspberry Pi, the following should be in your `vars.yaml` file: | ||||
|  | ||||
| ```yaml | ||||
| matrix_architecture: "arm32" | ||||
| ``` | ||||
|  | ||||
| ## Implementation details | ||||
| This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. | ||||
|  | ||||
| This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection. | ||||
|  | ||||
| On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: | ||||
| - matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well, | ||||
| - matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well, | ||||
| - matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling. | ||||
| - `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well | ||||
| - `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well | ||||
| - `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling. | ||||
|   | ||||
| @@ -49,7 +49,7 @@ docker run -it --rm \ | ||||
| -v `pwd`:/work \ | ||||
| -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ | ||||
| --entrypoint=/bin/sh \ | ||||
| devture/ansible:2.8.1-r0 | ||||
| devture/ansible:2.9.9-r0 | ||||
| ``` | ||||
|  | ||||
| The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). | ||||
| @@ -60,7 +60,7 @@ The `/work` directory contains the playbook's code. | ||||
|  | ||||
| You can execute `ansible-playbook` commands as per normal now. | ||||
|  | ||||
| ### If you don't use SSH keys for authentication  | ||||
| ### If you don't use SSH keys for authentication | ||||
|  | ||||
| If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`). | ||||
| To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run: | ||||
|   | ||||
| @@ -23,7 +23,7 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" | ||||
| 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. | ||||
| 5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`) | ||||
| 6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. | ||||
| 7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: `discordapp.com/channels/guild_id/channel_id` | ||||
| 7. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client. | ||||
|  | ||||
| Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. | ||||
|  | ||||
|   | ||||
| @@ -11,6 +11,8 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true | ||||
| matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE | ||||
| ``` | ||||
|  | ||||
| You can generate a strong shared secret with a command like this: `pwgen -s 64 1` | ||||
|  | ||||
|  | ||||
| ## Authenticating only using a password provider | ||||
|  | ||||
|   | ||||
| @@ -136,7 +136,7 @@ backend matrix-backend | ||||
| 	reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2 | ||||
| 	# Rewrite redirects as ProxyPassReverse does | ||||
| 	acl response-is-redirect res.hdr(Location) -m found | ||||
| 	rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.exapmle.com/.well-known/matrix/\2 if response-is-redirect | ||||
| 	rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.example.com/.well-known/matrix/\2 if response-is-redirect | ||||
| ``` | ||||
|  | ||||
| Make sure to: | ||||
|   | ||||
| @@ -4,14 +4,14 @@ This playbook not only installs the various Matrix services for you, but can als | ||||
|  | ||||
| If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org). | ||||
|  | ||||
| To upgrade the services: | ||||
| To upgrade services: | ||||
|  | ||||
| - update your playbook directory (`git pull`), so you'd obtain everything new we've done | ||||
|  | ||||
| - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incomptabile changes that you need to take care of | ||||
| - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of | ||||
|  | ||||
| - re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all` | ||||
|  | ||||
| - restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` | ||||
|  | ||||
| **Note**: major version upgrades are not done to the internal PostgreSQL database. To upgrade that one, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql). | ||||
| **Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql). | ||||
|   | ||||
| @@ -6,16 +6,16 @@ | ||||
|  | ||||
| - [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`). | ||||
|  | ||||
| - a `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.* | ||||
| - A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.* | ||||
|  | ||||
| - the [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible. | ||||
| - The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible. | ||||
|  | ||||
| - either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature. | ||||
| - Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature. | ||||
|  | ||||
| - an HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). | ||||
| - An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). | ||||
|  | ||||
| - properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)) | ||||
| - Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)). | ||||
|  | ||||
| - some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP) | ||||
| - Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)). | ||||
|  | ||||
| When ready to proceed, continue with [Configuring DNS](configuring-dns.md). | ||||
|   | ||||
| @@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible: | ||||
| - `matrix-riot-web` | ||||
| - `matrix-coturn` | ||||
| - `matrix-ma1sd` | ||||
| - `matrix-mailer` | ||||
| - `matrix-mautrix-facebook` | ||||
| - `matrix-mautrix-hangouts` | ||||
| - `matrix-mx-puppet-skype` | ||||
|   | ||||
		Reference in New Issue
	
	Block a user