mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 01:53:24 +00:00 
			
		
		
		
	When setting `matrix_nginx_proxy_enabled: false` and enabling authentication on the metrics endpoint, the htpasswd file is hardcoded to the nginx-proxy container dir, this changes the hardcoded value to a variable so the path can be updated
		
			
				
	
	
		
			273 lines
		
	
	
		
			9.9 KiB
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
			
		
		
	
	
			273 lines
		
	
	
		
			9.9 KiB
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
| #jinja2: lstrip_blocks: "True"
 | |
| 
 | |
| {% set generic_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'generic_worker')|list %}
 | |
| {% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'media_repository')|list %}
 | |
| {% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'user_dir')|list %}
 | |
| {% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'frontend_proxy')|list %}
 | |
| {% if matrix_nginx_proxy_synapse_workers_enabled %}
 | |
| 	{% if matrix_nginx_proxy_synapse_cache_enabled %}
 | |
|     	proxy_cache_path  {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m;
 | |
| 	{% endif %}
 | |
| 	# Round Robin "upstream" pools for workers
 | |
| 
 | |
| 	{% if generic_workers %}
 | |
| 	upstream generic_worker_upstream {
 | |
| 		# ensures that requests from the same client will always be passed
 | |
| 		# to the same server (except when this server is unavailable)
 | |
| 		hash $http_x_forwarded_for;
 | |
| 
 | |
| 		{% for worker in generic_workers %}
 | |
| 			{% if matrix_nginx_proxy_enabled %}
 | |
| 				server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}";
 | |
| 			{% else %}
 | |
| 				server "127.0.0.1:{{ worker.port }}";
 | |
| 			{% endif %}
 | |
| 		{% endfor %}
 | |
| 	}
 | |
| 	{% endif %}
 | |
| 
 | |
| 	{% if frontend_proxy_workers %}
 | |
| 	upstream frontend_proxy_upstream {
 | |
| 		{% for worker in frontend_proxy_workers %}
 | |
| 			{% if matrix_nginx_proxy_enabled %}
 | |
| 				server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}";
 | |
| 			{% else %}
 | |
| 				server "127.0.0.1:{{ worker.port }}";
 | |
| 			{% endif %}
 | |
| 		{% endfor %}
 | |
| 	}
 | |
| 	{% endif %}
 | |
| 
 | |
| 	{% if media_repository_workers %}
 | |
| 	upstream media_repository_upstream {
 | |
| 		{% for worker in media_repository_workers %}
 | |
| 			{% if matrix_nginx_proxy_enabled %}
 | |
| 				server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}";
 | |
| 			{% else %}
 | |
| 				server "127.0.0.1:{{ worker.port }}";
 | |
| 			{% endif %}
 | |
| 		{% endfor %}
 | |
| 	}
 | |
| 	{% endif %}
 | |
| 
 | |
| 	{% if user_dir_workers %}
 | |
| 	upstream user_dir_upstream {
 | |
| 		{% for worker in user_dir_workers %}
 | |
| 			{% if matrix_nginx_proxy_enabled %}
 | |
| 				server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}";
 | |
| 			{% else %}
 | |
| 				server "127.0.0.1:{{ worker.port }}";
 | |
| 			{% endif %}
 | |
| 		{% endfor %}
 | |
| 	}
 | |
| 	{% endif %}
 | |
| {% endif %}
 | |
| 
 | |
| server {
 | |
| 	listen 12080;
 | |
| 	{% if matrix_nginx_proxy_enabled %}
 | |
| 		server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }};
 | |
| 	{% endif %}
 | |
| 
 | |
| 	server_tokens off;
 | |
| 	root /dev/null;
 | |
| 
 | |
| 	gzip on;
 | |
| 	gzip_types text/plain application/json;
 | |
| 
 | |
| 	{% if matrix_nginx_proxy_synapse_workers_enabled %}
 | |
| 		{# Workers redirects BEGIN #}
 | |
| 
 | |
| 		{% if generic_workers %}
 | |
| 			# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker
 | |
| 			{% for location in matrix_nginx_proxy_synapse_generic_worker_client_server_locations %}
 | |
| 			location ~ {{ location }} {
 | |
| 				proxy_pass http://generic_worker_upstream$request_uri;
 | |
| 				proxy_set_header Host $host;
 | |
| 			}
 | |
| 			{% endfor %}
 | |
| 		{% endif %}
 | |
| 
 | |
| 		{% if media_repository_workers %}
 | |
| 			# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository
 | |
| 			{% for location in matrix_nginx_proxy_synapse_media_repository_locations %}
 | |
| 			location ~ {{ location }} {
 | |
| 				proxy_pass http://media_repository_upstream$request_uri;
 | |
| 				proxy_set_header Host $host;
 | |
| 
 | |
| 				client_body_buffer_size 25M;
 | |
| 				client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
 | |
| 				proxy_max_temp_file_size 0;
 | |
| 
 | |
| 				{% if matrix_nginx_proxy_synapse_cache_enabled %}
 | |
| 					proxy_buffering        on;
 | |
| 					proxy_cache            {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }};
 | |
| 					proxy_cache_valid      any  {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }};
 | |
| 					proxy_force_ranges on;
 | |
| 					add_header X-Cache-Status $upstream_cache_status;
 | |
| 				{% endif %}
 | |
| 			}
 | |
| 			{% endfor %}
 | |
| 		{% endif %}
 | |
| 
 | |
| 		{% if user_dir_workers %}
 | |
| 			# FIXME: obsolete if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set
 | |
| 			# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappuser_dir
 | |
| 			{% for location in matrix_nginx_proxy_synapse_user_dir_locations %}
 | |
| 			location ~ {{ location }} {
 | |
| 				proxy_pass http://user_dir_upstream$request_uri;
 | |
| 				proxy_set_header Host $host;
 | |
| 			}
 | |
| 			{% endfor %}
 | |
| 		{% endif %}
 | |
| 
 | |
| 		{% if frontend_proxy_workers %}
 | |
| 			# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappfrontend_proxy
 | |
| 			{% for location in matrix_nginx_proxy_synapse_frontend_proxy_locations %}
 | |
| 			location ~ {{ location }} {
 | |
| 				proxy_pass http://frontend_proxy_upstream$request_uri;
 | |
| 				proxy_set_header Host $host;
 | |
| 			}
 | |
| 			{% endfor %}
 | |
| 			{% if matrix_nginx_proxy_synapse_presence_disabled %}
 | |
| 			# FIXME: keep in sync with synapse workers documentation manually
 | |
| 			location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status {
 | |
| 				proxy_pass http://frontend_proxy_upstream$request_uri;
 | |
| 				proxy_set_header Host $host;
 | |
| 			}
 | |
| 			{% endif %}
 | |
| 		{% endif %}
 | |
| 		{# Workers redirects END #}
 | |
| 	{% endif %}
 | |
| 
 | |
| 
 | |
| 	{% for configuration_block in matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks %}
 | |
| 		{{- configuration_block }}
 | |
| 	{% endfor %}
 | |
| 
 | |
| 	{% if matrix_nginx_proxy_proxy_synapse_metrics %}
 | |
| 	location /_synapse/metrics {
 | |
| 		{% if matrix_nginx_proxy_enabled %}
 | |
| 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
 | |
| 			resolver 127.0.0.11 valid=5s;
 | |
| 			set $backend "{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container }}";
 | |
| 			proxy_pass http://$backend;
 | |
| 		{% else %}
 | |
| 			{# Generic configuration for use outside of our container setup #}
 | |
| 			proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container }};
 | |
| 		{% endif %}
 | |
| 
 | |
| 		proxy_set_header Host $host;
 | |
| 
 | |
| 		{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %}
 | |
| 			auth_basic "protected";
 | |
| 			auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }};
 | |
| 		{% endif %}
 | |
| 	}
 | |
| 	{% endif %}
 | |
| 
 | |
| 	{% if matrix_nginx_proxy_enabled and matrix_nginx_proxy_proxy_synapse_metrics %}
 | |
| 		{% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %}
 | |
| 			{% if worker.metrics_port != 0 %}
 | |
| 				location /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics {
 | |
| 					resolver 127.0.0.11 valid=5s;
 | |
| 					set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}";
 | |
| 					proxy_pass http://$backend/_synapse/metrics;
 | |
| 					proxy_set_header Host $host;
 | |
| 
 | |
| 					{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %}
 | |
| 						auth_basic "protected";
 | |
| 						auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }};
 | |
| 					{% endif %}
 | |
| 				}
 | |
| 			{% endif %}
 | |
| 		{% endfor %}
 | |
| 	{% endif %}
 | |
| 
 | |
| 	{# Everything else just goes to the API server ##}
 | |
| 	location / {
 | |
| 		{% if matrix_nginx_proxy_enabled %}
 | |
| 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
 | |
| 			resolver 127.0.0.11 valid=5s;
 | |
| 			set $backend "{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container }}";
 | |
| 			proxy_pass http://$backend;
 | |
| 		{% else %}
 | |
| 			{# Generic configuration for use outside of our container setup #}
 | |
| 			proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container }};
 | |
| 		{% endif %}
 | |
| 
 | |
| 		proxy_set_header Host $host;
 | |
| 
 | |
| 		client_body_buffer_size 25M;
 | |
| 		client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
 | |
| 		proxy_max_temp_file_size 0;
 | |
| 	}
 | |
| }
 | |
| 
 | |
| {% if matrix_nginx_proxy_proxy_synapse_federation_api_enabled %}
 | |
| server {
 | |
| 	listen 12088;
 | |
| 	{% if matrix_nginx_proxy_enabled %}
 | |
| 		server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }};
 | |
| 	{% endif %}
 | |
| 
 | |
| 	server_tokens off;
 | |
| 
 | |
| 	root /dev/null;
 | |
| 
 | |
| 	gzip on;
 | |
| 	gzip_types text/plain application/json;
 | |
| 
 | |
| 	{% if matrix_nginx_proxy_synapse_workers_enabled %}
 | |
| 		{% if generic_workers %}
 | |
| 			# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker
 | |
| 			{% for location in matrix_nginx_proxy_synapse_generic_worker_federation_locations %}
 | |
| 			location ~ {{ location }} {
 | |
| 				proxy_pass http://generic_worker_upstream$request_uri;
 | |
| 				proxy_set_header Host $host;
 | |
| 			}
 | |
| 			{% endfor %}
 | |
| 		{% endif %}
 | |
| 		{% if media_repository_workers %}
 | |
| 			# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository
 | |
| 			{% for location in matrix_nginx_proxy_synapse_media_repository_locations %}
 | |
| 			location ~ {{ location }} {
 | |
| 				proxy_pass http://media_repository_upstream$request_uri;
 | |
| 				proxy_set_header Host $host;
 | |
| 
 | |
| 				client_body_buffer_size 25M;
 | |
| 				client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
 | |
| 				proxy_max_temp_file_size 0;
 | |
| 
 | |
| 				{% if matrix_nginx_proxy_synapse_cache_enabled %}
 | |
| 					proxy_buffering        on;
 | |
| 					proxy_cache            {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }};
 | |
| 					proxy_cache_valid      any  {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }};
 | |
| 					proxy_force_ranges on;
 | |
| 					add_header X-Cache-Status $upstream_cache_status;
 | |
| 				{% endif %}
 | |
| 			}
 | |
| 			{% endfor %}
 | |
| 		{% endif %}
 | |
| 	{% endif %}
 | |
| 
 | |
| 	location / {
 | |
| 		{% if matrix_nginx_proxy_enabled %}
 | |
| 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
 | |
| 			resolver 127.0.0.11 valid=5s;
 | |
| 			set $backend "{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container }}";
 | |
| 			proxy_pass http://$backend;
 | |
| 		{% else %}
 | |
| 			{# Generic configuration for use outside of our container setup #}
 | |
| 			proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container }};
 | |
| 		{% endif %}
 | |
| 
 | |
| 		proxy_set_header Host $host;
 | |
| 
 | |
| 		client_body_buffer_size 25M;
 | |
| 		client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
 | |
| 		proxy_max_temp_file_size 0;
 | |
| 	}
 | |
| }
 | |
| {% endif %}
 |