cqrenet/mxids
3
0
Fork 0
Code Pull Requests 10 Actions Releases Activity

Add documentation for nginx config

Browse Source
This commit is contained in:
Maxime Dor
2018-01-21 14:36:44 +01:00
parent 5871bb6609
commit 9fede41904
2 changed files with 94 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
docs/features/directory-users.md
View File

@@ -4,6 +4,8 @@
- [Requirements](#requirements) - [Requirements](#requirements)
- [Configuration](#configuration) - [Configuration](#configuration)
- [Reverse Proxy](#reverse-proxy) - [Reverse Proxy](#reverse-proxy)
- [Apache2](#apache2)
- [nginx](#nginx)
- [DNS Overwrite](#dns-overwrite) - [DNS Overwrite](#dns-overwrite)
- [Backends](#backends) - [Backends](#backends)
- [LDAP](#ldap) - [LDAP](#ldap)
@@ -62,16 +64,66 @@ which directly answered the request.
## Configuration ## Configuration
### Reverse Proxy ### Reverse Proxy
Apache2 configuration to put under the relevant virtual domain: #### Apache2
The specific configuration to put under the relevant `VirtualHost`:
``` ```
ProxyPreserveHost on ProxyPass /_matrix/client/r0/user_directory/ http://0.0.0.0:8090/_matrix/client/r0/user_directory/
ProxyPass /_matrix/identity/ http://mxisdInternalIpAddress:8090/_matrix/identity/
ProxyPass /_matrix/client/r0/user_directory/ http://mxisdInternalIpAddress:8090/_matrix/client/r0/user_directory/
ProxyPass /_matrix/ http://HomeserverInternalIpAddress:8008/_matrix/
``` ```
`ProxyPreserveHost` or equivalent must be enabled to detect to which Homeserver mxisd should talk to when building `ProxyPreserveHost` or equivalent must be enabled to detect to which Homeserver mxisd should talk to when building
results. results.
Your `VirtualHost` should now look like this:
```
<VirtualHost *:443>
ServerName example.org
...
ProxyPreserveHost on
ProxyPass /_matrix/client/r0/user_directory/ http://localhost:8090/_matrix/client/r0/user_directory/
ProxyPass /_matrix/identity/ http://localhost:8090/_matrix/identity/
ProxyPass /_matrix/ http://localhost:8008/_matrix/
</VirtualHost>
```
#### nginx
The specific configuration to add under your `server` section is:
```
location /_matrix/client/r0/user_directory {
proxy_pass http://0.0.0.0:8090/_matrix/client/r0/user_directory;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
```
Your `server` section should now look like this:
```
server {
listen 443 ssl;
server_name example.org;
...
location /_matrix/client/r0/user_directory {
proxy_pass http://localhost:8090/_matrix/client/r0/user_directory;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /_matrix/identity {
proxy_pass http://localhost:8090/_matrix/identity;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /_matrix {
proxy_pass http://localhost:8008/_matrix;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
```
### DNS Overwrite ### DNS Overwrite
Just like you need to configure a reverse proxy to send client requests to mxisd, you also need to configure mxisd with Just like you need to configure a reverse proxy to send client requests to mxisd, you also need to configure mxisd with
the internal IP of the Homeserver so it can talk to it directly to integrate its directory search. the internal IP of the Homeserver so it can talk to it directly to integrate its directory search.

42
docs/getting-started.md
View File

@@ -56,14 +56,14 @@ Complete configuration guide is available [here](configure.md).
For an overview of a typical mxisd infrastructure, see the [dedicated document](architecture.md) For an overview of a typical mxisd infrastructure, see the [dedicated document](architecture.md)
### Reverse proxy ### Reverse proxy
#### Apache2 #### Apache2
In the VirtualHost handling the domain with SSL, add the following line and replace `0.0.0.0` by the internal IP/hostname In the `VirtualHost` section handling the domain with SSL, add the following and replace `0.0.0.0` by the internal
pointing to mxisd. hostname/IP pointing to mxisd.
**This line MUST be present before the one for the homeserver!** **This line MUST be present before the one for the homeserver!**
``` ```
ProxyPass /_matrix/identity/ http://0.0.0.0:8090/_matrix/identity/ ProxyPass /_matrix/identity/ http://0.0.0.0:8090/_matrix/identity/
``` ```
Typical VirtualHost configuration would be: Typical configuration would look like:
``` ```
<VirtualHost *:443> <VirtualHost *:443>
ServerName example.org ServerName example.org
@@ -71,11 +71,43 @@ Typical VirtualHost configuration would be:
... ...
ProxyPreserveHost on ProxyPreserveHost on
ProxyPass /_matrix/identity/ http://10.1.2.3:8090/_matrix/identity/ ProxyPass /_matrix/identity/ http://localhost:8090/_matrix/identity/
ProxyPass /_matrix/ http://10.1.2.3:8008/_matrix/ ProxyPass /_matrix/ http://localhost:8008/_matrix/
</VirtualHost> </VirtualHost>
``` ```
#### nginx
In the `server` section handling the domain with SSL, add the following and replace `0.0.0.0` with the internal
hostname/IP pointing to mxisd.
**This line MUST be present before the one for the homeserver!**
```
location /_matrix/identity {
proxy_pass http://0.0.0.0:8090/_matrix/identity;
}
```
Typical configuration would look like:
```
server {
listen 443 ssl;
server_name example.org;
...
location /_matrix/identity {
proxy_pass http://localhost:8090/_matrix/identity;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /_matrix {
proxy_pass http://localhost:8008/_matrix;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
```
### Synapse ### Synapse
Add your mxisd domain into the `homeserver.yaml` at `trusted_third_party_id_servers` and restart synapse. Add your mxisd domain into the `homeserver.yaml` at `trusted_third_party_id_servers` and restart synapse.
In a typical configuration, you would end up with something similair to: In a typical configuration, you would end up with something similair to: