diff --git a/roles/docker-matrix-compose/README.md b/roles/docker-matrix-compose/README.md index d9862ab8..fe674f38 100644 --- a/roles/docker-matrix-compose/README.md +++ b/roles/docker-matrix-compose/README.md @@ -34,6 +34,10 @@ Matrix is an open-source project that provides a protocol for secure, decentrali ``` docker-compose logs ``` + +## Debug: +- https://federationtester.matrix.org/ + ## Sources ### Guides diff --git a/roles/docker-matrix-compose/tasks/main.yml b/roles/docker-matrix-compose/tasks/main.yml index 670ec566..d3a1fb00 100644 --- a/roles/docker-matrix-compose/tasks/main.yml +++ b/roles/docker-matrix-compose/tasks/main.yml @@ -2,13 +2,28 @@ - name: "include docker-compose-database.yml" include_tasks: docker-compose-database.yml -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include task certbot-matomo.yml" + include_tasks: certbot-matomo.yml vars: domain: "{{synapse_domain}}" http_port: "{{synapse_http_port}}" + +- name: configure {{synapse_domain}}.conf + template: + src: "templates/nginx.conf.j2" + dest: "{{nginx_servers_directory}}{{synapse_domain}}.conf" + vars: + domain: "{{synapse_domain}}" + http_port: "{{synapse_http_port}}" + notify: restart nginx + +#- name: "include tasks nginx-docker-proxy-domain.yml" +# include_tasks: nginx-docker-proxy-domain.yml +# vars: +# domain: "{{synapse_domain}}" +# http_port: "{{synapse_http_port}}" -- name: "include tasks nginx-docker-proxy-domain.yml" +- name: "include tasks nginx-docker-proxy-domain.yml for element" include_tasks: nginx-docker-proxy-domain.yml vars: domain: "{{element_domain}}" diff --git a/roles/docker-matrix-compose/templates/nginx.conf.j2 b/roles/docker-matrix-compose/templates/nginx.conf.j2 new file mode 100644 index 00000000..847790c5 --- /dev/null +++ b/roles/docker-matrix-compose/templates/nginx.conf.j2 @@ -0,0 +1,29 @@ +server { + server_name {{domain}}; + {% include 'roles/letsencrypt/templates/ssl_header.j2' %} + + # For the federation port + listen 8448 ssl http2 default_server; + listen [::]:8448 ssl http2 default_server; + + {% if nginx_matomo_tracking | bool %} + {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} + {% endif %} + + location ~ ^(/_matrix|/_synapse/client) { + # note: do not add a path (even a single /) after the port in `proxy_pass`, + # otherwise nginx will canonicalise the URI and cause signature verification + # errors. + proxy_pass http://127.0.0.1:{{http_port}}; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + + # Nginx by default only allows file uploads up to 1M in size + # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml + client_max_body_size 50M; + + # Synapse responses may be chunked, which is an HTTP/1.1 feature. + proxy_http_version 1.1; + } +} \ No newline at end of file