Implemented federation for matrix

2024-11-22 12:41:05 +01:00 · 2024-01-18 20:53:14 +01:00 · 2024-01-18 20:53:14 +01:00 · ddf87feb42
commit ddf87feb42
parent f16641aa87
3 changed files with 51 additions and 3 deletions
--- a/roles/docker-matrix-compose/README.md
+++ b/roles/docker-matrix-compose/README.md
@ -34,6 +34,10 @@ Matrix is an open-source project that provides a protocol for secure, decentrali
    ```
    docker-compose logs
    ```
+
+## Debug:
+- https://federationtester.matrix.org/
+
 ## Sources

 ### Guides
--- a/roles/docker-matrix-compose/tasks/main.yml
+++ b/roles/docker-matrix-compose/tasks/main.yml
@ -2,13 +2,28 @@
 - name: "include docker-compose-database.yml"
  include_tasks: docker-compose-database.yml

- name: "include tasks nginx-docker-proxy-domain.yml"
-  include_tasks: nginx-docker-proxy-domain.yml
+- name: "include task certbot-matomo.yml"
+  include_tasks: certbot-matomo.yml
  vars:
    domain:     "{{synapse_domain}}"
    http_port:  "{{synapse_http_port}}"
+
+- name: configure {{synapse_domain}}.conf
+  template: 
+    src:  "templates/nginx.conf.j2" 
+    dest: "{{nginx_servers_directory}}{{synapse_domain}}.conf"
+  vars:
+    domain:     "{{synapse_domain}}"
+    http_port:  "{{synapse_http_port}}"
+  notify: restart nginx
+
+#- name: "include tasks nginx-docker-proxy-domain.yml"
+#  include_tasks: nginx-docker-proxy-domain.yml
+#  vars:
+#    domain:     "{{synapse_domain}}"
+#    http_port:  "{{synapse_http_port}}"
        
- name: "include tasks nginx-docker-proxy-domain.yml"
+- name: "include tasks nginx-docker-proxy-domain.yml for element"
  include_tasks: nginx-docker-proxy-domain.yml
  vars:        
    domain:     "{{element_domain}}"
--- a/roles/docker-matrix-compose/templates/nginx.conf.j2
+++ b/roles/docker-matrix-compose/templates/nginx.conf.j2
@ -0,0 +1,29 @@
+server {
+    server_name {{domain}};
+    {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
+    
+    # For the federation port
+    listen 8448 ssl http2 default_server;
+    listen [::]:8448 ssl http2 default_server;
+
+    {% if nginx_matomo_tracking | bool %}
+        {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
+    {% endif %}
+
+    location ~ ^(/_matrix|/_synapse/client) {
+        # note: do not add a path (even a single /) after the port in `proxy_pass`,
+        # otherwise nginx will canonicalise the URI and cause signature verification
+        # errors.
+        proxy_pass http://127.0.0.1:{{http_port}};
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+
+        # Nginx by default only allows file uploads up to 1M in size
+        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+        client_max_body_size 50M;
+    
+    # Synapse responses may be chunked, which is an HTTP/1.1 feature.
+    proxy_http_version 1.1;
+    }
+}