From 8155f780e5291496eaf4f4ab989e676cf33e8a91 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 6 Feb 2023 13:08:11 +0200 Subject: [PATCH] Add support for reverse-proxying Matric (Client & Federation) via Traefik --- group_vars/matrix_servers | 7 +++++ requirements.yml | 2 +- roles/custom/matrix-base/defaults/main.yml | 3 +++ .../matrix-nginx-proxy/defaults/main.yml | 7 +++++ .../matrix-nginx-proxy/templates/labels.j2 | 26 +++++++++++++++++++ 5 files changed, 44 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index da624d9a5..8ce94f52e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2215,6 +2215,7 @@ matrix_nginx_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" matrix_nginx_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_config_entrypoint_primary }}" +matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: true matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: "{{ matrix_client_element_enabled }}" matrix_nginx_proxy_container_labels_traefik_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}" matrix_nginx_proxy_container_labels_traefik_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}" @@ -3349,6 +3350,12 @@ devture_traefik_enabled: "{{ matrix_playbook_traefik_role_enabled }}" devture_traefik_uid: "{{ matrix_user_uid }}" devture_traefik_gid: "{{ matrix_user_gid }}" +devture_traefik_additional_entrypoints_auto: + - name: matrix-federation + port: "{{ matrix_federation_public_port }}" + host_bind_port: "{{ matrix_federation_public_port }}" + config: {} + ######################################################################## # # # /com.devture.ansible.role.traefik # diff --git a/requirements.yml b/requirements.yml index 696b27000..e0ff1e818 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,4 +37,4 @@ version: v0.11.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: 407af71a3667b1d8083beb10bf22423ecf013f58 + version: b8609fd07c26c89a72fe2934d183af5fd964bc1c diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 63aee58ac..025e7363a 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -92,6 +92,9 @@ matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" matrix_federation_public_port: 8448 +# The name of the Traefik entrypoint for handling Matrix Federation +matrix_federation_traefik_entrypoint: matrix-federation + # The architecture that your server runs. # Recognized values by us are 'amd64', 'arm32' and 'arm64'. # Not all architectures support all services, so your experience (on non-amd64) may vary. diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 25911a499..e83e9b5b2 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -49,6 +49,13 @@ matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_nginx_pro matrix_nginx_proxy_container_labels_traefik_entrypoints: web-secure matrix_nginx_proxy_container_labels_traefik_tls_certResolver: default # noqa var-naming +matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: false +matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" +matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}" +matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname }}`)" +matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint: "{{ matrix_federation_traefik_entrypoint }}" +matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints: "{{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoint }}" + matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled: false matrix_nginx_proxy_container_labels_traefik_proxy_element_hostname: "{{ matrix_server_fqn_element }}" matrix_nginx_proxy_container_labels_traefik_proxy_element_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}" diff --git a/roles/custom/matrix-nginx-proxy/templates/labels.j2 b/roles/custom/matrix-nginx-proxy/templates/labels.j2 index 06cc8d1a8..407654a70 100644 --- a/roles/custom/matrix-nginx-proxy/templates/labels.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/labels.j2 @@ -6,6 +6,27 @@ traefik.docker.network={{ matrix_nginx_proxy_container_labels_traefik_docker_net {% endif %} +{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled %} +# Matrix Client +traefik.http.routers.matrix-nginx-proxy-matrix-client.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }} +traefik.http.routers.matrix-nginx-proxy-matrix-client.service=matrix-nginx-proxy-web +traefik.http.routers.matrix-nginx-proxy-matrix-client.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }} +{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %} +traefik.http.routers.matrix-nginx-proxy-matrix-client.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }} +{% endif %} +traefik.http.routers.matrix-nginx-proxy-matrix-client.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }} + +# Matrix Federation +traefik.http.routers.matrix-nginx-proxy-matrix-federation.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule }} +traefik.http.routers.matrix-nginx-proxy-matrix-federation.service=matrix-nginx-proxy-federation +traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls | to_json }} +{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls %} +traefik.http.routers.matrix-nginx-proxy-matrix-federation.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }} +{% endif %} +traefik.http.routers.matrix-nginx-proxy-matrix-federation.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_entrypoints }} +{% endif %} + + {% if matrix_nginx_proxy_container_labels_traefik_proxy_element_enabled %} # Element traefik.http.routers.matrix-nginx-proxy-element.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_element_rule }} @@ -139,6 +160,11 @@ traefik.http.routers.matrix-nginx-proxy-ntfy.entrypoints={{ matrix_nginx_proxy_c traefik.http.services.matrix-nginx-proxy-web.loadbalancer.server.port=8080 + +{% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %} +traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }} +{% endif %} + {% endif %} {{ matrix_nginx_proxy_container_labels_additional_labels }}