From ce3c31eb414ff8105069cf65d31682c4245bc7b2 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <s.pantaleev@gmail.com>
Date: Sat, 12 Aug 2017 18:32:24 +0300
Subject: [PATCH] Adjust x_forwarded setting for the plain (8008) port

Port 8008 is forwarded in our case, so unless we adjust
`x_forwaded` for it, Docker's local network IPs are
logged/displayed for devices.

The TLS port (8448) is not proxied in our setup,
so its `x_forwarded` setting remains `false`.
---
 roles/matrix-server/tasks/setup_synapse.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/matrix-server/tasks/setup_synapse.yml b/roles/matrix-server/tasks/setup_synapse.yml
index 5a797b745..56f927e4d 100644
--- a/roles/matrix-server/tasks/setup_synapse.yml
+++ b/roles/matrix-server/tasks/setup_synapse.yml
@@ -69,6 +69,14 @@
     line: 'url_preview_ip_range_blacklist: ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "100.64.0.0/10", "169.254.0.0/16"]'
     insertafter: '^# url_preview_ip_range_blacklist:$'
 
+# We only wish to do this for the 8008 port and not for the 8448 port
+# (2nd instance of `x_forwarded` found in the config)
+- name: Augment Matrix config (mark 8008 plain traffic as forwarded)
+  replace: "dest={{ matrix_synapse_data_path }}/homeserver.yaml"
+  args:
+    regexp: "8008((?:.|\n)*)x_forwarded(.*)"
+    replace: '8008\g<1>x_forwarded: true'
+
 - name: Augment Matrix config (change database from SQLite to Postgres)
   lineinfile:
     dest: "{{ matrix_synapse_data_path }}/homeserver.yaml"