From 53dbaf5b526c034683ba15eb21aece0113726783 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 13 Nov 2023 19:09:52 +0100 Subject: [PATCH] phase in synapse admin --- ansible/inventory/runa.yml | 6 +++++ .../docker-compose/files/synapse-admin/.env | 2 ++ .../files/synapse-admin/docker-compose.yaml | 16 +++++++++++ .../files/synapse-admin/nginx/sa.conf | 27 +++++++++++++++++++ .../files/synapse-admin/turnserver.conf | 18 +++++++++++++ 5 files changed, 69 insertions(+) create mode 100644 ansible/roles/docker-compose/files/synapse-admin/.env create mode 100644 ansible/roles/docker-compose/files/synapse-admin/docker-compose.yaml create mode 100644 ansible/roles/docker-compose/files/synapse-admin/nginx/sa.conf create mode 100644 ansible/roles/docker-compose/files/synapse-admin/turnserver.conf diff --git a/ansible/inventory/runa.yml b/ansible/inventory/runa.yml index 73a25f5..e4cb990 100644 --- a/ansible/inventory/runa.yml +++ b/ansible/inventory/runa.yml @@ -36,4 +36,10 @@ runa: mtx-redis-2.lat.internal.ru.com: mtx-redis-3.lat.internal.ru.com: mtx-mngm-1.lat.internal.ru.com: + has_ssl_certificates: false + docker_compose: + - synapse-admin mtx-mngm-2.lat.internal.ru.com: + has_ssl_certificates: false + docker_compose: + - synapse-admin diff --git a/ansible/roles/docker-compose/files/synapse-admin/.env b/ansible/roles/docker-compose/files/synapse-admin/.env new file mode 100644 index 0000000..bc51216 --- /dev/null +++ b/ansible/roles/docker-compose/files/synapse-admin/.env @@ -0,0 +1,2 @@ +NGINX_VERSION=1.25.2-alpine +SYNAPSE_ADMIN_VERSION=0.8.7 diff --git a/ansible/roles/docker-compose/files/synapse-admin/docker-compose.yaml b/ansible/roles/docker-compose/files/synapse-admin/docker-compose.yaml new file mode 100644 index 0000000..0c61a9a --- /dev/null +++ b/ansible/roles/docker-compose/files/synapse-admin/docker-compose.yaml @@ -0,0 +1,16 @@ +version: '3.8' +services: + synapse-admin: + image: awesometechnologies/synapse-admin:${SYNAPSE_ADMIN_VERSION} + restart: unless-stopped + ports: + - "8008:80/tcp" + # nginx: + # image: nginx:${NGINX_VERSION} + # ports: + # - "80:80/tcp" + # - "443:443/tcp" + # volumes: + # - ./nginx:/etc/nginx/conf.d + # - /ssl:/ssl + # - /www:/www diff --git a/ansible/roles/docker-compose/files/synapse-admin/nginx/sa.conf b/ansible/roles/docker-compose/files/synapse-admin/nginx/sa.conf new file mode 100644 index 0000000..ad84aea --- /dev/null +++ b/ansible/roles/docker-compose/files/synapse-admin/nginx/sa.conf @@ -0,0 +1,27 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_certificate /ssl/chain.crt; + ssl_certificate_key /ssl/certificate.keyplain; + + error_page 403 404 /403_404.html; + location = /403_404.html { + default_type application/json; + return 200 'You are not authorized to access this page.'; + } + + location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; + send_timeout 600s; + + proxy_pass http://synapse-admin; + } +} diff --git a/ansible/roles/docker-compose/files/synapse-admin/turnserver.conf b/ansible/roles/docker-compose/files/synapse-admin/turnserver.conf new file mode 100644 index 0000000..8983501 --- /dev/null +++ b/ansible/roles/docker-compose/files/synapse-admin/turnserver.conf @@ -0,0 +1,18 @@ +realm=turn-1.corp-serv.net +no-tcp-relay +listening-ip=0.0.0.0 +listening-port=3478 +min-port=49152 +max-port=65535 + +external-ip=135.125.151.180/10.80.24.41 + +log-file=stdout +verbose +pidfile=/var/tmp/turnserver.pid +use-auth-secret +static-auth-secret=ihaaCac6Oow3ohzuvequ6esoo9eegheex + +tls-listening-port=5349 +pkey=/ssl/certificate.keyplain +cert=/ssl/chain.crt