[matrix] update redis and wokers for Task#12025

This commit is contained in:
kjg 2023-09-26 17:52:52 +00:00
parent c3edc04869
commit e5350b639b
7 changed files with 118 additions and 120 deletions

View file

@ -21,12 +21,21 @@ Setting up matrix for ...
- the homeserver "homeserver.fn.nf" - the homeserver "homeserver.fn.nf"
- element web on m.fn.nf - element web on m.fn.nf
- set domains via .env - set domains and config via .env
``` ```
homeServerFQDN=homeServerFQDN.sample.matrix.ungleich.cloud homeServerFQDN=homeServerFQDN.sample.matrix.ungleich.cloud
synapseFQDN=synapse.sample.matrix.ungleich.cloud synapseFQDN=synapse.sample.matrix.ungleich.cloud
elementWebFQDN=elementWebFQDN.sample.matrix.ungleich.cloud elementWebFQDN=elementWebFQDN.sample.matrix.ungleich.cloud
dbuser=synapse
dbhost=postgres.tws-matrix.ungleich.cloud
dbpassword=NEEDTOSETPASSWORD
dbname=synapse
DOMAIN=synapse.tws-matrix.ungleich.cloud
EMAIL=technik@ungleich.ch
STAGING=no
redishost=redis-node1.ungleich.cloud
redisport=7300
``` ```

View file

@ -1,26 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name chat.tws-matrix.ungleich.cloud;
ssl_certificate /etc/letsencrypt/live/chat.tws-matrix.ungleich.cloud/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.tws-matrix.ungleich.cloud/privkey.pem;
client_max_body_size 512m;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";
proxy_pass http://localhost:8080;
}
}

View file

@ -1,26 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/tws-matrix.ungleich.cloud/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tws-matrix.ungleich.cloud/privkey.pem;
server_name tws-matrix.ungleich.cloud;
proxy_buffering off;
location /.well-known/matrix/server {
default_type application/json;
return 200 '{"m.server": "synapse.tws-matrix.ungleich.cloud:443" }';
}
location /.well-known/matrix/client {
default_type application/json;
return 200 '{ "m.homeserver": { "base_url": "https://synapse.tws-matrix.ungleich.cloud" } }';
}
location / {
proxy_buffering off;
client_max_body_size 512M;
return 301 https://chat.tws-matrix.ungleich.cloud;
}
}

View file

@ -1,19 +1,5 @@
version: '3' version: '3'
services: services:
#nginx:
# container_name: nginx
# image: ungleich/ungleich-certbot:1.1.4
# restart: unless-stopped
# environment:
# - DOMAIN=${DOMAIN}
# - EMAIL=${EMAIL}
# - STAGING=${STAGING}
# ports:
# - "443:443/tcp"
# volumes:
# - ./conf:/etc/nginx/conf.d
# - ./etcletsencrypt:/etc/letsencrypt
# - ./dconf/nginx.conf:/etc/nginx/nginx.conf
synapse: synapse:
image: matrixdotorg/synapse:latest image: matrixdotorg/synapse:latest
restart: unless-stopped restart: unless-stopped
@ -29,9 +15,6 @@ services:
- REDISHOST=${redishost} - REDISHOST=${redishost}
- REDISPORT=${redisport} - REDISPORT=${redisport}
network_mode: "host" network_mode: "host"
#ports:
# - "127.0.0.1:8008:8008/tcp"
#- "[::1]:8008:8008/tcp"
volumes: volumes:
- ./synapse:/data - ./synapse:/data
entrypoint: sh -c "/data/homeserver.yaml.sh && chmod -R 777 /data && /start.py" entrypoint: sh -c "/data/homeserver.yaml.sh && chmod -R 777 /data && /start.py"
@ -45,17 +28,14 @@ services:
- ELEMENTWEB=${elementWebFQDN} - ELEMENTWEB=${elementWebFQDN}
volumes: volumes:
- ./element/config.json.sh:/app/config.json.sh - ./element/config.json.sh:/app/config.json.sh
- ./element/element.conf.sh:/app/element.conf.sh
- ./element/redirector.conf.sh:/app/redirector.conf.sh
- ./element/synapse.conf.sh:/app/synapse.conf.sh
- ./conf:/etc/nginx/conf.d - ./conf:/etc/nginx/conf.d
- ./etcletsencrypt:/etc/letsencrypt - ./etcletsencrypt:/etc/letsencrypt
- ./dconf/nginx.conf:/etc/nginx/nginx.conf - ./dconf/nginx.conf:/etc/nginx/nginx.conf
command: sh -c "/app/config.json.sh && nginx -g 'daemon off;'" command: sh -c "/app/config.json.sh && /app/element.conf.sh && /app/redirector.conf.sh && /app/synapse.conf.sh && nginx -g 'daemon off;'"
#entrypoint: /app/config.json.sh
network_mode: "host" network_mode: "host"
#ports:
# - "443:443/tcp"
# - "80:80/tcp"
#- "127.0.0.1:8080:80/tcp"
#- "[::1]:8080:80/tcp"
synapse-generic-worker-1: synapse-generic-worker-1:
image: matrixdotorg/synapse:latest image: matrixdotorg/synapse:latest
@ -89,8 +69,3 @@ services:
SYNAPSE_WORKER: synapse.app.generic_worker SYNAPSE_WORKER: synapse.app.generic_worker
depends_on: depends_on:
- synapse - synapse
# redis:
# image: "redis:latest"
# restart: "unless-stopped"
# network_mode: "host"

View file

@ -0,0 +1,30 @@
#!/bin/sh
cat << EOF > /etc/nginx/conf.d/element.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name $ELEMENTWEB;
ssl_certificate /etc/letsencrypt/live/$ELEMENTWEB/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$ELEMENTWEB/privkey.pem;
client_max_body_size 512m;
location / {
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header Host \$http_host;
proxy_set_header X-Real-IP \$remote_addr;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";
proxy_pass http://localhost:8080;
}
}
EOF

View file

@ -0,0 +1,31 @@
#!/bin/sh
cat << EOF > /etc/nginx/conf.d/redirector.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/$SERVERNAME/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$SERVERNAME/privkey.pem;
server_name $SERVERNAME;
proxy_buffering off;
location /.well-known/matrix/server {
default_type application/json;
return 200 '{"m.server": "$PUBLICBASEURL:443" }';
}
location /.well-known/matrix/client {
default_type application/json;
return 200 '{ "m.homeserver": { "base_url": "https://$PUBLICBASEURL" } }';
}
location / {
proxy_buffering off;
client_max_body_size 512M;
return 301 https://$ELEMENTWEB;
}
}
EOF

View file

@ -1,3 +1,7 @@
#!/bin/sh
cat << EOF > /etc/nginx/conf.d/synapse.conf
upstream synapse_master { upstream synapse_master {
server localhost:8008; server localhost:8008;
} }
@ -10,14 +14,14 @@ upstream synapse_generic {
server localhost:8081; server localhost:8081;
} }
map $request_uri $synapse_backend { map \$request_uri \$synapse_backend {
default synapse_master; default synapse_master;
# Sync requests # Sync requests
~*^/_matrix/client/(r0|v3)/sync$ synapse_generic; ~*^/_matrix/client/(r0|v3)/sync\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3)/events$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3)/events\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3)/initialSync$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3)/initialSync\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync\$ synapse_generic;
# Federation requests # Federation requests
~*^/_matrix/federation/v1/event/ synapse_federation; ~*^/_matrix/federation/v1/event/ synapse_federation;
@ -42,40 +46,40 @@ map $request_uri $synapse_backend {
~*^/_matrix/federation/v1/send/ synapse_federation; ~*^/_matrix/federation/v1/send/ synapse_federation;
# Client API requests # Client API requests
~*^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state\$ synapse_generic;
~*^/_matrix/client/v1/rooms/.*/hierarchy$ synaspe_generic; ~*^/_matrix/client/v1/rooms/.*/hierarchy\$ synaspe_generic;
~*^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ synapse_generic; ~*^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send\$ synapse_generic;
~*^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ synapse_generic; ~*^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary\$ synapse_generic;
~*^/_matrix/client/(r0|v3|unstable)/account/3pid$ synapse_generic; ~*^/_matrix/client/(r0|v3|unstable)/account/3pid\$ synapse_generic;
~*^/_matrix/client/(r0|v3|unstable)/account/whoami$ synapse_generic; ~*^/_matrix/client/(r0|v3|unstable)/account/whoami\$ synapse_generic;
~*^/_matrix/client/(r0|v3|unstable)/devices$ synapse_generic; ~*^/_matrix/client/(r0|v3|unstable)/devices\$ synapse_generic;
~*^/_matrix/client/versions$ synapse_generic; ~*^/_matrix/client/versions\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/search$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/search\$ synapse_generic;
# Encryption requests # Encryption requests
~*^/_matrix/client/(r0|v3|unstable)/keys/query$ synapse_generic; ~*^/_matrix/client/(r0|v3|unstable)/keys/query\$ synapse_generic;
~*^/_matrix/client/(r0|v3|unstable)/keys/changes$ synapse_generic; ~*^/_matrix/client/(r0|v3|unstable)/keys/changes\$ synapse_generic;
~*^/_matrix/client/(r0|v3|unstable)/keys/claim$ synapse_generic; ~*^/_matrix/client/(r0|v3|unstable)/keys/claim\$ synapse_generic;
~*^/_matrix/client/(r0|v3|unstable)/room_keys/ synapse_generic; ~*^/_matrix/client/(r0|v3|unstable)/room_keys/ synapse_generic;
# Registration/login requests # Registration/login requests
~*^/_matrix/client/(api/v1|r0|v3|unstable)/login$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/login\$ synapse_generic;
~*^/_matrix/client/(r0|v3|unstable)/register$ synapse_generic; ~*^/_matrix/client/(r0|v3|unstable)/register\$ synapse_generic;
~*^/_matrix/client/v1/register/m.login.registration_token/validity$ synapse_generic; ~*^/_matrix/client/v1/register/m.login.registration_token/validity\$ synapse_generic;
# Event sending requests # Event sending requests
~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)\$ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/join/ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/join/ synapse_generic;
~*^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ synapse_generic;
@ -91,7 +95,7 @@ map $request_uri $synapse_backend {
~*^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ synapse_generic; ~*^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ synapse_generic;
# User directory search requests # User directory search requests
~*^/_matrix/client/(r0|v3|unstable)/user_directory/search$ synapse_generic; ~*^/_matrix/client/(r0|v3|unstable)/user_directory/search\$ synapse_generic;
} }
@ -99,10 +103,10 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/synapse.tws-matrix.ungleich.cloud/fullchain.pem; ssl_certificate /etc/letsencrypt/live/$PUBLICBASEURL/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/synapse.tws-matrix.ungleich.cloud/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/$PUBLICBASEURL/privkey.pem;
server_name synapse.tws-matrix.ungleich.cloud; server_name $PUBLICBASEURL;
client_max_body_size 512m; client_max_body_size 512m;
@ -113,14 +117,15 @@ server {
} }
location ~ /_matrix|/_synapse { location ~ /_matrix|/_synapse {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header Host $http_host; proxy_set_header Host \$http_host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP \$remote_addr;
proxy_connect_timeout 3600; proxy_connect_timeout 3600;
proxy_send_timeout 3600; proxy_send_timeout 3600;
proxy_read_timeout 3600; proxy_read_timeout 3600;
send_timeout 3600; send_timeout 3600;
proxy_pass http://$synapse_backend; proxy_pass http://\$synapse_backend;
} }
} }
EOF