[matrix] update redis and wokers for Task#12025

2023-09-26 17:52:52 +00:00 · 2023-09-26 17:52:52 +00:00 · e5350b639b
commit e5350b639b
parent c3edc04869
7 changed files with 118 additions and 120 deletions
--- a/matrix_extDB/matrix_noDB/README.md
+++ b/matrix_extDB/matrix_noDB/README.md
@ -21,12 +21,21 @@ Setting up matrix for  ...
 - the homeserver "homeserver.fn.nf"
 - element web on m.fn.nf

- set domains via .env
+- set domains and config via .env

 ```
 homeServerFQDN=homeServerFQDN.sample.matrix.ungleich.cloud
 synapseFQDN=synapse.sample.matrix.ungleich.cloud
 elementWebFQDN=elementWebFQDN.sample.matrix.ungleich.cloud
+dbuser=synapse
+dbhost=postgres.tws-matrix.ungleich.cloud
+dbpassword=NEEDTOSETPASSWORD
+dbname=synapse
+DOMAIN=synapse.tws-matrix.ungleich.cloud
+EMAIL=technik@ungleich.ch
+STAGING=no
+redishost=redis-node1.ungleich.cloud
+redisport=7300
 ```


--- a/matrix_extDB/matrix_noDB/conf/element.conf
+++ b/matrix_extDB/matrix_noDB/conf/element.conf
@ -1,26 +0,0 @@
-server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-
-    server_name chat.tws-matrix.ungleich.cloud;
-
-    ssl_certificate      /etc/letsencrypt/live/chat.tws-matrix.ungleich.cloud/fullchain.pem;
-    ssl_certificate_key  /etc/letsencrypt/live/chat.tws-matrix.ungleich.cloud/privkey.pem;
-
-    client_max_body_size 512m;
-
-
-    location / {
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-
-      add_header X-Frame-Options SAMEORIGIN;
-      add_header X-Content-Type-Options nosniff;
-      add_header X-XSS-Protection "1; mode=block";
-      add_header Content-Security-Policy "frame-ancestors 'none'";
-
-      proxy_pass http://localhost:8080;
-    }
-}
--- a/matrix_extDB/matrix_noDB/conf/redirector.conf
+++ b/matrix_extDB/matrix_noDB/conf/redirector.conf
@ -1,26 +0,0 @@
-server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-
-    ssl_certificate      /etc/letsencrypt/live/tws-matrix.ungleich.cloud/fullchain.pem;
-    ssl_certificate_key  /etc/letsencrypt/live/tws-matrix.ungleich.cloud/privkey.pem;
-
-    server_name tws-matrix.ungleich.cloud;
-    proxy_buffering off;
-
-
-    location /.well-known/matrix/server {
-      default_type application/json;
-      return 200 '{"m.server": "synapse.tws-matrix.ungleich.cloud:443" }';
-    }
-    location /.well-known/matrix/client {
-      default_type application/json;
-      return 200 '{ "m.homeserver": { "base_url": "https://synapse.tws-matrix.ungleich.cloud" } }';
-    }
-
-    location / {
-        proxy_buffering off;
-        client_max_body_size 512M;
-        return 301 https://chat.tws-matrix.ungleich.cloud;
-    }
-}
--- a/matrix_extDB/matrix_noDB/docker-compose.yaml
+++ b/matrix_extDB/matrix_noDB/docker-compose.yaml
@ -1,19 +1,5 @@
 version: '3'
 services:
-  #nginx:
-  #  container_name: nginx
-  #  image: ungleich/ungleich-certbot:1.1.4
-  #  restart: unless-stopped
-  #  environment:
-  #    - DOMAIN=${DOMAIN}
-  #    - EMAIL=${EMAIL}
-  #    - STAGING=${STAGING}
-  #  ports:
-  #    - "443:443/tcp"
-  #  volumes:
-  #    - ./conf:/etc/nginx/conf.d
-  #    - ./etcletsencrypt:/etc/letsencrypt
-  #    - ./dconf/nginx.conf:/etc/nginx/nginx.conf
  synapse:
    image: matrixdotorg/synapse:latest
    restart: unless-stopped
@ -29,9 +15,6 @@ services:
      - REDISHOST=${redishost}
      - REDISPORT=${redisport}
    network_mode: "host"
-    #ports:
-    #  - "127.0.0.1:8008:8008/tcp"
-      #- "[::1]:8008:8008/tcp"
    volumes:
      - ./synapse:/data
    entrypoint: sh -c "/data/homeserver.yaml.sh && chmod -R 777 /data  && /start.py"
@ -45,17 +28,14 @@ services:
      - ELEMENTWEB=${elementWebFQDN}
    volumes:
      - ./element/config.json.sh:/app/config.json.sh
+      - ./element/element.conf.sh:/app/element.conf.sh
+      - ./element/redirector.conf.sh:/app/redirector.conf.sh
+      - ./element/synapse.conf.sh:/app/synapse.conf.sh
      - ./conf:/etc/nginx/conf.d
      - ./etcletsencrypt:/etc/letsencrypt
      - ./dconf/nginx.conf:/etc/nginx/nginx.conf
-    command: sh -c "/app/config.json.sh && nginx -g 'daemon off;'"
-    #entrypoint: /app/config.json.sh
+    command: sh -c "/app/config.json.sh && /app/element.conf.sh && /app/redirector.conf.sh && /app/synapse.conf.sh && nginx -g 'daemon off;'"
    network_mode: "host"
-    #ports:
-    #  - "443:443/tcp"
-    #  - "80:80/tcp"
-      #- "127.0.0.1:8080:80/tcp"
-      #- "[::1]:8080:80/tcp"

  synapse-generic-worker-1:
    image: matrixdotorg/synapse:latest
@ -89,8 +69,3 @@ services:
      SYNAPSE_WORKER: synapse.app.generic_worker
    depends_on:
      - synapse
-
-#  redis:
-#    image: "redis:latest"
-#    restart: "unless-stopped"
-#    network_mode: "host"
--- a/matrix_extDB/matrix_noDB/element/element.conf.sh
+++ b/matrix_extDB/matrix_noDB/element/element.conf.sh
@ -0,0 +1,30 @@
+#!/bin/sh
+
+cat << EOF > /etc/nginx/conf.d/element.conf
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name $ELEMENTWEB;
+
+    ssl_certificate      /etc/letsencrypt/live/$ELEMENTWEB/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/$ELEMENTWEB/privkey.pem;
+
+    client_max_body_size 512m;
+
+
+    location / {
+      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto \$scheme;
+      proxy_set_header Host \$http_host;
+      proxy_set_header X-Real-IP \$remote_addr;
+
+      add_header X-Frame-Options SAMEORIGIN;
+      add_header X-Content-Type-Options nosniff;
+      add_header X-XSS-Protection "1; mode=block";
+      add_header Content-Security-Policy "frame-ancestors 'none'";
+
+      proxy_pass http://localhost:8080;
+    }
+}
+EOF
--- a/matrix_extDB/matrix_noDB/element/redirector.conf.sh
+++ b/matrix_extDB/matrix_noDB/element/redirector.conf.sh
@ -0,0 +1,31 @@
+#!/bin/sh
+
+
+cat << EOF > /etc/nginx/conf.d/redirector.conf
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    ssl_certificate      /etc/letsencrypt/live/$SERVERNAME/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/$SERVERNAME/privkey.pem;
+
+    server_name $SERVERNAME;
+    proxy_buffering off;
+
+
+    location /.well-known/matrix/server {
+      default_type application/json;
+      return 200 '{"m.server": "$PUBLICBASEURL:443" }';
+    }
+    location /.well-known/matrix/client {
+      default_type application/json;
+      return 200 '{ "m.homeserver": { "base_url": "https://$PUBLICBASEURL" } }';
+    }
+
+    location / {
+        proxy_buffering off;
+        client_max_body_size 512M;
+        return 301 https://$ELEMENTWEB;
+    }
+}
+EOF
--- a/matrix_extDB/matrix_noDB/element/synapse.conf.sh
+++ b/matrix_extDB/matrix_noDB/element/synapse.conf.sh
@ -1,3 +1,7 @@
+#!/bin/sh
+
+
+cat << EOF > /etc/nginx/conf.d/synapse.conf
 upstream synapse_master {
 	server localhost:8008;
 }
@ -10,14 +14,14 @@ upstream synapse_generic {
 	server localhost:8081;
 }

-map $request_uri $synapse_backend {
+map \$request_uri \$synapse_backend {
 	default synapse_master;

 	# Sync requests
-	~*^/_matrix/client/(r0|v3)/sync$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3)/events$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3)/initialSync$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ synapse_generic;
+	~*^/_matrix/client/(r0|v3)/sync\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3)/events\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3)/initialSync\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync\$ synapse_generic;

 	# Federation requests
 	~*^/_matrix/federation/v1/event/ synapse_federation;
@ -42,40 +46,40 @@ map $request_uri $synapse_backend {
 	~*^/_matrix/federation/v1/send/ synapse_federation;

 	# Client API requests
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ synapse_generic;
-	~*^/_matrix/client/v1/rooms/.*/hierarchy$ synaspe_generic;
-	~*^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ synapse_generic;
-	~*^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ synapse_generic;
-	~*^/_matrix/client/(r0|v3|unstable)/account/3pid$ synapse_generic;
-	~*^/_matrix/client/(r0|v3|unstable)/account/whoami$ synapse_generic;
-	~*^/_matrix/client/(r0|v3|unstable)/devices$ synapse_generic;
-	~*^/_matrix/client/versions$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state\$ synapse_generic;
+	~*^/_matrix/client/v1/rooms/.*/hierarchy\$ synaspe_generic;
+	~*^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send\$ synapse_generic;
+	~*^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary\$ synapse_generic;
+	~*^/_matrix/client/(r0|v3|unstable)/account/3pid\$ synapse_generic;
+	~*^/_matrix/client/(r0|v3|unstable)/account/whoami\$ synapse_generic;
+	~*^/_matrix/client/(r0|v3|unstable)/devices\$ synapse_generic;
+	~*^/_matrix/client/versions\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer\$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/search$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms\$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/search\$ synapse_generic;

 	# Encryption requests
-	~*^/_matrix/client/(r0|v3|unstable)/keys/query$ synapse_generic;
-	~*^/_matrix/client/(r0|v3|unstable)/keys/changes$ synapse_generic;
-	~*^/_matrix/client/(r0|v3|unstable)/keys/claim$ synapse_generic;
+	~*^/_matrix/client/(r0|v3|unstable)/keys/query\$ synapse_generic;
+	~*^/_matrix/client/(r0|v3|unstable)/keys/changes\$ synapse_generic;
+	~*^/_matrix/client/(r0|v3|unstable)/keys/claim\$ synapse_generic;
 	~*^/_matrix/client/(r0|v3|unstable)/room_keys/ synapse_generic;

 	# Registration/login requests
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/login$ synapse_generic;
-	~*^/_matrix/client/(r0|v3|unstable)/register$ synapse_generic;
-	~*^/_matrix/client/v1/register/m.login.registration_token/validity$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/login\$ synapse_generic;
+	~*^/_matrix/client/(r0|v3|unstable)/register\$ synapse_generic;
+	~*^/_matrix/client/v1/register/m.login.registration_token/validity\$ synapse_generic;

 	# Event sending requests
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ synapse_generic;
-	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ synapse_generic;
+	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)\$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/join/ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ synapse_generic;

@ -91,7 +95,7 @@ map $request_uri $synapse_backend {
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ synapse_generic;

 	# User directory search requests
-	~*^/_matrix/client/(r0|v3|unstable)/user_directory/search$ synapse_generic;
+	~*^/_matrix/client/(r0|v3|unstable)/user_directory/search\$ synapse_generic;
 }


@ -99,10 +103,10 @@ server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

-    ssl_certificate      /etc/letsencrypt/live/synapse.tws-matrix.ungleich.cloud/fullchain.pem;
-    ssl_certificate_key  /etc/letsencrypt/live/synapse.tws-matrix.ungleich.cloud/privkey.pem;
+    ssl_certificate      /etc/letsencrypt/live/$PUBLICBASEURL/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/$PUBLICBASEURL/privkey.pem;

-    server_name synapse.tws-matrix.ungleich.cloud;
+    server_name $PUBLICBASEURL;
    
    client_max_body_size 512m;

@ -113,14 +117,15 @@ server {
    }

    location ~ /_matrix|/_synapse {
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto \$scheme;
+      proxy_set_header Host \$http_host;
+      proxy_set_header X-Real-IP \$remote_addr;
      proxy_connect_timeout 3600;
      proxy_send_timeout 3600;
      proxy_read_timeout 3600;
      send_timeout 3600;
-      proxy_pass http://$synapse_backend;
+      proxy_pass http://\$synapse_backend;
    }
 }
+EOF