12 changed files with 16 additions and 479 deletions
--- a/matrix_extDB/matrix_noDB/.env
+++ b/matrix_extDB/matrix_noDB/.env
@ -1,12 +1,7 @@
-homeServerFQDN=tws-matrix.ungleich.cloud
+homeServerFQDN=homeServerFQDN.sample.matrix.ungleich.cloud
-synapseFQDN=synapse.tws-matrix.ungleich.cloud
+synapseFQDN=synapse.sample.matrix.ungleich.cloud
-elementWebFQDN=chat.tws-matrix.ungleich.cloud
+elementWebFQDN=elementWebFQDN.sample.matrix.ungleich.cloud
 dbuser=synapse
-dbhost=postgres.tws-matrix.ungleich.cloud
+dbhost=
 dbpassword=NEEDTOSETPASSWORD
 dbname=synapse
 DOMAIN=synapse.tws-matrix.ungleich.cloud
 EMAIL=technik@ungleich.ch
 STAGING=no
 redishost=redis-node1.ungleich.cloud
 redisport=7300
--- a/matrix_extDB/matrix_noDB/conf/default
+++ b/matrix_extDB/matrix_noDB/conf/default
@ -1,11 +0,0 @@
 server {
    listen *:80;
    listen [::]:80;
    server_name _;
    # Everything else -> ssl
    location / {
        return 301 https://$host$request_uri;
    }
 }
--- a/matrix_extDB/matrix_noDB/conf/element.conf
+++ b/matrix_extDB/matrix_noDB/conf/element.conf
@ -1,26 +0,0 @@
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name chat.tws-matrix.ungleich.cloud;
    ssl_certificate      /etc/letsencrypt/live/chat.tws-matrix.ungleich.cloud/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/chat.tws-matrix.ungleich.cloud/privkey.pem;
    client_max_body_size 512m;
    location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header Content-Security-Policy "frame-ancestors 'none'";
      proxy_pass http://localhost:8080;
    }
 }
--- a/matrix_extDB/matrix_noDB/conf/redirector.conf
+++ b/matrix_extDB/matrix_noDB/conf/redirector.conf
@ -1,26 +0,0 @@
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate      /etc/letsencrypt/live/tws-matrix.ungleich.cloud/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/tws-matrix.ungleich.cloud/privkey.pem;
    server_name tws-matrix.ungleich.cloud;
    proxy_buffering off;
    location /.well-known/matrix/server {
      default_type application/json;
      return 200 '{"m.server": "synapse.tws-matrix.ungleich.cloud:443" }';
    }
    location /.well-known/matrix/client {
      default_type application/json;
      return 200 '{ "m.homeserver": { "base_url": "https://synapse.tws-matrix.ungleich.cloud" } }';
    }
    location / {
        proxy_buffering off;
        client_max_body_size 512M;
        return 301 https://chat.tws-matrix.ungleich.cloud;
    }
 }
--- a/matrix_extDB/matrix_noDB/conf/synapse.conf
+++ b/matrix_extDB/matrix_noDB/conf/synapse.conf
@ -1,126 +0,0 @@
 upstream synapse_master {
 	server localhost:8008;
 }
 upstream synapse_federation {
 	server localhost:8082;
 }
 upstream synapse_generic {
 	server localhost:8081;
 }
 map $request_uri $synapse_backend {
 	default synapse_master;
 	# Sync requests
 	~*^/_matrix/client/(r0|v3)/sync$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3)/events$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3)/initialSync$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ synapse_generic;
 	# Federation requests
 	~*^/_matrix/federation/v1/event/ synapse_federation;
 	~*^/_matrix/federation/v1/state/ synapse_federation;
 	~*^/_matrix/federation/v1/state_ids/ synapse_federation;
 	~*^/_matrix/federation/v1/backfill/ synapse_federation;
 	~*^/_matrix/federation/v1/get_missing_events/ synapse_federation;
 	~*^/_matrix/federation/v1/publicRooms synapse_federation;
 	~*^/_matrix/federation/v1/query/ synapse_federation;
 	~*^/_matrix/federation/v1/make_join/ synapse_federation;
 	~*^/_matrix/federation/v1/make_leave/ synapse_federation;
 	~*^/_matrix/federation/(v1|v2)/send_join/ synapse_federation;
 	~*^/_matrix/federation/(v1|v2)/send_leave/ synapse_federation;
 	~*^/_matrix/federation/(v1|v2)/invite/ synapse_federation;
 	~*^/_matrix/federation/v1/event_auth/ synapse_federation;
 	~*^/_matrix/federation/v1/exchange_third_party_invite/ synapse_federation;
 	~*^/_matrix/federation/v1/user/devices/ synapse_federation;
 	~*^/_matrix/key/v2/query synapse_federation;
 	~*^/_matrix/federation/v1/hierarchy/ synapse_federation;
 	# Inbound federation transaction request
 	~*^/_matrix/federation/v1/send/ synapse_federation;
 	# Client API requests
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ synapse_generic;
 	~*^/_matrix/client/v1/rooms/.*/hierarchy$ synaspe_generic;
 	~*^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ synapse_generic;
 	~*^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ synapse_generic;
 	~*^/_matrix/client/(r0|v3|unstable)/account/3pid$ synapse_generic;
 	~*^/_matrix/client/(r0|v3|unstable)/account/whoami$ synapse_generic;
 	~*^/_matrix/client/(r0|v3|unstable)/devices$ synapse_generic;
 	~*^/_matrix/client/versions$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/search$ synapse_generic;
 	# Encryption requests
 	~*^/_matrix/client/(r0|v3|unstable)/keys/query$ synapse_generic;
 	~*^/_matrix/client/(r0|v3|unstable)/keys/changes$ synapse_generic;
 	~*^/_matrix/client/(r0|v3|unstable)/keys/claim$ synapse_generic;
 	~*^/_matrix/client/(r0|v3|unstable)/room_keys/ synapse_generic;
 	# Registration/login requests
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/login$ synapse_generic;
 	~*^/_matrix/client/(r0|v3|unstable)/register$ synapse_generic;
 	~*^/_matrix/client/v1/register/m.login.registration_token/validity$ synapse_generic;
 	# Event sending requests
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/join/ synapse_generic;
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ synapse_generic;
 	# Account data requests
 	~*^/_matrix/client/(r0|v3|unstable)/.*/tags synapse_generic;
 	~*^/_matrix/client/(r0|v3|unstable)/.*/account_data synapse_generic;
 	# Receipts requests
 	#~*^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt synapse_generic;
 	#~*^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers synapse_generic;
 	# Presence requests
 	~*^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ synapse_generic;
 	# User directory search requests
 	~*^/_matrix/client/(r0|v3|unstable)/user_directory/search$ synapse_generic;
 }
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate      /etc/letsencrypt/live/synapse.tws-matrix.ungleich.cloud/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/synapse.tws-matrix.ungleich.cloud/privkey.pem;
    server_name synapse.tws-matrix.ungleich.cloud;
    client_max_body_size 512m;
    error_page 403 404 /403_404.html;
    location = /403_404.html {
 	    default_type application/json;
 	    return 200 'You are not authorized to access this page.';
    }
    location ~ /_matrix|/_synapse {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_connect_timeout 3600;
      proxy_send_timeout 3600;
      proxy_read_timeout 3600;
      send_timeout 3600;
      proxy_pass http://$synapse_backend;
    }
 }
--- a/matrix_extDB/matrix_noDB/dconf/nginx.conf
+++ b/matrix_extDB/matrix_noDB/dconf/nginx.conf
@ -1,94 +0,0 @@
 # /etc/nginx/nginx.conf
 user nginx;
 # Set number of worker processes automatically based on number of CPU cores.
 worker_processes auto;
 # Enables the use of JIT for regular expressions to speed-up their processing.
 pcre_jit on;
 # Configures default error logger.
 error_log /var/log/nginx/error.log warn;
 # Includes files with directives to load dynamic modules.
 include /etc/nginx/modules/*.conf;
 events {
 	# The maximum number of simultaneous connections that can be opened by
 	# a worker process.
 	worker_connections 1024;
 }
 http {
        server_names_hash_bucket_size 64;
        map_hash_bucket_size 128;
 	# Includes mapping of file name extensions to MIME types of responses
 	# and defines the default type.
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 	# Name servers used to resolve names of upstream servers into addresses.
 	# It's also needed when using tcpsocket and udpsocket in Lua modules.
 	#resolver 208.67.222.222 208.67.220.220;
 	# Don't tell nginx version to clients.
 	server_tokens off;
 	# Specifies the maximum accepted body size of a client request, as
 	# indicated by the request header Content-Length. If the stated content
 	# length is greater than this size, then the client receives the HTTP
 	# error code 413. Set to 0 to disable.
 	client_max_body_size 1m;
 	# Timeout for keep-alive connections. Server will close connections after
 	# this time.
 	keepalive_timeout 65;
 	# Sendfile copies data between one FD and other from within the kernel,
 	# which is more efficient than read() + write().
 	sendfile on;
 	# Don't buffer data-sends (disable Nagle algorithm).
 	# Good for sending frequent small bursts of data in real time.
 	tcp_nodelay on;
 	# Causes nginx to attempt to send its HTTP response head in one packet,
 	# instead of using partial frames.
 	#tcp_nopush on;
 	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
 	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
 	# Specifies that our cipher suits should be preferred over client ciphers.
 	ssl_prefer_server_ciphers on;
 	# Enables a shared SSL cache with size that can hold around 8000 sessions.
 	ssl_session_cache shared:SSL:2m;
 	# Enable gzipping of responses.
 	#gzip on;
 	# Set the Vary HTTP header as defined in the RFC 2616.
 	gzip_vary on;
 	# Enable checking the existence of precompressed files.
 	#gzip_static on;
 	# Specifies the main log format.
 	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 			'$status $body_bytes_sent "$http_referer" '
 			'"$http_user_agent" "$http_x_forwarded_for"';
 	# Sets the path, format, and configuration for a buffered log write.
 	access_log /var/log/nginx/access.log main;
 	# Includes virtual hosts configs.
 	include /etc/nginx/conf.d/*;
 }
--- a/matrix_extDB/matrix_noDB/docker-compose.yaml
+++ b/matrix_extDB/matrix_noDB/docker-compose.yaml
@ -1,19 +1,5 @@
 version: '3'
 services:
  #nginx:
  #  container_name: nginx
  #  image: ungleich/ungleich-certbot:1.1.4
  #  restart: unless-stopped
  #  environment:
  #    - DOMAIN=${DOMAIN}
  #    - EMAIL=${EMAIL}
  #    - STAGING=${STAGING}
  #  ports:
  #    - "443:443/tcp"
  #  volumes:
  #    - ./conf:/etc/nginx/conf.d
  #    - ./etcletsencrypt:/etc/letsencrypt
  #    - ./dconf/nginx.conf:/etc/nginx/nginx.conf
  synapse:
    image: matrixdotorg/synapse:latest
    restart: unless-stopped
@ -26,12 +12,8 @@ services:
      - DBHOST=${dbhost}
      - DBUSER=${dbuser}
      - DBPASSWORD=${dbpassword}
-      - REDISHOST=${redishost}
+    ports:
-      - REDISPORT=${redisport}
+      - "8008:8008/tcp"
    network_mode: "host"
    #ports:
    #  - "127.0.0.1:8008:8008/tcp"
      #- "[::1]:8008:8008/tcp"
    volumes:
      - ./synapse:/data
    entrypoint: sh -c "/data/homeserver.yaml.sh && chmod -R 777 /data  && /start.py"
@ -45,52 +27,7 @@ services:
      - ELEMENTWEB=${elementWebFQDN}
    volumes:
      - ./element/config.json.sh:/app/config.json.sh
      - ./conf:/etc/nginx/conf.d
      - ./etcletsencrypt:/etc/letsencrypt
      - ./dconf/nginx.conf:/etc/nginx/nginx.conf
    command: sh -c "/app/config.json.sh && nginx -g 'daemon off;'"
    #entrypoint: /app/config.json.sh
-    network_mode: "host"
+    ports:
-    #ports:
+      - "80:80/tcp"
    #  - "443:443/tcp"
    #  - "80:80/tcp"
      #- "127.0.0.1:8080:80/tcp"
      #- "[::1]:8080:80/tcp"
  synapse-generic-worker-1:
    image: matrixdotorg/synapse:latest
    container_name: synapse-generic-worker-1
    restart: unless-stopped
    entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/synapse-generic-worker-1.yaml"]
    healthcheck:
      test: ["CMD-SHELL", "curl -fSs http://localhost:8081/health || exit 1"]
      start_period: "5s"
      interval: "15s"
      timeout: "5s"
    network_mode: "host"
    volumes:
      - ./synapse:/data
    environment:
      SYNAPSE_WORKER: synapse.app.generic_worker
    depends_on:
      - synapse
  synapse-federation-sender-1:
    image: matrixdotorg/synapse:latest
    container_name: synapse-federation-sender-1
    restart: unless-stopped
    entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/synapse-federation-sender-1.yaml"]
    healthcheck:
      disable: true
    network_mode: "host"
    volumes:
      - ./synapse:/data
    environment:
      SYNAPSE_WORKER: synapse.app.generic_worker
    depends_on:
      - synapse
 #  redis:
 #    image: "redis:latest"
 #    restart: "unless-stopped"
 #    network_mode: "host"
--- a/matrix_extDB/matrix_noDB/synapse/federation_sender.log.yaml
+++ b/matrix_extDB/matrix_noDB/synapse/federation_sender.log.yaml
@ -1,33 +0,0 @@
 version: 1
 formatters:
  fmt:
    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
 filters:
  context:
    (): synapse.logging.context.LoggingContextFilter
    request: ""
 handlers:
  console:
    class: logging.StreamHandler
    formatter: fmt
    filters: [context]
 root:
  level: INFO
  handlers: [console] # to use file handler instead, switch to [file]
 loggers:
  synapse:
    level: INFO
  synapse.storage.SQL:
    level: INFO
  ldap3:
    level: INFO
  ldap_auth_provider:
    level: INFO
--- a/matrix_extDB/matrix_noDB/synapse/generic-worker-log.yaml
+++ b/matrix_extDB/matrix_noDB/synapse/generic-worker-log.yaml
@ -1,33 +0,0 @@
 version: 1
 formatters:
  fmt:
    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
 filters:
  context:
    (): synapse.logging.context.LoggingContextFilter
    request: ""
 handlers:
  console:
    class: logging.StreamHandler
    formatter: fmt
    filters: [context]
 root:
  level: INFO
  handlers: [console] # to use file handler instead, switch to [file]
 loggers:
  synapse:
    level: INFO
  synapse.storage.SQL:
    level: INFO
  ldap3:
    level: INFO
  ldap_auth_provider:
    level: INFO
--- a/matrix_extDB/matrix_noDB/synapse/homeserver.yaml.sh
+++ b/matrix_extDB/matrix_noDB/synapse/homeserver.yaml.sh
@ -286,16 +286,11 @@ listeners:
    tls: false
    type: http
    x_forwarded: true
-    bind_addresses: ['::1', '127.0.0.1']
+    bind_addresses: ['::', '0.0.0.0']
    resources:
      - names: [client, federation]
        compress: false
  # The HTTP replication port
  - port: 9093
    bind_addresses: ['::1', '127.0.0.1']
    type: http
    resources:
     - names: [replication]
    # example additional_resources:
    #
@ -2875,8 +2870,8 @@ opentracing:
 # started, to ensure that all instances are running with the same config (otherwise
 # events may be dropped).
 #
-federation_sender_instances:
+#federation_sender_instances:
-  - synapse-federation-sender-1
+#  - federation_sender1
 # When using workers this should be a map from worker_name to the
 # HTTP replication listener of the worker, if configured.
@ -2885,18 +2880,6 @@ federation_sender_instances:
 #  worker1:
 #    host: localhost
 #    port: 8034
 instance_map:
  main:
    host: 'localhost'
    port: 9093
  synapse-generic-worker-1:
    host: 'localhost'
    port: 8081
    tls: false
  synapse-federation-sender-1:
    host: 'localhost'
    port: 8082
    tls: false
 # Experimental: When using workers you can define which workers should
 # handle event persistence and typing notifications. Any worker
@ -2916,7 +2899,7 @@ instance_map:
 #
 # By default this is unused and traffic is not authenticated.
 #
-worker_replication_secret: "testtest#$"
+#worker_replication_secret: ""
 # Configuration for Redis when using workers. This *must* be enabled when
@ -2925,13 +2908,13 @@ worker_replication_secret: "testtest#$"
 redis:
  # Uncomment the below to enable Redis support.
  #
-  enabled: true
+  #enabled: true
  # Optional host and port to use to connect to redis. Defaults to
  # localhost and 6379
  #
-  host: $REDISHOST
+  #host: localhost
-  port: $REDISPORT
+  #port: 6379
  # Optional password if configured on the Redis instance
  #
--- a/matrix_extDB/matrix_noDB/synapse/workers/synapse-federation-sender-1.yaml
+++ b/matrix_extDB/matrix_noDB/synapse/workers/synapse-federation-sender-1.yaml
@ -1,15 +0,0 @@
 worker_app: synapse.app.generic_worker
 worker_name: synapse-federation-sender-1
 worker_listeners:
  - type: http
    port: 8082
    resources:
      - names: [federation]
  - type: http
    port: 9082
    resources:
      - names: [replication]
 worker_log_config: /data/federation_sender.log.yaml
--- a/matrix_extDB/matrix_noDB/synapse/workers/synapse-generic-worker-1.yaml
+++ b/matrix_extDB/matrix_noDB/synapse/workers/synapse-generic-worker-1.yaml
@ -1,14 +0,0 @@
 worker_app: synapse.app.generic_worker
 worker_name: synapse-generic-worker-1
 worker_listeners:
  - type: http
    port: 8081
    resources:
      - names: [client]
  - type: http
    port: 9081
    resources:
      - names: [replication]
 worker_log_config: /data/generic-worker-log.yaml