2021-02-19 10:27:16 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
sync_endpoints=$(tr -d '\n' << EOF
|
|
|
|
(^/_matrix/client/(v2_alpha|r0)/sync$
|
|
|
|
|^/_matrix/client/(api/v1|v2_alpha|r0)/events$
|
|
|
|
|^/_matrix/client/(api/v1|r0)/initialSync$
|
|
|
|
|^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$)
|
|
|
|
EOF
|
|
|
|
)
|
|
|
|
|
|
|
|
federation_endpoints=$(tr -d '\n' << EOF
|
|
|
|
(^/_matrix/federation/v1/event/
|
|
|
|
|^/_matrix/federation/v1/state/
|
|
|
|
|^/_matrix/federation/v1/state_ids/
|
|
|
|
|^/_matrix/federation/v1/backfill/
|
|
|
|
|^/_matrix/federation/v1/get_missing_events/
|
|
|
|
|^/_matrix/federation/v1/publicRooms
|
|
|
|
|^/_matrix/federation/v1/query/
|
|
|
|
|^/_matrix/federation/v1/make_join/
|
|
|
|
|^/_matrix/federation/v1/make_leave/
|
|
|
|
|^/_matrix/federation/v1/send_join/
|
|
|
|
|^/_matrix/federation/v2/send_join/
|
|
|
|
|^/_matrix/federation/v1/send_leave/
|
|
|
|
|^/_matrix/federation/v2/send_leave/
|
|
|
|
|^/_matrix/federation/v1/invite/
|
|
|
|
|^/_matrix/federation/v2/invite/
|
|
|
|
|^/_matrix/federation/v1/query_auth/
|
|
|
|
|^/_matrix/federation/v1/event_auth/
|
|
|
|
|^/_matrix/federation/v1/exchange_third_party_invite/
|
|
|
|
|^/_matrix/federation/v1/user/devices/
|
|
|
|
|^/_matrix/federation/v1/get_groups_publicised$
|
|
|
|
|^/_matrix/key/v2/query)
|
|
|
|
EOF
|
|
|
|
)
|
|
|
|
|
|
|
|
inbound_federation_endpoint="^/_matrix/federation/v1/send/"
|
|
|
|
|
|
|
|
event_sending_endpoints=$(tr -d '\n' << EOF
|
|
|
|
(^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/join/
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/profile/)
|
|
|
|
EOF
|
|
|
|
)
|
|
|
|
|
|
|
|
client_endpoints=$(tr -d '\n' << EOF
|
|
|
|
(^/_matrix/client/(api/v1|r0|unstable)/publicRooms$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/account/3pid$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/devices$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/keys/query$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/keys/changes$
|
|
|
|
|^/_matrix/client/versions$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
|
2021-07-18 05:37:20 +00:00
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
|
|
|
|
|^/_matrix/client/(api/v1|r0|unstable)/search$)
|
2021-02-19 10:27:16 +00:00
|
|
|
EOF
|
|
|
|
)
|
|
|
|
|
2021-07-17 17:43:13 +00:00
|
|
|
register_endpoints=$(tr -d '\n' << EOF
|
|
|
|
(^/_matrix/client/(api/v1|r0|unstable)/login$
|
|
|
|
|^/_matrix/client/(r0|unstable)/register$)
|
|
|
|
EOF
|
|
|
|
)
|
|
|
|
|
2021-02-19 10:27:16 +00:00
|
|
|
cat << EOF
|
|
|
|
# Deny access to root.
|
|
|
|
deny all;
|
|
|
|
|
|
|
|
location ~ /_matrix|/_synapse {
|
|
|
|
# Allow anyone to reach synapse.
|
|
|
|
allow all;
|
|
|
|
|
|
|
|
# Allow uploading large files.
|
|
|
|
client_max_body_size ${MAX_UPLOAD_SIZE:?};
|
|
|
|
|
|
|
|
# Proxy configuration.
|
|
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
|
|
proxy_set_header Host \$http_host;
|
|
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
2021-08-13 08:51:24 +00:00
|
|
|
# proxy_pass http://localhost:8008;
|
2021-02-19 10:27:16 +00:00
|
|
|
|
|
|
|
location ~ /_synapse/metrics {
|
|
|
|
# service-monitoring.p6 (monitoring LAN).
|
|
|
|
allow $PROMETHEUS_SOURCE_ADDRESS;
|
|
|
|
deny all;
|
|
|
|
|
|
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
|
|
proxy_set_header Host \$http_host;
|
|
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
|
|
proxy_pass http://localhost:8008;
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
if [ -n "$FEDERATION_WORKERS" ]; then
|
|
|
|
cat << EOF
|
|
|
|
# Inbound federation.
|
|
|
|
location ~ $inbound_federation_endpoint {
|
|
|
|
proxy_pass http://inbound_federation_workers;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Anything else federation.
|
|
|
|
location ~ $federation_endpoints {
|
|
|
|
proxy_pass http://federation_workers;
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -n "$SYNC_WORKERS" ]; then
|
|
|
|
cat << EOF
|
|
|
|
# Syncing
|
|
|
|
location ~ $sync_endpoints {
|
|
|
|
proxy_pass http://sync_workers;
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -n "$EVENT_SENDING_WORKERS" ]; then
|
|
|
|
cat << EOF
|
|
|
|
location ~ $event_sending_endpoints {
|
|
|
|
|
|
|
|
proxy_pass http://event_sending_workers;
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -n "$CLIENT_WORKERS" ]; then
|
|
|
|
cat << EOF
|
|
|
|
location ~ $client_endpoints {
|
|
|
|
proxy_pass http://client_workers;
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
2021-07-17 17:43:13 +00:00
|
|
|
if [ -n "$REGISTER_WORKERS" ]; then
|
|
|
|
cat << EOF
|
|
|
|
location ~ $register_endpoints {
|
|
|
|
proxy_pass http://register_workers;
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
2021-08-13 08:51:24 +00:00
|
|
|
cat << EOF
|
|
|
|
proxy_pass http://localhost:8008;
|
|
|
|
EOF
|
|
|
|
|
2021-02-19 10:27:16 +00:00
|
|
|
echo "}"
|