Update nginx-vhost-config.sh for Task#9465
This commit is contained in:
parent
db9168650c
commit
67d16f4233
|
|
@ -2,159 +2,27 @@
|
|||
|
||||
set -e
|
||||
|
||||
sync_endpoints=$(tr -d '\n' << EOF
|
||||
(^/_matrix/client/(v2_alpha|r0)/sync$
|
||||
|^/_matrix/client/(api/v1|v2_alpha|r0)/events$
|
||||
|^/_matrix/client/(api/v1|r0)/initialSync$
|
||||
|^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$)
|
||||
EOF
|
||||
)
|
||||
|
||||
federation_endpoints=$(tr -d '\n' << EOF
|
||||
(^/_matrix/federation/v1/event/
|
||||
|^/_matrix/federation/v1/state/
|
||||
|^/_matrix/federation/v1/state_ids/
|
||||
|^/_matrix/federation/v1/backfill/
|
||||
|^/_matrix/federation/v1/get_missing_events/
|
||||
|^/_matrix/federation/v1/publicRooms
|
||||
|^/_matrix/federation/v1/query/
|
||||
|^/_matrix/federation/v1/make_join/
|
||||
|^/_matrix/federation/v1/make_leave/
|
||||
|^/_matrix/federation/v1/send_join/
|
||||
|^/_matrix/federation/v2/send_join/
|
||||
|^/_matrix/federation/v1/send_leave/
|
||||
|^/_matrix/federation/v2/send_leave/
|
||||
|^/_matrix/federation/v1/invite/
|
||||
|^/_matrix/federation/v2/invite/
|
||||
|^/_matrix/federation/v1/query_auth/
|
||||
|^/_matrix/federation/v1/event_auth/
|
||||
|^/_matrix/federation/v1/exchange_third_party_invite/
|
||||
|^/_matrix/federation/v1/user/devices/
|
||||
|^/_matrix/federation/v1/get_groups_publicised$
|
||||
|^/_matrix/key/v2/query)
|
||||
EOF
|
||||
)
|
||||
|
||||
inbound_federation_endpoint="^/_matrix/federation/v1/send/"
|
||||
|
||||
event_sending_endpoints=$(tr -d '\n' << EOF
|
||||
(^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/join/
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/profile/)
|
||||
EOF
|
||||
)
|
||||
|
||||
client_endpoints=$(tr -d '\n' << EOF
|
||||
(^/_matrix/client/(api/v1|r0|unstable)/publicRooms$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/account/3pid$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/devices$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/keys/query$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/keys/changes$
|
||||
|^/_matrix/client/versions$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
|
||||
|^/_matrix/client/(api/v1|r0|unstable)/search$)
|
||||
EOF
|
||||
)
|
||||
|
||||
register_endpoints=$(tr -d '\n' << EOF
|
||||
(^/_matrix/client/(api/v1|r0|unstable)/login$
|
||||
|^/_matrix/client/(r0|unstable)/register$)
|
||||
EOF
|
||||
)
|
||||
|
||||
cat << EOF
|
||||
# Deny access to root.
|
||||
deny all;
|
||||
|
||||
location ~ /_matrix|/_synapse {
|
||||
# Allow anyone to reach synapse.
|
||||
allow all;
|
||||
##worker
|
||||
include /etc/nginx/conf.d/generic_worker.conf;
|
||||
|
||||
# Allow uploading large files.
|
||||
client_max_body_size ${MAX_UPLOAD_SIZE:?};
|
||||
location ~* /_synapse/metrics {
|
||||
proxy_pass http://localhost:9000;
|
||||
include /etc/nginx/conf.d/synapse-proxy.conf;
|
||||
}
|
||||
|
||||
# Proxy configuration.
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_set_header Host \$http_host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
# proxy_pass http://localhost:8008;
|
||||
|
||||
location ~ /_synapse/metrics {
|
||||
# service-monitoring.p6 (monitoring LAN).
|
||||
allow $PROMETHEUS_SOURCE_ADDRESS;
|
||||
deny all;
|
||||
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_set_header Host \$http_host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
##
|
||||
location ~* ^(/_matrix|/_synapse) {
|
||||
proxy_pass http://localhost:8008;
|
||||
}
|
||||
EOF
|
||||
|
||||
if [ -n "$FEDERATION_WORKERS" ]; then
|
||||
cat << EOF
|
||||
# Inbound federation.
|
||||
location ~ $inbound_federation_endpoint {
|
||||
proxy_pass http://inbound_federation_workers;
|
||||
}
|
||||
|
||||
# Anything else federation.
|
||||
location ~ $federation_endpoints {
|
||||
proxy_pass http://federation_workers;
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ -n "$SYNC_WORKERS" ]; then
|
||||
cat << EOF
|
||||
# Syncing
|
||||
location ~ $sync_endpoints {
|
||||
proxy_pass http://sync_workers;
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ -n "$EVENT_SENDING_WORKERS" ]; then
|
||||
cat << EOF
|
||||
location ~ $event_sending_endpoints {
|
||||
|
||||
proxy_pass http://event_sending_workers;
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ -n "$CLIENT_WORKERS" ]; then
|
||||
cat << EOF
|
||||
location ~ $client_endpoints {
|
||||
proxy_pass http://client_workers;
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ -n "$REGISTER_WORKERS" ]; then
|
||||
cat << EOF
|
||||
location ~ $register_endpoints {
|
||||
proxy_pass http://register_workers;
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
cat << EOF
|
||||
proxy_pass http://localhost:8008;
|
||||
include /etc/nginx/conf.d/synapse-proxy.conf;
|
||||
}
|
||||
location / {
|
||||
proxy_pass http://localhost:8008;
|
||||
include /etc/nginx/conf.d/synapse-proxy.conf;
|
||||
}
|
||||
EOF
|
||||
|
||||
echo "}"
|
||||
|
|
|
|||
Loading…
Reference in New Issue