From 67d16f42332f1da2a8f2b77e81f12fcc24c7c7ac Mon Sep 17 00:00:00 2001
From: Jin-Guk Kwon <jinguk.kwon@ungleich.ch>
Date: Tue, 14 Sep 2021 12:24:23 +0200
Subject: [PATCH] Update nginx-vhost-config.sh for Task#9465

---
 .../files/nginx-vhost-config.sh               | 160 ++----------------
 1 file changed, 14 insertions(+), 146 deletions(-)

diff --git a/type/__ungleich_matrix/files/nginx-vhost-config.sh b/type/__ungleich_matrix/files/nginx-vhost-config.sh
index 6aa0191..a26d0f5 100755
--- a/type/__ungleich_matrix/files/nginx-vhost-config.sh
+++ b/type/__ungleich_matrix/files/nginx-vhost-config.sh
@@ -2,159 +2,27 @@
 
 set -e
 
-sync_endpoints=$(tr -d '\n' << EOF
-(^/_matrix/client/(v2_alpha|r0)/sync$
-|^/_matrix/client/(api/v1|v2_alpha|r0)/events$
-|^/_matrix/client/(api/v1|r0)/initialSync$
-|^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$)
-EOF
-)
-
-federation_endpoints=$(tr -d '\n' << EOF
-(^/_matrix/federation/v1/event/
-|^/_matrix/federation/v1/state/
-|^/_matrix/federation/v1/state_ids/
-|^/_matrix/federation/v1/backfill/
-|^/_matrix/federation/v1/get_missing_events/
-|^/_matrix/federation/v1/publicRooms
-|^/_matrix/federation/v1/query/
-|^/_matrix/federation/v1/make_join/
-|^/_matrix/federation/v1/make_leave/
-|^/_matrix/federation/v1/send_join/
-|^/_matrix/federation/v2/send_join/
-|^/_matrix/federation/v1/send_leave/
-|^/_matrix/federation/v2/send_leave/
-|^/_matrix/federation/v1/invite/
-|^/_matrix/federation/v2/invite/
-|^/_matrix/federation/v1/query_auth/
-|^/_matrix/federation/v1/event_auth/
-|^/_matrix/federation/v1/exchange_third_party_invite/
-|^/_matrix/federation/v1/user/devices/
-|^/_matrix/federation/v1/get_groups_publicised$
-|^/_matrix/key/v2/query)
-EOF
-)
-
-inbound_federation_endpoint="^/_matrix/federation/v1/send/"
-
-event_sending_endpoints=$(tr -d '\n' << EOF
-(^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact
-|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send
-|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/
-|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$
-|^/_matrix/client/(api/v1|r0|unstable)/join/
-|^/_matrix/client/(api/v1|r0|unstable)/profile/)
-EOF
-)
-
-client_endpoints=$(tr -d '\n' << EOF
-(^/_matrix/client/(api/v1|r0|unstable)/publicRooms$
-|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$
-|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
-|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$
-|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$
-|^/_matrix/client/(api/v1|r0|unstable)/account/3pid$
-|^/_matrix/client/(api/v1|r0|unstable)/devices$
-|^/_matrix/client/(api/v1|r0|unstable)/keys/query$
-|^/_matrix/client/(api/v1|r0|unstable)/keys/changes$
-|^/_matrix/client/versions$
-|^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$
-|^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
-|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
-|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
-|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
-|^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
-|^/_matrix/client/(api/v1|r0|unstable)/search$)
-EOF
-)
-
-register_endpoints=$(tr -d '\n' << EOF
-(^/_matrix/client/(api/v1|r0|unstable)/login$
-|^/_matrix/client/(r0|unstable)/register$)
-EOF
-)
-
 cat << EOF
 # Deny access to root.
 deny all;
 
-location ~ /_matrix|/_synapse {
-	# Allow anyone to reach synapse.
-	allow all;
+##worker
+include /etc/nginx/conf.d/generic_worker.conf;
 
-	# Allow uploading large files.
-	client_max_body_size ${MAX_UPLOAD_SIZE:?};
+   location ~* /_synapse/metrics {
+        proxy_pass http://localhost:9000;
+        include /etc/nginx/conf.d/synapse-proxy.conf;
+        }
 
-	# Proxy configuration.
-	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-	proxy_set_header X-Forwarded-Proto \$scheme;
-	proxy_set_header Host \$http_host;
-	proxy_set_header X-Real-IP \$remote_addr;
-	# proxy_pass http://localhost:8008;
-
-	location ~ /_synapse/metrics {
-		# service-monitoring.p6 (monitoring LAN).
-		allow $PROMETHEUS_SOURCE_ADDRESS;
-		deny all;
-
-		proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-		proxy_set_header X-Forwarded-Proto \$scheme;
-		proxy_set_header Host \$http_host;
-		proxy_set_header X-Real-IP \$remote_addr;
+    ##
+    location ~* ^(/_matrix|/_synapse) {
 		proxy_pass http://localhost:8008;
-	}
-EOF
-
-if [ -n "$FEDERATION_WORKERS" ]; then
-	cat << EOF
-	# Inbound federation.
-	location ~ $inbound_federation_endpoint {
-		proxy_pass http://inbound_federation_workers;
-	}
-
-	# Anything else federation.
-	location ~ $federation_endpoints {
-		proxy_pass http://federation_workers;
-	}
-EOF
-fi
-
-if [ -n "$SYNC_WORKERS" ]; then
-	cat << EOF
-	# Syncing
-	location ~ $sync_endpoints {
-		proxy_pass http://sync_workers;
-	}
-EOF
-fi
-
-if [ -n "$EVENT_SENDING_WORKERS" ]; then
-	cat << EOF
-	location ~ $event_sending_endpoints {
-
-		proxy_pass http://event_sending_workers;
-	}
-EOF
-fi
-
-if [ -n "$CLIENT_WORKERS" ]; then
-	cat << EOF
-	location ~ $client_endpoints {
-		proxy_pass http://client_workers;
-	}
-EOF
-fi
-
-if [ -n "$REGISTER_WORKERS" ]; then
-	cat << EOF
-	location ~ $register_endpoints {
-		proxy_pass http://register_workers;
-	}
-EOF
-fi
-
-cat << EOF
-    proxy_pass http://localhost:8008;
+		include /etc/nginx/conf.d/synapse-proxy.conf;
+    }
+     location / {
+		proxy_pass http://localhost:8008;
+		include /etc/nginx/conf.d/synapse-proxy.conf;
+     }
 EOF
 
 echo "}"