From a9f95fcbd4e2a8827e19f6412382dc6a05c4605c Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 24 Dec 2021 15:22:37 +0100 Subject: [PATCH] [matrix] update for element proxied --- apps/matrix/README.md | 7 ++++ apps/matrix/element-web-nginx/default.conf | 17 ++++++++ apps/matrix/templates/element-web-proxy.yaml | 10 +++++ apps/matrix/templates/element-web.yaml | 43 ++++++++++++++++++-- apps/matrix/values.yaml | 13 ++---- 5 files changed, 77 insertions(+), 13 deletions(-) create mode 100644 apps/matrix/element-web-nginx/default.conf create mode 100644 apps/matrix/templates/element-web-proxy.yaml diff --git a/apps/matrix/README.md b/apps/matrix/README.md index fded2a5..574ffd5 100644 --- a/apps/matrix/README.md +++ b/apps/matrix/README.md @@ -30,6 +30,13 @@ add_header X-XSS-Protection "1; mode=block"; add_header Content-Security-Policy "frame-ancestors 'none'"; ``` + # Whether to create the two federation files on the web client + # - /.well-known/matrix/server containing {"m.server": + # "homeserver:443"}. + # - /.well-known/matrix/client containing { "m.homeserver": { + # "base_url": "https://homeserver" } }. Example: + + ### matrix-synapse * Requires homeserver.yaml for starting diff --git a/apps/matrix/element-web-nginx/default.conf b/apps/matrix/element-web-nginx/default.conf new file mode 100644 index 0000000..0479c99 --- /dev/null +++ b/apps/matrix/element-web-nginx/default.conf @@ -0,0 +1,17 @@ +server { + listen 127.0.0.1:8080; + listen [::1]:8080; + server_name localhost; + + root /usr/share/nginx/html; + index index.html; + + # Set no-cache for the index.html only so that browsers always check for a new copy of Element Web. + location = /index.html { + add_header Cache-Control "no-cache"; + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; +} diff --git a/apps/matrix/templates/element-web-proxy.yaml b/apps/matrix/templates/element-web-proxy.yaml new file mode 100644 index 0000000..9c584e3 --- /dev/null +++ b/apps/matrix/templates/element-web-proxy.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-element-web-nginx-proxy + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: matrix-element-web-proxy +data: +{{ tpl (.Files.Glob "element-web-nginx-proxy/*").AsConfig . | indent 2 }} diff --git a/apps/matrix/templates/element-web.yaml b/apps/matrix/templates/element-web.yaml index ead5154..d28849a 100644 --- a/apps/matrix/templates/element-web.yaml +++ b/apps/matrix/templates/element-web.yaml @@ -14,12 +14,46 @@ spec: labels: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: matrix-element-web + annotations: + checksum/config: {{ include (print $.Template.BasePath "/element-web-proxy.yaml") . | sha256sum }} spec: containers: + - name: nginx + image: ungleich/ungleich-certbot:1.1.1 + ports: + - containerPort: 443 + name: https + - containerPort: 80 + name: http + env: + - name: DOMAIN + value: "{{ tpl .Values.elementWebFQDN . }}" + - name: EMAIL + value: "{{ .Values.email }}" + {{ if eq .Values.letsencryptStaging "no" }} + - name: STAGING + value: "no" + {{ end }} + volumeMounts: + - name: nginx-config-proxy + mountPath: "/nginx-configs" + - name: etcletsencrypt + mountPath: "/etc/letsencrypt" - name: element-web image: vectorim/element-web:{{ .Values.elementWebVersion }} ports: - - containerPort: 80 + - containerPort: 8080 + volumeMounts: + - name: nginx-config + mountPath: "/etc/nginx/conf.d/" + command: ["nginx", "-g", "daemon off;" ] + volumes: + - name: nginx-config + configMap: + name: {{ .Release.Name }}-element-web-nginx + - name: nginx-config-proxy + configMap: + name: {{ .Release.Name }}-element-web-nginx-proxy --- apiVersion: v1 kind: Service @@ -31,9 +65,10 @@ metadata: spec: type: ClusterIP ports: - # Required for letsencrypt - port: 80 name: http + - port: 443 + name: https selector: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: matrix-element-web @@ -42,9 +77,9 @@ spec: apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-element-web + name: {{ .Release.Name }}-element-web-nginx labels: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: matrix-element-web data: -{{ tpl (.Files.Get "element-web/nginx-default.conf") . | indent 8 }} +{{ tpl (.Files.Glob "element-web-nginx/*").AsConfig . | indent 2 }} diff --git a/apps/matrix/values.yaml b/apps/matrix/values.yaml index 7c72424..26522f1 100644 --- a/apps/matrix/values.yaml +++ b/apps/matrix/values.yaml @@ -2,15 +2,6 @@ clusterDomain: c2.k8s.ooo email: technik@ungleich.ch letsencryptStaging: "yes" - -fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - -# This needs delegation / configuration on fn.nf -server_name: "fn.nf" - -# Full URL -- for later, when external domains are supported -# web_client_location: "https://TBD" - enable_registration: false # Maximum size of one particular file @@ -18,3 +9,7 @@ max_filesize_in_mb: 100 elementWebVersion: "v1.9.8" synapseVersion: "v1.49.0" + +elementWebFQDN: "{{ .Release.Name }}-element-web.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" +synapseFQDN: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" +homeServerFQDN: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"