ungleich-public/ungleich-k8s
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[matrix] update for element proxied

Browse source
This commit is contained in:
Nico Schottelius 2021-12-24 15:22:37 +01:00
parent 54706c382e
commit a9f95fcbd4
5 changed files with 77 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
apps/matrix/README.md
View file

@ -30,6 +30,13 @@ add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'"; add_header Content-Security-Policy "frame-ancestors 'none'";
``` ```
# Whether to create the two federation files on the web client
# - /.well-known/matrix/server containing {"m.server":
# "homeserver:443"}.
# - /.well-known/matrix/client containing { "m.homeserver": {
# "base_url": "https://homeserver" } }. Example:
### matrix-synapse ### matrix-synapse
* Requires homeserver.yaml for starting * Requires homeserver.yaml for starting

17
apps/matrix/element-web-nginx/default.conf Normal file
View file

@ -0,0 +1,17 @@
server {
listen 127.0.0.1:8080;
listen [::1]:8080;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
# Set no-cache for the index.html only so that browsers always check for a new copy of Element Web.
location = /index.html {
add_header Cache-Control "no-cache";
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
}

10
apps/matrix/templates/element-web-proxy.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-element-web-nginx-proxy
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: matrix-element-web-proxy
data:
{{ tpl (.Files.Glob "element-web-nginx-proxy/*").AsConfig . | indent 2 }}

43
apps/matrix/templates/element-web.yaml
View file

@ -14,12 +14,46 @@ spec:
labels: labels:
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: matrix-element-web app.kubernetes.io/component: matrix-element-web
annotations:
checksum/config: {{ include (print $.Template.BasePath "/element-web-proxy.yaml") . | sha256sum }}
spec: spec:
containers: containers:
- name: nginx
image: ungleich/ungleich-certbot:1.1.1
ports:
- containerPort: 443
name: https
- containerPort: 80
name: http
env:
- name: DOMAIN
value: "{{ tpl .Values.elementWebFQDN . }}"
- name: EMAIL
value: "{{ .Values.email }}"
{{ if eq .Values.letsencryptStaging "no" }}
- name: STAGING
value: "no"
{{ end }}
volumeMounts:
- name: nginx-config-proxy
mountPath: "/nginx-configs"
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: element-web - name: element-web
image: vectorim/element-web:{{ .Values.elementWebVersion }} image: vectorim/element-web:{{ .Values.elementWebVersion }}
ports: ports:
- containerPort: 80 - containerPort: 8080
volumeMounts:
- name: nginx-config
mountPath: "/etc/nginx/conf.d/"
command: ["nginx", "-g", "daemon off;" ]
volumes:
- name: nginx-config
configMap:
name: {{ .Release.Name }}-element-web-nginx
- name: nginx-config-proxy
configMap:
name: {{ .Release.Name }}-element-web-nginx-proxy
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -31,9 +65,10 @@ metadata:
spec: spec:
type: ClusterIP type: ClusterIP
ports: ports:
# Required for letsencrypt
- port: 80 - port: 80
name: http name: http
- port: 443
name: https
selector: selector:
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: matrix-element-web app.kubernetes.io/component: matrix-element-web
@ -42,9 +77,9 @@ spec:
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ .Release.Name }}-element-web name: {{ .Release.Name }}-element-web-nginx
labels: labels:
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: matrix-element-web app.kubernetes.io/component: matrix-element-web
data: data:
{{ tpl (.Files.Get "element-web/nginx-default.conf") . | indent 8 }} {{ tpl (.Files.Glob "element-web-nginx/*").AsConfig . | indent 2 }}

13
apps/matrix/values.yaml
View file

@ -2,15 +2,6 @@ clusterDomain: c2.k8s.ooo
email: technik@ungleich.ch email: technik@ungleich.ch
letsencryptStaging: "yes" letsencryptStaging: "yes"
fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
# This needs delegation / configuration on fn.nf
server_name: "fn.nf"
# Full URL -- for later, when external domains are supported
# web_client_location: "https://TBD"
enable_registration: false enable_registration: false
# Maximum size of one particular file # Maximum size of one particular file
@ -18,3 +9,7 @@ max_filesize_in_mb: 100
elementWebVersion: "v1.9.8" elementWebVersion: "v1.9.8"
synapseVersion: "v1.49.0" synapseVersion: "v1.49.0"
elementWebFQDN: "{{ .Release.Name }}-element-web.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
synapseFQDN: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
homeServerFQDN: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"