yanistyle/element-docker-demo
1
0
Fork 0
mirror of https://github.com/element-hq/element-docker-demo.git synced 2026-01-25 06:26:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix up nginx

Browse Source
This commit is contained in:
Matthew Hodgson
2024-11-04 18:58:43 +00:00
parent a3b41ec3ed
commit 1ad060cc0f
12 changed files with 139 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
compose.yml
View File

@@ -51,20 +51,23 @@ services:
generate-mas-secrets: generate-mas-secrets:
condition: service_completed_successfully condition: service_completed_successfully
# nginx: nginx:
# image: nginx:latest image: nginx:latest
# restart: unless-stopped restart: unless-stopped
# ports: ports:
# - "80:80" - "80:80"
# - "443:443" - "443:443"
# volumes: - "8448:8448"
# - ${VOLUME_PATH}/data/nginx:/etc/nginx/conf.d volumes:
# - ${VOLUME_PATH}/data/certbot/conf:/etc/letsencrypt - ${VOLUME_PATH}/data/nginx/conf.d:/etc/nginx/conf.d
# - ${VOLUME_PATH}/data/certbot/www:/var/www/certbot - ${VOLUME_PATH}/data/nginx/www:/var/www
# command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" - ${VOLUME_PATH}/data/nginx/ssl:/etc/nginx/ssl
# depends_on: # - ${VOLUME_PATH}/data/certbot/conf:/etc/letsencrypt
# init: # - ${VOLUME_PATH}/data/certbot/www:/var/www/certbot
# condition: service_completed_successfully command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
depends_on:
init:
condition: service_completed_successfully
# certbot: # certbot:
# image: certbot/certbot:latest # image: certbot/certbot:latest
@@ -226,16 +229,16 @@ services:
init: init:
condition: service_completed_successfully condition: service_completed_successfully
# livekit-server: livekit-server:
# image: livekit/livekit-server:latest image: livekit/livekit-server:latest
# restart: unless-stopped restart: unless-stopped
# ports: ports:
# - 7880:7880 # HTTP API - 7880:7880 # HTTP API
# - 7881:7881 # WS signalling - 7881:7881 # WS signalling
# # - 50000-60000:50000-60000/tcp # TCP media # - 50000-60000:50000-60000/tcp # TCP media
# # - 50000-60000:50000-60000/udp # UDP media # - 50000-60000:50000-60000/udp # UDP media
# networks: networks:
# - backend - backend
# depends_on: depends_on:
# init: init:
# condition: service_completed_successfully condition: service_completed_successfully

112
data-template/nginx/app.conf
View File

@@ -1,112 +0,0 @@
# taken from https://element-hq.github.io/synapse/latest/reverse_proxy.html
# mixed with https://github.com/wmnnd/nginx-certbot/tree/master/data/nginx
server {
server_name example.com;
server_tokens off;
listen 80;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name element.example.com;
server_tokens off;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://element-web:8080;
}
}
server {
server_name call.example.com;
server_tokens off;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://element-call:8082;
}
}
server {
server_name auth.example.com;
server_tokens off;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://auth:8083;
}
}
server {
server_name matrix.example.com;
server_tokens off;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# For the federation port
listen 8448 ssl default_server;
listen [::]:8448 ssl default_server;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# pass auth to MAS
location ~ ^/_matrix/client/(.*)/(login|logout|refresh) { proxy_pass http://auth:8083 }
# use the generic worker as a synchrotron:
# taken from https://element-hq.github.io/synapse/latest/workers.html#synapseappgeneric_worker
location ~ ^/_matrix/client/(r0|v3)/sync$ { proxy_pass http://synapse-generic-worker-1:8081 }
location ~ ^/_matrix/client/(api/v1|r0|v3)/events$ { proxy_pass http://synapse-generic-worker-1:8081 }
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ { proxy_pass http://synapse-generic-worker-1:8081 }
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ { proxy_pass http://synapse-generic-worker-1:8081 }
location / {
proxy_pass http://synapse:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
location /.well-known {}
# Synapse responses may be chunked, which is an HTTP/1.1 feature.
proxy_http_version 1.1;
}

90
data-template/nginx/conf.d/app.conf Normal file
View File

@@ -0,0 +1,90 @@
${CONFIG_HEADER}
# taken from https://element-hq.github.io/synapse/latest/reverse_proxy.html
# mixed with https://github.com/wmnnd/nginx-certbot/tree/master/etc/nginx/conf.d/nginx
server {
server_name ${DOMAIN};
server_tokens off;
listen 80;
# location /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
location / {
return 301 https://${DOLLAR}host${DOLLAR}request_uri;
}
}
server {
server_name ${ELEMENT_WEB_FQDN};
server_tokens off;
include /etc/nginx/conf.d/include/ssl.conf;
location / {
proxy_pass http://element-web:8080;
}
}
server {
server_name ${ELEMENT_CALL_FQDN};
server_tokens off;
include /etc/nginx/conf.d/include/ssl.conf;
location / {
proxy_pass http://element-call:8082;
}
}
server {
server_name ${MAS_FQDN};
server_tokens off;
include /etc/nginx/conf.d/include/ssl.conf;
location / {
proxy_pass http://auth:8083;
}
}
server {
server_name ${HOMESERVER_FQDN};
server_tokens off;
include /etc/nginx/conf.d/include/ssl.conf;
# For the federation port
listen 8448 ssl default_server;
listen [::]:8448 ssl default_server;
# pass auth to MAS
location ~ ^/_matrix/client/(.*)/(login|logout|refresh) { proxy_pass http://auth:8083; }
# use the generic worker as a synchrotron:
# taken from https://element-hq.github.io/synapse/latest/workers.html#synapseappgeneric_worker
location ~ ^/_matrix/client/(r0|v3)/sync${DOLLAR} { proxy_pass http://synapse-generic-worker-1:8081; }
location ~ ^/_matrix/client/(api/v1|r0|v3)/events${DOLLAR} { proxy_pass http://synapse-generic-worker-1:8081; }
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync${DOLLAR} { proxy_pass http://synapse-generic-worker-1:8081; }
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync${DOLLAR} { proxy_pass http://synapse-generic-worker-1:8081; }
location / {
proxy_pass http://synapse:8008;
proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
proxy_set_header Host ${DOLLAR}host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
location /.well-known {}
# Synapse responses may be chunked, which is an HTTP/1.1 feature.
proxy_http_version 1.1;
}

10
data-template/nginx/conf.d/include/ssl.conf Normal file
View File

@@ -0,0 +1,10 @@
listen 443 ssl;
listen [::]:443 ssl;
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/nginx/ssl/client.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;

0
data-template/nginx/.well-known/matrix/client → data-template/nginx/www/.well-known/matrix/client
View File

0
data-template/nginx/.well-known/matrix/server → data-template/nginx/www/.well-known/matrix/server
View File

0
data-template/nginx/.well-known/matrix/support → data-template/nginx/www/.well-known/matrix/support
View File

2
data-template/synapse/homeserver.yaml
View File

@@ -48,6 +48,8 @@ trusted_key_servers:
# please keep config above this point as close as possible to the original generated config # please keep config above this point as close as possible to the original generated config
# so that upstream generated config changes can be detected # so that upstream generated config changes can be detected
suppress_key_server_warning: true
send_federation: false send_federation: false
federation_sender_instances: federation_sender_instances:
- synapse-federation-sender-1 - synapse-federation-sender-1

2
data-template/synapse/log.config
View File

@@ -1,3 +1,5 @@
${CONFIG_HEADER}
# Log configuration for Synapse. # Log configuration for Synapse.
# #
# This is a YAML file containing a standard Python logging configuration # This is a YAML file containing a standard Python logging configuration

2
data-template/synapse/workers/synapse-federation-sender-1.yaml
View File

@@ -1,3 +1,5 @@
${CONFIG_HEADER}
worker_app: synapse.app.federation_sender worker_app: synapse.app.federation_sender
worker_name: synapse-federation-sender-1 worker_name: synapse-federation-sender-1

2
data-template/synapse/workers/synapse-generic-worker-1.yaml
View File

@@ -1,3 +1,5 @@
${CONFIG_HEADER}
worker_app: synapse.app.generic_worker worker_app: synapse.app.generic_worker
worker_name: synapse-generic-worker-1 worker_name: synapse-generic-worker-1

1
init/init.sh
View File

@@ -59,6 +59,7 @@ template() {
} }
export CONFIG_HEADER="# WARNING: This file is autogenerated by element-quick-start from templates" export CONFIG_HEADER="# WARNING: This file is autogenerated by element-quick-start from templates"
export DOLLAR='$' # evil hack to escape dollars in config files
( (
export SECRETS_SYNAPSE_REGISTRATION_SHARED_SECRET=$(</secrets/synapse/registration_shared_secret) export SECRETS_SYNAPSE_REGISTRATION_SHARED_SECRET=$(</secrets/synapse/registration_shared_secret)
export SECRETS_SYNAPSE_MACAROON_SECRET_KEY=$(</secrets/synapse/macaroon_secret_key) export SECRETS_SYNAPSE_MACAROON_SECRET_KEY=$(</secrets/synapse/macaroon_secret_key)