Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-03-14 19:06:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

allow mjolnir to connect via nginx HTTPS

Browse Source 
This is needed because mjolnir connecting directly to synapse causes it
to repeatedly disconnect around every hour, likely due to an issue with
keepalive.
This commit is contained in:
Daniel Micay 2025-02-27 08:58:57 -05:00
parent bd4e51a18c
commit a374df4aa3
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nftables/nftables-matrix.conf
View File

@ -109,7 +109,7 @@ table inet filter {
chain output-raw-loopback {
skuid unbound meta l4proto { tcp, udp } th sport 53 th dport >= 1024 th dport != 8008 notrack accept
skuid { alpm, chrony, synapse, matterbridge } meta l4proto { tcp, udp } th sport >= 1024 th sport != 8008 th dport 53 notrack accept
skuid { alpm, chrony, synapse, matterbridge, mjolnir } meta l4proto { tcp, udp } th sport >= 1024 th sport != 8008 th dport 53 notrack accept
skuid postgres udp sport >= 1024 udp sport != 8008 udp dport >= 1024 udp dport != 8008 notrack accept
@ -120,6 +120,7 @@ table inet filter {
skuid http tcp sport 443 tcp dport >= 1024 tcp dport != 8008 notrack accept
skuid matterbridge tcp sport >= 1024 tcp sport != 8008 tcp dport 443 notrack accept
skuid synapse tcp sport >= 1024 tcp sport != 8008 tcp dport 443 notrack accept
skuid mjolnir tcp sport >= 1024 tcp sport != 8008 tcp dport 443 notrack accept
skuid != root counter goto graceful-reject
notrack accept