mirror of
https://github.com/ArcticFoxes-net/Synapse-Docker-Compose.git
synced 2024-12-25 01:39:23 -05:00
Add Matrix-to
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
487c2a2c1f
commit
cfff6d090a
@ -2,7 +2,7 @@
|
||||
Matrix Synapse Docker-Compose
|
||||
|
||||
1. Update `docker-compose.yml`
|
||||
2. Update the hostname in `swag/nginx/proxy-confs/synapse.subdomain.conf` and `swag/nginx/proxy-confs/element.subdomain.conf`approprieately.
|
||||
2. Update the hostname in `swag/nginx/proxy-confs/synapse.subdomain.conf`, `swag/nginx/proxy-confs/element.subdomain.conf`, and `swag/nginx/proxy-confs/matrix-to.subdomain.conf` approprieately.
|
||||
3. Run `docker-compose run --rm -e SYNAPSE_SERVER_NAME=yourdomain.tld -e SYNAPSE_REPORT_STATS=no synapse generate`
|
||||
4. Update ./files/homeserver.yaml
|
||||
- Update web_client_location to app.yourdomain.tld (Remember to remove the comment #)
|
||||
@ -10,12 +10,12 @@ Matrix Synapse Docker-Compose
|
||||
- Uncomment serve_server_wellknown to enable it and configure https://yourdoman.tld/.well-known/matrix/server for federation
|
||||
- Change `pepper` in your password config. Uncomment the setting to enable it.
|
||||
- Change the default database from SQLite to PostgreSQL
|
||||
- Configure the mail credentials if you have a mail server
|
||||
- Configure the mail credentials if you have a mail server
|
||||
- Configure `admin_contact` in the homeserver blocking section
|
||||
- Enable `encryption_enabled_by_default_for_room_type` by default
|
||||
- Edit whatever else you might want to
|
||||
5. Copy config.sample.json from https://github.com/vector-im/element-web to `./element/config.json` and make the approriate adjustments
|
||||
6. Tighten the Content Security Policy in `swag/nginx/ssl.conf` to suit your needs
|
||||
6. Tighten the Content Security Policy in `swag/nginx/proxy-confs/element.subdomain.conf` to suit your needs
|
||||
7. Copy the config from https://github.com/matrix-org/pantalaimon to `./pantalaimon/pantalaimon.conf` and edit it accordingly
|
||||
8. Run `docker-compose up` and make sure nothing errors out. You can use `docker-compose up -d` to start it in the background if you want.
|
||||
9. Uncomment the security options for postgres. Run `docker-compose up -d` again.
|
||||
@ -24,7 +24,7 @@ Matrix Synapse Docker-Compose
|
||||
|
||||
## Notes
|
||||
|
||||
The CSP policies in `swag/nginx/ssl.conf` is slightly stricter on [ArcticFoxes Element](https://element.arcticfoxes.net) as it does not support third party servers:
|
||||
The CSP policies in `swag/nginx/proxy-confs/element.subdomain.conf` is slightly stricter on [ArcticFoxes Element](https://element.arcticfoxes.net) as it does not support third party servers:
|
||||
|
||||
```
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://arcticfoxes.net https://matrix.arcticfoxes.net; font-src 'self'; img-src 'self' https://arcticfoxes.net https://matrix.arcticfoxes.net blob: data:; manifest-src 'self'; media-src https://matrix.arcticfoxes.net; script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.recaptcha.net blob:; frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";
|
||||
|
@ -81,6 +81,19 @@ services:
|
||||
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
|
||||
- /var/cache/nginx:size=50M,mode=0770,noexec,nosuid,nodev
|
||||
|
||||
matrix-to:
|
||||
image: ghcr.io/tommytran732/matrix.to
|
||||
container_name: matrix-to
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix-to
|
||||
user: 992:992
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
- label:disable
|
||||
cap_drop:
|
||||
- ALL
|
||||
|
||||
swag:
|
||||
image: ghcr.io/linuxserver/swag
|
||||
container_name: swag
|
||||
|
@ -18,6 +18,9 @@ server {
|
||||
location / {
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src * https:; font-src 'self'; img-src https: blob: data:; manifest-src 'self'; media-src *; script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.recaptcha.net blob:; frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";
|
||||
|
||||
set $upstream_app element;
|
||||
set $upstream_port 80;
|
||||
set $upstream_proto http;
|
||||
|
33
swag/nginx/proxy-confs/matrix-to.subdomain.conf
Normal file
33
swag/nginx/proxy-confs/matrix-to.subdomain.conf
Normal file
@ -0,0 +1,33 @@
|
||||
## Version 2021/05/18
|
||||
# make sure that your dns has a cname set for element
|
||||
# if element is running in bridge mode and the container is named "element", the below config should work as is
|
||||
# if not, replace the line "set $upstream_app element;" with "set $upstream_app <containername>;"
|
||||
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of element
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
server_name invite.*;
|
||||
|
||||
include /config/nginx/ssl.conf;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
location / {
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self'";
|
||||
|
||||
set $upstream_app matrix-to;
|
||||
set $upstream_port 5000;
|
||||
set $upstream_proto http;
|
||||
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
||||
|
||||
proxy_set_header Range $http_range;
|
||||
proxy_set_header If-Range $http_if_range;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user