Matrix-Mirrors/anonymousland-synapse-docker-deployment
1
0
Fork 0
mirror of https://git.anonymousland.org/deathrow/synapse-docker-deployment.git synced 2025-08-05 08:14:11 -04:00
Code Issues Projects Releases Packages Wiki Activity

Remove items not yet setup

Browse source
This commit is contained in:
deathrow 2022-12-07 16:59:16 -05:00
parent c5ec38aaa1
commit 287ebb7d6d
No known key found for this signature in database
GPG key ID: FF39D67A22069F73
10 changed files with 196 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

157
DockerTODO/docker-todo.yml Normal file
View file

@ -0,0 +1,157 @@
sync5:
build: ./images/synapse-worker-docker
container_name: sync5
user: "991:991"
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
restart: unless-stopped
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/sync5.yaml"]
volumes:
- ./files:/data:Z
depends_on:
- synapse
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
sync4:
build: ./images/synapse-worker-docker
container_name: sync4
user: "991:991"
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
restart: unless-stopped
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/sync4.yaml"]
volumes:
- ./files:/data:Z
depends_on:
- synapse
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
sync3:
build: ./images/synapse-worker-docker
container_name: sync3
user: "991:991"
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
restart: unless-stopped
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/sync3.yaml"]
volumes:
- ./files:/data:Z
depends_on:
- synapse
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
sync2:
build: ./images/synapse-worker-docker
container_name: sync2
user: "991:991"
restart: unless-stopped
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/sync2.yaml"]
volumes:
- ./files:/data:Z
depends_on:
- synapse
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
sync1:
build: ./images/synapse-worker-docker
container_name: sync1
user: "991:991"
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
restart: unless-stopped
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/sync1.yaml"]
volumes:
- ./files:/data:Z
depends_on:
- synapse
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
additional2:
build: ./images/workers/synapse
container_name: additional2
user: "991:991"
restart: unless-stopped
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/additional2.yaml"]
volumes:
- ./files:/data:Z
depends_on:
- synapse
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
additional1:
build: ./images/workers/synapse
container_name: additional1
user: "991:991"
restart: unless-stopped
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/additional1.yaml"]
volumes:
- ./files:/data:Z
depends_on:
- synapse
networks:
- matrix
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
event1:
build: ./images/workers/synapse
container_name: event1
user: "991:991"
restart: unless-stopped
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/event1.yaml"]
volumes:
- ./files:/data:Z
depends_on:
- synapse
networks:
- matrix
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
event2:
build: ./images/workers/synapse
container_name: event2
user: "991:991"
restart: unless-stopped
environment:
SYNAPSE_WORKER: synapse.app.generic_worker
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/event2.yaml"]
volumes:
- ./files:/data:Z
depends_on:
- synapse
networks:
- matrix
security_opt:
- no-new-privileges:true
cap_drop:
- ALL

22
DockerTODO/event_additional_worker.conf Normal file
View file

@ -0,0 +1,22 @@
# Typing
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://additional1;
}
# Device requests
location ~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://additional1;
}
# Account data requests
location ~ ^/_matrix/client/(r0|v3|unstable)/.*/tags {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://additional1;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://additional1;
}

33
DockerTODO/event_worker.conf Normal file
View file

@ -0,0 +1,33 @@
# Event sending requests
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}

47
DockerTODO/extra_worker.conf Normal file
View file

@ -0,0 +1,47 @@
# GET Requests
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/messages$ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
# For all SSO providers
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://sso_worker_lc;
}
location ~ ^/_synapse/client/p^/_synapse/client/oidc/callback$ew_user_consent$ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://sso_worker_lc;
}
location ~ ^/_synapse/client/sso_register$ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://sso_worker_lc;
}
# OpenID Connect requests
location ~ ^/_synapse/client/oidc/callback$ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
# SAML requests
location ~ ^/_synapse/client/saml2/authn_response$ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
# CAS requests.
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$ {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}

4
DockerTODO/media-repo.conf Normal file
View file

@ -0,0 +1,4 @@
location ^~ /_matrix/media {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}

10
DockerTODO/reciept_worker.conf Normal file
View file

@ -0,0 +1,10 @@
# Receipts requests
location ~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://additional2;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers {
include /config/nginx/include.d/synapse-proxy.conf;
proxy_pass http://additional2;
}

30
DockerTODO/sync_worker.conf Normal file
View file

@ -0,0 +1,30 @@
# Choose sync worker based on the existence of "since" query parameter
map $arg_since $sync {
default sync_worker;
'' sync_init;
}
# Sync initial/normal
location ~ ^/_matrix/client/(r0|v3)/sync$ {
include snippets/matrix-proxy-headers.conf;
proxy_pass http://$sync;
proxy_read_timeout 1h;
}
# Normal sync
location ~ ^/_matrix/client/(api/v1|r0|v3)/events$ {
include snippets/matrix-proxy-headers.conf;
proxy_pass http://sync_worker;
}
# Initial_sync
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
include snippets/matrix-proxy-headers.conf;
proxy_pass http://sync_init;
proxy_read_timeout 1h;
}
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
include snippets/matrix-proxy-headers.conf;
proxy_pass http://sync_init;
proxy_read_timeout 1h;
}

39
DockerTODO/upstream Normal file
View file

@ -0,0 +1,39 @@
upstream additional1_worker_lc {
least_conn;
server additional1:8081;
}
upstream sso_worker_lc {
least_conn;
server synapse-generic-worker-4:8081;
}
# extract username from token get parameter
map $arg_access_token $token_from_arg {
default $arg_access_token;
"~syt_(?<username>.*?)_.*" $username;
}
# extract username part from bearer token, fallback to access_token
map $http_authorization $proxy_username_label {
default $http_authorization;
"~Bearer syt_(?<username>.*?)_.*" $username;
"" $token_from_arg;
}
upstream sync_worker {
# pin with username extracted from bearer token or access_token
hash $proxy_username_label consistent;
server sync1:8081;
server sync2:8081;
server sync3:8081;
}
upstream sync_init {
# Use the username mapper result for hash key
hash $mxid_localpart consistent;
server sync4:8081;
server sync5:8081;
}