Initial

2025-05-13 10:32:12 -04:00 · 2022-11-01 20:33:33 -04:00 · 2022-11-01 20:33:33 -04:00 · 4657d2e9f1
commit 4657d2e9f1
45 changed files with 2469 additions and 0 deletions
--- a/swag/nginx/include.d/client_worker.conf
+++ b/swag/nginx/include.d/client_worker.conf
@ -0,0 +1,85 @@
+## Client API requests
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/v1/rooms/.*/hierarchy$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(r0|v3|unstable)/devices$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/versions$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
--- a/swag/nginx/include.d/encryption_worker.conf
+++ b/swag/nginx/include.d/encryption_worker.conf
@ -0,0 +1,26 @@
+## Encryption requests
+location ~ ^/_matrix/client/(r0|v3|unstable)/keys/query$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+ 
+location ~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/client/(r0|v3|unstable)/room_keys/ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
+ 
+# Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri`
+location ~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/ {
+        include /config/nginx/include.d/synapse-proxy.conf;
+        proxy_pass http://generic_worker_lc;
+}
--- a/swag/nginx/include.d/federation_worker.conf
+++ b/swag/nginx/include.d/federation_worker.conf
@ -0,0 +1,91 @@
+## Federation requests
+location ~ ^/_matrix/federation/v1/event/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/state/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/state_ids/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/backfill/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/get_missing_events/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/publicRooms {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/query/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/make_join/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/make_leave/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/(v1|v2)/send_join/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/(v1|v2)/send_leave/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/(v1|v2)/invite/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/event_auth/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/exchange_third_party_invite/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/user/devices/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/key/v2/query {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+location ~ ^/_matrix/federation/v1/hierarchy/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_lc;
+}
+
+# Inbound federation transaction request
+location ~ ^/_matrix/federation/v1/send/ {
+       include /config/nginx/include.d/synapse-proxy.conf;
+       proxy_pass http://generic_worker_ih;
+}
--- a/swag/nginx/include.d/maubot.conf
+++ b/swag/nginx/include.d/maubot.conf
@ -0,0 +1,12 @@
+    location /_matrix/maubot/v1/logs {
+        proxy_pass http://maubot:29316;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header X-Forwarded-For $remote_addr;
+    }
+
+    location /_matrix/maubot {
+        proxy_pass http://maubot:29316;
+        proxy_set_header X-Forwarded-For $remote_addr;
+    }
--- a/swag/nginx/include.d/mjolnir-reports.conf
+++ b/swag/nginx/include.d/mjolnir-reports.conf
@ -0,0 +1,19 @@
+    location ~ ^/_matrix/client/r0/rooms/([^/]*)/report/(.*)$ {
+      # Abuse reports should be sent to Mjölnir.
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        include /config/nginx/include.d/synapse-proxy.conf;
+        set $upstream_app mjolnir;
+        set $upstream_port 8081;
+        set $upstream_proto http;
+      # Add CORS, otherwise a browser will refuse this request.
+      add_header 'Access-Control-Allow-Credentials' 'true' always;
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+      add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since' always;
+      add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+      add_header 'Access-Control-Max-Age' 1728000;
+      # Alias the regexps, to ensure that they're not rewritten.
+      set $room_id $1;
+      set $event_id $2;
+      proxy_pass $upstream_proto://$upstream_app:$upstream_port/api/1/report/$room_id/$event_id;
+   }
--- a/swag/nginx/include.d/register.conf
+++ b/swag/nginx/include.d/register.conf
@ -0,0 +1,9 @@
+    location /register {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        include /config/nginx/include.d/synapse-proxy.conf;
+        set $upstream_app matrix-registration;
+        set $upstream_port 5000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
--- a/swag/nginx/include.d/synapse-proxy.conf
+++ b/swag/nginx/include.d/synapse-proxy.conf
@ -0,0 +1,6 @@
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $remote_addr;
+proxy_set_header X-Forwarded-Proto $scheme;
+
+port_in_redirect    off;
--- a/swag/nginx/include.d/synapse-reports.conf
+++ b/swag/nginx/include.d/synapse-reports.conf
@ -0,0 +1,9 @@
+    location /_synapse/admin/v1/event_reports {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app synapse;
+        set $upstream_port 8008;  
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
--- a/swag/nginx/include.d/upstream_workers.conf
+++ b/swag/nginx/include.d/upstream_workers.conf
@ -0,0 +1,24 @@
+upstream generic_worker_ih {
+       ip_hash;
+       server synapse-generic-worker-1:8080;
+       server synapse-generic-worker-2:8081;
+       server sync1:8090;
+       server sync2:8091;
+       server sync3:8092;
+}
+
+upstream generic_worker_lc {
+       least_conn;
+       server synapse-generic-worker-1:8080;
+       server synapse-generic-worker-2:8081;
+       server sync1:8090;
+       server sync2:8091;
+       server sync3:8092;
+}
+
+upstream sync_worker {
+       ip_hash;
+       server sync1:8090;
+       server sync2:8091;
+       server sync3:8092;
+}