From 2abee38762d9c9e746d9c626dea242ab9e15a861 Mon Sep 17 00:00:00 2001 From: creme Date: Thu, 20 Jan 2022 08:38:30 +0100 Subject: [PATCH] update our configs --- etc/matrix-media-repo/media-repo.yaml | 8 ++-- etc/matrix-synapse/homeserver.yaml | 20 ++++------ etc/nginx/include.d/generic_worker.conf | 40 ++++++++++++------- etc/nginx/include.d/upstream_workers.conf | 8 ---- .../sites-available/element.envs.net.conf | 2 +- .../sites-available/matrix.envs.net.conf | 13 ------ 6 files changed, 39 insertions(+), 52 deletions(-) diff --git a/etc/matrix-media-repo/media-repo.yaml b/etc/matrix-media-repo/media-repo.yaml index f4b0902..9dbb26b 100644 --- a/etc/matrix-media-repo/media-repo.yaml +++ b/etc/matrix-media-repo/media-repo.yaml @@ -73,13 +73,13 @@ homeservers: # sent straight through the client - they are simply used to invalidate the cache faster for # a particular user. Without these, the access tokens might still work for a short period of time # after the user has already invalidated them. -# +# # This will also cache errors from the homeserver. # # Note that when this config block is used outside of a per-domain config, all hosts will be # subject to the same cache. This also means that application services on limited homeservers # could be authorized on the wrong domain. -# +# # *************************************************************************** # * IT IS HIGHLY RECOMMENDED TO USE PER-DOMAIN CONFIGS WITH THIS FEATURE. * # *************************************************************************** @@ -174,7 +174,7 @@ datastores: # An optional region for where this S3 endpoint is located. Typically not needed, though # some providers will need this (like Scaleway). Uncomment to use. #region: "sfo2" - + # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If # the feature is not enabled, this will not work. Note that IPFS support is experimental at # the moment and not recommended for general use. @@ -366,7 +366,7 @@ thumbnails: # The maximum number of bytes an image can be before the thumbnailer refuses. maxSourceBytes: 10485760 # 10MB default, 0 to disable - # The maximum number of pixels an image can have before the thumbnailer refuses. Note that + # The maximum number of pixels an image can have before the thumbnailer refuses. Note that # this only applies to image types: file types like audio and video are affected solely by # the maxSourceBytes. maxPixels: 96000000 # 32M default diff --git a/etc/matrix-synapse/homeserver.yaml b/etc/matrix-synapse/homeserver.yaml index 9d0e78a..4b8718e 100644 --- a/etc/matrix-synapse/homeserver.yaml +++ b/etc/matrix-synapse/homeserver.yaml @@ -93,13 +93,7 @@ server_name: envs.net # pid_file: "/etc/matrix-synapse/matrix-synapse.pid" -# The absolute URL to the web client which /_matrix/client will redirect -# to if 'webclient' is configured under the 'listeners' configuration. -# -# This option can be also set to the filesystem path to the web client -# which will be served at /_matrix/client/ if 'webclient' is configured -# under the 'listeners' configuration, however this is a security risk: -# https://github.com/matrix-org/synapse#security-note +# The absolute URL to the web client which / will redirect to. # web_client_location: "https://element.envs.net/" @@ -329,8 +323,6 @@ allow_public_rooms_over_federation: true # static: static resources under synapse/static (/_matrix/static). (Mostly # useful for 'fallback authentication'.) # -# webclient: A web client. Requires web_client_location to be set. -# listeners: # TLS-enabled listener: for when matrix traffic is sent directly to synapse. # @@ -362,7 +354,7 @@ listeners: tls: false x_forwarded: true resources: - - names: [federation, client, webclient, consent] + - names: [federation, client, consent] compress: false # example additional_resources: @@ -594,7 +586,7 @@ retention: # #default_policy: # min_lifetime: 30d - # max_lifetime: 1y + # max_lifetime: 3y # Retention policy limits. If set, and the state of a room contains a # 'm.room.retention' event in its state which contains a 'min_lifetime' or a @@ -2453,7 +2445,7 @@ user_directory: # These indexes are built the first time Synapse starts; admins can # manually trigger a rebuild via API following the instructions at # https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run - # + # # Uncomment to return search results containing all known users, even if that # user does not share a room with the requester. # @@ -2709,6 +2701,9 @@ instance_map: generic_worker3: host: localhost port: 9096 + generic_worker4: + host: localhost + port: 9097 # Experimental: When using workers you can define which workers should # handle event persistence and typing notifications. Any worker @@ -2722,6 +2717,7 @@ stream_writers: - generic_worker1 - generic_worker2 - generic_worker3 + - generic_worker4 # typing: worker1 # The worker that is used to run background tasks (e.g. cleaning up expired diff --git a/etc/nginx/include.d/generic_worker.conf b/etc/nginx/include.d/generic_worker.conf index 4de234f..24e856d 100644 --- a/etc/nginx/include.d/generic_worker.conf +++ b/etc/nginx/include.d/generic_worker.conf @@ -259,6 +259,18 @@ location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ { } +## Encryption requests +#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/claim { +# include include.d/synapse-proxy.conf; +# proxy_pass http://generic_worker_lc; +#} + +#location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/room_keys { +# include include.d/synapse-proxy.conf; +# proxy_pass http://generic_worker_lc; +#} + + ## Registration/login requests location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ { include include.d/synapse-proxy.conf; @@ -276,74 +288,74 @@ location ~ ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3 } -# STREAM WORKERS +# STREAM WRITERS ## Event sending requests location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact { include include.d/synapse-proxy.conf; - proxy_pass http://generic_worker_lc_instancemap; + proxy_pass http://generic_worker_lc; } location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send { include include.d/synapse-proxy.conf; - proxy_pass http://generic_worker_lc_instancemap; + proxy_pass http://generic_worker_lc; } location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ { include include.d/synapse-proxy.conf; - proxy_pass http://generic_worker_lc_instancemap; + proxy_pass http://generic_worker_lc; } location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ { include include.d/synapse-proxy.conf; - proxy_pass http://generic_worker_lc_instancemap; + proxy_pass http://generic_worker_lc; } location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ { include include.d/synapse-proxy.conf; - proxy_pass http://generic_worker_lc_instancemap; + proxy_pass http://generic_worker_lc; } location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ { include include.d/synapse-proxy.conf; - proxy_pass http://generic_worker_lc_instancemap; + proxy_pass http://generic_worker_lc; } ## Typing requests #location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing { # include include.d/synapse-proxy.conf; -# proxy_pass http://generic_worker_lc_instancemap; +# proxy_pass http://generic_worker_lc; #} ## Device requests #location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/sendToDevice/ { # include include.d/synapse-proxy.conf; -# proxy_pass http://generic_worker_lc_instancemap; +# proxy_pass http://generic_worker_lc; #} ## Account data requests #location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/.*/tags { # include include.d/synapse-proxy.conf; -# proxy_pass http://generic_worker_lc_instancemap; +# proxy_pass http://generic_worker_lc; #} #location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/.*/account_data { # include include.d/synapse-proxy.conf; -# proxy_pass http://generic_worker_lc_instancemap; +# proxy_pass http://generic_worker_lc; #} ## Receipts requests #location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/receipt { # include include.d/synapse-proxy.conf; -# proxy_pass http://generic_worker_lc_instancemap; +# proxy_pass http://generic_worker_lc; #} #location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/read_markers { # include include.d/synapse-proxy.conf; -# proxy_pass http://generic_worker_lc_instancemap; +# proxy_pass http://generic_worker_lc; #} ## Presence requests #location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/.*/status$ { # include include.d/synapse-proxy.conf; -# proxy_pass http://generic_worker_lc_instancemap; +# proxy_pass http://generic_worker_lc; #} diff --git a/etc/nginx/include.d/upstream_workers.conf b/etc/nginx/include.d/upstream_workers.conf index cffb67a..dfd3cad 100644 --- a/etc/nginx/include.d/upstream_workers.conf +++ b/etc/nginx/include.d/upstream_workers.conf @@ -13,11 +13,3 @@ upstream generic_worker_lc { server localhost:8512; server localhost:8513; } - -## STREAM WORKER -upstream generic_worker_lc_instancemap { - least_conn; - server localhost:8510; - server localhost:8511; - server localhost:8512; -} diff --git a/etc/nginx/sites-available/element.envs.net.conf b/etc/nginx/sites-available/element.envs.net.conf index d00834d..fe23607 100644 --- a/etc/nginx/sites-available/element.envs.net.conf +++ b/etc/nginx/sites-available/element.envs.net.conf @@ -27,7 +27,7 @@ server { } } -#ALIAS +#ALIAS server { listen 80; listen [::]:80; diff --git a/etc/nginx/sites-available/matrix.envs.net.conf b/etc/nginx/sites-available/matrix.envs.net.conf index 20a3d50..cb6fb72 100644 --- a/etc/nginx/sites-available/matrix.envs.net.conf +++ b/etc/nginx/sites-available/matrix.envs.net.conf @@ -68,16 +68,3 @@ server { proxy_pass http://localhost:8008; } } - -server { - listen 8448 ssl http2; - listen [::]:8448 ssl http2; - server_name matrix.envs.net; - - include snippets/ssl.conf; - - location / { - include include.d/synapse-proxy.conf; - proxy_pass http://localhost:8008; - } -}