diff --git a/etc/matrix-media-repo/media-repo.yaml b/etc/matrix-media-repo/media-repo.yaml index 32dc1b5..1274094 100644 --- a/etc/matrix-media-repo/media-repo.yaml +++ b/etc/matrix-media-repo/media-repo.yaml @@ -19,6 +19,11 @@ repo: # incompatible with the log color option and will always render without colors. jsonLogs: false + # The log level to log at. Note that this will need to be at least "info" to receive support. + # + # Values (in increasing spam): panic | fatal | error | warn | info | debug | trace + logLevel: "warn" + # If true, the media repo will accept any X-Forwarded-For header without validation. In most cases # this option should be left as "false". Note that the media repo already expects an X-Forwarded-For # header, but validates it to ensure the IP being given makes sense. @@ -26,9 +31,20 @@ repo: # If false, the media repo will not use the X-Forwarded-Host header commonly added by reverse proxies. # Typically this should remain as true, though in some circumstances it may need to be disabled. - # See https://github.com/turt2live/matrix-media-repo/issues/202 for more information. + # See https://github.com/t2bot/matrix-media-repo/issues/202 for more information. useForwardedHost: true + # If true, media uploaded or cached from that point forwards will require authentication in order to + # be accessed. Media uploaded or cached prior will remain accessible on the unauthenticated endpoints. + # If set to false after being set to true, media uploaded or cached while the flag was true will still + # only be accessible over authenticated endpoints, though future media will be accessible on both + # authenticated and unauthenticated media. + # + # This flag currently defaults to false. A future release, likely in August 2024, will remove this flag + # and have the same effect as it being true (always on). This flag is primarily intended for servers to + # opt-in to the behaviour early. + freezeUnauthenticatedMedia: false + # Options for dealing with federation federation: # On a per-host basis, the number of consecutive failures in calling the host before the @@ -36,6 +52,18 @@ federation: # the remote server do not count towards this. backoffAt: 20 + # The domains the media repo should never serve media for. Existing media already stored from + # these domains will remain, however will not be downloadable without a data export. Media + # repo administrators will bypass this check. Admin APIs will still work for media on these + # domains. + # + # This will not prevent the listed domains from accessing media on this media repo - it only + # stops users on *this* media repo from accessing media originally uploaded to the listed domains. + # + # Note: Adding domains controlled by the media repo itself to this list is not advisable. + ignoredHosts: + - example.org + # The database configuration for the media repository # Do NOT put your homeserver's existing database credentials here. Create a new database and # user instead. Using the same server is fine, just not the same username and database. @@ -56,16 +84,29 @@ database: # The configuration for the homeservers this media repository is known to control. Servers # not listed here will not be able to upload media. homeservers: - - name: envs.net # This should match the server_name of your homeserver, and the Host header - # provided to the media repo. - csApi: "https://matrix.envs.net/" # The base URL to where the homeserver can actually be reached - backoffAt: 10 # The number of consecutive failures in calling this homeserver before the - # media repository will start backing off. This defaults to 10 if not given. - adminApiKind: "matrix" # The kind of admin API the homeserver supports. If set to "matrix", - # the media repo will use the Synapse-defined endpoints under the - # unstable client-server API. When this is "synapse", the new /_synapse - # endpoints will be used instead. Unknown values are treated as the - # default, "matrix". + - # Keep the dash from this line. + + # This should match the server_name of your homeserver, and the Host header + # provided to the media repo. + name: envs.net + + # The base URL to where the homeserver can actually be reached by MMR. + csApi: "https://matrix.envs.net/" + + # The number of consecutive failures in calling this homeserver before the + # media repository will start backing off. This defaults to 10 if not given. + backoffAt: 10 + + # The admin API interface supported by the homeserver. MMR uses a subset of the admin API + # during certain operations, like attempting to purge media from a room or validating server + # admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set + # to "matrix", most functionality requiring the admin API will not work. + adminApiKind: "synapse" + + # The signing key to use for authorizing outbound federation requests. If not specified, + # requests will not be authorized. See https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/ + # for details. + signingKeyPath: "/etc/matrix-media-repo/mmr.signing.key" # Options for controlling how access tokens work with the media repo. It is recommended that if # you are going to use these options that the `/logout` and `/logout/all` client-server endpoints @@ -137,7 +178,7 @@ sharedSecretAuth: # for a datastore to use, will always use the smallest datastore first. datastores: - type: file - enabled: true + id: "b2ca79fa0b75955e59e52d2286a30f4c8e053d72" # Datastores can be split into many areas when handling uploads. Media is still de-duplicated # across all datastores (local content which duplicates remote content will re-use the remote # content's location). This option is useful if your datastore is becoming very large, or if @@ -151,43 +192,6 @@ datastores: forKinds: ["all"] opts: path: /var/matrix-media -# - type: file -# enabled: true - #forKinds: ["all"] -# opts: -# path: /var/matrix/media - - - type: s3 - enabled: false # Enable this to set up s3 uploads - forKinds: ["thumbnails", "remote_media", "local_media", "archives"] - opts: - # The s3 uploader needs a temporary location to buffer files to reduce memory usage on - # small file uploads. If the file size is unknown, the file is written to this location - # before being uploaded to s3 (then the file is deleted). If you aren't concerned about - # memory usage, set this to an empty string. - tempPath: "/tmp/mediarepo_s3_upload" - endpoint: sfo2.digitaloceanspaces.com - accessKeyId: "" - accessSecret: "" - ssl: true - bucketName: "your-media-bucket" - # An optional region for where this S3 endpoint is located. Typically not needed, though - # some providers will need this (like Scaleway). Uncomment to use. - #region: "sfo2" - - # The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If - # the feature is not enabled, this will not work. Note that IPFS support is experimental at - # the moment and not recommended for general use. - # - # NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo - # puts authentication on the download endpoints. Only use this option for cases where you - # expect your media to be publicly accessible. - - type: ipfs - enabled: false - forKinds: ["local_media"] - # The IPFS datastore currently has no options. It will use the daemon or HTTP API configured - # in the IPFS section of your main config. - opts: {} # Options for controlling archives. Archives are exports of a particular user's content for # the purpose of GDPR or moving media to a different server. @@ -224,29 +228,49 @@ uploads: # Set this to -1 to indicate that there is no limit. Zero will force the use of maxBytes. #reportedMaxBytes: 104857600 + # The number of pending uploads a user is permitted to have at a given time. They must cancel, + # complete, or otherwise let pending requests expire before uploading any more media. Set to + # zero to disable. + maxPending: 5 + + # The duration the server will wait to receive media that was asynchronously uploaded before + # expiring it entirely. This should be set sufficiently high for a client on poor connectivity + # to upload something. The Matrix specification recommends 24 hours (86400 seconds), however + # this project recommends 30 minutes (1800 seconds). + maxAgeSeconds: 1800 + # Options for limiting how much content a user can upload. Quotas are applied to content # associated with a user regardless of de-duplication. Quotas which affect remote servers # or users will not take effect. When a user exceeds their quota they will be unable to # upload any more media. quotas: - # Whether or not quotas are enabled/enforced. Note that even when disabled the media repo - # will track how much media a user has uploaded. This is disabled by default. + # Whether quotas are enabled/enforced. Note that even when disabled the media repo will + # track how much media a user has uploaded. Quotas are disabled by default. enabled: false - # The quota rules that affect users. The first rule to match the uploader will take effect. - # An implied rule which matches all users and has no quota is always last in this list, - # meaning that if no rules are supplied then users will be able to upload anything. Similarly, - # if no rules match a user then the implied rule will match, allowing the user to have no - # quota. The quota will let the user upload to 1 media past their quota, meaning that from - # a statistics perspective the user might exceed their quota however only by a small amount. + # The upload quota rules which affect users. The first rule to match the user ID will take + # effect. If a user does not match a rule, the defaults implied by the above config will + # take effect instead. The user will not be permitted to upload anything above these quota + # values, but can match them exactly. users: - glob: "@*:*" # Affect all users. Use asterisks (*) to match any character. - maxBytes: 53687063712 # 50GB default, 0 to disable + # The maximum number of TOTAL bytes a user can upload. Defaults to zero (no limit). + maxBytes: 53687063712 # 50gb + # The same as maxPending above - the number of uploads the user can have waiting to + # complete before starting another one. Defaults to maxPending above. Set to 0 to + # disable. + maxPending: 5 + # The maximum number of uploaded files a user can have. Defaults to zero (no limit). + # If both maxBytes and maxFiles are in use then the first condition a user triggers + # will prevent upload. Note that a user can still have uploads contributing to maxPending, + # but will not be able to complete them if they are at maxFiles. + maxFiles: 0 # Settings related to downloading files from the media repository downloads: # The maximum number of bytes to download from other servers - maxBytes: 268435456 # 100MB default, 0 to disable + #maxBytes: 104857600 # 100MB default, 0 to disable + maxBytes: 268435456 # 256 # The number of workers to use when downloading remote media. Raise this number if remote # media is downloading slowly or timing out. @@ -259,42 +283,16 @@ downloads: # has passed, the media is able to be re-requested. failureCacheMinutes: 5 - # The cache control settings for downloads. This can help speed up downloads for users by - # keeping popular media in the cache. This cache is also used for thumbnails. - cache: - enabled: false - - # The maximum size of cache to have. Higher numbers are better. - maxSizeBytes: 1048576000 # 1GB default - - # The maximum file size to cache. This should normally be the same size as your maximum - # upload size. - maxFileSizeBytes: 104857600 # 100MB default - - # The number of minutes to track how many downloads a file gets - trackedMinutes: 30 - - # The number of downloads a file must receive in the window above (trackedMinutes) in - # order to be cached. - minDownloads: 5 - - # The minimum amount of time an item should remain in the cache. This prevents the cache - # from cycling out the file if it needs more room during this time. Note that the media - # repo regularly cleans out media which is past this point from the cache, so this number - # may need increasing depending on your use case. If the maxSizeBytes is reached for the - # media repo, and some cached items are still under this timer, new items will not be able - # to enter the cache. When this happens, consider raising maxSizeBytes or lowering this - # timer. - minCacheTimeSeconds: 300 - - # The minimum amount of time an item should remain outside the cache once it is removed. - minEvictedTimeSeconds: 60 - # How many days after a piece of remote content is downloaded before it expires. It can be # re-downloaded on demand, this just helps free up space in your datastore. Set to zero or # negative to disable. Defaults to disabled. expireAfterDays: 90 + # The default size, in bytes, to return for range requests on media. Range requests are used + # by clients when they only need part of a file, such as a video or audio element. Note that + # the entire file will still be cached (if enabled), but only part of it will be returned. + # If the client requests a larger or smaller range, that will be honoured. + defaultRangeChunkSizeBytes: 10485760 # 10MB default # URL Preview settings urlPreviews: @@ -341,7 +339,7 @@ urlPreviews: - 'fe80::/64' - 'fc00::/7' allowedNetworks: - - "0.0.0.0/0" # "Everything". The blacklist will help limit this. + - "0.0.0.0/0" # "Everything". The deny list will help limit this. # This is the default value for this field. # How many days after a preview is generated before it expires and is deleted. The preview @@ -354,7 +352,10 @@ urlPreviews: # Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language defaultLanguage: "en-US,en" - # When true, oEmbed previews will be enabled. Typically these kinds of previews are used for + # Set the User-Agent header to supply when generating URL previews + userAgent: "matrix-media-repo" + + # When true, oEmbed previews will be enabled. Typically, these kinds of previews are used for # sites that do not support OpenGraph or page scraping, such as Twitter. For information on # specifying providers for oEmbed, including your own, see the following documentation: # https://docs.t2bot.io/matrix-media-repo/url-previews/oembed.html @@ -370,7 +371,6 @@ thumbnails: # this only applies to image types: file types like audio and video are affected solely by # the maxSourceBytes. maxPixels: 96000000 # 32M default - #maxPixels: 0 # The number of workers to use when generating thumbnails. Raise this number if thumbnails # are slow to generate or timing out. @@ -412,7 +412,10 @@ thumbnails: - "image/apng" - "image/gif" - "image/heif" + - "image/heic" - "image/webp" + - "image/bmp" + - "image/tiff" - "image/svg+xml" # Be sure to have ImageMagick installed to thumbnail SVG files - "audio/mpeg" - "audio/ogg" @@ -452,6 +455,30 @@ rateLimit: # The number of requests an IP can send at once before the rate limit is actually considered. burst: 10 + # The 'leaky bucket' configurations for MMR. Leaky buckets are limited in size and have a slow + # drain rate, minimizing the ability for a user to consume large amounts of resources. + # + # Buckets are checked and applied after the requests per second configuration above. Buckets are + # disabled when rate limiting is disabled. + # + # Note: buckets are *not* shared across processes. If download requests could end up at two different + # processes, two different buckets may be filled. This behaviour may change in the future. + buckets: + # The download bucket applies to both download requests and thumbnail requests. Each anonymous + # user is assigned a single bucket from their IP address. Authenticated requests (when supported) + # will use the authenticated entity as the subject - either a user or remote server. + downloads: + # The maximum size of each bucket. + capacityBytes: 524288000 # 500mb default + # The number of bytes to "drain" from the bucket every minute. + drainBytesPerMinute: 5242880 # 5mb default + # The number of bytes a requester can go over the capacity, once. This is used to give some + # buffer to allow a single file to be downloaded when the caller is near the limit. This + # should be set to either your max remote download size or 30% of the capacityBytes, whichever + # is smaller. + overflowLimitBytes: 268435456 # 100mb default (the same as the default remote download maxBytes) + + # Identicons are generated avatars for a given username. Some clients use these to give users a # default avatar after signing up. Identicons are not part of the official matrix spec, therefore # this feature is completely optional. @@ -472,6 +499,7 @@ quarantine: replaceDownloads: false # If provided, the given image will be returned as a thumbnail for media that is quarantined. + # The recommended size is at least 512x512. #thumbnailPath: "/path/to/thumbnail.png" # If true, administrators of the configured homeservers may quarantine media for their server @@ -483,7 +511,7 @@ quarantine: timeouts: # The maximum amount of time the media repo should spend trying to fetch a resource that is # being previewed. - urlPreviewTimeoutSeconds: 10 + urlPreviewTimeoutSeconds: 30 # The maximum amount of time the media repo will spend making remote requests to other repos # or homeservers. This is primarily used to download media. @@ -495,7 +523,7 @@ timeouts: # Prometheus metrics configuration # For an example Grafana dashboard, import the following JSON: -# https://github.com/turt2live/matrix-media-repo/blob/master/docs/grafana.json +# https://github.com/t2bot/matrix-media-repo/blob/main/docs/grafana.json metrics: # If true, the bindAddress and port below will serve GET /metrics for Prometheus to scrape. enabled: true @@ -510,45 +538,7 @@ metrics: # Sections of this config might disappear or be added over time. By default all # features are disabled in here and must be explicitly enabled to be used. featureSupport: - # MSC2248 - Blurhash - MSC2448: - # Whether or not this MSC is enabled for use in the media repo - enabled: false - - # Maximum dimensions for converting a blurhash to an image. When no width and - # height options are supplied, the default will be half these values. - maxWidth: 1024 - maxHeight: 1024 - - # Thumbnail size in pixels to use to generate the blurhash string - thumbWidth: 64 - thumbHeight: 64 - - # The X and Y components to use. Higher numbers blur less, lower numbers blur more. - xComponents: 4 - yComponents: 3 - - # The amount of contrast to apply when converting a blurhash to an image. Lower values - # make the effect more subtle, larger values make it stronger. - punch: 1 - - # IPFS Support - # This is currently experimental and might not work at all. - IPFS: - # Whether or not IPFS support is enabled for use in the media repo. - enabled: false - - # Options for the built in IPFS daemon - builtInDaemon: - # Enable this to spawn an in-process IPFS node to use instead of a localhost - # HTTP agent. If this is disabled, the media repo will assume you have an HTTP - # IPFS agent running and accessible. Defaults to using a daemon (true). - enabled: true - - # If the Daemon is enabled, set this to the location where the IPFS files should - # be stored. If you're using Docker, this should be something like "/data/ipfs" - # so it can be mapped to a volume. - repoPath: "./ipfs" + # No unstable features are currently supported. # Support for redis as a cache mechanism # @@ -568,3 +558,41 @@ redis: shards: - name: "127.0.0.1" addr: ":6379" + +# Optional sentry (https://sentry.io/) configuration for the media repo +sentry: + # Whether or not to set up error reporting. Defaults to off. + enabled: false + + # Get this value from the setup instructions in Sentry + dsn: "https://examplePublicKey@ingest.sentry.io/0" + + # Optional environment flag. Defaults to an empty string. + environment: "" + + # Whether or not to turn on sentry's built in debugging. This will increase log output. + debug: false + +# Configuration for the internal tasks engine in the media repo. Note that this only applies +# to the media repo process with machine ID zero (the default in single-instance mode). +# +# Tasks include things like data imports/exports. +tasks: + # The number of workers to have available for tasks. Defaults to 5. + numWorkers: 5 + +# Options for collecting PGO-compatible CPU profiles and submitting them to a hosted pgo-fleet +# server. See https://github.com/t2bot/pgo-fleet for collection/more detail. +# +# If you process more than 1Hz of requests or have more than a dozen media repos deployed, please +# get in contact with `@travis:t2l.io` to submit profiles directly to MMR. Submitted profiles are +# used to improve the build speed for everyone. +pgo: + # Whether collection is enabled. Defaults to false. + enabled: false + + # The pgo-fleet submit URL. + submitUrl: "https://pgo-mmr.t2host.io/v1/submit" + + # The pgo-fleet submit key. + submitKey: "INSERT_VALUE_HERE" diff --git a/etc/matrix-synapse/homeserver.yaml b/etc/matrix-synapse/homeserver.yaml index 31500f0..419029f 100644 --- a/etc/matrix-synapse/homeserver.yaml +++ b/etc/matrix-synapse/homeserver.yaml @@ -160,7 +160,7 @@ presence: # Uncomment to disable presence tracking on this homeserver. This option # replaces the previous top-level 'use_presence' option. # - enabled: true + enabled: false # Whether to require authentication to retrieve profile data (avatars, # display names) of other users through the client API. Defaults to @@ -203,7 +203,7 @@ allow_public_rooms_over_federation: true # For example, for room version 1, default_room_version should be set # to "1". # -#default_room_version: "9" +#default_room_version: "10" # The GC threshold parameters to pass to `gc.set_threshold`, if defined # @@ -928,7 +928,7 @@ database: user: matrix password: xxx database: matrix - host: localhost + host: 127.0.0.1 cp_min: 5 cp_max: 10 @@ -2555,7 +2555,7 @@ push: # #default_power_level_content_override: # private_chat: -# "events": +# "events": # "com.example.myeventtype" : 0 # "m.room.avatar": 50 # "m.room.canonical_alias": 50 @@ -2590,7 +2590,7 @@ user_directory: # These indexes are built the first time Synapse starts; admins can # manually trigger a rebuild via API following the instructions at # https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run - # + # # Uncomment to return search results containing all known users, even if that # user does not share a room with the requester. # @@ -2687,7 +2687,9 @@ server_notices: system_mxid_display_name: "Server Notices" system_mxid_avatar_url: "mxc://envs.net/83c0eed9ea5cf72417cc20b5e3b5fb01aa0c3967" room_name: "Server Notices" - + room_avatar_url: "mxc://envs.net/83c0eed9ea5cf72417cc20b5e3b5fb01aa0c3967" + room_topic: "room used by your server admin to notice you of important information" + auto_join: true # Uncomment to disable searching the public room list. When disabled @@ -2810,6 +2812,7 @@ worker_app: synapse.app.homeserver #notify_appservices_from_worker: worker_name #update_user_directory_from_worker: worker_name +start_pushers: false pusher_instances: - pusher @@ -2821,6 +2824,7 @@ pusher_instances: # started, to ensure that all instances are running with the same config (otherwise # events may be dropped). # +send_federation: false federation_sender_instances: - federation_sender1 - federation_sender2 @@ -2830,50 +2834,39 @@ federation_sender_instances: # When using workers this should be a map from `worker_name` to the # HTTP replication listener of the worker, if configured. # -#instance_map: -# worker1: -# host: localhost -# port: 8034 instance_map: main: - host: localhost + host: 127.0.0.1 port: 9093 generic_worker1: - host: localhost + host: 127.0.0.1 port: 9094 generic_worker2: - host: localhost + host: 127.0.0.1 port: 9095 generic_worker3: - host: localhost + host: 127.0.0.1 port: 9096 generic_worker4: - host: localhost + host: 127.0.0.1 port: 9097 - generic_worker5: - host: localhost - port: 9098 additional1: - host: localhost + host: 127.0.0.1 port: 9099 presence: - host: localhost + host: 127.0.0.1 port: 9100 # Experimental: When using workers you can define which workers should # handle event persistence and typing notifications. Any worker # specified here must also be in the `instance_map`. # -#stream_writers: -# events: worker1 -# typing: worker1 stream_writers: events: - generic_worker1 - generic_worker2 - generic_worker3 - generic_worker4 - - generic_worker5 typing: - additional1 to_device: @@ -2909,14 +2902,13 @@ redis: # Optional host and port to use to connect to redis. Defaults to # localhost and 6379 # - #host: localhost - #port: 6379 + host: 127.0.0.1 + port: 6379 # Optional password if configured on the Redis instance # #password: - ## Background Updates ## # Background updates are database updates that are run in the background in batches. @@ -2951,3 +2943,4 @@ background_updates: experimental_features: msc2285_enabled: true + msc2815_enabled: true diff --git a/etc/matrix-synapse/workers/generic_worker5.yaml b/etc/matrix-synapse/workers/generic_worker5.yaml deleted file mode 100644 index 26af8a3..0000000 --- a/etc/matrix-synapse/workers/generic_worker5.yaml +++ /dev/null @@ -1,24 +0,0 @@ -worker_app: synapse.app.generic_worker -worker_name: generic_worker5 - -worker_log_config: /etc/matrix-synapse/workers/generic_worker5_log_config.yaml - -worker_listeners: - - type: http - bind_addresses: ['127.0.0.1'] - port: 8514 - tls: false - x_forwarded: true - resources: - - names: [client, federation] - compress: false - - - type: http - bind_addresses: ['127.0.0.1'] - port: 9098 - resources: - - names: [replication] - - - type: metrics - bind_addresses: ['0.0.0.0'] - port: 9135 diff --git a/etc/matrix-synapse/workers/generic_worker5_log_config.yaml b/etc/matrix-synapse/workers/generic_worker5_log_config.yaml deleted file mode 100644 index de0702c..0000000 --- a/etc/matrix-synapse/workers/generic_worker5_log_config.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Log configuration for Synapse. -# -# This is a YAML file containing a standard Python logging configuration -# dictionary. See [1] for details on the valid settings. -# -# Synapse also supports structured logging for machine readable logs which can -# be ingested by ELK stacks. See [2] for details. -# -# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema -# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - file: - class: logging.handlers.TimedRotatingFileHandler - formatter: precise - filename: /var/log/matrix-synapse/worker_generic_worker5.log - when: midnight - backupCount: 2 # Does not include the current log file. - encoding: utf8 - - # Default to buffering writes to log file for efficiency. - # WARNING/ERROR logs will still be flushed immediately, but there will be a - # delay (of up to `period` seconds, or until the buffer is full with - # `capacity` messages) before INFO/DEBUG logs get written. - buffer: - class: synapse.logging.handlers.PeriodicallyFlushingMemoryHandler - target: file - - # The capacity is the maximum number of log lines that are buffered - # before being written to disk. Increasing this will lead to better - # performance, at the expensive of it taking longer for log lines to - # be written to disk. - # This parameter is required. - capacity: 10 - - # Logs with a level at or above the flush level will cause the buffer to - # be flushed immediately. - # Default value: 40 (ERROR) - # Other values: 50 (CRITICAL), 30 (WARNING), 20 (INFO), 10 (DEBUG) - flushLevel: 30 # Flush immediately for WARNING logs and higher - - # The period of time, in seconds, between forced flushes. - # Messages will not be delayed for longer than this time. - # Default value: 5 seconds - period: 5 - - # A handler that writes logs to stderr. Unused by default, but can be used - # instead of "buffer" and "file" in the logger handlers. - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: WARN - -root: - level: WARN - - # Write logs to the `buffer` handler, which will buffer them together in memory, - # then write them to a file. - # - # Replace "buffer" with "console" to log to stderr instead. (Note that you'll - # also need to update the configuration for the `twisted` logger above, in - # this case.) - # - handlers: [buffer] - -disable_existing_loggers: false diff --git a/etc/nginx/include.d/media-repo.conf b/etc/nginx/include.d/media-repo.conf index 4895868..a422bda 100644 --- a/etc/nginx/include.d/media-repo.conf +++ b/etc/nginx/include.d/media-repo.conf @@ -14,3 +14,36 @@ location ^~ /_matrix/media { proxy_buffering off; proxy_pass http://localhost:8000; } + +location ^~ /_matrix/client/v1/media { + client_max_body_size 100M; + + proxy_set_header Host envs.net; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + + port_in_redirect off; + proxy_redirect off; + proxy_connect_timeout 3600; + proxy_read_timeout 3600; + proxy_send_timeout 3600; + + proxy_buffering off; + proxy_pass http://localhost:8000; +} +location ^~ /_matrix/federation/v1/media { + client_max_body_size 100M; + + proxy_set_header Host envs.net; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + + port_in_redirect off; + proxy_redirect off; + proxy_connect_timeout 3600; + proxy_read_timeout 3600; + proxy_send_timeout 3600; + + proxy_buffering off; + proxy_pass http://localhost:8000; +} diff --git a/etc/nginx/include.d/mjolnir-report.conf b/etc/nginx/include.d/mjolnir-report.conf index 62cee22..ca2452a 100644 --- a/etc/nginx/include.d/mjolnir-report.conf +++ b/etc/nginx/include.d/mjolnir-report.conf @@ -1,5 +1,5 @@ -# Abuse reports should be sent to Mjolnir. -location ~ ^/_matrix/client/r0/rooms/([^/]*)/report/(.*)$ { +# Abuse reports should be sent to Mjolnir/Draupnir. +location ~ ^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$ { # add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; @@ -8,7 +8,7 @@ location ~ ^/_matrix/client/r0/rooms/([^/]*)/report/(.*)$ { add_header 'Access-Control-Max-Age' 1728000; # Alias the regexps, to ensure that they're not rewritten. - set $room_id $1; - set $event_id $2; + set $room_id $2; + set $event_id $3; proxy_pass http://127.0.0.1:9002/api/1/report/$room_id/$event_id; } diff --git a/etc/nginx/include.d/upstream_workers.conf b/etc/nginx/include.d/upstream_workers.conf index 639171a..6bb633a 100644 --- a/etc/nginx/include.d/upstream_workers.conf +++ b/etc/nginx/include.d/upstream_workers.conf @@ -4,7 +4,6 @@ upstream generic_worker_ih { server localhost:8511; server localhost:8512; server localhost:8513; - server localhost:8514; } upstream generic_worker_lc { @@ -13,7 +12,6 @@ upstream generic_worker_lc { server localhost:8511; server localhost:8512; server localhost:8513; - server localhost:8514; } upstream additional {