From 5f1b3fa91fb2fa7ef9c22eba276a519a3ae4e8e5 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 19 Dec 2025 20:18:58 -0500 Subject: [PATCH] add synapse client reader worker --- .github/workflows/nginx.yml | 2 +- logrotate.d/synapse | 2 +- nginx/nginx.conf | 9 ++++++++ process-static | 2 +- synapse/workers/client_reader.yaml | 11 +++++++++ synapse/workers/client_reader_log_config.yaml | 23 +++++++++++++++++++ syslog-ng/conf.d/synapse.conf | 10 ++++++++ 7 files changed, 56 insertions(+), 3 deletions(-) create mode 100644 synapse/workers/client_reader.yaml create mode 100644 synapse/workers/client_reader_log_config.yaml diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index eb4a434..478f6ae 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -13,4 +13,4 @@ jobs: python-version: '3.13' cache: pip - run: 'pip install --require-hashes --only-binary :all: -r requirements.txt' - - run: gixy --add-header-redefinition-headers x-frame-options,x-content-type-options,x-xss-protection,content-security-policy,cache-control nginx/nginx.conf + - run: gixy --add-header-redefinition-headers x-frame-options,x-content-type-options,x-xss-protection,content-security-policy,cache-control --skips regex_redos nginx/nginx.conf diff --git a/logrotate.d/synapse b/logrotate.d/synapse index e3c28c9..4f652bb 100644 --- a/logrotate.d/synapse +++ b/logrotate.d/synapse @@ -1,4 +1,4 @@ -/var/log/synapse/main.log /var/log/synapse/background.log /var/log/synapse/federation_reader.log /var/log/synapse/federation_sender1.log /var/log/synapse/federation_sender2.log /var/log/synapse/federation_sender3.log /var/log/synapse/federation_sender4.log /var/log/synapse/media_repository.log { +/var/log/synapse/main.log /var/log/synapse/background.log /var/log/synapse/client_reader.log /var/log/synapse/federation_reader.log /var/log/synapse/federation_sender1.log /var/log/synapse/federation_sender2.log /var/log/synapse/federation_sender3.log /var/log/synapse/federation_sender4.log /var/log/synapse/media_repository.log { missingok maxsize 1G nodelaycompress diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 1224ff0..8e463ea 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -88,6 +88,11 @@ http { server unix:/run/synapse/main_public.sock max_conns=4096 max_fails=0; } + upstream synapse-client_reader { + zone synapse-client_reader 32k; + server unix:/run/synapse/client_reader_public.sock max_conns=4096 max_fails=0; + } + upstream synapse-federation_reader { zone synapse-federation_reader 32k; server unix:/run/synapse/federation_reader_public.sock max_conns=4096 max_fails=0; @@ -175,6 +180,10 @@ http { proxy_pass http://synapse-main; + location ~ ^/_matrix/client/(?:r0|v3)/sync$|^/_matrix/client/(?:api/v1|r0|v3)/events$|^/_matrix/client/(?:api/v1|r0|v3)/initialSync$|^/_matrix/client/(?:api/v1|r0|v3)/rooms/[^/]+/initialSync$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/createRoom$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/publicRooms$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/rooms/.*/joined_members$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/rooms/.*/context/.*$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/rooms/.*/members$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/rooms/.*/state$|^/_matrix/client/v1/rooms/.*/hierarchy$|^/_matrix/client/(?:v1|unstable)/rooms/.*/relations/|^/_matrix/client/v1/rooms/.*/threads$|^/_matrix/client/unstable/im.nheko.summary/summary/.*$|^/_matrix/client/(?:r0|v3|unstable)/account/3pid$|^/_matrix/client/(?:r0|v3|unstable)/account/whoami$|^/_matrix/client/(?:r0|v3|unstable)/account/deactivate$|^/_matrix/client/(?:r0|v3)/delete_devices$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/devices(?:/|$)|^/_matrix/client/versions$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/voip/turnServer$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/rooms/.*/event/|^/_matrix/client/(?:api/v1|r0|v3|unstable)/joined_rooms$|^/_matrix/client/v1/rooms/.*/timestamp_to_event$|^/_matrix/client/(?:api/v1|r0|v3|unstable/.*)/rooms/.*/aliases|^/_matrix/client/(?:api/v1|r0|v3|unstable)/search$|^/_matrix/client/(?:r0|v3|unstable)/user/.*/filter(?:/|$)|^/_matrix/client/(?:api/v1|r0|v3|unstable)/directory/room/.*$|^/_matrix/client/(?:r0|v3|unstable)/capabilities$|^/_matrix/client/(?:r0|v3|unstable)/notifications$|^/_synapse/admin/v1/rooms/[^/]+$|^/_matrix/client/(?:r0|v3|unstable)/keys/query$|^/_matrix/client/(?:r0|v3|unstable)/keys/changes$|^/_matrix/client/(?:r0|v3|unstable)/keys/claim$|^/_matrix/client/(?:r0|v3|unstable)/room_keys/|^/_matrix/client/(?:r0|v3|unstable)/keys/upload|^/_matrix/client/(?:api/v1|r0|v3|unstable)/keys/device_signing/upload$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/keys/signatures/upload$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/login$|^/_matrix/client/(?:r0|v3|unstable)/register$|^/_matrix/client/(?:r0|v3|unstable)/register/available$|^/_matrix/client/v1/register/m.login.registration_token/validity$|^/_matrix/client/(?:r0|v3|unstable)/password_policy$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/rooms/.*/redact|^/_matrix/client/(?:api/v1|r0|v3|unstable)/rooms/.*/send|^/_matrix/client/(?:api/v1|r0|v3|unstable)/rooms/.*/state/|^/_matrix/client/(?:api/v1|r0|v3|unstable)/rooms/.*/(?:join|invite|leave|ban|unban|kick)$|^/_matrix/client/(?:api/v1|r0|v3|unstable)/join/|^/_matrix/client/(?:api/v1|r0|v3|unstable)/knock/|^/_matrix/client/(?:api/v1|r0|v3|unstable)/profile/|^/_matrix/client/(?:r0|v3|unstable)/user_directory/search$|^/_matrix/client/unstable/org.matrix.msc4140/delayed_events(?:/.*/restart)?$ { + proxy_pass http://synapse-client_reader; + } + location ~ ^/_matrix/federation/v1/version$|^/_matrix/federation/v1/event/|^/_matrix/federation/v1/state/|^/_matrix/federation/v1/state_ids/|^/_matrix/federation/v1/backfill/|^/_matrix/federation/v1/get_missing_events/|^/_matrix/federation/v1/publicRooms|^/_matrix/federation/v1/query/|^/_matrix/federation/v1/make_join/|^/_matrix/federation/v1/make_leave/|^/_matrix/federation/(:?v1|v2)/send_join/|^/_matrix/federation/(:?v1|v2)/send_leave/|^/_matrix/federation/v1/make_knock/|^/_matrix/federation/v1/send_knock/|^/_matrix/federation/(:?v1|v2)/invite/|^/_matrix/federation/v1/event_auth/|^/_matrix/federation/v1/timestamp_to_event/|^/_matrix/federation/v1/exchange_third_party_invite/|^/_matrix/federation/v1/user/devices/|^/_matrix/key/v2/query|^/_matrix/federation/v1/hierarchy/|^/_matrix/federation/v1/send/ { proxy_pass http://synapse-federation_reader; } diff --git a/process-static b/process-static index c44d852..f68a911 100755 --- a/process-static +++ b/process-static @@ -20,7 +20,7 @@ fi rm -rf nginx-tmp cp -a nginx nginx-tmp -gixy --add-header-redefinition-headers x-frame-options,x-content-type-options,x-xss-protection,content-security-policy,cache-control nginx-tmp/nginx.conf +gixy --add-header-redefinition-headers x-frame-options,x-content-type-options,x-xss-protection,content-security-policy,cache-control --skips regex_redos nginx-tmp/nginx.conf rm -rf static-tmp cp -a /usr/share/webapps/element static-tmp diff --git a/synapse/workers/client_reader.yaml b/synapse/workers/client_reader.yaml new file mode 100644 index 0000000..af9b7e2 --- /dev/null +++ b/synapse/workers/client_reader.yaml @@ -0,0 +1,11 @@ +worker_app: synapse.app.generic_worker +worker_name: client_reader + +worker_listeners: + - path: /run/synapse/client_reader_public.sock + mode: 432 + type: http + resources: + - names: [client] + +worker_log_config: /etc/synapse/workers/client_reader_log_config.yaml diff --git a/synapse/workers/client_reader_log_config.yaml b/synapse/workers/client_reader_log_config.yaml new file mode 100644 index 0000000..e9d4be1 --- /dev/null +++ b/synapse/workers/client_reader_log_config.yaml @@ -0,0 +1,23 @@ +version: 1 + +formatters: + syslog_fmt: + format: '%(name)s: [%(request)s] %(message)s' + +filters: + context: + (): synapse.logging.context.LoggingContextFilter + request: "" + +handlers: + syslog: + class: logging.handlers.SysLogHandler + formatter: syslog_fmt + filters: [context] + address: /run/synapse-client_reader-log + +root: + level: INFO + handlers: [syslog] + +disable_existing_loggers: False diff --git a/syslog-ng/conf.d/synapse.conf b/syslog-ng/conf.d/synapse.conf index 0deac5f..7cc8084 100644 --- a/syslog-ng/conf.d/synapse.conf +++ b/syslog-ng/conf.d/synapse.conf @@ -4,6 +4,9 @@ source s_synapse_main { source s_synapse_background { unix-dgram("/run/synapse-background-log" group("synapse") perm(0660)); }; +source s_synapse_client_reader { + unix-dgram("/run/synapse-client_reader-log" group("synapse") perm(0660)); +}; source s_synapse_federation_reader { unix-dgram("/run/synapse-federation_reader-log" group("synapse") perm(0660)); }; @@ -29,6 +32,9 @@ destination d_synapse_main { destination d_synapse_background { file("/var/log/synapse/background.log" template("${ISODATE} ${LEVEL} ${MESSAGE}\n")); }; +destination d_synapse_client_reader { + file("/var/log/synapse/client_reader.log" template("${ISODATE} ${LEVEL} ${MESSAGE}\n")); +}; destination d_synapse_federation_reader { file("/var/log/synapse/federation_reader.log" template("${ISODATE} ${LEVEL} ${MESSAGE}\n")); }; @@ -56,6 +62,10 @@ log { source(s_synapse_background); destination(d_synapse_background); }; +log { + source(s_synapse_client_reader); + destination(d_synapse_client_reader); +}; log { source(s_synapse_federation_reader); destination(d_synapse_federation_reader);