From 1fee0441e817483bd20bda370d3a87d3eb37feef Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Mon, 9 Mar 2020 14:11:24 +0100
Subject: [PATCH] [frontend,matrix] finally fix order bug with traefik by
 assigning priorities

---
 consul/configuration/.gitignore               |  2 ++
 .../chat/synapse/homeserver.yaml              |  9 ++++++++
 .../traefik/cloudflare.env.sample             |  2 --
 .../{traefik.toml.sample => traefik.toml}     | 16 +++++---------
 nomad/chat.hcl                                | 21 +++++++++++++++++--
 nomad/web_static.hcl                          |  3 ++-
 6 files changed, 37 insertions(+), 16 deletions(-)
 delete mode 100644 consul/configuration/traefik/cloudflare.env.sample
 rename consul/configuration/traefik/{traefik.toml.sample => traefik.toml} (80%)

diff --git a/consul/configuration/.gitignore b/consul/configuration/.gitignore
index 8c55cc6..dabb84d 100644
--- a/consul/configuration/.gitignore
+++ b/consul/configuration/.gitignore
@@ -27,3 +27,5 @@
 !chat/**/*
 
 !directory/*/*
+
+!traefik/traefik.toml
diff --git a/consul/configuration/chat/synapse/homeserver.yaml b/consul/configuration/chat/synapse/homeserver.yaml
index 0534235..7f313f6 100644
--- a/consul/configuration/chat/synapse/homeserver.yaml
+++ b/consul/configuration/chat/synapse/homeserver.yaml
@@ -61,6 +61,15 @@ listeners:
     resources:
       - names: [client]
         compress: true
+
+  - port: 8448
+    tls: false
+    bind_address: ''
+    type: http
+
+    x_forwarded: false
+
+    resources:
       - names: [federation]
         compress: false
 
diff --git a/consul/configuration/traefik/cloudflare.env.sample b/consul/configuration/traefik/cloudflare.env.sample
deleted file mode 100644
index 072e671..0000000
--- a/consul/configuration/traefik/cloudflare.env.sample
+++ /dev/null
@@ -1,2 +0,0 @@
-CF_API_EMAIL = "<email>"
-CF_API_KEY = "<token>"
diff --git a/consul/configuration/traefik/traefik.toml.sample b/consul/configuration/traefik/traefik.toml
similarity index 80%
rename from consul/configuration/traefik/traefik.toml.sample
rename to consul/configuration/traefik/traefik.toml
index 1e34554..ce50532 100644
--- a/consul/configuration/traefik/traefik.toml.sample
+++ b/consul/configuration/traefik/traefik.toml
@@ -4,8 +4,6 @@ defaultEntryPoints = ["http", "https"]
 [entryPoints]
   [entryPoints.admin]
     address = ":8082"
-    [entryPoints.admin.auth.basic]
-      users = ["<username>:<hash>"]
 
   [entryPoints.http]
   address = ":80"
@@ -17,6 +15,11 @@ defaultEntryPoints = ["http", "https"]
   compress = true
     [entryPoints.https.tls]
 
+  [entryPoints.matrix]
+  address = ":8448"
+  compress = true
+    [entryPoints.matrix.tls]
+
 [retry]
 
 [acme]
@@ -25,16 +28,9 @@ defaultEntryPoints = ["http", "https"]
   entryPoint = "https"
   onHostRule = true
 
-#  [acme.dnsChallenge]
-#    provider = "cloudflare"
-#    delayBeforeCheck = 0
-
   [acme.httpChallenge]
     entryPoint = "http"
 
-#[[acme.domains]]
-#  main = "deuxfleurs.fr"
-
 [api]
   entryPoint = "admin"
   dashboard = true
@@ -49,5 +45,3 @@ defaultEntryPoints = ["http", "https"]
   prefix = "traefik"
   domain = "web.deuxfleurs.fr"
   exposedByDefault = false
-
-
diff --git a/nomad/chat.hcl b/nomad/chat.hcl
index 812f009..042e619 100644
--- a/nomad/chat.hcl
+++ b/nomad/chat.hcl
@@ -12,6 +12,7 @@ job "chat" {
         readonly_rootfs = true
         port_map {
           client_port = 8008
+          federation_port = 8448
         }
         command = "python"
         args = [
@@ -96,18 +97,20 @@ job "chat" {
         memory = 4000
         network {
           port "client_port" { }
+          port "federation_port" { }
         }
       }
 
       service {
-        name = "synapse"
+        name = "synapse-client"
         port = "client_port"
         address_mode = "host"
         tags = [
           "matrix",
           "traefik.enable=true",
           "traefik.frontend.entryPoints=https",
-          "traefik.frontend.rule=Host:im.deuxfleurs.fr,deuxfleurs.fr;PathPrefix:/_matrix"
+          "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix",
+          "traefik.frontend.priority=100"
         ]
         check {
           type = "tcp"
@@ -121,6 +124,20 @@ job "chat" {
           }
         }
       }
+
+      service {
+        name = "synapse-federation"
+        port = "federation_port"
+        address_mode = "host"
+        tags = [
+          "matrix",
+          "traefik.enable=true",
+          "traefik.frontend.entryPoints=https",
+          "traefik.frontend.rule=Host:deuxfleurs.fr;PathPrefix:/_matrix",
+          "traefik.frontend.priority=100"
+        ]
+      }
+
     }
   }
 
diff --git a/nomad/web_static.hcl b/nomad/web_static.hcl
index 5a3b80f..b3ad3e8 100644
--- a/nomad/web_static.hcl
+++ b/nomad/web_static.hcl
@@ -38,7 +38,8 @@ EOH
           "webstatic",
           "traefik.enable=true",
           "traefik.frontend.entryPoints=https,http",
-          "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/"
+          "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/",
+          "traefik.frontend.priority=10"
         ]
         port = "web_port"
         address_mode = "host"